Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-72570

Anchore plugin on version 1.1.1 reports wrongly individual images actions with API v2

      After upgrading Jenkins Anchore plugin to either 1.1.0 or 1.1.1 and using API v2 we are observing that when running a scan with multiple images containing issues, as images get evaluated the number of actions keep increasing cumulatively instead of showing individual images actual number of actions.

      Sample use case scanning 3 simple (older) images available in Docker Hub:

      node:17.5-slim
      httpd:2.2.31-alpine
      alpine:3.18.0
      

      The report generated with plugin version 1.0.25 shows me this:

      Repo Tag Stop Actions Warn Actions Go Actions Final Action
      node:17.5-slim 46 21 1 STOP
      httpd:2.2.31-alpine 73 63 1 STOP
      alpine:3.18.0 5 10 1 STOP

      When using the updated plugin version 1.1.1 shows me this:

      Repo Tag Stop Actions Warn Actions Go Actions Final Action
      node:17.5-slim 46 21 1 STOP
      httpd:2.2.31-alpine 119 84 2 STOP
      alpine:3.18.0 124 94 3 STOP

          [JENKINS-72570] Anchore plugin on version 1.1.1 reports wrongly individual images actions with API v2

          Jose added a comment -

          As proof that the problem is in the plugin inspecting the anchore_gates.json file returned from the server in API v2 we can see the information is correct:

          $ jq -r '.[]
            | .repo_tag,
            (
              .gate_results | group_by(.action)
              | map({action: .[0].action, count: length}) | .[]
              | [.action,.count] |@tsv
            )
          ' AnchoreReport.k8s_anchore_multi_3/anchore_gates.json
          
          node:17.5-slim
          go      1
          stop    46
          warn    21
          httpd:2.2.31-alpine
          go      1
          stop    73
          warn    63
          alpine:3.18.0
          go      1
          stop    5
          warn    10

          Jose added a comment - As proof that the problem is in the plugin inspecting the anchore_gates.json file returned from the server in API v2 we can see the information is correct: $ jq -r '.[] | .repo_tag, ( .gate_results | group_by(.action) | map({action: .[0].action, count: length}) | .[] | [.action,.count] |@tsv ) ' AnchoreReport.k8s_anchore_multi_3/anchore_gates.json node:17.5-slim go 1 stop 46 warn 21 httpd:2.2.31-alpine go 1 stop 73 warn 63 alpine:3.18.0 go 1 stop 5 warn 10

          Jose added a comment -

          Jose added a comment - Created pull request: https://github.com/jenkinsci/anchore-container-scanner-plugin/pull/31

          Daniel Nurmi added a comment -

          Thank you jose_sa - we'll continue the review/discussion on the PR - very much appreciate the report and contribution!

          Daniel Nurmi added a comment - Thank you jose_sa - we'll continue the review/discussion on the PR - very much appreciate the report and contribution!

            nurmi Daniel Nurmi
            jose_sa Jose
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: