Skip to content

fix: When submitting a scan job correctly check presence of reused reports before fetching credentials for each image #2811

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
festeveira wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: When submitting a scan job correctly check presence of reused reports before fetching credentials for each image #2811

festeveira wants to merge 1 commit into from

Conversation

@festeveira
Copy link

@festeveira festeveira commented Nov 15, 2025
edited
Loading

Description

This PR fixes an issue in the logic that determines when to fetch private registry credentials. Previously, the code only checked whether the number of reused reports was greater than 0. This caused issues when the workload was composed of several images and at least one of the images had a corresponding ClusterSbomReport which was reused for the current scan; if one of the remaining images did not have a corresponding ClusterSbomReport and was from a private registry, it's credentials were not being fetched and added to the PodSpec's environment.

The updated logic instead compares the number of reused reports with the total number of container images. If the counts differ, it indicates that not all images have reusable reports, so the system will fetch the necessary private registry credentials for each image.

I have tested this change in my environment and it seemed to fix the related issue.

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@festeveira festeveira requested a review from simar7 as a code owner November 15, 2025 17:33
@festeveira festeveira changed the title When submitting a scan job correctly check presence of reused reports before fetching credentials for each image fix: When submitting a scan job correctly check presence of reused reports before fetching credentials for each image Nov 15, 2025
@github-actions github-actions bot added the bug label Nov 15, 2025
@festeveira
workloadController: check if reused reports match container images si…
c5e47be 
…ze before deciding to fetch credentials

Signed-off-by: festeveira <[email protected]>
@festeveira festeveira force-pushed the fix-no-privateregcreds-when-reusing-reports branch from 942dc86 to c5e47be Compare November 16, 2025 00:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 Awaiting requested review from simar7 simar7 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

No private registry credentials for containers being analyzed by jobs where at least one image has a ClusterSbomReport

1 participant

@festeveira