Lack of container scanning of distroless-based image in Auto DevOps
Problem to solve
distroless-based container image can't be tested in container scanning.
Container users who use
gcr.io/distroless/base image as a base image.
container scanning job in Auto DevOps passes while it warns a critical error as follows:
2019/01/21 16:33:46 [CRIT]
▶Could not fetch vulnerabilities. No features have been detected in the image. This usually means that the image isn't supported by Clair
distroless-based container image should be tested in container scanning or at least notice users lack of container scanning of the image.
What does success look like, and how can we measure that?