Spike: Does building the container scanning image based on a UBI image break the scanner
Topic to Evaluate
Time-box: 2 days
Some customers require images to be built from a UBI-based image before they can be used in their environment. The goal of this spike is to determine whether or not building the container scanning image from a UBI base works easily or whether additional development work is required.
Related Issue: #328578 (closed)
Tasks to Evaluate
-
Determine which UBI image to use: Minimal (preferred), Standard or Multi-service (discouraged). -
Can the container scanning image be built based on a UBI image? -
Does the scan work successfully when built from a UBI based image? -
If yes then this spike is complete. -
If no, then please estimate the time that would be required to get a working UBI-based image.
-
-
Determine the size difference from the current image.
Risks and Implementation Considerations
- UBI-based images typically use a different package manager from Alpine. If we are using the local package manager at all, then it is likely that we will need to make changes to get the image to work.
- Installation of Trivy and Grype must succeed
- If the image is considerably larger than the existing one, we'll need to evaluate performance impact (i.e. job duration)
Edited by Alan (Maciej) Paruszewski