Investigate Container Scanning support for multi-stage builds
Container Scanning only reports vulnerabilities for the image in the last
FROM directive for multistage docker builds.
Steps to reproduce
If two or more docker images are combined in one
FROM golang:1.3 FROM node:12 COPY . .
Container scanning will only report vulnerabilities for the last
FROM directive, in the above example, this means only the
node:12 image will be scanned.
Fork of ruby-bundler project. (Changed Dockerfile)
https://gitlab.com/caneldem/multistage-go ==> this one just has go image
Please investigate further on this issue and layout a possible fix.
- is this expected behavior of the tool we are using?
- update our documentation to be very specific about what occurs in this scenario.
After the research, if we feel there are changes needed we can make a backlog issue for it.