zot/pkg/extensions/search/cve/cve.go

package cveinfo

import (
	"encoding/json"
	"io/ioutil"
	"os"
	"path"
	"sort"
	"strings"

	"github.com/anuvu/zot/errors"
	"github.com/anuvu/zot/pkg/log"
	integration "github.com/aquasecurity/trivy/integration"
	config "github.com/aquasecurity/trivy/integration/config"
	"github.com/aquasecurity/trivy/pkg/report"
	v1 "github.com/google/go-containerregistry/pkg/v1"
	"github.com/google/go-containerregistry/pkg/v1/types"
	godigest "github.com/opencontainers/go-digest"
	ispec "github.com/opencontainers/image-spec/specs-go/v1"
)

// UpdateCVEDb ...
func UpdateCVEDb(dbDir string, log log.Logger) error {
	config, err := config.NewConfig(dbDir)
	if err != nil {
		log.Error().Err(err).Msg("unable to get config")
		return err
	}

	err = integration.RunTrivyDb(config.TrivyConfig)
	if err != nil {
		log.Error().Err(err).Msg("unable to update DB ")
		return err
	}

	return nil
}

func NewTrivyConfig(dir string) (*config.Config, error) {
	return config.NewConfig(dir)
}

func ScanImage(config *config.Config) (report.Results, error) {
	return integration.ScanTrivyImage(config.TrivyConfig)
}

func (cveinfo CveInfo) IsValidImageFormat(imagePath string) (bool, error) {
	imageDir, inputTag := getImageDirAndTag(imagePath)

	if !dirExists(imageDir) {
		cveinfo.Log.Error().Msg("image directory doesn't exist")

		return false, errors.ErrRepoNotFound
	}

	manifests, err := cveinfo.getImageManifests(imageDir)

	if err != nil {
		return false, err
	}

	for _, m := range manifests {
		tag, ok := m.Annotations[ispec.AnnotationRefName]

		if ok && inputTag != "" && tag != inputTag {
			continue
		}

		blobManifest, err := cveinfo.getImageBlobManifest(imageDir, m.Digest)
		if err != nil {
			return false, err
		}

		imageLayers := blobManifest.Layers

		for _, imageLayer := range imageLayers {
			switch imageLayer.MediaType {
			case types.OCILayer, types.DockerLayer:
				return true, nil

			default:
				cveinfo.Log.Debug().Msg("image media type not supported for scanning")
				return false, errors.ErrScanNotSupported
			}
		}
	}

	return false, nil
}

func dirExists(d string) bool {
	fi, err := os.Stat(d)
	if err != nil && os.IsNotExist(err) {
		return false
	}

	return fi.IsDir()
}

func getImageDirAndTag(imageName string) (string, string) {
	var imageDir string

	var imageTag string

	if strings.Contains(imageName, ":") {
		splitImageName := strings.Split(imageName, ":")
		imageDir = splitImageName[0]
		imageTag = splitImageName[1]
	} else {
		imageDir = imageName
	}

	return imageDir, imageTag
}

// GetImageTagsWithTimestamp returns a list of image tags with timestamp available in the specified repository.
func (cveinfo CveInfo) GetImageTagsWithTimestamp(rootDir string, repo string) ([]TagInfo, error) {
	tagsInfo := make([]TagInfo, 0)

	dir := path.Join(rootDir, repo)
	if !dirExists(dir) {
		return nil, errors.ErrRepoNotFound
	}

	manifests, err := cveinfo.getImageManifests(dir)

	if err != nil {
		cveinfo.Log.Error().Err(err).Msg("unable to read image manifests")

		return tagsInfo, err
	}

	for _, manifest := range manifests {
		digest := manifest.Digest

		v, ok := manifest.Annotations[ispec.AnnotationRefName]
		if ok {
			imageBlobManifest, err := cveinfo.getImageBlobManifest(dir, digest)

			if err != nil {
				cveinfo.Log.Error().Err(err).Msg("unable to read image blob manifest")

				return tagsInfo, err
			}

			imageInfo, err := cveinfo.getImageInfo(dir, imageBlobManifest.Config.Digest)
			if err != nil {
				cveinfo.Log.Error().Err(err).Msg("unable to read image info")

				return tagsInfo, err
			}

			timeStamp := *imageInfo.History[0].Created

			tagsInfo = append(tagsInfo, TagInfo{Name: v, Timestamp: timeStamp})
		}
	}

	return tagsInfo, nil
}

func GetFixedTags(allTags []TagInfo, infectedTags []TagInfo) []TagInfo {
	sort.Slice(allTags, func(i, j int) bool {
		return allTags[i].Timestamp.Before(allTags[j].Timestamp)
	})

	latestInfected := TagInfo{}

	for _, tag := range infectedTags {
		if !tag.Timestamp.Before(latestInfected.Timestamp) {
			latestInfected = tag
		}
	}

	var fixedTags []TagInfo

	for _, tag := range allTags {
		if tag.Timestamp.After(latestInfected.Timestamp) {
			fixedTags = append(fixedTags, tag)
		}
	}

	return fixedTags
}

func (cveinfo CveInfo) getImageManifests(imagePath string) ([]ispec.Descriptor, error) {
	buf, err := ioutil.ReadFile(path.Join(imagePath, "index.json"))

	if err != nil {
		if os.IsNotExist(err) {
			cveinfo.Log.Error().Err(err).Msg("index.json doesn't exist")

			return nil, errors.ErrRepoNotFound
		}

		cveinfo.Log.Error().Err(err).Msg("unable to open index.json")

		return nil, errors.ErrRepoNotFound
	}

	var index ispec.Index

	if err := json.Unmarshal(buf, &index); err != nil {
		cveinfo.Log.Error().Err(err).Str("dir", imagePath).Msg("invalid JSON")
		return nil, errors.ErrRepoNotFound
	}

	return index.Manifests, nil
}

func (cveinfo CveInfo) getImageBlobManifest(imageDir string, digest godigest.Digest) (v1.Manifest, error) {
	var blobIndex v1.Manifest

	blobBuf, err := ioutil.ReadFile(path.Join(imageDir, "blobs", digest.Algorithm().String(), digest.Encoded()))
	if err != nil {
		cveinfo.Log.Error().Err(err).Msg("unable to open image metadata file")

		return blobIndex, err
	}

	if err := json.Unmarshal(blobBuf, &blobIndex); err != nil {
		cveinfo.Log.Error().Err(err).Msg("unable to marshal blob index")

		return blobIndex, err
	}

	return blobIndex, nil
}

func (cveinfo CveInfo) getImageInfo(imageDir string, hash v1.Hash) (ispec.Image, error) {
	var imageInfo ispec.Image

	blobBuf, err := ioutil.ReadFile(path.Join(imageDir, "blobs", hash.Algorithm, hash.Hex))
	if err != nil {
		cveinfo.Log.Error().Err(err).Msg("unable to open image layers file")

		return imageInfo, err
	}

	if err := json.Unmarshal(blobBuf, &imageInfo); err != nil {
		cveinfo.Log.Error().Err(err).Msg("unable to marshal blob index")

		return imageInfo, err
	}

	return imageInfo, err
}
Added search extension and integrated trivy to support image vulnerability scanning 2020-06-24 14:38:42 -05:00			`package cveinfo`

			`import (`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`"encoding/json"`
			`"io/ioutil"`
			`"os"`
			`"path"`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00			`"sort"`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`"strings"`

			`"github.com/anuvu/zot/errors"`
Added search extension and integrated trivy to support image vulnerability scanning 2020-06-24 14:38:42 -05:00			`"github.com/anuvu/zot/pkg/log"`
			`integration "github.com/aquasecurity/trivy/integration"`
			`config "github.com/aquasecurity/trivy/integration/config"`
Added graphql api feature for image vulnerability scanning 2020-06-26 14:09:10 -05:00			`"github.com/aquasecurity/trivy/pkg/report"`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`v1 "github.com/google/go-containerregistry/pkg/v1"`
			`"github.com/google/go-containerregistry/pkg/v1/types"`
			`godigest "github.com/opencontainers/go-digest"`
			`ispec "github.com/opencontainers/image-spec/specs-go/v1"`
Added search extension and integrated trivy to support image vulnerability scanning 2020-06-24 14:38:42 -05:00			`)`

			`// UpdateCVEDb ...`
			`func UpdateCVEDb(dbDir string, log log.Logger) error {`
			`config, err := config.NewConfig(dbDir)`
			`if err != nil {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`log.Error().Err(err).Msg("unable to get config")`
Added search extension and integrated trivy to support image vulnerability scanning 2020-06-24 14:38:42 -05:00			`return err`
			`}`

			`err = integration.RunTrivyDb(config.TrivyConfig)`
			`if err != nil {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`log.Error().Err(err).Msg("unable to update DB ")`
Added search extension and integrated trivy to support image vulnerability scanning 2020-06-24 14:38:42 -05:00			`return err`
			`}`

			`return nil`
			`}`
Added graphql api feature for image vulnerability scanning 2020-06-26 14:09:10 -05:00
			`func NewTrivyConfig(dir string) (*config.Config, error) {`
			`return config.NewConfig(dir)`
			`}`

			`func ScanImage(config *config.Config) (report.Results, error) {`
			`return integration.ScanTrivyImage(config.TrivyConfig)`
			`}`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00
			`func (cveinfo CveInfo) IsValidImageFormat(imagePath string) (bool, error) {`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`imageDir, inputTag := getImageDirAndTag(imagePath)`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00
			`if !dirExists(imageDir) {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Msg("image directory doesn't exist")`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00
			`return false, errors.ErrRepoNotFound`
			`}`

search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`manifests, err := cveinfo.getImageManifests(imageDir)`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00
			`if err != nil {`
			`return false, err`
			`}`

search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`for _, m := range manifests {`
			`tag, ok := m.Annotations[ispec.AnnotationRefName]`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`if ok && inputTag != "" && tag != inputTag {`
			`continue`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`}`

search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`blobManifest, err := cveinfo.getImageBlobManifest(imageDir, m.Digest)`
			`if err != nil {`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`return false, err`
			`}`

			`imageLayers := blobManifest.Layers`

			`for _, imageLayer := range imageLayers {`
			`switch imageLayer.MediaType {`
			`case types.OCILayer, types.DockerLayer:`
			`return true, nil`

			`default:`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Debug().Msg("image media type not supported for scanning")`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`return false, errors.ErrScanNotSupported`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`}`
			`}`
			`}`

			`return false, nil`
			`}`

			`func dirExists(d string) bool {`
			`fi, err := os.Stat(d)`
			`if err != nil && os.IsNotExist(err) {`
			`return false`
			`}`

			`return fi.IsDir()`
			`}`

search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`func getImageDirAndTag(imageName string) (string, string) {`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`var imageDir string`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00
			`var imageTag string`

Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`if strings.Contains(imageName, ":") {`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`splitImageName := strings.Split(imageName, ":")`
			`imageDir = splitImageName[0]`
			`imageTag = splitImageName[1]`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`} else {`
			`imageDir = imageName`
			`}`

search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`return imageDir, imageTag`
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-19 01:03:16 -05:00			`}`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
			`// GetImageTagsWithTimestamp returns a list of image tags with timestamp available in the specified repository.`
			`func (cveinfo CveInfo) GetImageTagsWithTimestamp(rootDir string, repo string) ([]TagInfo, error) {`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`tagsInfo := make([]TagInfo, 0)`

Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00			`dir := path.Join(rootDir, repo)`
			`if !dirExists(dir) {`
			`return nil, errors.ErrRepoNotFound`
			`}`

search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`manifests, err := cveinfo.getImageManifests(dir)`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
			`if err != nil {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Err(err).Msg("unable to read image manifests")`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`return tagsInfo, err`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00			`}`

search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`for _, manifest := range manifests {`
			`digest := manifest.Digest`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
			`v, ok := manifest.Annotations[ispec.AnnotationRefName]`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`if ok {`
			`imageBlobManifest, err := cveinfo.getImageBlobManifest(dir, digest)`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`if err != nil {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Err(err).Msg("unable to read image blob manifest")`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`return tagsInfo, err`
			`}`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`imageInfo, err := cveinfo.getImageInfo(dir, imageBlobManifest.Config.Digest)`
			`if err != nil {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Err(err).Msg("unable to read image info")`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`return tagsInfo, err`
			`}`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00			`timeStamp := *imageInfo.History[0].Created`
Added support for searching fixed tag given cve and an image 2020-08-19 01:53:04 -05:00
			`tagsInfo = append(tagsInfo, TagInfo{Name: v, Timestamp: timeStamp})`
			`}`
			`}`

			`return tagsInfo, nil`
			`}`

			`func GetFixedTags(allTags []TagInfo, infectedTags []TagInfo) []TagInfo {`
			`sort.Slice(allTags, func(i, j int) bool {`
			`return allTags[i].Timestamp.Before(allTags[j].Timestamp)`
			`})`

			`latestInfected := TagInfo{}`

			`for _, tag := range infectedTags {`
			`if !tag.Timestamp.Before(latestInfected.Timestamp) {`
			`latestInfected = tag`
			`}`
			`}`

			`var fixedTags []TagInfo`

			`for _, tag := range allTags {`
			`if tag.Timestamp.After(latestInfected.Timestamp) {`
			`fixedTags = append(fixedTags, tag)`
			`}`
			`}`

			`return fixedTags`
			`}`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00
			`func (cveinfo CveInfo) getImageManifests(imagePath string) ([]ispec.Descriptor, error) {`
			`buf, err := ioutil.ReadFile(path.Join(imagePath, "index.json"))`

			`if err != nil {`
			`if os.IsNotExist(err) {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Err(err).Msg("index.json doesn't exist")`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00
			`return nil, errors.ErrRepoNotFound`
			`}`

search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Err(err).Msg("unable to open index.json")`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00
			`return nil, errors.ErrRepoNotFound`
			`}`

			`var index ispec.Index`

			`if err := json.Unmarshal(buf, &index); err != nil {`
			`cveinfo.Log.Error().Err(err).Str("dir", imagePath).Msg("invalid JSON")`
			`return nil, errors.ErrRepoNotFound`
			`}`

			`return index.Manifests, nil`
			`}`

			`func (cveinfo CveInfo) getImageBlobManifest(imageDir string, digest godigest.Digest) (v1.Manifest, error) {`
			`var blobIndex v1.Manifest`

			`blobBuf, err := ioutil.ReadFile(path.Join(imageDir, "blobs", digest.Algorithm().String(), digest.Encoded()))`
			`if err != nil {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Err(err).Msg("unable to open image metadata file")`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00
			`return blobIndex, err`
			`}`

			`if err := json.Unmarshal(blobBuf, &blobIndex); err != nil {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Err(err).Msg("unable to marshal blob index")`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00
			`return blobIndex, err`
			`}`

			`return blobIndex, nil`
			`}`

			`func (cveinfo CveInfo) getImageInfo(imageDir string, hash v1.Hash) (ispec.Image, error) {`
			`var imageInfo ispec.Image`

			`blobBuf, err := ioutil.ReadFile(path.Join(imageDir, "blobs", hash.Algorithm, hash.Hex))`
			`if err != nil {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Err(err).Msg("unable to open image layers file")`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00
			`return imageInfo, err`
			`}`

			`if err := json.Unmarshal(blobBuf, &imageInfo); err != nil {`
search/cve: fix log messages 2020-09-22 12:35:39 -05:00			`cveinfo.Log.Error().Err(err).Msg("unable to marshal blob index")`
search/cve: exclude unsupported images from fixed-tag list. If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list. Fixes issue #130 2020-09-04 15:16:15 -05:00
			`return imageInfo, err`
			`}`

			`return imageInfo, err`
			`}`