diff --git a/documentation/src/main/markdown/currentreleasenotes.md b/documentation/src/main/markdown/currentreleasenotes.md index a3c6625ea8..0b4283d613 100644 --- a/documentation/src/main/markdown/currentreleasenotes.md +++ b/documentation/src/main/markdown/currentreleasenotes.md @@ -30,8 +30,5 @@ * (IDETECT-4642) - Improved handling of pnpm packages that contain detailed version information in the pnpm-lock.yaml. Resolving [detect_product_short] missing some packages through failure to link direct and transitive dependencies. * (IDETECT-4641) - Improved [detect_product_short]'s Yarn detector to handle non-standard version entries for component dependencies. -* (IDETECT-4594) - Resolved [detect_product_short] failing to handle duplicate keys in package.json files across npm, pnpm, Lerna, and Yarn projects. +* (IDETECT-4594) - Resolved [detect_product_short] failing to handle duplicate keys in `package.json` files across npm, pnpm, Lerna, and Yarn projects. -### Dependency updates - -* diff --git a/documentation/src/main/markdown/packagemgrs/docker/formats.md b/documentation/src/main/markdown/packagemgrs/docker/formats.md index 38b27e80e0..f9adb22b4c 100644 --- a/documentation/src/main/markdown/packagemgrs/docker/formats.md +++ b/documentation/src/main/markdown/packagemgrs/docker/formats.md @@ -4,5 +4,10 @@ Images passed to [detect_product_short] via the *detect.docker.image* property m Images passed to [detect_product_short] via the *detect.docker.image.id* property must already exist in the local docker cache. [detect_product_short] will save these to a file using the equivalent of a "docker save" command. -Image files passed to [detect_product_short] via the *detect.docker.tar* property must be .tar files, and the contents must conform to either of the following image format specifications: 1. [Docker Image Specification v1.2.0](https://github.com/moby/moby/blob/master/image/spec/v1.2.md) (the format produced by the "docker save" command), or 2. [Open Container Initiative Image (OCI) Format Specification](https://github.com/opencontainers/image-spec/blob/main/spec.md). +Image files passed to [detect_product_short] via the *detect.docker.tar* property must be .tar files, and the contents must conform to either of the following image format specifications: +1. [Docker Image Specification v1.2.0](https://github.com/moby/moby/blob/master/image/spec/v1.2.md) (the format produced by the `docker save` command). +2. [Open Container Initiative Image (OCI) Format Specification](https://github.com/opencontainers/image-spec/blob/main/spec.md). +The base layer OS package manager invocation and resolution of installed packages by [docker_inspector_name] is restricted to Ubuntu, CentOS, and Alpine base OS layer images. If the image meets other requirements and regardless of the base layer OS, [docker_inspector_name] will run a signature scan/analysis on the tarball of the image and produce matches if any. For example, if the base layer OS is CentOS, [docker_inspector_name] will start CentOS image inspector container service, mount the image onto this container and run "rpm qa" to get a list of installed packages if available. + +Should unresolvable errors occur during attempts to scan Docker images we recommend switching to analysis via [Container Scan](../../runningdetect/containerscanning.md) of Docker images. \ No newline at end of file diff --git a/documentation/src/main/markdown/packagemgrs/docker/troubleshooting.md b/documentation/src/main/markdown/packagemgrs/docker/troubleshooting.md index dc9aecc0da..99388d2075 100644 --- a/documentation/src/main/markdown/packagemgrs/docker/troubleshooting.md +++ b/documentation/src/main/markdown/packagemgrs/docker/troubleshooting.md @@ -1,8 +1,6 @@ -# Troubleshooting overview +# Troubleshooting Docker Inspector -To troubleshoot issues with [docker_inspector_name], run with DEBUG logging enabled: - - --logging.level.detect=DEBUG +To troubleshoot issues with [docker_inspector_name], run with DEBUG logging enabled: `--logging.level.detect=DEBUG` ## Considerations when running on Windows @@ -36,6 +34,16 @@ of the pulled image is a close match to the Windows version of your machine. The following suggestions are related to specific problems. +### Problem: Error message containing "Error inspecting image: There was a problem trying to getBdio." + +Possible cause: This error may occur if your image contains an unsupported operating system. Please refer to the [supported format documentation](../docker/formats.md). + + +### Problem: Error message containing "Possible unsupported input archive file type. Please refer to Docker Inspector documentation. Unrecognized media type %s of layer %s.", mediaType, digest." + +Possible cause: This error may occur if your OCI image has neither the regular manifest media type or the index media type. Please refer to the [supported format documentation](../docker/formats.md). + + ### Problem: When directly invoking the .jar file, an error message displays "Malformed input or input contains unmappable characters." Possible cause: Your local character encoding does not match the target container file system character encoding. @@ -47,8 +55,7 @@ Solution/workaround: Set the character encoding to UTF-8 when invoking Java: ### Problem: Property values are set in unexpected ways. Possible cause: [docker_inspector_name] is built using the Spring Boot application framework. -Spring Boot provides a variety of ways to set property values. This can produce unexpected results if, -for example, you have an environment variable whose name maps to a [docker_inspector_name] property name. +Spring Boot provides a variety of ways to set property values. This can produce unexpected results if, for example, you have an environment variable whose name maps to a [docker_inspector_name] property name. Refer to the [Spring Boot documentation on external configuration](https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html) for more details.