Skip to content

fix: preserve digest in image summary lookups#479

Merged
ybelMekk merged 4 commits into
mainfrom
fix/image-lookup-digest
Jun 26, 2026
Merged

fix: preserve digest in image summary lookups#479
ybelMekk merged 4 commits into
mainfrom
fix/image-lookup-digest

Conversation

@ybelMekk

@ybelMekk ybelMekk commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What

  • preserve tag@digest for image-based vulnerability lookups
  • add regression tests for digest-bearing image refs
  • add an integration test case using a digest-bearing image

Why

The API dropped the digest when looking up image summaries in V13S.

That caused refs like:

  • image@sha256:abc
  • image:tag@sha256:abc

to return:

  • sbom.status = NO_SBOM
  • vulnerabilitySummary = null

even when V13S had valid data for the full ref.

Changed

  • internal/vulnerability/dataloader.go
  • internal/vulnerability/queries.go
  • internal/vulnerability/queries_test.go
  • integration_tests/k8s_resources/vulnerability/dev/slug-1/app.yaml
  • integration_tests/vulnerabilities.lua

@ybelMekk ybelMekk requested a review from a team as a code owner June 25, 2026 22:46
@ybelMekk ybelMekk requested a review from Copilot June 25, 2026 22:48
Copilot AI reviewed Jun 25, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes V13S image vulnerability/SBOM lookups for digest-bearing image references by preserving the digest portion during lookups, and adds regression coverage via unit and integration tests.

Changes:

  • Introduce splitImageRefForLookup to preserve tag@digest (or digest-only) for V13S lookups.
  • Switch V13S lookups in the vulnerability dataloader and image vulnerability listing to use the new lookup-splitting helper.
  • Extend unit/integration tests and fixtures to cover digest-bearing image references.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
internal/vulnerability/dataloader.go Uses digest-preserving image ref splitting when fetching image summaries from V13S.
internal/vulnerability/queries.go Adds splitImageRefForLookup and updates image vulnerability listing to preserve digest in lookups.
internal/vulnerability/queries_test.go Updates split tests and adds coverage for digest-preserving lookup splitting.
integration_tests/k8s_resources/vulnerability/dev/slug-1/app.yaml Changes test workload image to include :tag@sha256:digest.
integration_tests/vulnerabilities.lua Updates integration assertion to validate digest-preserved image tag and non-null vulnerability data.

Comment thread internal/vulnerability/queries.go
Comment thread internal/vulnerability/queries_test.go
@ybelMekk ybelMekk requested a review from thokra-nav June 26, 2026 06:01
@ybelMekk

ybelMekk commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

Måtte oppdatere prometheus, annars feilet mise:check

@ybelMekk ybelMekk merged commit 3c79155 into main Jun 26, 2026
11 checks passed
@ybelMekk ybelMekk deleted the fix/image-lookup-digest branch June 26, 2026 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@thokra-nav thokra-nav Awaiting requested review from thokra-nav
+1 more reviewer
@thokra thokra thokra approved these changes
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ybelMekk @thokra