Warn when container URL does not reference a tar#1644
Open
Warn when container URL does not reference a tar#1644
Conversation
dterrybd
requested review from
bd-samratmuk,
cpottsbd,
devmehtabd,
shantyk and
zahidblackduck
cpottsbd
requested changes
Feb 2, 2026
| .setHelp( | ||
| "If specified, this file and this file only will be uploaded for container scan analysis.", | ||
| "Detect will accept either a user provided local file path, or remote HTTP/HTTPS URL to fetch a container image for scanning. The CONTAINER_SCAN tool does not provide project and version name defaults to Detect, so you need to set project and version names via properties when only the CONTAINER_SCAN tool is invoked." | ||
| "If specified, this .tar file and this .tar file only will be uploaded for container scan analysis.", |
Contributor
There was a problem hiding this comment.
Tiny tweak suggestion:
"If it is specified, only this.tar file will be uploaded for Container Scan analysis."
cpottsbd
approved these changes
Feb 2, 2026
zahidblackduck
approved these changes
Feb 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Detect will attempt to run a container scan on any file or URL given to it via
detect.container.scan.file.pathWhile we don't want to stop this and break current behavior, we do want to let the user know that their results might not be what they are expecting. For example, there are cases where Detect is unable to deal with the file but reports success anyway.
In cases where the file or URL does not point to a tar file we will warn the user of this and then continue the scan as we currently do. Documentation is also updated to mention this really should be a .tar file.