[Prisma Cloud Enterprise Edition]- Why Only One Image Appears in Vulnerability Reports: Handling Identical Image Names Across Repositories
167
Created On 06/01/24 05:52 AM - Last Modified 12/17/25 22:18 PM
Question
- Why only one Image appears in the vulnerability report if the image name is same but belongs to different repositories ?
For example:
Taking the image "602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/kube-proxy:v1.27.8-minimal-eksbuild.4" , we can see that the filter shows in the result with two images from different repos ( the sha value is same)
Taking the image "602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/kube-proxy:v1.27.8-minimal-eksbuild.4" , we can see that the filter shows in the result with two images from different repos ( the sha value is same)
When this is exported to a CSV , then only one image in the report
Environment
- Prisma Cloud and Compute
Answer
- We report in the CSV file only one image if the SHA id is same. How we pick the image is totally random.
- This is an expected behavior.
- As a workaround, use the GET image API with the SHA filter as query param, where from response the Instances metadata tag can be used for image identification.
`curl --location '<console_url>/api/v1/images?id=sha256*' \ --header 'Authorization: ****' `
This API results out all the instances / image name against it on using the query param of SHA id