Prisma Cloud fails to scan a registry image error: "unknown blob error"

Prisma Cloud fails to scan a registry image error: "unknown blob error"

483
Created On 10/08/23 12:56 PM - Last Modified 07/08/25 18:56 PM


Symptom


  • "unknown blob" error while trying to pull a Docker image from a specific registry.
  • Error in defender logs
Failed to pull image <IMAGE> error unknown blob


 

Environment


  • Prisma Cloud Compute
  • Prisma Cloud Enterprise Edition
  • Twistlock
  • Registry Scan 
  • Image Scan

Cause


  • This error may be returned when a blob is unknown to the registry in a specified repository.
  • This can be returned with a standard get command or if a manifest references an unknown layer during upload.

Resolution


Possible reasons why the blob is unknown:

  • Corrupted Image Layers
  • Image Deleted or Unavailable
  • Network Connectivity

 

Additional Information


To get the manifest of the problematic image, leveraging using the commands below:

docker image ls IMAGENAME --digests
https://docs.docker.com/engine/reference/commandline/images/

docker image inspect IMAGENAME
https://docs.docker.com/engine/reference/commandline/image_inspect/

docker manifest inspect IMAGENAME
https://docs.docker.com/engine/reference/commandline/manifest/
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g2MCCAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail