Unable to Scan Jfrog Registry with Error "Ancesstor of level 2 does not exist for manifest.json" in Prisma Cloud

• Jfrog Registry has been successfully added in Prisma Cloud. However, scanning the same fails with Error "Ancesstor of level 2 does not exist for manifest.json".

DEBU YYYY-MM-DDT registry_scanner.go Failed to discover repositories:Error: received status 400  for api /artifactory/api/..
  "errors" : [ {
    "status" : 400,
    "message" : "Ancesstor of level 2 does not exist for manifest.json."
  } ]

• Prisma Cloud
• Jfrog

• This issue is specific to Jfrog : JFrog xray ancestor for docker
• This may happen if a file with an incompatible format is pushed into the Docker Repository.

• Delete the file or move it to a generic repository for the scan to be successful.

• When a Docker image is being indexed in Jfrog Xray, it indexes the manifest.json (abstraction of the docker image) as the root parent and the layers as it's descendants.
• If Docker B has 2 layers, once it becomes the base layer of docker A, it will be shown as 1 layer in Docker A (with different checksum).

Example

• Manifest of Docker-A is not the ancestor of manifest Docker-B, therefore, you will not see it in the UI.
• If, for example, Docker-B will have only one layer and is the base layer of docker-A then the same layer with the same checksum will be shown in Docker-A.

• In this case, if you check the ancestor's tab of the Base Layer(B), you'll see both Docker-A and Docker-B.