Skip to content

feat: container support for OCI images with manifests missing platform field #6401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
adrobuta wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: container support for OCI images with manifests missing platform field #6401

adrobuta wants to merge 1 commit into from

Conversation

@adrobuta
Copy link
Contributor

@adrobuta adrobuta commented Dec 19, 2025
edited
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Commit messages are release-note ready, emphasizing what was changed, not how
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable) - N/A
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary) - Covered by automated test
  • Updates relevant GitBook documentation (PR link: ___) - No doc updates needed
  • Includes product update to be announced in the next stable release notes

What does this PR do?

Upgrades snyk-docker-plugin to v8.15.0, which adds support for scanning OCI images with manifests that don't include a platform field.

Changes:

  • Bumps snyk-docker-plugin from local development link to 8.15.0
  • Adds acceptance test: should correctly scan an OCI image with manifest missing platform field
  • Updates package-lock.json

Where should the reviewer start?

  1. Review the dependency change in package.json and package-lock.json.
  2. Review the new acceptance test in test/jest/acceptance/snyk-container/container.spec.ts (lines 172-182)

What's the product update that needs to be communicated to CLI users?

The Snyk CLI now supports scanning OCI images with manifests that don't include platform fields, improving compatibility with various OCI registry implementations.

Risk assessment (Low | Medium | High)?

Low

  • Dependency upgrade to a stable release version (v8.15.0)
  • snyk-docker-plugin v8.15.0 has been tested in the plugin repository
  • New acceptance test validates the functionality
  • Only affects OCI image scanning where manifests lack platform fields

Any background context you want to provide?

Some OCI registries (especially custom/private registries) produce image manifests that don't include the platform field in their manifest structure. Without this fix, snyk container fails to scan these images.

@adrobuta adrobuta requested review from a team as code owners December 19, 2025 13:44
@adrobuta adrobuta changed the title feat: container support for OCI images with platform-less manifests feat: container support for OCI images with manifests missing platform field Dec 19, 2025
@adrobuta adrobuta force-pushed the fix/container-oci-image-no-platform branch from e2c6995 to d31ae0a Compare December 19, 2025 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PeterSchafer PeterSchafer PeterSchafer approved these changes

@parker-snyk parker-snyk Awaiting requested review from parker-snyk

@bdemeo12 bdemeo12 Awaiting requested review from bdemeo12

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adrobuta @PeterSchafer