Multi-architectural Image Scan
QScanner supports scanning images built on multiple architectures. You need to specify the platform flag (--platform) along with `<os>/<architecture>/<variant>` format. Depending on the architecture of the image, a default variant is used automatically. You need not provide all the 3 components (os, arch & variant).
For example, see valid inputs of 'os, architecture, and variant' format for the `--platform` flag.
- linux/arm64/v8
- linux/arm64
- linux/amd64/v2
- linux/amd64
Provide all the values that are applicable for the target image wherein OS and architecture are the mandatory parameters.
Below are the formats for the the 'platform' flag in which image can be provided:
1. `<index-digest>` + `--platform`
2. `<name>:<tag>` + `--platform`
3. `<name>:<tag>@<index-digest>` + `--platform`
4. `<name>:<tag>@<manifest-digest>` (platform flag not required)
When a multi-arch image is pulled, for example, using `docker pull <name>@<manifest-digest>` (without using the 'platform' flag), output of `docker images` shows 'none' in image's tag. In this case, you should use option #4 (as mentioned above) to scan it.
If `--platform` flag is not mentioned or the value is empty then Qscanner will use OS and Architecture value of the host and perform scanning based on that.
For more details, refer to: https://github.com/containerd/containerd/blob/v1.4.3/platforms/platforms.go#L63
QScanner supports scanning of images built on multiple architectures using `--platform` flag in the following conditions and targets as of now.
| Category | Target | Platform flag applicable - Yes/No? |
| Others | Remote images | Yes |
| archive (oci/docker) | No | |
Runtime |
docker | No |
| containerd | Yes | |
| podman | No | |
| crio | No | |
Runtime with Storage Driver |
docker-overlay | Yes |
| docker-overlay2 | No | |
| containerd-overlay | Yes | |
| podman-overlay | No | |
| crio-overlay | No |