You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to prevent scanning container images that are too large, which can cause resource issues. While we can get the compressed size of an image easily, determining the uncompressed size before pulling all layers is challenging.
Current Limitations
No reliable way to determine uncompressed size without pulling layers
Manifests provide compressed size
But uncompressed size is not available via API
Investigated alternatives:
gzip trailer information:
Contains uncompressed size
Limited to 4GB (32-bit unsigned int)
Not suitable for our use case with larger images
Other compression metadata:
No reliable source for accurate size information
Varies by compression method
Proposal
Since there's no reliable way to get the uncompressed size without pulling layers, implement a size check by:
So we should clear the error stack completely and report only the image oversize?
If the image size had been calculated correctly, then no other errors would have occurred, so I thought it would have been sufficient to display only the oversize error. Am I missing something?
Background
We need to prevent scanning container images that are too large, which can cause resource issues. While we can get the compressed size of an image easily, determining the uncompressed size before pulling all layers is challenging.
Current Limitations
No reliable way to determine uncompressed size without pulling layers
Investigated alternatives:
Proposal
Since there's no reliable way to get the uncompressed size without pulling layers, implement a size check by:
--max-image-size
flagImplementation Details
Size verification process:
Error handling:
Example Usage
Initial Implementation
Start with basic implementation:
Future Considerations
The text was updated successfully, but these errors were encountered: