Operator-Image-Source Failed

Issue

The image source check is looking at all of the images in the operator and the images it manages. If there are images listed that are not certified this test will fail. The partner will need to use publicly available certified images to satisfy their needs or they may need to create and certify their own version of that image. The image source check is looking into the docker digest of the image to verify it matches with the image that was submitted for certification.

Environment

Operator Config section for Operator Project in Red Hat Partner Connect web site

Resolution

Method 1: Verify the Image Digest

For example, if you are using a Non-Red Hat Registry, verify that the image you published matches the digest of the image that was scanned. You can find the image digest in your projects page by clicking View on the image you certified.

You find the docker digest of the published image by running the following command:

skopeo inspect docker://<registry>/<namespace>/<repository>:<tag>

We highly recommend using skopeo but if that is not an option you can also run:

docker inspect <registry>/<namespace>/<repository>:<tag>

Once you find the Docker Digest, verify that it matches the Docker Digest of the Certified Image in Red Hat Connect. If it does not, make sure you push the same image you pushed for certification to your external registry.

Method 2: More Information

If the workaround in Method 1 is not an acceptable solution, or the digest match both certified and publicly available image, a partner needs to open a support ticket and provide the following information:

Docker Digest (aka "sha") number
The Project URL
Full Container Image URL

PreviousOperator-Scorecard-Tests Failed

Last updated 4 years ago

Was this helpful?