Dockle Error while scanning Images with its Manifest Digest

[raghur-orca]

Description

1. If i scan an image with its Manifest Digest, say alpine without pulling it locally - we don't see an issue in scanning it with Dockle.

# dockle --debug alpine@sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78
WARN	- CIS-DI-0001: Create a user for the container
	* Last user should not be root
INFO	- CIS-DI-0005: Enable Content trust for Docker
	* export DOCKER_CONTENT_TRUST=1 before docker pull/build
INFO	- CIS-DI-0006: Add HEALTHCHECK instruction to the container image
	* not found HEALTHCHECK statement

2. However, If we pull the same image with its Manifest Digest to the local environment - Dockle unable to scan the image with its Digest.

# docker image pull alpine@sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78
docker.io/library/alpine@sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78: Pulling from library/alpine
c6a83fedfae6: Already exists
Digest: sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78
Status: Downloaded newer image for alpine@sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78
docker.io/library/alpine@sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78

# docker image ls alpine
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
alpine       <none>    324bc02ae123   2 weeks ago   7.8MB

# dockle alpine@sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78
2024-08-08T05:10:15.556Z	FATAL	unable to initialize a image struct: failed to initialize source: failed to initialize: Manifest does not match provided manifest digest sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78

# dockle 324bc02ae123
2024-08-08T05:10:23.543Z	FATAL	unable to initialize a image struct: failed to initialize source: reading manifest latest in docker.io/library/324bc02ae123: requested access to the resource is denied

What did you expect to happen?
Scan the image with its Manifest Digest just like how Dockle scans the images placed in the remote registry/repo.

What happened instead?
2024-08-08T05:10:15.556Z FATAL unable to initialize a image struct: failed to initialize source: failed to initialize: Manifest does not match provided manifest digest sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78

Output of run with -debug:

# dockle --debug alpine@sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78
2024-08-08T05:31:28.280Z	DEBUG	There is no .dockleignore file
2024-08-08T05:31:28.280Z	DEBUG	Skipped update confirmation
2024-08-08T05:31:28.280Z	DEBUG	Start assessments...
2024-08-08T05:31:28.340Z	FATAL	unable to initialize a image struct:
    github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
        /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/docker/docker.go:73
  - failed to initialize source:
    github.com/goodwithtech/deckoder/extractor/image.NewImage
        /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/image/image.go:86
  - failed to initialize:
    github.com/goodwithtech/deckoder/extractor/image.newSource
        /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/image/image.go:118
  - Manifest does not match provided manifest digest sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78

Output of dockle -v:

# dockle --version
dockle version 0.4.14

Additional details (base image name, container registry info...):

1. Used alpine latest image hosted in Dockerhub for this replication - https://hub.docker.com/layers/library/alpine/latest/images/sha256-eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78?context=explore