hello,
i am scanning ubuntu image and trying to understand specific information on a given package.
in case a package was updated \ added, do I have a way to know that according to the layerId? or in another way?
the scope “all-layers” can give me if a package existed in dpkg, but not if it was added or updated during the process.
here is an example of a dockerfile I am checking:
# Use the official Ubuntu image as the base
FROM ubuntu:latest
# Set environment variables to avoid interactive prompts during package installation
ENV DEBIAN_FRONTEND=noninteractive
# Layer 1: Update and install jq
RUN apt-get update && apt-get install -y jq \
&& echo "Installed jq:" && jq --version
# Layer 2: Remove jq and clean up
RUN apt-get remove --purge -y jq \
&& apt-get autoremove -y \
&& apt-get clean && rm -rf /var/lib/apt/lists/* \
&& echo "jq removed"
# Layer 3: Update and reinstall jq
RUN apt-get update && apt-get install -y jq \
&& echo "Reinstalled jq:" && jq --version
# **New Layer**: Install an additional package (curl)
RUN apt-get update && apt-get install -y curl \
&& echo "Installed curl:" && curl --version
# Layer 4: Final cleanup
RUN apt-get clean && rm -rf /var/lib/apt/lists/*
# Command to indicate jq has been reinstalled
CMD ["echo", "jq has been reinstalled"]
It is related to the PR of Squashed all layers by tomersein · Pull Request #3138 · anchore/syft · GitHub
I get get “layer history” of a package, but i am not sure I am able to get the information I need.
Thanks!