Priority: 4 - Normal
Affects Version/s: 7.21.3
Fix Version/s: None
Reproduced on latest version, environment doesn't affect behaviour (HA vs standalone, external DB type, etc).
When configuring Xray to block downloads of unscanned/vulnerable artifacts, docker remotes and virtuals give a vague error instead of the Blocked by Xray message, causing confusion and inconsistencies.
The following message should appear:
but currently, this only happens for local repositories.
Steps to reproduce:
1. Set up a docker local, remote, and virtual
2. Set up Xray to block unscanned/vulnerable images
3. Add a vulnerable image to docker local and run a docker pull url/docker-local/image:tag see it gives the verbose Xray Download Blocking Policy response
4. Pull the same image from the docker-remote and docker-virtual, see the message is a simple and vague
with no further information
5. To test further, we can see if you run something like
it shows in the trace the
message, but when running the docker pull or using artifactory/api/docker/docker-repo it only returns "unknown: Forbidden"