ROX:34136, ROX:34137: Fix tagless images' name and link display under CVE and Deployment pages by charmik-redhat · Pull Request #19992 · stackrox/stackrox

charmik-redhat · 2026-04-14T18:07:59Z

Description

When FlattenImageData is enabled, the image id field becomes a UUID instead of a SHA digest. Several views in Workload CVEs used the id field as a fallback display value for tagless images (via ImageNameLink and getImageBaseNameDisplay), causing UUIDs to appear instead of digests.

This PR adds a digest field to the Image GraphQL type and passes it to the UI so that tagless images always display the SHA digest regardless of the FlattenImageData flag.

Changes

Backend — central/graphql/resolvers/images.go

Exposes a new digest: String! field on the Image GraphQL type. For V1 images this equals the image ID; for V2 (flattened) images this is the separate SHA digest.

UI — ImageResourceTable.tsx (Deployment single page → Resources tab)

Adds digest to the imageResourcesFragment GraphQL query and ImageResources type.
Passes digest to ImageNameLink so tagless images display remote@sha256:... instead of remote@.

UI — table.utils.ts (Workload CVE single page)

Adds digest to the imageMetadataContextFragment GraphQL fragment. This fragment is consumed by AffectedImagesTable and other CVE-scoped tables, so the digest is available wherever
ImageNameLink renders an image name.

The ImageNameLink component (ImageNameLink.tsx:30) already prefers digest over id when present (const imageShaForDisplay = digest || id), so the fix is purely about fetching and passing the
new field.

User-facing documentation

CHANGELOG update is not needed
documentation is not needed

Testing and quality

the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
CI results are inspected

Automated testing

How I validated my change

Deployed with FlattenImageData enabled, navigated to a Workload CVE single page and verified tagless images display SHA instead of a UUID.
Verified the same fix on the Deployment single page → Resources tab.
Confirmed no regression with FlattenImageData disabled — behavior is unchanged since digest equals id for V1 images.

codecov · 2026-04-14T18:14:58Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.70%. Comparing base (5fdf5fe) to head (8e1c01a).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #19992   +/-   ##
=======================================
  Coverage   49.70%   49.70%           
=======================================
  Files        2766     2766           
  Lines      209352   209356    +4     
=======================================
+ Hits       104051   104055    +4     
  Misses      97611    97611           
  Partials     7690     7690

Flag	Coverage Δ
go-unit-tests	`49.70% <100.00%> (+<0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-actions · 2026-04-14T18:20:44Z

🚀 Build Images Ready

Images are ready for commit 8e1c01a. To use with deploy scripts:

export MAIN_IMAGE_TAG=4.11.x-706-g8e1c01adf3

coderabbitai · 2026-04-15T17:38:51Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 32f67dbd-7bdb-4c1a-912c-298e9aa0b656

📥 Commits

Reviewing files that changed from the base of the PR and between 2b1f307 and cd9d549.

📒 Files selected for processing (3)

central/graphql/resolvers/images.go
ui/apps/platform/src/Containers/Vulnerabilities/WorkloadCves/Deployment/ImageResourceTable.tsx
ui/apps/platform/src/Containers/Vulnerabilities/WorkloadCves/Tables/table.utils.ts

📝 Walkthrough

Summary by CodeRabbit

New Features
- Image digest information is now available in vulnerability scanning views, providing precise identification and verification of container images across your deployments.

Walkthrough

The changes extend GraphQL Image schema and related fragments to include a new digest field. The GraphQL resolver adds the required digest: String! field to the Image type, while UI components and GraphQL fragments are updated to fetch and utilize this digest information for images in vulnerability tables.

Changes

Cohort / File(s)	Summary
GraphQL Schema Extension `central/graphql/resolvers/images.go`	Added required `digest: String!` field to GraphQL Image type schema with documentation clarifying V1 vs V2 image digest semantics.
UI Fragment and Type Updates `ui/apps/platform/src/Containers/Vulnerabilities/WorkloadCves/Deployment/ImageResourceTable.tsx`, `ui/apps/platform/src/Containers/Vulnerabilities/WorkloadCves/Tables/table.utils.ts`	Extended `imageResourcesFragment` and `imageMetadataContextFragment` GraphQL fragments to fetch `digest` field; updated `ImageResources` type to include `digest: string` on image items; modified table rendering logic to pass digest to `ImageNameLink` component.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: fixing tagless images' name and link display on CVE and Deployment pages by adding digest support.
Description check	✅ Passed	The description is comprehensive, covering the problem, solution, detailed changes across backend and UI, validation approach, and documentation decisions. All critical sections are filled out appropriately.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch ROX-34137/fix-tagless-images-names-under-cve-and-deployment-single-pages

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

… images Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

charmik-redhat · 2026-04-20T17:56:59Z

This change is part of the following stack:

ROX:34136, ROX:34137: Fix tagless images' name and link display under CVE and Deployment pages #19992 ◀
- ROX-32714: Enable FlattenImageData feature flag #20109

_{Change managed by git-spice.}

charmik-redhat requested a review from a team as a code owner April 14, 2026 18:08

github-actions Bot added area/central area/ui labels Apr 14, 2026

charmik-redhat added the coderabbit-review label Apr 15, 2026

sachaudh self-requested a review April 17, 2026 00:16

Add digest field to Image GraphQL type for correct display of tagless…

8e1c01a

… images Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

charmik-redhat force-pushed the ROX-34137/fix-tagless-images-names-under-cve-and-deployment-single-pages branch from cd9d549 to 8e1c01a Compare April 20, 2026 17:56

This was referenced Apr 20, 2026

ROX-32714: Enable feature flag by default (Still updating failing tests. Do not review) #18539

Closed

ROX-32714: Enable FlattenImageData feature flag #20109

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ROX:34136, ROX:34137: Fix tagless images' name and link display under CVE and Deployment pages#19992

ROX:34136, ROX:34137: Fix tagless images' name and link display under CVE and Deployment pages#19992
charmik-redhat wants to merge 1 commit intomasterfrom
ROX-34137/fix-tagless-images-names-under-cve-and-deployment-single-pages

charmik-redhat commented Apr 14, 2026

Uh oh!

codecov Bot commented Apr 14, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Apr 14, 2026 •

edited

Loading

Uh oh!

coderabbitai Bot commented Apr 15, 2026

Summary by CodeRabbit

Walkthrough

Changes

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

charmik-redhat commented Apr 20, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

charmik-redhat commented Apr 14, 2026

Description

Changes

User-facing documentation

Testing and quality

Automated testing

How I validated my change

Uh oh!

codecov Bot commented Apr 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions Bot commented Apr 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🚀 Build Images Ready

Uh oh!

coderabbitai Bot commented Apr 15, 2026

Summary by CodeRabbit

Walkthrough

Changes

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

charmik-redhat commented Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

codecov Bot commented Apr 14, 2026 •

edited

Loading

github-actions Bot commented Apr 14, 2026 •

edited

Loading

charmik-redhat commented Apr 20, 2026 •

edited

Loading