Description
In our docker image scanning products, we cannot determine the base image used in the docker image we are scanning.
Explanation
We inspect the docker images' manifest file, which provides a sha of the layers making up the docker image, the we get the base image as a sha 256.
The manifest converts the docker file like the following example;
FROM abc:xyz
to
ADD sha256:qwertyuuio
Therefore we cannot determine what image that is, many people will use their own custom closed source base image.