Docker Scout fails to recognise DHI base image

[unixerius]

Github Actions pipeline run for reference -> https://github.com/unixerius/proxmox-qdevice/actions/runs/21072965388/job/60607307451

The same issue occurs with Scout as integrated into Docker Hub -> https://hub.docker.com/repository/docker/unixerius/proxmox-qdevice/general

The containers that are being built are based off of Docker's DHI (docker hardened image) Debian Base image -> https://hub.docker.com/hardened-images/catalog/dhi/debian-base

The Docker Buildx instructions for my containers include the options for --sbom and --provenance mode=max. Both Buildx and Scout confirm that provenance information is included in the image.

Regardless, Docker Scout fails to recognise the base image.

Logs from the pipeline run:

Run docker/scout-action@v1
  with:
    command: quickview,cves
    image: ghcr.io/***/proxmox-qdevice:bookworm
    ignore-unchanged: true
    only-severities: critical,high
    github-token: ***
    summary: true
    format: json
    write-comment: true
  env:
    registry: ***
    image: proxmox-qdevice
quickview
      ✓ SBOM obtained from attestation, 135 packages found
      ✓ Provenance obtained from attestation
  Error: image has no base image

[unixerius]

I have also tested it with the most recent version of Docker Scout. On my laptop I was using 1.0.9, now I've upgraded to 1.9.0.

With version 1.0.9, Docker Scout says an images based off of dhi.io/debian-base:trixie "has no base image":

% docker scout recommendations tess/qdev:dhi-trixie
    ! New version 1.19.0 available (installed version is 1.0.9) at https://github.com/docker/scout-cli
    ✓ SBOM of image already cached, 205 packages indexed

Could not display recommendations for  tess/qdev:dhi-trixie 
image has no base image

The same thing happens with the latest 1.9.0. The Dockerfile of the newly built container image starts with FROM dhi.io/debian-base:trixie, but Scout says that the image "has no base image".

% docker image build -t tess/qdev:dhi-trixie -f Dockerfile-trixie --no-cache .
...
=> [1/7] FROM dhi.io/debian-base:trixie@sha256:1244523a2f7b6c096c6f98ce0349df6798c775c5  1.2s
=> resolve dhi.io/debian-base:trixie@sha256:1244523a2f7b6c096c6f98ce0349df6798c775c5  0.0s
...

% docker scout recommendations tess/qdev:dhi-trixie
    ✓ Image stored for indexing
    ✓ Indexed 206 packages
    ✓ Provenance obtained from attestation

Could not display recommendations for  tess/qdev:dhi-trixie 
image has no base image