mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-25 11:46:43 +01:00
Remove clair related code
- clair code in harbor core - clair code in frontend - clair code in robotcase Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
parent
dec12308a1
commit
590212b485
4
.github/workflows/build-package.yml
vendored
4
.github/workflows/build-package.yml
vendored
@ -75,8 +75,8 @@ jobs:
|
||||
fi
|
||||
|
||||
cd src/github.com/goharbor/harbor
|
||||
sudo make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} NOTARYFLAG=true CLAIRFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY=
|
||||
sudo make package_online GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} NOTARYFLAG=true CLAIRFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY=
|
||||
sudo make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY=
|
||||
sudo make package_online GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY=
|
||||
harbor_offline_build_bundle=$(basename harbor-offline-installer-*.tgz)
|
||||
harbor_online_build_bundle=$(basename harbor-online-installer-*.tgz)
|
||||
echo "Package name is: $harbor_offline_build_bundle"
|
||||
|
@ -317,7 +317,7 @@ Once your pull request has been opened, harbor will run two CI pipelines against
|
||||
* If the coverage dramatic decline, you need to commit unit test to coverage your code.
|
||||
2. In the drone CI, the E2E test will be triggered against the pull request. Also, the source code will be checked via `gosec`, and the result is stored in google storage for later analysis. The pipeline is about to build and install harbor from source code, then to run four very basic E2E tests to validate the basic functionalities of harbor, like:
|
||||
* Registry Basic Verification, to validate the image can be pulled and pushed successful.
|
||||
* Clair Basic Verification, to validate the image can be scanned successful.
|
||||
* Trivy Basic Verification, to validate the image can be scanned successful.
|
||||
* Notary Basic Verification, to validate the image can be signed successful.
|
||||
* Ldap Basic Verification, to validate harbor can work in LDAP environment.
|
||||
|
||||
|
@ -24,7 +24,7 @@ Provide a descriptive subject line and in the body of the email include the foll
|
||||
## When to report a vulnerability
|
||||
* When you think Harbor has a potential security vulnerability.
|
||||
* When you suspect a potential vulnerability but you are unsure that it impacts Harbor.
|
||||
* When you know of or suspect a potential vulnerability on another project that is used by Harbor. For example Harbor has a dependency on Docker, PGSql, Redis, Notary, Clair, etc.
|
||||
* When you know of or suspect a potential vulnerability on another project that is used by Harbor. For example Harbor has a dependency on Docker, PGSql, Redis, Notary, Trivy, etc.
|
||||
|
||||
## Patch, Release, and Disclosure
|
||||
The Harbor Security Team will respond to vulnerability reports as follows:
|
||||
|
@ -171,7 +171,6 @@ _version: 2.0.0
|
||||
# registry_db_index: 1
|
||||
# jobservice_db_index: 2
|
||||
# chartmuseum_db_index: 3
|
||||
# clair_db_index: 4
|
||||
# trivy_db_index: 5
|
||||
# idle_timeout_seconds: 30
|
||||
|
||||
|
@ -24,12 +24,10 @@ MAX_JOB_WORKERS={{max_job_workers}}
|
||||
CORE_SECRET={{core_secret}}
|
||||
JOBSERVICE_SECRET={{jobservice_secret}}
|
||||
WITH_NOTARY={{with_notary}}
|
||||
WITH_CLAIR={{with_clair}}
|
||||
WITH_TRIVY={{with_trivy}}
|
||||
CORE_URL={{core_url}}
|
||||
CORE_LOCAL_URL={{core_local_url}}
|
||||
JOBSERVICE_URL={{jobservice_url}}
|
||||
CLAIR_ADAPTER_URL={{clair_adapter_url}}
|
||||
TRIVY_ADAPTER_URL={{trivy_adapter_url}}
|
||||
NOTARY_URL={{notary_url}}
|
||||
REGISTRY_STORAGE_PROVIDER_NAME={{storage_provider_name}}
|
||||
|
@ -50,7 +50,7 @@ const (
|
||||
QuotaGroup = "quota"
|
||||
// Put all config items do not belong a existing group into basic
|
||||
BasicGroup = "basic"
|
||||
ClairGroup = "clair"
|
||||
TrivyGroup = "trivy"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -65,8 +65,7 @@ var (
|
||||
{Name: common.AUTHMode, Scope: UserScope, Group: BasicGroup, EnvKey: "AUTH_MODE", DefaultValue: "db_auth", ItemType: &AuthModeType{}, Editable: false},
|
||||
{Name: common.ChartRepoURL, Scope: SystemScope, Group: BasicGroup, EnvKey: "CHART_REPOSITORY_URL", DefaultValue: "http://chartmuseum:9999", ItemType: &StringType{}, Editable: false},
|
||||
|
||||
{Name: common.ClairAdapterURL, Scope: SystemScope, Group: ClairGroup, EnvKey: "CLAIR_ADAPTER_URL", DefaultValue: "http://clair-adapter:8080", ItemType: &StringType{}, Editable: false},
|
||||
{Name: common.TrivyAdapterURL, Scope: SystemScope, Group: ClairGroup, EnvKey: "TRIVY_ADAPTER_URL", DefaultValue: "http://trivy-adapter:8080", ItemType: &StringType{}, Editable: false},
|
||||
{Name: common.TrivyAdapterURL, Scope: SystemScope, Group: TrivyGroup, EnvKey: "TRIVY_ADAPTER_URL", DefaultValue: "http://trivy-adapter:8080", ItemType: &StringType{}, Editable: false},
|
||||
|
||||
{Name: common.CoreURL, Scope: SystemScope, Group: BasicGroup, EnvKey: "CORE_URL", DefaultValue: "http://core:8080", ItemType: &StringType{}, Editable: false},
|
||||
{Name: common.CoreLocalURL, Scope: SystemScope, Group: BasicGroup, EnvKey: "CORE_LOCAL_URL", DefaultValue: "http://127.0.0.1:8080", ItemType: &StringType{}, Editable: false},
|
||||
@ -146,7 +145,6 @@ var (
|
||||
{Name: common.OIDCAutoOnboard, Scope: UserScope, Group: OIDCGroup, DefaultValue: "false", ItemType: &BoolType{}},
|
||||
|
||||
{Name: common.WithChartMuseum, Scope: SystemScope, Group: BasicGroup, EnvKey: "WITH_CHARTMUSEUM", DefaultValue: "false", ItemType: &BoolType{}, Editable: true},
|
||||
{Name: common.WithClair, Scope: SystemScope, Group: BasicGroup, EnvKey: "WITH_CLAIR", DefaultValue: "false", ItemType: &BoolType{}, Editable: true},
|
||||
{Name: common.WithTrivy, Scope: SystemScope, Group: BasicGroup, EnvKey: "WITH_TRIVY", DefaultValue: "false", ItemType: &BoolType{}, Editable: true},
|
||||
{Name: common.WithNotary, Scope: SystemScope, Group: BasicGroup, EnvKey: "WITH_NOTARY", DefaultValue: "false", ItemType: &BoolType{}, Editable: true},
|
||||
// the unit of expiration is minute, 43200 minutes = 30 days
|
||||
|
@ -88,7 +88,6 @@ const (
|
||||
TokenExpiration = "token_expiration"
|
||||
AdminInitialPassword = "admin_initial_password"
|
||||
WithNotary = "with_notary"
|
||||
WithClair = "with_clair"
|
||||
WithTrivy = "with_trivy"
|
||||
ScanAllPolicy = "scan_all_policy"
|
||||
UAAEndpoint = "uaa_endpoint"
|
||||
@ -118,7 +117,6 @@ const (
|
||||
UserMember = "u"
|
||||
GroupMember = "g"
|
||||
ReadOnly = "read_only"
|
||||
ClairAdapterURL = "clair_adapter_url"
|
||||
TrivyAdapterURL = "trivy_adapter_url"
|
||||
NotaryURL = "notary_url"
|
||||
DefaultCoreEndpoint = "http://core:8080"
|
||||
|
@ -67,7 +67,6 @@ var defaultConfigWithVerifyCert = map[string]interface{}{
|
||||
common.TokenExpiration: 30,
|
||||
common.AdminInitialPassword: "password",
|
||||
common.WithNotary: false,
|
||||
common.WithClair: false,
|
||||
}
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
|
@ -55,7 +55,7 @@ var defaultConfig = map[string]interface{}{
|
||||
common.TokenExpiration: 30,
|
||||
common.AdminInitialPassword: "password",
|
||||
common.WithNotary: false,
|
||||
common.WithClair: false,
|
||||
common.WithTrivy: false,
|
||||
common.UAAClientID: "testid",
|
||||
common.UAAClientSecret: "testsecret",
|
||||
common.UAAEndpoint: "10.192.168.5",
|
||||
|
@ -124,7 +124,7 @@ func GetUnitTestConfig() map[string]interface{} {
|
||||
common.WithNotary: "false",
|
||||
common.WithChartMuseum: "false",
|
||||
common.SelfRegistration: "true",
|
||||
common.WithClair: "true",
|
||||
common.WithTrivy: "true",
|
||||
common.TokenServiceURL: "http://core:8080/service/token",
|
||||
common.RegistryURL: fmt.Sprintf("http://%s:5000", ipAddress),
|
||||
common.ReadOnly: false,
|
||||
|
@ -77,7 +77,7 @@ func (suite *ControllerTestSuite) SetupSuite() {
|
||||
|
||||
m := &v1.ScannerAdapterMetadata{
|
||||
Scanner: &v1.Scanner{
|
||||
Name: "Clair",
|
||||
Name: "Trivy",
|
||||
Vendor: "Harbor",
|
||||
Version: "0.1.0",
|
||||
},
|
||||
@ -123,7 +123,7 @@ func (suite *ControllerTestSuite) SetupSuite() {
|
||||
rp := vuln.Report{
|
||||
GeneratedAt: time.Now().UTC().String(),
|
||||
Scanner: &v1.Scanner{
|
||||
Name: "Clair",
|
||||
Name: "Trivy",
|
||||
Vendor: "Harbor",
|
||||
Version: "0.1.0",
|
||||
},
|
||||
|
@ -328,7 +328,7 @@ func (bc *basicController) GetMetadata(registrationUUID string) (*v1.ScannerAdap
|
||||
}
|
||||
|
||||
var (
|
||||
reservedNames = []string{"Clair", "Trivy"}
|
||||
reservedNames = []string{"Trivy"}
|
||||
)
|
||||
|
||||
func isReservedName(name string) bool {
|
||||
|
@ -54,7 +54,7 @@ func (suite *ControllerTestSuite) SetupTest() {
|
||||
|
||||
m := &v1.ScannerAdapterMetadata{
|
||||
Scanner: &v1.Scanner{
|
||||
Name: "Clair",
|
||||
Name: "Trivy",
|
||||
Vendor: "Harbor",
|
||||
Version: "0.1.0",
|
||||
},
|
||||
|
@ -46,16 +46,16 @@ func TestScanAllAPI(t *testing.T) {
|
||||
func (suite *ScanAllAPITestSuite) SetupSuite() {
|
||||
// Ensure scanner is there
|
||||
reg := &scanner.Registration{
|
||||
Name: "Clair",
|
||||
Description: "The clair scanner adapter",
|
||||
URL: "https://clair.com:8080",
|
||||
Name: "Trivy",
|
||||
Description: "The trivy scanner adapter",
|
||||
URL: "https://trivy.com:8080",
|
||||
Disabled: false,
|
||||
IsDefault: true,
|
||||
}
|
||||
|
||||
scMgr := sc.New()
|
||||
uuid, err := scMgr.Create(reg)
|
||||
require.NoError(suite.T(), err, "failed to initialize clair scanner")
|
||||
require.NoError(suite.T(), err, "failed to initialize trivy scanner")
|
||||
|
||||
suite.uuid = uuid
|
||||
suite.m = scMgr
|
||||
|
@ -314,16 +314,6 @@ func WithNotary() bool {
|
||||
return cfgMgr.Get(common.WithNotary).GetBool()
|
||||
}
|
||||
|
||||
// WithClair returns a bool value to indicate if Harbor's deployed with Clair
|
||||
func WithClair() bool {
|
||||
return cfgMgr.Get(common.WithClair).GetBool()
|
||||
}
|
||||
|
||||
// ClairAdapterEndpoint returns the endpoint of clair adapter instance, by default it's the one deployed within Harbor.
|
||||
func ClairAdapterEndpoint() string {
|
||||
return cfgMgr.Get(common.ClairAdapterURL).GetString()
|
||||
}
|
||||
|
||||
// WithTrivy returns a bool value to indicate if Harbor's deployed with Trivy.
|
||||
func WithTrivy() bool {
|
||||
return cfgMgr.Get(common.WithTrivy).GetBool()
|
||||
|
@ -32,7 +32,7 @@ func TestConfig(t *testing.T) {
|
||||
dao.PrepareTestData([]string{"delete from properties where k='scan_all_policy'"}, []string{})
|
||||
defaultCACertPath = path.Join(currPath(), "test", "ca.crt")
|
||||
c := map[string]interface{}{
|
||||
common.WithClair: false,
|
||||
common.WithTrivy: false,
|
||||
common.WithChartMuseum: false,
|
||||
common.WithNotary: false,
|
||||
}
|
||||
@ -147,8 +147,8 @@ func TestConfig(t *testing.T) {
|
||||
if WithNotary() {
|
||||
t.Errorf("Withnotary should be false")
|
||||
}
|
||||
if WithClair() {
|
||||
t.Errorf("WithClair should be false")
|
||||
if WithTrivy() {
|
||||
t.Errorf("WithTrivy should be false")
|
||||
}
|
||||
if ReadOnly() {
|
||||
t.Errorf("ReadOnly should be false")
|
||||
|
@ -229,7 +229,6 @@ func main() {
|
||||
}
|
||||
|
||||
const (
|
||||
clairScanner = "Clair"
|
||||
trivyScanner = "Trivy"
|
||||
)
|
||||
|
||||
@ -251,20 +250,6 @@ func registerScanners() {
|
||||
uninstallScannerNames = append(uninstallScannerNames, trivyScanner)
|
||||
}
|
||||
|
||||
if config.WithClair() {
|
||||
log.Info("Registering Clair scanner")
|
||||
wantedScanners = append(wantedScanners, scanner.Registration{
|
||||
Name: clairScanner,
|
||||
Description: "The Clair scanner adapter",
|
||||
URL: config.ClairAdapterEndpoint(),
|
||||
UseInternalAddr: true,
|
||||
Immutable: true,
|
||||
})
|
||||
} else {
|
||||
log.Info("Removing Clair scanner")
|
||||
uninstallScannerNames = append(uninstallScannerNames, clairScanner)
|
||||
}
|
||||
|
||||
if err := scan.RemoveImmutableScanners(uninstallScannerNames); err != nil {
|
||||
log.Warningf("failed to remove scanners: %v", err)
|
||||
}
|
||||
@ -285,8 +270,5 @@ func getDefaultScannerName() string {
|
||||
if config.WithTrivy() {
|
||||
return trivyScanner
|
||||
}
|
||||
if config.WithClair() {
|
||||
return clairScanner
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
@ -57,12 +57,9 @@ func TestEnsureScanners(t *testing.T) {
|
||||
Keywords: map[string]interface{}{
|
||||
"ex_name__in": []string{
|
||||
"trivy",
|
||||
"clair",
|
||||
},
|
||||
},
|
||||
}).Return([]*scanner.Registration{
|
||||
{Name: "clair", URL: "http://clair:8080"},
|
||||
}, nil)
|
||||
}).Return([]*scanner.Registration{}, nil)
|
||||
mgr.On("Create", &scanner.Registration{
|
||||
Name: "trivy",
|
||||
URL: "http://trivy:8080",
|
||||
@ -70,7 +67,6 @@ func TestEnsureScanners(t *testing.T) {
|
||||
|
||||
err := EnsureScanners([]scanner.Registration{
|
||||
{Name: "trivy", URL: "http://trivy:8080"},
|
||||
{Name: "clair", URL: "http://clair:8080"},
|
||||
})
|
||||
|
||||
assert.NoError(t, err)
|
||||
@ -85,25 +81,18 @@ func TestEnsureScanners(t *testing.T) {
|
||||
Keywords: map[string]interface{}{
|
||||
"ex_name__in": []string{
|
||||
"trivy",
|
||||
"clair",
|
||||
},
|
||||
},
|
||||
}).Return([]*scanner.Registration{
|
||||
{Name: "trivy", URL: "http://trivy:8080"},
|
||||
{Name: "clair", URL: "http://clair:8080"},
|
||||
}, nil)
|
||||
mgr.On("Update", &scanner.Registration{
|
||||
Name: "trivy",
|
||||
URL: "http://trivy:8443",
|
||||
}).Return(nil)
|
||||
mgr.On("Update", &scanner.Registration{
|
||||
Name: "clair",
|
||||
URL: "http://clair:8443",
|
||||
}).Return(nil)
|
||||
|
||||
err := EnsureScanners([]scanner.Registration{
|
||||
{Name: "trivy", URL: "http://trivy:8443"},
|
||||
{Name: "clair", URL: "http://clair:8443"},
|
||||
})
|
||||
|
||||
assert.NoError(t, err)
|
||||
@ -130,7 +119,7 @@ func TestEnsureDefaultScanner(t *testing.T) {
|
||||
scannerManager = mgr
|
||||
|
||||
mgr.On("GetDefault").Return(&scanner.Registration{
|
||||
Name: "clair",
|
||||
Name: "trivy",
|
||||
}, nil)
|
||||
|
||||
err := EnsureDefaultScanner("trivy")
|
||||
|
@ -70,7 +70,7 @@ func (suite *JobTestSuite) TestJob() {
|
||||
ID: 0,
|
||||
UUID: "uuid",
|
||||
Name: "TestJob",
|
||||
URL: "https://clair.com:8080",
|
||||
URL: "https://trivy.com:8080",
|
||||
}
|
||||
|
||||
rData, err := r.ToJSON()
|
||||
@ -121,7 +121,7 @@ func (suite *JobTestSuite) TestJob() {
|
||||
rp := vuln.Report{
|
||||
GeneratedAt: time.Now().UTC().String(),
|
||||
Scanner: &v1.Scanner{
|
||||
Name: "Clair",
|
||||
Name: "Trivy",
|
||||
Vendor: "Harbor",
|
||||
Version: "0.1.0",
|
||||
},
|
||||
|
@ -44,7 +44,7 @@ func (suite *SummaryTestSuite) SetupSuite() {
|
||||
rp := vuln.Report{
|
||||
GeneratedAt: time.Now().UTC().String(),
|
||||
Scanner: &v1.Scanner{
|
||||
Name: "Clair",
|
||||
Name: "Trivy",
|
||||
Vendor: "Harbor",
|
||||
Version: "0.1.0",
|
||||
},
|
||||
@ -102,7 +102,7 @@ func (suite *SummaryTestSuite) TestSummaryGenerateSummaryNoOptions() {
|
||||
suite.Nil(nativeSummary.CVEBypassed)
|
||||
suite.Equal(2, nativeSummary.Summary.Total)
|
||||
|
||||
suite.Equal("Clair", nativeSummary.Scanner.Name)
|
||||
suite.Equal("Trivy", nativeSummary.Scanner.Name)
|
||||
suite.Equal("Harbor", nativeSummary.Scanner.Vendor)
|
||||
suite.Equal("0.1.0", nativeSummary.Scanner.Version)
|
||||
}
|
||||
|
@ -42,7 +42,7 @@ func (suite *SupportedMimesSuite) SetupSuite() {
|
||||
rp := vuln.Report{
|
||||
GeneratedAt: time.Now().UTC().String(),
|
||||
Scanner: &v1.Scanner{
|
||||
Name: "Clair",
|
||||
Name: "Trivy",
|
||||
Vendor: "Harbor",
|
||||
Version: "0.1.0",
|
||||
},
|
||||
|
@ -57,7 +57,7 @@ func (suite *ClientTestSuite) TestClientMetadata() {
|
||||
require.NoError(suite.T(), err)
|
||||
require.NotNil(suite.T(), m)
|
||||
|
||||
assert.Equal(suite.T(), m.Scanner.Name, "Clair")
|
||||
assert.Equal(suite.T(), m.Scanner.Name, "Trivy")
|
||||
}
|
||||
|
||||
// TestClientSubmitScan tests the scan submission of client
|
||||
@ -114,7 +114,7 @@ func (mh *mockHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
m := &ScannerAdapterMetadata{
|
||||
Scanner: &Scanner{
|
||||
Name: "Clair",
|
||||
Name: "Trivy",
|
||||
Vendor: "Harbor",
|
||||
Version: "0.1.0",
|
||||
},
|
||||
|
@ -57,7 +57,7 @@ describe('HarborShellComponent', () => {
|
||||
},
|
||||
getConfig: function () {
|
||||
return {
|
||||
with_clair: true
|
||||
with_trivy: true
|
||||
};
|
||||
}
|
||||
};
|
||||
|
@ -17,7 +17,7 @@ describe('ConfigurationScannerComponent', () => {
|
||||
let mockScannerMetadata = {
|
||||
scanner: {
|
||||
name: 'test1',
|
||||
vendor: 'clair',
|
||||
vendor: 'trivy',
|
||||
version: '1.0.1',
|
||||
},
|
||||
capabilities: [{
|
||||
|
@ -11,7 +11,7 @@ describe('ScannerMetadataComponent', () => {
|
||||
let mockScannerMetadata = {
|
||||
scanner: {
|
||||
name: 'test1',
|
||||
vendor: 'clair',
|
||||
vendor: 'trivy',
|
||||
version: '1.0.1',
|
||||
},
|
||||
capabilities: [{
|
||||
|
@ -27,7 +27,7 @@ describe('ArtifactListPageComponent', () => {
|
||||
project_creation_restriction: "",
|
||||
with_chartmuseum: "",
|
||||
with_notary: "",
|
||||
with_clair: "",
|
||||
with_trivy: "",
|
||||
with_admiral: "",
|
||||
registry_url: "",
|
||||
};
|
||||
|
@ -43,7 +43,7 @@ describe("ArtifactListTabComponent (inline template)", () => {
|
||||
let spyScanner: jasmine.Spy;
|
||||
let scannerMock = {
|
||||
disabled: false,
|
||||
name: "Clair"
|
||||
name: "Trivy"
|
||||
};
|
||||
let mockActivatedRoute = {
|
||||
snapshot: {
|
||||
|
@ -128,12 +128,12 @@ describe('SummaryComponent', () => {
|
||||
" for container | undefined |\n| `registry.volumes` | used to create PVCs if persistence is enabled (see " +
|
||||
"instructions in values.yaml) | see values.yaml |\n| `registry.nodeSelector` | Node labels for pod assignment " +
|
||||
"| `{}` |\n| `registry.tolerations` | Tolerations for pod assignment | `[]` |\n| `registry.affinity` | " +
|
||||
"Node/Pod affinities | `{}` |\n| **Clair** |\n| `clair.enabled` | Enable Clair? | `true` |\n| " +
|
||||
"`clair.image.repository` | Repository for clair image | `vmware/clair-photon` |\n| `clair.image.tag` |" +
|
||||
" Tag for clair image | `v2.0.1-v1.4.0`\n| `clair.resources` | [resources](https://kubernetes.io/docs/concepts/" +
|
||||
"configuration/manage-compute-resources-container/) to allocate for container | undefined\n| `clair.nodeSelector" +
|
||||
"` | Node labels for pod assignment | `{}` |\n| `clair.tolerations` | Tolerations for pod assignment | `[]` |\n| " +
|
||||
"`clair.affinity` | Node/Pod affinities | `{}` |\n| `postgresql` | Overrides for postgresql chart [values.yaml](https" +
|
||||
"Node/Pod affinities | `{}` |\n| **Trivy** |\n| `trivy.enabled` | Enable Trivy? | `true` |\n| " +
|
||||
"`trivy.image.repository` | Repository for trivy image | `goharbor/trivy-photon` |\n| `trivy.image.tag` |" +
|
||||
" Tag for trivy image | `v2.0.1-v1.4.0`\n| `trivy.resources` | [resources](https://kubernetes.io/docs/concepts/" +
|
||||
"configuration/manage-compute-resources-container/) to allocate for container | undefined\n| `trivy.nodeSelector" +
|
||||
"` | Node labels for pod assignment | `{}` |\n| `trivy.tolerations` | Tolerations for pod assignment | `[]` |\n| " +
|
||||
"`trivy.affinity` | Node/Pod affinities | `{}` |\n| `postgresql` | Overrides for postgresql chart [values.yaml](https" +
|
||||
"://github.com/kubernetes/charts/blob/f2938a46e3ae8e2512ede1142465004094c3c333/stable/postgresql/values.yaml) | " +
|
||||
"see values.yaml\n| **Notary** |\n| `notary.enabled` | Enable Notary? | `true` |\n| `notary.server.image.repository`" +
|
||||
" | Repository for notary server image | `vmware/notary-server-photon` |\n| `notary.server.image.tag` | Tag for " +
|
||||
|
@ -38,7 +38,7 @@ describe('ArtifactTagComponent', () => {
|
||||
project_creation_restriction: "",
|
||||
with_chartmuseum: "",
|
||||
with_notary: "",
|
||||
with_clair: "",
|
||||
with_trivy: "",
|
||||
with_admiral: "",
|
||||
registry_url: "",
|
||||
};
|
||||
|
@ -18,7 +18,7 @@ import { ClairDBStatus } from "../../lib/services";
|
||||
export class AppConfig {
|
||||
with_notary: boolean;
|
||||
with_admiral: boolean;
|
||||
with_clair: boolean;
|
||||
with_trivy: boolean;
|
||||
admiral_endpoint: string;
|
||||
auth_mode: string;
|
||||
registry_url: string;
|
||||
@ -37,7 +37,7 @@ export class AppConfig {
|
||||
// Set default value
|
||||
this.with_notary = false;
|
||||
this.with_admiral = false;
|
||||
this.with_clair = false;
|
||||
this.with_trivy = false;
|
||||
this.admiral_endpoint = "";
|
||||
this.auth_mode = "db_auth";
|
||||
this.registry_url = "";
|
||||
|
@ -47,7 +47,7 @@ describe('RegistryConfigComponent (inline template)', () => {
|
||||
let mockSystemInfo: SystemInfo = {
|
||||
"with_notary": true,
|
||||
"with_admiral": false,
|
||||
"with_clair": true,
|
||||
"with_trivy": true,
|
||||
"admiral_endpoint": "NA",
|
||||
"auth_mode": "db_auth",
|
||||
"registry_url": "10.112.122.56",
|
||||
|
@ -37,7 +37,7 @@ let mockedManualMetrics: ScanningMetrics = {
|
||||
};
|
||||
const mockedScanner: Scanner = {
|
||||
"uuid": "ca3c27f3-72f3-11ea-9e46-0242ac170004",
|
||||
"name": "clair",
|
||||
"name": "trivy",
|
||||
"description": "",
|
||||
"url": "http://10.92.161.247:8080",
|
||||
"disabled": false,
|
||||
|
@ -14,7 +14,7 @@ import { CURRENT_BASE_HREF } from "../../utils/utils";
|
||||
|
||||
const mockSystemInfo: SystemInfo[] = [
|
||||
{
|
||||
'with_clair': true,
|
||||
'with_trivy': true,
|
||||
'with_notary': true,
|
||||
'with_admiral': false,
|
||||
'admiral_endpoint': 'NA',
|
||||
@ -26,7 +26,7 @@ const mockSystemInfo: SystemInfo[] = [
|
||||
'harbor_version': 'v1.1.1-rc1-160-g565110d'
|
||||
},
|
||||
{
|
||||
'with_clair': false,
|
||||
'with_trivy': false,
|
||||
'with_notary': false,
|
||||
'with_admiral': false,
|
||||
'admiral_endpoint': 'NA',
|
||||
|
@ -194,7 +194,7 @@ export interface AccessLogItem {
|
||||
*
|
||||
*/
|
||||
export interface SystemInfo {
|
||||
with_clair?: boolean;
|
||||
with_trivy?: boolean;
|
||||
with_notary?: boolean;
|
||||
with_admiral?: boolean;
|
||||
with_chartmuseum?: boolean;
|
||||
|
@ -22,7 +22,7 @@ then
|
||||
sed "s/# github_token: xxx/github_token: $GITHUB_TOKEN/" -i make/harbor.yml
|
||||
fi
|
||||
|
||||
sudo make build_base_docker compile build prepare COMPILETAG=compile_golangimage GOBUILDTAGS="include_oss include_gcs" NOTARYFLAG=true CLAIRFLAG=true TRIVYFLAG=true CHARTFLAG=true GEN_TLS=true
|
||||
sudo make build_base_docker compile build prepare COMPILETAG=compile_golangimage GOBUILDTAGS="include_oss include_gcs" NOTARYFLAG=true TRIVYFLAG=true CHARTFLAG=true GEN_TLS=true
|
||||
|
||||
# set the debugging env
|
||||
echo "GC_TIME_WINDOW_HOURS=0" | sudo tee -a ./make/common/config/core/env
|
||||
|
@ -3,5 +3,5 @@ set -x
|
||||
|
||||
set -e
|
||||
|
||||
sudo make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-travis PKGVERSIONTAG=dev-travis UIVERSIONTAG=dev-travis GOBUILDIMAGE=golang:1.14.7 COMPILETAG=compile_golangimage NOTARYFLAG=true CLAIRFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY=
|
||||
sudo make package_offline GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-travis PKGVERSIONTAG=dev-travis UIVERSIONTAG=dev-travis GOBUILDIMAGE=golang:1.14.7 COMPILETAG=compile_golangimage NOTARYFLAG=true CLAIRFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY=
|
||||
sudo make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-travis PKGVERSIONTAG=dev-travis UIVERSIONTAG=dev-travis GOBUILDIMAGE=golang:1.14.7 COMPILETAG=compile_golangimage NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY=
|
||||
sudo make package_offline GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=dev-travis PKGVERSIONTAG=dev-travis UIVERSIONTAG=dev-travis GOBUILDIMAGE=golang:1.14.7 COMPILETAG=compile_golangimage NOTARYFLAG=true CHARTFLAG=true TRIVYFLAG=true HTTPPROXY=
|
||||
|
@ -451,13 +451,6 @@ Verify System Setting Allowlist
|
||||
Loop Verifiy CVE_IDs @{cve_ids}
|
||||
Close Browser
|
||||
|
||||
Verify Clair Is Default Scanner
|
||||
Init Chrome Driver
|
||||
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Scanners Page
|
||||
Should Display The Default Clair Scanner
|
||||
Close Browser
|
||||
|
||||
Verify Trivy Is Default Scanner
|
||||
Init Chrome Driver
|
||||
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
|
@ -52,7 +52,7 @@ Move To Summary Chart
|
||||
Sleep 1
|
||||
|
||||
Scan Repo
|
||||
#use fail for image clair can not scan, otherwise use success
|
||||
#use fail for image can not scan, otherwise use success
|
||||
[Arguments] ${tagname} ${status}
|
||||
#select one tag
|
||||
Retry Element Click //clr-dg-row[contains(.,'${tagname}')]//label
|
||||
@ -81,18 +81,9 @@ Switch To Scanners Page
|
||||
Retry Element Click xpath=//clr-main-container//clr-vertical-nav//a[contains(.,'Interrogation')]
|
||||
Retry Wait Until Page Contains Element ${set_default_scanner}
|
||||
|
||||
Should Display The Default Clair Scanner
|
||||
Retry Wait Until Page Contains Element //clr-datagrid//clr-dg-row//clr-dg-cell[contains(.,'Clair')]//span[contains(.,'Default')]
|
||||
|
||||
Should Display The Default Trivy Scanner
|
||||
Retry Wait Until Page Contains Element //clr-datagrid//clr-dg-row//clr-dg-cell[contains(.,'Trivy')]//span[contains(.,'Default')]
|
||||
|
||||
Clair Is Immutable Scanner
|
||||
Retry Element Click //clr-dg-row[contains(.,'Clair')]//clr-radio-wrapper/label
|
||||
Retry Double Keywords When Error Retry Element Click ${scanner_action_xpath} Retry Wait Until Page Contains Element ${delete_scanner_action_xpath}
|
||||
Retry Double Keywords When Error Retry Element Click ${delete_scanner_action_xpath} Retry Wait Until Page Contains Element ${delete_scanner_confirm_btn}
|
||||
Retry Double Keywords When Error Retry Element Click ${delete_scanner_confirm_btn} Retry Wait Until Page Contains Element ${immutable_msg_xpath}
|
||||
|
||||
Trivy Is Immutable Scanner
|
||||
Retry Element Click //clr-dg-row[contains(.,'Trivy')]//clr-radio-wrapper/label
|
||||
Retry Double Keywords When Error Retry Element Click ${scanner_action_xpath} Retry Wait Until Page Contains Element ${delete_scanner_action_xpath}
|
||||
|
@ -26,7 +26,6 @@ ${vulnerability_page} //clr-vertical-nav-group-children/a[contains(.,'Vulnerabi
|
||||
${set_default_scanner} //button[@id='set-default']
|
||||
${scanner_action_xpath} //span[@id='action-scanner']
|
||||
${delete_scanner_action_xpath} //span[@id='delete-scanner-action']
|
||||
${immutable_msg_xpath} //span[contains(.,'registration Clair is not allowed to delete as it is immutable: scanner API: delete')]
|
||||
${immutable_trivy_msg_xpath} //span[contains(.,'registration Trivy is not allowed to delete as it is immutable: scanner API: delete')]
|
||||
${delete_scanner_confirm_btn} xpath=//clr-modal//button[contains(.,'DELETE')]
|
||||
${scan_now_result} xpath=//div[@id="scan-result-container"]
|
||||
|
@ -38,35 +38,35 @@ Install Harbor to Test Server
|
||||
Generate Certificate Authority For Chrome
|
||||
|
||||
Up Harbor
|
||||
[Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true
|
||||
${rc} ${output}= Run And Return Rc And Output make start -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum}
|
||||
[Arguments] ${with_notary}=true ${with_chartmuseum}=true
|
||||
${rc} ${output}= Run And Return Rc And Output make start -e NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum}
|
||||
Log ${rc}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Down Harbor
|
||||
[Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true
|
||||
${rc} ${output}= Run And Return Rc And Output echo "Y" | make down -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum}
|
||||
[Arguments] ${with_notary}=true ${with_chartmuseum}=true
|
||||
${rc} ${output}= Run And Return Rc And Output echo "Y" | make down -e NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum}
|
||||
Log ${rc}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Package Harbor Offline
|
||||
[Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true ${with_trivy}=true
|
||||
[Arguments] ${with_notary}=true ${with_chartmuseum}=true ${with_trivy}=true
|
||||
Log To Console \nStart Docker Daemon
|
||||
Start Docker Daemon Locally
|
||||
Log To Console make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
${rc} ${output}= Run And Return Rc And Output make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
Log To Console make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
${rc} ${output}= Run And Return Rc And Output make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=%{Harbor_Build_Base_Tag} NPM_REGISTRY=%{NPM_REGISTRY} VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
Log To Console ${rc}
|
||||
Log To Console ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Package Harbor Online
|
||||
[Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true ${with_trivy}=true
|
||||
[Arguments] ${with_notary}=true ${with_chartmuseum}=true ${with_trivy}=true
|
||||
Log To Console \nStart Docker Daemon
|
||||
Start Docker Daemon Locally
|
||||
Log To Console \nmake package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
${rc} ${output}= Run And Return Rc And Output make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
Log To Console \nmake package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
${rc} ${output}= Run And Return Rc And Output make package_online GOBUILDTAGS="include_oss include_gcs" VERSIONTAG=%{Harbor_Assets_Version} PKGVERSIONTAG=%{Harbor_Package_Version} NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} TRIVYFLAG=${with_trivy} HTTPPROXY=
|
||||
Log ${rc}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
@ -105,8 +105,8 @@ Remove Notary Signature
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Prepare
|
||||
[Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true
|
||||
${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum}
|
||||
[Arguments] ${with_notary}=true ${with_chartmuseum}=true
|
||||
${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum}
|
||||
Log ${rc}
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
@ -139,8 +139,8 @@ Prepare Cert
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
|
||||
Compile and Up Harbor With Source Code
|
||||
[Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true
|
||||
${rc} ${output}= Run And Return Rc And Output make install swagger_client NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} HTTPPROXY=
|
||||
[Arguments] ${with_notary}=true ${with_chartmuseum}=true
|
||||
${rc} ${output}= Run And Return Rc And Output make install swagger_client NOTARYFLAG=${with_notary} CHARTFLAG=${with_chartmuseum} HTTPPROXY=
|
||||
Log ${output}
|
||||
Should Be Equal As Integers ${rc} 0
|
||||
Sleep 20
|
||||
|
@ -75,7 +75,6 @@ Collect Logs
|
||||
SSHLibrary.Get File /var/log/harbor/registry.log
|
||||
SSHLibrary.Get File /var/log/harbor/proxy.log
|
||||
SSHLibrary.Get File /var/log/harbor/adminserver.log
|
||||
SSHLibrary.Get File /var/log/harbor/clair.log
|
||||
SSHLibrary.Get File /var/log/harbor/jobservice.log
|
||||
SSHLibrary.Get File /var/log/harbor/postgresql.log
|
||||
SSHLibrary.Get File /var/log/harbor/notary-server.log
|
||||
|
@ -32,7 +32,7 @@ ${ova_network_options} --prop:network.ip0=${ova_network_ip0} --prop:network.net
|
||||
|
||||
${ova_harbor_admin_password} harbor-admin-passwd
|
||||
${ova_harbor_db_password} harbor-db-passwd
|
||||
#${ova_service_options} --prop:auth_mode="%{AUTH_MODE}" --prop:clair_db_password="%{CLAIR_DB_PASSWORD}" --prop:max_job_workers="%{MAX_JOB_WORKERS}" --prop:harbor_admin_password="%{HARBOR_ADMIN_PASSWORD}" --prop:db_password="%{DB_PASSWORD}"
|
||||
#${ova_service_options} --prop:auth_mode="%{AUTH_MODE}" --prop:max_job_workers="%{MAX_JOB_WORKERS}" --prop:harbor_admin_password="%{HARBOR_ADMIN_PASSWORD}" --prop:db_password="%{DB_PASSWORD}"
|
||||
|
||||
#${ova_options} ${ovftool_options} ${ova_appliance_options} ${ova_service_options}
|
||||
#${ova_options_with_network} ${ova_options} ${ova_network_options}
|
||||
|
@ -35,18 +35,6 @@ Test Case - Registry Basic Verfication
|
||||
|
||||
Close Browser
|
||||
|
||||
Test Case - Clair Basic Verfication
|
||||
Init Chrome Driver
|
||||
${d}= get current date result_format=%m%s
|
||||
Create An New Project With New User url=${HARBOR_URL} username=tester${d} email=tester${d}@vmware.com realname=tester${d} newPassword=Test1@34 comment=harbor projectname=project${d} public=false
|
||||
Push Image ${ip} tester${d} Test1@34 project${d} hello-world
|
||||
Go Into Project project${d}
|
||||
Go Into Repo project${d}/hello-world
|
||||
Scan Repo latest Succeed
|
||||
Summary Chart Should Display latest
|
||||
#Edit Repo Info
|
||||
Close Browser
|
||||
|
||||
Test Case - Notary Basic Verfication
|
||||
Enable Notary Client
|
||||
|
||||
|
@ -24,13 +24,6 @@ ${SSH_USER} root
|
||||
${HARBOR_ADMIN} admin
|
||||
|
||||
*** Test Cases ***
|
||||
Test Case - Clair Is Default Scanner And It Is Immutable
|
||||
Init Chrome Driver
|
||||
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Scanners Page
|
||||
Should Display The Default Clair Scanner
|
||||
Clair Is Immutable Scanner
|
||||
|
||||
Test Case - Disable Scan Schedule
|
||||
Init Chrome Driver
|
||||
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
|
@ -28,12 +28,6 @@ ${HARBOR_ADMIN} admin
|
||||
Test Case - Get Harbor Version
|
||||
#Just get harbor version and log it
|
||||
Get Harbor Version
|
||||
Test Case - Clair Is Default Scanner And It Is immutable
|
||||
Init Chrome Driver
|
||||
Sign In Harbor ${HARBOR_URL} ${HARBOR_ADMIN} ${HARBOR_PASSWORD}
|
||||
Switch To Scanners Page
|
||||
Should Display The Default Clair Scanner
|
||||
Clair Is Immutable Scanner
|
||||
|
||||
Test Case - Read Only Mode
|
||||
Init Chrome Driver
|
||||
|
@ -26,10 +26,6 @@ ${HARBOR_ADMIN} admin
|
||||
Test Case - Manage project publicity
|
||||
Body Of Manage project publicity
|
||||
|
||||
Test Case - Scan A Tag In The Repo
|
||||
[Tags] clair
|
||||
Body Of Scan A Tag In The Repo hello-world latest is_no_vulerabilty=${true}
|
||||
|
||||
Test Case - Scan A Tag In The Repo
|
||||
[Tags] trivy
|
||||
Body Of Scan A Tag In The Repo vmware/photon 1.0
|
||||
|
@ -47,9 +47,6 @@ Test Case - Switch Scanner
|
||||
|
||||
Switch To Scanners Page
|
||||
|
||||
Set Default Scanner Clair
|
||||
Should Display The Default Clair Scanner
|
||||
|
||||
Go Into Project project${d}
|
||||
Go Into Repo project${d}/hello-world
|
||||
Retry Wait Until Page Contains Element ${not_scanned_icon}
|
||||
|
@ -64,7 +64,6 @@ Test Case - Upgrade Verify
|
||||
Run Keyword Verify System Setting ${data}
|
||||
Run Keyword Verify System Setting Allowlist ${data}
|
||||
Run Keyword Verify Image Tag ${data}
|
||||
Run Keyword Verify Clair Is Default Scanner
|
||||
|
||||
Test Case - Upgrade Verify
|
||||
[Tags] 2.0-latest
|
||||
|
@ -1,21 +1,20 @@
|
||||
Test 10-01 Clair can not scan some images
|
||||
Test 10-01 Trivy can not scan some images
|
||||
=======
|
||||
|
||||
# Purpose:
|
||||
To verify that clair can not scan some image.
|
||||
To verify that trivy can not scan some image.
|
||||
|
||||
# References:
|
||||
User guide
|
||||
|
||||
# Environment:
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* Harbor is installed with clair enable.
|
||||
* A linux host with Docker CLI installed.
|
||||
* Clair has been updated to the latest.
|
||||
* Trivy has been updated to the latest.
|
||||
|
||||
# Test Steps:
|
||||
1. Login Harbor as admin.
|
||||
2. Create a project and push an image clair does not recognize(for example: photon).
|
||||
2. Create a project and push an image trivy does not recognize(for example: photon).
|
||||
3. Scan the pushed image.
|
||||
4. View the scan result.
|
||||
5. Rescan it.
|
||||
|
@ -1,17 +1,17 @@
|
||||
Test 10-02 Clair scan a image with vulnerability
|
||||
Test 10-02 Trivy scan a image with vulnerability
|
||||
=======
|
||||
|
||||
# Purpose:
|
||||
To verify that clair can scan a image with vulnerability.
|
||||
To verify that trivy can scan a image with vulnerability.
|
||||
|
||||
# References:
|
||||
User guide
|
||||
|
||||
# Environment:
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A linux host with Docker CLI installed.
|
||||
* Clair has been updated to the latest.
|
||||
* Trivy has been updated to the latest.
|
||||
|
||||
# Test Step
|
||||
1. Login Harbor as admin.
|
||||
|
@ -1,17 +1,17 @@
|
||||
Test 10-03 Clair scan 0 package image
|
||||
Test 10-03 Trivy scan 0 package image
|
||||
=======
|
||||
|
||||
# Purpose:
|
||||
To verify clair scan result of a 0 package image.
|
||||
To verify trivy scan result of a 0 package image.
|
||||
|
||||
# References:
|
||||
User guide
|
||||
|
||||
# Environment:
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A linux host with Docker CLI installed.
|
||||
* Clair has been updated to the latest.
|
||||
* Trivy has been updated to the latest.
|
||||
|
||||
# Test Step
|
||||
1. Login Harbor as admin.
|
||||
|
@ -1,4 +1,4 @@
|
||||
Test 10-04 Clair data not ready hint
|
||||
Test 10-04 Trivy data not ready hint
|
||||
=======
|
||||
|
||||
# Purpose:
|
||||
@ -9,7 +9,7 @@ User guide
|
||||
|
||||
# Environment:
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A linux host with Docker CLI installed.
|
||||
* Limit the Harbor's bandwith to less than 1Mbps after Harbor is installed.
|
||||
|
||||
|
@ -8,9 +8,9 @@ User guide
|
||||
|
||||
# Environment:
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A linux host with Docker CLI installed.
|
||||
* Clair has been updated to the latest.
|
||||
* Trivy has been updated to the latest.
|
||||
|
||||
# Test Step
|
||||
1. Login Harbor as admin.
|
||||
|
@ -9,7 +9,7 @@ User guide
|
||||
|
||||
# Environment:
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A linux host with Docker CLI installed.
|
||||
|
||||
# Test Step
|
||||
|
@ -8,7 +8,7 @@ User guide
|
||||
|
||||
# Environment:
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A linux host with Docker CLI installed.
|
||||
|
||||
# Test Step
|
||||
|
@ -8,9 +8,9 @@ User guide.
|
||||
|
||||
# Environment:
|
||||
* This test requires that one Harbor instance is running and availiable.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A Linux host with Docker client installed.
|
||||
* Clair has been updated to the latest.
|
||||
* Trivy has been updated to the latest.
|
||||
|
||||
# Test Step:
|
||||
1. Login harbor as admin.
|
||||
|
@ -8,9 +8,9 @@ User guide.
|
||||
|
||||
# Environment:
|
||||
* This test requires that one Harbor instance is running and availiable.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A Linux host with Docker client installed.
|
||||
* Clair has been updated to the latest.
|
||||
* Trivy has been updated to the latest.
|
||||
* Vulnerability severity limit is disabled.
|
||||
|
||||
# Test Step:
|
||||
|
@ -8,9 +8,9 @@ User guide.
|
||||
|
||||
# Environment:
|
||||
* This test requires that one Harbor instance is running and availiable.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A Linux host with Docker client installed.
|
||||
* Clair has been updated to the latest.
|
||||
* Trivy has been updated to the latest.
|
||||
|
||||
# Test Step:
|
||||
1. Login Harbor as admin.
|
||||
|
@ -1,16 +1,16 @@
|
||||
10-07 user fix vulnerability
|
||||
=======
|
||||
# Purpose:
|
||||
To test clair scan image vulnerablity correct after user fix it.
|
||||
To test trivy scan image vulnerablity correct after user fix it.
|
||||
|
||||
# Reference:
|
||||
User guide.
|
||||
|
||||
# Environment:
|
||||
* This test requires that one Harbor instance is running and availiable.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A Linux host with Docker client installed.
|
||||
* Clair has been updated to the latest.
|
||||
* Trivy has been updated to the latest.
|
||||
|
||||
# Test Steps:
|
||||
1. Login Harbor as admin.
|
||||
|
@ -2,16 +2,16 @@ Test 10-12 Scan Image on Push
|
||||
=======
|
||||
|
||||
# Purpose:
|
||||
To verify that clair can automatic scan image when image is pushed.
|
||||
To verify that trivy can automatic scan image when image is pushed.
|
||||
|
||||
# References:
|
||||
User guide
|
||||
|
||||
# Environment:
|
||||
* This test requires that a Harbor instance is running and available.
|
||||
* Harbor is installed with clair enable.
|
||||
* Harbor is installed with trivy enable.
|
||||
* A linux host with Docker CLI installed.
|
||||
* Clair has been updated to the latest.
|
||||
* Trivy has been updated to the latest.
|
||||
|
||||
# Test Steps:
|
||||
1. Login Harbor as admin.
|
||||
|
Loading…
Reference in New Issue
Block a user