diff --git a/src/pkg/scan/rest/v1/models.go b/src/pkg/scan/rest/v1/models.go index 9c25c16ea..06e6fb0a1 100644 --- a/src/pkg/scan/rest/v1/models.go +++ b/src/pkg/scan/rest/v1/models.go @@ -206,6 +206,8 @@ type Registry struct { // An optional value of the HTTP Authorization header sent with each request to the Docker Registry for getting or exchanging token. // For example, `Basic: Base64(username:password)`. Authorization string `json:"authorization"` + // Insecure is an indicator of https or http. + Insecure bool `json:"insecure"` } // ScanRequest represents a structure that is sent to a Scanner Adapter to initiate artifact scanning. diff --git a/src/pkg/scan/sbom/sbom.go b/src/pkg/scan/sbom/sbom.go index f8e6d2e43..9a819d123 100644 --- a/src/pkg/scan/sbom/sbom.go +++ b/src/pkg/scan/sbom/sbom.go @@ -43,13 +43,13 @@ const ( ) func init() { - scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registryFQDN}) + scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registry}) } // ScanHandler defines the Handler to generate sbom type scanHandler struct { GenAccessoryFunc func(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error) - RegistryServer func(ctx context.Context) string + RegistryServer func(ctx context.Context) (string, bool) } // RequestProducesMineTypes defines the mine types produced by the scan handler @@ -96,7 +96,7 @@ func (v *scanHandler) PostScan(ctx job.Context, sr *v1.ScanRequest, _ *scanModel Artifact: sr.Artifact, } // the registry server url is core by default, need to replace it with real registry server url - scanReq.Registry.URL = v.RegistryServer(ctx.SystemContext()) + scanReq.Registry.URL, scanReq.Registry.Insecure = v.RegistryServer(ctx.SystemContext()) if len(scanReq.Registry.URL) == 0 { return "", fmt.Errorf("empty registry server") } @@ -139,15 +139,16 @@ func (v *scanHandler) generateReport(startTime time.Time, repository, digest, st } // extract server name from config, and remove the protocol prefix -func registryFQDN(ctx context.Context) string { +func registry(ctx context.Context) (string, bool) { cfgMgr, ok := config.FromContext(ctx) if ok { extURL := cfgMgr.Get(context.Background(), common.ExtEndpoint).GetString() + insecure := strings.HasPrefix(extURL, "http://") server := strings.TrimPrefix(extURL, "https://") server = strings.TrimPrefix(server, "http://") - return server + return server, insecure } - return "" + return "", false } // retrieveSBOMContent retrieves the "sbom" field from the raw report diff --git a/src/pkg/scan/sbom/sbom_test.go b/src/pkg/scan/sbom/sbom_test.go index cf56b3bbb..c1e0cd972 100644 --- a/src/pkg/scan/sbom/sbom_test.go +++ b/src/pkg/scan/sbom/sbom_test.go @@ -89,8 +89,8 @@ func Test_scanHandler_RequestProducesMineTypes(t *testing.T) { } } -func mockGetRegistry(ctx context.Context) string { - return "myharbor.example.com" +func mockGetRegistry(ctx context.Context) (string, bool) { + return "myharbor.example.com", false } func mockGenAccessory(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error) { diff --git a/src/pkg/scan/util.go b/src/pkg/scan/util.go index efec3eb61..e66e657f4 100644 --- a/src/pkg/scan/util.go +++ b/src/pkg/scan/util.go @@ -86,6 +86,9 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str return "", err } accRef, err := name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String())) + if sq.Registry.Insecure { + accRef, err = name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()), name.Insecure) + } if err != nil { return "", err }