From ec8d692fe6038b2d0f35310ec10fdc665ad0e1c1 Mon Sep 17 00:00:00 2001
From: "stonezdj(Daojun Zhang)" <stonezdj@gmail.com>
Date: Thu, 25 Apr 2024 17:00:35 +0800
Subject: [PATCH 01/13] Add scanner info and report_id to sbom_overview on
 listing artifact (#20358)

Add scan_status and report_id when scan has a failed task

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
---
 api/v2.0/swagger.yaml                       |  2 ++
 src/controller/scan/base_controller.go      | 21 ++++++++++++++++
 src/controller/scan/base_controller_test.go | 27 ++++++++++++++++++---
 src/pkg/scan/sbom/model/summary.go          |  4 +++
 src/pkg/scan/sbom/sbom.go                   | 15 ++++++------
 src/server/v2.0/handler/assembler/report.go | 22 ++++++++---------
 6 files changed, 68 insertions(+), 23 deletions(-)

diff --git a/api/v2.0/swagger.yaml b/api/v2.0/swagger.yaml
index 6890602a6..c9e1e8a50 100644
--- a/api/v2.0/swagger.yaml
+++ b/api/v2.0/swagger.yaml
@@ -6816,6 +6816,8 @@ definitions:
         format: int64
         description: 'Time in seconds required to create the report'
         example: 300
+      scanner:
+        $ref: '#/definitions/Scanner'
   NativeReportSummary:
     type: object
     description: 'The summary for the native report'
diff --git a/src/controller/scan/base_controller.go b/src/controller/scan/base_controller.go
index 161481711..c70221a0f 100644
--- a/src/controller/scan/base_controller.go
+++ b/src/controller/scan/base_controller.go
@@ -751,6 +751,11 @@ func (bc *basicController) GetSBOMSummary(ctx context.Context, art *ar.Artifact,
 	reportContent := reports[0].Report
 	result := map[string]interface{}{}
 	if len(reportContent) == 0 {
+		status := bc.retrieveStatusFromTask(ctx, reports[0].UUID)
+		if len(status) > 0 {
+			result[sbomModel.ReportID] = reports[0].UUID
+			result[sbomModel.ScanStatus] = status
+		}
 		log.Debug("no content for current report")
 		return result, nil
 	}
@@ -758,6 +763,22 @@ func (bc *basicController) GetSBOMSummary(ctx context.Context, art *ar.Artifact,
 	return result, err
 }
 
+// retrieve the status from task
+func (bc *basicController) retrieveStatusFromTask(ctx context.Context, reportID string) string {
+	if len(reportID) == 0 {
+		return ""
+	}
+	tasks, err := bc.taskMgr.ListScanTasksByReportUUID(ctx, reportID)
+	if err != nil {
+		log.Warningf("can not find the task with report UUID %v, error %v", reportID, err)
+		return ""
+	}
+	if len(tasks) > 0 {
+		return tasks[0].Status
+	}
+	return ""
+}
+
 // GetScanLog ...
 func (bc *basicController) GetScanLog(ctx context.Context, artifact *ar.Artifact, uuid string) ([]byte, error) {
 	if len(uuid) == 0 {
diff --git a/src/controller/scan/base_controller_test.go b/src/controller/scan/base_controller_test.go
index 521325d79..19a559e0e 100644
--- a/src/controller/scan/base_controller_test.go
+++ b/src/controller/scan/base_controller_test.go
@@ -70,9 +70,10 @@ type ControllerTestSuite struct {
 
 	tagCtl *tagtesting.FakeController
 
-	registration *scanner.Registration
-	artifact     *artifact.Artifact
-	rawReport    string
+	registration  *scanner.Registration
+	artifact      *artifact.Artifact
+	wrongArtifact *artifact.Artifact
+	rawReport     string
 
 	execMgr         *tasktesting.ExecutionManager
 	taskMgr         *tasktesting.Manager
@@ -101,6 +102,9 @@ func (suite *ControllerTestSuite) SetupSuite() {
 	suite.artifact.Digest = "digest-code"
 	suite.artifact.ManifestMediaType = v1.MimeTypeDockerArtifact
 
+	suite.wrongArtifact = &artifact.Artifact{Artifact: art.Artifact{ID: 2, ProjectID: 1}}
+	suite.wrongArtifact.Digest = "digest-wrong"
+
 	m := &v1.ScannerAdapterMetadata{
 		Scanner: &v1.Scanner{
 			Name:    "Trivy",
@@ -202,8 +206,11 @@ func (suite *ControllerTestSuite) SetupSuite() {
 			Report:           `{"sbom_digest": "sha256:1234567890", "scan_status": "Success", "duration": 3, "start_time": "2021-09-01T00:00:00Z", "end_time": "2021-09-01T00:00:03Z"}`,
 		},
 	}
+
+	emptySBOMReport := []*scan.Report{{Report: ``, UUID: "rp-uuid-004"}}
 	mgr.On("GetBy", mock.Anything, suite.artifact.Digest, suite.registration.UUID, []string{v1.MimeTypeNativeReport}).Return(reports, nil)
 	mgr.On("GetBy", mock.Anything, suite.artifact.Digest, suite.registration.UUID, []string{v1.MimeTypeSBOMReport}).Return(sbomReport, nil)
+	mgr.On("GetBy", mock.Anything, suite.wrongArtifact.Digest, suite.registration.UUID, []string{v1.MimeTypeSBOMReport}).Return(emptySBOMReport, nil)
 	mgr.On("Get", mock.Anything, "rp-uuid-001").Return(reports[0], nil)
 	mgr.On("UpdateReportData", "rp-uuid-001", suite.rawReport, (int64)(10000)).Return(nil)
 	mgr.On("UpdateStatus", "the-uuid-123", "Success", (int64)(10000)).Return(nil)
@@ -654,6 +661,12 @@ func (suite *ControllerTestSuite) TestGenerateSBOMSummary() {
 	suite.NotNil(dgst)
 	suite.Equal("Success", status)
 	suite.Equal("sha256:1234567890", dgst)
+	tasks := []*task.Task{{Status: "Error"}}
+	suite.taskMgr.On("ListScanTasksByReportUUID", mock.Anything, "rp-uuid-004").Return(tasks, nil).Once()
+	sum2, err := suite.c.GetSummary(context.TODO(), suite.wrongArtifact, []string{v1.MimeTypeSBOMReport})
+	suite.Nil(err)
+	suite.NotNil(sum2)
+
 }
 
 func TestIsSBOMMimeTypes(t *testing.T) {
@@ -683,5 +696,11 @@ func (suite *ControllerTestSuite) TestDeleteArtifactAccessories() {
 	}
 	ctx := orm.NewContext(nil, &ormtesting.FakeOrmer{})
 	suite.NoError(suite.c.deleteArtifactAccessories(ctx, reports))
-
+}
+
+func (suite *ControllerTestSuite) TestRetrieveStatusFromTask() {
+	tasks := []*task.Task{{Status: "Error"}}
+	suite.taskMgr.On("ListScanTasksByReportUUID", mock.Anything, "rp-uuid-004").Return(tasks, nil).Once()
+	status := suite.c.retrieveStatusFromTask(nil, "rp-uuid-004")
+	suite.Equal("Error", status)
 }
diff --git a/src/pkg/scan/sbom/model/summary.go b/src/pkg/scan/sbom/model/summary.go
index 46c870f97..0d7e6a2ef 100644
--- a/src/pkg/scan/sbom/model/summary.go
+++ b/src/pkg/scan/sbom/model/summary.go
@@ -27,6 +27,10 @@ const (
 	Duration = "duration"
 	// ScanStatus ...
 	ScanStatus = "scan_status"
+	// ReportID ...
+	ReportID = "report_id"
+	// Scanner ...
+	Scanner = "scanner"
 )
 
 // Summary includes the sbom summary information
diff --git a/src/pkg/scan/sbom/sbom.go b/src/pkg/scan/sbom/sbom.go
index a3e0f8501..f8e6d2e43 100644
--- a/src/pkg/scan/sbom/sbom.go
+++ b/src/pkg/scan/sbom/sbom.go
@@ -87,7 +87,7 @@ func (v *scanHandler) RequiredPermissions() []*types.Policy {
 
 // PostScan defines task specific operations after the scan is complete
 func (v *scanHandler) PostScan(ctx job.Context, sr *v1.ScanRequest, _ *scanModel.Report, rawReport string, startTime time.Time, robot *model.Robot) (string, error) {
-	sbomContent, err := retrieveSBOMContent(rawReport)
+	sbomContent, s, err := retrieveSBOMContent(rawReport)
 	if err != nil {
 		return "", err
 	}
@@ -107,7 +107,7 @@ func (v *scanHandler) PostScan(ctx job.Context, sr *v1.ScanRequest, _ *scanModel
 		myLogger.Errorf("error when create accessory from image %v", err)
 		return "", err
 	}
-	return v.generateReport(startTime, sr.Artifact.Repository, dgst, "Success")
+	return v.generateReport(startTime, sr.Artifact.Repository, dgst, "Success", s)
 }
 
 // annotations defines the annotations for the accessory artifact
@@ -121,7 +121,7 @@ func (v *scanHandler) annotations() map[string]string {
 	}
 }
 
-func (v *scanHandler) generateReport(startTime time.Time, repository, digest, status string) (string, error) {
+func (v *scanHandler) generateReport(startTime time.Time, repository, digest, status string, scanner *v1.Scanner) (string, error) {
 	summary := sbom.Summary{}
 	endTime := time.Now()
 	summary[sbom.StartTime] = startTime
@@ -130,6 +130,7 @@ func (v *scanHandler) generateReport(startTime time.Time, repository, digest, st
 	summary[sbom.SBOMRepository] = repository
 	summary[sbom.SBOMDigest] = digest
 	summary[sbom.ScanStatus] = status
+	summary[sbom.Scanner] = scanner
 	rep, err := json.Marshal(summary)
 	if err != nil {
 		return "", err
@@ -150,15 +151,15 @@ func registryFQDN(ctx context.Context) string {
 }
 
 // retrieveSBOMContent retrieves the "sbom" field from the raw report
-func retrieveSBOMContent(rawReport string) ([]byte, error) {
+func retrieveSBOMContent(rawReport string) ([]byte, *v1.Scanner, error) {
 	rpt := vuln.Report{}
 	err := json.Unmarshal([]byte(rawReport), &rpt)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	sbomContent, err := json.Marshal(rpt.SBOM)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
-	return sbomContent, nil
+	return sbomContent, rpt.Scanner, nil
 }
diff --git a/src/server/v2.0/handler/assembler/report.go b/src/server/v2.0/handler/assembler/report.go
index e4f9657ea..ff11e2b8f 100644
--- a/src/server/v2.0/handler/assembler/report.go
+++ b/src/server/v2.0/handler/assembler/report.go
@@ -21,16 +21,12 @@ import (
 	"github.com/goharbor/harbor/src/lib"
 	"github.com/goharbor/harbor/src/lib/log"
 	v1 "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
+	sbomModel "github.com/goharbor/harbor/src/pkg/scan/sbom/model"
 	"github.com/goharbor/harbor/src/server/v2.0/handler/model"
 )
 
 const (
 	vulnerabilitiesAddition = "vulnerabilities"
-	startTime               = "start_time"
-	endTime                 = "end_time"
-	scanStatus              = "scan_status"
-	sbomDigest              = "sbom_digest"
-	duration                = "duration"
 )
 
 // NewScanReportAssembler returns vul assembler
@@ -92,17 +88,19 @@ func (assembler *ScanReportAssembler) Assemble(ctx context.Context) error {
 			overview, err := assembler.scanCtl.GetSummary(ctx, &artifact.Artifact, []string{v1.MimeTypeSBOMReport})
 			if err != nil {
 				log.Warningf("get scan summary of artifact %s@%s for %s failed, error:%v", artifact.RepositoryName, artifact.Digest, v1.MimeTypeSBOMReport, err)
-			} else if len(overview) > 0 {
+			}
+			if len(overview) > 0 {
 				artifact.SBOMOverView = map[string]interface{}{
-					startTime:  overview[startTime],
-					endTime:    overview[endTime],
-					scanStatus: overview[scanStatus],
-					sbomDigest: overview[sbomDigest],
-					duration:   overview[duration],
+					sbomModel.StartTime:  overview[sbomModel.StartTime],
+					sbomModel.EndTime:    overview[sbomModel.EndTime],
+					sbomModel.ScanStatus: overview[sbomModel.ScanStatus],
+					sbomModel.SBOMDigest: overview[sbomModel.SBOMDigest],
+					sbomModel.Duration:   overview[sbomModel.Duration],
+					sbomModel.ReportID:   overview[sbomModel.ReportID],
+					sbomModel.Scanner:    overview[sbomModel.Scanner],
 				}
 			}
 		}
 	}
-
 	return nil
 }

From 0e8dce72be06b5082cc4b867683a1a36bd2ed37e Mon Sep 17 00:00:00 2001
From: Shengwen YU <yshengwen@vmware.com>
Date: Fri, 26 Apr 2024 10:52:11 +0800
Subject: [PATCH 02/13] fix: fresh scanner list when updating scanner (#20366)

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
---
 tests/resources/Harbor-Pages/Vulnerability_Elements.robot | 1 +
 tests/resources/Util.robot                                | 1 +
 tests/robot-cases/Group1-Nightly/Trivy.robot              | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/resources/Harbor-Pages/Vulnerability_Elements.robot b/tests/resources/Harbor-Pages/Vulnerability_Elements.robot
index e64594a87..593c9d1a7 100644
--- a/tests/resources/Harbor-Pages/Vulnerability_Elements.robot
+++ b/tests/resources/Harbor-Pages/Vulnerability_Elements.robot
@@ -51,3 +51,4 @@ ${scanner_password_input}  //*[@id='scanner-password']
 ${scanner_token_input}  //*[@id='scanner-token']
 ${scanner_apikey_input}  //*[@id='scanner-apiKey']
 ${scanner_set_default_btn}  //*[@id='set-default']
+${scanner_list_refresh_btn}  //span[@class='refresh-btn']//clr-icon[@role='none']
diff --git a/tests/resources/Util.robot b/tests/resources/Util.robot
index 54972975c..d394a6430 100644
--- a/tests/resources/Util.robot
+++ b/tests/resources/Util.robot
@@ -76,6 +76,7 @@ Resource  Harbor-Pages/Job_Service_Dashboard_Elements.robot
 Resource  Harbor-Pages/SecurityHub.robot
 Resource  Harbor-Pages/SecurityHub_Elements.robot
 Resource  Harbor-Pages/Verify.robot
+Resource  Harbor-Pages/Vulnerability_Elements.robot
 Resource  Docker-Util.robot
 Resource  CNAB_Util.robot
 Resource  Helm-Util.robot
diff --git a/tests/robot-cases/Group1-Nightly/Trivy.robot b/tests/robot-cases/Group1-Nightly/Trivy.robot
index 3db9513ed..bcfff07d2 100644
--- a/tests/robot-cases/Group1-Nightly/Trivy.robot
+++ b/tests/robot-cases/Group1-Nightly/Trivy.robot
@@ -182,7 +182,7 @@ Test Case - External Scanner CRUD
     Filter Scanner By Name  scanner${d}
     Filter Scanner By Endpoint  ${SCANNER_ENDPOINT}
     Retry Wait Element Count  //clr-dg-row  1
-    Retry Wait Until Page Contains Element  //clr-dg-row[.//span[text()='scanner${d}'] and .//clr-dg-cell[text()='${SCANNER_ENDPOINT}'] and .//span[text()='Healthy'] and .//clr-dg-cell[text()='None']]
+    Retry Double Keywords When Error  Retry Element Click  xpath=${scanner_list_refresh_btn}  Retry Wait Until Page Contains Element  //clr-dg-row[.//span[text()='scanner${d}'] and .//clr-dg-cell[text()='${SCANNER_ENDPOINT}'] and .//span[text()='Healthy'] and .//clr-dg-cell[text()='None']]
     # Delete this scanner
     Delete Scanner  scanner${d}
     Close Browser

From d0cb200ed5591dbdcfbb794631317bd2460e7839 Mon Sep 17 00:00:00 2001
From: Shengwen YU <yshengwen@vmware.com>
Date: Fri, 26 Apr 2024 11:44:00 +0800
Subject: [PATCH 03/13] fix: update nightly test case for verifying audit log
 of image digest (#20354)

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
---
 tests/robot-cases/Group1-Nightly/Common.robot | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/robot-cases/Group1-Nightly/Common.robot b/tests/robot-cases/Group1-Nightly/Common.robot
index d6915db20..fdc12f54b 100644
--- a/tests/robot-cases/Group1-Nightly/Common.robot
+++ b/tests/robot-cases/Group1-Nightly/Common.robot
@@ -885,13 +885,13 @@ Test Case - Audit Log And Purge
     # pull artifact
     Docker Pull  ${ip}/project${d}/${image}:${tag1}
     Docker Logout  ${ip}
-    Verify Log  ${user}  project${d}/${image}:${sha256}  artifact  pull
+    Verify Log  ${user}  project${d}/${image}@${sha256}  artifact  pull
     Go Into Repo  project${d}  ${image}
     # delete artifact
     @{tag_list}  Create List  ${tag1}
     Multi-delete Artifact  @{tag_list}
     Switch To Logs
-    Verify Log  ${user}  project${d}/${image}:${sha256}  artifact  delete
+    Verify Log  ${user}  project${d}/${image}@${sha256}  artifact  delete
     Go Into Project  project${d}
     # delete repository
     Delete Repo  project${d}  ${image}

From 822784aac81fbce27fd320e0008eea87ebf11ae2 Mon Sep 17 00:00:00 2001
From: Shengwen YU <yshengwen@vmware.com>
Date: Fri, 26 Apr 2024 12:28:22 +0800
Subject: [PATCH 04/13] =?UTF-8?q?fix:=20update=20to=20"clr-dg-cell[10]"=20?=
 =?UTF-8?q?to=20fix=20the=20pull=20time=20tc=20due=20to=20addin=E2=80=A6?=
 =?UTF-8?q?=20(#20361)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

fix: update to "clr-dg-cell[10]" to fix the pull time tc due to adding an SBOM column

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
---
 tests/robot-cases/Group1-Nightly/Common.robot | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/robot-cases/Group1-Nightly/Common.robot b/tests/robot-cases/Group1-Nightly/Common.robot
index fdc12f54b..7730491e1 100644
--- a/tests/robot-cases/Group1-Nightly/Common.robot
+++ b/tests/robot-cases/Group1-Nightly/Common.robot
@@ -1151,8 +1151,8 @@ Test Case - Retain Image Last Pull Time
     Scan Repo  ${tag}  Succeed
     Sleep  15
     Reload Page
-    Retry Wait Element Visible  //clr-dg-row//clr-dg-cell[9]
-    ${last_pull_time}=  Get Text  //clr-dg-row//clr-dg-cell[9]
+    Retry Wait Element Visible  //clr-dg-row//clr-dg-cell[10]
+    ${last_pull_time}=  Get Text  //clr-dg-row//clr-dg-cell[10]
     Should Be Empty  ${last_pull_time}
     Switch To Configuration System Setting
     Set Up Retain Image Last Pull Time  disable
@@ -1160,8 +1160,8 @@ Test Case - Retain Image Last Pull Time
     Scan Repo  ${tag}  Succeed
     Sleep  15
     Reload Page
-    Retry Wait Element Visible  //clr-dg-row//clr-dg-cell[9]
-    ${last_pull_time}=  Get Text  //clr-dg-row//clr-dg-cell[9]
+    Retry Wait Element Visible  //clr-dg-row//clr-dg-cell[10]
+    ${last_pull_time}=  Get Text  //clr-dg-row//clr-dg-cell[10]
     Should Not Be Empty  ${last_pull_time}
     Close Browser
 

From c791b39a26bf4b5a9c7f88d39025b531ab93f20d Mon Sep 17 00:00:00 2001
From: Shengwen YU <yshengwen@vmware.com>
Date: Fri, 26 Apr 2024 14:13:00 +0800
Subject: [PATCH 05/13] fix: add stop_scan_payload when call stop scan api
 (#20353)

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
---
 tests/apitests/python/test_project_permission.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/apitests/python/test_project_permission.py b/tests/apitests/python/test_project_permission.py
index 1962c48e3..491eba2dc 100644
--- a/tests/apitests/python/test_project_permission.py
+++ b/tests/apitests/python/test_project_permission.py
@@ -89,8 +89,11 @@ copy_artifact = Permission("{}/projects/{}/repositories/target_repo/artifacts?fr
 delete_artifact = Permission("{}/projects/{}/repositories/target_repo/artifacts/{}".format(harbor_base_url, project_name, source_artifact_tag), "DELETE", 200)
 
 # 6. Resource scan      actions: ['read', 'create', 'stop']
+stop_scan_payload = {
+    "scan_type": "vulnerability"
+}
 create_scan = Permission("{}/projects/{}/repositories/{}/artifacts/{}/scan".format(harbor_base_url, project_name, source_artifact_name, source_artifact_tag), "POST", 202)
-stop_scan = Permission("{}/projects/{}/repositories/{}/artifacts/{}/scan/stop".format(harbor_base_url, project_name, source_artifact_name, source_artifact_tag), "POST", 202)
+stop_scan = Permission("{}/projects/{}/repositories/{}/artifacts/{}/scan/stop".format(harbor_base_url, project_name, source_artifact_name, source_artifact_tag), "POST", 202, stop_scan_payload)
 read_scan = Permission("{}/projects/{}/repositories/{}/artifacts/{}/scan/83be44fd-1234-5678-b49f-4b6d6e8f5730/log".format(harbor_base_url, project_name, source_artifact_name, source_artifact_tag), "get", 404)
 
 # 7. Resource tag      actions: ['list', 'create', 'delete']

From dee73a44f30b4c60115157e53e3019ff758758b9 Mon Sep 17 00:00:00 2001
From: Lichao Xue <68891670+xuelichao@users.noreply.github.com>
Date: Fri, 26 Apr 2024 14:56:23 +0800
Subject: [PATCH 06/13] Fix UI bugs (#20364)

Signed-off-by: xuelichao <xuel@vmware.com>
---
 .../system-robot-util.ts                      |  1 +
 .../artifact-additions.component.html         | 11 ++++++-
 .../artifact-additions.component.spec.ts      | 21 ++++++++++++
 .../artifact-additions.component.ts           | 33 ++++++++++++++-----
 .../artifact-sbom.component.html              | 18 ++++++----
 .../artifact-sbom.component.spec.ts           |  1 -
 .../artifact-sbom/artifact-sbom.component.ts  | 28 +++++-----------
 .../artifact-vulnerabilities.component.ts     | 30 ++---------------
 .../artifact-list-tab.component.html          |  4 ---
 .../artifact-list-tab.component.ts            |  2 +-
 .../project/repository/artifact/artifact.ts   |  2 +-
 .../sbom-tip-histogram.component.ts           |  4 +--
 .../src/app/shared/units/shared.utils.ts      | 11 ++++++-
 src/portal/src/i18n/lang/de-de-lang.json      |  3 +-
 src/portal/src/i18n/lang/en-us-lang.json      |  3 +-
 src/portal/src/i18n/lang/es-es-lang.json      |  3 +-
 src/portal/src/i18n/lang/fr-fr-lang.json      |  3 +-
 src/portal/src/i18n/lang/ko-kr-lang.json      |  3 +-
 src/portal/src/i18n/lang/pt-br-lang.json      |  3 +-
 src/portal/src/i18n/lang/tr-tr-lang.json      |  3 +-
 src/portal/src/i18n/lang/zh-cn-lang.json      |  3 +-
 src/portal/src/i18n/lang/zh-tw-lang.json      |  3 +-
 22 files changed, 110 insertions(+), 83 deletions(-)

diff --git a/src/portal/src/app/base/left-side-nav/system-robot-accounts/system-robot-util.ts b/src/portal/src/app/base/left-side-nav/system-robot-accounts/system-robot-util.ts
index f693753ad..6e3b4097c 100644
--- a/src/portal/src/app/base/left-side-nav/system-robot-accounts/system-robot-util.ts
+++ b/src/portal/src/app/base/left-side-nav/system-robot-accounts/system-robot-util.ts
@@ -78,6 +78,7 @@ export const ACTION_RESOURCE_I18N_MAP = {
     log: 'ROBOT_ACCOUNT.LOG',
     'notification-policy': 'ROBOT_ACCOUNT.NOTIFICATION_POLICY',
     quota: 'ROBOT_ACCOUNT.QUOTA',
+    sbom: 'ROBOT_ACCOUNT.SBOM',
 };
 
 export function convertKey(key: string) {
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.html b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.html
index 99208d3f4..1a71ebf3a 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.html
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.html
@@ -13,10 +13,13 @@
                     [clrIfActive]="currentTabLinkId === 'vulnerability'">
                     <clr-tab-content id="vulnerability-content">
                         <hbr-artifact-vulnerabilities
+                            *ngIf="currentTabLinkId === 'vulnerability'"
                             [artifact]="artifact"
                             [projectName]="projectName"
                             [projectId]="projectId"
                             [repoName]="repoName"
+                            [scanBtnState]="getScanBtnState()"
+                            [hasEnabledScanner]="hasEnabledScanner()"
                             [digest]="digest"
                             [vulnerabilitiesLink]="
                                 getVulnerability()
@@ -24,16 +27,18 @@
                     </clr-tab-content>
                 </ng-template>
             </clr-tab>
-            <clr-tab *ngIf="getSbom()">
+            <clr-tab *ngIf="hasScannerSupportSBOM()">
                 <button clrTabLink id="sbom" (click)="actionTab('sbom')">
                     {{ 'REPOSITORY.SBOM' | translate }}
                 </button>
                 <ng-template [clrIfActive]="currentTabLinkId === 'sbom'">
                     <clr-tab-content id="sbom-content">
                         <hbr-artifact-sbom
+                            *ngIf="currentTabLinkId === 'sbom'"
                             [artifact]="artifact"
                             [projectName]="projectName"
                             [projectId]="projectId"
+                            [hasScannerSupportSBOM]="hasScannerSupportSBOM()"
                             [repoName]="repoName"
                             [sbomDigest]="sbomDigest"></hbr-artifact-sbom>
                     </clr-tab-content>
@@ -50,6 +55,7 @@
                     [clrIfActive]="currentTabLinkId === 'build-history'">
                     <clr-tab-content>
                         <hbr-artifact-build-history
+                            *ngIf="currentTabLinkId === 'build-history'"
                             [buildHistoryLink]="
                                 getBuildHistory()
                             "></hbr-artifact-build-history>
@@ -67,6 +73,7 @@
                     [clrIfActive]="currentTabLinkId === 'summary-link'">
                     <clr-tab-content id="summary-content">
                         <hbr-artifact-summary
+                            *ngIf="currentTabLinkId === 'summary-link'"
                             [summaryLink]="getSummary()"></hbr-artifact-summary>
                     </clr-tab-content>
                 </ng-template>
@@ -81,6 +88,7 @@
                 <ng-template [clrIfActive]="currentTabLinkId === 'depend-link'">
                     <clr-tab-content id="depend-content">
                         <hbr-artifact-dependencies
+                            *ngIf="currentTabLinkId === 'depend-link'"
                             [dependenciesLink]="
                                 getDependencies()
                             "></hbr-artifact-dependencies>
@@ -97,6 +105,7 @@
                 <ng-template [clrIfActive]="currentTabLinkId === 'value-link'">
                     <clr-tab-content id="value-content">
                         <hbr-artifact-values
+                            *ngIf="currentTabLinkId === 'value-link'"
                             [valuesLink]="getValues()"></hbr-artifact-values>
                     </clr-tab-content>
                 </ng-template>
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.spec.ts b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.spec.ts
index 0f8a801e4..c4147cb57 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.spec.ts
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.spec.ts
@@ -4,6 +4,8 @@ import { AdditionLinks } from '../../../../../../../ng-swagger-gen/models/additi
 import { CURRENT_BASE_HREF } from '../../../../../shared/units/utils';
 import { SharedTestingModule } from '../../../../../shared/shared.module';
 import { NO_ERRORS_SCHEMA } from '@angular/core';
+import { ArtifactListPageService } from '../artifact-list-page/artifact-list-page.service';
+import { ClrLoadingState } from '@clr/angular';
 
 describe('ArtifactAdditionsComponent', () => {
     const mockedAdditionLinks: AdditionLinks = {
@@ -12,6 +14,18 @@ describe('ArtifactAdditionsComponent', () => {
             href: CURRENT_BASE_HREF + '/test',
         },
     };
+    const mockedArtifactListPageService = {
+        hasScannerSupportSBOM(): boolean {
+            return true;
+        },
+        hasEnabledScanner(): boolean {
+            return true;
+        },
+        getScanBtnState(): ClrLoadingState {
+            return ClrLoadingState.SUCCESS;
+        },
+        init() {},
+    };
     let component: ArtifactAdditionsComponent;
     let fixture: ComponentFixture<ArtifactAdditionsComponent>;
 
@@ -20,6 +34,12 @@ describe('ArtifactAdditionsComponent', () => {
             imports: [SharedTestingModule],
             declarations: [ArtifactAdditionsComponent],
             schemas: [NO_ERRORS_SCHEMA],
+            providers: [
+                {
+                    provide: ArtifactListPageService,
+                    useValue: mockedArtifactListPageService,
+                },
+            ],
         }).compileComponents();
     });
 
@@ -27,6 +47,7 @@ describe('ArtifactAdditionsComponent', () => {
         fixture = TestBed.createComponent(ArtifactAdditionsComponent);
         component = fixture.componentInstance;
         component.additionLinks = mockedAdditionLinks;
+        component.tab = 'vulnerability';
         fixture.detectChanges();
     });
 
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.ts b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.ts
index 45994ac8e..a0f5007b8 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.ts
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-additions.component.ts
@@ -10,7 +10,8 @@ import { ADDITIONS } from './models';
 import { AdditionLinks } from '../../../../../../../ng-swagger-gen/models/addition-links';
 import { AdditionLink } from '../../../../../../../ng-swagger-gen/models/addition-link';
 import { Artifact } from '../../../../../../../ng-swagger-gen/models/artifact';
-import { ClrTabs } from '@clr/angular';
+import { ClrLoadingState, ClrTabs } from '@clr/angular';
+import { ArtifactListPageService } from '../artifact-list-page/artifact-list-page.service';
 
 @Component({
     selector: 'artifact-additions',
@@ -32,14 +33,21 @@ export class ArtifactAdditionsComponent implements AfterViewChecked, OnInit {
     @Input()
     tab: string;
 
-    @Input() currentTabLinkId: string = 'vulnerability';
+    @Input() currentTabLinkId: string = '';
     activeTab: string = null;
 
     @ViewChild('additionsTab') tabs: ClrTabs;
-    constructor(private ref: ChangeDetectorRef) {}
+    constructor(
+        private ref: ChangeDetectorRef,
+        private artifactListPageService: ArtifactListPageService
+    ) {}
 
     ngOnInit(): void {
         this.activeTab = this.tab;
+        if (!this.activeTab) {
+            this.currentTabLinkId = 'vulnerability';
+        }
+        this.artifactListPageService.init(this.projectId);
     }
 
     ngAfterViewChecked() {
@@ -50,6 +58,10 @@ export class ArtifactAdditionsComponent implements AfterViewChecked, OnInit {
         this.ref.detectChanges();
     }
 
+    hasScannerSupportSBOM(): boolean {
+        return this.artifactListPageService.hasScannerSupportSBOM();
+    }
+
     getVulnerability(): AdditionLink {
         if (
             this.additionLinks &&
@@ -59,12 +71,7 @@ export class ArtifactAdditionsComponent implements AfterViewChecked, OnInit {
         }
         return null;
     }
-    getSbom(): AdditionLink {
-        if (this.additionLinks && this.additionLinks[ADDITIONS.SBOMS]) {
-            return this.additionLinks[ADDITIONS.SBOMS];
-        }
-        return {};
-    }
+
     getBuildHistory(): AdditionLink {
         if (this.additionLinks && this.additionLinks[ADDITIONS.BUILD_HISTORY]) {
             return this.additionLinks[ADDITIONS.BUILD_HISTORY];
@@ -93,4 +100,12 @@ export class ArtifactAdditionsComponent implements AfterViewChecked, OnInit {
     actionTab(tab: string): void {
         this.currentTabLinkId = tab;
     }
+
+    getScanBtnState(): ClrLoadingState {
+        return this.artifactListPageService.getScanBtnState();
+    }
+
+    hasEnabledScanner(): boolean {
+        return this.artifactListPageService.hasEnabledScanner();
+    }
 }
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.html b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.html
index c7b9cf8a6..577711f33 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.html
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.html
@@ -32,12 +32,18 @@
                     </div>
                 </div>
             </clr-dg-action-bar>
-            <clr-dg-column [clrDgField]="'package'" class="package-medium">{{
-                'SBOM.GRID.COLUMN_PACKAGE' | translate
-            }}</clr-dg-column>
-            <clr-dg-column [clrDgField]="'version'" class="version-medium">{{
-                'SBOM.GRID.COLUMN_VERSION' | translate
-            }}</clr-dg-column>
+            <clr-dg-column
+                [clrDgSortBy]="'name'"
+                [clrDgField]="'name'"
+                class="package-medium"
+                >{{ 'SBOM.GRID.COLUMN_PACKAGE' | translate }}</clr-dg-column
+            >
+            <clr-dg-column
+                [clrDgSortBy]="'versionInfo'"
+                [clrDgField]="'versionInfo'"
+                class="version-medium"
+                >{{ 'SBOM.GRID.COLUMN_VERSION' | translate }}</clr-dg-column
+            >
             <clr-dg-column>{{
                 'SBOM.GRID.COLUMN_LICENSE' | translate
             }}</clr-dg-column>
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.spec.ts b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.spec.ts
index e3978ad39..09e68430a 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.spec.ts
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.spec.ts
@@ -10,7 +10,6 @@ import {
 } from '@ngx-translate/core';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 import { UserPermissionService } from '../../../../../../shared/services';
-import { AdditionLink } from '../../../../../../../../ng-swagger-gen/models/addition-link';
 import { ErrorHandler } from '../../../../../../shared/units/error-handler';
 import { SessionService } from '../../../../../../shared/services/session.service';
 import { SessionUser } from '../../../../../../shared/entities/session-user';
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.ts b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.ts
index ac352ff0f..c37ee3c16 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.ts
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-sbom/artifact-sbom.component.ts
@@ -1,13 +1,6 @@
-import {
-    AfterViewInit,
-    Component,
-    Input,
-    OnDestroy,
-    OnInit,
-} from '@angular/core';
+import { Component, Input, OnDestroy, OnInit } from '@angular/core';
 import { ClrDatagridStateInterface, ClrLoadingState } from '@clr/angular';
 import { finalize } from 'rxjs/operators';
-import { AdditionLink } from '../../../../../../../../ng-swagger-gen/models/addition-link';
 import {
     ScannerVo,
     UserPermissionService,
@@ -30,7 +23,6 @@ import {
     HarborEvent,
 } from '../../../../../../services/event-service/event.service';
 import { severityText } from '../../../../../left-side-nav/interrogation-services/vulnerability-database/security-hub.interface';
-import { AppConfigService } from 'src/app/services/app-config.service';
 
 import {
     ArtifactSbom,
@@ -38,8 +30,7 @@ import {
     getArtifactSbom,
 } from '../../artifact';
 import { ArtifactService } from 'ng-swagger-gen/services';
-import { ScanTypes } from 'src/app/shared/entities/shared.const';
-import { ArtifactListPageService } from '../../artifact-list-page/artifact-list-page.service';
+import { ScanTypes } from '../../../../../../shared/entities/shared.const';
 
 @Component({
     selector: 'hbr-artifact-sbom',
@@ -56,13 +47,12 @@ export class ArtifactSbomComponent implements OnInit, OnDestroy {
     @Input()
     sbomDigest: string;
     @Input() artifact: Artifact;
+    @Input() hasScannerSupportSBOM: boolean = false;
 
     artifactSbom: ArtifactSbom;
     loading: boolean = false;
-    hasScannerSupportSBOM: boolean = false;
     downloadSbomBtnState: ClrLoadingState = ClrLoadingState.DEFAULT;
     hasSbomPermission: boolean = false;
-
     hasShowLoading: boolean = false;
     sub: Subscription;
     hasViewInitWithDelay: boolean = false;
@@ -73,16 +63,13 @@ export class ArtifactSbomComponent implements OnInit, OnDestroy {
     readonly severityText = severityText;
     constructor(
         private errorHandler: ErrorHandler,
-        private appConfigService: AppConfigService,
         private artifactService: ArtifactService,
-        private artifactListPageService: ArtifactListPageService,
         private userPermissionService: UserPermissionService,
         private eventService: EventService,
         private session: SessionService
     ) {}
 
     ngOnInit() {
-        this.artifactListPageService.init(this.projectId);
         this.getSbom();
         this.getSbomPermission();
         if (!this.sub) {
@@ -222,8 +209,6 @@ export class ArtifactSbomComponent implements OnInit, OnDestroy {
     }
 
     canDownloadSbom(): boolean {
-        this.hasScannerSupportSBOM =
-            this.artifactListPageService.hasScannerSupportSBOM();
         return (
             this.hasScannerSupportSBOM &&
             //this.hasSbomPermission &&
@@ -234,7 +219,12 @@ export class ArtifactSbomComponent implements OnInit, OnDestroy {
     }
 
     artifactSbomPackages(): ArtifactSbomPackageItem[] {
-        return this.artifactSbom?.sbomPackage?.packages ?? [];
+        return (
+            this.artifactSbom?.sbomPackage?.packages?.filter(
+                item =>
+                    item?.name || item?.versionInfo || item?.licenseConcluded
+            ) ?? []
+        );
     }
 
     load(state: ClrDatagridStateInterface) {
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-vulnerabilities/artifact-vulnerabilities.component.ts b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-vulnerabilities/artifact-vulnerabilities.component.ts
index 02ad708ea..9d83d167c 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-vulnerabilities/artifact-vulnerabilities.component.ts
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-additions/artifact-vulnerabilities/artifact-vulnerabilities.component.ts
@@ -50,14 +50,13 @@ export class ArtifactVulnerabilitiesComponent implements OnInit, OnDestroy {
     @Input()
     digest: string;
     @Input() artifact: Artifact;
+    @Input() scanBtnState: ClrLoadingState = ClrLoadingState.DEFAULT;
+    @Input() hasEnabledScanner: boolean = false;
     scan_overview: any;
     scanner: ScannerVo;
-    projectScanner: ScannerVo;
 
     scanningResults: VulnerabilityItem[] = [];
     loading: boolean = false;
-    hasEnabledScanner: boolean = false;
-    scanBtnState: ClrLoadingState = ClrLoadingState.DEFAULT;
     severitySort: ClrDatagridComparatorInterface<VulnerabilityItem>;
     cvssSort: ClrDatagridComparatorInterface<VulnerabilityItem>;
     hasScanningPermission: boolean = false;
@@ -112,7 +111,6 @@ export class ArtifactVulnerabilitiesComponent implements OnInit, OnDestroy {
     ngOnInit() {
         this.getVulnerabilities();
         this.getScanningPermission();
-        this.getProjectScanner();
         if (!this.sub) {
             this.sub = this.eventService.subscribe(
                 HarborEvent.UPDATE_VULNERABILITY_INFO,
@@ -203,30 +201,6 @@ export class ArtifactVulnerabilitiesComponent implements OnInit, OnDestroy {
             );
     }
 
-    getProjectScanner(): void {
-        this.hasEnabledScanner = false;
-        this.scanBtnState = ClrLoadingState.LOADING;
-        this.scanningService.getProjectScanner(this.projectId).subscribe(
-            response => {
-                if (
-                    response &&
-                    '{}' !== JSON.stringify(response) &&
-                    !response.disabled &&
-                    response.health === 'healthy'
-                ) {
-                    this.scanBtnState = ClrLoadingState.SUCCESS;
-                    this.hasEnabledScanner = true;
-                } else {
-                    this.scanBtnState = ClrLoadingState.ERROR;
-                }
-                this.projectScanner = response;
-            },
-            error => {
-                this.scanBtnState = ClrLoadingState.ERROR;
-            }
-        );
-    }
-
     getLevel(v: VulnerabilityItem): number {
         if (v && v.severity && SEVERITY_LEVEL_MAP[v.severity]) {
             return SEVERITY_LEVEL_MAP[v.severity];
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.html b/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.html
index d523b67c1..f8d10c908 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.html
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.html
@@ -65,10 +65,6 @@
                             class="action-dropdown"
                             clrPosition="bottom-left"
                             *clrIfOpen>
-                            <div
-                                class="dropdown-divider"
-                                role="separator"
-                                aria-hidden="true"></div>
                             <button
                                 clrDropdownItem
                                 id="stop-scan"
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.ts b/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.ts
index d880f8856..7871d0b74 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.ts
+++ b/src/portal/src/app/base/project/repository/artifact/artifact-list-page/artifact-list/artifact-list-tab/artifact-list-tab.component.ts
@@ -1099,7 +1099,7 @@ export class ArtifactListTabComponent implements OnInit, OnDestroy {
                                         res?.filter(
                                             item =>
                                                 item.type === AccessoryType.SBOM
-                                        )?.[0]?.digest ?? null;
+                                        )?.[0]?.digest ?? undefined;
                                 }
                             },
                             error: err => {
diff --git a/src/portal/src/app/base/project/repository/artifact/artifact.ts b/src/portal/src/app/base/project/repository/artifact/artifact.ts
index fa3e19c7d..aeb65607a 100644
--- a/src/portal/src/app/base/project/repository/artifact/artifact.ts
+++ b/src/portal/src/app/base/project/repository/artifact/artifact.ts
@@ -76,7 +76,7 @@ export enum AccessoryType {
     COSIGN = 'signature.cosign',
     NOTATION = 'signature.notation',
     NYDUS = 'accelerator.nydus',
-    SBOM = 'harbor.sbom',
+    SBOM = 'sbom.harbor',
 }
 
 export enum ArtifactType {
diff --git a/src/portal/src/app/base/project/repository/artifact/sbom-scanning/sbom-tip-histogram/sbom-tip-histogram.component.ts b/src/portal/src/app/base/project/repository/artifact/sbom-scanning/sbom-tip-histogram/sbom-tip-histogram.component.ts
index f75050dc1..f5c1e0b90 100644
--- a/src/portal/src/app/base/project/repository/artifact/sbom-scanning/sbom-tip-histogram/sbom-tip-histogram.component.ts
+++ b/src/portal/src/app/base/project/repository/artifact/sbom-scanning/sbom-tip-histogram/sbom-tip-histogram.component.ts
@@ -68,9 +68,7 @@ export class SbomTipHistogramComponent {
     }
 
     get noSbom(): boolean {
-        return (
-            this.sbomSummary.scan_status === SBOM_SCAN_STATUS.NOT_GENERATED_SBOM
-        );
+        return this.sbomDigest === undefined || this.sbomDigest === '';
     }
 
     isThemeLight() {
diff --git a/src/portal/src/app/shared/units/shared.utils.ts b/src/portal/src/app/shared/units/shared.utils.ts
index 2b686316f..f89cc772d 100644
--- a/src/portal/src/app/shared/units/shared.utils.ts
+++ b/src/portal/src/app/shared/units/shared.utils.ts
@@ -142,7 +142,16 @@ export const errorHandler = function (error: any): string {
     }
     // Not a standard error return Basically not used cover unknown error
     try {
-        return JSON.parse(error.error).message;
+        const jsonError = JSON.parse(error.error);
+        if (jsonError.errors && jsonError.errors instanceof Array) {
+            return (
+                jsonError.errors?.map(error => error.message) ?? [
+                    'UNKNOWN_ERROR',
+                ]
+            ).join(',');
+        } else {
+            return JSON.parse(error.error).message;
+        }
     } catch (err) {}
     // Not a standard error return Basically not used cover unknown error
     if (typeof error.error === 'string') {
diff --git a/src/portal/src/i18n/lang/de-de-lang.json b/src/portal/src/i18n/lang/de-de-lang.json
index 630f6acc7..cae6500c7 100644
--- a/src/portal/src/i18n/lang/de-de-lang.json
+++ b/src/portal/src/i18n/lang/de-de-lang.json
@@ -406,6 +406,7 @@
         "REPOSITORY": "Repository",
         "ARTIFACT": "Artifact",
         "SCAN": "Scan",
+        "SBOM": "SBOM",
         "TAG": "Tag",
         "ACCESSORY": "Accessory",
         "ARTIFACT_ADDITION": "Artifact Addition",
@@ -1061,7 +1062,7 @@
         "GENERATE": "Generate SBOM",
         "DOWNLOAD": "Download SBOM",
         "Details": "SBOM details",
-        "STOP": "Stop SBOM",
+        "STOP": "Stop Generate SBOM",
         "TRIGGER_STOP_SUCCESS": "Trigger stopping SBOM generation successfully"
     },
     "VULNERABILITY": {
diff --git a/src/portal/src/i18n/lang/en-us-lang.json b/src/portal/src/i18n/lang/en-us-lang.json
index eb1d0a300..4aa29135b 100644
--- a/src/portal/src/i18n/lang/en-us-lang.json
+++ b/src/portal/src/i18n/lang/en-us-lang.json
@@ -406,6 +406,7 @@
         "REPOSITORY": "Repository",
         "ARTIFACT": "Artifact",
         "SCAN": "Scan",
+        "SBOM": "SBOM",
         "TAG": "Tag",
         "ACCESSORY": "Accessory",
         "ARTIFACT_ADDITION": "Artifact Addition",
@@ -1062,7 +1063,7 @@
         "GENERATE": "Generate SBOM ",
         "DOWNLOAD": "Download SBOM",
         "Details": "SBOM details",
-        "STOP": "Stop SBOM",
+        "STOP": "Stop Generate SBOM",
         "TRIGGER_STOP_SUCCESS": "Trigger stopping SBOM generation successfully"
     },
     "VULNERABILITY": {
diff --git a/src/portal/src/i18n/lang/es-es-lang.json b/src/portal/src/i18n/lang/es-es-lang.json
index 4b5e9f684..2380dcb37 100644
--- a/src/portal/src/i18n/lang/es-es-lang.json
+++ b/src/portal/src/i18n/lang/es-es-lang.json
@@ -407,6 +407,7 @@
         "REPOSITORY": "Repository",
         "ARTIFACT": "Artifact",
         "SCAN": "Scan",
+        "SBOM": "SBOM",
         "TAG": "Tag",
         "ACCESSORY": "Accessory",
         "ARTIFACT_ADDITION": "Artifact Addition",
@@ -1060,7 +1061,7 @@
         "GENERATE": "Generate SBOM",
         "DOWNLOAD": "Download SBOM",
         "Details": "SBOM details",
-        "STOP": "Stop SBOM",
+        "STOP": "Stop Generate SBOM",
         "TRIGGER_STOP_SUCCESS": "Trigger stopping SBOM generation successfully"
     },
     "VULNERABILITY": {
diff --git a/src/portal/src/i18n/lang/fr-fr-lang.json b/src/portal/src/i18n/lang/fr-fr-lang.json
index cd4374bda..b92b032d1 100644
--- a/src/portal/src/i18n/lang/fr-fr-lang.json
+++ b/src/portal/src/i18n/lang/fr-fr-lang.json
@@ -406,6 +406,7 @@
         "REPOSITORY": "Dépôt",
         "ARTIFACT": "Artefact",
         "SCAN": "Scan",
+        "SBOM": "SBOM",
         "TAG": "Tag",
         "ACCESSORY": "Accessoire",
         "ARTIFACT_ADDITION": "Artefact Addition",
@@ -1060,7 +1061,7 @@
         "GENERATE": "Generate SBOM",
         "DOWNLOAD": "Download SBOM",
         "Details": "SBOM details",
-        "STOP": "Stop SBOM",
+        "STOP": "Stop Generate SBOM",
         "TRIGGER_STOP_SUCCESS": "Trigger stopping SBOM generation successfully"
     },
     "VULNERABILITY": {
diff --git a/src/portal/src/i18n/lang/ko-kr-lang.json b/src/portal/src/i18n/lang/ko-kr-lang.json
index 0c897c7bd..6ac0bbb31 100644
--- a/src/portal/src/i18n/lang/ko-kr-lang.json
+++ b/src/portal/src/i18n/lang/ko-kr-lang.json
@@ -403,6 +403,7 @@
         "REPOSITORY": "저장소",
         "ARTIFACT": "아티팩트",
         "SCAN": "스캔",
+        "SBOM": "SBOM",
         "TAG": "태그",
         "ACCESSORY": "액세서리",
         "ARTIFACT_ADDITION": "아티팩트 추가",
@@ -1059,7 +1060,7 @@
         "GENERATE": "Generate SBOM",
         "DOWNLOAD": "Download SBOM",
         "Details": "SBOM details",
-        "STOP": "Stop SBOM",
+        "STOP": "Stop Generate SBOM",
         "TRIGGER_STOP_SUCCESS": "Trigger stopping SBOM generation successfully"
     },
     "VULNERABILITY": {
diff --git a/src/portal/src/i18n/lang/pt-br-lang.json b/src/portal/src/i18n/lang/pt-br-lang.json
index 3adaa4714..e7272bf14 100644
--- a/src/portal/src/i18n/lang/pt-br-lang.json
+++ b/src/portal/src/i18n/lang/pt-br-lang.json
@@ -404,6 +404,7 @@
         "REPOSITORY": "Repository",
         "ARTIFACT": "Artifact",
         "SCAN": "Scan",
+        "SBOM": "SBOM",
         "TAG": "Tag",
         "ACCESSORY": "Accessory",
         "ARTIFACT_ADDITION": "Artifact Addition",
@@ -1058,7 +1059,7 @@
         "GENERATE": "Generate SBOM",
         "DOWNLOAD": "Download SBOM",
         "Details": "SBOM details",
-        "STOP": "Stop SBOM",
+        "STOP": "Stop Generate SBOM",
         "TRIGGER_STOP_SUCCESS": "Trigger stopping SBOM generation successfully"
     },
     "VULNERABILITY": {
diff --git a/src/portal/src/i18n/lang/tr-tr-lang.json b/src/portal/src/i18n/lang/tr-tr-lang.json
index cef0128ed..dd3a790cc 100644
--- a/src/portal/src/i18n/lang/tr-tr-lang.json
+++ b/src/portal/src/i18n/lang/tr-tr-lang.json
@@ -406,6 +406,7 @@
         "REPOSITORY": "Repository",
         "ARTIFACT": "Artifact",
         "SCAN": "Scan",
+        "SBOM": "SBOM",
         "TAG": "Tag",
         "ACCESSORY": "Accessory",
         "ARTIFACT_ADDITION": "Artifact Addition",
@@ -1061,7 +1062,7 @@
         "GENERATE": "Generate SBOM",
         "DOWNLOAD": "Download SBOM",
         "Details": "SBOM details",
-        "STOP": "Stop SBOM",
+        "STOP": "Stop Generate SBOM",
         "TRIGGER_STOP_SUCCESS": "Trigger stopping SBOM generation successfully"
     },
     "VULNERABILITY": {
diff --git a/src/portal/src/i18n/lang/zh-cn-lang.json b/src/portal/src/i18n/lang/zh-cn-lang.json
index 24e30cc88..2a5dce0bf 100644
--- a/src/portal/src/i18n/lang/zh-cn-lang.json
+++ b/src/portal/src/i18n/lang/zh-cn-lang.json
@@ -405,6 +405,7 @@
         "REPOSITORY": "仓库",
         "ARTIFACT": "Artifact",
         "SCAN": "扫描",
+        "SBOM": "SBOM",
         "TAG": "Tag",
         "ACCESSORY": "附件",
         "ARTIFACT_ADDITION": "Artifact 额外信息",
@@ -1059,7 +1060,7 @@
         "GENERATE": "Generate SBOM",
         "DOWNLOAD": "Download SBOM",
         "Details": "SBOM details",
-        "STOP": "Stop SBOM",
+        "STOP": "Stop Generate SBOM",
         "TRIGGER_STOP_SUCCESS": "Trigger stopping SBOM generation successfully"
     },
     "VULNERABILITY": {
diff --git a/src/portal/src/i18n/lang/zh-tw-lang.json b/src/portal/src/i18n/lang/zh-tw-lang.json
index 3f5264bf6..1620c55ba 100644
--- a/src/portal/src/i18n/lang/zh-tw-lang.json
+++ b/src/portal/src/i18n/lang/zh-tw-lang.json
@@ -405,6 +405,7 @@
    "REPOSITORY": "Repository",
    "ARTIFACT": "Artifact",
    "SCAN": "Scan",
+   "SBOM": "SBOM",
    "TAG": "Tag",
    "ACCESSORY": "Accessory",
    "ARTIFACT_ADDITION": "Artifact Addition",
@@ -1058,7 +1059,7 @@
     "GENERATE": "Generate SBOM",
     "DOWNLOAD": "Download SBOM",
     "Details": "SBOM details",
-    "STOP": "Stop SBOM",
+    "STOP": "Stop Generate SBOM",
     "TRIGGER_STOP_SUCCESS": "Trigger stopping SBOM generation successfully"
 },
   "VULNERABILITY": {

From 9471f5d5a63644acedfb2fe72cf975bc6894a264 Mon Sep 17 00:00:00 2001
From: Shengwen YU <yshengwen@vmware.com>
Date: Fri, 26 Apr 2024 16:21:27 +0800
Subject: [PATCH 07/13] fix: update total permission count to 59 (#20352)

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
---
 tests/resources/Harbor-Pages/Project_Robot_Account.robot | 4 ++--
 tests/robot-cases/Group1-Nightly/Common.robot            | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/resources/Harbor-Pages/Project_Robot_Account.robot b/tests/resources/Harbor-Pages/Project_Robot_Account.robot
index cb30c0830..e5f3299dc 100644
--- a/tests/resources/Harbor-Pages/Project_Robot_Account.robot
+++ b/tests/resources/Harbor-Pages/Project_Robot_Account.robot
@@ -24,8 +24,8 @@ Create A Project Robot Account
     ${permission_count}=  Create Dictionary
     ${total}=  Set Variable  0
     IF  '${first_resource}' == 'all'
-        Set To Dictionary  ${permission_count}  all=56
-        ${total}=  Set Variable  56
+        Set To Dictionary  ${permission_count}  all=59
+        ${total}=  Set Variable  59
         Retry Element Click  //span[text()='Select all']
     ELSE
         FOR  ${item}  IN  @{resources}
diff --git a/tests/robot-cases/Group1-Nightly/Common.robot b/tests/robot-cases/Group1-Nightly/Common.robot
index 7730491e1..bcee6a16b 100644
--- a/tests/robot-cases/Group1-Nightly/Common.robot
+++ b/tests/robot-cases/Group1-Nightly/Common.robot
@@ -745,7 +745,7 @@ Test Case - System Robot Account
 
     ${robot_account_name}  ${token}=  Create A System Robot Account  sys2${d}  days  days=2  description=For testing  cover_all_project_resources=${true}
     Push image  ${ip}  '${robot_account_name}'  ${token}  project${d}  hello-world:latest
-    Retry Wait Element Visible  //clr-dg-row[.//clr-dg-cell[contains(.,'${robot_account_name}')] and .//clr-icon[contains(@class, 'color-green')] and .//span[text()='All projects with'] and .//button[text()=' 56 PERMISSION(S) '] and .//span[contains(.,'1d 23h')] and .//clr-dg-cell[text()='For testing'] and .//clr-dg-cell//span[text()=' None ']]
+    Retry Wait Element Visible  //clr-dg-row[.//clr-dg-cell[contains(.,'${robot_account_name}')] and .//clr-icon[contains(@class, 'color-green')] and .//span[text()='All projects with'] and .//button[text()=' 59 PERMISSION(S) '] and .//span[contains(.,'1d 23h')] and .//clr-dg-cell[text()='For testing'] and .//clr-dg-cell//span[text()=' None ']]
     Retry Action Keyword  Check System Robot Account API Permission  ${robot_account_name}  ${token}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  all  1
     Retry Action Keyword  Check Project Robot Account API Permission  ${robot_account_name}  ${token}  ${HARBOR_ADMIN}  ${HARBOR_PASSWORD}  ${project_id}  ${project_name}  hello-world  latest  all
     Close Browser

From fba4c40c65230477d83391a4bd5909557a0bfe67 Mon Sep 17 00:00:00 2001
From: "stonezdj(Daojun Zhang)" <stonezdj@gmail.com>
Date: Sat, 27 Apr 2024 09:56:30 +0800
Subject: [PATCH 08/13] Delete scan_report when accessory is removed (#20365)

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
---
 .../event/handler/internal/artifact.go        |  7 ++++++
 src/pkg/scan/dao/scan/report.go               | 14 +++++++++++
 src/pkg/scan/dao/scan/report_test.go          | 24 +++++++++++++++++--
 src/pkg/scan/report/manager.go                |  6 +++++
 src/testing/pkg/scan/report/manager.go        | 18 ++++++++++++++
 5 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/src/controller/event/handler/internal/artifact.go b/src/controller/event/handler/internal/artifact.go
index 9218db95a..0e9b3f5bb 100644
--- a/src/controller/event/handler/internal/artifact.go
+++ b/src/controller/event/handler/internal/artifact.go
@@ -24,6 +24,7 @@ import (
 	"time"
 
 	"github.com/goharbor/harbor/src/controller/artifact"
+	"github.com/goharbor/harbor/src/controller/artifact/processor/sbom"
 	"github.com/goharbor/harbor/src/controller/event"
 	"github.com/goharbor/harbor/src/controller/event/operator"
 	"github.com/goharbor/harbor/src/controller/repository"
@@ -36,6 +37,7 @@ import (
 	"github.com/goharbor/harbor/src/pkg"
 	pkgArt "github.com/goharbor/harbor/src/pkg/artifact"
 	"github.com/goharbor/harbor/src/pkg/scan/report"
+	v1 "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
 	"github.com/goharbor/harbor/src/pkg/task"
 )
 
@@ -319,6 +321,11 @@ func (a *ArtifactEventHandler) onDelete(ctx context.Context, event *event.Artifa
 		log.Errorf("failed to delete scan reports of artifact %v, error: %v", unrefDigests, err)
 	}
 
+	if event.Artifact.Type == sbom.ArtifactTypeSBOM && len(event.Artifact.Digest) > 0 {
+		if err := reportMgr.DeleteByExtraAttr(ctx, v1.MimeTypeSBOMReport, "sbom_digest", event.Artifact.Digest); err != nil {
+			log.Errorf("failed to delete scan reports of with sbom digest %v, error: %v", event.Artifact.Digest, err)
+		}
+	}
 	return nil
 }
 
diff --git a/src/pkg/scan/dao/scan/report.go b/src/pkg/scan/dao/scan/report.go
index f30b36ddb..8da0e67af 100644
--- a/src/pkg/scan/dao/scan/report.go
+++ b/src/pkg/scan/dao/scan/report.go
@@ -16,6 +16,7 @@ package scan
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/goharbor/harbor/src/lib/errors"
 	"github.com/goharbor/harbor/src/lib/orm"
@@ -38,6 +39,8 @@ type DAO interface {
 	UpdateReportData(ctx context.Context, uuid string, report string) error
 	// Update update report
 	Update(ctx context.Context, r *Report, cols ...string) error
+	// DeleteByExtraAttr delete the scan_report by mimeType and extra attribute
+	DeleteByExtraAttr(ctx context.Context, mimeType, attrName, attrValue string) error
 }
 
 // New returns an instance of the default DAO
@@ -110,3 +113,14 @@ func (d *dao) Update(ctx context.Context, r *Report, cols ...string) error {
 	}
 	return nil
 }
+
+func (d *dao) DeleteByExtraAttr(ctx context.Context, mimeType, attrName, attrValue string) error {
+	o, err := orm.FromContext(ctx)
+	if err != nil {
+		return err
+	}
+	delReportSQL := "delete from scan_report where mime_type = ? and report::jsonb @> ?"
+	dgstJSONStr := fmt.Sprintf(`{"%s":"%s"}`, attrName, attrValue)
+	_, err = o.Raw(delReportSQL, mimeType, dgstJSONStr).Exec()
+	return err
+}
diff --git a/src/pkg/scan/dao/scan/report_test.go b/src/pkg/scan/dao/scan/report_test.go
index ccda8e02b..ab4662289 100644
--- a/src/pkg/scan/dao/scan/report_test.go
+++ b/src/pkg/scan/dao/scan/report_test.go
@@ -53,14 +53,23 @@ func (suite *ReportTestSuite) SetupTest() {
 		RegistrationUUID: "ruuid",
 		MimeType:         v1.MimeTypeNativeReport,
 	}
-
 	suite.create(r)
+	sbomReport := &Report{
+		UUID:             "uuid3",
+		Digest:           "digest1003",
+		RegistrationUUID: "ruuid",
+		MimeType:         v1.MimeTypeSBOMReport,
+		Report:           `{"sbom_digest": "sha256:abc"}`,
+	}
+	suite.create(sbomReport)
 }
 
 // TearDownTest clears enf for test case.
 func (suite *ReportTestSuite) TearDownTest() {
 	_, err := suite.dao.DeleteMany(orm.Context(), q.Query{Keywords: q.KeyWords{"uuid": "uuid"}})
 	require.NoError(suite.T(), err)
+	_, err = suite.dao.DeleteMany(orm.Context(), q.Query{Keywords: q.KeyWords{"uuid": "uuid3"}})
+	require.NoError(suite.T(), err)
 }
 
 // TestReportList tests list reports with query parameters.
@@ -95,7 +104,7 @@ func (suite *ReportTestSuite) TestReportUpdateReportData() {
 	err := suite.dao.UpdateReportData(orm.Context(), "uuid", "{}")
 	suite.Require().NoError(err)
 
-	l, err := suite.dao.List(orm.Context(), nil)
+	l, err := suite.dao.List(orm.Context(), q.New(q.KeyWords{"uuid": "uuid"}))
 	suite.Require().NoError(err)
 	suite.Require().Equal(1, len(l))
 	suite.Equal("{}", l[0].Report)
@@ -104,6 +113,17 @@ func (suite *ReportTestSuite) TestReportUpdateReportData() {
 	suite.Require().NoError(err)
 }
 
+func (suite *ReportTestSuite) TestDeleteReportBySBOMDigest() {
+	l, err := suite.dao.List(orm.Context(), nil)
+	suite.Require().NoError(err)
+	suite.Equal(2, len(l))
+	err = suite.dao.DeleteByExtraAttr(orm.Context(), v1.MimeTypeSBOMReport, "sbom_digest", "sha256:abc")
+	suite.Require().NoError(err)
+	l2, err := suite.dao.List(orm.Context(), nil)
+	suite.Require().NoError(err)
+	suite.Equal(1, len(l2))
+}
+
 func (suite *ReportTestSuite) create(r *Report) {
 	id, err := suite.dao.Create(orm.Context(), r)
 	suite.Require().NoError(err)
diff --git a/src/pkg/scan/report/manager.go b/src/pkg/scan/report/manager.go
index fa6415ed0..3bc2de1f1 100644
--- a/src/pkg/scan/report/manager.go
+++ b/src/pkg/scan/report/manager.go
@@ -104,6 +104,8 @@ type Manager interface {
 
 	// Update update report information
 	Update(ctx context.Context, r *scan.Report, cols ...string) error
+	// DeleteByExtraAttr delete scan_report by sbom_digest
+	DeleteByExtraAttr(ctx context.Context, mimeType, attrName, attrValue string) error
 }
 
 // basicManager is a default implementation of report manager.
@@ -226,3 +228,7 @@ func (bm *basicManager) List(ctx context.Context, query *q.Query) ([]*scan.Repor
 func (bm *basicManager) Update(ctx context.Context, r *scan.Report, cols ...string) error {
 	return bm.dao.Update(ctx, r, cols...)
 }
+
+func (bm *basicManager) DeleteByExtraAttr(ctx context.Context, mimeType, attrName, attrValue string) error {
+	return bm.dao.DeleteByExtraAttr(ctx, mimeType, attrName, attrValue)
+}
diff --git a/src/testing/pkg/scan/report/manager.go b/src/testing/pkg/scan/report/manager.go
index 4a50114f4..046ac253e 100644
--- a/src/testing/pkg/scan/report/manager.go
+++ b/src/testing/pkg/scan/report/manager.go
@@ -87,6 +87,24 @@ func (_m *Manager) DeleteByDigests(ctx context.Context, digests ...string) error
 	return r0
 }
 
+// DeleteByExtraAttr provides a mock function with given fields: ctx, mimeType, attrName, attrValue
+func (_m *Manager) DeleteByExtraAttr(ctx context.Context, mimeType string, attrName string, attrValue string) error {
+	ret := _m.Called(ctx, mimeType, attrName, attrValue)
+
+	if len(ret) == 0 {
+		panic("no return value specified for DeleteByExtraAttr")
+	}
+
+	var r0 error
+	if rf, ok := ret.Get(0).(func(context.Context, string, string, string) error); ok {
+		r0 = rf(ctx, mimeType, attrName, attrValue)
+	} else {
+		r0 = ret.Error(0)
+	}
+
+	return r0
+}
+
 // GetBy provides a mock function with given fields: ctx, digest, registrationUUID, mimeTypes
 func (_m *Manager) GetBy(ctx context.Context, digest string, registrationUUID string, mimeTypes []string) ([]*scan.Report, error) {
 	ret := _m.Called(ctx, digest, registrationUUID, mimeTypes)

From d7ab8254cc97414b39d841839dddc33868ac2899 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 28 Apr 2024 15:47:57 +0800
Subject: [PATCH 09/13] Bump golang.org/x/net from 0.22.0 to 0.24.0 in /src
 (#20318)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.24.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
---
 src/go.mod |  8 ++++----
 src/go.sum | 19 ++++++++-----------
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/src/go.mod b/src/go.mod
index 9960d620e..6548e6ddf 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -63,8 +63,8 @@ require (
 	go.opentelemetry.io/otel/sdk v1.24.0
 	go.opentelemetry.io/otel/trace v1.24.0
 	go.uber.org/ratelimit v0.3.1
-	golang.org/x/crypto v0.21.0
-	golang.org/x/net v0.22.0
+	golang.org/x/crypto v0.22.0
+	golang.org/x/net v0.24.0
 	golang.org/x/oauth2 v0.19.0
 	golang.org/x/sync v0.6.0
 	golang.org/x/text v0.14.0
@@ -171,8 +171,8 @@ require (
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.19.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/term v0.19.0 // indirect
 	google.golang.org/api v0.149.0 // indirect
 	google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
diff --git a/src/go.sum b/src/go.sum
index 077b14bcf..b13594609 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -702,9 +702,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -758,8 +757,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -817,18 +816,16 @@ golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

From 7306f6d7d9ce4afce24258a057647c961d38c49d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 28 Apr 2024 17:32:58 +0800
Subject: [PATCH 10/13] Bump github.com/golang-migrate/migrate/v4 from 4.16.2
 to 4.17.1 in /src (#20317)

Bumps [github.com/golang-migrate/migrate/v4](https://github.com/golang-migrate/migrate) from 4.16.2 to 4.17.1.
- [Release notes](https://github.com/golang-migrate/migrate/releases)
- [Changelog](https://github.com/golang-migrate/migrate/blob/master/.goreleaser.yml)
- [Commits](https://github.com/golang-migrate/migrate/compare/v4.16.2...v4.17.1)

---
updated-dependencies:
- dependency-name: github.com/golang-migrate/migrate/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
---
 src/go.mod |  5 +++--
 src/go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/go.mod b/src/go.mod
index 6548e6ddf..43689f847 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/gocarina/gocsv v0.0.0-20210516172204-ca9e8a8ddea8
 	github.com/gocraft/work v0.5.1
 	github.com/golang-jwt/jwt/v5 v5.2.0
-	github.com/golang-migrate/migrate/v4 v4.16.2
+	github.com/golang-migrate/migrate/v4 v4.17.1
 	github.com/gomodule/redigo v2.0.0+incompatible
 	github.com/google/go-containerregistry v0.19.0
 	github.com/google/uuid v1.6.0
@@ -136,6 +136,7 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
+	github.com/lib/pq v1.10.9 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
@@ -173,7 +174,7 @@ require (
 	go.uber.org/zap v1.19.0 // indirect
 	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/term v0.19.0 // indirect
-	google.golang.org/api v0.149.0 // indirect
+	google.golang.org/api v0.150.0 // indirect
 	google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
diff --git a/src/go.sum b/src/go.sum
index b13594609..65b6e2e20 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -130,8 +130,8 @@ github.com/dghubble/sling v1.1.0/go.mod h1:ZcPRuLm0qrcULW2gOrjXrAWgf76sahqSyxXyV
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/dhui/dktest v0.3.16 h1:i6gq2YQEtcrjKbeJpBkWjE8MmLZPYllcjOFbTZuPDnw=
-github.com/dhui/dktest v0.3.16/go.mod h1:gYaA3LRmM8Z4vJl2MA0THIigJoZrwOansEOsp+kqxp0=
+github.com/dhui/dktest v0.4.1 h1:/w+IWuDXVymg3IrRJCHHOkMK10m9aNVMOyD0X12YVTg=
+github.com/dhui/dktest v0.4.1/go.mod h1:DdOqcUpL7vgyP4GlF3X3w7HbSlz8cEQzwewPveYEQbA=
 github.com/distribution/distribution v2.8.2+incompatible h1:k9+4DKdOG+quPFZXT/mUsiQrGu9vYCp+dXpuPkuqhk8=
 github.com/distribution/distribution v2.8.2+incompatible/go.mod h1:EgLm2NgWtdKgzF9NpMzUKgzmR7AMmb0VQi2B+ZzDRjc=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -240,8 +240,8 @@ github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQA
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
 github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
-github.com/golang-migrate/migrate/v4 v4.16.2 h1:8coYbMKUyInrFk1lfGfRovTLAW7PhWp8qQDT2iKfuoA=
-github.com/golang-migrate/migrate/v4 v4.16.2/go.mod h1:pfcJX4nPHaVdc5nmdCikFBWtm+UBpiZjRNNsyBbp0/o=
+github.com/golang-migrate/migrate/v4 v4.17.1 h1:4zQ6iqL6t6AiItphxJctQb3cFqWiSpMnX7wLTPnnYO4=
+github.com/golang-migrate/migrate/v4 v4.17.1/go.mod h1:m8hinFyWBn0SA4QKHuKh175Pm9wjmxj3S2Mia7dbXzM=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@@ -729,8 +729,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
+golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

From 01a28dc66d397271045f9dadc62d2e02f7575685 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Apr 2024 10:19:48 +0800
Subject: [PATCH 11/13] Bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.26.0
 in /src (#20370)

Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
---
 src/go.mod | 12 ++++++------
 src/go.sum | 23 ++++++++++++-----------
 2 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/src/go.mod b/src/go.mod
index 43689f847..0cdb14d6b 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -51,17 +51,17 @@ require (
 	github.com/prometheus/client_golang v1.17.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/spf13/viper v1.8.1
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/tencentcloud/tencentcloud-sdk-go v3.0.233+incompatible
 	github.com/vmihailenco/msgpack/v5 v5.4.1
 	github.com/volcengine/volcengine-go-sdk v1.0.97
 	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.46.1
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0
-	go.opentelemetry.io/otel v1.24.0
+	go.opentelemetry.io/otel v1.26.0
 	go.opentelemetry.io/otel/exporters/jaeger v1.0.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0
-	go.opentelemetry.io/otel/sdk v1.24.0
-	go.opentelemetry.io/otel/trace v1.24.0
+	go.opentelemetry.io/otel/sdk v1.26.0
+	go.opentelemetry.io/otel/trace v1.26.0
 	go.uber.org/ratelimit v0.3.1
 	golang.org/x/crypto v0.22.0
 	golang.org/x/net v0.24.0
@@ -160,14 +160,14 @@ require (
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
 	github.com/vbatts/tar-split v0.11.3 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/volcengine/volc-sdk-golang v1.0.23 // indirect
 	go.mongodb.org/mongo-driver v1.13.1 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0 // indirect
-	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.26.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.1.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
diff --git a/src/go.sum b/src/go.sum
index 65b6e2e20..031180b6c 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -592,8 +592,9 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -603,8 +604,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tencentcloud/tencentcloud-sdk-go v3.0.233+incompatible h1:q+D/Y9jla3afgsIihtyhwyl0c2W+eRWNM9ohVwPiiPw=
@@ -646,22 +647,22 @@ go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.46
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q=
 go.opentelemetry.io/otel v1.0.0/go.mod h1:AjRVh9A5/5DE7S+mZtTR6t8vpKKryam+0lREnfmS4cg=
-go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
-go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
+go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs=
+go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4=
 go.opentelemetry.io/otel/exporters/jaeger v1.0.0 h1:cLhx8llHw02h5JTqGqaRbYn+QVKHmrzD9vEbKnSPk5U=
 go.opentelemetry.io/otel/exporters/jaeger v1.0.0/go.mod h1:q10N1AolE1JjqKrFJK2tYw0iZpmX+HBaXBtuCzRnBGQ=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0 h1:t6wl9SPayj+c7lEIFgm4ooDBZVb01IhLB4InpomhRw8=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0/go.mod h1:iSDOcsnSA5INXzZtwaBPrKp/lWu/V14Dd+llD0oI2EA=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 h1:Xw8U6u2f8DK2XAkGRFV7BBLENgnTGX9i4rQRxJf+/vs=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0/go.mod h1:6KW1Fm6R/s6Z3PGXwSJN2K4eT6wQB3vXX6CVnYX9NmM=
-go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
-go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
+go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30=
+go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4=
 go.opentelemetry.io/otel/sdk v1.0.0/go.mod h1:PCrDHlSy5x1kjezSdL37PhbFUMjrsLRshJ2zCzeXwbM=
-go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
-go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
+go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8=
+go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs=
 go.opentelemetry.io/otel/trace v1.0.0/go.mod h1:PXTWqayeFUlJV1YDNhsJYB184+IvAH814St6o6ajzIs=
-go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
-go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA=
+go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0=
 go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI=
 go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=

From 1146cbeca1ace85c0e6b9b3e3698800f5b0bda25 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Apr 2024 12:49:55 +0800
Subject: [PATCH 12/13] Bump github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0
 in /src (#20316)

Bumps [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff) from 4.2.1 to 4.3.0.
- [Commits](https://github.com/cenkalti/backoff/compare/v4.2.1...v4.3.0)

---
updated-dependencies:
- dependency-name: github.com/cenkalti/backoff/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
---
 src/go.mod | 2 +-
 src/go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/go.mod b/src/go.mod
index 0cdb14d6b..339f2218a 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/beego/i18n v0.0.0-20140604031826-e87155e8f0c0
 	github.com/bmatcuk/doublestar v1.3.4
 	github.com/casbin/casbin v1.9.1
-	github.com/cenkalti/backoff/v4 v4.2.1
+	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/cloudevents/sdk-go/v2 v2.15.2
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/dghubble/sling v1.1.0
diff --git a/src/go.sum b/src/go.sum
index 031180b6c..41698d635 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -96,8 +96,8 @@ github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQ
 github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
 github.com/casbin/casbin v1.9.1 h1:ucjbS5zTrmSLtH4XogqOG920Poe6QatdXtz1FEbApeM=
 github.com/casbin/casbin v1.9.1/go.mod h1:z8uPsfBJGUsnkagrt3G8QvjgTKFMBJ32UP8HpZllfog=
-github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
-github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=

From bc3e47f0fe56938db8e5ff389705dfac66d3ce9b Mon Sep 17 00:00:00 2001
From: Shengwen YU <yshengwen@vmware.com>
Date: Mon, 29 Apr 2024 13:39:27 +0800
Subject: [PATCH 13/13] fix: update stop scan tc (#20369)

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
---
 tests/resources/Harbor-Pages/Project-Repository.robot | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/resources/Harbor-Pages/Project-Repository.robot b/tests/resources/Harbor-Pages/Project-Repository.robot
index ab000f87a..04c0b355b 100644
--- a/tests/resources/Harbor-Pages/Project-Repository.robot
+++ b/tests/resources/Harbor-Pages/Project-Repository.robot
@@ -37,6 +37,7 @@ Scan Artifact
     Retry Element Click  ${scan_artifact_btn}
 
 Stop Scan Artifact
+    Retry Element Click  ${artifact_action_xpath}
     Retry Element Click  ${stop_scan_artifact_btn}
 
 Check Scan Artifact Job Status Is Stopped