Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-28 13:15:33 +01:00
Code Issues Projects Releases Wiki Activity

feat: enable configuration of skip_java_db_update (#19996)

Browse Source 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
This commit is contained in:
Shengwen YU 2024-02-21 10:13:52 +08:00 committed by GitHub
parent 0e580836bb
commit bca9b14bbf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -104,8 +104,8 @@ PREPARE_VERSION_NAME=versions
#versions #versions
REGISTRYVERSION=v2.8.3-patch-redis REGISTRYVERSION=v2.8.3-patch-redis
TRIVYVERSION=v0.47.0 TRIVYVERSION=v0.49.1
TRIVYADAPTERVERSION=v0.30.19 TRIVYADAPTERVERSION=v0.30.22
# version of registry for pulling the source code # version of registry for pulling the source code
REGISTRY_SRC_TAG=v2.8.3 REGISTRY_SRC_TAG=v2.8.3

4
make/harbor.yml.tmpl
View File

@ -97,6 +97,10 @@ trivy:
# `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path. # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
skip_update: false skip_update: false
# #
# skipJavaDBUpdate If the flag is enabled you have to manually download the `trivy-java.db` file and mount it in the
# `/home/scanner/.cache/trivy/java-db/trivy-java.db` path
skip_java_db_update: false
#
# The offline_scan option prevents Trivy from sending API requests to identify dependencies. # The offline_scan option prevents Trivy from sending API requests to identify dependencies.
# Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it. # Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.
# For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't # For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't

1
make/photon/prepare/templates/trivy-adapter/env.jinja
View File

@ -10,6 +10,7 @@ SCANNER_TRIVY_VULN_TYPE=os,library
SCANNER_TRIVY_SEVERITY=UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL SCANNER_TRIVY_SEVERITY=UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
SCANNER_TRIVY_IGNORE_UNFIXED={{trivy_ignore_unfixed}} SCANNER_TRIVY_IGNORE_UNFIXED={{trivy_ignore_unfixed}}
SCANNER_TRIVY_SKIP_UPDATE={{trivy_skip_update}} SCANNER_TRIVY_SKIP_UPDATE={{trivy_skip_update}}
SCANNER_TRIVY_SKIP_JAVA_DB_UPDATE={{trivy_skip_java_db_update}}
SCANNER_TRIVY_OFFLINE_SCAN={{trivy_offline_scan}} SCANNER_TRIVY_OFFLINE_SCAN={{trivy_offline_scan}}
SCANNER_TRIVY_SECURITY_CHECKS={{trivy_security_check}} SCANNER_TRIVY_SECURITY_CHECKS={{trivy_security_check}}
SCANNER_TRIVY_GITHUB_TOKEN={{trivy_github_token}} SCANNER_TRIVY_GITHUB_TOKEN={{trivy_github_token}}

1
make/photon/prepare/utils/configs.py
View File

@ -212,6 +212,7 @@ def parse_yaml_config(config_file_path, with_trivy):
trivy_configs = configs.get("trivy") or {} trivy_configs = configs.get("trivy") or {}
config_dict['trivy_github_token'] = trivy_configs.get("github_token") or '' config_dict['trivy_github_token'] = trivy_configs.get("github_token") or ''
config_dict['trivy_skip_update'] = trivy_configs.get("skip_update") or False config_dict['trivy_skip_update'] = trivy_configs.get("skip_update") or False
config_dict['trivy_skip_java_db_update'] = trivy_configs.get("skip_java_db_update") or False
config_dict['trivy_offline_scan'] = trivy_configs.get("offline_scan") or False config_dict['trivy_offline_scan'] = trivy_configs.get("offline_scan") or False
config_dict['trivy_security_check'] = trivy_configs.get("security_check") or 'vuln' config_dict['trivy_security_check'] = trivy_configs.get("security_check") or 'vuln'
config_dict['trivy_ignore_unfixed'] = trivy_configs.get("ignore_unfixed") or False config_dict['trivy_ignore_unfixed'] = trivy_configs.get("ignore_unfixed") or False