mirror of
https://github.com/goharbor/harbor.git
synced 2024-10-31 23:59:32 +01:00
Adding CVE whitelists
This commit is contained in:
parent
4738d94c54
commit
d6c7fc185d
@ -40,10 +40,11 @@ This section describes how to use and maintain Harbor after deployment. These da
|
||||
- [Create Replication Rules](administration/configuring_replication/create_replication_rules.md)
|
||||
- [Manage Replications](administration/configuring_replication/manage_replications.md)
|
||||
- [Vulnerability Scanning with Clair](administration/vulnerability_scanning/_index.md)
|
||||
- [Scan an Individual Image](scan_individual_image.md)
|
||||
- [Scan All Images](scan_all_images.md)
|
||||
- [Schedule Scans](schedule_scans.md)
|
||||
- [Import Vulnerability Data to an Offline Harbor instance](import_vulnerability_data.md)
|
||||
- [Scan an Individual Image](administration/vulnerability_scanning/scan_individual_image.md)
|
||||
- [Scan All Images](administration/vulnerability_scanning/scan_all_images.md)
|
||||
- [Schedule Scans](administration/vulnerability_scanning/schedule_scans.md)
|
||||
- [Import Vulnerability Data to an Offline Harbor instance](administration/vulnerability_scanning/import_vulnerability_data.md)
|
||||
- [Configure System-Wide CVE Whitelists](administration/vulnerability_scanning/configire_system_whitelist.md)
|
||||
- [Garbage Collection](administration/garbage_collection/_index.md)
|
||||
- [Upgrading Harbor](administration/upgrade/_index.md)
|
||||
- [Upgrade Harbor and Migrate Data](administration/upgrade/upgrade_migrate_data.md)
|
||||
@ -56,7 +57,7 @@ This section describes how to use and maintain Harbor after deployment. These da
|
||||
|
||||
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects.
|
||||
|
||||
- [](working_with_projects/)
|
||||
- [Configure a Per-Project CVE Whitelist](working_with_projects/configure_project_whitelist.md)
|
||||
- [](working_with_projects/)
|
||||
- [](working_with_projects/)
|
||||
- [](working_with_projects/)
|
||||
|
@ -7,6 +7,7 @@ Static analysis of vulnerabilities is provided through open source project [Clai
|
||||
- [Scan an Individual Image](scan_individual_image.md)
|
||||
- [Scan All Images](scan_all_images.md)
|
||||
- [Schedule Scans](schedule_scans.md)
|
||||
- [Configure System-Wide CVE Whitelists](configire_system_whitelist.md)
|
||||
|
||||
**Vulnerability metadata**
|
||||
|
||||
|
@ -0,0 +1,23 @@
|
||||
# Configure System-Wide CVE Whitelists
|
||||
|
||||
When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning.
|
||||
|
||||
You can set a system-wide CVE whitelist or you can set CVE whitelists on a per-project basis.
|
||||
|
||||
System-wide CVE whitelists apply to all of the projects in a Harbor instance.
|
||||
|
||||
1. Go to **Configuration** > **System Settings**.
|
||||
1. Under **Deployment security**, click **Add**.
|
||||
![System-wide CVE whitelist](../img/cve-whitelist1.png)
|
||||
1. Enter the list of CVE IDs to ignore during vulnerability scanning.
|
||||
![Add system CVE whitelist](../img/cve-whitelist2.png)
|
||||
|
||||
Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
|
||||
1. Click **Add** at the bottom of the window to add the list.
|
||||
1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the whitelist.
|
||||
![Add system CVEs](../img/cve-whitelist3.png)
|
||||
1. Click **Save** at the bottom of the page to save your settings.
|
||||
|
||||
After you have created a system whitelist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system whitelist.
|
||||
|
||||
![Add and remove system CVEs](../img/cve-whitelist4.png)
|
@ -1,32 +1,8 @@
|
||||
# Configuring CVE Whitelists
|
||||
# Configure a Per-Project CVE Whitelist
|
||||
|
||||
When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning.
|
||||
When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. You can create whitelists of CVEs to ignore during vulnerability scanning.
|
||||
|
||||
You can set a system-wide CVE whitelist or you can set CVE whitelists on a per-project basis.
|
||||
|
||||
### Configure a System-Wide CVE Whitelist
|
||||
|
||||
System-wide CVE whitelists apply to all of the projects in a Harbor instance.
|
||||
|
||||
1. Go to **Configuration** > **System Settings**.
|
||||
1. Under **Deployment security**, click **Add**.
|
||||
![System-wide CVE whitelist](../img/cve-whitelist1.png)
|
||||
1. Enter the list of CVE IDs to ignore during vulnerability scanning.
|
||||
![Add system CVE whitelist](../img/cve-whitelist2.png)
|
||||
|
||||
Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
|
||||
1. Click **Add** at the bottom of the window to add the list.
|
||||
1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the whitelist.
|
||||
![Add system CVEs](../img/cve-whitelist3.png)
|
||||
1. Click **Save** at the bottom of the page to save your settings.
|
||||
|
||||
After you have created a system whitelist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system whitelist.
|
||||
|
||||
![Add and remove system CVEs](../img/cve-whitelist4.png)
|
||||
|
||||
### Configure a Per-Project CVE Whitelist
|
||||
|
||||
By default, the system whitelist is applied to all projects. You can configure different CVE whitelists for individual projects, that override the system whitelist.
|
||||
Harbor administrators can set a system-wide CVE whitelist. By default, the system whitelist is applied to all projects. Project administrators can configure different CVE whitelists for individual projects, that override the system whitelist.
|
||||
|
||||
1. Go to **Projects**, select a project, and select **Configuration**.
|
||||
1. Under **CVE whitelist**, select **Project whitelist**.
|
Loading…
Reference in New Issue
Block a user