1. Prevent the pull action when scan report status is not successfuly.
2. Bypass the checking when no vulnerabilities not found.
3. Improve the returned message when prevented the pull action.
Closes#11202
Signed-off-by: He Weiwei <hweiwei@vmware.com>
Fixes#11016
1. src/pkg/q->src/internal/q
2. src/internal->src/lib (internal is a reserved package name of golang)
3. src/api->src/controller
Signed-off-by: Wenkai Yin <yinw@vmware.com>
1. Skip vulnerability prevention checking when artifact is not
scannable.
2. Skip vulnerability prevention checking when artifact is image index
and its type is `IMAGE` or `CNAB`.
3. Skip vulnerability prevention checking when the artifact is pulling
by the scanner.
4. Change `hasCapability` from blacklist to whitelist.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
To avoid depedency loop, this commit moves the model of ArtifactInfo to
internal pacakge, so that a controller can it from context when needed.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Scanner uses the robot account to pull image and scan, the policy checker should bypass the
pull action even the policy enabled, otherwise the scan job will fail.
Signed-off-by: wang yan <wangyan@vmware.com>
Remove it since we don's use bearer token as the registry token and the skipper of scanner pull will
be covered in the robot account access scope.
Signed-off-by: wang yan <wangyan@vmware.com>
This commit gets rid of middleware info middleware, and make artifact
info the single source of truth in terms of the artifact a request
handles. Fixes#10574
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
* refactor(scan,scanner): move scan and scanner controllers to api pkg
Signed-off-by: He Weiwei <hweiwei@vmware.com>
* feat(scan-all-job): move artifacts query from job to notification
Move artifact query from scan all job to its notification handler to
ensure that the components in pkg will not call controllers in api.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
