Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-22 02:05:41 +01:00
Code Issues Projects Releases Wiki Activity
12,133 Commits 54 Branches 317 Tags 352 MiB
115827cac7
Commit Graph

12133 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lichao Xue
115827cac7
Fixes-20537 SBOM tab should not exist when the artifact is helm package (#20538) 
Fixes-20537 SBOM tab should not exist when the artifact is oci-compliant helm-chart

Signed-off-by: xuelichao <xuel@vmware.com>
 2024-06-03 19:44:38 +08:00
stonezdj(Daojun Zhang)
74f4a358f8
No sbom_overview when sbom is deleted (#20533) 
fixes #20529

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-06-03 13:38:30 +08:00
stonezdj(Daojun Zhang)
30767f6612
Response an error message when there is incomplete sbom generate job (#20526) 
Response an error message when there is uncomplete sbom generate job

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
 2024-05-31 17:20:53 +08:00
Wang Yan
7645ec7ccc
fix http client to push sbom accessory (#20525) 
Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-31 16:43:13 +08:00
Wang Yan
d8475906ba
fix 20518 (#20521) 
fixes #20518
Since there is no report for the replicated artifact, update to use the artifact id to remove accessories.

Signed-off-by: wang yan <wangyan@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-30 19:50:03 +08:00
Lichao Xue
1a36a95a2b
Fix UI bugs - Pagination is missing on tag immutability rules (#20501) 
Fix UI bugs- Pagination is missing on tag immutability rules

Signed-off-by: xuelichao <xuel@vmware.com>
 2024-05-30 18:18:57 +08:00
Wang Yan
8bc76a6548
tls support for pushing sbom (#20514) 
Make it supports the tls configuration for the client for pushing sbom object

Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-30 13:40:37 +08:00
stonezdj(Daojun Zhang)
05c1c2825f
Fix tooltip issue related to SBOM.Details (#20510) 
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-30 03:35:04 +00:00
Wang Yan
7339bfa9b0
Fix multiple SBOM (#20503) 
fix 20496

fixes #20496

Harbor will reserve one SBOM accessory artifact for each subject artifact. Ensure all existing SBOMs are removed before generating the next set.

Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-29 18:25:26 +08:00
stonezdj(Daojun Zhang)
6d782ae695
Separate the execution vendor type sbom from image_scan (#20504) 
Add vendor type SBOM for execution
  fixes #20495

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-29 15:45:28 +08:00
stonezdj(Daojun Zhang)
1f0c8289a5
Add sbom_report table to store sbom related information (#20473) 
fixes #20445
  Refactor scan/base_controller.go
  Move MakeReportPlaceholder, GetReportPlaceholder, GetSummary to vul and sbom scanHandler

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-24 08:48:55 +00:00
dependabot[bot]
0a4c31682a
chore(deps): bump github.com/go-openapi/swag from 0.22.7 to 0.23.0 in /src (#20453) 
chore(deps): bump github.com/go-openapi/swag in /src

Bumps [github.com/go-openapi/swag](https://github.com/go-openapi/swag) from 0.22.7 to 0.23.0.
- [Commits](https://github.com/go-openapi/swag/compare/v0.22.7...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/swag
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-23 16:07:20 +08:00
dependabot[bot]
8bb7586b0b
chore(deps): bump github.com/prometheus/client_golang from 1.17.0 to 1.19.1 in /src (#20451) 
chore(deps): bump github.com/prometheus/client_golang in /src

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.17.0 to 1.19.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.17.0...v1.19.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-23 15:19:09 +08:00
dependabot[bot]
00b5725edd
chore(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 in /src (#20455) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-23 14:38:43 +08:00
Lichao Xue
3352a72b7a
Fix - 20469 sbom status and download issue (#20471) 
Fix sbom status and download issue

Signed-off-by: xuelichao <xuel@vmware.com>
 2024-05-23 13:23:45 +08:00
Shengwen YU
2f4fa29537
Bump up trivy version to v0.51.2, trivyadapter to v0.31.2 (#20450) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-05-21 18:37:06 +08:00
Lichao Xue
3875b1ac1d
Fix-20459 Wrong sbom status displayed in UI (#20460) 
Signed-off-by: xuelichao <xuel@vmware.com>
 2024-05-21 17:55:46 +08:00
Lichao Xue
be839e677c
fix ui test failure (#20441) 
Signed-off-by: xuelichao <xuel@vmware.com>
 2024-05-20 15:42:42 +08:00
Lichao Xue
840d4085f0
Fix and Should to display Unsupported if no SBOM accessories found (#20426) 
Should this be Unsupported either for SBOM

Signed-off-by: xuelichao <xuel@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-16 17:40:42 +08:00
stonezdj(Daojun Zhang)
8ccf98a2ac
Initialize execution Manager in Report Assembler (#20437) 
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-16 16:08:06 +08:00
MinerYang
2da4d5883f
bump golang 1.22.3 (#20433) 
* bump golang 1.22.3

Signed-off-by: yminer <yminer@vmware.com>

* debug api_common_install.sh

Signed-off-by: yminer <yminer@vmware.com>

* remove set DNS for docker v20

Signed-off-by: yminer <yminer@vmware.com>

---------

Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
 2024-05-16 14:32:59 +08:00
stonezdj(Daojun Zhang)
2b4fe6ced7
Add additional link for sboms (#20423) 
artifact object's addition_links has sboms item when it support to generate sbom
  fixes #20346

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-15 13:34:22 +00:00
stonezdj(Daojun Zhang)
df5b3618c7
Display status in sbom_overview for image index (#20425) 
fixes #20418

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-15 11:52:39 +00:00
Shengwen YU
bb6c7242a4
add membership=true back for gitlab replication adapter (#20400) 
fix: add membership=true back for gitlab replication adapter

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-05-15 10:38:01 +00:00
dependabot[bot]
0fc87eaf35
chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 in /src (#20396) 
chore(deps): bump github.com/go-openapi/strfmt in /src

Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-15 09:11:11 +00:00
dependabot[bot]
372102c824
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.46.1 to 0.51.0 in /src (#20394) 
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux

Bumps [go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.46.1 to 0.51.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.46.1...zpages/v0.51.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
 2024-05-15 08:33:53 +00:00
dependabot[bot]
34dfbfd6bd
chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.0 to 5.2.1 in /src (#20397) 
chore(deps): bump github.com/golang-jwt/jwt/v5 in /src

Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
 2024-05-15 15:57:04 +08:00
Wang Yan
2977fec006
fix issue 19928 (#20409) 
* fix issue 19928

it needs to consider the user who is in any group that has been granted with the project admin role.

Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-15 13:07:30 +08:00
stonezdj(Daojun Zhang)
232f9ba7ea
Skip scan in-toto sbom artifact (#20415) 
fixes #20337

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
 2024-05-13 17:12:04 +08:00
Wang Yan
65e266fecf
fix issue 20407 (#20416) 
fixes #20407
It needs to specify the insecure option on parsing the reference

Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-13 14:44:51 +08:00
MinerYang
068ae006fe
Update scan job request log for enabled_capabilities (#20414) 
update scan job request log

Signed-off-by: yminer <yminer@vmware.com>
 2024-05-10 17:17:47 +08:00
Shengwen YU
beb5f3f7cb
fix: enale stop_scan for ci (#20378) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-05-06 17:35:40 +08:00
Shengwen YU
33966fbc79
fix update TRIVYVERSION=v0.50.4 & TRIVYADAPTERVERSION=v0.31.1 (#20390) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-05-06 16:59:31 +08:00
dependabot[bot]
c4409c053b
Bump helm.sh/helm/v3 from 3.14.2 to 3.14.4 in /src (#20373) 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.4.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.4)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 15:49:37 +08:00
dependabot[bot]
1ef61995b8
Bump github.com/go-asn1-ber/asn1-ber from 1.5.5 to 1.5.6 in /src (#20372) 
Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber) from 1.5.5 to 1.5.6.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases)
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.5...v1.5.6)

---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 14:45:37 +08:00
dependabot[bot]
34cb462cd9
Bump github.com/gorilla/csrf from 1.6.2 to 1.7.2 in /src (#20376) 
Bumps [github.com/gorilla/csrf](https://github.com/gorilla/csrf) from 1.6.2 to 1.7.2.
- [Release notes](https://github.com/gorilla/csrf/releases)
- [Commits](https://github.com/gorilla/csrf/compare/v1.6.2...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/gorilla/csrf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 14:08:10 +08:00
dependabot[bot]
132c389216
Bump k8s.io/api from 0.29.3 to 0.30.0 in /src (#20375) 
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.29.3 to 0.30.0.
- [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.0)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 13:18:42 +08:00
dependabot[bot]
50dc773a5a
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.26.0 in /src (#20374) 
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 10:53:35 +08:00
stonezdj(Daojun Zhang)
8431c9c30a
Rename harbor.sbom to sbom.harbor (#20359) 
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-02 23:48:07 +00:00
MinerYang
d01dfd450a
do not delete accessory relationship while still referenced (#20360) 
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
 2024-04-30 01:18:09 +00:00
stonezdj(Daojun Zhang)
d154c27362
Add scan type in webhook event (#20363) 
fixes #20331

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-04-29 13:51:09 +00:00
Lichao Xue
9b5dd7951e
Fix UI sbom status not updated to grid item after job done (#20368) 
Fix UI sbom status not updated after job done

Signed-off-by: xuelichao <xuel@vmware.com>
 2024-04-29 17:26:01 +08:00
Shengwen YU
bc3e47f0fe
fix: update stop scan tc (#20369) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-04-29 13:39:27 +08:00
dependabot[bot]
1146cbeca1
Bump github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0 in /src (#20316) 
Bumps [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff) from 4.2.1 to 4.3.0.
- [Commits](https://github.com/cenkalti/backoff/compare/v4.2.1...v4.3.0)

---
updated-dependencies:
- dependency-name: github.com/cenkalti/backoff/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-04-29 12:49:55 +08:00
dependabot[bot]
01a28dc66d
Bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.26.0 in /src (#20370) 
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-04-29 10:19:48 +08:00
dependabot[bot]
7306f6d7d9
Bump github.com/golang-migrate/migrate/v4 from 4.16.2 to 4.17.1 in /src (#20317) 
Bumps [github.com/golang-migrate/migrate/v4](https://github.com/golang-migrate/migrate) from 4.16.2 to 4.17.1.
- [Release notes](https://github.com/golang-migrate/migrate/releases)
- [Changelog](https://github.com/golang-migrate/migrate/blob/master/.goreleaser.yml)
- [Commits](https://github.com/golang-migrate/migrate/compare/v4.16.2...v4.17.1)

---
updated-dependencies:
- dependency-name: github.com/golang-migrate/migrate/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-04-28 17:32:58 +08:00
dependabot[bot]
d7ab8254cc
Bump golang.org/x/net from 0.22.0 to 0.24.0 in /src (#20318) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.24.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-04-28 15:47:57 +08:00
stonezdj(Daojun Zhang)
fba4c40c65
Delete scan_report when accessory is removed (#20365) 
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-04-27 01:56:30 +00:00
Shengwen YU
9471f5d5a6
fix: update total permission count to 59 (#20352) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-04-26 08:21:27 +00:00
Lichao Xue
dee73a44f3
Fix UI bugs (#20364) 
Signed-off-by: xuelichao <xuel@vmware.com>
 2024-04-26 06:56:23 +00:00