stonezdj(Daojun Zhang)
5a069939d4
[cherry-pick] Use internal registry url to push artifact accessory ( #20581 )
...
Use internal registry url to push artifact accessory
fixes #20565
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-13 22:12:43 +08:00
stonezdj(Daojun Zhang)
70255684c5
[cherry-pick] Adjust the query by UUID sql so that it can use the idx_task_extra_at… ( #20546 )
...
Adjust the query by UUID sql so that it can use the idx_task_extra_attrs_report_uuids
fixes #20505
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-04 18:29:53 +08:00
Lichao Xue
81fcc0a4eb
Fixes-20537 SBOM tab should not exist when the artifact is helm package ( #20539 )
...
Fixes-20537 SBOM tab should not exist when the artifact is helm package #20538
Signed-off-by: xuelichao <xuel@vmware.com>
2024-06-03 19:45:02 +08:00
stonezdj(Daojun Zhang)
2b271701b0
[cherry-pick] No sbom_overview when sbom is deleted ( #20534 )
...
No sbom_overview when sbom is deleted
fixes #20529
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-03 13:38:23 +08:00
stonezdj(Daojun Zhang)
33de1ad805
[cherry-pick] Response an error message when there is incomplete sbom generate job ( #20527 )
...
Response an error message when there is incomplete sbom generate job
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-31 16:23:06 +08:00
Wang Yan
eeec10387b
[cherry-pick] fix http client to push sbom accessory ( #20528 )
...
fix http client to push sbom accessory
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-31 16:19:39 +08:00
Wang Yan
99440599ea
[cherry-pick] fix 20518 ( #20522 )
...
fix 20518
fixes #20518
Since there is no report for the replicated artifact, update to use the artifact id to remove accessories.
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-30 19:38:59 +08:00
Lichao Xue
7c18987c39
Fix UI bugs - Pagination is missing on tag immutability rules ( #20520 )
...
Fix UI bugs - Pagination is missing on tag immutability rules #20501
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-30 18:18:38 +08:00
Wang Yan
614bf40a5d
tls support for pushing sbom ( #20515 )
...
Make it supports the tls configuration for the client for pushing sbom object
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-30 17:40:20 +08:00
Wang Yan
723abc6167
[cherry-pick] fix 20496 ( #20509 )
...
fix 20496
fixes #20496
Harbor will reserve one SBOM accessory artifact for each subject artifact. Ensure all existing SBOMs are removed before generating the next set.
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-29 17:44:50 +08:00
stonezdj(Daojun Zhang)
103eb42bd7
[cherry-pick] Fix tooltip issue related to SBOM.Details ( #20511 )
...
Fix tooltip issue related to SBOM.Details
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-29 17:28:24 +08:00
stonezdj(Daojun Zhang)
26eb63b1b0
[cherry-pick] Separate the execution vendor type sbom from image_scan ( #20508 )
...
Separate the execution vendor type sbom from image_scan
Add vendor type SBOM for execution
fixes #20495
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-29 15:45:33 +08:00
Shengwen YU
14f9af09c5
Bump up base image ( #20507 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-29 13:38:05 +08:00
stonezdj(Daojun Zhang)
e2826868ee
[cherry-pick] Add sbom_report table to store sbom related information ( #20482 )
...
Add sbom_report table to store sbom related information
fixes #20445
Refactor scan/base_controller.go
Move MakeReportPlaceholder, GetReportPlaceholder, GetSummary to vul and sbom scanHandler
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-24 17:08:41 +08:00
Lichao Xue
a763d6b54c
Fix - 20469 sbom status and download issue ( #20475 )
...
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-23 13:15:56 +08:00
Shengwen YU
88fad92e9a
bump up trivy and trivy-adapter version ( #20468 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-22 17:24:48 +08:00
Lichao Xue
15e7a448f4
Fix-20459 Wrong sbom status displayed in UI ( #20464 )
...
* fix ui test failure (#20441 )
Signed-off-by: xuelichao <xuel@vmware.com>
* Fix-20459 Wrong sbom status displayed in UI
Signed-off-by: xuelichao <xuel@vmware.com>
---------
Signed-off-by: xuelichao <xuel@vmware.com>
Signed-off-by: Lichao Xue <68891670+xuelichao@users.noreply.github.com>
2024-05-21 17:55:50 +08:00
Lichao Xue
acb9e1738c
Cherry-pick 20441-fix ui test failure ( #20444 )
...
fix ui test failure
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-20 15:42:51 +08:00
Shengwen YU
3777877ab4
fresh base image ( #20438 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-16 20:55:10 +08:00
Lichao Xue
840d4085f0
Fix and Should to display Unsupported if no SBOM accessories found ( #20426 )
...
Should this be Unsupported either for SBOM
Signed-off-by: xuelichao <xuel@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-16 17:40:42 +08:00
stonezdj(Daojun Zhang)
8ccf98a2ac
Initialize execution Manager in Report Assembler ( #20437 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-16 16:08:06 +08:00
MinerYang
2da4d5883f
bump golang 1.22.3 ( #20433 )
...
* bump golang 1.22.3
Signed-off-by: yminer <yminer@vmware.com>
* debug api_common_install.sh
Signed-off-by: yminer <yminer@vmware.com>
* remove set DNS for docker v20
Signed-off-by: yminer <yminer@vmware.com>
---------
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-16 14:32:59 +08:00
stonezdj(Daojun Zhang)
2b4fe6ced7
Add additional link for sboms ( #20423 )
...
artifact object's addition_links has sboms item when it support to generate sbom
fixes #20346
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-15 13:34:22 +00:00
stonezdj(Daojun Zhang)
df5b3618c7
Display status in sbom_overview for image index ( #20425 )
...
fixes #20418
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-15 11:52:39 +00:00
Shengwen YU
bb6c7242a4
add membership=true back for gitlab replication adapter ( #20400 )
...
fix: add membership=true back for gitlab replication adapter
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-15 10:38:01 +00:00
dependabot[bot]
0fc87eaf35
chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 in /src ( #20396 )
...
chore(deps): bump github.com/go-openapi/strfmt in /src
Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt ) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.22.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-15 09:11:11 +00:00
dependabot[bot]
372102c824
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.46.1 to 0.51.0 in /src ( #20394 )
...
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
Bumps [go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux](https://github.com/open-telemetry/opentelemetry-go-contrib ) from 0.46.1 to 0.51.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.46.1...zpages/v0.51.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-05-15 08:33:53 +00:00
dependabot[bot]
34dfbfd6bd
chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.0 to 5.2.1 in /src ( #20397 )
...
chore(deps): bump github.com/golang-jwt/jwt/v5 in /src
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt ) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/golang-jwt/jwt/releases )
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md )
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.0...v5.2.1 )
---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-05-15 15:57:04 +08:00
Wang Yan
2977fec006
fix issue 19928 ( #20409 )
...
* fix issue 19928
it needs to consider the user who is in any group that has been granted with the project admin role.
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-15 13:07:30 +08:00
stonezdj(Daojun Zhang)
232f9ba7ea
Skip scan in-toto sbom artifact ( #20415 )
...
fixes #20337
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-13 17:12:04 +08:00
Wang Yan
65e266fecf
fix issue 20407 ( #20416 )
...
fixes #20407
It needs to specify the insecure option on parsing the reference
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-13 14:44:51 +08:00
MinerYang
068ae006fe
Update scan job request log for enabled_capabilities ( #20414 )
...
update scan job request log
Signed-off-by: yminer <yminer@vmware.com>
2024-05-10 17:17:47 +08:00
Shengwen YU
beb5f3f7cb
fix: enale stop_scan for ci ( #20378 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 17:35:40 +08:00
Shengwen YU
33966fbc79
fix update TRIVYVERSION=v0.50.4 & TRIVYADAPTERVERSION=v0.31.1 ( #20390 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 16:59:31 +08:00
dependabot[bot]
c4409c053b
Bump helm.sh/helm/v3 from 3.14.2 to 3.14.4 in /src ( #20373 )
...
Bumps [helm.sh/helm/v3](https://github.com/helm/helm ) from 3.14.2 to 3.14.4.
- [Release notes](https://github.com/helm/helm/releases )
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.4 )
---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 15:49:37 +08:00
dependabot[bot]
1ef61995b8
Bump github.com/go-asn1-ber/asn1-ber from 1.5.5 to 1.5.6 in /src ( #20372 )
...
Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber ) from 1.5.5 to 1.5.6.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases )
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.5...v1.5.6 )
---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:45:37 +08:00
dependabot[bot]
34cb462cd9
Bump github.com/gorilla/csrf from 1.6.2 to 1.7.2 in /src ( #20376 )
...
Bumps [github.com/gorilla/csrf](https://github.com/gorilla/csrf ) from 1.6.2 to 1.7.2.
- [Release notes](https://github.com/gorilla/csrf/releases )
- [Commits](https://github.com/gorilla/csrf/compare/v1.6.2...v1.7.2 )
---
updated-dependencies:
- dependency-name: github.com/gorilla/csrf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:08:10 +08:00
dependabot[bot]
132c389216
Bump k8s.io/api from 0.29.3 to 0.30.0 in /src ( #20375 )
...
Bumps [k8s.io/api](https://github.com/kubernetes/api ) from 0.29.3 to 0.30.0.
- [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.0 )
---
updated-dependencies:
- dependency-name: k8s.io/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 13:18:42 +08:00
dependabot[bot]
50dc773a5a
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.26.0 in /src ( #20374 )
...
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go ) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 10:53:35 +08:00
stonezdj(Daojun Zhang)
8431c9c30a
Rename harbor.sbom to sbom.harbor ( #20359 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-02 23:48:07 +00:00
MinerYang
d01dfd450a
do not delete accessory relationship while still referenced ( #20360 )
...
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-04-30 01:18:09 +00:00
stonezdj(Daojun Zhang)
d154c27362
Add scan type in webhook event ( #20363 )
...
fixes #20331
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-29 13:51:09 +00:00
Lichao Xue
9b5dd7951e
Fix UI sbom status not updated to grid item after job done ( #20368 )
...
Fix UI sbom status not updated after job done
Signed-off-by: xuelichao <xuel@vmware.com>
2024-04-29 17:26:01 +08:00
Shengwen YU
bc3e47f0fe
fix: update stop scan tc ( #20369 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-29 13:39:27 +08:00
dependabot[bot]
1146cbeca1
Bump github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0 in /src ( #20316 )
...
Bumps [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff ) from 4.2.1 to 4.3.0.
- [Commits](https://github.com/cenkalti/backoff/compare/v4.2.1...v4.3.0 )
---
updated-dependencies:
- dependency-name: github.com/cenkalti/backoff/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-04-29 12:49:55 +08:00
dependabot[bot]
01a28dc66d
Bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.26.0 in /src ( #20370 )
...
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go ) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-04-29 10:19:48 +08:00
dependabot[bot]
7306f6d7d9
Bump github.com/golang-migrate/migrate/v4 from 4.16.2 to 4.17.1 in /src ( #20317 )
...
Bumps [github.com/golang-migrate/migrate/v4](https://github.com/golang-migrate/migrate ) from 4.16.2 to 4.17.1.
- [Release notes](https://github.com/golang-migrate/migrate/releases )
- [Changelog](https://github.com/golang-migrate/migrate/blob/master/.goreleaser.yml )
- [Commits](https://github.com/golang-migrate/migrate/compare/v4.16.2...v4.17.1 )
---
updated-dependencies:
- dependency-name: github.com/golang-migrate/migrate/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-04-28 17:32:58 +08:00
dependabot[bot]
d7ab8254cc
Bump golang.org/x/net from 0.22.0 to 0.24.0 in /src ( #20318 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.22.0 to 0.24.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.24.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-04-28 15:47:57 +08:00
stonezdj(Daojun Zhang)
fba4c40c65
Delete scan_report when accessory is removed ( #20365 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-27 01:56:30 +00:00
Shengwen YU
9471f5d5a6
fix: update total permission count to 59 ( #20352 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-26 08:21:27 +00:00