Commit Graph

250 Commits

Author SHA1 Message Date
He Weiwei
dc37c83e11
refactor: use singular as the tag for user APIs (#14654)
Use singular as the tag for user APIs to align with other APIs.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2021-04-15 10:52:48 +08:00
DQ
f5fcc7bd31 Add base image for exporter
* Add base
* update Makefile

Signed-off-by: DQ <dengq@vmware.com>
2021-03-25 16:35:57 +08:00
danfengliu
9e3f0de12c
Merge pull request #14124 from danfengliu/reschedule-docker-login-policy-in-build-base-image-in-master
Reschedule docker login policy in base image build process
2021-02-23 10:10:59 +08:00
danfengliu
7d05c8e513 Reschedule docker login policy in base image build process
Signed-off-by: danfengliu <danfengl@vmware.com>
2021-02-22 10:05:25 +08:00
Josh Soref
dfe360040b Spelling
* addition
* attribute
* auditing
* availability
* available
* bandwidth
* browser
* business
* cadence
* chartmuseum
* client
* column
* content
* demonstrate
* described
* endpoints
* facilitate
* github
* harbor
* information
* instance
* manual
* meaningful
* operation
* overridden
* password
* possible
* project
* refactor
* replication
* requires
* running
* scanned
* settings
* signup
* those
* unsigned
* vulnerability

--
Also removes trailing space from a filename

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2021-02-19 11:59:15 +08:00
Daniel Pacak
202342cf0c
chore: Bump up Trivy scanner adapter from v0.17.0 to v0.18.0 (#14240)
Trivy adapter version v0.18.0 ships with Trivy v0.16.0.
It also changes the way we return links to upstream
vulnerability references. Instead of returning multiple
URLs Trivy returns the primary URL to Aqua Vulnerability
Database (e.g. https://avd.aquasec.com/nvd/cve-2020-10688/)
with up to date status and remediation guide.

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2021-02-18 14:40:07 +08:00
Qian Deng
a8e4b09b39
Add exporter to offline and online (#14022)
Signed-off-by: DQ <dengq@vmware.com>
2021-01-20 14:49:06 +08:00
Daniel Jiang
1b64b9fdc2
Bump up the go-migrate (#13914)
Bump it up to v4.11.0 to be consistent with harbor-core

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-01-11 19:08:17 +08:00
Daniel Pacak
bd46af691c
chore(trivy): Bump up Trivy scanner adapter to v0.17.0 (#13639)
The adapter implements Pluggable Scanners API v1.1
and ships with Trivy v0.14.0.

There's also a tiny change in the way Trivy settings
are displayed in the scanner metadata response, i.e.
instead of com.github.aquasecurity.trivy.debugMode
it prints env.SCANNER_TRIVY_DEBUG_MODE. It makes it
explicit which env is use to set this parameter.

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-12-25 15:34:00 +08:00
Wang Yan
7a8a8fa104
upgrade go version to v1.15.6 (#13836)
Signed-off-by: wang yan <wangyan@vmware.com>
2020-12-23 18:53:09 +08:00
He Weiwei
ce6ed3eeb7 refactor(api): move scan all apis to go-swagger
Move scan all APIs from beego to go-swagger.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-12-21 02:17:02 +00:00
He Weiwei
164acad24f
build: add cleanbaseimage target in Makefile (#13777)
Add cleanbaseimage target in Makefile, and append it to the dependencies
of the cleanall target.

Closes #13602

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-12-17 16:18:12 +08:00
DQ
dc0047c48c Add build script for exporter
- Add dockerfile
- update makefile

Signed-off-by: DQ <dengq@vmware.com>
2020-12-09 20:42:21 +08:00
DQ
8a584aff89 Clean up clair and clair-adapter in build scripts
1. Makefles
  2. Dockerfiles
  3. Installation script
  4. harbor.yml template

Signed-off-by: DQ <dengq@vmware.com>
2020-11-10 11:39:18 +08:00
Ángel Barrera Sánchez
283f9989e9 FIX: Update clair version to fix NVD deprecated links
Signed-off-by: Ángel Barrera Sánchez <angel@sighup.io>
2020-10-14 08:07:57 +02:00
Daniel Pacak
224cfec4f7
chore(trivy): Bump up trivy adapter to v0.14.1 (#12840)
This is the maintenance release to recompile the trivy
adapter service with Go 1.14.7 and pull Trivy v0.9.2.

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-08-21 10:40:06 +08:00
danfengliu
143062fe20
Merge pull request #12788 from danfengliu/upgrade-robotframework-in-git-action
upgrade robotframework in git action
2020-08-20 20:08:36 +08:00
danfengliu
3f5bd9ae0a Re-script ldap API script
1. upgrade robotframework in git action
2. Re-script ldap API script:test_assign_role_to_ldap_group.py

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-08-20 11:24:51 +00:00
He Weiwei
b749d6544e chore(clair): bump up clair adapter to v1.1.1
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-08-20 09:19:56 +00:00
Dirk Mueller
08a4d8efd2
Update to golang 1.14.7 (#12809)
We should use a golang that isn't having security issues.

This includes:
* go1.14.6 (released 2020/07/16) includes fixes to the go command, the
compiler, the linker, vet, and the database/sql, encoding/json,
net/http, reflect, and testing packages. See the Go 1.14.6 milestone on
our issue tracker for details.

* go1.14.7 (released 2020/08/06) includes security fixes to the
encoding/binary package. See the Go 1.14.7 milestone on our issue
tracker for details (CVE-2020-16845)

Signed-off-by: Dirk Mueller <dirk@dmllr.de>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
2020-08-20 15:38:35 +08:00
Wang Yan
60427e7187
build base image in CI (#12750)
In git action, use the local build base images instead of pulling from docker hub.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-08-18 14:11:52 +08:00
He Weiwei
f309896f2f refactor(api): generate project apis by go-swagger
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-08-15 16:10:57 +00:00
He Weiwei
31d2d9ee9f chore(clair): bump up clair adapter to v1.1.0
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-08-10 18:45:52 +08:00
Daniel Jiang
4f94f59d2a Provide a standalone migrator to migrate DB schema.
Fixes #11885
This part will not by default be packaged into release.
A README.md will be added in another commit.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-08-06 18:57:55 +08:00
He Weiwei
aa55fcfce7 chore(mocks): add make targets to generate and check mocks
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-07-22 01:59:32 +00:00
Ziming Zhang
8857e89e40 feature(redis) support redis sentinel
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-07-19 21:19:03 +08:00
Wang Yan
bad8f026fc
upgrade golang to v1.14.5 (#12489)
Signed-off-by: wang yan <wangyan@vmware.com>
2020-07-16 16:20:54 +08:00
Daniel Pacak
4b558baaf8 chore(trivy): Bump up Trivy adapter to v0.12.0
The new version of the adapter service improves the Redis connection pool
management. In the previous versions a new connection pool was created for
each scan job, which might negatively impact the performance and resources
utilisation.

There is also a bug fix in Trivy v0.9.1 to properly handle the debug mode.

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-06-29 10:14:28 +02:00
Max Rosin
34d5591b1b Fix DOCKERIMASES and SWAAGER_IMAGE_BUILD_CMD typos in Makefiles
Fix #12259

Signed-off-by: Max Rosin <git@hackrid.de>
2020-06-16 12:18:55 +02:00
Wang Yan
976a812d21
bump up clair v2.1.4 (#12245)
Signed-off-by: wang yan <wangyan@vmware.com>
2020-06-16 12:51:44 +08:00
Daniel Pacak
dfcee80ae5 fix(trivy): Bump up Trivy adapter to v0.11.0
This commit bumps up Trivy to resolve the following issues reported
in the aquasecurity/harbor-scanner-trivy repository:

- https://github.com/aquasecurity/harbor-scanner-trivy/issues/114
- https://github.com/aquasecurity/harbor-scanner-trivy/issues/108

Note that this adapter vendors in Trivy v0.9.0 which has changed
the algorithm for qualifying severities. Previous versions of Trivy
preferred NVD scores, whereas this version will use vendor score
whenever it's possible.

We believe it's more suitable approach for qualifying severities.
Even though this change might impact vulnerability summaries in
some cases, the total number of vulnerabilities should stay the
same.

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-06-05 10:48:16 +02:00
danfengliu
5da22bc2fc
Merge pull request #12100 from danfengliu/add-replication-schedule-test-1
Add replication schedule test
2020-06-03 16:55:18 +08:00
Daniel Pacak
f5d482854b
fix(trivy): Handle gracefully scratch and slim images (#11983)
This commit bumps up Trivy to 0.7.0 and Trivy adapter service to 0.10.0
in order to handle scratch and slim images, for which we cannot detect
the underlying operating system.

Resolves: #11964

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-06-02 10:51:14 +02:00
danfengliu
ceaa0a57b3 Add replication schedule test
1. Add replication schedule test;
2. Add some sleep after project creation before push image to avoid push image v2 error.
   It fixed issue# 12094: Scan image vmware/photon:1.0 return unsupported occasionally.
3. Add some sleep in test_user_view_logs.py, can't get operation logs sometimes.

Signed-off-by: danfengliu <danfengl@vmware.com>
2020-06-02 15:51:10 +08:00
DQ
f7ffd991cc Enhance: Upgrade chartmuseum version
Upgrade chartmuseum version 0.12.0

Signed-off-by: DQ <dengq@vmware.com>
2020-05-26 15:59:58 +08:00
Daniel Jiang
c10c04c5f7
Merge pull request #11811 from leolb-aphp/update-clair-2.1.3
Update Clair to v2.1.3
2020-05-26 14:53:42 +08:00
Leo Le Bouter
b8bd4143a7 Update Clair to v2.1.3
This release adds ubuntu support for newer releases and fixes an issue where RHEL updaters bailed to quickly.

https://github.com/quay/clair/releases/tag/v2.1.3
Signed-off-by: Leo Le Bouter <leo.lebouter-ext@aphp.fr>
2020-04-29 21:18:42 +02:00
Ziming Zhang
3c51ab556e feat(cicd) add build date for base images
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-04-28 12:56:37 +08:00
He Weiwei
8458f980d0 fix(swagger): enable security in swagger.yaml
1. Enable `security` in the swagger.yaml.
2. Include `basic` auth in `security` to make the generated python
client by `swagger-codegen-cli` work with basic authorization.
3. Include `anonymous` auth in `security` to make APIs of v2.0 generated
by `goswagger` work with `security` middleware.

Closes #11771

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-04-28 02:34:34 +00:00
Wang Yan
619345200f
Bump up clair version to v2.1.2 (#11675)
Clair v2.1.2 has been released to fix the RHEL updater issue.
https://github.com/quay/clair/releases/tag/v2.1.2

Signed-off-by: wang yan <wangyan@vmware.com>
2020-04-21 15:11:25 +08:00
Ziming Zhang
41e8bb91ce fix some cicd problems
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-04-21 14:34:45 +08:00
Daniel Pacak
5c3abee135 chore(trivy): Bump up trivy adapter to 0.9.0
- Vendor the latest Trivy release 0.6.0
- Configure TLS 1.2 as min version when TLS is enabled
- Add more tracing to adapter config to facilitate troubleshooting

Resolves: #11544

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-04-16 08:40:27 +02:00
He Weiwei
355c16943c chore(clair): bump up clair adapter version to 1.0.2
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-04-15 14:07:46 +00:00
Daniel Pacak
0eb5528d84 chore(trivy): Bump up trivy to 0.5.4
In this version of Trivy we improved error handling
when Trivy cannot open the Trivy DB file. If it fails,
the  error is catched to retry the DB file download.

Resolves: #11373

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-04-09 18:02:18 +02:00
Ziming Zhang
572ebef685 feat(cicd) parameterize docker base image and external url
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-04-08 00:21:47 +08:00
DQ
1ae50b8d66 Remove migrator flags in script
Because migrator tool removed

Signed-off-by: DQ <dengq@vmware.com>
2020-04-07 14:57:10 +08:00
Wenkai Yin
8f8b4d5e8d Add a seperated swagger file for chart API
Add a seperated swagger file for chart API as these APIs have no version

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-04-06 16:30:26 +08:00
Daniel Pacak
48df949c30
feat(trivy): Return Trivy DB update timestamp in /api/v1/metadata response (#11285)
Resolves: #11284

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-26 19:22:28 +08:00
Steven Zou
2859cd8b69
Merge pull request #11134 from danielpacak/feat/issue_11090/trivy_skip_update_flag
feat(trivy): Configure Trivy to skip database updates
2020-03-19 18:13:08 +08:00
Daniel Pacak
7325105714 feat(trivy): Configure Trivy to skip database updates
Resolves: #11090

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-18 17:11:47 +01:00