Chlins Zhang
6a38ed3d77
style: delete duplicate error check in artifacttrash dao ( #20557 )
...
Signed-off-by: chlins <chlins.zhang@gmail.com>
2024-06-12 10:16:55 +00:00
Shengwen YU
1c9cb2e253
fix: update image tag for nightly-trivy-scan ( #20574 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-06-12 13:54:14 +08:00
stonezdj(Daojun Zhang)
b5f7a61e36
Adjust the query by UUID sql so that it can use the idx_task_extra_at… ( #20545 )
...
Adjust the query by UUID sql so that it can use the idx_task_extra_attrs_report_uuids
fixes #20505
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-11 06:37:53 +00:00
Shengwen YU
cea7ed0b04
fix: update VERSION to v2.12.0 ( #20559 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-06-07 10:58:45 +08:00
Shengwen YU
53d0122e2b
doc: update minor release support matrix with v2.11.x ( #20558 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-06-07 09:28:59 +08:00
dependabot[bot]
b3698d15c5
chore(deps): bump go.opentelemetry.io/otel from 1.26.0 to 1.27.0 in /src ( #20488 )
...
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go ) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-06-06 04:51:27 +00:00
dependabot[bot]
65bbe120d5
chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.0.97 to 1.0.138 in /src ( #20541 )
...
chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src
Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk ) from 1.0.97 to 1.0.138.
- [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases )
- [Commits](https://github.com/volcengine/volcengine-go-sdk/compare/v1.0.97...v1.0.138 )
---
updated-dependencies:
- dependency-name: github.com/volcengine/volcengine-go-sdk
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-06-06 12:15:43 +08:00
dependabot[bot]
bd82ba7071
chore(deps): bump github.com/aws/aws-sdk-go from 1.50.24 to 1.53.14 in /src ( #20542 )
...
chore(deps): bump github.com/aws/aws-sdk-go in /src
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.50.24 to 1.53.14.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.50.24...v1.53.14 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-06-06 11:32:34 +08:00
dependabot[bot]
83c3c2bf26
chore(deps): bump github.com/go-asn1-ber/asn1-ber from 1.5.6 to 1.5.7 in /src ( #20487 )
...
chore(deps): bump github.com/go-asn1-ber/asn1-ber in /src
Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber ) from 1.5.6 to 1.5.7.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases )
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.6...v1.5.7 )
---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-06-06 10:32:52 +08:00
Lichao Xue
115827cac7
Fixes-20537 SBOM tab should not exist when the artifact is helm package ( #20538 )
...
Fixes-20537 SBOM tab should not exist when the artifact is oci-compliant helm-chart
Signed-off-by: xuelichao <xuel@vmware.com>
2024-06-03 19:44:38 +08:00
stonezdj(Daojun Zhang)
74f4a358f8
No sbom_overview when sbom is deleted ( #20533 )
...
fixes #20529
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-03 13:38:30 +08:00
stonezdj(Daojun Zhang)
30767f6612
Response an error message when there is incomplete sbom generate job ( #20526 )
...
Response an error message when there is uncomplete sbom generate job
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-31 17:20:53 +08:00
Wang Yan
7645ec7ccc
fix http client to push sbom accessory ( #20525 )
...
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-31 16:43:13 +08:00
Wang Yan
d8475906ba
fix 20518 ( #20521 )
...
fixes #20518
Since there is no report for the replicated artifact, update to use the artifact id to remove accessories.
Signed-off-by: wang yan <wangyan@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-30 19:50:03 +08:00
Lichao Xue
1a36a95a2b
Fix UI bugs - Pagination is missing on tag immutability rules ( #20501 )
...
Fix UI bugs- Pagination is missing on tag immutability rules
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-30 18:18:57 +08:00
Wang Yan
8bc76a6548
tls support for pushing sbom ( #20514 )
...
Make it supports the tls configuration for the client for pushing sbom object
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-30 13:40:37 +08:00
stonezdj(Daojun Zhang)
05c1c2825f
Fix tooltip issue related to SBOM.Details ( #20510 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-30 03:35:04 +00:00
Wang Yan
7339bfa9b0
Fix multiple SBOM ( #20503 )
...
fix 20496
fixes #20496
Harbor will reserve one SBOM accessory artifact for each subject artifact. Ensure all existing SBOMs are removed before generating the next set.
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-29 18:25:26 +08:00
stonezdj(Daojun Zhang)
6d782ae695
Separate the execution vendor type sbom from image_scan ( #20504 )
...
Add vendor type SBOM for execution
fixes #20495
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-29 15:45:28 +08:00
stonezdj(Daojun Zhang)
1f0c8289a5
Add sbom_report table to store sbom related information ( #20473 )
...
fixes #20445
Refactor scan/base_controller.go
Move MakeReportPlaceholder, GetReportPlaceholder, GetSummary to vul and sbom scanHandler
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-24 08:48:55 +00:00
dependabot[bot]
0a4c31682a
chore(deps): bump github.com/go-openapi/swag from 0.22.7 to 0.23.0 in /src ( #20453 )
...
chore(deps): bump github.com/go-openapi/swag in /src
Bumps [github.com/go-openapi/swag](https://github.com/go-openapi/swag ) from 0.22.7 to 0.23.0.
- [Commits](https://github.com/go-openapi/swag/compare/v0.22.7...v0.23.0 )
---
updated-dependencies:
- dependency-name: github.com/go-openapi/swag
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-23 16:07:20 +08:00
dependabot[bot]
8bb7586b0b
chore(deps): bump github.com/prometheus/client_golang from 1.17.0 to 1.19.1 in /src ( #20451 )
...
chore(deps): bump github.com/prometheus/client_golang in /src
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.17.0 to 1.19.1.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.17.0...v1.19.1 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-23 15:19:09 +08:00
dependabot[bot]
00b5725edd
chore(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 in /src ( #20455 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-23 14:38:43 +08:00
Lichao Xue
3352a72b7a
Fix - 20469 sbom status and download issue ( #20471 )
...
Fix sbom status and download issue
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-23 13:23:45 +08:00
Shengwen YU
2f4fa29537
Bump up trivy version to v0.51.2, trivyadapter to v0.31.2 ( #20450 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-21 18:37:06 +08:00
Lichao Xue
3875b1ac1d
Fix-20459 Wrong sbom status displayed in UI ( #20460 )
...
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-21 17:55:46 +08:00
Lichao Xue
be839e677c
fix ui test failure ( #20441 )
...
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-20 15:42:42 +08:00
Lichao Xue
840d4085f0
Fix and Should to display Unsupported if no SBOM accessories found ( #20426 )
...
Should this be Unsupported either for SBOM
Signed-off-by: xuelichao <xuel@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-16 17:40:42 +08:00
stonezdj(Daojun Zhang)
8ccf98a2ac
Initialize execution Manager in Report Assembler ( #20437 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-16 16:08:06 +08:00
MinerYang
2da4d5883f
bump golang 1.22.3 ( #20433 )
...
* bump golang 1.22.3
Signed-off-by: yminer <yminer@vmware.com>
* debug api_common_install.sh
Signed-off-by: yminer <yminer@vmware.com>
* remove set DNS for docker v20
Signed-off-by: yminer <yminer@vmware.com>
---------
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-16 14:32:59 +08:00
stonezdj(Daojun Zhang)
2b4fe6ced7
Add additional link for sboms ( #20423 )
...
artifact object's addition_links has sboms item when it support to generate sbom
fixes #20346
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-15 13:34:22 +00:00
stonezdj(Daojun Zhang)
df5b3618c7
Display status in sbom_overview for image index ( #20425 )
...
fixes #20418
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-15 11:52:39 +00:00
Shengwen YU
bb6c7242a4
add membership=true back for gitlab replication adapter ( #20400 )
...
fix: add membership=true back for gitlab replication adapter
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-15 10:38:01 +00:00
dependabot[bot]
0fc87eaf35
chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 in /src ( #20396 )
...
chore(deps): bump github.com/go-openapi/strfmt in /src
Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt ) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.22.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-15 09:11:11 +00:00
dependabot[bot]
372102c824
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.46.1 to 0.51.0 in /src ( #20394 )
...
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
Bumps [go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux](https://github.com/open-telemetry/opentelemetry-go-contrib ) from 0.46.1 to 0.51.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.46.1...zpages/v0.51.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-05-15 08:33:53 +00:00
dependabot[bot]
34dfbfd6bd
chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.0 to 5.2.1 in /src ( #20397 )
...
chore(deps): bump github.com/golang-jwt/jwt/v5 in /src
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt ) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/golang-jwt/jwt/releases )
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md )
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.0...v5.2.1 )
---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-05-15 15:57:04 +08:00
Wang Yan
2977fec006
fix issue 19928 ( #20409 )
...
* fix issue 19928
it needs to consider the user who is in any group that has been granted with the project admin role.
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-15 13:07:30 +08:00
stonezdj(Daojun Zhang)
232f9ba7ea
Skip scan in-toto sbom artifact ( #20415 )
...
fixes #20337
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-13 17:12:04 +08:00
Wang Yan
65e266fecf
fix issue 20407 ( #20416 )
...
fixes #20407
It needs to specify the insecure option on parsing the reference
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-13 14:44:51 +08:00
MinerYang
068ae006fe
Update scan job request log for enabled_capabilities ( #20414 )
...
update scan job request log
Signed-off-by: yminer <yminer@vmware.com>
2024-05-10 17:17:47 +08:00
Shengwen YU
beb5f3f7cb
fix: enale stop_scan for ci ( #20378 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 17:35:40 +08:00
Shengwen YU
33966fbc79
fix update TRIVYVERSION=v0.50.4 & TRIVYADAPTERVERSION=v0.31.1 ( #20390 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 16:59:31 +08:00
dependabot[bot]
c4409c053b
Bump helm.sh/helm/v3 from 3.14.2 to 3.14.4 in /src ( #20373 )
...
Bumps [helm.sh/helm/v3](https://github.com/helm/helm ) from 3.14.2 to 3.14.4.
- [Release notes](https://github.com/helm/helm/releases )
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.4 )
---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 15:49:37 +08:00
dependabot[bot]
1ef61995b8
Bump github.com/go-asn1-ber/asn1-ber from 1.5.5 to 1.5.6 in /src ( #20372 )
...
Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber ) from 1.5.5 to 1.5.6.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases )
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.5...v1.5.6 )
---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:45:37 +08:00
dependabot[bot]
34cb462cd9
Bump github.com/gorilla/csrf from 1.6.2 to 1.7.2 in /src ( #20376 )
...
Bumps [github.com/gorilla/csrf](https://github.com/gorilla/csrf ) from 1.6.2 to 1.7.2.
- [Release notes](https://github.com/gorilla/csrf/releases )
- [Commits](https://github.com/gorilla/csrf/compare/v1.6.2...v1.7.2 )
---
updated-dependencies:
- dependency-name: github.com/gorilla/csrf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:08:10 +08:00
dependabot[bot]
132c389216
Bump k8s.io/api from 0.29.3 to 0.30.0 in /src ( #20375 )
...
Bumps [k8s.io/api](https://github.com/kubernetes/api ) from 0.29.3 to 0.30.0.
- [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.0 )
---
updated-dependencies:
- dependency-name: k8s.io/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 13:18:42 +08:00
dependabot[bot]
50dc773a5a
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.26.0 in /src ( #20374 )
...
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go ) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 10:53:35 +08:00
stonezdj(Daojun Zhang)
8431c9c30a
Rename harbor.sbom to sbom.harbor ( #20359 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-02 23:48:07 +00:00
MinerYang
d01dfd450a
do not delete accessory relationship while still referenced ( #20360 )
...
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-04-30 01:18:09 +00:00
stonezdj(Daojun Zhang)
d154c27362
Add scan type in webhook event ( #20363 )
...
fixes #20331
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-29 13:51:09 +00:00