Commit Graph

12242 Commits

Author SHA1 Message Date
Chlins Zhang
6a38ed3d77
style: delete duplicate error check in artifacttrash dao (#20557)
Signed-off-by: chlins <chlins.zhang@gmail.com>
2024-06-12 10:16:55 +00:00
Shengwen YU
1c9cb2e253
fix: update image tag for nightly-trivy-scan (#20574)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-06-12 13:54:14 +08:00
stonezdj(Daojun Zhang)
b5f7a61e36
Adjust the query by UUID sql so that it can use the idx_task_extra_at… (#20545)
Adjust the query by UUID sql so that it can use the idx_task_extra_attrs_report_uuids

 fixes #20505

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-11 06:37:53 +00:00
Shengwen YU
cea7ed0b04
fix: update VERSION to v2.12.0 (#20559)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-06-07 10:58:45 +08:00
Shengwen YU
53d0122e2b
doc: update minor release support matrix with v2.11.x (#20558)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-06-07 09:28:59 +08:00
dependabot[bot]
b3698d15c5
chore(deps): bump go.opentelemetry.io/otel from 1.26.0 to 1.27.0 in /src (#20488)
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-06-06 04:51:27 +00:00
dependabot[bot]
65bbe120d5
chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.0.97 to 1.0.138 in /src (#20541)
chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src

Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.0.97 to 1.0.138.
- [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases)
- [Commits](https://github.com/volcengine/volcengine-go-sdk/compare/v1.0.97...v1.0.138)

---
updated-dependencies:
- dependency-name: github.com/volcengine/volcengine-go-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-06-06 12:15:43 +08:00
dependabot[bot]
bd82ba7071
chore(deps): bump github.com/aws/aws-sdk-go from 1.50.24 to 1.53.14 in /src (#20542)
chore(deps): bump github.com/aws/aws-sdk-go in /src

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.50.24 to 1.53.14.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.50.24...v1.53.14)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-06-06 11:32:34 +08:00
dependabot[bot]
83c3c2bf26
chore(deps): bump github.com/go-asn1-ber/asn1-ber from 1.5.6 to 1.5.7 in /src (#20487)
chore(deps): bump github.com/go-asn1-ber/asn1-ber in /src

Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber) from 1.5.6 to 1.5.7.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases)
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.6...v1.5.7)

---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-06-06 10:32:52 +08:00
Lichao Xue
115827cac7
Fixes-20537 SBOM tab should not exist when the artifact is helm package (#20538)
Fixes-20537 SBOM tab should not exist when the artifact is oci-compliant helm-chart

Signed-off-by: xuelichao <xuel@vmware.com>
2024-06-03 19:44:38 +08:00
stonezdj(Daojun Zhang)
74f4a358f8
No sbom_overview when sbom is deleted (#20533)
fixes #20529

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-03 13:38:30 +08:00
stonezdj(Daojun Zhang)
30767f6612
Response an error message when there is incomplete sbom generate job (#20526)
Response an error message when there is uncomplete sbom generate job

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-31 17:20:53 +08:00
Wang Yan
7645ec7ccc
fix http client to push sbom accessory (#20525)
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-31 16:43:13 +08:00
Wang Yan
d8475906ba
fix 20518 (#20521)
fixes #20518
Since there is no report for the replicated artifact, update to use the artifact id to remove accessories.

Signed-off-by: wang yan <wangyan@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-30 19:50:03 +08:00
Lichao Xue
1a36a95a2b
Fix UI bugs - Pagination is missing on tag immutability rules (#20501)
Fix UI bugs- Pagination is missing on tag immutability rules

Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-30 18:18:57 +08:00
Wang Yan
8bc76a6548
tls support for pushing sbom (#20514)
Make it supports the tls configuration for the client for pushing sbom object

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-30 13:40:37 +08:00
stonezdj(Daojun Zhang)
05c1c2825f
Fix tooltip issue related to SBOM.Details (#20510)
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-30 03:35:04 +00:00
Wang Yan
7339bfa9b0
Fix multiple SBOM (#20503)
fix 20496

fixes #20496

Harbor will reserve one SBOM accessory artifact for each subject artifact. Ensure all existing SBOMs are removed before generating the next set.

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-29 18:25:26 +08:00
stonezdj(Daojun Zhang)
6d782ae695
Separate the execution vendor type sbom from image_scan (#20504)
Add vendor type SBOM for execution
  fixes #20495

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-29 15:45:28 +08:00
stonezdj(Daojun Zhang)
1f0c8289a5
Add sbom_report table to store sbom related information (#20473)
fixes #20445
  Refactor scan/base_controller.go
  Move MakeReportPlaceholder, GetReportPlaceholder, GetSummary to vul and sbom scanHandler

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-24 08:48:55 +00:00
dependabot[bot]
0a4c31682a
chore(deps): bump github.com/go-openapi/swag from 0.22.7 to 0.23.0 in /src (#20453)
chore(deps): bump github.com/go-openapi/swag in /src

Bumps [github.com/go-openapi/swag](https://github.com/go-openapi/swag) from 0.22.7 to 0.23.0.
- [Commits](https://github.com/go-openapi/swag/compare/v0.22.7...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/swag
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-23 16:07:20 +08:00
dependabot[bot]
8bb7586b0b
chore(deps): bump github.com/prometheus/client_golang from 1.17.0 to 1.19.1 in /src (#20451)
chore(deps): bump github.com/prometheus/client_golang in /src

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.17.0 to 1.19.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.17.0...v1.19.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-23 15:19:09 +08:00
dependabot[bot]
00b5725edd
chore(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 in /src (#20455)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-23 14:38:43 +08:00
Lichao Xue
3352a72b7a
Fix - 20469 sbom status and download issue (#20471)
Fix sbom status and download issue

Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-23 13:23:45 +08:00
Shengwen YU
2f4fa29537
Bump up trivy version to v0.51.2, trivyadapter to v0.31.2 (#20450)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-21 18:37:06 +08:00
Lichao Xue
3875b1ac1d
Fix-20459 Wrong sbom status displayed in UI (#20460)
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-21 17:55:46 +08:00
Lichao Xue
be839e677c
fix ui test failure (#20441)
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-20 15:42:42 +08:00
Lichao Xue
840d4085f0
Fix and Should to display Unsupported if no SBOM accessories found (#20426)
Should this be Unsupported either for SBOM

Signed-off-by: xuelichao <xuel@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-16 17:40:42 +08:00
stonezdj(Daojun Zhang)
8ccf98a2ac
Initialize execution Manager in Report Assembler (#20437)
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-16 16:08:06 +08:00
MinerYang
2da4d5883f
bump golang 1.22.3 (#20433)
* bump golang 1.22.3

Signed-off-by: yminer <yminer@vmware.com>

* debug api_common_install.sh

Signed-off-by: yminer <yminer@vmware.com>

* remove set DNS for docker v20

Signed-off-by: yminer <yminer@vmware.com>

---------

Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-16 14:32:59 +08:00
stonezdj(Daojun Zhang)
2b4fe6ced7
Add additional link for sboms (#20423)
artifact object's addition_links has sboms item when it support to generate sbom
  fixes #20346

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-15 13:34:22 +00:00
stonezdj(Daojun Zhang)
df5b3618c7
Display status in sbom_overview for image index (#20425)
fixes #20418

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-15 11:52:39 +00:00
Shengwen YU
bb6c7242a4
add membership=true back for gitlab replication adapter (#20400)
fix: add membership=true back for gitlab replication adapter

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-15 10:38:01 +00:00
dependabot[bot]
0fc87eaf35
chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 in /src (#20396)
chore(deps): bump github.com/go-openapi/strfmt in /src

Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-15 09:11:11 +00:00
dependabot[bot]
372102c824
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.46.1 to 0.51.0 in /src (#20394)
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux

Bumps [go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.46.1 to 0.51.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.46.1...zpages/v0.51.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-05-15 08:33:53 +00:00
dependabot[bot]
34dfbfd6bd
chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.0 to 5.2.1 in /src (#20397)
chore(deps): bump github.com/golang-jwt/jwt/v5 in /src

Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-05-15 15:57:04 +08:00
Wang Yan
2977fec006
fix issue 19928 (#20409)
* fix issue 19928

it needs to consider the user who is in any group that has been granted with the project admin role.

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-15 13:07:30 +08:00
stonezdj(Daojun Zhang)
232f9ba7ea
Skip scan in-toto sbom artifact (#20415)
fixes #20337

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-13 17:12:04 +08:00
Wang Yan
65e266fecf
fix issue 20407 (#20416)
fixes #20407
It needs to specify the insecure option on parsing the reference

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-13 14:44:51 +08:00
MinerYang
068ae006fe
Update scan job request log for enabled_capabilities (#20414)
update scan job request log

Signed-off-by: yminer <yminer@vmware.com>
2024-05-10 17:17:47 +08:00
Shengwen YU
beb5f3f7cb
fix: enale stop_scan for ci (#20378)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 17:35:40 +08:00
Shengwen YU
33966fbc79
fix update TRIVYVERSION=v0.50.4 & TRIVYADAPTERVERSION=v0.31.1 (#20390)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 16:59:31 +08:00
dependabot[bot]
c4409c053b
Bump helm.sh/helm/v3 from 3.14.2 to 3.14.4 in /src (#20373)
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.4.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.4)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 15:49:37 +08:00
dependabot[bot]
1ef61995b8
Bump github.com/go-asn1-ber/asn1-ber from 1.5.5 to 1.5.6 in /src (#20372)
Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber) from 1.5.5 to 1.5.6.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases)
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.5...v1.5.6)

---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:45:37 +08:00
dependabot[bot]
34cb462cd9
Bump github.com/gorilla/csrf from 1.6.2 to 1.7.2 in /src (#20376)
Bumps [github.com/gorilla/csrf](https://github.com/gorilla/csrf) from 1.6.2 to 1.7.2.
- [Release notes](https://github.com/gorilla/csrf/releases)
- [Commits](https://github.com/gorilla/csrf/compare/v1.6.2...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/gorilla/csrf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:08:10 +08:00
dependabot[bot]
132c389216
Bump k8s.io/api from 0.29.3 to 0.30.0 in /src (#20375)
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.29.3 to 0.30.0.
- [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.0)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 13:18:42 +08:00
dependabot[bot]
50dc773a5a
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.26.0 in /src (#20374)
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 10:53:35 +08:00
stonezdj(Daojun Zhang)
8431c9c30a
Rename harbor.sbom to sbom.harbor (#20359)
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-02 23:48:07 +00:00
MinerYang
d01dfd450a
do not delete accessory relationship while still referenced (#20360)
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-04-30 01:18:09 +00:00
stonezdj(Daojun Zhang)
d154c27362
Add scan type in webhook event (#20363)
fixes #20331

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-29 13:51:09 +00:00