Commit Graph

7868 Commits

Author SHA1 Message Date
Daniel Jiang
1a9cebd5e8 Remove validation for item in CVE whitelist
To contain various vulnerabilities in the CVE whitelist, this commit
removes the validation.
Fixes #9242

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-18 15:08:32 +08:00
Michael Michael
509d1198aa
Update ADOPTERS.md 2019-10-18 02:05:51 -05:00
Wang Yan
be5a265dd2
Merge pull request #9468 from wy65701436/debug-drone-ci
debug drone ci error
2019-10-18 14:51:46 +08:00
Steven Ren
125c2762f1 Document the versioning and release process, also updating the SECURITY.md
to refer to the RELEASES.md.

Signed-off-by: Steven Ren <stevenr@stevenr-a01.vmware.com>
2019-10-18 14:24:42 +08:00
jwangyangls
ad46fd12aa
Merge pull request #9410 from jwangyangls/immetable-tag
Add immutable tag in project detail
2019-10-18 14:15:38 +08:00
wang yan
b7e336691d fix drone ci docker compose version out of date
1, update docker-compose to latest
2, print log when to package offline installer

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-18 13:34:48 +08:00
Yang Wang (c)
bfe19711db Add immutable tag in project detail
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-10-18 11:28:39 +08:00
Will Sun
ad053fc017
Merge pull request #9449 from AllForNothing/tag-retention-paging
Add server paging to tag-retention sub task list
2019-10-18 10:36:16 +08:00
Will Sun
932ed32de5
Merge pull request #9440 from AllForNothing/cve-check
Remove CVE ID check
2019-10-18 10:32:18 +08:00
Danfeng Liu (c)
732eda4196 Project quotas counting result is growing a little bit for unknow reason, images redis size was caculating from 25.8 to 25.9, so error message should be updated.
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
2019-10-18 10:30:05 +08:00
Wenkai Yin(尹文开)
5c5e475da4
Merge pull request #9415 from steven-zou/fix/pluggable_scanner_policy_check
do changes to let the vul policy check compatible with new framework
2019-10-18 09:39:20 +08:00
Wang Yan
2c9ec3b1d6
Merge pull request #9454 from wy65701436/drone_npm
add npm registry into drone yml
2019-10-17 23:08:58 +08:00
Wang Yan
51d3134e4f
Merge pull request #9427 from wy65701436/immutable-middleware
add immutable tag middleware
2019-10-17 20:28:34 +08:00
Steven Zou
0f16913635 rebase: resolve the code confilcts with master
Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-17 17:42:41 +08:00
wang yan
da02b820ad add immutable tag middleware
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-17 16:58:11 +08:00
Will Sun
ddb83574a7
Merge pull request #9361 from AllForNothing/scanner-s3
Add pluggable scanner UI
2019-10-17 16:13:47 +08:00
Wenkai Yin(尹文开)
97ddff2ac8
Merge pull request #9434 from heww/clair-adapter
build(clair): internal clair adapter when install with clair
2019-10-17 16:06:10 +08:00
wang yan
d4a413038d add npm registry into drone yml
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-17 15:36:18 +08:00
Wang Yan
b231814533
Merge pull request #9431 from wy65701436/fix-build-offline
add npm registry when to build offline package in drone CI
2019-10-17 14:57:12 +08:00
jwangyangls
12b8cfef61
Merge pull request #9413 from jwangyangls/reset-oidc-cli-secret
Add new cli secret ui in profile
2019-10-17 14:51:39 +08:00
jwangyangls
cf84026e3d
Merge pull request #9445 from jwangyangls/fix-copy-button-not-working
Fix copy button not working
2019-10-17 14:51:12 +08:00
xaleeks
5248a9739b
Merge pull request #9443 from goharbor/michmike-patch-2
Update demo_server.md
2019-10-17 14:48:08 +08:00
sshijun
bbf61a11e3 Add server paging to tag-retention sub task list
Signed-off-by: sshijun <sshijun@vmware.com>
2019-10-17 14:36:41 +08:00
Michael Michael
690c5a1c01
Delete code-of-conduct.md
deleting this file since we adopted the code of conduct in the community repo
2019-10-16 23:12:06 -07:00
Yogi_Wang
4b202e9679 Fix copy button not working
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-10-17 13:35:12 +08:00
He Weiwei
8964a8697a build(clair): internal clair adapter when install with clair
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-17 12:00:51 +08:00
Michael Michael
7556428fd9
Update demo_server.md 2019-10-16 21:00:23 -07:00
Michael Michael
347e96e3b8
Update demo_server.md 2019-10-16 20:58:03 -07:00
Yogi_Wang
8d4d2ee6fa Add new cli secret ui in profile
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-10-17 11:28:05 +08:00
Daniel Jiang
f0cb16cb86 Update OIDC token refresh process
1) Disassociate id token from user session

2) Some OIDC providers do not return id_token in the response of refresh
request:
https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse
When validating the CLI secret it will not validate the id token,
instead it will check the expiration of the access token, and try to
refresh it.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-17 11:26:18 +08:00
AllForNothing
c2e30b4bad Add scanner UI
Signed-off-by: AllForNothing <sshijun@vmware.com>
2019-10-17 10:27:54 +08:00
jwangyangls
8d65bd6da7
Merge pull request #9426 from jwangyangls/remove-validate-in-oidc-claim
Remove validation about oidc claim group
2019-10-17 10:03:47 +08:00
sshijun
645e9331b0 Remove CVE ID check
Signed-off-by: sshijun <sshijun@vmware.com>
2019-10-17 09:23:45 +08:00
Steven Zou
f18afc0a3f do changes to let the vul policy check compatiable with new framework
- update the scan/scanner controller
- enhance the report summary generation
- do changes to the vulnerable handler
- remove the unused clair related code
- add more UT cases
- update the scan web hook event
- drop the unsed tables/index/triggers in sql schema

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-16 23:15:26 +08:00
stonezdj(Daojun Zhang)
2973ddcf6b
Merge pull request #9428 from stonezdj/disable_self_reg
Update default self_registration=false
2019-10-16 17:41:21 +08:00
Wenkai Yin(尹文开)
32a2c41c3b
Merge pull request #9273 from gavinfish/typo
Fix typos in core package
2019-10-16 17:10:35 +08:00
stonezdj
3636a1afa5 Update default self_registration=false
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-10-16 01:33:48 -07:00
Ziming
eed8aa91a5
Merge pull request #9033 from lxShaDoWxl/feat/gitlab
Added Gitlab Registry Support
2019-10-16 16:26:51 +08:00
Ziming
3725667448
Merge branch 'master' into feat/gitlab 2019-10-16 14:34:21 +08:00
Qian Deng
6447294741
Merge pull request #9405 from heww/speed-up-test
perf(test): speed up TestAddBlobsToProject test in dao pkg
2019-10-16 13:45:58 +08:00
wang yan
66e9278fef add npm registry when to build offline package in drone CI
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-16 11:59:42 +08:00
stonezdj(Daojun Zhang)
0fa4934679
Merge pull request #8596 from JakubOnderka/patch-4
nginx: Remove TLSv1.1 support
2019-10-16 11:39:55 +08:00
Yogi_Wang
baa5f1171e Remove validation about oidc claim group
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-10-16 11:17:36 +08:00
Wenkai Yin(尹文开)
372875ad64
Merge pull request #9393 from wy65701436/immutable-match
add immutable match
2019-10-15 18:51:43 +08:00
stonezdj(Daojun Zhang)
ff04b2c930
Merge pull request #9411 from wy65701436/fix-list-robot
fix list robot account API return an internal error
2019-10-15 17:47:38 +08:00
wang yan
ae4c698ab4 use only 1 repo and tag selector to match
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-15 16:44:17 +08:00
Wang Yan
551a956fcb
Merge pull request #9418 from wy65701436/quota-dup
ignore the duplicate error when to insert project_blobs on quota syncing
2019-10-15 16:37:21 +08:00
wang yan
288e4cc193 igonre the duplicate error when to insert project_blobs on quota syncing
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-15 14:14:58 +08:00
wang yan
5e8f7297f5 fix list robot account API return an internal error
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-15 12:29:44 +08:00
Will Sun
285d3e1e5c
Merge pull request #9189 from strainovic/patch-1
Use external_url if exists on Add Repo Command chart details page
2019-10-15 12:18:37 +08:00