Wang Yan
2977fec006
fix issue 19928 ( #20409 )
...
* fix issue 19928
it needs to consider the user who is in any group that has been granted with the project admin role.
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-15 13:07:30 +08:00
stonezdj(Daojun Zhang)
232f9ba7ea
Skip scan in-toto sbom artifact ( #20415 )
...
fixes #20337
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-13 17:12:04 +08:00
Wang Yan
65e266fecf
fix issue 20407 ( #20416 )
...
fixes #20407
It needs to specify the insecure option on parsing the reference
Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-13 14:44:51 +08:00
MinerYang
068ae006fe
Update scan job request log for enabled_capabilities ( #20414 )
...
update scan job request log
Signed-off-by: yminer <yminer@vmware.com>
2024-05-10 17:17:47 +08:00
Shengwen YU
beb5f3f7cb
fix: enale stop_scan for ci ( #20378 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 17:35:40 +08:00
Shengwen YU
33966fbc79
fix update TRIVYVERSION=v0.50.4 & TRIVYADAPTERVERSION=v0.31.1 ( #20390 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 16:59:31 +08:00
dependabot[bot]
c4409c053b
Bump helm.sh/helm/v3 from 3.14.2 to 3.14.4 in /src ( #20373 )
...
Bumps [helm.sh/helm/v3](https://github.com/helm/helm ) from 3.14.2 to 3.14.4.
- [Release notes](https://github.com/helm/helm/releases )
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.4 )
---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 15:49:37 +08:00
dependabot[bot]
1ef61995b8
Bump github.com/go-asn1-ber/asn1-ber from 1.5.5 to 1.5.6 in /src ( #20372 )
...
Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber ) from 1.5.5 to 1.5.6.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases )
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.5...v1.5.6 )
---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:45:37 +08:00
dependabot[bot]
34cb462cd9
Bump github.com/gorilla/csrf from 1.6.2 to 1.7.2 in /src ( #20376 )
...
Bumps [github.com/gorilla/csrf](https://github.com/gorilla/csrf ) from 1.6.2 to 1.7.2.
- [Release notes](https://github.com/gorilla/csrf/releases )
- [Commits](https://github.com/gorilla/csrf/compare/v1.6.2...v1.7.2 )
---
updated-dependencies:
- dependency-name: github.com/gorilla/csrf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:08:10 +08:00
dependabot[bot]
132c389216
Bump k8s.io/api from 0.29.3 to 0.30.0 in /src ( #20375 )
...
Bumps [k8s.io/api](https://github.com/kubernetes/api ) from 0.29.3 to 0.30.0.
- [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.0 )
---
updated-dependencies:
- dependency-name: k8s.io/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 13:18:42 +08:00
dependabot[bot]
50dc773a5a
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.26.0 in /src ( #20374 )
...
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go ) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 10:53:35 +08:00
stonezdj(Daojun Zhang)
8431c9c30a
Rename harbor.sbom to sbom.harbor ( #20359 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-02 23:48:07 +00:00
MinerYang
d01dfd450a
do not delete accessory relationship while still referenced ( #20360 )
...
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-04-30 01:18:09 +00:00
stonezdj(Daojun Zhang)
d154c27362
Add scan type in webhook event ( #20363 )
...
fixes #20331
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-29 13:51:09 +00:00
Lichao Xue
9b5dd7951e
Fix UI sbom status not updated to grid item after job done ( #20368 )
...
Fix UI sbom status not updated after job done
Signed-off-by: xuelichao <xuel@vmware.com>
2024-04-29 17:26:01 +08:00
Shengwen YU
bc3e47f0fe
fix: update stop scan tc ( #20369 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-29 13:39:27 +08:00
dependabot[bot]
1146cbeca1
Bump github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0 in /src ( #20316 )
...
Bumps [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff ) from 4.2.1 to 4.3.0.
- [Commits](https://github.com/cenkalti/backoff/compare/v4.2.1...v4.3.0 )
---
updated-dependencies:
- dependency-name: github.com/cenkalti/backoff/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-04-29 12:49:55 +08:00
dependabot[bot]
01a28dc66d
Bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.26.0 in /src ( #20370 )
...
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go ) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-04-29 10:19:48 +08:00
dependabot[bot]
7306f6d7d9
Bump github.com/golang-migrate/migrate/v4 from 4.16.2 to 4.17.1 in /src ( #20317 )
...
Bumps [github.com/golang-migrate/migrate/v4](https://github.com/golang-migrate/migrate ) from 4.16.2 to 4.17.1.
- [Release notes](https://github.com/golang-migrate/migrate/releases )
- [Changelog](https://github.com/golang-migrate/migrate/blob/master/.goreleaser.yml )
- [Commits](https://github.com/golang-migrate/migrate/compare/v4.16.2...v4.17.1 )
---
updated-dependencies:
- dependency-name: github.com/golang-migrate/migrate/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-04-28 17:32:58 +08:00
dependabot[bot]
d7ab8254cc
Bump golang.org/x/net from 0.22.0 to 0.24.0 in /src ( #20318 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.22.0 to 0.24.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.24.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-04-28 15:47:57 +08:00
stonezdj(Daojun Zhang)
fba4c40c65
Delete scan_report when accessory is removed ( #20365 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-27 01:56:30 +00:00
Shengwen YU
9471f5d5a6
fix: update total permission count to 59 ( #20352 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-26 08:21:27 +00:00
Lichao Xue
dee73a44f3
Fix UI bugs ( #20364 )
...
Signed-off-by: xuelichao <xuel@vmware.com>
2024-04-26 06:56:23 +00:00
Shengwen YU
c791b39a26
fix: add stop_scan_payload when call stop scan api ( #20353 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-26 06:13:00 +00:00
Shengwen YU
822784aac8
fix: update to "clr-dg-cell[10]" to fix the pull time tc due to addin… ( #20361 )
...
fix: update to "clr-dg-cell[10]" to fix the pull time tc due to adding an SBOM column
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-26 04:28:22 +00:00
Shengwen YU
d0cb200ed5
fix: update nightly test case for verifying audit log of image digest ( #20354 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-26 03:44:00 +00:00
Shengwen YU
0e8dce72be
fix: fresh scanner list when updating scanner ( #20366 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-26 10:52:11 +08:00
stonezdj(Daojun Zhang)
ec8d692fe6
Add scanner info and report_id to sbom_overview on listing artifact ( #20358 )
...
Add scan_status and report_id when scan has a failed task
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-25 17:00:35 +08:00
Shengwen YU
2af02f3b25
fix: update image reference to "@" in audit log when pushing & deleting images ( #20348 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-24 16:05:14 +08:00
stonezdj(Daojun Zhang)
c80e9bf477
Add 422 in the swagger.yaml ( #20344 )
...
change log level with no content message
fix time in sbom accessory
fixes #20342 #20332 #20328
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-24 09:57:46 +08:00
stonezdj(Daojun Zhang)
b7d4bf0d07
Log and skip adapter ping error when retrieve adapter capability ( #20314 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-22 09:43:04 +00:00
MinerYang
ea3cd06171
add prepare migration script for 2.11.0 ( #20315 )
...
Signed-off-by: yminer <yminer@vmware.com>
correct jaeger agent_host
update ip_family part
2024-04-22 16:34:08 +08:00
Shengwen YU
9b164f3fee
feat: add tc for limited guest of a project to get repository ( #20311 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-22 06:36:35 +00:00
Lichao Xue
e7fce62723
Wrong values shown for the columns of support_sbom and support_vulnerability in scanner list ( #20308 )
...
Fix wrong value shown for the columns of support_sbom and support_vulnerability in scanner list
Signed-off-by: xuelichao <xuel@vmware.com>
2024-04-22 13:29:48 +08:00
stonezdj(Daojun Zhang)
d759429831
Set default capability for old scanners ( #20306 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-04-20 10:37:30 +08:00
stonezdj(Daojun Zhang)
0d9dc4b4a4
Add enableCapabilities to extraAttrs for stop ( #20299 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-19 07:36:56 +00:00
Lichao Xue
b3dc183f47
Fixed an issue where the scan stop button can only be clicked once ( #20302 )
...
Signed-off-by: xuelichao <xuel@vmware.com>
2024-04-19 13:01:54 +08:00
stonezdj(Daojun Zhang)
9c3fc28250
Allow generate sbom in proxy cache project ( #20298 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-19 02:14:28 +00:00
Lichao Xue
e8907a47ab
SBOM UI feature implementation ( #19946 )
...
* draft: sbom UI feature implementation
Signed-off-by: xuelichao <xuel@vmware.com>
* refactor based on swagger yaml changes
Signed-off-by: xuelichao <xuel@vmware.com>
* update scan type for scan and stop sbom request
Signed-off-by: xuelichao <xuel@vmware.com>
---------
Signed-off-by: xuelichao <xuel@vmware.com>
2024-04-18 08:22:11 +00:00
Ikko Eltociear Ashimine
4fd11ce072
refactor: update controller.go ( #20297 )
...
minor fix
Signed-off-by: Ikko Eltociear Ashimine <eltociear@gmail.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-04-18 14:26:03 +08:00
stonezdj(Daojun Zhang)
2ea7d09412
skip to log scan sbom accessory for sbom accessory ( #20290 )
...
Avoid to log the generate SBOM failure message when the artifact is SBOM in webhook event
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-17 14:51:11 +00:00
stonezdj(Daojun Zhang)
fb2e0042d0
Rename scan request type ( #20288 )
...
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-04-17 09:52:50 +00:00
Shengwen YU
6709c789fb
feat: add test case for customizing OIDC provider name ( #20287 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-17 15:52:58 +08:00
stonezdj(Daojun Zhang)
654aa8edcf
Add generate SBOM feature ( #20251 )
...
* Add SBOM scan feature
Add scan handler for sbom
Delete previous sbom accessory before the job service
Signed-off-by: stonezdj <daojunz@vmware.com>
* fix issue
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
---------
Signed-off-by: stonezdj <daojunz@vmware.com>
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: stonezdj <daojunz@vmware.com>
2024-04-16 13:34:19 +00:00
Shengwen YU
67c03ddc4f
fix: update TRIVYVERSION=v0.50.1 && TRIVYADAPTERVERSION=v0.31.0 ( #20285 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-16 18:37:16 +08:00
Wang Yan
550bf1d750
fix issue 20269 ( #20274 )
...
By default, use the nvd score as the primary score, and if it is unavailable, fallback to the redhat score.
fix #20269
Signed-off-by: wang yan <wangyan@vmware.com>
2024-04-16 16:49:52 +08:00
Shengwen YU
91efec1e2a
fix: update the image reference format for audit log when pulling image ( #20278 )
...
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-04-16 11:11:59 +08:00
dependabot[bot]
938c804513
Bump go.uber.org/ratelimit from 0.2.0 to 0.3.1 in /src ( #20204 )
...
Bumps [go.uber.org/ratelimit](https://github.com/uber-go/ratelimit ) from 0.2.0 to 0.3.1.
- [Changelog](https://github.com/uber-go/ratelimit/blob/main/CHANGELOG.md )
- [Commits](https://github.com/uber-go/ratelimit/compare/v0.2.0...v0.3.1 )
---
updated-dependencies:
- dependency-name: go.uber.org/ratelimit
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-04-16 10:11:19 +08:00
Iceber Gu
a2507dc3fc
Sending signals by closing the channel ( #17917 )
...
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
2024-04-15 12:37:59 +00:00
dependabot[bot]
79dbebd48d
Bump golang.org/x/oauth2 from 0.15.0 to 0.19.0 in /src ( #20247 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.15.0 to 0.19.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.15.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-04-15 19:04:22 +08:00