Commit Graph

12147 Commits

Author SHA1 Message Date
stonezdj(Daojun Zhang)
a0d40922c8
[cherry-pick] Check create when fire the artifact event (#20838)
Check create when fire the artifact event

  fixes #20828

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-08-12 14:07:54 +08:00
Shengwen YU
6095188ad5
Bump up version to v2.11.1 (#20827)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-08-12 11:45:13 +08:00
Wang Yan
ff3e16a387
remove migrate patch (#20834)
cherry pick #20619

Signed-off-by: wang yan <wangyan@vmware.com>
2024-08-12 10:26:10 +08:00
Shengwen YU
a3ec51f628
Refresh base images (#20826)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-08-09 13:59:52 +08:00
Wang Yan
a3c69a6ff9
cherry-pick #20603 (#20824)
Signed-off-by: wang yan <wangyan@vmware.com>
2024-08-08 19:47:01 +08:00
Lichao Xue
73736afd4f
cherry-pick: Fixes-20799 can't remove artifact labels (#20817)
Fixes-20799 can't remove artifact labels

Signed-off-by: xuelichao <xuel@vmware.com>
2024-08-07 14:52:02 +08:00
Wang Yan
dfcba09e7f
[cherry-pick ]Release 2.11.0 cp 20803 (#20814)
* add list project arifacts API

This API supports listing all artifacts belonging to a specified project. It also allows fetching the latest artifact
in each repositry, with the option to filter by either media_type or artifact_type.

Signed-off-by: wang yan <wangyan@vmware.com>

* resolve the comments

Signed-off-by: wang yan <wangyan@vmware.com>

* fix testing failures

Signed-off-by: wang yan <wangyan@vmware.com>

---------

Signed-off-by: wang yan <wangyan@vmware.com>
2024-08-07 13:57:32 +08:00
Shengwen YU
14f98c0d7e
[cherry-pick] fix: add quote to dockerhub cred (#20694)
fix: add quote to dockerhub cred in case it contains specical characters
which will be failed to run the publish release github action job
regarding publishImages

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-07-15 18:16:07 +08:00
stonezdj(Daojun Zhang)
3b49c97d74
[cherry-pick] Change the log message when PostScan failed. (#20699)
Change the log message when PostScan failed.

  fixes #20573
  remove s from additions/sboms in the link

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-07-04 19:53:00 +08:00
Shengwen YU
82c9f9c88d
fix: update migrate tc (#20678)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-07-01 13:44:10 +08:00
Chlins Zhang
04e360660b
[cherry-pick] fix: disable the scan related button when installation without scanner or scanner deactived (#20661)
fix: disable the scan related button when installation without scanner or scanner deactived

Signed-off-by: chlins <chlins.zhang@gmail.com>
2024-06-26 12:45:48 +08:00
stonezdj(Daojun Zhang)
08e5553536
[cherry-pick] Add translation for zh_CN (#20634)
Add translation for zh_CN

  add sbom translation for zh_CN

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-21 15:19:49 +08:00
stonezdj(Daojun Zhang)
434b1afb57
[cherry-pick] Add menu item for ko_KR local (#20633)
Add menu item for ko_KR local

  fixes #20600

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-20 15:50:34 +08:00
stonezdj(Daojun Zhang)
5a069939d4
[cherry-pick] Use internal registry url to push artifact accessory (#20581)
Use internal registry url to push artifact accessory

  fixes #20565

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-13 22:12:43 +08:00
stonezdj(Daojun Zhang)
70255684c5
[cherry-pick] Adjust the query by UUID sql so that it can use the idx_task_extra_at… (#20546)
Adjust the query by UUID sql so that it can use the idx_task_extra_attrs_report_uuids

  fixes #20505

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-04 18:29:53 +08:00
Lichao Xue
81fcc0a4eb
Fixes-20537 SBOM tab should not exist when the artifact is helm package (#20539)
Fixes-20537 SBOM tab should not exist when the artifact is helm package #20538

Signed-off-by: xuelichao <xuel@vmware.com>
2024-06-03 19:45:02 +08:00
stonezdj(Daojun Zhang)
2b271701b0
[cherry-pick] No sbom_overview when sbom is deleted (#20534)
No sbom_overview when sbom is deleted

fixes #20529

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-06-03 13:38:23 +08:00
stonezdj(Daojun Zhang)
33de1ad805
[cherry-pick] Response an error message when there is incomplete sbom generate job (#20527)
Response an error message when there is incomplete sbom generate job

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-31 16:23:06 +08:00
Wang Yan
eeec10387b
[cherry-pick] fix http client to push sbom accessory (#20528)
fix http client to push sbom accessory

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-31 16:19:39 +08:00
Wang Yan
99440599ea
[cherry-pick] fix 20518 (#20522)
fix 20518

fixes #20518
Since there is no report for the replicated artifact, update to use the artifact id to remove accessories.

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-30 19:38:59 +08:00
Lichao Xue
7c18987c39
Fix UI bugs - Pagination is missing on tag immutability rules (#20520)
Fix UI bugs - Pagination is missing on tag immutability rules #20501

Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-30 18:18:38 +08:00
Wang Yan
614bf40a5d
tls support for pushing sbom (#20515)
Make it supports the tls configuration for the client for pushing sbom object

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-30 17:40:20 +08:00
Wang Yan
723abc6167
[cherry-pick] fix 20496 (#20509)
fix 20496

fixes #20496

Harbor will reserve one SBOM accessory artifact for each subject artifact. Ensure all existing SBOMs are removed before generating the next set.

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-29 17:44:50 +08:00
stonezdj(Daojun Zhang)
103eb42bd7
[cherry-pick] Fix tooltip issue related to SBOM.Details (#20511)
Fix tooltip issue related to SBOM.Details

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-29 17:28:24 +08:00
stonezdj(Daojun Zhang)
26eb63b1b0
[cherry-pick] Separate the execution vendor type sbom from image_scan (#20508)
Separate the execution vendor type sbom from image_scan

  Add vendor type SBOM for execution
  fixes #20495

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-29 15:45:33 +08:00
Shengwen YU
14f9af09c5
Bump up base image (#20507)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-29 13:38:05 +08:00
stonezdj(Daojun Zhang)
e2826868ee
[cherry-pick] Add sbom_report table to store sbom related information (#20482)
Add sbom_report table to store sbom related information

  fixes #20445
  Refactor scan/base_controller.go
  Move MakeReportPlaceholder, GetReportPlaceholder, GetSummary to vul and sbom scanHandler

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-24 17:08:41 +08:00
Lichao Xue
a763d6b54c
Fix - 20469 sbom status and download issue (#20475)
Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-23 13:15:56 +08:00
Shengwen YU
88fad92e9a
bump up trivy and trivy-adapter version (#20468)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-22 17:24:48 +08:00
Lichao Xue
15e7a448f4
Fix-20459 Wrong sbom status displayed in UI (#20464)
* fix ui test failure (#20441)

Signed-off-by: xuelichao <xuel@vmware.com>

* Fix-20459 Wrong sbom status displayed in UI

Signed-off-by: xuelichao <xuel@vmware.com>

---------

Signed-off-by: xuelichao <xuel@vmware.com>
Signed-off-by: Lichao Xue <68891670+xuelichao@users.noreply.github.com>
2024-05-21 17:55:50 +08:00
Lichao Xue
acb9e1738c
Cherry-pick 20441-fix ui test failure (#20444)
fix ui test failure

Signed-off-by: xuelichao <xuel@vmware.com>
2024-05-20 15:42:51 +08:00
Shengwen YU
3777877ab4
fresh base image (#20438)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-16 20:55:10 +08:00
Lichao Xue
840d4085f0
Fix and Should to display Unsupported if no SBOM accessories found (#20426)
Should this be Unsupported either for SBOM

Signed-off-by: xuelichao <xuel@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-16 17:40:42 +08:00
stonezdj(Daojun Zhang)
8ccf98a2ac
Initialize execution Manager in Report Assembler (#20437)
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-16 16:08:06 +08:00
MinerYang
2da4d5883f
bump golang 1.22.3 (#20433)
* bump golang 1.22.3

Signed-off-by: yminer <yminer@vmware.com>

* debug api_common_install.sh

Signed-off-by: yminer <yminer@vmware.com>

* remove set DNS for docker v20

Signed-off-by: yminer <yminer@vmware.com>

---------

Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-16 14:32:59 +08:00
stonezdj(Daojun Zhang)
2b4fe6ced7
Add additional link for sboms (#20423)
artifact object's addition_links has sboms item when it support to generate sbom
  fixes #20346

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-15 13:34:22 +00:00
stonezdj(Daojun Zhang)
df5b3618c7
Display status in sbom_overview for image index (#20425)
fixes #20418

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
2024-05-15 11:52:39 +00:00
Shengwen YU
bb6c7242a4
add membership=true back for gitlab replication adapter (#20400)
fix: add membership=true back for gitlab replication adapter

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-15 10:38:01 +00:00
dependabot[bot]
0fc87eaf35
chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 in /src (#20396)
chore(deps): bump github.com/go-openapi/strfmt in /src

Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-15 09:11:11 +00:00
dependabot[bot]
372102c824
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.46.1 to 0.51.0 in /src (#20394)
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux

Bumps [go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.46.1 to 0.51.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.46.1...zpages/v0.51.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-05-15 08:33:53 +00:00
dependabot[bot]
34dfbfd6bd
chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.0 to 5.2.1 in /src (#20397)
chore(deps): bump github.com/golang-jwt/jwt/v5 in /src

Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-05-15 15:57:04 +08:00
Wang Yan
2977fec006
fix issue 19928 (#20409)
* fix issue 19928

it needs to consider the user who is in any group that has been granted with the project admin role.

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-15 13:07:30 +08:00
stonezdj(Daojun Zhang)
232f9ba7ea
Skip scan in-toto sbom artifact (#20415)
fixes #20337

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2024-05-13 17:12:04 +08:00
Wang Yan
65e266fecf
fix issue 20407 (#20416)
fixes #20407
It needs to specify the insecure option on parsing the reference

Signed-off-by: wang yan <wangyan@vmware.com>
2024-05-13 14:44:51 +08:00
MinerYang
068ae006fe
Update scan job request log for enabled_capabilities (#20414)
update scan job request log

Signed-off-by: yminer <yminer@vmware.com>
2024-05-10 17:17:47 +08:00
Shengwen YU
beb5f3f7cb
fix: enale stop_scan for ci (#20378)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 17:35:40 +08:00
Shengwen YU
33966fbc79
fix update TRIVYVERSION=v0.50.4 & TRIVYADAPTERVERSION=v0.31.1 (#20390)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2024-05-06 16:59:31 +08:00
dependabot[bot]
c4409c053b
Bump helm.sh/helm/v3 from 3.14.2 to 3.14.4 in /src (#20373)
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.4.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.4)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 15:49:37 +08:00
dependabot[bot]
1ef61995b8
Bump github.com/go-asn1-ber/asn1-ber from 1.5.5 to 1.5.6 in /src (#20372)
Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber) from 1.5.5 to 1.5.6.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases)
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.5...v1.5.6)

---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:45:37 +08:00
dependabot[bot]
34cb462cd9
Bump github.com/gorilla/csrf from 1.6.2 to 1.7.2 in /src (#20376)
Bumps [github.com/gorilla/csrf](https://github.com/gorilla/csrf) from 1.6.2 to 1.7.2.
- [Release notes](https://github.com/gorilla/csrf/releases)
- [Commits](https://github.com/gorilla/csrf/compare/v1.6.2...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/gorilla/csrf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-05-06 14:08:10 +08:00