Add X-Accept-Vulnerabilities header to the list/get artifact and get
artifact vulnerability addition APIs, and these APIs will traverse the
mime types in this header and return the first report and summary found
from the mime type.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
1. Add GUI test for system robot account feature;
2. Fix issue of failing to catch docker pull image exception in API test.
Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
This commit directly maps the actoin permission in security context to
the scope generated by the token service in harbor-core.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
The adapter implements Pluggable Scanners API v1.1
and ships with Trivy v0.14.0.
There's also a tiny change in the way Trivy settings
are displayed in the scanner metadata response, i.e.
instead of com.github.aquasecurity.trivy.debugMode
it prints env.SCANNER_TRIVY_DEBUG_MODE. It makes it
explicit which env is use to set this parameter.
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
feat: Store vulnerability report from scanner into a relational format
Convert vulnerability report JSON obtained from scanner into a relational format describe in:https://github.com/goharbor/community/pull/145
Signed-off-by: prahaladdarkin <prahaladd@vmware.com>
Add the trigger to the metrics of the scan all job so that the customer
can know who trigger the latest scan all job.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
This commit add a handler to handle the request to
"/c/authproxy/redirect". Harbor is configured to authenticate against
an authproxy, if a request with query string `?token=xxxx`
is sent to this URI, the handler will do tokenreview according to the
setting of authproxy and simulate a `login` workflow based on the result
of token review.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit fixes#13287 to remove the usage of tilde as the $HOME is not available in some
cases. More details see #13287
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Fixes#13740
Update ManifestExist to return Descriptor instead of digest
For docker 20.10 or containerd, it HEAD the manifest before pull, then
it GET the manifest with digest, add logic to handle this scenario and
correlate the tag between the digest in proxy cache
Signed-off-by: stonezdj <stonezdj@gmail.com>
* fix robot account update issue
enable the update method to support both v1 & v2 robot update
Signed-off-by: Wang Yan <wangyan@vmware.com>
* resolve review comments
Signed-off-by: Wang Yan <wangyan@vmware.com>
Due to complicate logic of scan report in multi-level artifacts, should add scan tests
for into manifest list and CNAB bundle python test suit.
Signed-off-by: danfengliu <danfengl@vmware.com>
