harbor/docs/administration/vulnerability-scanning/configure-system-whitelist.md
jonasrosland 48966f4364 Move 1.10 docs into the main docs folder
Signed-off-by: jonasrosland <jrosland@vmware.com>
2020-04-21 00:29:25 +08:00

27 lines
1.7 KiB
Markdown

---
title: Configure System-Wide CVE Whitelists
weight: 50
---
When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning.
You can set a system-wide CVE whitelist or you can set CVE whitelists on a per-project basis. For information about per-project CVE whitelists, see [Configure a Per-Project CVE Whitelist](../../working-with-projects/project-configuration/configure-project-whitelist.md).
System-wide CVE whitelists apply to all of the projects in a Harbor instance.
1. Go to **Configuration** > **System Settings**.
1. Under **Deployment security**, click **Add**.
![System-wide CVE whitelist](../../../img/cve-whitelist1.png)
1. Enter the list of CVE IDs to ignore during vulnerability scanning.
![Add system CVE whitelist](../../../img/cve-whitelist2.png)
Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
1. Click **Add** at the bottom of the window to add the list.
1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the whitelist.
![Add system CVEs](../../../img/cve-whitelist3.png)
1. Click **Save** at the bottom of the page to save your settings.
After you have created a system whitelist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system whitelist.
![Add and remove system CVEs](../../../img/cve-whitelist4.png)