From fe7cf8dddbbaa9c1ff704f8571293463d93ef4a4 Mon Sep 17 00:00:00 2001 From: Stuart Clements Date: Mon, 13 Jan 2020 14:33:26 +0100 Subject: [PATCH] Added TOC links in vulnerability section --- .../configure_system_whitelist.md | 8 ++++++++ .../import_vulnerability_data.md | 8 ++++++++ .../vulnerability_scanning/pluggable_scanners.md | 10 +++++++++- .../vulnerability_scanning/scan_all_images.md | 8 ++++++++ .../vulnerability_scanning/scan_individual_image.md | 10 +++++++++- .../vulnerability_scanning/schedule_scans.md | 10 +++++++++- .../vulnerability_scanning/vulnerability_scanning.md | 12 ++++++++++-- 7 files changed, 61 insertions(+), 5 deletions(-) diff --git a/docs/1.10/administration/vulnerability_scanning/configure_system_whitelist.md b/docs/1.10/administration/vulnerability_scanning/configure_system_whitelist.md index bc0fa3097..d23c8b7fc 100644 --- a/docs/1.10/administration/vulnerability_scanning/configure_system_whitelist.md +++ b/docs/1.10/administration/vulnerability_scanning/configure_system_whitelist.md @@ -1,3 +1,7 @@ +[Back to table of contents](../../index.md) + +---------- + # Configure System-Wide CVE Whitelists When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning. @@ -21,3 +25,7 @@ System-wide CVE whitelists apply to all of the projects in a Harbor instance. After you have created a system whitelist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system whitelist. ![Add and remove system CVEs](../../img/cve-whitelist4.png) + +---------- + +[Back to table of contents](../../index.md) diff --git a/docs/1.10/administration/vulnerability_scanning/import_vulnerability_data.md b/docs/1.10/administration/vulnerability_scanning/import_vulnerability_data.md index 736b97b61..d8012837c 100644 --- a/docs/1.10/administration/vulnerability_scanning/import_vulnerability_data.md +++ b/docs/1.10/administration/vulnerability_scanning/import_vulnerability_data.md @@ -1,3 +1,7 @@ +[Back to table of contents](../../index.md) + +---------- + # Import Vulnerability Data to an Offline Harbor instance Harbor has integrated with Clair to scan vulnerabilities in images. When Harbor is installed in an environment without internet connection, Clair cannot fetch data from the public vulnerability database. Under this circumstance, Harbor administrator needs to manually update the Clair database. @@ -67,3 +71,7 @@ Copy the `vulnerability.sql` and `clear.sql` to the host where Harbor is running ### Rescanning images After importing the data, trigger the scanning process in the administrator's web UI: **Administration**->**Configuration**->**Vulnerability**->**SCAN NOW**. Harbor reflects the new changes after the scanning is completed. (Otherwise the summary of the image vulnerabilities will not be displayed correctly.) +---------- + +[Back to table of contents](../../index.md) + diff --git a/docs/1.10/administration/vulnerability_scanning/pluggable_scanners.md b/docs/1.10/administration/vulnerability_scanning/pluggable_scanners.md index e8da9b3ec..a97b39a63 100644 --- a/docs/1.10/administration/vulnerability_scanning/pluggable_scanners.md +++ b/docs/1.10/administration/vulnerability_scanning/pluggable_scanners.md @@ -1,3 +1,7 @@ +[Back to table of contents](../../index.md) + +---------- + # Connect Harbor to Additional Vulnerability Scanners To connect Harbor to additional vulnerability scanners, you must install and configure an instance of the additional scanner according to the scanner vendor's requirements. The scanner must expose an API endpoint to allow Harbor to trigger the scan process or get reports. You can deploy multiple different scanners, and multiple instances of the same type of scanner. @@ -36,4 +40,8 @@ Depending on the scanner that you use, once the database is ready, the timestamp Until the database has been fully populated, the timestamp is replaced by a warning symbol. When the database is ready, you can scan images individually or scan all images across all projects. -If your Harbor instance is not connected to the external internet, you must manually update the vulnerability metadata. For information about how to update Clair manually, see [Import Vulnerability Data to an Offline Harbor instance](import_vulnerability_data.md). \ No newline at end of file +If your Harbor instance is not connected to the external internet, you must manually update the vulnerability metadata. For information about how to update Clair manually, see [Import Vulnerability Data to an Offline Harbor instance](import_vulnerability_data.md). + +---------- + +[Back to table of contents](../../index.md) \ No newline at end of file diff --git a/docs/1.10/administration/vulnerability_scanning/scan_all_images.md b/docs/1.10/administration/vulnerability_scanning/scan_all_images.md index 30760788f..1e5e76681 100644 --- a/docs/1.10/administration/vulnerability_scanning/scan_all_images.md +++ b/docs/1.10/administration/vulnerability_scanning/scan_all_images.md @@ -1,3 +1,7 @@ +[Back to table of contents](../../index.md) + +---------- + # Scan All Images In addition to scanning individual images in projects, you can run global scans on all of the images in a Harbor instance, across all projects. @@ -9,3 +13,7 @@ In addition to scanning individual images in projects, you can run global scans ![Scan all images](../../img/scan_all.png) Scanning requires intensive resource consumption. If scanning is in progress, the **Scan Now** button is unavailable. + +---------- + +[Back to table of contents](../../index.md) diff --git a/docs/1.10/administration/vulnerability_scanning/scan_individual_image.md b/docs/1.10/administration/vulnerability_scanning/scan_individual_image.md index 8da07c351..23a7d977a 100644 --- a/docs/1.10/administration/vulnerability_scanning/scan_individual_image.md +++ b/docs/1.10/administration/vulnerability_scanning/scan_individual_image.md @@ -1,3 +1,7 @@ +[Back to table of contents](../../index.md) + +---------- + # Scan Individual Images 1. Log in to the Harbor interface with an account that has at least project administrator privileges. @@ -46,4 +50,8 @@ ![Vulnerability report](../../img/tag_detail.png) - In addition to information about the tag, all of the vulnerabilities found in the last scan are listed. You can order or filter the list by the different columns. You can also click **Scan** in the report page to run a scan on this image tag. \ No newline at end of file + In addition to information about the tag, all of the vulnerabilities found in the last scan are listed. You can order or filter the list by the different columns. You can also click **Scan** in the report page to run a scan on this image tag. + +---------- + +[Back to table of contents](../../index.md) \ No newline at end of file diff --git a/docs/1.10/administration/vulnerability_scanning/schedule_scans.md b/docs/1.10/administration/vulnerability_scanning/schedule_scans.md index 6c6064d7c..efa5db672 100644 --- a/docs/1.10/administration/vulnerability_scanning/schedule_scans.md +++ b/docs/1.10/administration/vulnerability_scanning/schedule_scans.md @@ -1,3 +1,7 @@ +[Back to table of contents](../../index.md) + +---------- + # Schedule Scans You can set policies to control when vulnerability scanning should run. @@ -14,4 +18,8 @@ You can set policies to control when vulnerability scanning should run. * **Daily**: Run a scan at midnight every day. * **Weekly**: Run a scan at midnight every Saturday. * **Custom**: Run a scan according to a `cron` job. -1. Click **Save**. \ No newline at end of file +1. Click **Save**. + +---------- + +[Back to table of contents](../../index.md) \ No newline at end of file diff --git a/docs/1.10/administration/vulnerability_scanning/vulnerability_scanning.md b/docs/1.10/administration/vulnerability_scanning/vulnerability_scanning.md index 3a492108c..1f6c13955 100644 --- a/docs/1.10/administration/vulnerability_scanning/vulnerability_scanning.md +++ b/docs/1.10/administration/vulnerability_scanning/vulnerability_scanning.md @@ -1,14 +1,18 @@ +[Back to table of contents](../../index.md) + +---------- + # Vulnerability Scanning Harbor provides static analysis of vulnerabilities in images through the open source [Clair](https://github.com/coreos/clair) project. **IMPORTANT**: Clair is an optional component. To be able to use Clair you must have enabled Clair when you installed your Harbor instance. -You can also connect Harbor to your own instance of Clair or to additional vulnerability scanners by using an interrogation service. You configure additional scanners in the Harbor interface, after you have installed Harbor. For the list of additional scanners that are currently supported, see the [Harbor Compatibility List](harbor_compatibility_list.md#scanner-adapters). +You can also connect Harbor to your own instance of Clair or to additional vulnerability scanners by using an interrogation service. You configure additional scanners in the Harbor interface, after you have installed Harbor. For the list of additional scanners that are currently supported, see the [Harbor Compatibility List](../../install_config/harbor_compatibility_list.md#scanner-adapters). It might be necessary to connect Harbor to other scanners for corporate compliance reasons, or because your organization already uses a particular scanner. Different scanners also use different vulnerability databases, capture different CVE sets, and apply different severity thresholds. By connecting Harbor to more than one vulnerability scanner, you broaden the scope of your protection against vulnerabilities. -For information about installing Harbor with Clair, see the [Installation and Configuration Guide](installation_guide.md). +For information about installing Harbor with Clair, see the [Run the Installer Script](../../install_config/run_installer_script.md). You can manually initiate scanning on a particular image, or on all images in Harbor. Additionally, you can also set a policy to automatically scan all of the images at specific intervals. @@ -16,5 +20,9 @@ You can manually initiate scanning on a particular image, or on all images in Ha - [Scan an Individual Image](scan_individual_image.md) - [Scan All Images](scan_all_images.md) - [Schedule Scans](schedule_scans.md) +- [Import Vulnerability Data to an Offline Harbor instance](import_vulnerability_data.md) - [Configure System-Wide CVE Whitelists](configure_system_whitelist.md) +---------- + +[Back to table of contents](../../index.md) \ No newline at end of file