1. Add build base image step in build package git action workflow;
2. Add build base step to UT test in CI, base image used by UI test should be built before building harbor image in the same runtime;
3. In build package workflow, trigger build base image step in condition of changing both in Dockerfile.base and VERSION;
4. Add tag for setup nightly test.
Signed-off-by: danfengliu <danfengl@vmware.com>
This includes a number of critical bug and security fixes:
* go1.13.9 (released 2020/03/19) includes fixes to the go command, tools, the runtime, the toolchain, and the crypto/cypher package. See the Go 1.13.9 milestone on our issue tracker for details.
* go1.13.10 (released 2020/04/08) includes fixes to the go command, the runtime, and the os/exec and time packages. See the Go 1.13.10 milestone on our issue tracker for details.
* go1.13.11 (released 2020/05/14) includes fixes to the compiler. See the Go 1.13.11 milestone on our issue tracker for details.
* go1.13.12 (released 2020/06/01) includes fixes to the runtime, and the go/types and math/big packages. See the Go 1.13.12 milestone on our issue tracker for details.
* go1.13.13 (released 2020/07/14) includes security fixes to the crypto/x509 and net/http packages. See the Go 1.13.13 milestone on our issue tracker for details.
* go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and the database/sql, net/http, and reflect packages. See the Go 1.13.14 milestone on our issue tracker for details.
* go1.13.15 (released 2020/08/06) includes security fixes to the encoding/binary package. See the Go 1.13.15 milestone on our issue tracker for details.
These changes should be safe to apply on a maintenance branch as golang
is very strict about backports to patch level version. see
https://golang.org/doc/devel/release.html for details.
Signed-off-by: Dirk Mueller <dirk@dmllr.de>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
The new version of the adapter service improves the Redis connection pool
management. In the previous versions a new connection pool was created for
each scan job, which might negatively impact the performance and resources
utilisation.
There is also a bug fix in Trivy v0.9.1 to properly handle the debug mode.
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
This commit bumps up Trivy to resolve the following issues reported
in the aquasecurity/harbor-scanner-trivy repository:
- https://github.com/aquasecurity/harbor-scanner-trivy/issues/114
- https://github.com/aquasecurity/harbor-scanner-trivy/issues/108
Note that this adapter vendors in Trivy v0.9.0 which has changed
the algorithm for qualifying severities. Previous versions of Trivy
preferred NVD scores, whereas this version will use vendor score
whenever it's possible.
We believe it's more suitable approach for qualifying severities.
Even though this change might impact vulnerability summaries in
some cases, the total number of vulnerabilities should stay the
same.
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
This commit bumps up Trivy to 0.7.0 and Trivy adapter service to 0.10.0
in order to handle scratch and slim images, for which we cannot detect
the underlying operating system.
Resolves: #11964
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
This release adds ubuntu support for newer releases and fixes an issue where RHEL updaters bailed to quickly.
https://github.com/quay/clair/releases/tag/v2.1.3
Signed-off-by: Leo Le Bouter <leo.lebouter-ext@aphp.fr>
1. Enable `security` in the swagger.yaml.
2. Include `basic` auth in `security` to make the generated python
client by `swagger-codegen-cli` work with basic authorization.
3. Include `anonymous` auth in `security` to make APIs of v2.0 generated
by `goswagger` work with `security` middleware.
Closes#11771
Signed-off-by: He Weiwei <hweiwei@vmware.com>
- Vendor the latest Trivy release 0.6.0
- Configure TLS 1.2 as min version when TLS is enabled
- Add more tracing to adapter config to facilitate troubleshooting
Resolves: #11544
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
In this version of Trivy we improved error handling
when Trivy cannot open the Trivy DB file. If it fails,
the error is catched to retry the DB file download.
Resolves: #11373
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
Allows configuring SCANNER_TRIVY_GITHUB_TOKEN environment variable,
which is passed to trivy executable binary when it starts scanning
a given artifact.
This is to increase GitHub requests rate limit from 60 per hours
(for anonymous requests) to 5000 when Trivy download its
vulnerabilities database.
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
1. Add middleware to record the accepted blob size for stream blob
upload.
2. Add middleware to create blob and associate it with project after blob upload
complete.
3. Add middleware to sync blobs, create blob for manifest and associate blobs
with the manifest after put manifest.
4. Add middleware to associate blob with project after mount blob.
5. Cleanup associations for the project when artifact deleted.
Signed-off-by: He Weiwei <hweiwei@vmware.com>