search

SUSE / Portus

Authorization service and frontend for Docker registry (v2)
http://port.us.org/
Apache License 2.0
3k stars 471 forks source link

Improved Vulnerability Scanner #1761

Open Vad1mo opened 6 years ago

Vad1mo commented 6 years ago

Abstract

The first phase of the vulnerability scanner allowed the general scanning of repositories. In order to make better and more precise conclusions out the results it is desired to improve the vulnerability scanner.

This issue here is intended to track all the effort related to deliver an improved version of the vulnerability scanner.

The issue #1658 targets some of the features

Related Tasks

You are invited to make suggestions

mssola commented 6 years ago

Thanks a lot for this :clap:

hamid-elaosta commented 5 years ago

I'd like to add a suggestion. It would be useful for a feature to run a full-rescan of a registry. I have many, many images in Portus/Registry prior to configuring Clair and I now cannot rescan those images it seems.

rikkuness commented 5 years ago

Will this include updating to use the Clair V3 API too?

mssola commented 5 years ago

Will this include updating to use the Clair V3 API too?

I see that this version of the API is only included in the master branch (so it has not been released yet). Meaning that it may change, I guess. So, I'd say that we should take a look at it, but I wouldn't say it's top priority.

That being said, I remember that there were some changes on the v1 of the API for some versions of Clair (or at least Portus failed for some versions of Clair so we pinned a specific version). So, I'd say that it's important to check more versions of Clair (master and v3 included).

Thanks for the heads up :+1:

sharkymcdongles commented 4 years ago

Is there any way to have it run the scan against the entire registry once you enable clair?