Open johanhammar opened 2 years ago
Gaardsholt
commented
1 year ago As we are no longer using Harbor, we will now archive this repo. We would love to donate the project to someone else, so if anyone wanna take over the project they can contact us on EngineeringServices@bestseller.com
johanhammar
commented
1 year ago Hi! Is backstage-plugin-harbor-* now maintained by the container-registry organization? Thats great news! I would like to reopen this issue, it's still a problem. What do you think?
Vad1mo
commented
1 year ago We would rather not let that extension die. We now try to revive that plugin and build it up so one day in can be merge upstream to harbor.
We recently updated Harbor to 2.4.2 and with that the Backstage Harbor Plugin broke. We're getting
Cannot read properties of undefined (reading 'severity')We investigated a bit and it seems we get a report back with a new vulnKey. The default X-Accept-Vulnerabilites is
application/vnd.security.vulnerability.report; version=1.1, application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0. The resulting json contains the keyapplication/vnd.security.vulnerability.report; version=1.1Specifying only
X-Accept-Vulnerabilites: application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0returns an empty json resultHere's two related issues in Harbor: https://github.com/goharbor/harbor/issues/16085 & https://github.com/goharbor/harbor/issues/16295
I'm not quite convinced yet that our solution, changing
vulnKeytoapplication/vnd.security.vulnerability.report; version=1.1, is correct but might be.What do you think?