Can the Clair scanner type be changed?

[igorstojanovski]

The Clair scanner type is os-package-vulnerability (/harbor/interrogation-services/scanners):

harbor.scanner-adapter/scanner-type:os-package-vulnerability

What does this mean and can it be changed? I search the documentation and could not find a reference to this value. In source code, it is hardcoded in the metadata endpoint response.

The reason why I am asking is that I am not getting all the vulnerabilities for my images although they can be found using other scanners.

[danielpacak]

The Clair scanner type is os-package-vulnerability (/harbor/interrogation-services/scanners):

harbor.scanner-adapter/scanner-type:os-package-vulnerability

What does this mean and can it be changed? I search the documentation and could not find a reference to this value. In source code, it is hardcoded in the metadata endpoint response.

The reason why I am asking is that I am not getting all the vulnerabilities for my images although they can be found using other scanners.

Good question @igorstojanovski Currently this value is not used by Harbor nor Clair. The harbor.scanner-adapter/scanner-type property was introduced for further extensions in case we add support for other types of scanners with different capabilities. As of today this adapter works with Clair 2.x which does support only OS packages.

[igorstojanovski]

Thanks for the answer @danielpacak I guess the only option now is to try and use Anchore scanner instead. I believe this can be closed now.

[danielpacak]

Thanks for the answer @danielpacak I guess the only option now is to try and use Anchore scanner instead. I believe this can be closed now.

In Harbor >= 1.10 you could choose any of the supported scanners listed in https://goharbor.io/docs/1.10/install-config/harbor-compatibility-list/