search

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.
https://goharbor.io
Apache License 2.0
23.8k stars 4.73k forks source link

Unable to generate SBOM successfully. #20670

Closed indhusreesivakumar closed 3 months ago

indhusreesivakumar commented 3 months ago

Hi Team,

We are unable to generate the SBOM automatically. we see this error in the report. Would be thankful if someone could help us out. Thanks in advance.

image
MinerYang commented 3 months ago

Which harbor version (is it a GA build)? Could you provide more context like user info and error msg of your scan request?

indhusreesivakumar commented 3 months ago

It is harbor version v2.11.0 . We have enabled the "Automatically generate SBOM on push". But it doesn't seem to work as expected ( refer first image below) , we cannot see the sub-section, that displays the accessory, type and etc. But when i click on SBOM "view log" . I could see this error under it (refer second image).

image

image
indhusreesivakumar commented 3 months ago

Detailed SBOM Log :

2024-06-27T06:34:18Z [DEBUG] [/pkg/scan/job.go:385]: registration: 2024-06-27T06:34:18Z [INFO] [/pkg/scan/job.go:396]: { "uuid": "30325296-e769-11ee-9ebb-0242ac1a0007", "name": "Trivy", "description": "The Trivy scanner adapter", "url": "http://trivy-adapter:8080", "disabled": false, "is_default": true, "health": "healthy", "auth": "", "access_credential": "[HIDDEN]", "skip_certVerify": false, "use_internal_addr": true, "adapter": "Trivy", "vendor": "Aqua Security", "version": "v0.51.2", "create_time": "2024-03-21T09:55:46.125433Z", "update_time": "2024-03-21T09:55:46.125434Z" } 2024-06-27T06:34:18Z [DEBUG] [/pkg/scan/job.go:385]: scanRequest: 2024-06-27T06:34:18Z [INFO] [/pkg/scan/job.go:396]: { "registry": { "url": "http://core:8080", "authorization": "[HIDDEN]", "insecure": false }, "artifact": { "namespace_id": 8, "repository": "sree/test", "tag": "9.3.15.0-jre8", "digest": "sha256:b191c928b40735790767c0478028d206d7d5a0728c8851815846e3662acd348f", "mime_type": "application/vnd.docker.distribution.manifest.v2+json", "size": 126471248 }, "enabled_capabilities": [ { "type": "sbom", "produces_mime_types": [ "application/vnd.security.sbom.report+json; version=1.0" ], "parameters": { "sbom_media_types": [ "application/spdx+json" ] } } ] } 2024-06-27T06:34:18Z [INFO] [/pkg/scan/job.go:172]: Report mime types: [application/vnd.security.sbom.report+json; version=1.0] 2024-06-27T06:34:18Z [INFO] [/pkg/scan/job.go:229]: Get report for mime type: application/vnd.security.sbom.report+json; version=1.0 2024-06-27T06:34:20Z [DEBUG] [/pkg/scan/job.go:242]: check scan report for mime application/vnd.security.sbom.report+json; version=1.0 at 2024/06/27 06:34:20 2024-06-27T06:34:20Z [DEBUG] [/pkg/scan/job.go:303]: Converting report ID 3f7e0198-7fbb-4b3a-9586-671334a0c695 to the new V2 schema 2024-06-27T06:34:20Z [DEBUG] [/pkg/scan/sbom/sbom.go:105]: Pushing accessory artifact to harbor-endpoint 2024-06-27T06:34:20Z [ERROR] [/pkg/scan/sbom/sbom.go:108]: error when create accessory from image Get "harbor-endpoint": Forbidden 2024-06-27T06:34:20Z [ERROR] [/pkg/scan/job.go:307]: Failed to convert vulnerability data to new schema for report 3f7e0198-7fbb-4b3a-9586-671334a0c695, error Get "harbor-endpoint": Forbidden

indhusreesivakumar commented 3 months ago

Could anyone please tell me what are the right steps to activate the SBOM successfully ?

MinerYang commented 3 months ago

Hi please refer to this issue https://github.com/goharbor/harbor/issues/20565 And already fixed along with v2.11.1