xaleeks
commented
4 years ago Want to think about this and discuss? actually I will ping you with some ideas @danielpacak
Open michmike opened 5 years ago
xaleeks
commented
4 years ago Want to think about this and discuss? actually I will ping you with some ideas @danielpacak
danielpacak
commented
4 years ago Want to think about this and discuss? actually I will ping you with some ideas @danielpacak
Sure @xaleeks . Cool feature. Would love to discuss the details!
ritheshgm
commented
4 years ago Any release timeline for 2.0
michmike
commented
4 years ago Any release timeline for 2.0
@ritheshgm this feature will not be in Harbor 2.0. However, Harbor 2.0 is slated to ship towards the end of April 2020. thanks.
xaleeks
commented
4 years ago @wy65701436 @steven-zou @ywk253100
Can we think about this now? we really only need to keep the most recent scan result in DB (at any given time). Can we leverage the DB we built for OCI support for this? or keep it as an attribute on the 'artifact' struct, since image digest is essentially a unique identifier / PK for the artifact, and so just add CVEs for any digest to that struct. or a list of arrays [][], ordered by scanner vendors
lindhe
commented
2 years ago Related to #11622
github-actions[bot]
commented
2 years ago This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
brgsousa
commented
1 year ago I am definitely interested in that feature as well! It would be great
today, Harbor does a great job in ensuring that images are scanned prior to allowing a developer to pull an image. In addition, policy can prevent images to be pulled if they are vulnerable.
This issue is about the ability to discover images that were pulled in a project and a CVE is discovered after the fact.
Requirements