Open michmike opened 5 years ago
Want to think about this and discuss? actually I will ping you with some ideas @danielpacak
Want to think about this and discuss? actually I will ping you with some ideas @danielpacak
Sure @xaleeks . Cool feature. Would love to discuss the details!
Any release timeline for 2.0
Any release timeline for 2.0
@ritheshgm this feature will not be in Harbor 2.0. However, Harbor 2.0 is slated to ship towards the end of April 2020. thanks.
@wy65701436 @steven-zou @ywk253100
Can we think about this now? we really only need to keep the most recent scan result in DB (at any given time). Can we leverage the DB we built for OCI support for this? or keep it as an attribute on the 'artifact' struct, since image digest is essentially a unique identifier / PK for the artifact, and so just add CVEs for any digest to that struct. or a list of arrays [][], ordered by scanner vendors
Related to #11622
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
I am definitely interested in that feature as well! It would be great
today, Harbor does a great job in ensuring that images are scanned prior to allowing a developer to pull an image. In addition, policy can prevent images to be pulled if they are vulnerable.
This issue is about the ability to discover images that were pulled in a project and a CVE is discovered after the fact.
Requirements