From 068ae006fe9ff2ea0f15b3eb395f868fb2d739ec Mon Sep 17 00:00:00 2001
From: MinerYang <yminer@vmware.com>
Date: Fri, 10 May 2024 17:17:47 +0800
Subject: [PATCH 1/2] Update scan job request log for enabled_capabilities
 (#20414)

update scan job request log

Signed-off-by: yminer <yminer@vmware.com>
---
 src/pkg/scan/job.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/pkg/scan/job.go b/src/pkg/scan/job.go
index 171e0c307429..c386628724c7 100644
--- a/src/pkg/scan/job.go
+++ b/src/pkg/scan/job.go
@@ -419,6 +419,7 @@ func removeScanAuthInfo(sr *v1.ScanRequest) string {
 			URL:           sr.Registry.URL,
 			Authorization: "[HIDDEN]",
 		},
+		RequestType: sr.RequestType,
 	}
 
 	str, err := req.ToJSON()

From 65e266fecf7001f32018e2ef9878d620520e4ba4 Mon Sep 17 00:00:00 2001
From: Wang Yan <wangyan@vmware.com>
Date: Mon, 13 May 2024 14:44:51 +0800
Subject: [PATCH 2/2] fix issue 20407 (#20416)

fixes #20407
It needs to specify the insecure option on parsing the reference

Signed-off-by: wang yan <wangyan@vmware.com>
---
 src/pkg/scan/rest/v1/models.go |  2 ++
 src/pkg/scan/sbom/sbom.go      | 13 +++++++------
 src/pkg/scan/sbom/sbom_test.go |  4 ++--
 src/pkg/scan/util.go           |  3 +++
 4 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/pkg/scan/rest/v1/models.go b/src/pkg/scan/rest/v1/models.go
index 9c25c16ea76e..06e6fb0a1c77 100644
--- a/src/pkg/scan/rest/v1/models.go
+++ b/src/pkg/scan/rest/v1/models.go
@@ -206,6 +206,8 @@ type Registry struct {
 	// An optional value of the HTTP Authorization header sent with each request to the Docker Registry for getting or exchanging token.
 	// For example, `Basic: Base64(username:password)`.
 	Authorization string `json:"authorization"`
+	// Insecure is an indicator of https or http.
+	Insecure bool `json:"insecure"`
 }
 
 // ScanRequest represents a structure that is sent to a Scanner Adapter to initiate artifact scanning.
diff --git a/src/pkg/scan/sbom/sbom.go b/src/pkg/scan/sbom/sbom.go
index f8e6d2e43e8a..9a819d1236ff 100644
--- a/src/pkg/scan/sbom/sbom.go
+++ b/src/pkg/scan/sbom/sbom.go
@@ -43,13 +43,13 @@ const (
 )
 
 func init() {
-	scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registryFQDN})
+	scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registry})
 }
 
 // ScanHandler defines the Handler to generate sbom
 type scanHandler struct {
 	GenAccessoryFunc func(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error)
-	RegistryServer   func(ctx context.Context) string
+	RegistryServer   func(ctx context.Context) (string, bool)
 }
 
 // RequestProducesMineTypes defines the mine types produced by the scan handler
@@ -96,7 +96,7 @@ func (v *scanHandler) PostScan(ctx job.Context, sr *v1.ScanRequest, _ *scanModel
 		Artifact: sr.Artifact,
 	}
 	// the registry server url is core by default, need to replace it with real registry server url
-	scanReq.Registry.URL = v.RegistryServer(ctx.SystemContext())
+	scanReq.Registry.URL, scanReq.Registry.Insecure = v.RegistryServer(ctx.SystemContext())
 	if len(scanReq.Registry.URL) == 0 {
 		return "", fmt.Errorf("empty registry server")
 	}
@@ -139,15 +139,16 @@ func (v *scanHandler) generateReport(startTime time.Time, repository, digest, st
 }
 
 // extract server name from config, and remove the protocol prefix
-func registryFQDN(ctx context.Context) string {
+func registry(ctx context.Context) (string, bool) {
 	cfgMgr, ok := config.FromContext(ctx)
 	if ok {
 		extURL := cfgMgr.Get(context.Background(), common.ExtEndpoint).GetString()
+		insecure := strings.HasPrefix(extURL, "http://")
 		server := strings.TrimPrefix(extURL, "https://")
 		server = strings.TrimPrefix(server, "http://")
-		return server
+		return server, insecure
 	}
-	return ""
+	return "", false
 }
 
 // retrieveSBOMContent retrieves the "sbom" field from the raw report
diff --git a/src/pkg/scan/sbom/sbom_test.go b/src/pkg/scan/sbom/sbom_test.go
index cf56b3bbb689..c1e0cd9721c5 100644
--- a/src/pkg/scan/sbom/sbom_test.go
+++ b/src/pkg/scan/sbom/sbom_test.go
@@ -89,8 +89,8 @@ func Test_scanHandler_RequestProducesMineTypes(t *testing.T) {
 	}
 }
 
-func mockGetRegistry(ctx context.Context) string {
-	return "myharbor.example.com"
+func mockGetRegistry(ctx context.Context) (string, bool) {
+	return "myharbor.example.com", false
 }
 
 func mockGenAccessory(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error) {
diff --git a/src/pkg/scan/util.go b/src/pkg/scan/util.go
index efec3eb61360..e66e657f403e 100644
--- a/src/pkg/scan/util.go
+++ b/src/pkg/scan/util.go
@@ -86,6 +86,9 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str
 		return "", err
 	}
 	accRef, err := name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()))
+	if sq.Registry.Insecure {
+		accRef, err = name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()), name.Insecure)
+	}
 	if err != nil {
 		return "", err
 	}