[Scanner] Vul policy check still work on trivvy #9780

wy65701436 · 2019-11-07T08:05:54Z

enable vul policy check with Critical
set trivvy to default
scan a image

steven-zou · 2019-11-07T11:05:20Z

Maybe a bug from aquasecurity/harbor-scanner-trivy#50

steven-zou · 2019-11-08T04:57:22Z

We'll do change at harbor side.

This commit is to fix goharbor#9780. To align with OCI spec, when a docker pull request without bearer token in header comes in, Harbor should not intecepte it(return a 412 if check fail) when the policy check is enabled. As the 401 is expected by the docker/caller, and then to ask token service which url is in the 401 header. Signed-off-by: wang yan <wangyan@vmware.com>

wy65701436 added the target/1.10.0 label Nov 7, 2019

wy65701436 assigned wy65701436 and heww Nov 7, 2019

wy65701436 changed the title ~~[Scanner] Vul policy check still work on trivvy scan image~~ [Scanner] Vul policy check still work on trivvy Nov 7, 2019

wy65701436 added the priority/high label Nov 7, 2019

steven-zou added the area/interrogation-service label Nov 7, 2019

steven-zou added the area/API label Nov 8, 2019

wy65701436 mentioned this issue Nov 8, 2019

Disable policy check when pull without bearer token #9802

Merged

wy65701436 closed this as completed in #9802 Nov 8, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Scanner] Vul policy check still work on trivvy #9780

[Scanner] Vul policy check still work on trivvy #9780

wy65701436 commented Nov 7, 2019

steven-zou commented Nov 7, 2019

steven-zou commented Nov 8, 2019

[Scanner] Vul policy check still work on trivvy #9780

[Scanner] Vul policy check still work on trivvy #9780

Comments

wy65701436 commented Nov 7, 2019

steven-zou commented Nov 7, 2019

steven-zou commented Nov 8, 2019