Pluggable Scanner API schema changes to support enhanced reporting schema #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
steven-zou
reviewed
Oct 12, 2020
danielpacak
reviewed
Oct 19, 2020
There was a problem hiding this comment.
Hey @prahaladdarkin ! Good job. I left a few comments from my side.
|
Can you fix the DCO issue? Check https://github.com/goharbor/pluggable-scanner-spec/pull/4/checks?check_run_id=1314353432 |
prahaladdarkin
commented
Oct 28, 2020
prahaladdarkin
commented
Nov 3, 2020
danielpacak
suggested changes
Nov 4, 2020
There was a problem hiding this comment.
Hey @prahaladdarkin I just left a few suggestions to keep the spec consistent
Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com> Adding signature to commit
Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com>
prahaladdarkin
force-pushed
the
pd_cvrs_api
branch
from
37dc3c7
to
a9a2280
Compare
Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com> Signing unsigned commits
Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com>
…or CWE_ID. Also renamed CVSS attribute names Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com>
prahaladdarkin
force-pushed
the
pd_cvrs_api
branch
from
a9a2280
to
8f4fcb2
Compare
Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com>
danielpacak
suggested changes
Nov 30, 2020
….vuln.report.harbor+json; version=1.` instead of removing it Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com>
prahaladdarkin
commented
Dec 6, 2020
danielpacak
previously approved these changes
Dec 11, 2020
heww
reviewed
Dec 21, 2020
Accepting suggestion related to deprecation of Mime Types for Harbor vulnerability report Co-authored-by: Daniel Pacak <pacak.daniel@gmail.com> Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com>
Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com>
Signed-off-by: Prahalad Deshpande <prahaladd@vmware.com>
prahaladdarkin
force-pushed
the
pd_cvrs_api
branch
from
472c11a
to
efbb376
Compare
danielpacak
approved these changes
Jan 4, 2021
heww
approved these changes
Jan 7, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
An enhanced common vulnerability reporting schema for container images in a registry has been proposed as per pull request here
The new schema proposes to add the following new fields to the vulnerability data information
Scanner implementations can opt to send information corresponding to the above attributes for vulnerability items depending on whether they support collecting/deriving data for these attributes.
The pluggable scanner schema is also hence required to be modified in order to support sending these optional fields. The following changes are proposed in this Pull Request
application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.1for the enhanced version of theVulnerabilityItemschema1.1api/1_1VulnerabilityItemschema is now updated to expose these additional attributes