Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: Pluggable Image Vulnerability Scanning #98

Merged
merged 18 commits into from
Oct 18, 2019
Merged

Proposal: Pluggable Image Vulnerability Scanning #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
89dbe38
Proposal: Pluggable Image Vulnerability Scanning
danielpacak Jul 31, 2019
04958c6
Proposal: Update deployment and sequence diagrams for the proposed ad…
danielpacak Aug 12, 2019
b67d8d1
Proposal: Make Scanner Adapter API spec consistent with the main .md …
danielpacak Aug 12, 2019
d298c33
Proposal: Add vulnerability database info to the scanner metadata
danielpacak Aug 13, 2019
6db07f2
Clarification on scope (#1)
zhill Aug 15, 2019
88673ea
Proposal: Remove components overview in HarborVulnerabilityReport
danielpacak Aug 19, 2019
177d0ec
Proposal: Simple PolicyCheckConfigurer to allow bypassing scan or sev…
danielpacak Aug 19, 2019
cb5742b
Proposal: Describe generic capability properties
danielpacak Aug 19, 2019
f46744b
Proposal: Describe Harbor - Clair network communication
danielpacak Aug 22, 2019
733b0bd
Proposal: Describe how Clair is using Bearer Token
danielpacak Aug 22, 2019
788c7ae
Some slight renaming of fields in the scanner adapter metadata respon…
zhill Sep 7, 2019
1f452a8
Update Scanner Adapter API spec and sample API usage to indicate that…
danielpacak Sep 7, 2019
a0baa5c
Proposal: Describe bypassing policy check proxy with JWT access token
danielpacak Sep 16, 2019
ab02f2d
Proposal: Remove redundant Artifact struct
danielpacak Sep 16, 2019
54bc653
Proposal: Describe Scan Request ID semantics and drop constraing on U…
danielpacak Sep 20, 2019
40ac6cd
Proposal: Update Scan Job identifier semantics
danielpacak Sep 23, 2019
61475b6
proposal: Update excample and description of Authorization property i…
danielpacak Oct 16, 2019
f95301a
Merge branch 'master' into pluggable_image_vulnerability_scanning
steven-zou Oct 18, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
209 changes: 209 additions & 0 deletions ...assets/pluggable-image-vulnerability-scanning/harbor-api-delta-scanner-registry-mgmt.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
swagger: '2.0'
info:
title: Harbor API (DELTA)
version: "1.10"
description: |
Paths added to Harbor API in order to support Scanner Registry management.
host: localhost
paths:
/scanner/registrations:
get:
summary: List scanner registrations
description: |
Returns a list of currently configured scanner registrations.
tags:
- Scanners
responses:
'200':
description: A list of scanner registrations.
schema:
type: array
items:
$ref: '#/definitions/ScannerRegistration'
post:
summary: Create a scanner registration
description: |
Creats a new scanner registration with the given data.
tags:
- Scanners
parameters:
- name: registration
in: body
description: A scanner registration to be created.
required: true
schema:
$ref: '#/definitions/ScannerRegistrationReq'
responses:
'201':
description: Created successfully
/scanner/registrations/ping:
post:
summary: Tests scanner registration settings
description: |
Pings Scanner Adapter to test EndpointURL and Authorization settings.
tags:
- Scanners
parameters:
- name: settings
in: body
description: A scanner registration settings to be tested.
required: true
schema:
$ref: '#/definitions/ScannerRegistrationSettings'
responses:
'200':
description: Test succeeded
/scanner/registrations/{registration_id}:
get:
summary: Get a scanner registration details
description: |
Retruns the details of the specified scanner registration.
tags:
- Scanners
parameters:
- name: registration_id
in: path
description: The scanner registration identifer.
required: true
type: integer
format: int64
responses:
'200':
description: The details of the scanner registration.
schema:
$ref: '#/definitions/ScannerRegistration'
put:
summary: Update a scanner registration
description: |
Updates the specified scanner registration.
tags:
- Scanners
parameters:
- name: registration_id
in: path
description: The scanner registration identifier.
required: true
type: integer
format: int64
- name: registration
in: body
required: true
description: A scanner registraiton to be updated.
schema:
$ref: '#/definitions/ScannerRegistrationReq'
responses:
'200':
description: Updated successfully
delete:
summary: Delete a scanner registration
description: |
Deletes the specified scanner registration.
tags:
- Scanners
parameters:
- name: registration_id
in: path
description: The scanner registration identifier.
required: true
type: integer
format: int64
responses:
'201':
description: Deleted successfully
/scanner/registrations/{registration_id}/default:
put:
summary: Update a scanner registration to change it to the default one
description: |
Marks the specified scanner registration as default.
tags:
- Scanners
parameters:
- name: registration_id
in: path
required: true
description: The scanner registration identifier.
type: integer
format: int64
- name: payload
in: body
required: true
schema:
$ref: '#/definitions/IsDefault'
responses:
'201':
description: OK

definitions:
ScannerRegistration:
type: object
description: |
Registration represents a named configuration for invoking a scanner via its adapter.
properties:
id:
type: integer
format: int64
description: The unique identifier of this registration.
name:
type: string
example: MicroScanner
description: The name of this registration.
description:
type: string
description: An optional description of this registration.
example: |
A free-to-use tool that scans container images for package vulnerabilities.
endpoint_url:
type: string
format: url
description: A base URL of the Scanner Adapter
example: http://harbor-scanner-microscanner:8080
authorization:
type: string
description: |
An optional value of the HTTP Authorization header sent with each request to the Scanner Adapter API.
example: "Bearer: JWTTOKENGOESHERE"
is_default:
type: boolean
default: false
description: A flag indicating whether this registration is the default one.
ScannerRegistrationReq:
type: object
properties:
name:
type: string
description: The name of this registration
example: MicroScanner
description:
type: string
description: An optional description of this registration.
example: |
A free-to-use tool that scans container images for package vulnerabilities.
endpoint_url:
type: string
format: url
description: A base URL of the Scanner Adapter.
example: http://harbor-scanner-microscanner:8080
authorization:
type: string
description: |
An optional value of the HTTP Authorization header sent with each request to the Scanner Adapter API.
example: "Bearer: JWTTOKENGOESHERE"
ScannerRegistrationSettings:
type: object
properties:
endpoint_url:
type: string
format: url
description: A base URL of the Scanner Adapter.
example: http://harbor-scanner-microscanner:8080
authorization:
type: string
description: |
An optional value of the HTTP Authorization header sent with each request to the Scanner Adapter API.
example: "Bearer: JWTTOKENGOESHERE"
IsDefault:
type: object
properties:
is_default:
type: boolean
description: A flag indicating whether a scanner registration is default.
Loading