-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] Provide a UI to visualize container vulnerabilities #10496
Comments
I think maybe one view in each project is more reasonable. We will think about this. But this be easily retrievable via API as a workaround for now, let me know if you need help with that. |
This new feature sounds good for me too. A consolidated report and a critical CVE list of Images found will be nice to rectify or expunge the Image. |
A consolidated report with filter is crucial for operations. A all-in-one on-line downloadable report to show all the vulnerabilities, white listing(scope, expiration) alone with artifact is very helpful. |
+1 from here |
@xaleeks I am interested to know which API to use in your solution? Thanks |
Any update on this? It feels like the whole scanning mechanism is useless without this feature. Indeed, it's not possible to check all images that are pushed by our developers. So we have 0 observability about vulnerabilities of our images. |
Any updates on this? I really need this, a workaround via api doesn't really work for us. |
Any updates on this. |
Figured out how to at least retrieve one repsitory's vulnerabilities from the API. I assume one would need to loop over all the repos of all the projects, and also apply sorting to find only the latest vulnerability scan of a given repo. To get a list of vulnerability scan result paths for a given repo, curl -Ss --header "authorization: Basic $AUTH" -X GET "$HARBOR_SERVER/api/v2.0/projects/$PROJECT_NAME/repositories/$REPO_NAME/artifacts" | jq -r '.[].addition_links.vulnerabilities.href'
To just arbitrarily accept the first result from the list, ARTIFACT_PATH=$(curl -Ss --header "authorization: Basic $AUTH" -X GET "${HARBOR_SERVER}/api/v2.0/projects/${PROJECT_NAME}/repositories/${REPO_NAME}/artifacts" | jq -r '.[0].addition_links.vulnerabilities.href') To retrieve one scan of one repo of one project, SCAN_RESULTS=$(curl -Ss --header "authorization: Basic $AUTH" -X GET "${HARBOR_SERVER}${ARTIFACT_PATH}") |
We would love to integrate the scanning results in an external security overviews. Therefore I would need a link to display this information. As far as I could see from the rendered HTML there is no such possibility because the tooltip is rendered statically in the Harbor UI. |
We would like to make some improvements to the scan report view and @AllForNothing will gather requirements and investigate this part. |
@wy65701436, would there be a possibility to export the vulnerabilities as an SBOM to DependencyTrack? |
Fixed by #18942, closing it. |
When trying to identify which containers within our registry contain vulnerabilities, it is frustrating to have to check every individual tag, within every individual registry, within every individual project. It's entirely infeasible to check every single container vulnerability report using the current UI framework for doing so.
Ideally, we would like to see a UI which would show the status of all container scans, scoped according to a user's permissions to view specific projects. This UI would allow users concerned with maintaining container security to get a high level view of the actual contents of these scans across all the projects they have access to. This data lends itself well to helping users determine which CVEs are worth allocating time to resolving due to their widespread occurrence across all their stored container images
The text was updated successfully, but these errors were encountered: