Topics

About using the _catalog endpoint


Julia Vitória Cardoso
 

I am starting with the Harbor world coming from some experience with docker registry. One of the problems ive faced is integrating our container scan tool from Qualys. 

We are using it from some time so its a requirement for us before changing to Harbor definitively. But for this to work the sensor must use the _catalog to scan all the repositories, but i cant make it work. The result is always that i am not Authorized. Even with admin use for test purpoises it does not work. 

There are no documentation about this that i could find in web, so can anyone share its experience maybe? Thanks


Steven Zou
 

For the scan integration, could you please check if it can be developed with the way defined in the below spec?

 

https://github.com/goharbor/pluggable-scanner-spec

 

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-dev@...> on behalf of "julia.cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-dev@..." <harbor-dev@...>
Date: Wednesday, March 4, 2020 at 04:48
To: "harbor-dev@..." <harbor-dev@...>
Subject: [harbor-dev] About using the _catalog endpoint

 

I am starting with the Harbor world coming from some experience with docker registry. One of the problems ive faced is integrating our container scan tool from Qualys. 

We are using it from some time so its a requirement for us before changing to Harbor definitively. But for this to work the sensor must use the _catalog to scan all the repositories, but i cant make it work. The result is always that i am not Authorized. Even with admin use for test purpoises it does not work. 

There are no documentation about this that i could find in web, so can anyone share its experience maybe? Thanks


Julia Vitória Cardoso
 

Hello, and thanks for answering! 

Yes, it definitively fits the project. i am very interested in this project and following it for some week, and would be great to work with it.

However, one of the qualys scan configurations is the "Registry scan" that keeps control of all the images in the configured registry and scan they automatically with certain frequency. This one ive been trying to configure and works just fine with docker registry, but does no work with Harbor because of the _catalog endpoint that it uses to scan all the images. 

The suggestion of the connector is amazing and i sure vwill work with it. Still, i would like to know if Harbor has the endpoint and how can i use it. Thanks!



Steven Zou
 

Hi,

 

  The _catalog API endpoint is supported but can be only triggered by the system admins.

 

  For the scanning in Harbor, we did not rely on the _catalog API, we use harbor project/repository APIs to get (all) the related artifacts and send them to scanner for scanning.

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-dev@...> on behalf of "julia.cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Reply-To: "harbor-dev@..." <harbor-dev@...>
Date: Thursday, March 5, 2020 at 00:54
To: "harbor-dev@..." <harbor-dev@...>
Subject: Re: [harbor-dev] About using the _catalog endpoint

 

Hello, and thanks for answering! 

Yes, it definitively fits the project. i am very interested in this project and following it for some week, and would be great to work with it.

However, one of the qualys scan configurations is the "Registry scan" that keeps control of all the images in the configured registry and scan they automatically with certain frequency. This one ive been trying to configure and works just fine with docker registry, but does no work with Harbor because of the _catalog endpoint that it uses to scan all the images. 

The suggestion of the connector is amazing and i sure vwill work with it. Still, i would like to know if Harbor has the endpoint and how can i use it. Thanks!