Re: API Call for Vulnerability Report


Steven Zou
 

For vulnerability summary, you can try the API shown below:

'/repositories/{repo_name}/tags/{tag}':

    get:

      summary: Get the tag of the repository.

      description: |

        This endpoint aims to retrieve the tag of the repository. If deployed with Notary, the signature property of response represents whether the image is singed or not. If the property is null, the image is unsigned.

      parameters:

        - name: repo_name

          in: path

          type: string

          required: true

          description: Relevant repository name.

        - name: tag

          in: path

          type: string

          required: true

          description: Tag of the repository.

      tags:

        - Products

      responses:

        '200':

          description: Get tag successfully.

          schema:

            $ref: '#/definitions/DetailedTag'

        '500':

          description: Unexpected internal errors.

The tag model will include a `scan_overview` if the image has been scanned and it has the vul report (otherwise that field will be empty).

 

For detailed report including the vulnerability item list, you can use the following API:

'/repositories/{repo_name}/tags/{tag}/scan':

get:

      summary: Get the scan report

      description: |

        Retrieve the scan report for the artifact identified by the repo_name and tag.

      tags:

        - Scan

      parameters:

        - name: repo_name

          in: path

          type: string

          required: true

          description: Repository name

        - name: tag

          in: path

          type: string

          required: true

          description: Tag name

        - name: Accept

          in: header

          type: string

          description: |

            Mimetype in header. e.g: "application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"

      responses:

        200:

          description: The report details of the specified artifact identified by the repo_name and tag.

          schema:

            $ref: '#/definitions/Report'

        '401':

          description: Unauthorized request

        '403':

          description: Request is not allowed

        '404':

          description: The target artifact is not found

        '500':

          description: Internal server error happened

 

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Thursday, April 9, 2020 at 23:28
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] API Call for Vulnerability Report

 

I'm just starting to use the Harbor API and finding it to be very useful.  I would like to create an automated report to detail Vulnerabilities discovered through scanning.  I see Model references to NativeReportSummary, VulnerabilitySummary, VulnerabilityItem, etc.  I cannot figure out how to call this data via the API.  I'm sure I'm missing something simple.  Could anyone help me out?

Join harbor-users@lists.cncf.io to automatically receive all group messages.