API Call for Vulnerability Report


Steven Ren
 

Hi Brian,

if you have an installed Harbor, in the left bottom of the UI, there is “API Explorer” feature, we can view all the APIs harbor exposed. Thanks

-steven

 

From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Wednesday, May 13, 2020 at 8:55 PM
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] API Call for Vulnerability Report

 

I'm looking forward to checking that out.  Most of my harbor deployments are running in Pivotal Cloud Foundry (or tanzu or whatever its called now) and I'm reliant on the version in pivnet (or Tanzunet?).  I do have a separate "home-brew" bosh deployment I'll load 2.0 to play with.


brianwadesmith@...
 

I'm looking forward to checking that out.  Most of my harbor deployments are running in Pivotal Cloud Foundry (or tanzu or whatever its called now) and I'm reliant on the version in pivnet (or Tanzunet?).  I do have a separate "home-brew" bosh deployment I'll load 2.0 to play with.


Steven Ren
 

Hi Brian,

      In 2.0 UI, we have some stats shown in the UI, could you please take a look whether that matches your query? You are welcome to make your changes in the code to improve Harbor

Best regards,

Steven

 

From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, May 1, 2020 at 11:53 PM
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] API Call for Vulnerability Report

 

If anyone is interested, here is the quick script I put together to get these details

total=0
critical=()
high=()
medium=()
high+=("High risk images\n")
critical+=("Critical risk images\n")
medium+=("Medium risk images\n")
none+=("Images with no risk\n")
unknown+=("UNKNOWN\n")

for x in $(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/top?count=99999" -H "accept: application/json" -H "authorization: Basic <REPLACE>" | jq .[].name);
do
    ((total=$total+1))
    echo "TOTAL::" $total
    x=$(echo $x | cut -d '"' -f 2)
    echo "IMAGE::" $x
    result=$(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/${x}/tags" -H "authorization: Basic <REPLACE>" -H "accept: application/json" | jq '.[] | .scan_overview[]? | .severity')
    echo $result

    if [[ $result == *"Critical"* ]]; then
        critical+="$x\n"
    elif [[ $result == *"High"* ]]; then
        high+="$x\n"
    elif [[ $result == *"Medium"* ]]; then
        medium+="$x\n"
    elif [[ $result == *"None"* ]]; then
        none+="$x\n"
    elif [[ $result == *"Unknown"* ]]; then
        unknown+="$x\n"
    fi
done
echo "TOTAL IMAGES::" $total
printf "$critical"
printf "$high"
printf "$medium"
printf "$none"
printf "$unknown"


brianwadesmith@...
 

If anyone is interested, here is the quick script I put together to get these details

total=0
critical=()
high=()
medium=()
high+=("High risk images\n")
critical+=("Critical risk images\n")
medium+=("Medium risk images\n")
none+=("Images with no risk\n")
unknown+=("UNKNOWN\n")

for x in $(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/top?count=99999" -H "accept: application/json" -H "authorization: Basic <REPLACE>" | jq .[].name);
do
    ((total=$total+1))
    echo "TOTAL::" $total
    x=$(echo $x | cut -d '"' -f 2)
    echo "IMAGE::" $x
    result=$(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/${x}/tags" -H "authorization: Basic <REPLACE>" -H "accept: application/json" | jq '.[] | .scan_overview[]? | .severity')
    echo $result

    if [[ $result == *"Critical"* ]]; then
        critical+="$x\n"
    elif [[ $result == *"High"* ]]; then
        high+="$x\n"
    elif [[ $result == *"Medium"* ]]; then
        medium+="$x\n"
    elif [[ $result == *"None"* ]]; then
        none+="$x\n"
    elif [[ $result == *"Unknown"* ]]; then
        unknown+="$x\n"
    fi
done
echo "TOTAL IMAGES::" $total
printf "$critical"
printf "$high"
printf "$medium"
printf "$none"
printf "$unknown"


Steven Zou
 

For vulnerability summary, you can try the API shown below:

'/repositories/{repo_name}/tags/{tag}':

    get:

      summary: Get the tag of the repository.

      description: |

        This endpoint aims to retrieve the tag of the repository. If deployed with Notary, the signature property of response represents whether the image is singed or not. If the property is null, the image is unsigned.

      parameters:

        - name: repo_name

          in: path

          type: string

          required: true

          description: Relevant repository name.

        - name: tag

          in: path

          type: string

          required: true

          description: Tag of the repository.

      tags:

        - Products

      responses:

        '200':

          description: Get tag successfully.

          schema:

            $ref: '#/definitions/DetailedTag'

        '500':

          description: Unexpected internal errors.

The tag model will include a `scan_overview` if the image has been scanned and it has the vul report (otherwise that field will be empty).

 

For detailed report including the vulnerability item list, you can use the following API:

'/repositories/{repo_name}/tags/{tag}/scan':

get:

      summary: Get the scan report

      description: |

        Retrieve the scan report for the artifact identified by the repo_name and tag.

      tags:

        - Scan

      parameters:

        - name: repo_name

          in: path

          type: string

          required: true

          description: Repository name

        - name: tag

          in: path

          type: string

          required: true

          description: Tag name

        - name: Accept

          in: header

          type: string

          description: |

            Mimetype in header. e.g: "application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"

      responses:

        200:

          description: The report details of the specified artifact identified by the repo_name and tag.

          schema:

            $ref: '#/definitions/Report'

        '401':

          description: Unauthorized request

        '403':

          description: Request is not allowed

        '404':

          description: The target artifact is not found

        '500':

          description: Internal server error happened

 

 

thanks&regards

-- 

Steven Zou(邹佳)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 

 

From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Thursday, April 9, 2020 at 23:28
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] API Call for Vulnerability Report

 

I'm just starting to use the Harbor API and finding it to be very useful.  I would like to create an automated report to detail Vulnerabilities discovered through scanning.  I see Model references to NativeReportSummary, VulnerabilitySummary, VulnerabilityItem, etc.  I cannot figure out how to call this data via the API.  I'm sure I'm missing something simple.  Could anyone help me out?


brianwadesmith@...
 

I'm just starting to use the Harbor API and finding it to be very useful.  I would like to create an automated report to detail Vulnerabilities discovered through scanning.  I see Model references to NativeReportSummary, VulnerabilitySummary, VulnerabilityItem, etc.  I cannot figure out how to call this data via the API.  I'm sure I'm missing something simple.  Could anyone help me out?