API Call for Vulnerability Report
For vulnerability summary, you can try the API shown below:
|
The tag model will include a `scan_overview` if the image has been scanned and it has the vul report (otherwise that field will be empty).
For detailed report including the vulnerability item list, you can use the following API:
|
'/repositories/{repo_name}/tags/{tag}/scan':
|
thanks®ards
--
Steven Zou(邹佳)
Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer
Mail: szou@...
GitHub: github.com/steven-zou
Cell: +8618600021252
Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China
From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Thursday, April 9, 2020 at 23:28
To: "harbor-users@..." <harbor-users@...>
Subject: [harbor-users] API Call for Vulnerability Report
I'm just starting to use the Harbor API and finding it to be very useful. I would like to create an automated report to detail Vulnerabilities discovered through scanning. I see Model references to NativeReportSummary, VulnerabilitySummary, VulnerabilityItem, etc. I cannot figure out how to call this data via the API. I'm sure I'm missing something simple. Could anyone help me out?
If anyone is interested, here is the quick script I put together to get these details
total=0
critical=()
high=()
medium=()
high+=("High risk images\n")
critical+=("Critical risk images\n")
medium+=("Medium risk images\n")
none+=("Images with no risk\n")
unknown+=("UNKNOWN\n")
for x in $(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/top?count=99999" -H "accept: application/json" -H "authorization: Basic <REPLACE>" | jq .[].name);
do
((total=$total+1))
echo "TOTAL::" $total
x=$(echo $x | cut -d '"' -f 2)
echo "IMAGE::" $x
result=$(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/${x}/tags" -H "authorization: Basic <REPLACE>" -H "accept: application/json" | jq '.[] | .scan_overview[]? | .severity')
echo $result
if [[ $result == *"Critical"* ]]; then
critical+="$x\n"
elif [[ $result == *"High"* ]]; then
high+="$x\n"
elif [[ $result == *"Medium"* ]]; then
medium+="$x\n"
elif [[ $result == *"None"* ]]; then
none+="$x\n"
elif [[ $result == *"Unknown"* ]]; then
unknown+="$x\n"
fi
done
echo "TOTAL IMAGES::" $total
printf "$critical"
printf "$high"
printf "$medium"
printf "$none"
printf "$unknown"
Hi Brian,
In 2.0 UI, we have some stats shown in the UI, could you please take a look whether that matches your query? You are welcome to make your changes in the code to improve Harbor ☺
Best regards,
Steven
From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, May 1, 2020 at 11:53 PM
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] API Call for Vulnerability Report
If anyone is interested, here is the quick script I put together to get these details
total=0
critical=()
high=()
medium=()
high+=("High risk images\n")
critical+=("Critical risk images\n")
medium+=("Medium risk images\n")
none+=("Images with no risk\n")
unknown+=("UNKNOWN\n")
for x in $(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/top?count=99999" -H "accept: application/json" -H "authorization: Basic <REPLACE>" | jq .[].name);
do
((total=$total+1))
echo "TOTAL::" $total
x=$(echo $x | cut -d '"' -f 2)
echo "IMAGE::" $x
result=$(curl -k -s -X GET "https://harbor.xyz.net/api/repositories/${x}/tags" -H "authorization: Basic <REPLACE>" -H "accept: application/json" | jq '.[] | .scan_overview[]? | .severity')
echo $result
if [[ $result == *"Critical"* ]]; then
critical+="$x\n"
elif [[ $result == *"High"* ]]; then
high+="$x\n"
elif [[ $result == *"Medium"* ]]; then
medium+="$x\n"
elif [[ $result == *"None"* ]]; then
none+="$x\n"
elif [[ $result == *"Unknown"* ]]; then
unknown+="$x\n"
fi
done
echo "TOTAL IMAGES::" $total
printf "$critical"
printf "$high"
printf "$medium"
printf "$none"
printf "$unknown"
Hi Brian,
if you have an installed Harbor, in the left bottom of the UI, there is “API Explorer” feature, we can view all the APIs harbor exposed. Thanks
-steven
From: <harbor-users@...> on behalf of "brianwadesmith via lists.cncf.io" <brianwadesmith=gmail.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Wednesday, May 13, 2020 at 8:55 PM
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] API Call for Vulnerability Report
I'm looking forward to checking that out. Most of my harbor deployments are running in Pivotal Cloud Foundry (or tanzu or whatever its called now) and I'm reliant on the version in pivnet (or Tanzunet?). I do have a separate "home-brew" bosh deployment I'll load 2.0 to play with.