Ramkumar Chinchani
09c633ad91
build: fix docker build
...
Update Dockerfile and Makefile to build a zot docker image
2020-11-19 11:41:21 -08:00
Ramkumar Chinchani
b80b7d2361
Merge pull request #148 from IonutCraciun/fixConfigNameCli
...
Raise error when adding a new zot config with an existed saved name
2020-11-04 10:53:09 -08:00
Ionut Costin Craciun
dad884ddeb
Raise error when adding a new zot config with an existed saved name
2020-11-04 10:25:34 +02:00
Ramkumar Chinchani
429a689ace
Merge pull request #149 from rchincha/doc
...
README: update conformance results url
2020-11-03 09:10:12 -08:00
Ramkumar Chinchani
9649c828b2
README: update conformance results url
2020-11-02 09:45:47 -08:00
Ramkumar Chinchani
f2d4b57638
Merge pull request #145 from shimish2/embededbinary
...
customizable binaries
2020-10-28 09:11:03 -07:00
Shivam Mishra
b0ed625a2e
build: increase wait timeout for travis bazel build process
2020-10-27 19:30:06 -07:00
Shivam Mishra
46beb30fc1
build: add build tags to create customizable binaries
2020-10-22 17:20:07 -07:00
Ramkumar Chinchani
17dce7e63b
Merge pull request #146 from shimish2/rchincha-origin-locks
...
routes: refactor locks to handle large file uploads
2020-10-19 10:21:38 -07:00
Shivam Mishra
7439feb1c2
build: set timeout in travis make build process to avoid timeout failure
2020-10-18 20:55:17 -07:00
Shivam Mishra
14214a5794
test: add unit test to verify lock changes
2020-10-16 14:58:45 -07:00
Ramkumar Chinchani
386c72d332
routes: refactor locks to handle large file uploads
...
The storage layer is protected with read-write locks.
However, we may be holding the locks over unnecessarily large critical
sections.
The typical workflow is that a blob is first uploaded via a per-client
private session-id meaning the blob is not publicly visible yet. When
the blob being uploaded is very large, the transfer takes a long time
while holding the lock.
Private session-id based uploads don't really need locks, and hold locks
only when blobs are published after the upload is complete.
2020-10-16 13:33:11 -07:00
Shivam Mishra
25ad71787a
test: minimize trivy db download tests to avoid api rate limit
2020-10-15 14:32:37 -07:00
Ramkumar Chinchani
0dcff98c1f
Merge pull request #143 from shimish2/testchanges
...
test: add wait for trivy db download in test case
2020-10-08 13:38:51 -07:00
Shivam Mishra
8075eadc1a
test: add wait for trivy db download in test case
2020-10-02 16:47:54 -07:00
Ramkumar Chinchani
ea0ef61a65
Merge pull request #140 from rchincha/readme
...
README: bring doc up-to-date
2020-09-24 11:43:33 -07:00
Ramkumar Chinchani
f91cc72aa9
Merge branch 'master' into readme
2020-09-24 10:28:53 -07:00
Ramkumar Chinchani
0d823092f8
README: bring doc up-to-date
...
Highlight distinguishing features.
Update ecosystem tools section.
2020-09-24 10:19:10 -07:00
Ramkumar Chinchani
6cf54c3212
Merge pull request #134 from shimish2/Issue-130
...
search/cve: exclude unsupported images from fixed-tag list.
2020-09-24 10:05:30 -07:00
Shivam Mishra
971404f6ee
search/cve: fix log messages
2020-09-23 12:47:50 -07:00
Shivam Mishra
d63f715fe5
search/cve: exclude unsupported images from fixed-tag list.
...
If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list.
Fixes issue #130
2020-09-22 09:24:04 -07:00
Ramkumar Chinchani
31687991d4
Merge pull request #135 from shimish2/Issue-132
...
Fixes issue #132
2020-09-10 10:49:41 -07:00
Shivam Mishra
cd0206fe6c
Fixes issue #132 , if image does not have any fixed tags, empty list with no error should be returned
2020-09-08 16:41:06 -07:00
Ramkumar Chinchani
aa6683854f
Merge pull request #133 from tsnaik/cve-sort
...
cli: group CVEs by severity
2020-09-08 09:29:17 -07:00
Tanmay Naik
f5867ce0b6
cli: group CVEs by severity
2020-09-04 13:56:47 -04:00
Ramkumar Chinchani
ebfc5958dd
Merge pull request #123 from tsnaik/cve
...
cli: add commands for fetching CVE
2020-08-21 10:02:49 -07:00
Tanmay Naik
c590b86d14
cli: add commands for CVE
...
Uses GraphQL API of zot to fetch CVE info
- Get all images affected by a CVE (input: CVEID)
- Get all CVEs of a layer (input: image:tag)
- Get all layers of an image which have resolved a CVE (input: image,
CVEID)
- Get all layers of an image affected by a CVE (input: image, CVEID)
2020-08-21 12:42:01 -04:00
Ramkumar Chinchani
abc22dcdcd
Merge pull request #128 from shimish2/fixbuild
...
Enable wait option during travis ci build
2020-08-19 19:37:43 -07:00
Shivam Mishra
a8e5a01972
Enable wait option during travis ci build because bazel build takes time and does not print any message on console due to which build exits
2020-08-19 17:46:54 -07:00
Ramkumar Chinchani
2e7b7aec4f
Merge pull request #124 from shimish2/FixedTags
...
Add support to scan images for CVEs
2020-08-19 14:27:15 -07:00
Shivam Mishra
5f230bd8ff
Added unit test cases
2020-08-19 00:19:35 -07:00
Shivam Mishra
ed254159a0
Added support for searching fixed tag given cve and an image
2020-08-18 23:53:04 -07:00
Shivam Mishra
72ae02ca4b
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning
2020-08-18 23:05:52 -07:00
Shivam Mishra
2cf2c16137
Added graphql api feature for image vulnerability scanning
2020-08-18 22:44:34 -07:00
Shivam Mishra
baa5d247ec
Enable trivy db download and update
2020-08-18 21:46:17 -07:00
Shivam Mishra
e537f27f00
Added search extension and integrated trivy to support image vulnerability scanning
2020-08-18 21:03:48 -07:00
Ramkumar Chinchani
a06ad7e701
Merge pull request #127 from shimish2/dedupe-fix
...
Dedupe fix
2020-08-17 16:33:25 -07:00
Shivam Mishra
3a30290e08
Using "destRecord" as a path in DeleteBlob function instead of "dst".
...
dstRecord :- blob path stored in cache.
dst :- blob path that is trying to be uploaded.
Currently, if the actual blob on disk may have been removed by GC/delete, during syncing the cache dst is being passed to DeleteBlob function and retry section is being continuously called because DeleteBlob function never deletes dst path (doesn't exist in db), dstRecord should be passed into DeleteBlob function because dstRecord is actual blob path stored in db.
If dst and dstRecord path value is same then this issue will not be produced and DeleteBlob method will delete the blob info from cache but if both are different then DeleteBlob method will try to delete dst path which is not in cache.
Note:- boltdb delete method return nil even when value doesn't exist (https://godoc.org/github.com/boltdb/bolt#Bucket.Delete )
2020-08-12 10:06:20 -07:00
Ramkumar Chinchani
703eb182fe
Merge pull request #126 from rchincha/skopeo
...
ci/cd: install skopeo
2020-08-10 21:49:33 -07:00
Ramkumar Chinchani
5c14da5dc5
ci/cd: install skopeo
...
zot trivy extensions test code needs an oci layout as test data.
Install skopeo to help with that.
2020-08-10 10:10:53 -07:00
Ramkumar Chinchani
b2ef9ab124
Merge pull request #118 from tsnaik/cli-tls-verify
...
cli: add option to ignore TLS verification
2020-07-17 15:53:09 -07:00
Tanmay Naik
6285a730a1
cli: add option to ignore TLS verification
...
adds a property in config : "verify-tls"
2020-07-17 17:48:42 -04:00
Serge Hallyn
e0cdc6b6a4
Merge pull request #116 from rchincha/s3
...
stacker: fix stacker build
2020-07-15 12:00:58 -05:00
Ramkumar Chinchani
f9b2092bd9
stacker: fix stacker build
2020-07-14 20:14:21 -07:00
Ramkumar Chinchani
728eb7f6fc
Merge pull request #113 from rchincha/s2
...
stacker: fix stacker build
2020-07-14 20:08:18 -07:00
Ramkumar Chinchani
adc6859cd6
stacker: fix stacker build
2020-07-14 13:31:57 -07:00
Ramkumar Chinchani
2ac675e682
Merge pull request #115 from tsnaik/cli-fix
...
cli: move client-only code out of the server flow
2020-07-14 11:17:12 -07:00
Tanmay Naik
bb9fbd2ef9
cli: move client-only code out of the server flow
...
earlier, some of the client exclusive code was being run on zot server
instance too.
cli: fix the bug: spinner is not stopped with -o
2020-07-14 13:35:56 -04:00
Ramkumar Chinchani
e639b4814e
Merge pull request #114 from rchincha/ro
...
auth: support a read-only mode
2020-07-13 10:09:03 -07:00
Ramkumar Chinchani
78be4cbe3c
auth: support a read-only mode
...
This is useful if we want to roll out experimental versions of zot
pointing to some storage shared with another zot instance.
Also, when under storage full conditions, will be useful to turn on this
flag to prevent further writes.
2020-07-10 21:48:35 -07:00