Skip to content

Problem getting vulnerability report in Harbor 2.4 #59

Description

@johanhammar

We recently updated Harbor to 2.4.2 and with that the Backstage Harbor Plugin broke. We're getting Cannot read properties of undefined (reading 'severity')

We investigated a bit and it seems we get a report back with a new vulnKey. The default X-Accept-Vulnerabilites is application/vnd.security.vulnerability.report; version=1.1, application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0. The resulting json contains the key application/vnd.security.vulnerability.report; version=1.1

Specifying only X-Accept-Vulnerabilites: application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0 returns an empty json result

Here's two related issues in Harbor: goharbor/harbor#16085 & goharbor/harbor#16295

I'm not quite convinced yet that our solution, changing vulnKey to application/vnd.security.vulnerability.report; version=1.1, is correct but might be.

What do you think?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions