Giters

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.

Home Page:https://goharbor.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

sbom_overview still get sbom_digest when this sbom artifact do not exist in this repository

MinerYang opened this issue · comments

commented

If you are reporting a problem, please make sure the following information are provided:

Expected behavior and actual behavior:
sbom_overview should return null when this sbom_digest do not exist in this project/repository

Steps to reproduce the problem:

  • Step1 push image golang:1.22.3 to repo library/golang
  • Step2 push same image to another repo test/golang, then manually generate SBOM
  • Step3 query db
registry=# select id , project_id, repository_name, digest, type from artifact where repository_name='test/golang';
 id | project_id | repository_name |                                 digest                                  | type
----+------------+-----------------+-------------------------------------------------------------------------+-------
  5 |          2 | test/golang     | sha256:aafa9c9a2b8a759dad5372dce120441462eb110cf5a1b1c9862769f453be7bcd | IMAGE
  6 |          2 | test/golang     | sha256:ecc2d24dba2835db0cb39de61d2e9b0a6b968a1052d0651408203d9eb7e2da2d | SBOM
(2 rows)

registry=#
registry=# select id , project_id, repository_name, digest, type from artifact where repository_name='library/golang';
 id | project_id | repository_name |                                 digest                                  | type
----+------------+-----------------+-------------------------------------------------------------------------+-------
  1 |          1 | library/golang  | sha256:aafa9c9a2b8a759dad5372dce120441462eb110cf5a1b1c9862769f453be7bcd | IMAGE
(1 row)
  • Step 4 click into artifact library/golang repository, will get sbom_overview with sbom_digest sha256:ecc2d24dba2835db0cb39de61d2e9b0a6b968a1052d0651408203d9eb7e2da2d
Screenshot 2024-05-17 at 16 20 57
  • Step 5 click SBOM details for artifact library/golang:1.22.3, will get 404 error
 [/lib/http/error.go:62]: {"errors":[{"code":"NOT_FOUND","message":"artifact library/golang@sha256:ecc2d24dba2835db0cb39de61d2e9b0a6b968a1052d0651408203d9eb7e2da2d not found"}]}
Screenshot 2024-05-17 at 16 22 37
  • Step6 repeat same action for artifact test/golang:1.22.3, SBOM details could get successfully
Screenshot 2024-05-17 at 16 29 34

Versions:
Please specify the versions of following systems.

  • harbor version: v2.11.0-8ccf98a2