Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for private docker registry #717

Merged
merged 2 commits into from
Nov 20, 2023
Merged

Support for private docker registry #717

merged 2 commits into from
Nov 20, 2023

Conversation

prabhu
Copy link
Collaborator

@prabhu prabhu commented Nov 15, 2023
edited
Loading

Testing private docker registry

git clone https://github.com/CycloneDX/cdxgen
cd cdxgen
git checkout feature/nov23-updates
npm install
# docker login
node bin/cdxgen.js ...

Test scenarios

  • All unauthenticated journeys should work as-is
  • Default DOCKER_CONFIG. Performing docker login followed by cdxgen invocation should correctly generate the sbom.
  • Override DOCKER_CONFIG with environment variables
  • Test by specifying DOCKER_AUTH_CONFIG and other individual environment variables
  • Test with a credential helper and credential store such as docker desktop
  • Manually pull the image and then invoke cdxgen.

Known issues

  • http: server gave HTTP response to HTTPS client - Set the insecure registries in daemon.json

@prabhu prabhu requested a review from setchy November 15, 2023 09:50
@prabhu
Copy link
Collaborator Author

prabhu commented Nov 15, 2023

Ignore the Codacy findings, which are unproductive (They are running the same eslint with slightly different settings and get it wrong 100% of the time).

@prabhu
Copy link
Collaborator Author

prabhu commented Nov 15, 2023
edited
Loading

From initial testing, it appears like the bug with the private docker registry is still not resolved. However, the package updates specifically the update to the atom package are required for improving reachable components detection for the depscan v5 release.

Will create a new PR with only the package updates and another one specifically for the private docker registry. - DONE

@prabhu prabhu force-pushed the feature/nov23-updates branch from 59c9d34 to 025dd5a Compare November 15, 2023 22:00
@prabhu prabhu changed the title Update packages. Support for private docker registry Support for private docker registry Nov 15, 2023
@prabhu prabhu force-pushed the feature/nov23-updates branch from 025dd5a to 6d87fd9 Compare November 19, 2023 22:12
@prabhu prabhu marked this pull request as draft November 19, 2023 22:12
@prabhu prabhu force-pushed the feature/nov23-updates branch 6 times, most recently from 127e1ee to 1159155 Compare November 20, 2023 20:35
@prabhu
Update packages. Support for private docker registry
a3e1309 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

Pass headers in more places

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu prabhu force-pushed the feature/nov23-updates branch from 1159155 to a3e1309 Compare November 20, 2023 20:36
@prabhu
use env based credentials first for docker
7e12e3d 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu prabhu marked this pull request as ready for review November 20, 2023 20:50
@prabhu prabhu merged commit 97d1e48 into master Nov 20, 2023
24 checks passed
@prabhu prabhu deleted the feature/nov23-updates branch November 20, 2023 21:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@setchy setchy Awaiting requested review from setchy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@prabhu