首先要开启漏洞扫描,安装的时候需要开启:
./install.sh --with-trivy1、进入扫描管理页面
系统管理 》审查服务
2、切换到漏洞界面
点击开始扫描镜像
3、切换到安全中心查看扫描结果
4、项目漏洞扫描
项目》配置管理
docker pull mysql:8.0
[root@harbor harbor]# docker tag mysql:8.0 hub.self.com/mysql/mysql:8.0
[root@harbor harbor]# docker push hub.self.com/mysql/mysql:8.0
The push refers to repository [hub.self.com/mysql/mysql]
bb5107df7baa: Pushed
59a1a4fb3367: Pushed
a77ecc122bf4: Pushed
a966b78a59e9: Pushed
7fc827b16c7b: Pushed
c350fcbc37b3: Pushed
26e72ef22e05: Pushed
e69c68c7dd21: Pushed
b6126bf990b9: Pushed
c2ccadc91b4f: Pushed
496eb3815f35: Pushed
8.0: digest: sha256:bcfecfdd2f8c2988c0db7335dfeed0dc336defe7007e98c5308f58168d808a05 size: 3045
i Info → Not all multiplatform-content is present and only the available single-platform image was pushed
sha256:4af1f8815716546f5b12410f7621f37f93db8dd11a184706ef59111930b8c2ff -> sha256:bcfecfdd2f8c2988c0db7335dfeed0dc336defe7007e98c5308f58168d808a05
[root@harbor harbor]#
对新入私有仓库的镜像进行漏洞扫描:
简介:During session resumption in crypto/tls,
if the underlying Config has its ClientCAs or RootCAs fields
mutated between the initial handshake and the resumed handshake,
the resumed handshake may succeed when it should have failed.
This may happen when a user calls Config.Clone and mutates the
returned Config, or uses Config.GetConfigForClient.
This can cause a client to resume a session with a server that
it would not have resumed with during the initial handshake,
or cause a server to resume a session with a client that it
would not have resumed with during the initial handshake.这是一个信任配置变更未与会话状态绑定的逻辑漏洞,
可能导致在 CA 信任关系更新后,旧的不安全会话依然能复用,
从而绕过访问控制。© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
