quay / clair-jwt Goto Github PK

clair behind jwtproxy in one container

License: Apache License 2.0

Shell 57.86% Makefile 42.14%

clair jwtproxy quay dockerfile

clair-jwt's Introduction

Project Quay

⚠️ The master branch may be in an unstable or even broken state during development. Please use releases instead of the master branch in order to get stable software.

Project Quay builds, stores, and distributes your container images.

High-level features include:

Docker Registry Protocol v2
Docker Manifest Schema v2.1, v2.2
AppC Image Discovery via on-demand transcoding
Image Squashing via on-demand transcoding
Authentication provided by LDAP, Keystone, OIDC, Google, and GitHub
ACLs, team management, and auditability logs
Geo-replicated storage provided by local filesystems, S3, GCS, Swift, and Ceph
Continuous Integration integrated with GitHub, Bitbucket, GitLab, and git
Security Vulnerability Analysis via Clair
Swagger-compliant HTTP API

Getting Started

Explore a live instance of Project Quay hosted at Quay.io
Watch talks given about Project Quay
Review the documentation for Red Hat Quay
Get up and running with our getting started guide for developing or deploying Quay
Deploy on Kubernetes using the Quay Operator

Community

Mailing List: [email protected]
IRC: #quay on libera.chat
Bug tracking: JBoss JIRA
Security Issues: [email protected]
Community meetings held the first Wednesday of every month 11:00 AM EST: meeting link

License

Project Quay is under the Apache 2.0 license. See the LICENSE file for details.

clair-jwt's People

Contributors

Stargazers

Watchers

Forkers

ericchiang alexxnica kryndex liuyusen peterducai thomasmckay keyboardnerd pombredanne kalatabe lukeb2e pawelwiecaszek cgiraldo samm-git ekmixon frankfanslc isabella232

clair-jwt's Issues

Creation of build env fails

Currently, creation of builld environments fail due to cfssl requiring Go version 1.12+ and not 1.11.5 which is currently being used:

Step 15/24 : RUN go get -u github.com/cloudflare/cfssl/cmd/cfssl
 ---> Running in 8aab323e28fb
# github.com/cloudflare/cfssl/vendor/github.com/zmap/zlint/lints
go/src/github.com/cloudflare/cfssl/vendor/github.com/zmap/zlint/lints/result.go:75:9: undefined: strings.ReplaceAll

CFSSL readme file: https://github.com/cloudflare/cfssl
Related issue: cloudflare/cfssl#1028

Clair Integration with Quay Fails with 403 During Key Creation on OCP

Hey Guys,

We're trying to integrate Clair as the secure_scanner for Quay, but getting 403 errors during the auto-generated private key creation. We're following the Red Hat doc but running the containers as pods on OCP rather than directly on the Docker host: https://access.redhat.com/documentation/en-us/red_hat_quay/2.9/html-single/manage_red_hat_quay/index#quay-security-scanner

We're running both containers within the same project on OCP. This is with the "Security Scanner" config from the Super User settings panel "Waiting for service to connect" during auto-generated private key creation:

Please start the security_scanner service now, configured for autogenerated private key. The key approval process will continue automatically once the service connects to Quay.
Waiting for service to connect

Here's the debug output:

2019-05-08 16:48:25,073 INFO spawned: 'jwtproxy' with pid 252
time="2019-05-08T16:48:25Z" level=debug msg="Initializing in-memory key cache." 
time="2019-05-08T16:48:25Z" level=debug msg="Unable to load private key: open /home/security_scanner.jwk: no such file or directory" 
time="2019-05-08T16:48:25Z" level=debug msg="Boostrapping publication with a new key" 
time="2019-05-08T16:48:25Z" level=info msg="No claims verifiers specified, upstream should be configured to verify authorization" 
time="2019-05-08T16:48:25Z" level=info msg="Starting reverse proxy (Listening on ':6060')" 
time="2019-05-08T16:48:25Z" level=debug msg="Adding rotation policy: 12h0m0s" 
time="2019-05-08T16:48:25Z" level=debug msg="Adding expiration time: 2019-05-09 16:48:25.543279389 +0000 UTC m=+86400.463104704" 
time="2019-05-08T16:48:25Z" level=debug msg="Adding rotation time: 12h0m0s" 
time="2019-05-08T16:48:25Z" level=info msg="Starting forward proxy (Listening on ':6063')" 
time="2019-05-08T16:48:25Z" level=fatal msg="Error publishing key" activeKey=<nil> error="Unexpected response code when publishing key: 403 " pendingKey=EcKD5-6Hhh 
2019-05-08 16:48:25,557 INFO exited: jwtproxy (exit status 1; not expected)

Update Vulnerabilietes: Error 404 downloading RHEL3.xml on "quay.io/redhat/clair-jwt:v3.2.1"

If the Clair Scanner started and ran the update script little bit later - an error was displayed.

{"Event":"an error occured when fetching update","Level":"error","Location":"updater.go:246","Time":"2020-04-20 13:24:25.204396","error":"received 404 code downloading https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL3.xml","updater name":"rhel"}

FYI: The file does not exists on the page: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL3.xml. What can I do?

quay / clair-jwt Goto Github PK

clair-jwt's Introduction

Project Quay

Getting Started

Community

License

clair-jwt's People

Contributors

Stargazers

Watchers

Forkers

clair-jwt's Issues

Creation of build env fails

Clair Integration with Quay Fails with 403 During Key Creation on OCP

Update Vulnerabilietes: Error 404 downloading RHEL3.xml on "quay.io/redhat/clair-jwt:v3.2.1"

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent