xaleeks
xaleeks
Agree that this is a very important and typical scenario of persisting the signature across image syncs. Harbor team currently leverages notary and has some thoughts on this and would...
@eshepelyuk We are already working with Josh and other MS guys involved with CNAB project on this. I'll update here when we have a more concrete release plan.
proposal looks good, please check implementation. @steven-zou @reasonerjt
This will be addressed in 2.1
We will open up controlled access to APIs for robots in the next minor release v2.2
https://github.com/goharbor/community/pull/148
Here are the actions we're considering granting API access to robot accounts for the 2.2. I don't necessarily consider retrieving scan results part of core CI and this is also...
I guess API access for retrieving CVE scans is ok, we can add it to the v2.2 any security concerns? @reasonerjt @wy65701436
@jorgemoralespou I will ping you on slack to discuss this
@reasonerjt No I think his sub is also changing, and issuer is changing, so both can change but he wants to discard sub from being used as part of this...