►
From YouTube: CNCF Harbor's Community Zoom Meeting - August 24, 2022
Description
CNCF Harbor's Community Zoom Meeting
A
Hello:
everyone
welcome
to
this
b
weekly
cncf
project
harbour
community
meeting.
This
is
an
official
community
meeting.
So
please
respect
the
code
of
conduct
cloud
native
foundation.
A
A
B
Yes,
can
you
hear
me.
B
Yeah
regarding
the
2.6
last
in
last
community,
we
said
we
will
release
it
around
august
15,
but
before
that
date
we
found
a
cv
issue
related
to
the
leap
which
is
in
the
base
in
the
base
image.
So
we
are
waiting
for
that
to
be
fixed
in
the
upstream.
B
B
Earlier
next
week,
I
cannot
get
a
exact
date
currently
because
we
don't
know
okay,
when,
when
that
stevie
will
fix
in
the
upstream.
A
Do
you
guys
also
count
the
weeks
or
is
it
just
a
another
thing
that
is
mostly
used
in
in
germany
or
german
speaking
countries
just
just
question,
because
I
never
seen
someone
else
using
it
like
a
calendar
week.
A
A
So,
as
as
we
can
see
that
you
know
most
of
most
of
the
maintainers
voted
for
a
deprecation
announcement
in
2-6,
which
means
that
yeah,
it's
now
official,
that
a
chart
museum
will
be
deprecated
or
marked
as
deprecated
starting
from
2.6.
A
And
this
will
mean
that
it
will
be
in
deprecated
status
into
six
to
seven
and
probably
might
be
removed
into
eight.
A
This
way,
sorry,
if
there
are
some
other
topics,
what
you
can
do
is
you
can
already
add
yourself
on
the
list
and
so
that
we
can
discuss
this.
One
I'll
need
just
a
minute
here
to
clean
this
up
and
let's.
A
Okay,
let's,
let's
then
move
to
the
next
one,
which
is
oh
this
one.
I
was
wrong,
so
the
next
next
vote
was
regarding
notary
and
for
notary.
We
have
the
same
result,
which
means.
A
C
A
Okay,
the
next
point
on
the
agenda
is
the
some
updates
regarding
kubecon.
B
A
Armor
at
kubecon,
so
the
the
current
status
is
that
maintainer
track
is,
is
virtual.
A
And
then
we
have
a
virtual
office
ad
called
office
hour
office.
A
B
So
but
currently
they
reject
for
the
officer.
Are
you
not
open
right.
A
I
think
this
is
that's
it
from
my
side
on
the
topics
that
I
that
come
to
my
mind
immediately.
Okay,
we
have
another
topic
on
the
agenda.
It's
about.
I
don't
know
how
to
spell
it
kiss
or
kit
kits
kiss
kicks
kicks.
Okay,
yes
and
rafaela
is
here
she
would
like
to
introduce
kicks
and
to
discuss
and
see
how
this
might
fit
as
an
extension
or
adapter
into
hardware
available.
Please.
C
C
C
So
I
do
not
know
if
it
is
a
good
fit
or
not,
because
I
saw
that
all
the
scanners
adapter
you
have
in
your
website,
all
of
them
scan
image
so
and
and
the
vulnerabilities
it's
kind
of
the
cva
vulnerabilities,
and
this
is
not
what
kicks
does
kicks.
Only
reports
infrastructure
vulnerabilities,
like
s3
bucket
without
logging,
for
example,.
A
So
what
I
can
say,
I've
been
when
you
mentioned
this
on
the
slack
channel.
I've
been
looking
into
kicks
and
so
well
kicks
yeah.
So
this
is
the
project.
So,
as
you
click,
I've
been
looking
into
the
project
to
see
how
this
might
be
fit
into
into
harbor,
and
this
is
kind
of
my
my
personal
take
on
this
one.
A
The
idea
is
well
it
could
it
could
fit
if
you
know,
if
I
think
the
only
way,
I
would
okay,
let's
start
with
this,
so
hardware
is
a
container
registry,
so
it
stores
content.
Everything
is
basically
container
images
right
of
wrapped
container
images,
but
inside
the
container
images
there
is
not
always
not
always
applications
nowadays,
so
we
expanding
and
moving
away
from
only
hosting
containers,
but
also
other
types
of
artifacts.
You
know
we
have
support
now
for
web
web
assembly.
A
We
have
support
for
chart
helm
chart,
and
this
is
something
where
I
see
that
this
might
be
interesting,
because
helmet
charts
are
essentially,
you
know,
is
manifest
with
templates.
So
the
question
is:
does
kicks
support
only
manifests
or
rendered
manifest
or
does
kicks?
A
Also,
support
manifests
that,
are,
you
know,
go
templates
or
with
templates
you
know,
will
it
be
possible
to
scan
with
kicks
helm,
chart,
for
example,
or
only
the
rendered
manifest,
and
if
it's
only
the
rendered
manifest
I
I
I
mean
I
wouldn't
see
it
that
it
would
make
much
sense
to
to
to
create
an
adapter
for
harbor,
but
if
it
is
capable
of
scanning,
if
it's
capable
of
scanning
a.
A
Template
you
know
a
chart
template
then
it
might
be
interesting
for
users
to
to
integrate
kicks
into
their
pipelines
into
the
into
the
into
their
instances.
C
A
A
Exactly
so,
the
thing
is,
I
mean,
let
me
just
share
this
with
everyone.
I
think
I
have
currently
open
because
I'm
looking
into
it,
let
me
just
share
the
screen
another
one.
A
B
A
This
is
a
numbers,
it
is
a
cve
export
of
harbor
to
six
and
it's
basically
just
the
same
as
mapping
as
as
the
data
table.
So
we
have
a
artifact
digest.
We
have
the
cv
id
and
we
have
the
package
the
current
version,
the
fixed
version,
the
security.
You
know,
the
severity
level
and
some
cve
ids
and
some
additional
data
I
mean
you
could,
of
course
you
know
kind
of
a
press
or
wrap
your
result
in
in
this
format.
A
I
think
it
would
be
it
would
be.
You
know
possible,
so
you
can
leave
out
the
informations
that
you
don't
have
like.
You
know,
maybe
package
you
replace
it
with
a
helm,
chart
name
or
the
file
name
and
the
current
version
you
could,
you
know,
use
the
version
from
you
could
use
the
version
from
you
know
the
helm,
chart
or
application
depending
on
your
situation
and
then
in
the
additional
data.
You
would
provide
the
your
findings.
You
know
kind
of
kind
of
this
information.
A
You
know
you
could
provide
it
directly
as
data
or
as
a
link
or
reference.
You
know
to
if
it's
a
url
or
something
you
know
whatever.
So
this
is
something
I
would
say
you
could
you
could
do,
but
given
I
mean
given
the
given
the
situation,
that
your
scanner
can
actually
scan
help
charts
because
there
are
no,
no,
I
think
I
don't
know
if
any
other
artifacts
you
know
like
terraform
or
ansible,
that
are
stored
in
container
images,
mostly
of
them,
are
not
stored
in
container
images,
but
repositories.
C
Yes,
we
can
kixy
is
already
prepared
for
charts
so,
but
kicks
is
not
prepared
for
image
for
now,
at
least
to
scan
image,
just
files.
A
Yeah,
but
you
could
you
could
write,
I
mean
your
adapter.
Would
then
you
know
fetch
the
image
extract,
the
data
from
the
image,
and
then
you
know,
data
from
the
image
and
then
scan
the
files
and
accordingly
react
to
that.
So
this
is,
I
think
you
have
to
take
a
look
at
how
other
scanners
are
doing
it
because
they
do
it
probably
the
same
way.
C
B
A
And
also
the
documentation
there,
there
is
no
other
procedure
than
than
this
one.
So
you
you
implement
the
product,
the
the
the
the
the
pluggable
scanner
interface,
I
mean
john
just
posted
the
spec.
A
You
implement
it
accordingly,
and
then
you
publish
your
adapter
and
we
will
list
the
adapter
on
the
on
on
our
as
a
kind
of
as
a
reference
that
this
adapter
exists
and
people
can
use
this.
We
recommend,
of
course,
that
you
maintain
and
keep
the
adapter
up
to
date.
A
You
know
that
you,
you
know,
update
the
adapter,
not
the
interface,
but
because
it's
you
know
static,
but
like
the
implementation
behind
it
update
the
newest
kicks
version,
and
things
like
this,
so
this
will
be
then,
of
course,
your
responsibility
to
maintain
this.
A
D
A
scanning
working
group,
so
I
can
invite
you
into
that
section,
to
discuss
more
details
about
how
to
implement
a
scanner
adapter
and
how
to
integrate
that
adapter
into
harbor,
but
but
for
the
details
of
your
tools,
I
I
need
to
go
to
the
repository
to
know
some
details.
Then
I
can
let
you
know
how
and
why
we
can
or
not
integrate
your
tools
into
hardware.
A
What
what
do
other
thing
about
this
you
know
scanning
health,
charts.
A
What
do
other
thing
about
integrating
kicks
with
with,
however,
especially
in
in
terms
of
helmchat,
what
the
other
maintainers?
So
it's
more
question
to
the
maintainers
here.
What
do
you
guys?
What
do
you
guys
think?
Is
this
a
good
idea,
or
do
you
think
it's.
B
To
join
the
slack
channel,
I
mean
the
working
group
scanner
working
group
that
yen
just
mentioned,
to
discuss
more
detail
in
the
network
group
to
get
some
other
feedback
or
some
other
suggestions.
B
Then
we
can
follow
up
the
next
step
for
this
kicks
project.
D
Yeah,
I
need
to
know
more
details
about
your
tools,
so
I
I
like
to
know
the
the
results
the
scanning
results
of
our
home
chart,
so
I
like
to
see
that
the
tool
can
catch
some
cves
of
the
dockery
image
in
the
hemp
charts.
D
But
but
I
I
I
don't
know
whether
this
tool
can
do
or
not.
So
I
will
go
into
details
and.
B
Yeah,
and
also
please
take
a
look
to
the
scanner
spec
that
you
have
send
in
the
chart.
Then
you,
you
guys
also
can
know
more
about
the
hubble
scanner,
how
it
is
work
and
how?
How
can
the
scan
that
the
third
part
scanner
can
integrate
with
hardware,
so
that
may
get
more
ideas
from
each
of
our
from
your
side
and
last.
A
A
So
if
we
take
a
look
at
the
the
spec,
we
have
the
the
different
data
types
you
know
that
are
kind
of,
I
would
say
for
seeing
right,
so
we
have
the
vulnerability.
This
is
actually
the
one
that
we
that
we
currently
have
implemented
in
harbor
right,
and
I
think
this
one
is
not
implemented
in
harbor
right.
A
A
And
then
yeah,
so
just
I'm
just
wondering
that
you
know.
I
think
that
daniel
and
and
stephen.
B
Yeah
steven
zoe,
I
think
previously
have
some
ideas
on
on
the
spawn
under
the
misconfiguration.
Something
have
some
idea
on
that,
but
I
think
currently
no
no
more
actions.
A
B
So
anyway,
I
think
stevenson
is
also
in
that
working
group.
Maybe
we
can
put
the
I
mean
pulling
referral
into
that
goal
group.
So
maybe.
A
You
can
discuss
more
details
exactly,
and
maybe
you
can
also
contribute
to
this
to
this
data
spec
as
well,
because
it's
currently
yeah
it
is
foreseen,
but
it's
not
implemented,
and
I
think
it
would
be
also
a
good
contribution
from
from
your
side.
If
you
would
kind
of
fill
out
this
data
data
spec,
you
know,
and
then
you
would
have
the
right
data
format
for
your
report.
A
All
right
are
there
any
other
topics
on
the
on
the
agenda.
Sorry,
I
clicked
the
stop
sharing.
A
Okay,
please
add
yourself
as
the
attendees.
You
know,
I'm
just
mentioning
it
again,
because
I'm
feeling
lonely
there,
the
only
one
at
yourself
as
identi
everyone,
so
that
we
have
a
kind
of
a
track
who
attended
this
this
meeting
and
if
we
have
no
other
discussions
on
other
topics.
I
would
then
release
you
earlier
than
planned
and
would
say
thank
you
for
attending,
have
a
nice
day
and
have
a
nice
week
and
talk
to
you
in
two
weeks.