►
From YouTube: CNCF Harbor's Community Zoom Meeting - July 27, 2022
Description
CNCF Harbor's Community Zoom Meeting
A
All
right,
hello,
everyone
welcome
to
today's
harvard
community
meeting
today
is
wednesday
july
the
27th
and
that's
the
official
community
municipal
harbor.
Please
keep
in
mind
hybrids
the
cncf
project,
so
we
follow
the
code
of
conduct
for
the
cncf.
My
name
is
william
vasilev
and
I'm
the
community
manager
for
harvard
I've
posted
the
chat.
The
community
meeting
notes
link
for
today
in
high
candy,
I'm
sorry
in
github.
I'm
gonna
paste
it
once
again,
just
in
case
someone
missed
it.
A
A
A
A
A
So
two
things
here
first
is:
we
should
be
super
careful
about
release,
note
wording
and
where
we
place
stuff
and
second,
we
should
follow
the
life
cycle
policy
from
now
on.
So
please
everyone
follow
that
link
and
get
acquainted
with
the
the
procedure.
How
we
are
going
to
deprecate
something
or
completely
remove
something
from
the
from
harvard.
A
B
Yeah
justin
eco.
What
only
just
said.
I
think
this
process
previously
hubble
does
not
have
this
process
so
in
in
the
previous
few
months.
I
think
they
they
have
a
maintenance
work
out
of
this
process,
and
now
it
is
module
in
the
repo.
So
take
a
look
at
that
and
in
future
I
think
we
I
mean
the
hardware
community
will
leverage
this
process
to.
B
A
Yeah,
I'm
going
to
keep
that
thing
for
a
while
in
our
meeting
minutes,
so
we
can
all
get
acquainted
with
it
and
we
know
that
such
process
exists
and
we
don't
screw
up
something
yeah,
yeah,
absolutely,
okay.
Great
next
thing
is
the
two
six
two
six
release:
is
it
still
young
one
added
this
one?
Last
time
I
just
wanna
add
update
on
this
one
as
a
follow-up
is
that
one
two
six
still
delayed
for
mid
august.
C
A
A
A
C
D
A
D
A
I
can
help
you
out
we
kept
like
was
that
almost
20
days
kind
of
until
then
so
I
can.
I
can
try
to
help
you
out
on
the
background
or
also
avi
abigail.
It's
she
can
help
you
out
with
the
block
as
well.
So
I
would
love
to
release
it.
It's
not
necessary
to
be
like
a
50
pages
of
blog
posts
with
pictures
and
everything,
but
the
overall
idea
of
pointing
to
the
main
parts
of
the
documentation
within
the
website
and
some
some
some
demo
with
short
with
screenshots,
will
be
perfect.
A
D
A
C
What
and
this
is
another
anchor
feature
that
introduced
in
2.6
and
cheney,
just
wrote
something
to
that
what
we
did
and
we
we
have
some
very
good
enhancement
on
the
concurrency
pool
scenario
that
that
was
real
benefit
to
the
enterprise
user.
So,
and
can
you
help
us
to
review
that
documentation
and
then
we
can
also
write
a
blog
for
this
feature
to
announce.
C
A
Let's
do
it:
okay,
perfect,
even
even
better,
the
more
the
better
well.
Do
you
want
me
to
like
the
easiest
way
to
do
that
to
collaborate
with
this
one
will
be
I'll
I'll
get
some
google
docs
shirt,
google
docs,
and
we
can
all
write
in
there.
So
I
can
check
and
we
can
check
on
the
language
and
then
statistics
and
stuff
and
then
I'll
work
here
and
get
it
get
it
out
when
we
have
the
release.
What
do
you
think.
A
C
A
C
A
D
Okay,
thank
you
alex
and
thank
you
all
community
members
for
giving
an
opportunity
to
present
this
feature
that
I'm
working
on
for
quite
some
time
now.
This
feature
is
around
the
cbe
export
of
harvard
harbor
data,
harbor
cbe
data
into
a
csv
format.
So
basically,
the
use
cases
that
that
are
satisfied
by
this
by
this
feature
are
about
exporting
the.
D
So
the
functional
requirements
for
this
feature
are
that
the
csv
export
is
restricted
to
that
of
vulnerability,
scan
data.
We
can-
and
there
are
other
types
of
data
points
that
later
on
we
could
introduce.
But
currently
the
feature
is
restricted
to
csv
exporter,
vulnerability
data.
It
allows
the
user
to
to
export
csv
data
by
specifying
various
types
of
filters,
around
repositories,
tags,
labels
etc.
D
As
we'll
see
in
the
demo,
and
then
the
user,
of
course
is
allowed
to
download
the
exported
data
so
that,
like
further
processing,
can
be
done,
the
other
parts
are
non-functional
parts
of
the
which
are
not
user
facing,
but
the
nevertheless
important
from
the
harbour
perspective.
I
have
a
system
perspective
and
that's
around
the
storage
of
exported
csv
data.
D
If
you
like,
like
we,
have
introduced
a
feature
of
system,
artifact
manager,
which
is
an
internal
back-end
feature
where
in
2.6,
which
is
like,
which
is
going
to
store
the
non-oci
compliant
artifacts
onto
the
registry
and
also
maintain
their
life
cycle.
So
we
are
going
to
so.
This
csv
export
feature
relies
heavily
on
that
for
for
storing
the
exported
data
files
and,
of
course,
even
the
cleanup
of
old
data
files
like
we
don't
want
the
csv
files
to
keep
on
accumulating.
D
So
by
relying
on
the
system,
artifact
manager,
functionality,
we
ensure
that
the
csv
files
are
cleaned
up
after
a
period
of
like
24
to
40
hours,
24
or
40
hours.
So,
like
a
quick,
quick
thing
is
like,
rather
than
walking
through
the
I've
just
demo
the
reporting
workflow.
I
have
my
harbor
installation
over
here.
I
think
I
hope
this
session
is
still
active.
D
An
important
part
to
note
is
that
I
will,
in
order
to
perform
an
export,
I
must
have
the
scan
privilege
on
the
project
and
the
original
intent
behind
this
was
like
normally,
users
who
scan
or
who
trigger
scans
on
images
are
the
ones
who
would
be
interested
in
downloading
the
reports.
So
currently
it
is
required
that,
in
order
to
initiate
a
csv
export
of
the
cbe
data
for
a
project,
you
must
have
a
scan
privilege
on
that
project.
D
So
so
right
now
I
have
login
as
admin
for
the
purpose
of
the
demo,
and
you
can
see
that
there
is
an
export
cv
option
where
you
could
choose
a
set
of
projects
for
which,
like
you
want
to
you
want
to
export
cds.
You
can
specify
a
set
of
filters
that
are
present
like
there
are
repository
filters
and
they
follow
the
standard
double
star
pattern.
That
has
been
a
standard
with
hardware
for
a
long
time
now.
D
So
maybe
I
can
do
something
like
these
are
some
images
that
are
already
downloaded
or
already
synced
into
my
system.
So
I'm
going
to
use
them,
we
can
specify
tags
and
we
can
also
specify
labels.
So,
basically,
like
I
mean
you
could
you
could
specify
any
of
the
labels
that
you
want
and
of
course,
then
you?
D
You
would
also
be
interested
like
in
some
time
saying
that,
hey
you
know:
okay,
there
will
be
a
lot
of
cves,
but
I'm
really
interested-
and
let's
say
like
there
is
a
advisory
that
comes
out
for
a
with
a
particular
cv
number
like,
for
example,
the
block
for
shell
right
that
came
in
towards
the
end
of
last
year.
So
I
want
to
understand
if
how
many
images
still
have
a
jvm
with
a
lock
force
or
the
spring
spring
versions,
with
a
log
four
shell
vulnerability?
D
I
could
just
put
the
cbe
id
here
and
run
an
export,
so
we'll
get
a
list
of
all
images
that
have
that
particular
cv
id.
So,
with
this
side,
like
I'm,
going
to
just
click
on
export
and
the
the
process
is
pretty
simple,
like
I
mean
a
job
keeps
running
in
the
in
the
background,
and
eventually
cbe
data
is
available
for
export.
D
A
C
D
Be
the
csv
that
has
been
exported
based
on
the
cve
jobs
that
was
created
so
so,
as
you
can
see,
that
there's
a
lot
of
data
that
is
present
in
the
csv.
We
are
still
working
on
certain
performance
improvements
due
to
which,
due
to
which
we
may
end
up
dropping
some
of
the
columns
but
yeah
I
mean
eventually
like
you
will
have
enough
information
to
like
you
know,
consolidate
the
vulnerability
information
and
then
reuse
it
for
downstream
analytics.
D
So
yeah,
that's
the
feature
I
mean
and
with
respect
to
like
with
respect
to
privileges,
as
I
already
mentioned,
you
must
have
the
scan
privilege
and
you
should
at
least
have
the
like.
You
should
at
least
have
the
project
admin
other
project
developer
rules.
Those
type
of
roles
are
also
allowed
to
like
export
export,
the
csv
data
yeah.
That's
that's
about
it.
For
now,
yeah
I'm
open
for
questions.
D
D
We
may
need
to
add
it,
but,
as
I
say,
there's
a
set
of
columns
that
we
have
decided
to
drop
because,
like
you
know
like
what
we
observed
is
the
more
columns
that
we
add
in
the
system
like
the
performance
of
the
query.
That
happens,
because
you
have
to
join
a
large
number
of
tables
in
the
backend
to
get
this
data.
It's
a
little
sub
optimal
right
now,
so
we
may
have
to
end
up
dropping
certain
columns
and
then
add
them
depending
on
how
the
user
feedback
goes
on.
So
yeah.
A
D
C
D
B
D
C
D
This
feature
for
the
admin
or
for
the
normal
users,
also
okay,
so
it's
a
it's
a
feature
that
is
like
you
can
run
the
scan
as
long
as
you're
the
project
owner
right
yeah.
So
you
don't
need
to
be
an
admin.
The
only
thing
is
like
for
an
admin
you
can
like.
The
admin
can
do
a
select
all
and
run
the
export
so
like
the
admin
doesn't
have
any
restrictions
on
what
projects
can
be
exported
right.
A
D
Got
it
so
what
I'm
understanding
is
like?
You
could
have
a
separate
our
back
role
like
security
manager
or
some
privilege
that
can
like
that
could
be
assigned
to
a
job
or
or
a
login
user.
Who
can
then
directly
invoke
these
apis
and
get
the
data
right
kind
of
periodically
yeah
yeah?
That's
a
good
point,
yeah
good!
D
A
A
I
suppose
that
would
be.
The
next
question
is:
okay.
We
have
that
one,
but
how
we
can
automate
it
because
coming
from
the
operations
site
in
the
very
past
in
my
life
I
was
like
okay,
I
need
that
information
like
served
every
month
or
something
or
every
week
automatically
to
my
mailbox
and
or
some
other
system
and
consume
from
there.
So
I
suppose
at
some
point
someone
will
ask
that
question
so,
but
great
start,
thank
you
for
the
thank
you
for
the
demo
and
contributions
fantastic
thing.
A
B
A
Yeah,
thank
you.
It
will
be
funky
vacation.
I
have
a
few
trainings
to
do
and
two
or
three
books
about
community
so
be
very
educational
vacation,
but
yeah
it's
gonna
be
yeah.
Okay,
thank
you.
Thank
you
very
much
so
with
that,
I
don't
have
any
other
topics
for
now.
Anyone
else
wants
to
add
something
in
the
very
last
minute.
A
C
C
B
A
Yeah,
can
we
can
we
do
like
a
issue
about
that
with
announcements
and
maybe
discussions
of
possible
issues
of
deprecating
it
and
practically
because
the
last
time,
the
issue
was
that
we
didn't
just
deprecate,
something
which
means
to
stop
supporting
it,
but
still
be
available
on
best
effort.
But
we
completely
removed
that
functionality.
C
C
B
C
C
B
A
B
D
A
And
also,
I
think
it
will
make
sense
if
we
have
somewhere
like
on
the
wiki
pages
or
something
like
a
list
of
a
list
of
all
the
identifications
that
are
currently
going.
So
people
can
easily
refer
to
that
thing
and
and
see
what's
going
on
and
when
specific
features.
Because
at
some
point
it's
clearly
possible
that
we
have
more
than
one
thing
like
this
to
be
in
the
application
process.
So
people
can
can
easily
find
out
what's
going
to
be
removed
and
when
the
other.
C
A
B
Yeah,
I
think
once
we
create
a
ticket
for
each
plan,
the
duplication
feature.
We
can
link
that
issue
here.
Like
you
said,
you
will
create
a
section
about
future
deprecation,
so
you
can
link
that
ticket
here
so
people
when
he
visits
this
week
page
he
will
know-
or
there
are
some
features.
Where
is
either
input,
progress
or
application
right?
B
A
A
Yeah
and
also,
I
think
it
makes
sense
on
the
release
note
site
when
we
do
new
release.
We
have
the
new
deprecation
section
to
link
first
to
the
pro
to
the
policy
and
then
from
the
policy.
We
can
have
a
link
to
that
web
page
here
and
if
folks
are
really
interested
to
see
which
one
is
there,
they
can
follow
all
the
chain
of
links
and
I'm
trying
to
figure
out
a
way
to
avoid
what
we
had
last
week
that
we
deprecated
something.
A
C
A
C
A
A
A
C
C
C
A
A
Okay,
so
I
think
that's
that's
that's
great.
I
I
didn't
know
we
have
that,
but
can
we
I'm
not
sure
if
I
have
time
until
until
friday,
can
someone
I'll
create
an
issue
this
one?
But
can
someone
take
this
one
and
work
on
some
kind
of
formal
like
a
documentation
or
or
block
wherever
you
think
it's
more
useful?
A
B
A
A
A
B
A
I
think
is
good
with
the
discussion
because
it's
already
going
for
over
a
year.
So,
let's
let's
keep
it
in
the
discussion,
so
we
don't
lose
and
don't
fork
that
discussion
to
another
issue.
So
let's
keep
it
into
discussion.
Just
to
add
the
thing
there
and
to
add
the
the
link
to
the
to
the
tool
and
folks
can
give
it
a
try
and
and
actually
take
some
action
to
migrate.