►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
let's
get
started
hi
everyone
welcome,
join
the
community
meeting
of
harbor
will
take
30
minutes.
My
name
is
daniel
from
vmware
I'm
maintainer
of
harvard.
Let's
see
what
we
have
today
in
the.
A
Agenda
so
first,
I
will
quickly
give
an
update
for
harbor
2.0
and
after
that
there
are
three
demos
scheduled
today
we
will
demo
the
support
for
scanning
image
index
in
2.0
and
after
that,
daniel
patek
from
aqua
will
demo
the
integration
with
the
scanner
trivia
and
after
that
premium
or
online
will
do
the
demo
for
the
enhancement
of
my
pokemon
together,
and
I
will
show
the
demo
and
give
some
comments
and
discussion
after
that.
A
If
there's
time
we
will,
you
know,
do
some
free
discussion
for
anything
interested
okay.
So,
first
first,
let's
see
the
overall
status
of
harbor
2.0.
We
are
very
close
to
the
feature
complete.
A
A
Hopefully
in
the
next
community
meeting
you
hear
the
news
about
the
fc
of
2.0
and
there
will
be
a
relatively
stable
build
for
you
to
try
and
play
around,
and
the
ga
and
rc
will
be
targeted
in
april.
Please
stay
tuned,
so
let's
see
drill
down
to
a
little
detailed
status
for
the
anchor
feature
of
2.0
making
hardware
cloud
native
registry
based
on
the
oci.
A
Covered
the
main
flow,
and
in
this
screen
we
we
are,
we
have
enabled
us
scanning
the
image
index
and
tag
retention.
A
Currently
we
are
working
on
other,
enabling
other
features
to
cover
the
corner
cases
for
like
replication
quota,
and
we
are
doing
the
refine
refinement
on
ui
to
address
some
comments
and
we
also
fixed
a
field
box
to
on
the
osi
confirming
test.
So
we
can
make
harbor.
You
know
more
conformant
to
the
oci
standard,
but
given
that
the
oci
distribution
spec
is
not
g8
yet,
and
the
docker
distribution
which
we
leverage
to
provide
the
v2
api
also
has
some
legacy
issues
to
fully
comply
with
the
oci.
A
A
Finalizing
this
upgrade
and
migration
flow
to
make
sure
there
is
a
relatively
smooth
upgrade
migration
flow
from
the
previous
version
to
harbor,
because
considering
we
have
done
a
big
change
in
the
api
and
the
data
models.
So
this
is
pretty
complicated
and
challenging,
and
we
are
doing
some
clearing
house
work
like
adding
more
tasks
clean
up
some
unused
code
ether,
so
yeah
we
are
heading
toward
the
fc
beside
the
anchor
feeder.
A
We
think
there
are
some
refinement
needed,
so
we
are
working
on
that
and
we're
also
working
on
more
importantly,
on
enable
that
in
the
helm,
chart
and
exploring
the
possibility
to
integrate
with
certain
monitoring
kubernetes
and
thanks
to
daniel
pakis,
great
work
on
the
change
to
integrate
trivia
scanner
have
merged
to
master
and
for
both
double
compose
installer
and
the
helm
chart
later
daniel
will
give
us
a
more
detailed
introduction
and
demo
the
features,
and,
last
but
not
least,
the
web
hook,
enhancement
to
support
more
events
and
more
flexible
configuration
even
support.
A
Sending
the
notification
to
slack
to
inform
user
about
the
certain
events
we
need
to
review.
We
don't
want
this
to
delay
the
fc
date
if
we
verify
that
works
and
the
code
has
been
reviewed
and
this
will
be
in
the
2.0.
But
if
you
cannot
make
it
it
will
be
into
that
one.
So
that's
the
status.
A
Okay,
I'll
continue.
So
let's
start
the
demo
section
first,
one
way
we
will
demo
the
scanning
image
index.
B
B
B
B
B
B
B
B
B
A
Well,
because
this
is
a
development
build,
so
there
may
be
some
instability,
but
could
you
explain
how
things
will
work
for
scanning
index.
B
In
inversion
version,
one
in
version
2.0,
if
the,
if
the
user
scans
gun
artifacts,
we
first
check
that
the
scanner
has
has
completely
scanned.
The
image
index
is
the
scanner
supporting
it
with
directx
me
to
the
job
to
the
scanner?
If
the
scanner
don't
support
image
index,
we
will
we
will
collect.
B
The
children
nurture,
we
will
collect
the
children
artifacts
artifacts
of
the
imaging
bags
and
and
check
whether
the
artifact
is
supported
by
the
scanner,
for
example,
for
example
there
for
those
for
those
artifacts.
So
we
will
check
that
this
one
is
suppose
supported
by
the
scanner.
We
were
several
me
to
submit
the
children
artifacts
to
the
scanner,
to
scan
it
and
merge,
merge
the
scanner
a
lot
for
the
image.
C
C
Yeah,
maybe
you
can
try
to
debug
it
yeah.
D
B
Yeah,
yes,
if
the
scanner
supported
it,
we
will
send
the
scan
job
to
it
directly.
If
it
don't
support
support,
the
image
index
will
submit
the
children
artifacts
to
the
scanner.
A
So
so
so
so
the
support
is
declared
by
the
adapter
right.
B
A
A
Okay,
if
no
other
comments,
you
is
there
any
other
thing
you
want
to
show
to
us.
Oh
that's.
B
A
Just
hold
on
for
a
minute
there's
a
bj151
asking:
can
we
run
multiple
scanners?
At
the
same
time,
I
think
the
answer
is
no
right.
F
Yeah
today
we,
you
can
only
run
one
scanner
at
a
time
in
the
future
because
of
the
fact
that
scanners
are
extensible
and
will
be
able
to
be
able
to
scan
for
different
types
of
things,
not
just
vulnerabilities.
F
Like
libraries
compliance
be
able
to
update
the
cmdb,
then
we
might
allow
multiple
scanners
to
be
executed,
either
in
parallel
or
in
sequence,
within
a
single
project,
but
not
today.
A
Thanks
michael
daniel
you're,
on
the
line
you
can
take
over.
G
Yes,
so
let
me
let
me
do
the
demos
I'm
just
trying
to
find
out
the
way
to
share
the
slides.
Okay,
maybe
I
will
use
my
local
copy,
because
I
will
just
give
you
a
quick
intro
to
the
architecture
of
3d
and
then
I
will
demonstrate
how
to
install
it
online
installer
and
then
just
a
sec,
I'm
trying
to
find
it,
and
then
I
will
show
you
application
library
scanning.
G
So
this
is
kind
of
a
new
feature
that
hubble
will
have
and
not
only
in
the
users
will
be
able
to
scan
for
operating
operating
system
packages,
but
application
dependencies
at
least
some
of
them.
G
A
The
slides
you
send
it
to
me,
do
you
want
me
to
share
it.
G
Okay,
yeah
so
the
quick
overview
as
daniel
mentioned,
so
it's
already
matched
to
master.
I
have
modified
the
install
scripts
and
all
the
build,
make
files
etc.
To
add
this
with
3v
sorry
with
3d
param
to
the
installation
script,
you
will
see
it
in
a
demo.
I
have
also
added
the
deployments
for
the
3v.
So
now
you
could
just
install
with
a
helm
command
and
by
default
the
3d
scanner
adapter
is
enabled
we
keep
clear
if
both
are
chosen,
the
3d
will
be
marked
as
as
default.
G
It's
it's
done,
programmatically,
then,
what
the
there's
a
lot
of
features-
and
I
do
not
want
to
compare
which
scanner
is
better
and
which
and
compare
but
most
notable
feature
for
me,
is
like
a
photon
os,
like
we
added
support
recently
to
trivia,
to
scan
photonics
images,
which
can
be
very
interesting
and
also
we
can
destroy
us
and,
as
I
already
mentioned
this,
I'm
going
to
demonstrate
that,
for
example,
when
you
build
a
node.js
application
and
you
use
the
npms
like
third-party
dependencies
and,
as
you
might
know,
in
node.js
application,
you
fetched
okay,
hundreds
of
dependencies
transitive
dependencies,
we
will
be
able
to
show
vulnerabilities
in
those
applications.
G
Just
very
very
simplified
architecture.
This
helps
in
troubleshooting
some
of
the
issues,
as
you
might
know,
number
one.
So
hardware,
scanner
3d.
This
is
the
adapter,
so
we
defined
the
plugable
scanners
api,
and
this
is
the
implementation
of
the
api
which
is
using
behind
the
scenes.
3D
our
open
source,
vulnerability,
scanner,
static,
vulnerability
scanner,
since
the
api
assumes
that
the
scan
requests
are
asynchronous,
we
will
store
this
job
status,
scan
job
status
in
in
redis,
typically
you're,
using
the
redis
instance
or
radius
cluster,
which
is
you
know,
any
way
required
to
operate.
G
A
hardware
then
number
three.
This
is
a
3d
and
funnel
3g
and
funnel.
This
is
a
single
executable
that
we
run
as
a
as
a
child
process
of
the
hardware.
Standard
3d
panel
is
more
kind
of
a
library
which
is
used
to
recreate
the
file
system
of
a
given
image,
so
overlay
file
system.
We
are
trying
to
rebuild
the
file
system
and
then
detect
all
the
operating
system,
packages
and
application
dependencies,
and
then
actually
there
is
another
part
which
is
called
bot
db
or
3vdb.
G
This
is
a
index
which
is
built
on
a
daily
basis
by
a
crown
job.
We
don't
have
to
build
it
locally,
as,
for
example,
is
the
case
today
for
clerk
clarisse
is
using
those
updaters
which
are
pretty
much
killing,
probably
all
dev
environments
instead
of
3d
you
could.
You
could
download
pre-built
vulnerability
index
database,
so
both
this
data,
like
a
3d
cache
and
given
image
file
system,
is
cross-referenced
with
a
3vdb,
so
we
could
find
and
detect
vulnerabilities
and
report
them.
G
So
this
is,
as
I
said,
very
simplified
picture
and
I
will
show
you
the
directory
structure
in
a
second.
So
now,
let's
move
back.
Let's
move
to
the
to
demo
and
as
I
said,
I
will
install
3d,
hopefully
it
works,
then
I
will
show
the
main
configuration
parameters
like
environment
variables,
I'll
explain
the
directory
structure
where
to
find
logs,
which
directories
and
where
do
we
cache
data
and
then
the
demo
of
the
application
dependencies
scanning?
G
So
actually,
before
joining,
can
you
see
this
this
this
terminal?
Well,
just
for
the
sake
of
font
sizing
things.
I
have
just
built
all
the
images
of
of
hardware
before
the
demo.
As
you
can
see
now
we
have
an
image
which
is
called
3d,
adapter
photon
and
we
are
rendering
in
the
3v
scanner
adapter
version
023,
similarly
to
what
we
do
with
with
glare
right.
I
just
pre-built
it
because
it
takes
a
little
bit
of
time.
G
I
have
also
built
hardware
online
installer
dev
right,
so
this
is
one
option
to
install
hardware.
So
if
I
extract
this
archive.
G
So
there
is
a
hardware
director
to
create
it
and
I
have
configuration
which
is
suitable
for
my
environment.
I'm
running
a
mac
os
with
a
docker
for
mac,
so
I
just
need
to
adjust
a
little
bit
the
paths
to
the
data
directory
and
to
the
logs.
G
Just
double
check
the
cm
file
yeah.
So
now,
if
I
go
and
say
install
hardware
with
clear,
so
nothing
changes
here,
but
now
you
could
also
ask
to
install
3d
and
see
that
behind
the
scenes
we
create
a
look
and
compose
file
all
the
volumes
bindings
and
then,
if
everything
goes
well,
you
will
see
that
the
3d
adapter
is
up
and
running.
G
And
one
thing
to
note
here
is
it's
ready
to
scan
immediately.
The
first
scan
might
be
a
little
bit
slower
by
the
download
time
of
the
three
db.
I
was
showing
you
on
the
previous
slide,
but
normally
you
should
be
able
to
scan
it
very
fast.
So
now,
if
I
go
to.
G
You
see
that
in
under
the
interrogation
services
we
have
both
3d
and
clear
and
3ds
markers
as
a
default
scanner.
Obviously,
if
you
want
you
can
change
it
and
make
clear
as
a
default
back,
but
that's
the
case
and
now,
let's
scan
something
just
to
quickly
demonstrate
and
see
that
it
works
and
also
at
the
same
time,
I
will
show
you
this
feature
of
scanning
photo
noise
images
I
will
have.
This
is
my
little
cheat
sheet
for
the
demo.
G
G
G
G
Yeah
so,
as
you
can
see
so
the
latest
stack,
luckily
for
all
the
people
who
use
the
photon
noise
version.
Three,
there
are
no
vulnerabilities,
but
here
there
is
a
little
older
version.
We
could
find
vulnerabilities
with
the
details
with
the
description
you
could
go
and
there
is
a
bunch
of
links
to
read
more
about
the
vulnerability,
and
so
that's
it
when
it
comes
to
operating.
G
So
maybe,
since
I'm
here
and
we
are
talking
about
operating
systems,
I
also
show
you
quickly
the
how
we
can
detect
vulnerabilities
in
in
a
distro-less
images
which
are
also
which
are
also
just
a
sec.
G
G
I
had
a
typo
in
in
my
chat,
so
I'm
pushing
it
to
the
hardboard.
It's
a
distroless
for
java
11..
G
G
Yeah,
you
can
see
that
we
also
detect
vulnerabilities
in
in
industrialized
images
and
then,
since
we
scanned
a
few
things,
let
me
show
you
quickly
the
important
parts
of
the
installation
it's
like
so
the
3d
adapter
has
this
reports
directory.
So,
as
I
explain
in
the
architecture
review,
we
need
some
file
system
space.
One
is
for
a
temporary
reports
where
we
store
scan
results
and
then
we
move
them
to
redis,
which
eventually
is
copied
to
hardware
database.
G
But
this
is
the
more
interesting
part.
This
is
where
we
download
the
pre-built
vulnerability
index
from
github
releases
page,
and
then
there
is
a
cache.
Actually,
this
is
a
pretty
sensitive
and
it's
currently
changing.
We
do
cache
all
the
layers
of
the
scanner
image
and
actually
it
might
grow
quite
fast,
and
this
data
is
redundant
and
actually
scanner
doesn't
need
it.
G
We
are
changing
it
to
only
save
and
cache
the
result
of
scanning
a
given
layer,
so
the
size
of
this
panel
directory
will
will
will
go
down
drastically
with
the
later,
with
the
newer
release
of
the
3d
adapter,
it's
ready
and
I'm
going
to
actually
bump
up
the
3d
adapter
in
hardware.
G
G
Yeah,
most
notably
it's
you
could
actually
choose
by
default,
we
scan
for
os
and
libraries.
You
could
disable
it
and
you
could
also
ignore
unfixed
vulnerabilities.
G
G
G
G
G
I
don't
know
if
you
realize,
but
it's
based
on
photo
noise.
My
intention
was
to
use
photon
3.0
to
only
show
you
the
application,
the
dependencies
like
in
npm
packages
dependencies,
but
anyway,
you
will
see
that
we
can
show
both
like
we
detect.
Basically,
what
is
in
the
package
log
json
file,
and
then
we
display
it
in
the
ui
right.
So
you
see
that
we
have
15
dependencies.
G
F
Hey
daniel
this,
this
is
amazing.
First
of
all,
thank
you
and
your
team
for
all
the
great
work
that
you
all
did
in
basically
making
3v
the
built-in
included
scanner
in
harbor
and,
most
importantly,
working
in
updating
home
charts,
docker
compose
and
everything
else
that
was
necessary.
We're
like
from
the
community
standpoint
we're
super
excited
to
have
3v
to
be
part
of
harbor.
It
offers
us
a
better
experience,
better
scanning,
more
updates.
So
this
is
awesome.
Thank
you.
G
Yeah
thanks,
that's
pleasure
and
yes,
as
you
said,
this
is
like
the.
We
would
like
to
contribute
even
more.
The
ongoing
changes
3d
has
its
root
in
the
cicd
environment,
so
it
started
as
a
you
know,
single
executable,
but
its
architecture
is
flexible
enough,
so
we
can
make
it
more.
You
know
suitable
for
such
integration
as
with
with
hardware
and
also
currently,
we
use
3d
adapter
when
you
deploy
it
in
kubernetes,
it's
deployed
as
a
stateful
set
because
of
the
file
system
structure.
G
I
was
showing
you
and
this
layered
cache
it's
a
file
system.
We
don't
have
any
locking
mechanism,
so
I
was
afraid
of
concurrent
access
to
this
directory
structure,
but
we
are
changing
it
and
it
will
very
soon
refactor
it
to
make
the
3d
adapter
a
more
scalable
deployment.
So
this
is
like
the
outline
of
the
future.
A
Daniel
before,
could
you
turn
back
to
the
your
architecture
diagram?
I
have
a
couple
questions.
G
So
the
3d
adapter
is:
it
has
embedded
3d
executable.
So
when
you.
F
G
A
Okay
and
as
for
the
usage
of
redis,
I
believe
that's
a
job
kill.
So
that's
a
temporary
data
right
in
case
the
yeah.
Yes,.
D
G
Exactly
okay,
what
is
more,
all
the
scan
jobs
do
have
a
configurable
time
to
leave
so.
G
A
G
Exactly
so
and
exactly
db,
you
downloaded
from
the
aqua
security
3vdb.
Actually
I
think
we
were
in
the
morning
reported
an
interesting
fact
that
if
you
download
this
database
very
often
you
might
reach
the
rate
limit
of
github,
but
you
could
provide
a
github
token
to
increase
the
limit
from
60
to
5000.
I
don't
remember,
I
have
actually
opened
the
pr
to
fix
it
right
now,
and
this
is
a
crown
job.
G
A
Yeah
two
further
question:
in
this
part:
sorry
first
does
tv
support
setting
proxy,
I
mean
when
you
installing
it
in
hardware.
A
I
mean
I
mean
the
does
this
support
http
proxy
now,
because
many
hardware
yields
are
running
it
in
the
air
gap,
environment.
G
Yeah,
you
mean
proxy
to
download
the
jvtv
yeah.
That's
a
good
question.
I
need
to
check
with
the
tv,
but
I'm
I
would
say,
probably
not.
A
G
That
would
be
yes,
we
could
probably
edit
very
quickly
it's
a
simple
http
client
to
get
this
dvd
cloud.
A
A
G
Yeah,
so
when
you,
when
you
download
this
file
anonymously,
I
believe
it's
60
requests.
G
G
G
You
will
need
to
specify
it
as
a
configuration
parameter
to
the
hardware
scanner
tv.
So
then
it
is
passed
to
3d
and
then
it
is
using
it
as
an
authentication
to
github.
A
G
So
what
normally
you
know,
this
default
60
request
per
hour
limit
for
us.
We
thought
that
it's
the
reasonable
benefit,
because
you
know
the
database,
you
just
download
it
in
the
beginning
and
then
detect
all
right.
There
is
no
need
to
download
it,
so
we
do
update
it
on
a
daily
basis.
Right
so
let's
say
I
scan
it
today,
so
I
downloaded
it
once
so.
There's
no
chance!
G
I
do
hit
the
rate
limit
unless
I
do
range
styles
and
etc
right
so
tomorrow,
if
I,
if
I
do
scans
tomorrow,
I
have
a
new,
let's
say,
pull
off
of
requests,
so
I
would
say
by
default
no,
the
the
requirement
is
to
be
able
to
download
the
database
from
from
github
page,
but
it's
not
necessary
to
specify
or
configure
github
packet.
G
A
Yeah,
so
so
so
let
me
clarify
so
if
there
are
two
users,
they
install
hardware
at
the
same
time,
and
each
of
them
has
a
60
request
limit.
Is
that
true?
Is
that
correct.
G
If
you
do
not
provide
any
authentication
information,
it's
based
on
the
ip,
so
it
depends
if
they
use
the
same
ip
or
the
same.
You
know
network
interface,
okay,
they
you
know
they
will
be
summing
up.
But
if
we
provide
the
token,
then
it's
token
so
each
user
has
its
own
limit
post.
A
Okay,
so
so
each
other
doesn't
impact
the
other
one
right.
If
that's
true,
I
think
that's,
okay!
Okay,
thanks
do
we
have
any
other
questions
with
daniel.
A
Okay,
thanks
daniel
this
is
awesome,
and
next
one
do.
We
have
ming
here.
D
Screen:
okay,
we
from
harbor
2.0.
We
take
some
enhancement
above
our
hook,
so
I
will
have
a
demonstrate
about
the
enhancement.
D
D
Here
yeah,
I
just
had
a
slack
on
on
point
and
you
may
notice
that
I
have
two
points
in
my
project.
This
is
another
enhancement.
We
enable
that
multiple
bypool
endpoint
support
project,
so
you
can
add
several
web
hook
in
your
projects.
So
let's
try
to
push
one.
D
Yeah
I
have,
I
just
received
the
well
hook,
stand
by
him:
harbor,
here's
the
I've
hooked
up
to
my
seduct
channel.
D
D
Let
me
refresh
it
yeah.
This
is
the
this.
Is
the
http
webhook,
so
you
we
really
send
the
two
wife
hooked
to
different
endpoints.
Why
is
one
http
another
one?
Is
that
and
you
can
also
see
the
trigger
status
from
the
table
here.
D
D
D
Yeah
the
token
you
your
I
can
show
the
here
actually,
when
you
enable
the
webhook
in
stock,
you
you
just
the
select
encode,
the
the
token,
the
channel
information
into
a
secret
screen
screener.
D
So
this
is
the
url,
the
quick
created
by
the
stack
okay.
The
stream
contains
the
channel
information
authentication
information,
because
I
I
didn't
enable
the
authentication
in
my
wipe
a
slack
web
hook.
So
if
I
enable
it
there's
another
screen
to
to
stand
for
the
authentication
information.
D
A
And
by
the
way,
I
think
the
ui
it's
still
in
progress
right
because
they
are
not
quite
aligned.
D
A
E
F
D
D
I
I
may
miss
here
is
that
we,
we
add
several
additional,
even
type,
just
like
the
replication
tag,
retention
called
our
exceed
warning
messages.
A
A
Okay,
since
we
run
you
know
over
time,
do
we
have
any
question?
If
there's
no,
I
will
close
the
meeting
now.
Oh.
H
I
have
one
quick
question:
do
we
have
any
retry
when
a
failure,
notification.
D
It's
the
it's
the
job,
predefined
in
the
job
service.
I
I
remember
that
it
should
be
three
seconds.
D
H
H
C
Oh
daniel,
so
can
you
stay
online
so
michael
need
me
you
and
me
to
do
a
thing
quickly
after
this
meeting.