Skip to content

Artifact info

The harborapi.ext.artifact module defines the ArtifactInfo class, which is a class that is composed of multiple Harbor API models:

Which in simplified Python code looks like this:

class ArtifactInfo:
    artifact: Artifact
    repository: Repository
    report: HarborVulnerabilityReport

The ArtifactInfo class thus provides the complete information for a given artifact, including its repository and its vulnerability report. This makes all the information about an artifact available in one place.

Several helper methods are defined to make use of the information available in the ArtifactInfo object. See the ArtifactInfo object reference for more information.

Most functions defined in harborapi.ext.api return ArtifactInfo objects (or lists of them), unless otherwise specified.

Why ArtifactInfo?

The ArtifactInfo class exists because the full information about an artifact is not returned by HarborAsyncClient.get_artifact due to the way the API specification is written. The API specification for an Artifact does not include its repository name (the name by which you usally refer to the artifact, e.g. library/hello-world), nor its vulnerabilities.

To that end, we also need to fetch the artifact's Repository in a separate API call. This gives us the project name and the repository name for the artifact, among other things.

Furthermore, if we wish to fetch the vulnerabilities of an Artifact, we need to fetch its HarborVulnerabilityReport. This is, again, a separate API call. The report we get from HarborAsyncClient.get_artifact(..., with_scan_overview=True) is not sufficient, as it is merely an overview of the vulnerabilities, not the full report. Hence the need for this separate API call.

Together, these 3 models combine to make an ArtifactInfo object.

Through functions such as harborapi.ext.get_artifacts and harborapi.ext.get_artifact_vulnerabilities, we can fetch multiple artifacts and their associated repo and report with a single function call, which also executes the requests concurrently. This is much more efficient than fetching each artifact, repo, and report individually and in sequence.