Report
The ext.report
module defines the ArtifactReport
class, which aggregates several ArtifactInfo
objects. Through this class, one can query the aggregated data for all artifacts affected by a given vulnerability, all artifacts who have a given vulnerable package, etc.
This allows for a deeper analysis of the vulnerabilities affecting your artifacts, and can be used to generate reports, or to take action on the artifacts that are affected by a given vulnerability.
Given a list of ArtifactInfo objects, we can query the aggregated data to find all artifacts affected by a given vulnerability:
from harborapi import HarborAsyncClient
from harborapi.ext.api import get_artifact_vulnerabilities
from harborapi.ext.report import ArtifactReport
client = HarborAsyncClient(...)
artifacts = await get_artifact_vulnerabilities(client)
# Instantiate the ArtifactReport from the fetched artifacts
report = ArtifactReport(artifacts)
filtered_report = report.with_cve("CVE-2020-0001")
# iterating on ArtifactReport yields ArtifactInfo objects
for artifact in filtered_report:
print(artifact.repository.name, artifact.artifact.digest)
All ArtifactReport.with_*
methods return new ArtifactReport objects.
More granular package filtering
We can also query the report for all artifacts who have a given vulnerable package:
The search is case-insensitive by default, but can be made case-sensitive by setting the case_sensitive
argument to True
:
filtered_report = report.with_package(
"OpenSSL", # WARNING: package is likely named openssl!
case_sensitive=True,
)
We can further narrow down the results by specifying minimum and/or maximum versions of the package:
All text-based queries support regular expressions. For example, to find all artifacts with a package name that starts with openssl
:
Chaining filters
As previously mentioned, all ArtifactReport.with_*
methods return new ArtifactReport
objects, so they can be chained together to easily filter a report with multiple criteria.