223 Commits

Author SHA1 Message Date
37b3345199 fix dependabot alerts
https://github.com/project-zot/zot/pull/629
https://github.com/project-zot/zot/pull/631
https://github.com/project-zot/zot/pull/632

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-15 14:22:39 -07:00
4ae1a908a0 fix dependabot alerts CVE-2022-33082/GHSA-2m4x-4q9j-w97g
https://github.com/project-zot/zot/security/dependabot/24

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-07 23:58:51 -07:00
66484c8ca9 changed go version to 1.18
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-06-09 04:38:06 -07:00
0edee009c0 fix CVE-2022-28946/GHSA-x7f3-62pm-9p38
https://github.com/project-zot/zot/security/dependabot/17
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-06-06 11:43:36 -07:00
d07de27402 fix CVE-2022-26945/GHSA-x24g-9w7v-vprh
https://github.com/project-zot/zot/security/dependabot/22

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-06-06 11:43:36 -07:00
dbe23e58f9 fix CVE-2022-28948/GHSA-hp87-p4gw-j4gq
https://github.com/project-zot/zot/security/dependabot/18

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-25 15:13:45 -07:00
6b841809e3 fix CVE-2022-29173/GHSA-66x3-6cw3-v5gj
https://github.com/project-zot/zot/security/dependabot/16

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-25 11:34:24 -07:00
da4acaf178 sync: preserve upstream digests after syncing images
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-05-25 10:19:36 -07:00
a5e091e3d2 fix CVE-2022-29162/GHSA-f3fp-gc8g-vw66
https://github.com/project-zot/zot/security/dependabot/15

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-24 12:53:48 -07:00
36c9631000 ext: use distribution spec route prefix for extension api
Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-05-22 16:35:16 -07:00
c1bf4456d0 update cosign deps
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-22 09:15:01 -07:00
6d593b468f dependabot alert: fix CVE-2022-29810
https://github.com/project-zot/zot/security/dependabot/14

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-03 14:36:41 -07:00
d19a4bf2a1 build(deps): bump github.com/swaggo/http-swagger from 1.2.5 to 1.2.6
Fixes https://github.com/project-zot/zot/security/dependabot/12

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-04-26 09:31:11 -07:00
4e20ab8a5d go.mod: update dependencies
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-04-15 10:31:37 -07:00
251857fb6e move module deps under project-zot repo
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-21 11:03:19 -07:00
10f0e6c307 fix dependabot alert
https://github.com/project-zot/zot/security/dependabot/10

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-15 16:55:32 -07:00
63d94d4ac5 Update dist-spec version automatically
Warning if config has wrong dist-spec version

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
2022-03-14 10:24:03 -07:00
95e4b2054b upgrade module deps
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-04 13:10:58 -08:00
3b9699c536 go.mod: cleanup deps so 'go mod tidy' works
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-04 13:10:58 -08:00
cf70a8d71e CVE-2022-23648: update dependencies in go.mod
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-03 09:55:48 -08:00
8db3e1b192 CVE-2022-23649: fix dependabot alert
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-02 12:01:14 -08:00
3ada6af0de tls: set min version to 1.2 and restrict cipher suites
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-02 10:03:50 -08:00
bb53552048 bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-11 19:19:16 -08:00
f66d496257 dependabot-alert: update 'github.com/open-policy-agent/opa'
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-11 15:49:54 -08:00
37d150e32f search: graphql api to give detailed repo info
DetailedRepoInfo graphql api returns detailed repo info given repo name
repo contains its manifests info
Each manifest entry contains digest,signed, tag and layers info
Each layer info containes digest, size

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-02-10 16:34:13 -08:00
1e5ea7e09c controller: support rate-limiting incoming requests
helps constraining resource usage and against flood attacks.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-24 12:48:13 -08:00
f251e7af10 update go.mod
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-24 09:15:46 -08:00
3177f87403 ci/cd: upgrade golang to 1.17
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-07 09:46:50 -08:00
9e98b03f55 go.mod: fix GHSA-mvff-h3cj-wj9c
update containerd version

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-01-07 00:07:10 -08:00
cac7fe4854 storage: use sha256-simd from minio
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-28 22:25:11 -08:00
f011192615 fix Dependabot alert about GHSA-v95c-p5hm-xq8f
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-08 09:02:48 -08:00
96226af869 move references to zotregistry.io and project-zot
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-05 10:52:27 -08:00
e42e42a2cc artifacts: initial support for artifacts/notaryv2 spec
https://github.com/oras-project/artifacts-spec
https://github.com/notaryproject/notaryproject

Fixes issue #264

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-01 18:55:39 -08:00
fff6107310 Sync prefix can be an exact match or a glob pattern, closes #297
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-29 13:10:13 -08:00
a176bf7e83 go.mod: fix another dependabot alert
GHSA-77vh-xpmg-72qh

pull in upstream github.com/opencontainers/image-spec where this is
fixed.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-11-18 14:32:20 -08:00
528e239e78 go.mod: tidy go.mod
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-11-18 13:16:47 -08:00
bdfbebeb5a dependabot: fix dependabot alerts
Fix GHSA-77vh-xpmg-72qh
Fix GHSA-5j5w-g665-5m35

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-11-18 11:56:50 -08:00
bb537265cc go.mod: upgrade module deps
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-11-17 14:49:22 -08:00
9c568c0ee2 storage: add s3 backend support (without GC and dedupe)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-15 08:09:00 -08:00
8e4d828867 Implement an API for performance monitoring
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-11-12 11:14:10 -08:00
19003e8a71 Added new extension "sync"
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-21 10:32:46 -07:00
d930adbd49 search: update trivy
trivy updated to v0.20.0
trivy-db updated to bec0c6a
fanal updated to f7efd1b
2021-10-13 16:37:31 -07:00
d69ee3f562 go.mod: update go.mod to fix dependabot alert
https://github.com/advisories/GHSA-c2h3-6mxw-7mvq

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-10-04 14:03:37 -07:00
63fef3e48c search: added graphql api to return repository list with latest tag 2021-09-27 14:36:20 -07:00
0b302d9614 go.mod: update deps to address dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-09-23 13:59:26 -07:00
6f0a73b2a6 go.mod: update umoci dep
There is a performance regression in umoci [1] which is fixed in [2].

References:
[1] https://github.com/opencontainers/umoci/issues/373
[2] https://github.com/opencontainers/umoci/pull/375

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-09-23 10:07:33 -07:00
609d85d875 Add identity-based access control, closes #51
Add a cli subcommand to verify config files validity
2021-08-30 13:56:27 -07:00
26926ad4c2 go.mod: update modules 2021-08-25 11:51:23 -07:00
53b5fa6493 dedupe: stat blob path before creating link 2021-08-09 09:40:35 -07:00
1c1e7358f7 Migrate builds from travis to github actions 2021-06-29 13:58:39 -07:00