SBOMs support and new security features in registry.cern.ch

Name: SBOMs support and new security features in registry.cern.ch
Start: 2025-03-18T16:30:00+01:00
End: 2025-03-18T17:30:00+01:00
Location: CERN

Tuesday 18 Mar 2025, 16:30 → 17:30 Europe/Zurich

600/R-002 (CERN)

600/R-002

CERN

Show room on map

Description

We have completed the upgrade of registry.cern.ch to harbor version v2.12.1. https://cern.service-now.com/service-portal?id=outage&n=OTG0153807

The most interesting parts security-wise are:

1. the support for SBOMs, automatic generation on push and on demand for existing artifacts,
added as of 2.11.0 https://github.com/goharbor/harbor/releases/tag/v2.11.0,
docs: https://goharbor.io/docs/2.12.0/administration/sbom-integration/,
see attached screenshot,
example sbom
2. the security hub that gives an overview of vulnerabilities,
see attached screenshot and https://goharbor.io/docs/2.12.0/administration/security-hub/

3. bypass of login via password which redirects to auth.cern.ch directly,
see Primary auth mode in the documentation https://goharbor.io/docs/2.12.0/administration/configure-authentication/oidc-auth/

Now that we can easily collect the data regarding CVEs and have the first go in visualizing them, we would like to follow up with the security team:
* how to grant you access on which level of information
* what policies we can introduce at runtime on kubernetes clusters, monitor those policies in clusters etc

The agenda of this meeting is empty

Choose timezone

SBOMs support and new security features in registry.cern.ch

600/R-002

CERN