Integration into Container Registry

[Vad1mo]

Hey all 👋,

EOL reports are an underrated topic. Not only provides it's a list of EOL libs and tools, but also provides an indicator/metric on the general health/technical depth of software within an organization.

I am one of the maintainers of project Harbor, and stumbled across this very interesting tool.
This made me curious to see and find out if and how it would be possible to display a report in the UI and attach the report results to the image.

Harbor has https://github.com/goharbor/pluggable-scanner-spec covering vulnerability and sbom, I was wondering if we could extend the spec and include EOL or any other way.

I am happy to collaborate with you and explorer the possibilities and integration options.

[noqcks]

Hi @Vad1mo, love the idea.

I was just looking at the harbor docs and some other scanners. Just trying to think about how it would work to convert Xeol to a Harbor scanner:

• align on pluggable scanner spec for EOL
• create the harbor scanner for Xeol, which involves wrapping an http server around Xeol to handle requests from Harbor
• return specified spec format after scan

I'm might be missing some details, but high level is this what setting up a harbor scanner involves? Does a harbor scanner require any data persistence, or is it stateless?