Add "Status" field to Vulnerability in the scan report#28
Merged
reasonerjt merged 1 commit intogoharbor:mainfrom Jul 16, 2025
Merged
Add "Status" field to Vulnerability in the scan report#28reasonerjt merged 1 commit intogoharbor:mainfrom
reasonerjt merged 1 commit intogoharbor:mainfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new Status field to the vulnerability data models and propagates it through the transformer logic and tests.
- Adds a
Statusproperty to the Trivy vulnerability model - Maps the new
Statusfield in the scan transformer and updates Harbor’s model - Extends existing transformer tests to assert on the
Statusvalues
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pkg/trivy/model.go | Added Status field to Vulnerability struct |
| pkg/scan/transformer.go | Populates the new Status field when converting to Harbor model |
| pkg/scan/transformer_test.go | Updated test cases to include expected Status values |
| pkg/harbor/model.go | Added Status field to VulnerabilityItem with JSON tag |
| VulnerabilityID string `json:"VulnerabilityID"` | ||
| PkgName string `json:"PkgName"` | ||
| InstalledVersion string `json:"InstalledVersion"` | ||
| Status string `json:"Status"` |
There was a problem hiding this comment.
[nitpick] Consider defining constants for the valid status values (e.g., "fixed", "won't fix") and using them here and in tests to avoid scattering magic strings.
Suggested change
| Status string `json:"Status"` | |
| Status string `json:"Status"` // Use constants like StatusFixed, StatusWontFix, etc. |
This commit is part of fix of the issue in Harbor: goharbor/harbor#21445 It addes the "Status" field into vulnerabilities of a scan report, so that this information can be passed to "harbor-core" Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com>
reasonerjt
force-pushed
the
support-vuln-status
branch
from
45f9252 to
0b40032
Compare
stonezdj
approved these changes
Jul 16, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit is part of fix of the issue in Harbor: goharbor/harbor#21445
It addes the "Status" field into vulnerabilities of a scan report, so that this information can be passed to "harbor-core"