Harbor UI shows a warning "Vulnerability database might not be fully ready"
book
Article ID: 345572
calendar_today
Updated On:
Products
VMware Tanzu Kubernetes Grid Integrated (TKGi)
Issue/Introduction
Symptoms:
Harbor is unable to update the vulnerability database.
In the Administration > Configuration > Vulnerability tab, you see the warning message similar to:
Vulnerability database might not be fully ready.
Environment
VMware TKGi 1.x
Resolution
To resolve this issue:
Upgrade your harbor instance to Harbor 1.6.x and later.
Ensure that you have specified a non-zero value for the Updater Interval under Clair settings tab in Harbor tile.
Note: Clair will update the database as per the interval mentioned in Updater Interval option. If your updater interval remains or is set to the default value 0, Clair will not update its CVE database.
Ensure that you have an active internet connection to Harbor instance over the port 443. When Harbor is installed in an environment without internet connection, Clair cannot fetch data from the public vulnerability database. Under this circumstance, Harbor administrator needs to manually update the Clair database.
In an intranet network environment, you can configure a proxy to access the Internet. For more information, see Configure Container Vulnerability Scanning Using Clair. In some cases you need to provide the exact URLs which are accessed by Clair. They are documented in the Clair docs book.
Note: Photon OS is not a supported Operating system, i.e. containers built with Photon OS can not be scanned by Clair for vulnerabilities.
Additional Information
Its recommended to upgrade Harbor to 1.6.3 and later to resolve the below additional issues: Clair cannot scan S3 storage because it does not have the CA certificate that signed the S3 storage url Unable to sign images using notary after upgrading to 1.6 : https://github.com/goharbor/harbor/issues/6465