Uploading vulnerabilities.zip and sbom.zip to Tanzu Hub in airgapped environment fails due to incompatibility with external blobstore
search cancel

Uploading vulnerabilities.zip and sbom.zip to Tanzu Hub in airgapped environment fails due to incompatibility with external blobstore

book

Article ID: 429853

calendar_today

Updated On:

Products

VMware Tanzu Platform Core VMware Tanzu Platform - Hub

Issue/Introduction

In air-gapped environments to keep Vulnerability Insights data up to date in Tanzu Hub, there is a requirement to manually upload vulnerabilities.zip and sbom.zip. The steps to do this are in in this document https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-hub/10-3/tnz-hub/vulnerabilities-airgap.html After the upload Tanzu Hub will process the files in order to provide a view in Vulnerability Insights dashboard. 

The failure occurs during the file upload and returns a 500 Internal Server Error

./upload_tvs_data.sh -u https://hub-fqdn/ -f vulnerabilities.zip -t vulnerability
Retrieving authentication token...
Authentication token found
Validating file...
File validation passed
Starting upload...
Uploading file to: https://hub-fqdn//hub/data/document/upload
Document name: vulnerabilities.zip
Category: SECURITY_METADATA
Type: ZIP
Upload progress:
####################################################################
100. 0%
X Upload failed with HTTP status: 500
X Response: ["timestamp": "2026-01-27T17:28:06.350+00:00", "status":500, "error": "Internal Server Error", "path":"/hub/data/document/upload"}
X Upload failed

Environment

Tanzu hub v10.3.0/versitygw 1.0.16 

Cause

The files are uploaded to the blobstore used by Tanzu Hub. If the file upload fails, then the following logs should be checked for errors:

kubectl logs -n tanzusm <ensemble-application-metadata Pod>
kubectl logs -n tanzusm <versityGw Pod>
kubectl logs -n tanzusm <graphql-rest-provider-service Pod>

In this case, the error observed was as shown in versitygw pod:

4:25:18.4512 [thread= 'http-nio-4002-exec-12' user=" org=" trace="] ERROR org.apache.catalina.core.ContainerBase. [Tomcat]. [localhost]. [/]. [dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] threw exception
software.amazon. awssdk.services.3.model.53Exception: The Content-SHA256 you specified did not match what we received Service: S3, Status Code: 400, Request ID:)

The error is related to how the checksum header is being constructed and the Dell ECS not accepting this structure, and computing SHA value incorrectly. 

Resolution

The issue caused by incompatibility between versitygw and the Dell ECS storage. This has been reported in the following open source project https://github.com/versity/versitygw/issues/1867

If you face this issue with another storage provider please open a ticket with Broadcom Support

 

Powered by Wolken Software