Gaps fill up, fixes, ui restructuring
This commit is contained in:
master
@@ -23,6 +23,7 @@ The OCI Distribution Spec v1.1 introduced the native referrers API (), which ena
|
||||
| **Harbor 1.x** | No | Yes | N/A | Fallback only |
|
||||
| **Quay.io** | Partial | Yes | Limited | Support varies by version and configuration |
|
||||
| **JFrog Artifactory** | Partial | Yes | Limited | Requires OCI layout repository type |
|
||||
| **GitLab Container Registry** | No | Yes | N/A | Stores OCI artifacts with `subject` field but does not expose referrers endpoint; use tag-based fallback or GitLab-specific APIs |
|
||||
| **Zot** | Yes | Yes | Yes | Full OCI 1.1 support |
|
||||
| **Distribution (registry:2)** | No | Yes | N/A | Reference implementation without referrers API |
|
||||
|
||||
@@ -60,7 +61,9 @@ The OCI Distribution Spec v1.1 introduced the native referrers API (), which ena
|
||||
- **Fallback**: Yes, as backup
|
||||
- **Authentication**: Google Cloud service account or gcloud auth
|
||||
- **Rate Limits**: Generous; project quotas apply
|
||||
- **Known Issues**: None significant
|
||||
- **Known Issues**:
|
||||
- Google Artifact Registry also exposes an **attachments model** (`gcloud artifacts attachments list`) as an alternative metadata UX alongside the standard OCI referrers endpoint. StellaOps uses the standard OCI API; the Google-specific attachments API is not required.
|
||||
- Some non-Docker format features may be in public preview; Docker/OCI artifact discovery is stable.
|
||||
|
||||
### Amazon Elastic Container Registry (ECR)
|
||||
|
||||
@@ -89,16 +92,18 @@ The OCI Distribution Spec v1.1 introduced the native referrers API (), which ena
|
||||
- **Known Issues**:
|
||||
- Harbor 1.x does not support referrers API
|
||||
- Project-level permissions required
|
||||
- Harbor UI may display cosign signatures or SBOM referrers as **"UNKNOWN"** artifact type in versions around v2.15+; this is a Harbor UI classification issue and does not affect API-level discovery or StellaOps functionality
|
||||
|
||||
### Quay.io / Red Hat Quay
|
||||
|
||||
- **API Support**: Partial (version-dependent)
|
||||
- **API Support**: Partial (version-dependent); Red Hat has announced full OCI Referrers API support on Quay.io
|
||||
- **Fallback**: Yes
|
||||
- **Authentication**: Robot account or OAuth token
|
||||
- **Rate Limits**: Account tier dependent
|
||||
- **Known Issues**:
|
||||
- Support varies significantly by version
|
||||
- Some deployments may have referrers API disabled
|
||||
- Self-hosted Quay deployments may require **admin toggles or deployment flags** to enable the referrers API; if referrer discovery is inconsistent, verify the feature is enabled in the Quay configuration
|
||||
|
||||
### JFrog Artifactory
|
||||
|
||||
@@ -110,6 +115,17 @@ The OCI Distribution Spec v1.1 introduced the native referrers API (), which ena
|
||||
- Repository must be configured as Docker with OCI layout
|
||||
- Referrers API requires Artifactory 7.x+
|
||||
|
||||
### GitLab Container Registry
|
||||
|
||||
- **API Support**: No native referrers API
|
||||
- **Fallback**: Yes, required for all referrer discovery
|
||||
- **Authentication**: GitLab deploy token, personal access token, or CI job token with `read_registry` scope
|
||||
- **Rate Limits**: Instance-dependent
|
||||
- **Known Issues**:
|
||||
- Stores OCI artifacts with `subject` field but does not expose a referrers endpoint
|
||||
- Referrer discovery must use tag-schema fallback or GitLab-specific APIs
|
||||
- Discovery behavior mirrors GHCR: push referrers with tag-schema pattern and enumerate via tag listing
|
||||
|
||||
## Discovery Methods
|
||||
|
||||
### Native Referrers API (OCI 1.1)
|
||||
|
||||
Reference in New Issue
Block a user