zotregistry.dev/zot@v1.4.4-0.20240314164342-eec277e14d20/pkg/extensions/search/search.md (about) 1 # `search` 2 3 `search` component provides efficient and enhanced registry search capabilities using graphQL backend. 4 5 | Supported queries | Input | Ouput | Description | graphQL query | 6 | --- | --- | --- | --- | --- | 7 | [Search images by digest](#search-images-by-digest) | digest | image list | Search all repositories in the registry and return list of images that matches given digest (manifest, config or layers) | ImageListForDigest | 8 | [Search images affected by a given CVE id](#search-images-affected-by-a-given-cve-id) | CVE id | image list | Search the entire registry and return list of images affected by given CVE | ImagesListForCVE | 9 | [List CVEs for a given image](#list-cves-of-given-image) | image | CVE list | Scan given image and return list of CVEs affecting the image | CVEListForImage | 10 | [List images not affected by a given CVE id](#list-images-not-affected-by-a-given-cve-id) | repository, CVE id | image list | Scan all images in a given repository and return list of latest (by date) images not affected by the given CVE |ImagesListWithCVEFixed| 11 | [Latest image from all repos](#list-the-latest-image-across-every-repository) | none | repo summary list | Return the latest image from all the repos in the registry | RepoListWithNewestImage | 12 | [List all images with expanded information for a given repository](#list-all-images-with-expanded-information-for-a-given-repository) | repository | repo info | List expanded repo information for all images in repo, alongisde a repo summary | ExpandedRepoInfo | 13 | [All images in repo](#all-images-in-repo) | repository | image list | Returns all images in the specified repo | ImageList | 14 | [Global search](#global-search) | query | image summary / repo summary / layer summary | Will return what's requested in the query argument | GlobalSearch | 15 | [Derived image list](#search-derived-images) | image | image list | Returns a list of images that depend on the image specified in the arg | DerivedImageList | 16 | [Base image list](#search-base-images) | image | image list | Returns a list of images that the specified image depends on | BaseImageList | 17 | [Get details of a specific image](#get-details-of-a-specific-image) | image | image summary | Returns details about a specific image | Image | 18 | [Get referrers of a specific image](#get-referrers-of-a-specific-image) | repo, digest, type | artifact manifests | Returns a list of artifacts of given type referring to a specific repo and digests | Referrers | 19 20 The examples below only include the GraphQL query without any additional details on how to send them to a server. They were made with the GraphQL playground from the debug binary. You can also use curl to make these queries, here's an example: 21 22 ```bash 23 curl -X POST -H "Content-Type: application/json" --data '{ "query": "{ ImageListForCVE (id:\"CVE-2002-1119\") { Results { RepoName Tag } } }" }' http://localhost:8080/v2/_zot/ext/search 24 ``` 25 26 ## List CVEs of given image 27 28 **Sample request** 29 30 ```graphql 31 { 32 CVEListForImage( 33 image: "alpine:3.17" 34 requestedPage: {limit: 1, offset:1, sortBy: SEVERITY} 35 ) { 36 Tag 37 Page { 38 TotalCount 39 ItemCount 40 } 41 CVEList { 42 Id 43 Title 44 Description 45 Severity 46 PackageList { 47 Name 48 InstalledVersion 49 FixedVersion 50 } 51 } 52 } 53 } 54 ``` 55 56 **Sample response** 57 58 ```json 59 { 60 "data": { 61 "CVEListForImage": { 62 "Tag": "3.17", 63 "Page": { 64 "TotalCount": 9, 65 "ItemCount": 1 66 }, 67 "CVEList": [ 68 { 69 "Id": "CVE-2023-5363", 70 "Title": "openssl: Incorrect cipher key and IV length processing", 71 "Description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", 72 "Severity": "HIGH", 73 "PackageList": [ 74 { 75 "Name": "libcrypto3", 76 "InstalledVersion": "3.0.8-r0", 77 "FixedVersion": "3.0.12-r0" 78 }, 79 { 80 "Name": "libssl3", 81 "InstalledVersion": "3.0.8-r0", 82 "FixedVersion": "3.0.12-r0" 83 } 84 ] 85 } 86 ] 87 } 88 } 89 } 90 ``` 91 92 ## Search images affected by a given CVE id 93 94 **Sample request** 95 96 ```graphql 97 { 98 ImageListForCVE(id: "CVE-2023-0464") { 99 Results{ 100 RepoName 101 Tag 102 Digest 103 LastUpdated 104 IsSigned 105 Size 106 Vendor 107 DownloadCount 108 Licenses 109 Title 110 Manifests { 111 Digest 112 ConfigDigest 113 Platform { 114 Os 115 Arch 116 } 117 } 118 } 119 } 120 } 121 ``` 122 123 **Sample response** 124 125 ```json 126 { 127 "data": { 128 "ImageListForCVE": { 129 "Results": [ 130 { 131 "RepoName": "alpine", 132 "Tag": "3.17", 133 "Digest": "sha256:75bfe77c8d5a76b4421cfcebbd62a28ae70d10147578d0cda45820e99b0ef1d8", 134 "LastUpdated": "2023-02-11T04:46:42.558343068Z", 135 "IsSigned": true, 136 "Size": "3375436", 137 "Vendor": "", 138 "DownloadCount": 0, 139 "Licenses": "", 140 "Title": "", 141 "Manifests": [ 142 { 143 "Digest": "sha256:75bfe77c8d5a76b4421cfcebbd62a28ae70d10147578d0cda45820e99b0ef1d8", 144 "ConfigDigest": "sha256:6a2bcc1c7b4c9207f791a4512d7f2fa8fc2daeae58dbc51cb2797b05415f082a", 145 "Platform": { 146 "Os": "linux", 147 "Arch": "amd64" 148 } 149 } 150 ] 151 }, 152 ] 153 } 154 } 155 } 156 ``` 157 158 ## List images not affected by a given CVE id 159 160 **Sample request** 161 162 ```graphql 163 { 164 ImageListWithCVEFixed(id: "CVE-2023-0464", image: "ubuntu") { 165 Results { 166 RepoName 167 Tag 168 Digest 169 LastUpdated 170 Manifests { 171 Digest 172 ConfigDigest 173 } 174 } 175 } 176 } 177 ``` 178 179 **Sample response** 180 181 ```json 182 { 183 "data": { 184 "ImageListWithCVEFixed": { 185 "Results": [ 186 { 187 "RepoName": "ubuntu", 188 "Tag": "kinetic", 189 "Digest": "sha256:1ac35e499e330f6520e80e91b29a55ff298077211f5ed66aff5cb357cca4a28f", 190 "LastUpdated": "2022-10-14T15:28:55.0263968Z", 191 "Manifests": [ 192 { 193 "Digest": "sha256:1ac35e499e330f6520e80e91b29a55ff298077211f5ed66aff5cb357cca4a28f", 194 "ConfigDigest": "sha256:824c0269745923afceb9765ae24f5b331bb6fcf2a82f7eba98b3cfd543afb41e" 195 } 196 ] 197 }, 198 { 199 "RepoName": "ubuntu", 200 "Tag": "kinetic-20220922", 201 "Digest": "sha256:79eae04a0e32878fef3f8c5f901c32f6704c4a80b7f3fd9d89629e15867acfff", 202 "LastUpdated": "2022-10-14T15:27:41.2144454Z", 203 "Manifests": [ 204 { 205 "Digest": "sha256:79eae04a0e32878fef3f8c5f901c32f6704c4a80b7f3fd9d89629e15867acfff", 206 "ConfigDigest": "sha256:15c8dcf63970bb14ea36e41aa001b87d8d31e25a082bf6f659d12489d3e53d90" 207 } 208 ] 209 } 210 ] 211 } 212 } 213 } 214 ``` 215 216 ## Search images by digest 217 218 **Sample request** 219 220 ```graphql 221 { 222 ImageListForDigest( 223 id: "79eae04a0e32878fef3f8c5f901c32f6704c4a80b7f3fd9d89629e15867acfff" 224 ) { 225 Results{ 226 RepoName 227 Tag 228 Title 229 } 230 } 231 } 232 ``` 233 234 **Sample response** 235 236 ```json 237 { 238 "data": { 239 "ImageListForDigest": { 240 "Results": [ 241 { 242 "RepoName": "ubuntu", 243 "Tag": "kinetic-20220922", 244 "Title": "ubuntu" 245 } 246 ] 247 } 248 } 249 } 250 ``` 251 252 ## List the latest image across every repository 253 254 **Sample request** 255 256 ```graphql 257 { 258 RepoListWithNewestImage(requestedPage: {limit: 2, offset:0, sortBy: ALPHABETIC_ASC}) { 259 Page { 260 TotalCount 261 ItemCount 262 } 263 Results { 264 Name 265 LastUpdated 266 Size 267 Platforms { 268 Os 269 Arch 270 } 271 NewestImage { 272 Digest 273 Tag 274 } 275 } 276 } 277 } 278 ``` 279 280 **Sample response** 281 282 ```json 283 { 284 "data": { 285 "RepoListWithNewestImage": { 286 "Page": { 287 "TotalCount": 30, 288 "ItemCount": 2 289 }, 290 "Results": [ 291 { 292 "Name": "mariadb", 293 "LastUpdated": "2022-10-18T14:56:33.1993083+03:00", 294 "Size": "124116964", 295 "Platforms": [ 296 { 297 "Os": "linux", 298 "Arch": "amd64" 299 } 300 ], 301 "NewestImage": { 302 "Digest": "sha256:49a299f5c4b1af5bc2aa6cf8e50ab5bad85db4d0095745369acfc1934ece99d0", 303 "Tag": "latest" 304 } 305 }, 306 { 307 "Name": "tomcat", 308 "LastUpdated": "2022-10-18T14:55:13.8303866+03:00", 309 "Size": "311658063", 310 "Platforms": [ 311 { 312 "Os": "linux", 313 "Arch": "amd64" 314 } 315 ], 316 "NewestImage": { 317 "Digest": "sha256:bbc5a3912b568fbfb5912beaf25054f1f407c32a53acae29f19ad97485731a78", 318 "Tag": "jre17" 319 } 320 } 321 ] 322 } 323 } 324 } 325 ``` 326 327 ## All images in repo 328 329 **Sample request** 330 331 ```graphql 332 { 333 ImageList (repo: "ubuntu") { 334 Results { 335 Tag 336 Digest 337 LastUpdated 338 Size 339 } 340 } 341 } 342 ``` 343 344 **Sample response** 345 346 ```json 347 { 348 "data": { 349 "ImageList": { 350 "Results": [ 351 { 352 "Tag": "jammy", 353 "Digest": "sha256:f96fcb040c7ee00c037c758cf0ab40638e6ee89b03a9d639178fcbd0e7f96d27", 354 "LastUpdated": "2022-10-14T15:29:18.0325322Z", 355 "Size": "30472739" 356 }, 357 { 358 "Tag": "jammy-20221003", 359 "Digest": "sha256:86681debca1719dff33f426a0f5c41792ebc52496c5d78a93b655b8b48fb71b2", 360 "LastUpdated": "2022-10-14T15:29:07.0004587Z", 361 "Size": "30472748" 362 }, 363 { 364 "Tag": "kinetic", 365 "Digest": "sha256:1ac35e499e330f6520e80e91b29a55ff298077211f5ed66aff5cb357cca4a28f", 366 "LastUpdated": "2022-10-14T15:28:55.0263968Z", 367 "Size": "27498890" 368 }, 369 { 370 "Tag": "kinetic-20220922", 371 "Digest": "sha256:79eae04a0e32878fef3f8c5f901c32f6704c4a80b7f3fd9d89629e15867acfff", 372 "LastUpdated": "2022-10-14T15:27:41.2144454Z", 373 "Size": "27498899" 374 }, 375 { 376 "Tag": "latest", 377 "Digest": "sha256:9bc6d811431613bf2fd8bf3565b319af9998fc5c46304022b647c63e1165657c", 378 "LastUpdated": "2022-10-14T15:26:59.6707939Z", 379 "Size": "30472740" 380 }, 381 { 382 "Tag": "rolling", 383 "Digest": "sha256:72e75626c5068b9d9a462c4fc80a29787d0cf61c8abc81bfd5ea69f6248d56fc", 384 "LastUpdated": "2022-10-14T15:27:21.2441356Z", 385 "Size": "30472741" 386 } 387 ] 388 } 389 } 390 } 391 ``` 392 393 ## List all images with expanded information for a given repository 394 395 **Sample request** 396 397 ```graphql 398 { 399 ExpandedRepoInfo(repo: "ubuntu") { 400 Images { 401 Tag 402 Digest 403 } 404 Summary { 405 LastUpdated 406 Size 407 NewestImage { 408 Tag 409 LastUpdated 410 Digest 411 } 412 } 413 } 414 } 415 ``` 416 417 **Sample response** 418 419 ```json 420 { 421 "data": { 422 "ExpandedRepoInfo": { 423 "Images": [ 424 { 425 "Tag": "jammy", 426 "Digest": "sha256:f96fcb040c7ee00c037c758cf0ab40638e6ee89b03a9d639178fcbd0e7f96d27" 427 }, 428 { 429 "Tag": "jammy-20221003", 430 "Digest": "sha256:86681debca1719dff33f426a0f5c41792ebc52496c5d78a93b655b8b48fb71b2" 431 }, 432 { 433 "Tag": "kinetic", 434 "Digest": "sha256:1ac35e499e330f6520e80e91b29a55ff298077211f5ed66aff5cb357cca4a28f" 435 }, 436 { 437 "Tag": "kinetic-20220922", 438 "Digest": "sha256:79eae04a0e32878fef3f8c5f901c32f6704c4a80b7f3fd9d89629e15867acfff" 439 }, 440 { 441 "Tag": "rolling", 442 "Digest": "sha256:72e75626c5068b9d9a462c4fc80a29787d0cf61c8abc81bfd5ea69f6248d56fc" 443 }, 444 { 445 "Tag": "latest", 446 "Digest": "sha256:9bc6d811431613bf2fd8bf3565b319af9998fc5c46304022b647c63e1165657c" 447 } 448 ], 449 "Summary": { 450 "LastUpdated": "2022-10-14T15:29:18.0325322Z", 451 "Size": "58146896", 452 "NewestImage": { 453 "Tag": "jammy", 454 "LastUpdated": "2022-10-14T15:29:18.0325322Z", 455 "Digest": "sha256:f96fcb040c7ee00c037c758cf0ab40638e6ee89b03a9d639178fcbd0e7f96d27" 456 } 457 } 458 } 459 } 460 } 461 ``` 462 463 ## Global search 464 465 **Sample request** 466 467 ```graphql 468 { 469 GlobalSearch(query: "ubuntu:latest") { 470 Page { 471 ItemCount 472 TotalCount 473 } 474 Images { 475 RepoName 476 Tag 477 LastUpdated 478 Manifests { 479 Digest 480 Layers { 481 Size 482 Digest 483 } 484 } 485 } 486 } 487 } 488 ``` 489 490 **Sample response** 491 492 ```json 493 { 494 "data": { 495 "GlobalSearch": { 496 "Page": { 497 "ItemCount": 1, 498 "TotalCount": 1 499 }, 500 "Images": [ 501 { 502 "RepoName": "ubuntu", 503 "Tag": "latest", 504 "LastUpdated": "2022-10-14T15:26:59.6707939Z", 505 "Manifests": [ 506 { 507 "Digest": "sha256:9bc6d811431613bf2fd8bf3565b319af9998fc5c46304022b647c63e1165657c", 508 "Layers": [ 509 { 510 "Size": "30428928", 511 "Digest": "sha256:cf92e523b49ea3d1fae59f5f082437a5f96c244fda6697995920142ff31d59cf" 512 } 513 ] 514 } 515 ] 516 } 517 ] 518 } 519 } 520 } 521 ``` 522 523 **Sample request** 524 525 ```graphql 526 { 527 GlobalSearch(query: "") { 528 Repos { 529 Name 530 } 531 } 532 } 533 ``` 534 535 **Sample response** 536 537 ```json 538 { 539 "data": { 540 "GlobalSearch": { 541 "Repos": [ 542 { 543 "Name": "centos" 544 }, 545 { 546 "Name": "ubuntu" 547 } 548 ] 549 } 550 } 551 } 552 ``` 553 554 ## Search derived images 555 556 **Sample query** 557 558 ```graphql 559 { 560 DerivedImageList(image: "ubuntu:latest", requestedPage: {offset: 0, limit: 10}) { 561 Page { 562 TotalCount 563 ItemCount 564 } 565 Results { 566 RepoName 567 Tag 568 LastUpdated 569 } 570 } 571 } 572 ``` 573 574 **Sample response** 575 576 ```json 577 { 578 "data": { 579 "DerivedImageList": { 580 "Page": { 581 "TotalCount": 9, 582 "ItemCount": 9 583 }, 584 "Results": [ 585 { 586 "RepoName": "mariadb", 587 "Tag": "latest", 588 "LastUpdated": "2022-10-18T14:56:33.1993083+03:00" 589 }, 590 { 591 "RepoName": "maven", 592 "Tag": "latest", 593 "LastUpdated": "2022-10-14T18:30:12.0929807+03:00" 594 }, 595 { 596 "RepoName": "tomcat", 597 "Tag": "latest", 598 "LastUpdated": "2022-10-18T14:50:09.7229959+03:00" 599 }, 600 { 601 "RepoName": "tomcat", 602 "Tag": "jre17", 603 "LastUpdated": "2022-10-18T14:55:13.8303866+03:00" 604 }, 605 { 606 "RepoName": "tomcat", 607 "Tag": "jre17-temurin", 608 "LastUpdated": "2022-10-18T14:54:46.4133521+03:00" 609 }, 610 { 611 "RepoName": "tomcat", 612 "Tag": "jre17-temurin-jammy", 613 "LastUpdated": "2022-10-18T14:51:12.235475+03:00" 614 } 615 ] 616 } 617 } 618 } 619 ``` 620 621 ## Search base images 622 623 **Sample query** 624 625 ```graphql 626 { 627 BaseImageList(image: "mariadb:latest", requestedPage: {offset: 0, limit: 10}) { 628 Page { 629 TotalCount 630 ItemCount 631 } 632 Results { 633 RepoName 634 Tag 635 LastUpdated 636 } 637 } 638 } 639 ``` 640 641 **Sample response** 642 643 ```json 644 { 645 "data": { 646 "BaseImageList": { 647 "Page": { 648 "TotalCount": 4, 649 "ItemCount": 4 650 }, 651 "Results": [ 652 { 653 "RepoName": "ubuntu", 654 "Tag": "jammy", 655 "LastUpdated": "2022-10-14T18:29:18.0325322+03:00" 656 }, 657 { 658 "RepoName": "ubuntu", 659 "Tag": "jammy-20221003", 660 "LastUpdated": "2022-10-14T18:29:07.0004587+03:00" 661 }, 662 { 663 "RepoName": "ubuntu", 664 "Tag": "latest", 665 "LastUpdated": "2022-10-14T18:26:59.6707939+03:00" 666 }, 667 { 668 "RepoName": "ubuntu", 669 "Tag": "rolling", 670 "LastUpdated": "2022-10-14T18:27:21.2441356+03:00" 671 } 672 ] 673 } 674 } 675 } 676 ``` 677 678 ## Get details of a specific image 679 680 **Sample query** 681 682 ```graphql 683 { 684 Image(image: "mariadb:latest") { 685 RepoName 686 Tag 687 LastUpdated 688 Digest 689 Description 690 } 691 } 692 ``` 693 694 **Sample response** 695 696 ```json 697 { 698 "data": { 699 "Image": { 700 "RepoName": "mariadb", 701 "Tag": "latest", 702 "LastUpdated": "2022-10-18T14:56:33.1993083+03:00", 703 "Digest": "sha256:49a299f5c4b1af5bc2aa6cf8e50ab5bad85db4d0095745369acfc1934ece99d0", 704 "Description": "MariaDB Server is a high performing open source relational database, forked from MySQL." 705 } 706 } 707 } 708 ``` 709 710 ## Get referrers of a specific image 711 712 **Sample query** 713 714 ```graphql 715 { 716 Referrers( 717 repo: "golang" 718 digest: "sha256:fed08b0eaea00aab17f82ecbb78675919d216c72eea985581758191f694aeaf7" 719 type: "application/vnd.example.icecream.v1" 720 ) { 721 MediaType 722 ArtifactType 723 Digest 724 Annotations { 725 Key 726 Value 727 } 728 } 729 } 730 ``` 731 732 **Sample response** 733 734 ```json 735 { 736 "data": { 737 "Referrers": [ 738 { 739 "MediaType": "application/vnd.oci.artifact.manifest.v1+json", 740 "ArtifactType": "application/vnd.example.icecream.v1", 741 "Digest": "sha256:be7a3d01c35a2cf53c502e9dc50cdf36b15d9361c81c63bf319f1d5cbe44ab7c", 742 "Annotations": [ 743 { 744 "Key": "format", 745 "Value": "oci" 746 }, 747 { 748 "Key": "demo", 749 "Value": "true" 750 } 751 ] 752 }, 753 { 754 "MediaType": "application/vnd.oci.artifact.manifest.v1+json", 755 "ArtifactType": "application/vnd.example.icecream.v1", 756 "Digest": "sha256:d9ad22f41d9cb9797c134401416eee2a70446cee1a8eb76fc6b191f4320dade2", 757 "Annotations": [ 758 { 759 "Key": "demo", 760 "Value": "true" 761 }, 762 { 763 "Key": "format", 764 "Value": "oci" 765 } 766 ] 767 } 768 ] 769 } 770 } 771 ```