Update README.md (#48) (#64)

* Add 400 code response in swagger.yaml for updateRegistry updateReplicationPolicy and headProject (goharbor#22165)

Signed-off-by: yuzhipeng <[email protected]>

* Update FixVersion and ScoreV3 (goharbor#22007)

Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem.

Follow-up of goharbor#21915
Fixes goharbor#21463

Signed-off-by: Spyros Trigazis <[email protected]>

* Add "status" of CVEs to artfact scan report (goharbor#22177)

This commit adds the field "status" to the struct of a vulnerability and adds
column "status" to vulnerability record table.  It makes sure the statuses
of CVEs returned by trivy scanner are persisted and can be returned via
the vulnerabilities addition API of an artifact.

Signed-off-by: Daniel Jiang <[email protected]>

* Improve portal README.md formatting and clarity (goharbor#22173)

improving the portal readme file

Signed-off-by: rgcr <[email protected]>

* chore: Updated RELEASE.md by updating Minor Release Support Map (goharbor#22145)

Updated the Minor Release Support Matrix to include v2.13

Signed-off-by: Mooneeb Hussain <[email protected]>

* Add status field to the API on secyurityHub (goharbor#22182)

This commit makes change to the API GET /api/v2.0/vul to make it include
"status" of CVEs in the response.

It also makes update in the UI to add the "Status" column to the data
grids in security hub and artifact details page.

Signed-off-by: Daniel Jiang <[email protected]>

* Set MAX_JOB_DURATION_SECONDS from jobservice config.yml (goharbor#22116)

Signed-off-by: stonezdj <[email protected]>

* clean up project metadata for tag retention policy after deletion (goharbor#22174)

Signed-off-by: my036811 <[email protected]>

* chore(deps): bump helm.sh/helm/v3 from 3.18.2 to 3.18.3 in /src (goharbor#22113)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: miner <[email protected]>

* chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 in /src (goharbor#22188)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.18.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove testcase Open Image Scanners doc page (goharbor#22180)

Signed-off-by: stonezdj <[email protected]>

* Don't always skip vuln check when artifact is not scannable (goharbor#22187)

fixes goharbor#22143

This commit makes update to the vulnerable policy middleware.  So that
it will skip the sheck only when the artifact is not scannable AND it
does not have a scan report.

Signed-off-by: Daniel Jiang <[email protected]>

* Display download url for BUILD_PACKAGE action (goharbor#22197)

Signed-off-by: stonezdj <[email protected]>

* add the replicaiton adapter whitelist (goharbor#22198)

fixes goharbor#21925

According to https://github.com/goharbor/harbor/wiki/Harbor-Replicaiton-Adapter-Owner, some replication adapters are no longer actively maintained by the Harbor community. To address this, a whitelist environment variable is introduced to define the list of actively supported adapters, which will be used by the Harbor portal and API to display and allow usage.

If you still wish to view and use the unsupported or inactive adapters, you must manually update the whitelist and include the desired adapter names. For the list of adapter names, refer to https://github.com/goharbor/harbor/blob/main/src/pkg/reg/model/registry.go#L22

Signed-off-by: wang yan <[email protected]>

* fix: correct the permission of project maintainer role for webhook policy (goharbor#22135)

Signed-off-by: chlins <[email protected]>

* update the orm filter func (goharbor#22208)

to extend the enhancement from goharbor#21924 to fuzzy and range match. After the enhance, the orm.ExerSep is not supported in any sort of query keywords.

Signed-off-by: wy65701436 <[email protected]>

* bump golang version (goharbor#22205)

to the latest golang version v1.24.5 from v1.24.3

Signed-off-by: wy65701436 <[email protected]>

* Add HTTP 409 error when creating robot account (goharbor#22201)

fixes goharbor#22107

Signed-off-by: stonezdj <[email protected]>

* feat: support raw format for CNAI model (goharbor#22040)

Signed-off-by: chlins <[email protected]>

* The tag retention job failed with 403 error message (goharbor#22159)

fixes goharbor#22141

Signed-off-by: stonezdj <[email protected]>

* remove extra build_base=false && pull_base_from_dockerhub=false check logic (goharbor#22233)

remove extra build_base=false && pull_base_from_dockerhub=false logic
we do not block the case using local chached image(docker build --pull=false) while build_base=false
However we need gurantee always pull latest image while build package
And when there's some rate limit issue in the CICD situation we could set pull_base_from_dockerhub=false

Signed-off-by: my036811 <[email protected]>

* chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.1.19 to 1.1.25 in /src (goharbor#22225)

chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src

Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.1.19 to 1.1.25.
- [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases)
- [Commits](volcengine/volcengine-go-sdk@v1.1.19...v1.1.25)

---
updated-dependencies:
- dependency-name: github.com/volcengine/volcengine-go-sdk
  dependency-version: 1.1.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: miner <[email protected]>

* Delete local cache if the artifact doesn't exist in upstream registry (goharbor#22175)

fixes goharbor#20596

Signed-off-by: stonezdj <[email protected]>

* update the support list of proxy cache (goharbor#22237)

According to PR goharbor#22198, some inactive adapters have been removed from the default adapter list.
This pull request updates PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE accordingly, since the list of proxy cache adapters should be a subset of the replication adapters.

Signed-off-by: wy65701436 <[email protected]>

* bump go version (goharbor#22238)

* feat: Single Active Replication (goharbor#21347)

feat(replication): add Single Active Replication per policy

* Added single_active_replication field to schema & DB table
* Updated API, controller & handler to enforce single execution per policy
* Added checkbox in UI to enable/disable single_active_replication for a
  policy
* Implemented necessary backend & frontend tests
* Prevents parallel runs per policy if single_active_replication is enabled

Signed-off-by: bupd <[email protected]>

* bump base verson for v2.15.0 (goharbor#22241)

Signed-off-by: wy65701436 <[email protected]>

* build base images (goharbor#22249)

1, downgrade the base version to 2.14, and update it whenever we have the release-2.14.0 branch.
2, refresh the base images bses on the latest code.

Signed-off-by: wy65701436 <[email protected]>

* Upload build logs to github artifact (goharbor#22223)

Upload log files to github with 5 day retention

Signed-off-by: stonezdj <[email protected]>

* add prepare migration script for 2.14.0 (goharbor#22247)

Signed-off-by: my036811 <[email protected]>

* chore(deps): bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 in /src (goharbor#22258)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.18.4 to 3.18.5.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.18.4...v3.18.5)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.18.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/checkout from 3 to 5 (goharbor#22250)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.1.25 to 1.1.26 in /src (goharbor#22244)

chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src

Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.1.25 to 1.1.26.
- [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases)
- [Commits](volcengine/volcengine-go-sdk@v1.1.25...v1.1.26)

---
updated-dependencies:
- dependency-name: github.com/volcengine/volcengine-go-sdk
  dependency-version: 1.1.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Return the Resport when the scanner is unhealthy (goharbor#22255)

This commit fixes goharbor#22254
It updates the "GetReport" function, such that when the scanner is
unhealthy, and we can't know the the artifact is supported, we will
still try to return the report stored in DB.

Signed-off-by: Daniel Jiang <[email protected]>

* Refine the sql to query non empty repositories (goharbor#22269)

use exists instead of in condition

Signed-off-by: stonezdj <[email protected]>

* chore(deps): bump github.com/beego/beego/v2 from 2.3.6 to 2.3.8 in /src (goharbor#22282)

Bumps [github.com/beego/beego/v2](https://github.com/beego/beego) from 2.3.6 to 2.3.8.
- [Release notes](https://github.com/beego/beego/releases)
- [Changelog](https://github.com/beego/beego/blob/master/CHANGELOG.md)
- [Commits](beego/beego@v2.3.6...v2.3.8)

---
updated-dependencies:
- dependency-name: github.com/beego/beego/v2
  dependency-version: 2.3.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/prometheus/client_model from 0.6.1 to 0.6.2 in /src (goharbor#22283)

chore(deps): bump github.com/prometheus/client_model in /src

Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.6.1 to 0.6.2.
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](prometheus/client_model@v0.6.1...v0.6.2)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_model
  dependency-version: 0.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/cloudevents/sdk-go/v2 from 2.15.2 to 2.16.1 in /src (goharbor#22281)

chore(deps): bump github.com/cloudevents/sdk-go/v2 in /src

Bumps [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) from 2.15.2 to 2.16.1.
- [Release notes](https://github.com/cloudevents/sdk-go/releases)
- [Commits](cloudevents/sdk-go@v2.15.2...v2.16.1)

---
updated-dependencies:
- dependency-name: github.com/cloudevents/sdk-go/v2
  dependency-version: 2.16.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/go-openapi/swag from 0.23.0 to 0.23.1 in /src (goharbor#22243)

chore(deps): bump github.com/go-openapi/swag in /src

Bumps [github.com/go-openapi/swag](https://github.com/go-openapi/swag) from 0.23.0 to 0.23.1.
- [Commits](go-openapi/swag@v0.23.0...v0.23.1)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/swag
  dependency-version: 0.23.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.1.26 to 1.1.29 in /src (goharbor#22284)

chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src

Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.1.26 to 1.1.29.
- [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases)
- [Commits](volcengine/volcengine-go-sdk@v1.1.26...v1.1.29)

---
updated-dependencies:
- dependency-name: github.com/volcengine/volcengine-go-sdk
  dependency-version: 1.1.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update README.md (#48)

Describe whats different in next

Signed-off-by: Vadim Bauer <[email protected]>

* Update README.md (#54)

Signed-off-by: Vadim Bauer <[email protected]>

* Correct conformance_test GitHub Actions workflow at line 31 (merges into #64)

---------

Signed-off-by: yuzhipeng <[email protected]>
Signed-off-by: Spyros Trigazis <[email protected]>
Signed-off-by: Daniel Jiang <[email protected]>
Signed-off-by: rgcr <[email protected]>
Signed-off-by: Mooneeb Hussain <[email protected]>
Signed-off-by: stonezdj <[email protected]>
Signed-off-by: my036811 <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: wang yan <[email protected]>
Signed-off-by: chlins <[email protected]>
Signed-off-by: wy65701436 <[email protected]>
Signed-off-by: stonezdj <[email protected]>
Signed-off-by: bupd <[email protected]>
Signed-off-by: Vadim Bauer <[email protected]>
Signed-off-by: Prasanth Baskar <[email protected]>
Co-authored-by: yuzhipeng <[email protected]>
Co-authored-by: Spyros Trigazis <[email protected]>
Co-authored-by: Daniel Jiang <[email protected]>
Co-authored-by: Roger <[email protected]>
Co-authored-by: Moon <[email protected]>
Co-authored-by: stonezdj(Daojun Zhang) <[email protected]>
Co-authored-by: miner <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: miner <[email protected]>
Co-authored-by: Wang Yan <[email protected]>
Co-authored-by: Chlins Zhang <[email protected]>
Co-authored-by: Vadim Bauer <[email protected]>
Co-authored-by: cubic Bot <[email protected]>

Author: 12 people

.buildbaselog

@@ -8,6 +8,9 @@
 *   Add date here... Add signature here...
 -   Add your reason here...
 
+*   Aug 12 2025 <[email protected]>
+-   Refresh base image
+
 *   Oct 24 2024 <[email protected]>
 -   Refresh base image
 

.github/workflows/CI.yml

@@ -46,7 +46,7 @@ jobs:
         with:
            go-version: 1.23.2
         id: go
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
         with:
          path: src/github.com/goharbor/harbor
       - name: setup env
@@ -107,7 +107,7 @@ jobs:
         with:
           go-version: 1.23.2
         id: go
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
         with:
           path: src/github.com/goharbor/harbor
       - name: setup env
@@ -148,7 +148,12 @@ jobs:
           df -h
           bash ./tests/showtime.sh ./tests/ci/api_run.sh DB $IP
           df -h
-
+      - name: upload_logs
+        uses: actions/upload-artifact@v4
+        with:
+          name: db-api-harbor-logs.tar.gz
+          path: /home/runner/work/harbor/harbor/src/github.com/goharbor/harbor/integration_logs.tar.gz
+          retention-days: 5
   APITEST_DB_PROXY_CACHE:
     env:
       APITEST_DB: true
@@ -162,7 +167,7 @@ jobs:
         with:
           go-version: 1.23.2
         id: go
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
         with:
           path: src/github.com/goharbor/harbor
       - name: setup env
@@ -203,7 +208,12 @@ jobs:
           df -h
           bash ./tests/showtime.sh ./tests/ci/api_run.sh PROXY_CACHE $IP
           df -h
-
+      - name: upload_logs
+        uses: actions/upload-artifact@v4
+        with:
+          name: proxy-api-harbor-logs.tar.gz
+          path: /home/runner/work/harbor/harbor/src/github.com/goharbor/harbor/integration_logs.tar.gz
+          retention-days: 5
   APITEST_LDAP:
     env:
       APITEST_LDAP: true
@@ -217,7 +227,7 @@ jobs:
         with:
           go-version: 1.23.2
         id: go
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
         with:
           path: src/github.com/goharbor/harbor
       - name: setup env
@@ -256,7 +266,12 @@ jobs:
           cd src/github.com/goharbor/harbor
           bash ./tests/showtime.sh ./tests/ci/api_run.sh LDAP $IP
           df -h
-
+      - name: upload_logs
+        uses: actions/upload-artifact@v4
+        with:
+          name: ldap-api-harbor-logs.tar.gz
+          path: /home/runner/work/harbor/harbor/src/github.com/goharbor/harbor/integration_logs.tar.gz
+          retention-days: 5
   OFFLINE:
     env:
       OFFLINE: true
@@ -270,7 +285,7 @@ jobs:
         with:
           go-version: 1.23.2
         id: go
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
         with:
           path: src/github.com/goharbor/harbor
       - name: setup env
@@ -320,7 +335,7 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: '18'
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
         with:
           path: src/github.com/goharbor/harbor
       - name: script

.github/workflows/build-package.yml

@@ -31,13 +31,13 @@ jobs:
         with:
           docker_version: 20.10
           docker_channel: stable
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - uses: jitterbit/get-changed-files@v1
         id: changed-files
         with:
           format: space-delimited
           token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
         with:
           path: src/github.com/goharbor/harbor
       - name: Build Base Image
@@ -85,7 +85,7 @@ jobs:
           if [ -z "$BUILD_BASE"  ] || [ "$BUILD_BASE" != "true"  ]; then
             echo "Do not need to build base images!"
           else
-            build_base_params=" BUILD_BASE=true PUSHBASEIMAGE=true REGISTRYUSER=\"${{ secrets.DOCKER_HUB_USERNAME }}\" REGISTRYPASSWORD=\"${{ secrets.DOCKER_HUB_PASSWORD }}\""
+            build_base_params=" BUILD_BASE=true PULL_BASE_FROM_DOCKERHUB=true PUSHBASEIMAGE=true REGISTRYUSER=\"${{ secrets.DOCKER_HUB_USERNAME }}\" REGISTRYPASSWORD=\"${{ secrets.DOCKER_HUB_PASSWORD }}\""
           fi
           sudo make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} TRIVYFLAG=true EXPORTERFLAG=true HTTPPROXY= ${build_base_params}
           sudo make package_online GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} TRIVYFLAG=true EXPORTERFLAG=true HTTPPROXY= ${build_base_params}

.github/workflows/codeql-analysis.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v5
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.

.github/workflows/conformance_test.yml

@@ -28,7 +28,8 @@ jobs:
         with:
           go-version: 1.23.2
         id: go
-      - uses: actions/checkout@v3
+      - name: Checkout code
+        uses: actions/checkout@v5
         with:
           path: src/github.com/goharbor/harbor
       - name: before_install

.github/workflows/nightly-trivy-scan.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:

.github/workflows/pass-CI.yml

@@ -11,6 +11,7 @@ on:
       - '!tests/ci/**'
       - '!tests/resources/**'
       - '!tests/robot-cases/**'
+      - '!tests/robot-cases/Group1-Nightly/**'
   push:
     paths:
       - 'docs/**'
@@ -21,6 +22,7 @@ on:
       - '!tests/ci/**'
       - '!tests/resources/**'
       - '!tests/robot-cases/**'
+      - '!tests/robot-cases/Group1-Nightly/**'
 
 jobs:
   UTTEST:

.github/workflows/publish_release.yml

@@ -9,7 +9,7 @@ jobs:
   release:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup env
         run: |
           echo "CUR_TAG=${{ github.ref_name }}" >> $GITHUB_ENV

CONTRIBUTING.md

@@ -168,7 +168,7 @@ Harbor backend is written in [Go](http://golang.org/). If you don't have a Harbo
 | 2.11   | 1.22.3      |
 | 2.12   | 1.23.2      |
 | 2.13   | 1.23.8      |
-| 2.14   | 1.24.3      |
+| 2.14   | 1.24.6      |
 
 
 Ensure your GOPATH and PATH have been configured in accordance with the Go environment instructions.

Makefile

@@ -151,7 +151,7 @@ GOINSTALL=$(GOCMD) install
 GOTEST=$(GOCMD) test
 GODEP=$(GOTEST) -i
 GOFMT=gofmt -w
-GOBUILDIMAGE=golang:1.24.3
+GOBUILDIMAGE=golang:1.24.6
 GOBUILDPATHINCONTAINER=/harbor
 
 # go build
@@ -395,11 +395,6 @@ build:
 		echo Do not push base images since no base images built. ; \
 		exit 1; \
 	fi
-# PULL_BASE_FROM_DOCKERHUB should be true if BUILD_BASE is not true
-	@if [ "$(BUILD_BASE)" != "true" ]  && [ "$(PULL_BASE_FROM_DOCKERHUB)" = "false" ] ; then \
-		echo Should pull base images from registry in docker configuration since no base images built. ; \
-		exit 1; \
-	fi
 	make -f $(MAKEFILEPATH_PHOTON)/Makefile $(BUILDTARGET) -e DEVFLAG=$(DEVFLAG) -e GOBUILDIMAGE=$(GOBUILDIMAGE) -e NODEBUILDIMAGE=$(NODEBUILDIMAGE) \
 	 -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG)  -e DISTRIBUTION_SRC=$(DISTRIBUTION_SRC)\
 	 -e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \