zorg1331 

Thank you for reporting the issue. For the image scanning process, we need to call three APIs in a specific sequence.

Firstly, we need to make an HTTP POST request to "/v1/auth" endpoint with login credentials to obtain a security token. This token will be required for the subsequent API calls.

Next, we need to make an HTTP POST request to "/v1/scan/repository" endpoint with the security token added to the header. This API call will perform the actual image scan and return the scan result.

Finally, we need to make an HTTP DELETE request to "/v1/auth" endpoint to log out from the server.

To make it easy for our users, we only require them to provide the API server's hostname/IP and port. We handle the subpaths in the code and make the details transparent to the user.

So, to use a URL to replace the hostname/IP + port is not necessary or relevant for our use cases.

Hi neuvector,

Thanks for reply. Even from the provided description I, to be honest, do not see why the same procedure can not be applied to the URL instead of IP address. For instance, instead of adding suffixes like "/v1/auth" to IP address one can just add them to the provided URL. This would allow users more control and flexibility as they would be able to:

• still provide an IP address, if they wish;
• choose HTTP scheme to use;
• choose arbitrary port;
• support non-default reverse proxy configuration, when API endpoints are exposed under non-default path.

hi Pavel,

to support the controller API  URL, I create PR https://github.com/jenkinsci/neuvector-vulnerability-scanner-plugin/pull/41