From a32361217ccc42947e44facc595ff577554f19d5 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Tue, 15 Oct 2024 12:17:11 +0200 Subject: [PATCH] wip Signed-off-by: Matthias Bertschy --- build/Dockerfile | 1 + pkg/sbommanager/v1/sbom_manager.go | 44 +++++++++++++++++------------- 2 files changed, 26 insertions(+), 19 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index f6231ff4..c1314e4b 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -12,6 +12,7 @@ RUN --mount=target=. \ FROM gcr.io/distroless/static-debian12:debug COPY --from=builder /out/node-agent /usr/bin/node-agent +COPY syft /usr/bin/syft ARG image_version ENV RELEASE=$image_version diff --git a/pkg/sbommanager/v1/sbom_manager.go b/pkg/sbommanager/v1/sbom_manager.go index 12a1000d..5ec74233 100644 --- a/pkg/sbommanager/v1/sbom_manager.go +++ b/pkg/sbommanager/v1/sbom_manager.go @@ -68,6 +68,7 @@ type imageInfo struct { } func (s *SbomManager) getImageLayers(imageID string) ([]imagedigest.Digest, error) { + res, err := s.imageServiceClient.PullImage(context.Background(), &runtime.PullImageRequest{}) status, err := s.imageServiceClient.ImageStatus(context.Background(), &runtime.ImageStatusRequest{ Image: &runtime.ImageSpec{Image: imageID}, Verbose: true, @@ -100,6 +101,7 @@ func (s *SbomManager) getMountedVolumes(pid string) ([]string, error) { if err != nil { return nil, fmt.Errorf("failed to get mounts: %w", err) } + logger.L().Info("got mounts", helpers.Interface("mounts", mounts)) for _, option := range strings.Split(mounts[0].VFSOptions, ",") { if strings.HasPrefix(option, "lowerdir=") { return strings.Split(option[9:], ":"), nil @@ -167,13 +169,14 @@ func (s *SbomManager) ContainerCallback(notif containercollection.PubSubEvent) { helpers.String("rootFS", rootFS), helpers.Interface("layers", layers)) // create the SBOM - logger.L().Debug("generating SBOM", - helpers.String("imageName", imageName)) + logger.L().Info("getting SBOM source", + helpers.String("userInput", rootFS)) // FIXME: seem to pull image - src, err := syft.GetSource(context.Background(), imageName, syft.DefaultGetSourceConfig().WithBasePath(rootFS)) + src, err := syft.GetSource(context.Background(), rootFS, syft.DefaultGetSourceConfig()) if err != nil { logger.L().Error("Failed to get source", helpers.Error(err), + helpers.String("userInput", rootFS), helpers.String("namespace", notif.Container.K8s.Namespace), helpers.String("pod", notif.Container.K8s.PodName), helpers.String("container", notif.Container.K8s.ContainerName), @@ -183,22 +186,25 @@ func (s *SbomManager) ContainerCallback(notif containercollection.PubSubEvent) { cfg := syft.DefaultCreateSBOMConfig() cfg.ToolName = "syft" cfg.ToolVersion = s.version - syftSBOM, err := syft.CreateSBOM(context.Background(), src, cfg) - if err != nil { - logger.L().Error("Failed to generate SBOM", - helpers.Error(err), - helpers.String("namespace", notif.Container.K8s.Namespace), - helpers.String("pod", notif.Container.K8s.PodName), - helpers.String("container", notif.Container.K8s.ContainerName), - helpers.String("pid", pid)) - return - } - logger.L().Info("SbomManager got SBOM", - helpers.String("namespace", notif.Container.K8s.Namespace), - helpers.String("pod", notif.Container.K8s.PodName), - helpers.String("container", notif.Container.K8s.ContainerName), - helpers.String("pid", pid), - helpers.Interface("sbom", syftSBOM)) + logger.L().Info("creating SBOM", + helpers.String("imageName", imageName), + helpers.Interface("src", src)) + //syftSBOM, err := syft.CreateSBOM(context.Background(), src, cfg) + //if err != nil { + // logger.L().Error("Failed to generate SBOM", + // helpers.Error(err), + // helpers.String("namespace", notif.Container.K8s.Namespace), + // helpers.String("pod", notif.Container.K8s.PodName), + // helpers.String("container", notif.Container.K8s.ContainerName), + // helpers.String("pid", pid)) + // return + //} + //logger.L().Info("SbomManager got SBOM", + // helpers.String("namespace", notif.Container.K8s.Namespace), + // helpers.String("pod", notif.Container.K8s.PodName), + // helpers.String("container", notif.Container.K8s.ContainerName), + // helpers.String("pid", pid), + // helpers.Interface("sbom", syftSBOM)) // match package names with image layers //packages := syftSBOM.Artifacts //var j int