-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
use syft cli - bps should supply w syft bp
- Loading branch information
Showing
1 changed file
with
63 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,15 +3,19 @@ | |
package sbom | ||
|
||
import ( | ||
"bytes" | ||
"fmt" | ||
"os" | ||
"path/filepath" | ||
|
||
"github.com/anchore/syft/syft" | ||
"github.com/anchore/syft/syft/cpe" | ||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/anchore/syft/syft/pkg/cataloger" | ||
"github.com/anchore/syft/syft/sbom" | ||
"github.com/anchore/syft/syft/source" | ||
"github.com/paketo-buildpacks/packit/v2" | ||
"github.com/paketo-buildpacks/packit/v2/pexec" | ||
"github.com/paketo-buildpacks/packit/v2/postal" | ||
) | ||
|
||
|
@@ -118,6 +122,65 @@ func GenerateFromDependency(dependency postal.Dependency, path string) (SBOM, er | |
}, nil | ||
} | ||
|
||
func GenerateWithSyftCli(layersPath string, layer packit.Layer, mediaTypes ...string) error { | ||
|
||
scanDir := layer.Path | ||
args := []string{"scan", "-q"} | ||
for _, mediatype := range mediaTypes { | ||
sbomWriteLocation := filepath.Join(layersPath, fmt.Sprintf("%s.sbom.%s", layer.Name, getExtension(mediatype))) | ||
|
||
// TODO add @<version> | ||
args = append(args, "--output", fmt.Sprintf("%s=%s", sbomFormatToSyftOutputFormat(mediatype), sbomWriteLocation)) | ||
// todo temporary | ||
fmt.Printf("Writing SBOM to %s\n", sbomWriteLocation) | ||
} | ||
|
||
args = append(args, fmt.Sprintf("dir:%s", scanDir)) | ||
|
||
buffer := bytes.NewBuffer(nil) | ||
if err := pexec.NewExecutable("syft").Execute(pexec.Execution{ | ||
Args: args, | ||
Dir: scanDir, | ||
Stdout: buffer, | ||
Stderr: buffer, | ||
}); err != nil { | ||
return fmt.Errorf("unable to run `syft %s`\n%w\n%s", args, err, buffer) | ||
} | ||
// todo remove | ||
fmt.Println("Finished syft command. output:") | ||
fmt.Println(buffer) | ||
|
||
// TODO clean cyclonedx file which has a timestamp and unique id which always change | ||
return nil | ||
} | ||
|
||
func getExtension(mediatype string) string { | ||
switch mediatype { | ||
case CycloneDXFormat: | ||
return "cdx.json" | ||
case SPDXFormat: | ||
return "spdx.json" | ||
case SyftFormat: | ||
return "syft.json" | ||
default: | ||
return "json" | ||
} | ||
} | ||
|
||
func sbomFormatToSyftOutputFormat(mediatype string) string { | ||
switch mediatype { | ||
case CycloneDXFormat: | ||
// todo temporary | ||
return "[email protected]" | ||
case SPDXFormat: | ||
return "spdx-json" | ||
case SyftFormat: | ||
return "syft-json" | ||
default: | ||
return "json" | ||
} | ||
} | ||
|
||
// InFormats returns a Formatter containing mappings for the given Formats. | ||
func (s SBOM) InFormats(mediaTypes ...string) (Formatter, error) { | ||
var fs []sbom.FormatID | ||
|