use grype document instead of sbom

kubescape · Jun 5, 2024 · a6f93d2 · a6f93d2
1 parent 9e4139a
commit a6f93d2
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 32 deletions.
diff --git a/adapters/mockplatform.go b/adapters/mockplatform.go
@@ -45,7 +45,7 @@ func (m MockPlatform) SendStatus(ctx context.Context, _ int) error {
 }
 
 // SubmitCVE logs the given ID for CVE calculation
-func (m MockPlatform) SubmitCVE(ctx context.Context, _ domain.SBOM, _ domain.CVEManifest, _ domain.CVEManifest) error {
+func (m MockPlatform) SubmitCVE(ctx context.Context, _ domain.CVEManifest, _ domain.CVEManifest) error {
 	_, span := otel.Tracer("").Start(ctx, "MockPlatform.SubmitCVE")
 	defer span.End()
 	return nil

diff --git a/adapters/mockplatform_test.go b/adapters/mockplatform_test.go
@@ -25,6 +25,6 @@ func TestMockPlatform_SendStatus(t *testing.T) {
 func TestMockPlatform_SubmitCVE(t *testing.T) {
 	m := NewMockPlatform(true)
 	ctx := context.TODO()
-	err := m.SubmitCVE(ctx, domain.SBOM{}, domain.CVEManifest{}, domain.CVEManifest{})
+	err := m.SubmitCVE(ctx, domain.CVEManifest{}, domain.CVEManifest{})
 	assert.NoError(t, err)
 }
diff --git a/adapters/v1/backend.go b/adapters/v1/backend.go
@@ -160,7 +160,7 @@ func (a *BackendAdapter) reportFromContext(ctx context.Context) (*sysreport.Base
 }
 
 // SubmitCVE submits the given CVE to the platform
-func (a *BackendAdapter) SubmitCVE(ctx context.Context, sbom domain.SBOM, cve domain.CVEManifest, cvep domain.CVEManifest) error {
+func (a *BackendAdapter) SubmitCVE(ctx context.Context, cve domain.CVEManifest, cvep domain.CVEManifest) error {
 	ctx, span := otel.Tracer("").Start(ctx, "BackendAdapter.SubmitCVE")
 	defer span.End()
 	// retrieve timestamp from context
@@ -194,6 +194,12 @@ func (a *BackendAdapter) SubmitCVE(ctx context.Context, sbom domain.SBOM, cve do
 	if err != nil {
 		return fmt.Errorf("failed to convert vulnerabilities to report: %w", err)
 	}
+
+	imageManifest, err := parseImageManifest(cve.Content)
+	if err != nil {
+		logger.L().Ctx(ctx).Warning("failed to parse image manifest from grype document", helpers.Error(err))
+	}
+
 	// merge cve and cvep
 	var hasRelevancy bool
 	if cvep.Content != nil {
@@ -255,10 +261,6 @@ func (a *BackendAdapter) SubmitCVE(ctx context.Context, sbom domain.SBOM, cve do
 		vulnerabilities[i].Designators = finalReport.Designators
 	}
 
-	imageManifest, err := parseImageManifest(sbom)
-	if err != nil {
-		logger.L().Ctx(ctx).Warning("failed to parse image manifest from sbom", helpers.Error(err))
-	}
 	// add summary
 	finalReport.Summary, vulnerabilities = summarize(finalReport, vulnerabilities, workload, hasRelevancy, imageManifest)
 	finalReport.Summary.Context = armoContext

diff --git a/adapters/v1/backend_test.go b/adapters/v1/backend_test.go
@@ -193,56 +193,52 @@ func TestBackendAdapter_SubmitCVE(t *testing.T) {
 			ctx = context.WithValue(ctx, domain.TimestampKey{}, time.Now().Unix())
 			ctx = context.WithValue(ctx, domain.ScanIDKey{}, uuid.New().String())
 			ctx = context.WithValue(ctx, domain.WorkloadKey{}, domain.ScanCommand{})
-			if err := a.SubmitCVE(ctx, domain.SBOM{}, tt.cve, tt.cvep); (err != nil) != tt.wantErr {
+			if err := a.SubmitCVE(ctx, tt.cve, tt.cvep); (err != nil) != tt.wantErr {
 				t.Errorf("SubmitCVE() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
 	}
 }
 
-//go:embed testdata/nginx-sbom-metadata.json
+//go:embed testdata/nginx-document-source.json
 var nginxSBOMMetadata []byte
 
 func TestParseImageManifest(t *testing.T) {
 	tests := []struct {
 		name     string
-		sbom     domain.SBOM
+		document *v1beta1.GrypeDocument
 		expected *containerscan.ImageManifest
 		wantErr  bool
 	}{
 		{
-			name:     "empty sbom",
-			sbom:     domain.SBOM{},
-			expected: nil,
+			name:     "empty document",
+			document: nil,
+			wantErr:  true,
 		},
 		{
 			name: "malformed metadata base64 config",
-			sbom: domain.SBOM{
-				Content: &v1beta1.SyftDocument{
-					SyftSource: v1beta1.SyftSource{
-						Metadata: []byte(`{
+			document: &v1beta1.GrypeDocument{
+				Source: &v1beta1.Source{
+					Target: []byte(`{
 									"config": "eyJhcmNoaXRlY3R1cmUiOiJhcm02NCIs"
 									}`),
-					},
 				},
 			},
 			wantErr: true,
 		},
 		{
-			name: "valid sbom",
-			sbom: domain.SBOM{
-				Content: &v1beta1.SyftDocument{
-					SyftSource: v1beta1.SyftSource{
-						Metadata: nginxSBOMMetadata,
-					},
+			name: "valid document",
+			document: &v1beta1.GrypeDocument{
+				Source: &v1beta1.Source{
+					Target: nginxSBOMMetadata,
 				},
 			},
 			expected: fileToType[containerscan.ImageManifest]("testdata/nginx-image-manifest.json"),
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			imageManifest, err := parseImageManifest(tt.sbom)
+			imageManifest, err := parseImageManifest(tt.document)
 			if tt.wantErr {
 				assert.Error(t, err)
 			} else {

diff --git a/adapters/v1/domain_to_armo.go b/adapters/v1/domain_to_armo.go
@@ -3,6 +3,7 @@ package v1
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"strings"
 
 	"github.com/anchore/grype/grype/search"
@@ -218,12 +219,13 @@ func syftCoordinatesToCoordinates(c []v1beta1.SyftCoordinates) []containerscan.C
 
 }
 
-func parseImageManifest(sbom domain.SBOM) (*containerscan.ImageManifest, error) {
-	if sbom.Content == nil {
-		return nil, nil
+func parseImageManifest(grypeDocument *v1beta1.GrypeDocument) (*containerscan.ImageManifest, error) {
+	if grypeDocument == nil || grypeDocument.Source == nil {
+		return nil, fmt.Errorf("empty grype document")
 	}
+
 	var rawManifest source.ImageMetadata
-	if err := json.Unmarshal(sbom.Content.SyftSource.Metadata, &rawManifest); err != nil {
+	if err := json.Unmarshal(grypeDocument.Source.Target, &rawManifest); err != nil {
 		return nil, err
 	}
 

diff --git a/...ters/v1/testdata/nginx-sbom-metadata.json → ...rs/v1/testdata/nginx-document-source.json b/...ters/v1/testdata/nginx-sbom-metadata.json → ...rs/v1/testdata/nginx-document-source.json
diff --git a/core/ports/providers.go b/core/ports/providers.go
@@ -25,5 +25,5 @@ type Platform interface {
 	GetCVEExceptions(ctx context.Context) (domain.CVEExceptions, error)
 	ReportError(ctx context.Context, err error) error
 	SendStatus(ctx context.Context, step int) error
-	SubmitCVE(ctx context.Context, sbom domain.SBOM, cve domain.CVEManifest, cvep domain.CVEManifest) error
+	SubmitCVE(ctx context.Context, cve domain.CVEManifest, cvep domain.CVEManifest) error
 }
diff --git a/core/services/scan.go b/core/services/scan.go
@@ -284,7 +284,7 @@ func (s *ScanService) ScanCVE(ctx context.Context) error {
 			helpers.String("imageSlug", workload.ImageSlug))
 	}
 	// submit CVE manifest to platform
-	err = s.platform.SubmitCVE(ctx, sbom, cve, cvep)
+	err = s.platform.SubmitCVE(ctx, cve, cvep)
 	if err != nil {
 		return fmt.Errorf("error submitting CVEs: %w", err)
 	}
@@ -359,7 +359,7 @@ func (s *ScanService) ScanRegistry(ctx context.Context) error {
 			helpers.String("imageSlug", workload.ImageSlug))
 	}
 	// submit CVE manifest to platform
-	err = s.platform.SubmitCVE(ctx, sbom, cve, domain.CVEManifest{})
+	err = s.platform.SubmitCVE(ctx, cve, domain.CVEManifest{})
 	if err != nil {
 		return err
 	}