Skip to content

Commit

Permalink
Separate the execution vendor type sbom from image_scan
Browse files Browse the repository at this point in the history
  Add vendor type SBOM for execution
  fixes #20495

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
  • Loading branch information
stonezdj committed May 29, 2024
1 parent 1f0c828 commit 58eca27
Show file tree
Hide file tree
Showing 6 changed files with 38 additions and 2 deletions.
9 changes: 7 additions & 2 deletions src/controller/scan/base_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -333,7 +333,11 @@ func (bc *basicController) Scan(ctx context.Context, artifact *ar.Artifact, opti
if op := operator.FromContext(ctx); op != "" {
extraAttrs["operator"] = op
}
executionID, err := bc.execMgr.Create(ctx, job.ImageScanJobVendorType, artifact.ID, task.ExecutionTriggerManual, extraAttrs)
vendorType := handler.JobVendorType()
// for vulnerability and generate sbom, use different vendor type
// because the execution reaper only keep the latest execution for the vendor type IMAGE_SCAN
// both vulnerability and sbom need to keep the latest scan execution to get the latest scan status
executionID, err := bc.execMgr.Create(ctx, vendorType, artifact.ID, task.ExecutionTriggerManual, extraAttrs)
if err != nil {
return err
}
Expand Down Expand Up @@ -960,7 +964,8 @@ func (bc *basicController) launchScanJob(ctx context.Context, param *launchScanJ
params[sca.JobParameterRequest] = sJSON
params[sca.JobParameterMimes] = mimes
params[sca.JobParameterRobot] = robotJSON

// because there is only one task type implementation
// both the vulnerability scan and generate sbom use the same job type for now
j := &task.Job{
Name: job.ImageScanJobVendorType,
Metadata: &job.Metadata{
Expand Down
3 changes: 3 additions & 0 deletions src/jobservice/job/known_jobs.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ const (

// ImageScanJobVendorType is name of scan job it will be used as key to register to job service.
ImageScanJobVendorType = "IMAGE_SCAN"
// SBOMJobVendorType key to create sbom generate execution.
SBOMJobVendorType = "SBOM"
// GarbageCollectionVendorType job name
GarbageCollectionVendorType = "GARBAGE_COLLECTION"
// ReplicationVendorType : the name of the replication job in job service
Expand Down Expand Up @@ -52,6 +54,7 @@ var (
// executionSweeperCount stores the count for execution retained
executionSweeperCount = map[string]int64{
ImageScanJobVendorType: 1,
SBOMJobVendorType: 1,
ScanAllVendorType: 1,
PurgeAuditVendorType: 10,
ExecSweepVendorType: 10,
Expand Down
2 changes: 2 additions & 0 deletions src/pkg/scan/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ type Handler interface {
// PostScan defines the operation after scan
PostScan(ctx job.Context, sr *v1.ScanRequest, rp *scan.Report, rawReport string, startTime time.Time, robot *model.Robot) (string, error)
ReportHandler
// JobVendorType returns the job vendor type
JobVendorType() string
}

// ReportHandler handler for scan report, it could be sbom report or vulnerability report
Expand Down
4 changes: 4 additions & 0 deletions src/pkg/scan/sbom/sbom.go
Original file line number Diff line number Diff line change
Expand Up @@ -345,3 +345,7 @@ func (h *scanHandler) GetSummary(ctx context.Context, art *artifact.Artifact, mi
err = json.Unmarshal([]byte(reportContent), &result)
return result, err
}

func (h *scanHandler) JobVendorType() string {
return job.SBOMJobVendorType
}
4 changes: 4 additions & 0 deletions src/pkg/scan/vulnerability/vul.go
Original file line number Diff line number Diff line change
Expand Up @@ -301,3 +301,7 @@ func (h *scanHandler) GetSummary(ctx context.Context, ar *artifact.Artifact, mim

return summaries, nil
}

func (h *scanHandler) JobVendorType() string {
return job.ImageScanJobVendorType
}
18 changes: 18 additions & 0 deletions src/testing/pkg/scan/handler.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 58eca27

Please sign in to comment.