Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Separate the execution vendor type sbom from image_scan #20504

Merged
merged 1 commit into from
May 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions src/controller/scan/base_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -333,7 +333,11 @@ func (bc *basicController) Scan(ctx context.Context, artifact *ar.Artifact, opti
if op := operator.FromContext(ctx); op != "" {
extraAttrs["operator"] = op
}
executionID, err := bc.execMgr.Create(ctx, job.ImageScanJobVendorType, artifact.ID, task.ExecutionTriggerManual, extraAttrs)
vendorType := handler.JobVendorType()
// for vulnerability and generate sbom, use different vendor type
// because the execution reaper only keep the latest execution for the vendor type IMAGE_SCAN
// both vulnerability and sbom need to keep the latest scan execution to get the latest scan status
executionID, err := bc.execMgr.Create(ctx, vendorType, artifact.ID, task.ExecutionTriggerManual, extraAttrs)
if err != nil {
return err
}
Expand Down Expand Up @@ -364,7 +368,8 @@ func (bc *basicController) Stop(ctx context.Context, artifact *ar.Artifact, capT
if artifact == nil {
return errors.New("nil artifact to stop scan")
}
query := q.New(q.KeyWords{"vendor_type": job.ImageScanJobVendorType, "extra_attrs.artifact.digest": artifact.Digest, "extra_attrs.enabled_capabilities.type": capType})
vendorType := sca.GetScanHandler(capType).JobVendorType()
query := q.New(q.KeyWords{"vendor_type": vendorType, "extra_attrs.artifact.digest": artifact.Digest, "extra_attrs.enabled_capabilities.type": capType})
executions, err := bc.execMgr.List(ctx, query)
if err != nil {
return err
Expand Down Expand Up @@ -960,7 +965,8 @@ func (bc *basicController) launchScanJob(ctx context.Context, param *launchScanJ
params[sca.JobParameterRequest] = sJSON
params[sca.JobParameterMimes] = mimes
params[sca.JobParameterRobot] = robotJSON

// because there is only one task type implementation
// both the vulnerability scan and generate sbom use the same job type for now
j := &task.Job{
Name: job.ImageScanJobVendorType,
Metadata: &job.Metadata{
Expand Down
2 changes: 2 additions & 0 deletions src/controller/scan/base_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,8 @@ func (suite *ControllerTestSuite) SetupSuite() {
reportConverter: &postprocessorstesting.ScanReportV1ToV2Converter{},
cache: func() cache.Cache { return suite.cache },
}
mock.OnAnything(suite.scanHandler, "JobVendorType").Return("IMAGE_SCAN")

}

// TearDownSuite ...
Expand Down
3 changes: 3 additions & 0 deletions src/jobservice/job/known_jobs.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ const (

// ImageScanJobVendorType is name of scan job it will be used as key to register to job service.
ImageScanJobVendorType = "IMAGE_SCAN"
// SBOMJobVendorType key to create sbom generate execution.
SBOMJobVendorType = "SBOM"
// GarbageCollectionVendorType job name
GarbageCollectionVendorType = "GARBAGE_COLLECTION"
// ReplicationVendorType : the name of the replication job in job service
Expand Down Expand Up @@ -52,6 +54,7 @@ var (
// executionSweeperCount stores the count for execution retained
executionSweeperCount = map[string]int64{
ImageScanJobVendorType: 1,
SBOMJobVendorType: 1,
ScanAllVendorType: 1,
PurgeAuditVendorType: 10,
ExecSweepVendorType: 10,
Expand Down
2 changes: 2 additions & 0 deletions src/pkg/scan/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ type Handler interface {
// PostScan defines the operation after scan
PostScan(ctx job.Context, sr *v1.ScanRequest, rp *scan.Report, rawReport string, startTime time.Time, robot *model.Robot) (string, error)
ReportHandler
// JobVendorType returns the job vendor type
JobVendorType() string
}

// ReportHandler handler for scan report, it could be sbom report or vulnerability report
Expand Down
4 changes: 4 additions & 0 deletions src/pkg/scan/sbom/sbom.go
Original file line number Diff line number Diff line change
Expand Up @@ -345,3 +345,7 @@
err = json.Unmarshal([]byte(reportContent), &result)
return result, err
}

func (h *scanHandler) JobVendorType() string {
return job.SBOMJobVendorType

Check warning on line 350 in src/pkg/scan/sbom/sbom.go

View check run for this annotation

Codecov / codecov/patch

src/pkg/scan/sbom/sbom.go#L349-L350

Added lines #L349 - L350 were not covered by tests
}
4 changes: 4 additions & 0 deletions src/pkg/scan/vulnerability/vul.go
Original file line number Diff line number Diff line change
Expand Up @@ -301,3 +301,7 @@

return summaries, nil
}

func (h *scanHandler) JobVendorType() string {
return job.ImageScanJobVendorType

Check warning on line 306 in src/pkg/scan/vulnerability/vul.go

View check run for this annotation

Codecov / codecov/patch

src/pkg/scan/vulnerability/vul.go#L305-L306

Added lines #L305 - L306 were not covered by tests
}
18 changes: 18 additions & 0 deletions src/testing/pkg/scan/handler.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading