diff --git a/agent/kubviz/trivy_sbom.go b/agent/kubviz/trivy_sbom.go index bbd5cb03..5cc0f13c 100644 --- a/agent/kubviz/trivy_sbom.go +++ b/agent/kubviz/trivy_sbom.go @@ -17,9 +17,15 @@ import ( ) func publishTrivySbomReport(report cyclonedx.BOM, js nats.JetStreamContext) error { + + for _,packageinfo :=range report.Packages { + for _, pkg := range packageinfo.Packages { + metrics := model.SbomData{ ID: uuid.New().String(), + ClusterName: ClusterName, ComponentName: report.CycloneDX.Metadata.Component.Name, + PackageName: pkg.Name, PackageUrl: report.CycloneDX.Metadata.Component.PackageURL, BomRef: report.CycloneDX.Metadata.Component.BOMRef, SerialNumber: report.CycloneDX.SerialNumber, @@ -35,8 +41,9 @@ func publishTrivySbomReport(report cyclonedx.BOM, js nats.JetStreamContext) erro if err != nil { return err } - log.Printf("Trivy sbom report with Id %v has been published\n", metrics.ID) +} +} return nil } diff --git a/client/pkg/clickhouse/db_client.go b/client/pkg/clickhouse/db_client.go index 4e21d0e2..35460db3 100644 --- a/client/pkg/clickhouse/db_client.go +++ b/client/pkg/clickhouse/db_client.go @@ -699,7 +699,9 @@ func (c *DBClient) InsertTrivySbomMetrics(metrics model.SbomData) { if _, err := stmt.Exec( metrics.ID, + metrics.ClusterName, metrics.ComponentName, + metrics.PackageName, metrics.PackageUrl, metrics.BomRef, metrics.SerialNumber, diff --git a/client/pkg/clickhouse/statements.go b/client/pkg/clickhouse/statements.go index 797cb061..c248aab3 100644 --- a/client/pkg/clickhouse/statements.go +++ b/client/pkg/clickhouse/statements.go @@ -205,7 +205,9 @@ const quayContainerPushEventTable DBStatement = ` const trivySbomTable DBStatement = ` CREATE TABLE IF NOT EXISTS trivysbom ( id UUID, + cluster_name String, image_name String, + package_name String, package_url String, bom_ref String, serial_number String, @@ -228,6 +230,6 @@ const InsertTrivyVul string = "INSERT INTO trivy_vul (id, cluster_name, namespac const InsertTrivyImage string = "INSERT INTO trivyimage (id, cluster_name, artifact_name, vul_id, vul_pkg_id, vul_pkg_name, vul_installed_version, vul_fixed_version, vul_title, vul_severity, vul_published_date, vul_last_modified_date) VALUES ( ?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertTrivyMisconfig string = "INSERT INTO trivy_misconfig (id, cluster_name, namespace, kind, name, misconfig_id, misconfig_avdid, misconfig_type, misconfig_title, misconfig_desc, misconfig_msg, misconfig_query, misconfig_resolution, misconfig_severity, misconfig_status, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertAzureContainerPushEvent DBStatement = "INSERT INTO azurecontainerpush (RegistryURL, RepositoryName, Tag, ImageName, Event, Size, SHAID, EventTime) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?)" -const InsertTrivySbom string = "INSERT INTO trivysbom (id, image_name, package_url, bom_ref, serial_number, version, bom_format) VALUES (?, ?, ?, ?, ?, ?, ?)" +const InsertTrivySbom string = "INSERT INTO trivysbom (id, cluster_name, image_name, package_name, package_url, bom_ref, serial_number, version, bom_format) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertQuayContainerPushEvent DBStatement = "INSERT INTO quaycontainerpush (name, repository, nameSpace, dockerURL, homePage, tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)" const InsertJfrogContainerPushEvent DBStatement = "INSERT INTO jfrogcontainerpush (Domain, EventType, RegistryURL, RepositoryName, SHAID, Size, ImageName, Tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" diff --git a/model/trivy_sbom.go b/model/trivy_sbom.go index 8eea1769..647e34a4 100644 --- a/model/trivy_sbom.go +++ b/model/trivy_sbom.go @@ -11,7 +11,9 @@ type Sbom struct { type SbomData struct { ID string + ClusterName string ComponentName string + PackageName string PackageUrl string BomRef string SerialNumber string diff --git a/sql/0000015_trivysbom.up.sql b/sql/0000015_trivysbom.up.sql index 924f9ec8..0e3a9c2e 100644 --- a/sql/0000015_trivysbom.up.sql +++ b/sql/0000015_trivysbom.up.sql @@ -1,6 +1,8 @@ CREATE TABLE IF NOT EXISTS trivysbom ( id UUID, + cluster_name String, image_name String, + package_name String, package_url String, bom_ref String, serial_number String,