feat(sbom): add a dedicated sbom command#1799
Merged
knqyf263 merged 21 commits intoaquasecurity:mainfrom Mar 23, 2022
Merged
Conversation
|
|
davidsalame1
approved these changes
Mar 6, 2022
knqyf263
reviewed
Mar 6, 2022
pkg/commands/app.go
Outdated
| Flags: []cli.Flag{ | ||
| &formatFlag, | ||
| &outputFlag, | ||
| &exitCodeFlag, |
Collaborator
There was a problem hiding this comment.
Looks like sbom doesn't need --exit-code since this option makes the job fail when critical vulnerabilities are found.
pkg/commands/artifact/sbom.go
Outdated
|
|
||
| func analyzeArtifactPath(artifactPath string) (ArtifactType, string) { | ||
| // The user can specify the input artifact type by using the "<artifact-type>:" prefix before the artifact path | ||
| // e.g docker:ubuntu, package:/path/to/express |
Collaborator
There was a problem hiding this comment.
Suggested change
| // e.g docker:ubuntu, package:/path/to/express | |
| // e.g docker:ubuntu, dir:/path/to/express |
pkg/commands/app.go
Outdated
Comment on lines
+525
to
+527
| ArgsUsage: "artifact", | ||
| Usage: "generate sbom for an artifact", | ||
| Action: artifact.SbomRun, |
Collaborator
There was a problem hiding this comment.
In addition to usage, we may want to add a description since this subcommand is a bit complex.
Suggested change
| ArgsUsage: "artifact", | |
| Usage: "generate sbom for an artifact", | |
| Action: artifact.SbomRun, | |
| ArgsUsage: "ARTIFACT", | |
| Usage: "generate sbom for an artifact", | |
| Description: fmt.Sprintf(`"ARTIFACT" uses a "transport":"details" format. | |
| Supported transports: | |
| %s | |
| `, artifact.ArtifactTypes.String()), |
pkg/commands/artifact/sbom.go
Outdated
| type ArtifactType string | ||
|
|
||
| const ( | ||
| DockerImageArtifact ArtifactType = "docker" |
Collaborator
There was a problem hiding this comment.
Trivy also supports Podman and we're trying to add support for Containerd. How about image?
Suggested change
| DockerImageArtifact ArtifactType = "docker" | |
| ContainerImageArtifact ArtifactType = "image" |
tamirkiviti13
changed the title
…e changes, remove unnecessary flag
knqyf263
reviewed
Mar 7, 2022
pkg/commands/app.go
Outdated
| Supported types: %s`, artifact.ArtifactTypes), | ||
| Action: artifact.SbomRun, | ||
| Flags: []cli.Flag{ | ||
| &formatFlag, |
Collaborator
There was a problem hiding this comment.
table and template don't make sense. We should restrict formats that can be specified.
knqyf263
reviewed
Mar 20, 2022
docs/advanced/sbom/cyclonedx.md
Outdated
| </details> | ||
|
|
||
| !!! caution | ||
| It doesn't support vulnerabilities yet, but installed packages. |
Collaborator
There was a problem hiding this comment.
This tab is required.
https://squidfunk.github.io/mkdocs-material/reference/admonitions/#usage
docs/getting-started/cli/sbom.md
Outdated
| @@ -0,0 +1,21 @@ | |||
| # Sbom | |||
Collaborator
There was a problem hiding this comment.
nit
Suggested change
| # Sbom | |
| # SBOM |
mkdocs.yml
Outdated
| - Repository: getting-started/cli/repo.md | ||
| - Client: getting-started/cli/client.md | ||
| - Server: getting-started/cli/server.md | ||
| - Sbom: getting-started/cli/sbom.md |
Collaborator
There was a problem hiding this comment.
Suggested change
| - Sbom: getting-started/cli/sbom.md | |
| - SBOM: getting-started/cli/sbom.md |
knqyf263
force-pushed
the
sbom-subcommand
branch
from
597dab3 to
19a4d1b
Compare
knqyf263
approved these changes
Mar 23, 2022
Collaborator
|
Thanks |
|
Thank you @tamirkiviti13 ! |
ankk13
referenced
this pull request
in ankk13/trivy
Mar 28, 2022
Co-authored-by: knqyf263 <knqyf263@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds a new dedicated SBOM generation subcommand -
trivy sbom.Related issues