Skip to content

Ingest container scanning sbom source

Tetiana Chupryna requested to merge 425995-store-cs-sbom-sources into master

What does this MR do and why?

When parsing Container Scanning SBOM files, we need to extract additional details from the metadata.properties and store them into sbom_source table. We are already doing the same for Dependency Scanning metadata, so in this MR we are applying already existing solution for Container scanning metadata.

For more details read Store Container Scanning image and operating sy... (#425995 - closed)

Details on implementation:

Majority of changes in this MR were initially merged with !134004 (merged)

However, because of this issue that MR was reverted.

This MR contains additional changes for SBOM Source validation schema that should prevent ingestion task to fail.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. Create a new project with next CI config:
variables:
  CS_IMAGE: 'photon:latest'

include:
  - template: Jobs/Container-Scanning.gitlab-ci.yml
  1. Run CI pipeline
  2. Go to Rails console
  3. Run Sbom::Source.last
  4. Observe a created Source object with params: source_type: "container_scanning", source: {"image"=>{"tag"=>"latest", "name"=>"photon"}, "operating_system"=>{"name"=>"Photon OS", "version"=>"5.0"}}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #425995 (closed)

Edited by Tetiana Chupryna

Merge request reports

Loading