Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added way to configure SBOM scanner #5372

Merged
merged 1 commit into from
Oct 4, 2024
Merged

Added way to configure SBOM scanner #5372

merged 1 commit into from
Oct 4, 2024

Conversation

LaurentGoderre
Copy link
Contributor

This addresses #3791.

Using the following scanner image

FROM alpine

CMD [ "printenv" ]

With the following command:

echo "FROM alpine" | docker buildx b . --progress=plain --no-cache -f - --sbom=generator=laurentgoderre689/mock-scanner,EXTRA_SCANNERS=test

Yields

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 49B done
#1 DONE 0.0s

[...]

#8 DONE 0.7s

#9 [linux/arm64] generating sbom using docker.io/laurentgoderre689/mock-scanner:latest
#9 0.037 BUILDKIT_SCAN_DESTINATION=/run/out/
#9 0.037 BUILDKIT_SCAN_SOURCE=/run/src/core/sbom
#9 0.037 BUILDKIT_SCAN_type=sbom
#9 0.037 BUILDKIT_SCAN_EXTRA_SCANNERS=test
#9 DONE 0.1s

This also addresses the concerns about comma in values.

Running

echo "FROM alpine" | docker buildx b . --progress=plain --no-cache -f - --sbom="\"generator=laurentgoderre689/mock-scanner\",\"EXTRA_SCANNERS=test1,test2\""

Yields

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 49B done
#1 DONE 0.0s

[...]

#7 [linux/arm64] generating sbom using docker.io/laurentgoderre689/mock-scanner:latest
#7 0.053 BUILDKIT_SCAN_DESTINATION=/run/out/
#7 0.053 BUILDKIT_SCAN_SOURCE=/run/src/core/sbom
#7 0.053 BUILDKIT_SCAN_type=sbom
#7 0.053 BUILDKIT_SCAN_EXTRA_SCANNERS=test1,test2
#7 DONE 0.1s

jedevc
jedevc reviewed Sep 30, 2024
View reviewed changes
Copy link
Member

@jedevc jedevc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, would also be good to add a test to client_test.go as well to check the correct env vars are set in the scanner env?

@thompson-shaun thompson-shaun added this to the v0.17.0 milestone Sep 30, 2024
tonistiigi
tonistiigi reviewed Sep 30, 2024
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, integration test would be good. CI is also failing in linter.

@LaurentGoderre
Copy link
Contributor Author

On it!

@LaurentGoderre LaurentGoderre force-pushed the sbom-generator-opts branch 4 times, most recently from 291f3ae to 8c86056 Compare September 30, 2024 20:05
@LaurentGoderre
Added way to configure SBOM scanner
2782f14 
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
@tonistiigi
Copy link
Member

@jedevc PTAL

@tonistiigi tonistiigi merged commit 293ef59 into moby:master Oct 4, 2024
91 checks passed
@jedevc jedevc mentioned this pull request Oct 4, 2024
Closed
@jedevc
Copy link
Member

jedevc commented Oct 4, 2024

Lgtm, sorry for the delay 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

@jedevc jedevc Awaiting requested review from jedevc

Assignees

@LaurentGoderre LaurentGoderre

Labels
area/client area/dockerfile area/frontend area/solver area/testing
Projects
None yet
Milestone
v0.17.0
Development

Successfully merging this pull request may close these issues.
4 participants
@LaurentGoderre @tonistiigi @jedevc @thompson-shaun