use node-agent generated SBOM

Signed-off-by: Matthias Bertschy <[email protected]>

controllers/http.go

@@ -51,7 +51,7 @@ func (h HTTPController) GenerateSBOM(c *gin.Context) {
 	if err != nil {
 		logger.L().Ctx(ctx).Error("validation error", helpers.Error(err),
 			helpers.String("imageSlug", newScan.ImageSlug),
-			helpers.String("imageTag", newScan.ImageTag),
+			helpers.String("imageTagNormalized", newScan.ImageTagNormalized),
 			helpers.String("imageHash", newScan.ImageHash))
 		_, _ = problem.Of(http.StatusInternalServerError).Append(details).WriteTo(c.Writer)
 		return
@@ -64,7 +64,7 @@ func (h HTTPController) GenerateSBOM(c *gin.Context) {
 		if err != nil {
 			logger.L().Ctx(ctx).Error("service error - GenerateSBOM", helpers.Error(err),
 				helpers.String("imageSlug", newScan.ImageSlug),
-				helpers.String("imageTag", newScan.ImageTag),
+				helpers.String("imageTagNormalized", newScan.ImageTagNormalized),
 				helpers.String("imageHash", newScan.ImageHash))
 		}
 	})
@@ -105,7 +105,7 @@ func (h HTTPController) ScanCVE(c *gin.Context) {
 	if err != nil {
 		logger.L().Ctx(ctx).Error("validation error", helpers.Error(err),
 			helpers.String("imageSlug", newScan.ImageSlug),
-			helpers.String("imageTag", newScan.ImageTag),
+			helpers.String("imageTagNormalized", newScan.ImageTagNormalized),
 			helpers.String("imageHash", newScan.ImageHash))
 		_, _ = problem.Of(http.StatusInternalServerError).Append(details).WriteTo(c.Writer)
 		return
@@ -119,7 +119,7 @@ func (h HTTPController) ScanCVE(c *gin.Context) {
 			logger.L().Ctx(ctx).Error("service error - ScanCVE", helpers.Error(err),
 				helpers.String("wlid", newScan.Wlid),
 				helpers.String("imageSlug", newScan.ImageSlug),
-				helpers.String("imageTag", newScan.ImageTag),
+				helpers.String("imageTagNormalized", newScan.ImageTagNormalized),
 				helpers.String("imageHash", newScan.ImageHash))
 		}
 	})
@@ -173,7 +173,7 @@ func (h HTTPController) ScanRegistry(c *gin.Context) {
 	if err != nil {
 		logger.L().Ctx(ctx).Error("validation error", helpers.Error(err),
 			helpers.String("imageSlug", newScan.ImageSlug),
-			helpers.String("imageTag", newScan.ImageTag),
+			helpers.String("imageTagNormalized", newScan.ImageTagNormalized),
 			helpers.String("imageHash", newScan.ImageHash))
 		_, _ = problem.Of(http.StatusInternalServerError).Append(details).WriteTo(c.Writer)
 		return
@@ -186,7 +186,7 @@ func (h HTTPController) ScanRegistry(c *gin.Context) {
 		if err != nil {
 			logger.L().Ctx(ctx).Error("service error - ScanRegistry", helpers.Error(err),
 				helpers.String("imageSlug", newScan.ImageSlug),
-				helpers.String("imageTag", newScan.ImageTag),
+				helpers.String("imageTagNormalized", newScan.ImageTagNormalized),
 				helpers.String("imageHash", newScan.ImageHash))
 		}
 	})

core/domain/scan.go

@@ -37,14 +37,15 @@ type ScanCommand struct {
 	ImageSlug          string
 	InstanceID         string
 	Wlid               string
-	ImageTag           string
-	JobID              string
-	ContainerName      string
-	ParentJobID        string
-	ImageHash          string
-	CredentialsList    []registry.AuthConfig
-	Session            Session
-	LastAction         int
+	// deprecated
+	ImageTag        string
+	JobID           string
+	ContainerName   string
+	ParentJobID     string
+	ImageHash       string
+	CredentialsList []registry.AuthConfig
+	Session         Session
+	LastAction      int
 }
 
 type Session struct {

core/services/scan.go

@@ -97,7 +97,7 @@ func (s *ScanService) GenerateSBOM(ctx context.Context) error {
 	// if SBOM is not available, create it
 	if sbom.Content == nil {
 		// create SBOM
-		sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageSlug, workload.ImageHash, workload.ImageTag, optionsFromWorkload(workload))
+		sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageSlug, workload.ImageHash, workload.ImageTagNormalized, optionsFromWorkload(workload))
 		s.checkCreateSBOM(err, workload.ImageHash)
 		if err != nil {
 			return err
@@ -168,7 +168,7 @@ func (s *ScanService) ScanCVE(ctx context.Context) error {
 		// if SBOM is not available, create it
 		if sbom.Content == nil {
 			// create SBOM
-			sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageSlug, workload.ImageHash, workload.ImageTag, optionsFromWorkload(workload))
+			sbom, err = s.sbomCreator.CreateSBOM(ctx, workload.ImageSlug, workload.ImageHash, workload.ImageTagNormalized, optionsFromWorkload(workload))
 			s.checkCreateSBOM(err, workload.ImageHash)
 			if err != nil {
 				return fmt.Errorf("error creating SBOM: %w", err)
@@ -325,8 +325,8 @@ func (s *ScanService) ScanRegistry(ctx context.Context) error {
 	}
 
 	// create SBOM
-	sbom, err := s.sbomCreator.CreateSBOM(ctx, workload.ImageSlug, workload.ImageHash, workload.ImageTag, optionsFromWorkload(workload))
-	s.checkCreateSBOM(err, workload.ImageTag)
+	sbom, err := s.sbomCreator.CreateSBOM(ctx, workload.ImageSlug, workload.ImageHash, workload.ImageTagNormalized, optionsFromWorkload(workload))
+	s.checkCreateSBOM(err, workload.ImageTagNormalized)
 	if err != nil {
 		repErr := s.platform.ReportError(ctx, err)
 		if repErr != nil {
@@ -400,8 +400,8 @@ func generateScanID(workload domain.ScanCommand, scannerVersion string) string {
 		return fmt.Sprintf("%s-%s", workload.InstanceID, scannerVersion)
 	}
 
-	if workload.ImageTag != "" && workload.ImageHash != "" {
-		sum := sha256.Sum256([]byte(workload.ImageTag + workload.ImageHash + scannerVersion))
+	if workload.ImageTagNormalized != "" && workload.ImageHash != "" {
+		sum := sha256.Sum256([]byte(workload.ImageTagNormalized + workload.ImageHash + scannerVersion))
 		if scanID := fmt.Sprintf("%x", sum); armotypes.ValidateContainerScanID(scanID) {
 			return scanID
 		}
@@ -421,7 +421,7 @@ func optionsFromWorkload(workload domain.ScanCommand) domain.RegistryOptions {
 	}
 
 	logger.L().Debug("created registryOptions from workload",
-		helpers.String("imageTag", workload.ImageTag),
+		helpers.String("imageTagNormalized", workload.ImageTagNormalized),
 		helpers.String("credentials", credentialsLog(options.Credentials)))
 	return options
 }
@@ -533,7 +533,7 @@ func (s *ScanService) ValidateScanRegistry(ctx context.Context, workload domain.
 
 	ctx = enrichContext(ctx, workload, s.sbomCreator.Version())
 	// validate inputs
-	if workload.ImageTag == "" || workload.ImageSlug == "" {
+	if workload.ImageTagNormalized == "" || workload.ImageSlug == "" {
 		return ctx, domain.ErrMissingImageInfo
 	}
 	// add imageSlug to parent span
@@ -543,7 +543,7 @@ func (s *ScanService) ValidateScanRegistry(ctx context.Context, workload domain.
 		ctx = trace.ContextWithSpan(ctx, parentSpan)
 	}
 	// check if previous image pull resulted in TOOMANYREQUESTS error
-	if _, ok := s.tooManyRequests.Get(workload.ImageTag); ok {
+	if _, ok := s.tooManyRequests.Get(workload.ImageTagNormalized); ok {
 		return ctx, domain.ErrTooManyRequests
 	}
 	return ctx, nil

core/services/scan_test.go

@@ -492,8 +492,8 @@ func TestScanService_ScanRegistry(t *testing.T) {
 				false, false)
 			ctx := context.TODO()
 			workload := domain.ScanCommand{
-				ImageSlug: "imageSlug",
-				ImageTag:  "k8s.gcr.io/kube-proxy:v1.24.3",
+				ImageSlug:          "imageSlug",
+				ImageTagNormalized: "k8s.gcr.io/kube-proxy:v1.24.3",
 			}
 			workload.CredentialsList = []registry.AuthConfig{
 				{
@@ -537,8 +537,8 @@ func TestScanService_ValidateScanRegistry(t *testing.T) {
 		{
 			name: "with imageID",
 			workload: domain.ScanCommand{
-				ImageSlug: "imageSlug",
-				ImageTag:  "k8s.gcr.io/kube-proxy:v1.24.3",
+				ImageSlug:          "imageSlug",
+				ImageTagNormalized: "k8s.gcr.io/kube-proxy:v1.24.3",
 			},
 			wantErr: false,
 		},
@@ -574,8 +574,8 @@ func Test_generateScanID(t *testing.T) {
 			name: "generate scanID with imageHash",
 			args: args{
 				workload: domain.ScanCommand{
-					ImageTag:  "k8s.gcr.io/kube-proxy:v1.24.3",
-					ImageHash: "sha256:6f9c1c5b5b1b2b3b4b5b6b7b8b9b0b1b2b3b4b5b6b7b8b9b0b1b2b3b4b5b6b7b",
+					ImageTagNormalized: "k8s.gcr.io/kube-proxy:v1.24.3",
+					ImageHash:          "sha256:6f9c1c5b5b1b2b3b4b5b6b7b8b9b0b1b2b3b4b5b6b7b8b9b0b1b2b3b4b5b6b7b",
 				},
 			},
 			want: "2d0ee020566e8ff66542c5cd9e324111731c6a49d237fea3bd880448dac1a37f",