Skip to content

Commit 3ea108b

Browse files
dssengdsseng
committed
feat: add name parameter to override names in SBOM
This is useful to not disrupt naming schemes, but only change names in the SBOMs. Signed-off-by: Dmitrii Sharshakov <[email protected]>
1 parent a93c1e2 commit 3ea108b

File tree

5 files changed

+85
-2
lines changed

5 files changed

+85
-2
lines changed

internal/pkg/integration/testdata/sbom/final/pkg.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ dependencies:
55
- stage: pkg
66
steps:
77
- test:
8+
- cp /pkg/runc.json /tmp/runc.json
9+
- sed -i 's/BLDR_TAG/{{ .BUILD_ARG_BLDR_TAG }}/g' /tmp/runc.json
10+
- diff /tmp/runc.json /rootfs/usr/share/spdx/runc.spdx.json
811
- cp /pkg/ref.json /tmp/ref.json
912
- sed -i 's/BLDR_TAG/{{ .BUILD_ARG_BLDR_TAG }}/g' /tmp/ref.json
1013
- diff /tmp/ref.json /rootfs/usr/share/spdx/containerd.spdx.json

internal/pkg/integration/testdata/sbom/final/runc.json

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
{
2+
"spdxVersion": "SPDX-2.3",
3+
"dataLicense": "CC0-1.0",
4+
"SPDXID": "SPDXRef-DOCUMENT",
5+
"name": "sidero-pkgs-runc",
6+
"documentNamespace": "https://anchore.com/bldr/dir/sidero-pkgs-runc-096b39da-b937-5033-a23e-9554b61f75e8",
7+
"creationInfo": {
8+
"licenseListVersion": "3.25",
9+
"creators": [
10+
"Organization: Anchore, Inc",
11+
"Tool: bldr-BLDR_TAG"
12+
],
13+
"created": "0001-01-01T00:00:00Z"
14+
},
15+
"packages": [
16+
{
17+
"name": "runc",
18+
"SPDXID": "SPDXRef-Package-bldr-package-runc-e3c63cb53b493066",
19+
"versionInfo": "1.3.0",
20+
"supplier": "NOASSERTION",
21+
"downloadLocation": "NOASSERTION",
22+
"filesAnalyzed": false,
23+
"sourceInfo": "acquired package info from the following paths: /Pkgfile",
24+
"licenseConcluded": "NOASSERTION",
25+
"licenseDeclared": "Apache-2.0",
26+
"copyrightText": "NOASSERTION",
27+
"externalRefs": [
28+
{
29+
"referenceCategory": "SECURITY",
30+
"referenceType": "cpe23Type",
31+
"referenceLocator": "cpe:2.3:a:opencontainers:runc:1.3.0:*:*:*:*:*:*:*"
32+
},
33+
{
34+
"referenceCategory": "SECURITY",
35+
"referenceType": "cpe23Type",
36+
"referenceLocator": "cpe:2.3:a:linuxfoundation:runc:1.3.0:*:*:*:*:*:*:*"
37+
}
38+
]
39+
},
40+
{
41+
"name": "sidero-pkgs-runc",
42+
"SPDXID": "SPDXRef-DocumentRoot-Directory-sidero-pkgs-runc",
43+
"versionInfo": "1.3.0",
44+
"supplier": "NOASSERTION",
45+
"downloadLocation": "NOASSERTION",
46+
"filesAnalyzed": false,
47+
"licenseConcluded": "NOASSERTION",
48+
"licenseDeclared": "NOASSERTION",
49+
"copyrightText": "NOASSERTION",
50+
"primaryPackagePurpose": "FILE"
51+
}
52+
],
53+
"relationships": [
54+
{
55+
"spdxElementId": "SPDXRef-DocumentRoot-Directory-sidero-pkgs-runc",
56+
"relatedSpdxElement": "SPDXRef-Package-bldr-package-runc-e3c63cb53b493066",
57+
"relationshipType": "CONTAINS"
58+
},
59+
{
60+
"spdxElementId": "SPDXRef-DOCUMENT",
61+
"relatedSpdxElement": "SPDXRef-DocumentRoot-Directory-sidero-pkgs-runc",
62+
"relationshipType": "DESCRIBES"
63+
}
64+
]
65+
}

internal/pkg/integration/testdata/sbom/pkg/pkg.yaml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,15 @@
22
name: pkg
33
variant: scratch
44
steps:
5+
- sbom:
6+
outputPath: /rootfs/usr/share/spdx/runc.spdx.json
7+
name: runc
8+
version: 1.3.0
9+
cpes:
10+
- cpe:2.3:a:opencontainers:runc:1.3.0:*:*:*:*:*:*:*
11+
- cpe:2.3:a:linuxfoundation:runc:1.3.0:*:*:*:*:*:*:*
12+
licenses:
13+
- Apache-2.0
514
- sbom:
615
outputPath: /rootfs/usr/share/spdx/containerd.spdx.json
716
version: 2.1.2

internal/pkg/sbom/sbom.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,11 +71,16 @@ func CreatePackageSBOM(bldrPkg *v1alpha2.Pkg, sbomMetadata v1alpha2.SBOMStep) (*
7171
return nil, err
7272
}
7373

74+
name := bldrPkg.Name
75+
if sbomMetadata.Name != "" {
76+
name = sbomMetadata.Name
77+
}
78+
7479
sbomDoc := &sbom.SBOM{
7580
Source: source.Description{
7681
ID: "sidero-pkgs",
7782
Metadata: source.DirectoryMetadata{},
78-
Name: "sidero-pkgs-" + bldrPkg.Name,
83+
Name: "sidero-pkgs-" + name,
7984
Version: sbomMetadata.Version,
8085
},
8186
Descriptor: sbom.Descriptor{
@@ -90,7 +95,7 @@ func CreatePackageSBOM(bldrPkg *v1alpha2.Pkg, sbomMetadata v1alpha2.SBOMStep) (*
9095
}
9196

9297
syftPkg := pkg.Package{
93-
Name: bldrPkg.Name,
98+
Name: name,
9499
Version: sbomMetadata.Version,
95100
PURL: sbomMetadata.PURL,
96101
Type: pkg.Type("bldr-package"),

internal/pkg/types/v1alpha2/sbom.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ package v1alpha2
77
// SBOMStep is a step with data to generate an SBOM (Software Bill of Materials) for the package.
88
type SBOMStep struct {
99
OutputPath string `yaml:"outputPath,omitempty"`
10+
Name string `yaml:"name,omitempty"`
1011
Version string `yaml:"version,omitempty"`
1112
CPEs []string `yaml:"cpes,omitempty"`
1213
PURL string `yaml:"purl,omitempty"`

0 commit comments

Comments
 (0)