podman
65 строк · 2.4 Кб
1package sbom
2
3import "github.com/containers/buildah/define"
4
5// Preset returns a predefined SBOMScanOptions structure that has the passed-in
6// name as one of its "Type" values.
7func Preset(name string) (preset *define.SBOMScanOptions, err error) {
8// If you change these, make sure you update references in
9// buildah-commit.1.md and buildah-build.1.md to match!
10presets := []define.SBOMScanOptions{
11{
12Type: []string{"", "syft", "syft-cyclonedx"},
13Image: "ghcr.io/anchore/syft",
14Commands: []string{
15"/syft scan -q dir:{ROOTFS} --output cyclonedx-json={OUTPUT}",
16"/syft scan -q dir:{CONTEXT} --output cyclonedx-json={OUTPUT}",
17},
18// ImageSBOMOutput: "/root/buildinfo/content_manifests/sbom-cyclonedx.json",
19// ImagePURLOutput: "/root/buildinfo/content_manifests/sbom-purl.json",
20MergeStrategy: define.SBOMMergeStrategyCycloneDXByComponentNameAndVersion,
21},
22{
23Type: []string{"syft-spdx"},
24Image: "ghcr.io/anchore/syft",
25Commands: []string{
26"/syft scan -q dir:{ROOTFS} --output spdx-json={OUTPUT}",
27"/syft scan -q dir:{CONTEXT} --output spdx-json={OUTPUT}",
28},
29// ImageSBOMOutput: "/root/buildinfo/content_manifests/sbom-spdx.json",
30// ImagePURLOutput: "/root/buildinfo/content_manifests/sbom-purl.json",
31MergeStrategy: define.SBOMMergeStrategySPDXByPackageNameAndVersionInfo,
32},
33
34{
35Type: []string{"trivy", "trivy-cyclonedx"},
36Image: "ghcr.io/aquasecurity/trivy",
37Commands: []string{
38"trivy filesystem -q {ROOTFS} --format cyclonedx --output {OUTPUT}",
39"trivy filesystem -q {CONTEXT} --format cyclonedx --output {OUTPUT}",
40},
41// ImageSBOMOutput: "/root/buildinfo/content_manifests/sbom-cyclonedx.json",
42// ImagePURLOutput: "/root/buildinfo/content_manifests/sbom-purl.json",
43MergeStrategy: define.SBOMMergeStrategyCycloneDXByComponentNameAndVersion,
44},
45{
46Type: []string{"trivy-spdx"},
47Image: "ghcr.io/aquasecurity/trivy",
48Commands: []string{
49"trivy filesystem -q {ROOTFS} --format spdx-json --output {OUTPUT}",
50"trivy filesystem -q {CONTEXT} --format spdx-json --output {OUTPUT}",
51},
52// ImageSBOMOutput: "/root/buildinfo/content_manifests/sbom-spdx.json",
53// ImagePURLOutput: "/root/buildinfo/content_manifests/sbom-purl.json",
54MergeStrategy: define.SBOMMergeStrategySPDXByPackageNameAndVersionInfo,
55},
56}
57for _, preset := range presets {
58for _, presetName := range preset.Type {
59if presetName == name {
60return &preset, nil
61}
62}
63}
64return nil, nil
65}
66