From 900589435a8e0f3b62721b7d7f3cd5f6842b927b Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 30 Jul 2024 11:26:33 +0600 Subject: [PATCH 1/5] feat(core): save labels to properties --- pkg/sbom/core/bom.go | 11 ++++++----- pkg/sbom/io/encode.go | 9 +++++++++ pkg/sbom/io/encode_test.go | 12 ++++++++++++ 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/pkg/sbom/core/bom.go b/pkg/sbom/core/bom.go index 51875bff8738..954c33af3f0d 100644 --- a/pkg/sbom/core/bom.go +++ b/pkg/sbom/core/bom.go @@ -25,11 +25,12 @@ const ( PropertyClass = "Class" // Image properties - PropertySize = "Size" - PropertyImageID = "ImageID" - PropertyRepoDigest = "RepoDigest" - PropertyDiffID = "DiffID" - PropertyRepoTag = "RepoTag" + PropertySize = "Size" + PropertyImageID = "ImageID" + PropertyRepoDigest = "RepoDigest" + PropertyDiffID = "DiffID" + PropertyRepoTag = "RepoTag" + PropertyLabelsPrefix = "Labels:" // Package properties PropertyPkgID = "PkgID" diff --git a/pkg/sbom/io/encode.go b/pkg/sbom/io/encode.go index 45c5dca245c6..1fb6d88cedfd 100644 --- a/pkg/sbom/io/encode.go +++ b/pkg/sbom/io/encode.go @@ -73,6 +73,15 @@ func (e *Encoder) rootComponent(r types.Report) (*core.Component, error) { Value: r.Metadata.ImageID, }) + // Save image labels as properties with `Labels:` prefix. + // e.g. `LABEL vendor="aquasecurity"` => `Labels:vendor` -> `aquasecurity` + for label, value := range r.Metadata.ImageConfig.Config.Labels { + props = append(props, core.Property{ + Name: core.PropertyLabelsPrefix + label, + Value: value, + }) + } + p, err := purl.New(purl.TypeOCI, r.Metadata, ftypes.Package{}) if err != nil { return nil, xerrors.Errorf("failed to new package url for oci: %w", err) diff --git a/pkg/sbom/io/encode_test.go b/pkg/sbom/io/encode_test.go index 80783827cee7..52fbed415933 100644 --- a/pkg/sbom/io/encode_test.go +++ b/pkg/sbom/io/encode_test.go @@ -3,6 +3,7 @@ package io_test import ( "testing" + v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/package-url/packageurl-go" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -43,6 +44,13 @@ func TestEncoder_Encode(t *testing.T) { RepoDigests: []string{ "debian@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90", }, + ImageConfig: v1.ConfigFile{ + Config: v1.Config{ + Labels: map[string]string{ + "vendor": "aquasecurity", + }, + }, + }, }, Results: []types.Result{ { @@ -185,6 +193,10 @@ func TestEncoder_Encode(t *testing.T) { BOMRef: "pkg:oci/debian@sha256%3A4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90?repository_url=index.docker.io%2Flibrary%2Fdebian", }, Properties: []core.Property{ + { + Name: "Labels:vendor", + Value: "aquasecurity", + }, { Name: core.PropertyRepoDigest, Value: "debian@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90", From 5880237c315685b5a7c62a0c67c2d79c37ab041b Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 30 Jul 2024 11:44:45 +0600 Subject: [PATCH 2/5] test(spdx): update unit test --- pkg/sbom/spdx/marshal_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/sbom/spdx/marshal_test.go b/pkg/sbom/spdx/marshal_test.go index 4ed35b7fc08c..3cd034803ffc 100644 --- a/pkg/sbom/spdx/marshal_test.go +++ b/pkg/sbom/spdx/marshal_test.go @@ -49,6 +49,11 @@ func TestMarshaler_Marshal(t *testing.T) { RepoDigests: []string{"rails@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177"}, ImageConfig: v1.ConfigFile{ Architecture: "arm64", + Config: v1.Config{ + Labels: map[string]string{ + "vendor": "aquasecurity", + }, + }, }, }, Results: types.Results{ @@ -199,6 +204,7 @@ func TestMarshaler_Marshal(t *testing.T) { PackageAttributionTexts: []string{ "DiffID: sha256:d871dadfb37b53ef1ca45be04fc527562b91989991a8f545345ae3be0b93f92a", "ImageID: sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6", + "Labels:vendor: aquasecurity", "RepoDigest: rails@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177", "RepoTag: rails:latest", "SchemaVersion: 2", From 7d21ba25c55c44a2e207f5cf5f46a55139ab4568 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 30 Jul 2024 11:44:53 +0600 Subject: [PATCH 3/5] test(cyclonedx): update unit test --- pkg/sbom/cyclonedx/marshal_test.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index 9dc28a2ab812..e778b803619c 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -105,6 +105,11 @@ func TestMarshaler_MarshalReport(t *testing.T) { RepoDigests: []string{"rails@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177"}, ImageConfig: v1.ConfigFile{ Architecture: "arm64", + Config: v1.Config{ + Labels: map[string]string{ + "vendor": "aquasecurity", + }, + }, }, }, Results: types.Results{ @@ -301,6 +306,10 @@ func TestMarshaler_MarshalReport(t *testing.T) { Name: "aquasecurity:trivy:ImageID", Value: "sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6", }, + { + Name: "aquasecurity:trivy:Labels:vendor", + Value: "aquasecurity", + }, { Name: "aquasecurity:trivy:RepoDigest", Value: "rails@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177", From f04528ec13fffdc4d941dfd7c3000874c9d0dbe7 Mon Sep 17 00:00:00 2001 From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Date: Tue, 30 Jul 2024 12:39:41 +0600 Subject: [PATCH 4/5] refactor: remove `:` suffix for `PropertyLabelsPrefix` Co-authored-by: Teppei Fukuda --- pkg/sbom/core/bom.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sbom/core/bom.go b/pkg/sbom/core/bom.go index 954c33af3f0d..c0a082d013b5 100644 --- a/pkg/sbom/core/bom.go +++ b/pkg/sbom/core/bom.go @@ -30,7 +30,7 @@ const ( PropertyRepoDigest = "RepoDigest" PropertyDiffID = "DiffID" PropertyRepoTag = "RepoTag" - PropertyLabelsPrefix = "Labels:" + PropertyLabelsPrefix = "Labels" // Package properties PropertyPkgID = "PkgID" From 8e9afc3a9e33210333014b0062c2c28308e0ab88 Mon Sep 17 00:00:00 2001 From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Date: Tue, 30 Jul 2024 12:40:25 +0600 Subject: [PATCH 5/5] refactor: add `:` between `PropertyLabelsPrefix` and label Co-authored-by: Teppei Fukuda --- pkg/sbom/io/encode.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sbom/io/encode.go b/pkg/sbom/io/encode.go index 1fb6d88cedfd..0be0bf361280 100644 --- a/pkg/sbom/io/encode.go +++ b/pkg/sbom/io/encode.go @@ -77,7 +77,7 @@ func (e *Encoder) rootComponent(r types.Report) (*core.Component, error) { // e.g. `LABEL vendor="aquasecurity"` => `Labels:vendor` -> `aquasecurity` for label, value := range r.Metadata.ImageConfig.Config.Labels { props = append(props, core.Property{ - Name: core.PropertyLabelsPrefix + label, + Name: core.PropertyLabelsPrefix + ":" + label, Value: value, }) }