diff --git a/cmd/packages.go b/cmd/packages.go index cceb095c5..ee49c2087 100644 --- a/cmd/packages.go +++ b/cmd/packages.go @@ -14,10 +14,8 @@ import ( "github.com/anchore/syft/internal/log" "github.com/anchore/syft/internal/ui" "github.com/anchore/syft/syft" - "github.com/anchore/syft/syft/distro" "github.com/anchore/syft/syft/event" "github.com/anchore/syft/syft/format" - "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/sbom" "github.com/anchore/syft/syft/source" "github.com/pkg/profile" @@ -261,13 +259,6 @@ func packagesExecWorker(userInput string) <-chan error { return } - if appConfig.Anchore.Host != "" { - if err := runPackageSbomUpload(src, src.Metadata, catalog, d); err != nil { - errs <- err - return - } - } - sbomResult := sbom.SBOM{ Artifacts: sbom.Artifacts{ PackageCatalog: catalog, @@ -276,6 +267,13 @@ func packagesExecWorker(userInput string) <-chan error { Source: src.Metadata, } + if appConfig.Anchore.Host != "" { + if err := runPackageSbomUpload(src, sbomResult); err != nil { + errs <- err + return + } + } + bus.Publish(partybus.Event{ Type: event.PresenterReady, Value: f.Presenter(sbomResult), @@ -284,7 +282,7 @@ func packagesExecWorker(userInput string) <-chan error { return errs } -func runPackageSbomUpload(src *source.Source, s source.Metadata, catalog *pkg.Catalog, d *distro.Distro) error { +func runPackageSbomUpload(src *source.Source, s sbom.SBOM) error { log.Infof("uploading results to %s", appConfig.Anchore.Host) if src.Metadata.Scheme != source.ImageScheme { @@ -319,9 +317,7 @@ func runPackageSbomUpload(src *source.Source, s source.Metadata, catalog *pkg.Ca importCfg := anchore.ImportConfig{ ImageMetadata: src.Image.Metadata, - SourceMetadata: s, - Catalog: catalog, - Distro: d, + SBOM: s, Dockerfile: dockerfileContents, OverwriteExistingUpload: appConfig.Anchore.OverwriteExistingImage, Timeout: appConfig.Anchore.ImportTimeout, diff --git a/internal/anchore/import.go b/internal/anchore/import.go index 694039112..14f630373 100644 --- a/internal/anchore/import.go +++ b/internal/anchore/import.go @@ -6,24 +6,19 @@ import ( "fmt" "time" - "github.com/antihax/optional" - "github.com/anchore/client-go/pkg/external" "github.com/anchore/stereoscope/pkg/image" "github.com/anchore/syft/internal/bus" - "github.com/anchore/syft/syft/distro" "github.com/anchore/syft/syft/event" - "github.com/anchore/syft/syft/pkg" - "github.com/anchore/syft/syft/source" + "github.com/anchore/syft/syft/sbom" + "github.com/antihax/optional" "github.com/wagoodman/go-partybus" "github.com/wagoodman/go-progress" ) type ImportConfig struct { ImageMetadata image.Metadata - SourceMetadata source.Metadata - Catalog *pkg.Catalog - Distro *distro.Distro + SBOM sbom.SBOM Dockerfile []byte OverwriteExistingUpload bool Timeout uint @@ -73,19 +68,19 @@ func (c *Client) Import(ctx context.Context, cfg ImportConfig) error { prog.N++ sessionID := startOperation.Uuid - packageDigest, err := importPackageSBOM(authedCtx, c.client.ImportsApi, sessionID, cfg.SourceMetadata, cfg.Catalog, cfg.Distro, stage) + packageDigest, err := importPackageSBOM(authedCtx, c.client.ImportsApi, sessionID, cfg.SBOM, stage) if err != nil { return fmt.Errorf("failed to import Package SBOM: %w", err) } prog.N++ - manifestDigest, err := importManifest(authedCtx, c.client.ImportsApi, sessionID, cfg.ImageMetadata.RawManifest, stage) + manifestDigest, err := importManifest(authedCtx, c.client.ImportsApi, sessionID, cfg.SBOM.Source.ImageMetadata.RawManifest, stage) if err != nil { return fmt.Errorf("failed to import Manifest: %w", err) } prog.N++ - configDigest, err := importConfig(authedCtx, c.client.ImportsApi, sessionID, cfg.ImageMetadata.RawConfig, stage) + configDigest, err := importConfig(authedCtx, c.client.ImportsApi, sessionID, cfg.SBOM.Source.ImageMetadata.RawConfig, stage) if err != nil { return fmt.Errorf("failed to import Config: %w", err) } diff --git a/internal/anchore/import_package_sbom.go b/internal/anchore/import_package_sbom.go index 01130d60f..cafdf72c1 100644 --- a/internal/anchore/import_package_sbom.go +++ b/internal/anchore/import_package_sbom.go @@ -14,30 +14,17 @@ import ( "github.com/wagoodman/go-progress" - "github.com/anchore/syft/syft/distro" - "github.com/anchore/syft/syft/source" - "github.com/anchore/client-go/pkg/external" "github.com/anchore/syft/internal/log" - "github.com/anchore/syft/syft/pkg" ) type packageSBOMImportAPI interface { ImportImagePackages(context.Context, string, external.ImagePackageManifest) (external.ImageImportContentResponse, *http.Response, error) } -func packageSbomModel(srcMetadata source.Metadata, catalog *pkg.Catalog, d *distro.Distro) (*external.ImagePackageManifest, error) { +func packageSbomModel(s sbom.SBOM) (*external.ImagePackageManifest, error) { var buf bytes.Buffer - // TODO: once the top-level API is refactored and SBOMs are the unit of work, then this function will be passed an SBOM and there would be no more need to create an SBOM object here. - s := sbom.SBOM{ - Artifacts: sbom.Artifacts{ - PackageCatalog: catalog, - Distro: d, - }, - Source: srcMetadata, - } - err := syftjson.Format().Presenter(s).Present(&buf) if err != nil { return nil, fmt.Errorf("unable to serialize results: %w", err) @@ -52,11 +39,11 @@ func packageSbomModel(srcMetadata source.Metadata, catalog *pkg.Catalog, d *dist return &model, nil } -func importPackageSBOM(ctx context.Context, api packageSBOMImportAPI, sessionID string, s source.Metadata, catalog *pkg.Catalog, d *distro.Distro, stage *progress.Stage) (string, error) { +func importPackageSBOM(ctx context.Context, api packageSBOMImportAPI, sessionID string, s sbom.SBOM, stage *progress.Stage) (string, error) { log.Debug("importing package SBOM") stage.Current = "package SBOM" - model, err := packageSbomModel(s, catalog, d) + model, err := packageSbomModel(s) if err != nil { return "", fmt.Errorf("unable to create PackageSBOM model: %w", err) } diff --git a/internal/anchore/import_package_sbom_test.go b/internal/anchore/import_package_sbom_test.go index 6acf9e551..906fe239a 100644 --- a/internal/anchore/import_package_sbom_test.go +++ b/internal/anchore/import_package_sbom_test.go @@ -74,7 +74,15 @@ func TestPackageSbomToModel(t *testing.T) { c := pkg.NewCatalog(p) - model, err := packageSbomModel(m, c, &d) + sbomResult := sbom.SBOM{ + Artifacts: sbom.Artifacts{ + PackageCatalog: c, + Distro: &d, + }, + Source: m, + } + + model, err := packageSbomModel(sbomResult) if err != nil { t.Fatalf("unable to generate model from source material: %+v", err) } @@ -197,7 +205,15 @@ func TestPackageSbomImport(t *testing.T) { d, _ := distro.NewDistro(distro.CentOS, "8.0", "") - theModel, err := packageSbomModel(m, catalog, &d) + sbomResult := sbom.SBOM{ + Artifacts: sbom.Artifacts{ + PackageCatalog: catalog, + Distro: &d, + }, + Source: m, + } + + theModel, err := packageSbomModel(sbomResult) if err != nil { t.Fatalf("could not get sbom model: %+v", err) } @@ -236,7 +252,7 @@ func TestPackageSbomImport(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { - digest, err := importPackageSBOM(context.TODO(), test.api, sessionID, m, catalog, &d, &progress.Stage{}) + digest, err := importPackageSBOM(context.TODO(), test.api, sessionID, sbomResult, &progress.Stage{}) // validate error handling if err != nil && !test.expectsError {