use sbom.SBOM in ImportConfig (#621)

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2025-11-18 08:53:15 +01:00 · 2021-11-08 18:39:06 -05:00 · 2021-11-08 18:39:06 -05:00 · 9c27fa7b0b
commit 9c27fa7b0b
parent 9bbc9ff633
4 changed files with 37 additions and 43 deletions
--- a/cmd/packages.go
+++ b/cmd/packages.go
@ -14,10 +14,8 @@ import (
 	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/internal/ui"
 	"github.com/anchore/syft/syft"
 	"github.com/anchore/syft/syft/distro"
 	"github.com/anchore/syft/syft/event"
 	"github.com/anchore/syft/syft/format"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/sbom"
 	"github.com/anchore/syft/syft/source"
 	"github.com/pkg/profile"
@ -261,13 +259,6 @@ func packagesExecWorker(userInput string) <-chan error {
 			return
 		}
 		if appConfig.Anchore.Host != "" {
 			if err := runPackageSbomUpload(src, src.Metadata, catalog, d); err != nil {
 				errs <- err
 				return
 			}
 		}
 		sbomResult := sbom.SBOM{
 			Artifacts: sbom.Artifacts{
 				PackageCatalog: catalog,
@ -276,6 +267,13 @@ func packagesExecWorker(userInput string) <-chan error {
 			Source: src.Metadata,
 		}
 		if appConfig.Anchore.Host != "" {
 			if err := runPackageSbomUpload(src, sbomResult); err != nil {
 				errs <- err
 				return
 			}
 		}
 		bus.Publish(partybus.Event{
 			Type:  event.PresenterReady,
 			Value: f.Presenter(sbomResult),
@ -284,7 +282,7 @@ func packagesExecWorker(userInput string) <-chan error {
 	return errs
 }
-func runPackageSbomUpload(src *source.Source, s source.Metadata, catalog *pkg.Catalog, d *distro.Distro) error {
+func runPackageSbomUpload(src *source.Source, s sbom.SBOM) error {
 	log.Infof("uploading results to %s", appConfig.Anchore.Host)
 	if src.Metadata.Scheme != source.ImageScheme {
@ -319,9 +317,7 @@ func runPackageSbomUpload(src *source.Source, s source.Metadata, catalog *pkg.Ca
 	importCfg := anchore.ImportConfig{
 		ImageMetadata:           src.Image.Metadata,
-		SourceMetadata:          s,
+		SBOM:                    s,
 		Catalog:                 catalog,
 		Distro:                  d,
 		Dockerfile:              dockerfileContents,
 		OverwriteExistingUpload: appConfig.Anchore.OverwriteExistingImage,
 		Timeout:                 appConfig.Anchore.ImportTimeout,
--- a/internal/anchore/import.go
+++ b/internal/anchore/import.go
@ -6,24 +6,19 @@ import (
 	"fmt"
 	"time"
 	"github.com/antihax/optional"
 	"github.com/anchore/client-go/pkg/external"
 	"github.com/anchore/stereoscope/pkg/image"
 	"github.com/anchore/syft/internal/bus"
 	"github.com/anchore/syft/syft/distro"
 	"github.com/anchore/syft/syft/event"
-	"github.com/anchore/syft/syft/pkg"
+	"github.com/anchore/syft/syft/sbom"
-	"github.com/anchore/syft/syft/source"
+	"github.com/antihax/optional"
 	"github.com/wagoodman/go-partybus"
 	"github.com/wagoodman/go-progress"
 )
 type ImportConfig struct {
 	ImageMetadata           image.Metadata
-	SourceMetadata          source.Metadata
+	SBOM                    sbom.SBOM
 	Catalog                 *pkg.Catalog
 	Distro                  *distro.Distro
 	Dockerfile              []byte
 	OverwriteExistingUpload bool
 	Timeout                 uint
@ -73,19 +68,19 @@ func (c *Client) Import(ctx context.Context, cfg ImportConfig) error {
 	prog.N++
 	sessionID := startOperation.Uuid
-	packageDigest, err := importPackageSBOM(authedCtx, c.client.ImportsApi, sessionID, cfg.SourceMetadata, cfg.Catalog, cfg.Distro, stage)
+	packageDigest, err := importPackageSBOM(authedCtx, c.client.ImportsApi, sessionID, cfg.SBOM, stage)
 	if err != nil {
 		return fmt.Errorf("failed to import Package SBOM: %w", err)
 	}
 	prog.N++
-	manifestDigest, err := importManifest(authedCtx, c.client.ImportsApi, sessionID, cfg.ImageMetadata.RawManifest, stage)
+	manifestDigest, err := importManifest(authedCtx, c.client.ImportsApi, sessionID, cfg.SBOM.Source.ImageMetadata.RawManifest, stage)
 	if err != nil {
 		return fmt.Errorf("failed to import Manifest: %w", err)
 	}
 	prog.N++
-	configDigest, err := importConfig(authedCtx, c.client.ImportsApi, sessionID, cfg.ImageMetadata.RawConfig, stage)
+	configDigest, err := importConfig(authedCtx, c.client.ImportsApi, sessionID, cfg.SBOM.Source.ImageMetadata.RawConfig, stage)
 	if err != nil {
 		return fmt.Errorf("failed to import Config: %w", err)
 	}
--- a/internal/anchore/import_package_sbom.go
+++ b/internal/anchore/import_package_sbom.go
@ -14,30 +14,17 @@ import (
 	"github.com/wagoodman/go-progress"
 	"github.com/anchore/syft/syft/distro"
 	"github.com/anchore/syft/syft/source"
 	"github.com/anchore/client-go/pkg/external"
 	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/syft/pkg"
 )
 type packageSBOMImportAPI interface {
 	ImportImagePackages(context.Context, string, external.ImagePackageManifest) (external.ImageImportContentResponse, *http.Response, error)
 }
-func packageSbomModel(srcMetadata source.Metadata, catalog *pkg.Catalog, d *distro.Distro) (*external.ImagePackageManifest, error) {
+func packageSbomModel(s sbom.SBOM) (*external.ImagePackageManifest, error) {
 	var buf bytes.Buffer
 	// TODO: once the top-level API is refactored and SBOMs are the unit of work, then this function will be passed an SBOM and there would be no more need to create an SBOM object here.
 	s := sbom.SBOM{
 		Artifacts: sbom.Artifacts{
 			PackageCatalog: catalog,
 			Distro:         d,
 		},
 		Source: srcMetadata,
 	}
 	err := syftjson.Format().Presenter(s).Present(&buf)
 	if err != nil {
 		return nil, fmt.Errorf("unable to serialize results: %w", err)
@ -52,11 +39,11 @@ func packageSbomModel(srcMetadata source.Metadata, catalog *pkg.Catalog, d *dist
 	return &model, nil
 }
-func importPackageSBOM(ctx context.Context, api packageSBOMImportAPI, sessionID string, s source.Metadata, catalog *pkg.Catalog, d *distro.Distro, stage *progress.Stage) (string, error) {
+func importPackageSBOM(ctx context.Context, api packageSBOMImportAPI, sessionID string, s sbom.SBOM, stage *progress.Stage) (string, error) {
 	log.Debug("importing package SBOM")
 	stage.Current = "package SBOM"
-	model, err := packageSbomModel(s, catalog, d)
+	model, err := packageSbomModel(s)
 	if err != nil {
 		return "", fmt.Errorf("unable to create PackageSBOM model: %w", err)
 	}
--- a/internal/anchore/import_package_sbom_test.go
+++ b/internal/anchore/import_package_sbom_test.go
@ -74,7 +74,15 @@ func TestPackageSbomToModel(t *testing.T) {
 	c := pkg.NewCatalog(p)
-	model, err := packageSbomModel(m, c, &d)
+	sbomResult := sbom.SBOM{
 		Artifacts: sbom.Artifacts{
 			PackageCatalog: c,
 			Distro:         &d,
 		},
 		Source: m,
 	}
 	model, err := packageSbomModel(sbomResult)
 	if err != nil {
 		t.Fatalf("unable to generate model from source material: %+v", err)
 	}
@ -197,7 +205,15 @@ func TestPackageSbomImport(t *testing.T) {
 	d, _ := distro.NewDistro(distro.CentOS, "8.0", "")
-	theModel, err := packageSbomModel(m, catalog, &d)
+	sbomResult := sbom.SBOM{
 		Artifacts: sbom.Artifacts{
 			PackageCatalog: catalog,
 			Distro:         &d,
 		},
 		Source: m,
 	}
 	theModel, err := packageSbomModel(sbomResult)
 	if err != nil {
 		t.Fatalf("could not get sbom model: %+v", err)
 	}
@ -236,7 +252,7 @@ func TestPackageSbomImport(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			digest, err := importPackageSBOM(context.TODO(), test.api, sessionID, m, catalog, &d, &progress.Stage{})
+			digest, err := importPackageSBOM(context.TODO(), test.api, sessionID, sbomResult, &progress.Stage{})
 			// validate error handling
 			if err != nil && !test.expectsError {