Merge branch 'intelops:main' into main

intelops · Nov 8, 2023 · 0b0aa70 · 0b0aa70
2 parents ff1eb52 + 25c6bf4
commit 0b0aa70
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 119 deletions.
diff --git a/agent/kubviz/trivy_sbom.go b/agent/kubviz/trivy_sbom.go
@@ -7,15 +7,16 @@ import (
 	"log"
 	"os/exec"
 
+	"github.com/aquasecurity/trivy/pkg/sbom/cyclonedx"
 	"github.com/google/uuid"
 	"github.com/intelops/kubviz/constants"
 	"github.com/intelops/kubviz/model"
 	"github.com/nats-io/nats.go"
 	"k8s.io/client-go/rest"
 )
 
-func publishTrivySbomReport(report model.Sbom, js nats.JetStreamContext) error {
-	metrics := model.Reports{
+func publishTrivySbomReport(report cyclonedx.BOM, js nats.JetStreamContext) error {
+	metrics := model.Sbom{
 		ID:     uuid.New().String(),
 		Report: report,
 	}
@@ -67,7 +68,7 @@ func RunTrivySbomScan(config *rest.Config, js nats.JetStreamContext) error {
 			continue // Move on to the next image
 		}
 
-		var report model.Sbom
+		var report cyclonedx.BOM
 		err = json.Unmarshal(out, &report)
 		if err != nil {
 			log.Printf("Error unmarshaling JSON data for image sbom %s: %v", image.PullableImage, err)

diff --git a/client/pkg/clickhouse/db_client.go b/client/pkg/clickhouse/db_client.go
@@ -33,7 +33,7 @@ type DBInterface interface {
 	InsertGitEvent(string)
 	InsertKubeScoreMetrics(model.KubeScoreRecommendations)
 	InsertTrivyImageMetrics(metrics model.TrivyImage)
-	InsertTrivySbomMetrics(metrics model.Reports)
+	InsertTrivySbomMetrics(metrics model.Sbom)
 	InsertTrivyMetrics(metrics model.Trivy)
 	RetriveKetallEvent() ([]model.Resource, error)
 	RetriveOutdatedEvent() ([]model.CheckResultfinal, error)
@@ -600,55 +600,37 @@ func (c *DBClient) InsertTrivyImageMetrics(metrics model.TrivyImage) {
 
 	}
 }
-func (c *DBClient) InsertTrivySbomMetrics(metrics model.Reports) {
+func (c *DBClient) InsertTrivySbomMetrics(metrics model.Sbom) {
 	log.Println("####started inserting value")
 	result := metrics.Report
-	tx, err := c.conn.Begin()
-	if err != nil {
-		log.Println("error in conn Begin", err)
-	}
-	defer tx.Rollback()
-	stmt, err := tx.Prepare(InsertTrivySbom)
-	if err != nil {
-		log.Println("error in prepare", err)
-	}
-	defer stmt.Close()
-	for _, com := range result.Components {
-		if len(result.Metadata.Tools) == 0 || len(com.Properties) == 0 || len(com.Hashes) == 0 || len(com.Licenses) == 0 {
-			continue
+
+	if result.CycloneDX != nil {
+        var (
+            tx, _   = c.conn.Begin()
+            stmt, _ = tx.Prepare(InsertTrivySbom)
+        )
+		if _,err:= stmt.Exec(
+			metrics.ID,
+			result.CycloneDX.Metadata.Component.Name,
+			result.CycloneDX.Metadata.Component.PackageURL,
+			result.CycloneDX.Metadata.Component.BOMRef,
+			result.CycloneDX.SerialNumber,
+			result.CycloneDX.Version,
+			result.CycloneDX.BOMFormat,
+			result.CycloneDX.Metadata.Component.Version,
+			result.CycloneDX.Metadata.Component.MIMEType,
+		); err!=nil {
+			log.Fatal(err)
 		}
-		for _, depend := range result.Dependencies {
-			if _, err := stmt.Exec(
-				metrics.ID,
-				result.Schema,
-				result.BomFormat,
-				result.SpecVersion,
-				result.SerialNumber,
-				int32(result.Version),
-				result.Metadata.Timestamp,
-				result.Metadata.Tools[0].Vendor,
-				result.Metadata.Tools[0].Name,
-				result.Metadata.Tools[0].Version,
-				com.BomRef,
-				com.Type,
-				com.Name,
-				com.Version,
-				com.Properties[0].Name,
-				com.Properties[0].Value,
-				com.Hashes[0].Alg,
-				com.Hashes[0].Content,
-				com.Licenses[0].Expression,
-				com.Purl,
-				depend.Ref,
-			); err != nil {
-				log.Fatal(err)
-			}
+		if err:=tx.Commit();err!=nil {
+			log.Fatal(err)
 		}
+		stmt.Close()
+	}else {
+		log.Println("sbom payload not available for db insertion, skipping db insertion")
+
 	}
-	if err := tx.Commit(); err != nil {
-		log.Fatal(err)
-	}
-	log.Println("value inserted")
+
 }
 func (c *DBClient) Close() {
 	_ = c.conn.Close()

diff --git a/client/pkg/clickhouse/statements.go b/client/pkg/clickhouse/statements.go
@@ -242,6 +242,6 @@ const InsertTrivyVul string = "INSERT INTO trivy_vul (id, cluster_name, namespac
 const InsertTrivyImage string = "INSERT INTO trivyimage (id, cluster_name, artifact_name, vul_id,  vul_pkg_id, vul_pkg_name,  vul_installed_version, vul_fixed_version, vul_title, vul_severity, vul_published_date, vul_last_modified_date) VALUES ( ?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
 const InsertTrivyMisconfig string = "INSERT INTO trivy_misconfig (id, cluster_name, namespace, kind, name, misconfig_id, misconfig_avdid, misconfig_type, misconfig_title, misconfig_desc, misconfig_msg, misconfig_query, misconfig_resolution, misconfig_severity, misconfig_status, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
 const InsertAzureContainerPushEvent DBStatement = "INSERT INTO azurecontainerpush (RegistryURL, RepositoryName, Tag, ImageName, Event, Size, SHAID, EventTime) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?)"
-const InsertTrivySbom string = "INSERT INTO trivysbom (id, schema, bom_format,spec_version,serial_number,  version, metadata_timestamp,metatool_vendor,metatool_name,metatool_version,component_bom_ref,component_type,component_name,component_version,component_property_name,component_property_value,component_hash_alg,component_hash_content,component_license_exp,component_purl,dependency_ref) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"
+const InsertTrivySbom string = "INSERT INTO trivysbom (id, image_name, package_url, bom_ref, serial_number, version, bom_format, component_version, component_mimetype) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"
 const InsertQuayContainerPushEvent DBStatement = "INSERT INTO quaycontainerpush (name, repository, nameSpace, dockerURL, homePage, tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"
 const InsertJfrogContainerPushEvent DBStatement = "INSERT INTO jfrogcontainerpush (Domain, EventType, RegistryURL, RepositoryName, SHAID, Size, ImageName, Tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
diff --git a/client/pkg/clients/kubviz_client.go b/client/pkg/clients/kubviz_client.go
@@ -118,7 +118,7 @@ func (n *NATSContext) SubscribeAllKubvizNats(conn clickhouse.DBInterface) {
 			Consumer: constants.Trivy_Sbom_Consumer,
 			Handler: func(msg *nats.Msg) {
 				msg.Ack()
-				var metrics model.Reports
+				var metrics model.Sbom
 				err := json.Unmarshal(msg.Data, &metrics)
 				if err != nil {
 					log.Println("failed to unmarshal in nats", err)

diff --git a/model/trivy_sbom.go b/model/trivy_sbom.go
@@ -1,59 +1,12 @@
 package model
 
 import (
-	"time"
+	"github.com/aquasecurity/trivy/pkg/sbom/cyclonedx"
 )
 
-type Reports struct {
+type Sbom struct {
 	ID     string
-	Report Sbom
+	Report cyclonedx.BOM
 }
 
-type Sbom struct {
-	Schema       string `json:"$schema"`
-	BomFormat    string `json:"bomFormat"`
-	SpecVersion  string `json:"specVersion"`
-	SerialNumber string `json:"serialNumber"`
-	Version      int    `json:"version"`
-	Metadata     struct {
-		Timestamp time.Time `json:"timestamp"`
-		Tools     []struct {
-			Vendor  string `json:"vendor"`
-			Name    string `json:"name"`
-			Version string `json:"version"`
-		} `json:"tools"`
-		Component struct {
-			BomRef     string `json:"bom-ref"`
-			Type       string `json:"type"`
-			Name       string `json:"name"`
-			Purl       string `json:"purl"`
-			Properties []struct {
-				Name  string `json:"name"`
-				Value string `json:"value"`
-			} `json:"properties"`
-		} `json:"component"`
-	} `json:"metadata"`
-	Components []struct {
-		BomRef     string `json:"bom-ref"`
-		Type       string `json:"type"`
-		Name       string `json:"name"`
-		Version    string `json:"version"`
-		Properties []struct {
-			Name  string `json:"name"`
-			Value string `json:"value"`
-		} `json:"properties"`
-		Hashes []struct {
-			Alg     string `json:"alg"`
-			Content string `json:"content"`
-		} `json:"hashes,omitempty"`
-		Licenses []struct {
-			Expression string `json:"expression"`
-		} `json:"licenses,omitempty"`
-		Purl string `json:"purl,omitempty"`
-	} `json:"components"`
-	Dependencies []struct {
-		Ref       string   `json:"ref"`
-		DependsOn []string `json:"dependsOn"`
-	} `json:"dependencies"`
-	Vulnerabilities []interface{} `json:"vulnerabilities"`
-}
+
diff --git a/sql/0000015_trivysbom.up.sql b/sql/0000015_trivysbom.up.sql
@@ -1,25 +1,13 @@
 CREATE TABLE IF NOT EXISTS trivysbom (
 	id                    UUID,
-	schema                String,
-	bom_format            String,
-	spec_version          String,
+	image_name            String,
+	package_url           String,
+	bom_ref 			  String,
 	serial_number         String,
-	version               INTEGER,
-	metadata_timestamp    DateTime('UTC'),
-	metatool_vendor       String,
-	metatool_name         String,
-	metatool_version      String,
-	component_bom_ref     String,
-	component_type        String,
-	component_name        String,
+	version 			  INTEGER
+	bom_format 			  String,
 	component_version     String,
-	component_property_name String,
-	component_property_value String,
-	component_hash_alg    String,
-	component_hash_content String,
-	component_license_exp String,
-	component_purl        String,
-	dependency_ref        String,
+	component_mime_type   String,
 	ExpiryDate DateTime DEFAULT now() + INTERVAL {{.TTLValue}} {{.TTLUnit}}
 ) ENGINE = MergeTree() 
 ORDER BY ExpiryDate