diff --git a/agent/kubviz/trivy_sbom.go b/agent/kubviz/trivy_sbom.go index c0b697aa..fe9c5cf8 100644 --- a/agent/kubviz/trivy_sbom.go +++ b/agent/kubviz/trivy_sbom.go @@ -7,6 +7,7 @@ import ( "log" "os/exec" + "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx" "github.com/google/uuid" "github.com/intelops/kubviz/constants" "github.com/intelops/kubviz/model" @@ -14,8 +15,8 @@ import ( "k8s.io/client-go/rest" ) -func publishTrivySbomReport(report model.Sbom, js nats.JetStreamContext) error { - metrics := model.Reports{ +func publishTrivySbomReport(report cyclonedx.BOM, js nats.JetStreamContext) error { + metrics := model.Sbom{ ID: uuid.New().String(), Report: report, } @@ -67,7 +68,7 @@ func RunTrivySbomScan(config *rest.Config, js nats.JetStreamContext) error { continue // Move on to the next image } - var report model.Sbom + var report cyclonedx.BOM err = json.Unmarshal(out, &report) if err != nil { log.Printf("Error unmarshaling JSON data for image sbom %s: %v", image.PullableImage, err) diff --git a/client/pkg/clickhouse/db_client.go b/client/pkg/clickhouse/db_client.go index e517ebd1..7a9aaddb 100644 --- a/client/pkg/clickhouse/db_client.go +++ b/client/pkg/clickhouse/db_client.go @@ -33,7 +33,7 @@ type DBInterface interface { InsertGitEvent(string) InsertKubeScoreMetrics(model.KubeScoreRecommendations) InsertTrivyImageMetrics(metrics model.TrivyImage) - InsertTrivySbomMetrics(metrics model.Reports) + InsertTrivySbomMetrics(metrics model.Sbom) InsertTrivyMetrics(metrics model.Trivy) RetriveKetallEvent() ([]model.Resource, error) RetriveOutdatedEvent() ([]model.CheckResultfinal, error) @@ -600,55 +600,37 @@ func (c *DBClient) InsertTrivyImageMetrics(metrics model.TrivyImage) { } } -func (c *DBClient) InsertTrivySbomMetrics(metrics model.Reports) { +func (c *DBClient) InsertTrivySbomMetrics(metrics model.Sbom) { log.Println("####started inserting value") result := metrics.Report - tx, err := c.conn.Begin() - if err != nil { - log.Println("error in conn Begin", err) - } - defer tx.Rollback() - stmt, err := tx.Prepare(InsertTrivySbom) - if err != nil { - log.Println("error in prepare", err) - } - defer stmt.Close() - for _, com := range result.Components { - if len(result.Metadata.Tools) == 0 || len(com.Properties) == 0 || len(com.Hashes) == 0 || len(com.Licenses) == 0 { - continue + + if result.CycloneDX != nil { + var ( + tx, _ = c.conn.Begin() + stmt, _ = tx.Prepare(InsertTrivySbom) + ) + if _,err:= stmt.Exec( + metrics.ID, + result.CycloneDX.Metadata.Component.Name, + result.CycloneDX.Metadata.Component.PackageURL, + result.CycloneDX.Metadata.Component.BOMRef, + result.CycloneDX.SerialNumber, + result.CycloneDX.Version, + result.CycloneDX.BOMFormat, + result.CycloneDX.Metadata.Component.Version, + result.CycloneDX.Metadata.Component.MIMEType, + ); err!=nil { + log.Fatal(err) } - for _, depend := range result.Dependencies { - if _, err := stmt.Exec( - metrics.ID, - result.Schema, - result.BomFormat, - result.SpecVersion, - result.SerialNumber, - int32(result.Version), - result.Metadata.Timestamp, - result.Metadata.Tools[0].Vendor, - result.Metadata.Tools[0].Name, - result.Metadata.Tools[0].Version, - com.BomRef, - com.Type, - com.Name, - com.Version, - com.Properties[0].Name, - com.Properties[0].Value, - com.Hashes[0].Alg, - com.Hashes[0].Content, - com.Licenses[0].Expression, - com.Purl, - depend.Ref, - ); err != nil { - log.Fatal(err) - } + if err:=tx.Commit();err!=nil { + log.Fatal(err) } + stmt.Close() + }else { + log.Println("sbom payload not available for db insertion, skipping db insertion") + } - if err := tx.Commit(); err != nil { - log.Fatal(err) - } - log.Println("value inserted") + } func (c *DBClient) Close() { _ = c.conn.Close() diff --git a/client/pkg/clickhouse/statements.go b/client/pkg/clickhouse/statements.go index 8d2bb614..e1abea47 100644 --- a/client/pkg/clickhouse/statements.go +++ b/client/pkg/clickhouse/statements.go @@ -242,6 +242,6 @@ const InsertTrivyVul string = "INSERT INTO trivy_vul (id, cluster_name, namespac const InsertTrivyImage string = "INSERT INTO trivyimage (id, cluster_name, artifact_name, vul_id, vul_pkg_id, vul_pkg_name, vul_installed_version, vul_fixed_version, vul_title, vul_severity, vul_published_date, vul_last_modified_date) VALUES ( ?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertTrivyMisconfig string = "INSERT INTO trivy_misconfig (id, cluster_name, namespace, kind, name, misconfig_id, misconfig_avdid, misconfig_type, misconfig_title, misconfig_desc, misconfig_msg, misconfig_query, misconfig_resolution, misconfig_severity, misconfig_status, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertAzureContainerPushEvent DBStatement = "INSERT INTO azurecontainerpush (RegistryURL, RepositoryName, Tag, ImageName, Event, Size, SHAID, EventTime) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?)" -const InsertTrivySbom string = "INSERT INTO trivysbom (id, schema, bom_format,spec_version,serial_number, version, metadata_timestamp,metatool_vendor,metatool_name,metatool_version,component_bom_ref,component_type,component_name,component_version,component_property_name,component_property_value,component_hash_alg,component_hash_content,component_license_exp,component_purl,dependency_ref) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)" +const InsertTrivySbom string = "INSERT INTO trivysbom (id, image_name, package_url, bom_ref, serial_number, version, bom_format, component_version, component_mimetype) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)" const InsertQuayContainerPushEvent DBStatement = "INSERT INTO quaycontainerpush (name, repository, nameSpace, dockerURL, homePage, tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)" const InsertJfrogContainerPushEvent DBStatement = "INSERT INTO jfrogcontainerpush (Domain, EventType, RegistryURL, RepositoryName, SHAID, Size, ImageName, Tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" diff --git a/client/pkg/clients/kubviz_client.go b/client/pkg/clients/kubviz_client.go index 394bf8a1..e2208a4a 100644 --- a/client/pkg/clients/kubviz_client.go +++ b/client/pkg/clients/kubviz_client.go @@ -118,7 +118,7 @@ func (n *NATSContext) SubscribeAllKubvizNats(conn clickhouse.DBInterface) { Consumer: constants.Trivy_Sbom_Consumer, Handler: func(msg *nats.Msg) { msg.Ack() - var metrics model.Reports + var metrics model.Sbom err := json.Unmarshal(msg.Data, &metrics) if err != nil { log.Println("failed to unmarshal in nats", err) diff --git a/model/trivy_sbom.go b/model/trivy_sbom.go index bcbe7219..c6e6c850 100644 --- a/model/trivy_sbom.go +++ b/model/trivy_sbom.go @@ -1,59 +1,12 @@ package model import ( - "time" + "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx" ) -type Reports struct { +type Sbom struct { ID string - Report Sbom + Report cyclonedx.BOM } -type Sbom struct { - Schema string `json:"$schema"` - BomFormat string `json:"bomFormat"` - SpecVersion string `json:"specVersion"` - SerialNumber string `json:"serialNumber"` - Version int `json:"version"` - Metadata struct { - Timestamp time.Time `json:"timestamp"` - Tools []struct { - Vendor string `json:"vendor"` - Name string `json:"name"` - Version string `json:"version"` - } `json:"tools"` - Component struct { - BomRef string `json:"bom-ref"` - Type string `json:"type"` - Name string `json:"name"` - Purl string `json:"purl"` - Properties []struct { - Name string `json:"name"` - Value string `json:"value"` - } `json:"properties"` - } `json:"component"` - } `json:"metadata"` - Components []struct { - BomRef string `json:"bom-ref"` - Type string `json:"type"` - Name string `json:"name"` - Version string `json:"version"` - Properties []struct { - Name string `json:"name"` - Value string `json:"value"` - } `json:"properties"` - Hashes []struct { - Alg string `json:"alg"` - Content string `json:"content"` - } `json:"hashes,omitempty"` - Licenses []struct { - Expression string `json:"expression"` - } `json:"licenses,omitempty"` - Purl string `json:"purl,omitempty"` - } `json:"components"` - Dependencies []struct { - Ref string `json:"ref"` - DependsOn []string `json:"dependsOn"` - } `json:"dependencies"` - Vulnerabilities []interface{} `json:"vulnerabilities"` -} + diff --git a/sql/0000015_trivysbom.up.sql b/sql/0000015_trivysbom.up.sql index 76de0994..ece47761 100644 --- a/sql/0000015_trivysbom.up.sql +++ b/sql/0000015_trivysbom.up.sql @@ -1,25 +1,13 @@ CREATE TABLE IF NOT EXISTS trivysbom ( id UUID, - schema String, - bom_format String, - spec_version String, + image_name String, + package_url String, + bom_ref String, serial_number String, - version INTEGER, - metadata_timestamp DateTime('UTC'), - metatool_vendor String, - metatool_name String, - metatool_version String, - component_bom_ref String, - component_type String, - component_name String, + version INTEGER + bom_format String, component_version String, - component_property_name String, - component_property_value String, - component_hash_alg String, - component_hash_content String, - component_license_exp String, - component_purl String, - dependency_ref String, + component_mime_type String, ExpiryDate DateTime DEFAULT now() + INTERVAL {{.TTLValue}} {{.TTLUnit}} ) ENGINE = MergeTree() ORDER BY ExpiryDate