diff --git a/src/controller/artifact/model.go b/src/controller/artifact/model.go index b1bb37795..0953fd069 100644 --- a/src/controller/artifact/model.go +++ b/src/controller/artifact/model.go @@ -80,6 +80,19 @@ func (artifact *Artifact) SetAdditionLink(addition, version string) { artifact.AdditionLinks[addition] = &AdditionLink{HREF: href, Absolute: false} } +func (artifact *Artifact) SetSBOMAdditionLink(sbomDgst string, version string) { + if artifact.AdditionLinks == nil { + artifact.AdditionLinks = make(map[string]*AdditionLink) + } + addition := "sboms" + projectName, repo := utils.ParseRepository(artifact.RepositoryName) + // encode slash as %252F + repo = repository.Encode(repo) + href := fmt.Sprintf("/api/%s/projects/%s/repositories/%s/artifacts/%s/additions/%s", version, projectName, repo, sbomDgst, addition) + + artifact.AdditionLinks[addition] = &AdditionLink{HREF: href, Absolute: false} +} + // AdditionLink is a link via that the addition can be fetched type AdditionLink struct { HREF string `json:"href"` diff --git a/src/server/v2.0/handler/assembler/report.go b/src/server/v2.0/handler/assembler/report.go index 51b0df460..88140ba11 100644 --- a/src/server/v2.0/handler/assembler/report.go +++ b/src/server/v2.0/handler/assembler/report.go @@ -29,6 +29,7 @@ import ( const ( vulnerabilitiesAddition = "vulnerabilities" + sbomAddition = "sbom" ) // NewScanReportAssembler returns vul assembler @@ -38,7 +39,6 @@ func NewScanReportAssembler(option *model.OverviewOptions, mimeTypes []string) * scanChecker: scan.NewChecker(), scanCtl: scan.DefaultController, mimeTypes: mimeTypes, - executionMgr: task.ExecMgr, } } @@ -88,6 +88,9 @@ func (assembler *ScanReportAssembler) Assemble(ctx context.Context) error { } } } + + // set sbom additional link if it is supported, use the empty digest + artifact.SetSBOMAdditionLink("", version) if assembler.overviewOption.WithSBOM { overview, err := assembler.scanCtl.GetSummary(ctx, &artifact.Artifact, []string{v1.MimeTypeSBOMReport}) if err != nil { @@ -125,6 +128,10 @@ func (assembler *ScanReportAssembler) Assemble(ctx context.Context) error { sbomModel.ReportID: overview[sbomModel.ReportID], sbomModel.Scanner: overview[sbomModel.Scanner], } + if sbomDgst, ok := overview[sbomModel.SBOMDigest].(string); ok { + // set additional link for sbom digest + artifact.SetSBOMAdditionLink(sbomDgst, version) + } } } return nil diff --git a/src/server/v2.0/handler/assembler/report_test.go b/src/server/v2.0/handler/assembler/report_test.go index 88ff6a3bd..003632068 100644 --- a/src/server/v2.0/handler/assembler/report_test.go +++ b/src/server/v2.0/handler/assembler/report_test.go @@ -51,7 +51,7 @@ func (suite *VulAssemblerTestSuite) TestScannable() { var artifact model.Artifact suite.Nil(assembler.WithArtifacts(&artifact).Assemble(context.TODO())) - suite.Len(artifact.AdditionLinks, 1) + suite.Len(artifact.AdditionLinks, 2) suite.Equal(artifact.ScanOverview, summary) }