diff --git a/api/v2.0/swagger.yaml b/api/v2.0/swagger.yaml index 8f4ffcdaf..abf048914 100644 --- a/api/v2.0/swagger.yaml +++ b/api/v2.0/swagger.yaml @@ -991,6 +991,12 @@ paths: type: boolean required: false default: false + - name: with_sbom_overview + in: query + description: Specify whether the SBOM overview is included in returning artifacts, when this option is true, the SBOM overview will be included in the response + type: boolean + required: false + default: false - name: with_signature in: query description: Specify whether the signature is included inside the tags of the returning artifacts. Only works when setting "with_tag=true" @@ -1096,6 +1102,12 @@ paths: type: boolean required: false default: false + - name: with_sbom_overview + in: query + description: Specify whether the SBOM overview is included in returning artifact, when this option is true, the SBOM overview will be included in the response + type: boolean + required: false + default: false - name: with_accessory in: query description: Specify whether the accessories are included of the returning artifacts. @@ -1164,6 +1176,11 @@ paths: - $ref: '#/parameters/projectName' - $ref: '#/parameters/repositoryName' - $ref: '#/parameters/reference' + - name: scan_request_type + in: body + required: false + schema: + $ref: '#/definitions/ScanRequestType' responses: '202': $ref: '#/responses/202' @@ -1432,7 +1449,7 @@ paths: in: path description: The type of addition. type: string - enum: [build_history, values.yaml, readme.md, dependencies] + enum: [build_history, values.yaml, readme.md, dependencies, sbom] required: true responses: '200': @@ -6592,6 +6609,9 @@ definitions: scan_overview: $ref: '#/definitions/ScanOverview' description: The overview of the scan result. + sbom_overview: + $ref: '#/definitions/SBOMOverview' + description: The overview of the generating SBOM progress accessories: type: array items: @@ -6738,11 +6758,47 @@ definitions: type: string description: Version of the scanner adapter example: "v0.9.1" + ScanRequestType: + type: object + properties: + scan_type: + type: string + description: 'The scan type for the scan request. Two options are currently supported, vulnerability and sbom' + enum: [vulnerability, sbom] ScanOverview: type: object description: 'The scan overview attached in the metadata of tag' additionalProperties: $ref: '#/definitions/NativeReportSummary' + SBOMOverview: + type: object + description: 'The generate SBOM overview information' + properties: + start_time: + type: string + format: date-time + description: 'The start time of the generating sbom report task' + example: '2006-01-02T14:04:05Z' + end_time: + type: string + format: date-time + description: 'The end time of the generating sbom report task' + example: '2006-01-02T15:04:05Z' + scan_status: + type: string + description: 'The status of the generating SBOM task' + sbom_digest: + type: string + description: 'The digest of the generated SBOM accessory' + report_id: + type: string + description: 'id of the native scan report' + example: '5f62c830-f996-11e9-957f-0242c0a89008' + duration: + type: integer + format: int64 + description: 'Time in seconds required to create the report' + example: 300 NativeReportSummary: type: object description: 'The summary for the native report' @@ -8368,7 +8424,12 @@ definitions: default: "" description: Indicate the healthy of the registration example: "healthy" - + capabilities: + type: object + description: Indicates the capabilities of the scanner, e.g. support_vulnerability or support_sbom. + additionalProperties: True + example: {"support_vulnerability": true, "support_sbom": true} + ScannerRegistrationReq: type: object required: diff --git a/src/controller/scan/options.go b/src/controller/scan/options.go index a87644833..f62e2205e 100644 --- a/src/controller/scan/options.go +++ b/src/controller/scan/options.go @@ -18,6 +18,15 @@ package scan type Options struct { ExecutionID int64 // The execution id to scan artifact Tag string // The tag of the artifact to scan + ScanType string // The scan type could be sbom or vulnerability +} + +// GetScanType returns the scan type. for backward compatibility, the default type is vulnerability. +func (o *Options) GetScanType() string { + if len(o.ScanType) == 0 { + o.ScanType = "vulnerability" + } + return o.ScanType } // Option represents an option item by func template. @@ -44,3 +53,11 @@ func WithTag(tag string) Option { return nil } } + +// WithScanType set the scanType +func WithScanType(scanType string) Option { + return func(options *Options) error { + options.ScanType = scanType + return nil + } +} diff --git a/src/server/v2.0/handler/scan.go b/src/server/v2.0/handler/scan.go index 8691246e5..e58e12a84 100644 --- a/src/server/v2.0/handler/scan.go +++ b/src/server/v2.0/handler/scan.go @@ -82,6 +82,9 @@ func (s *scanAPI) ScanArtifact(ctx context.Context, params operation.ScanArtifac if !distribution.IsDigest(params.Reference) { options = append(options, scan.WithTag(params.Reference)) } + if params.ScanRequestType != nil && validScanType(params.ScanRequestType.ScanType) { + options = append(options, scan.WithScanType(params.ScanRequestType.ScanType)) + } if err := s.scanCtl.Scan(ctx, artifact, options...); err != nil { return s.SendError(ctx, err) @@ -112,3 +115,7 @@ func (s *scanAPI) GetReportLog(ctx context.Context, params operation.GetReportLo return operation.NewGetReportLogOK().WithPayload(string(bytes)) } + +func validScanType(scanType string) bool { + return scanType == "sbom" || scanType == "vulnerability" +}