Add SBOM scan REST API (#20215)

Update swagger API for generate SBOM

Signed-off-by: stonezdj <daojunz@vmware.com>
Co-authored-by: stonezdj <daojunz@vmware.com>
This commit is contained in:
stonezdj(Daojun Zhang) 2024-04-03 16:38:09 +08:00 committed by GitHub
parent b6366e03e9
commit dd76fe47ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 87 additions and 2 deletions

View File

@ -991,6 +991,12 @@ paths:
type: boolean
required: false
default: false
- name: with_sbom_overview
in: query
description: Specify whether the SBOM overview is included in returning artifacts, when this option is true, the SBOM overview will be included in the response
type: boolean
required: false
default: false
- name: with_signature
in: query
description: Specify whether the signature is included inside the tags of the returning artifacts. Only works when setting "with_tag=true"
@ -1096,6 +1102,12 @@ paths:
type: boolean
required: false
default: false
- name: with_sbom_overview
in: query
description: Specify whether the SBOM overview is included in returning artifact, when this option is true, the SBOM overview will be included in the response
type: boolean
required: false
default: false
- name: with_accessory
in: query
description: Specify whether the accessories are included of the returning artifacts.
@ -1164,6 +1176,11 @@ paths:
- $ref: '#/parameters/projectName'
- $ref: '#/parameters/repositoryName'
- $ref: '#/parameters/reference'
- name: scan_request_type
in: body
required: false
schema:
$ref: '#/definitions/ScanRequestType'
responses:
'202':
$ref: '#/responses/202'
@ -1432,7 +1449,7 @@ paths:
in: path
description: The type of addition.
type: string
enum: [build_history, values.yaml, readme.md, dependencies]
enum: [build_history, values.yaml, readme.md, dependencies, sbom]
required: true
responses:
'200':
@ -6592,6 +6609,9 @@ definitions:
scan_overview:
$ref: '#/definitions/ScanOverview'
description: The overview of the scan result.
sbom_overview:
$ref: '#/definitions/SBOMOverview'
description: The overview of the generating SBOM progress
accessories:
type: array
items:
@ -6738,11 +6758,47 @@ definitions:
type: string
description: Version of the scanner adapter
example: "v0.9.1"
ScanRequestType:
type: object
properties:
scan_type:
type: string
description: 'The scan type for the scan request. Two options are currently supported, vulnerability and sbom'
enum: [vulnerability, sbom]
ScanOverview:
type: object
description: 'The scan overview attached in the metadata of tag'
additionalProperties:
$ref: '#/definitions/NativeReportSummary'
SBOMOverview:
type: object
description: 'The generate SBOM overview information'
properties:
start_time:
type: string
format: date-time
description: 'The start time of the generating sbom report task'
example: '2006-01-02T14:04:05Z'
end_time:
type: string
format: date-time
description: 'The end time of the generating sbom report task'
example: '2006-01-02T15:04:05Z'
scan_status:
type: string
description: 'The status of the generating SBOM task'
sbom_digest:
type: string
description: 'The digest of the generated SBOM accessory'
report_id:
type: string
description: 'id of the native scan report'
example: '5f62c830-f996-11e9-957f-0242c0a89008'
duration:
type: integer
format: int64
description: 'Time in seconds required to create the report'
example: 300
NativeReportSummary:
type: object
description: 'The summary for the native report'
@ -8368,6 +8424,11 @@ definitions:
default: ""
description: Indicate the healthy of the registration
example: "healthy"
capabilities:
type: object
description: Indicates the capabilities of the scanner, e.g. support_vulnerability or support_sbom.
additionalProperties: True
example: {"support_vulnerability": true, "support_sbom": true}
ScannerRegistrationReq:
type: object

View File

@ -18,6 +18,15 @@ package scan
type Options struct {
ExecutionID int64 // The execution id to scan artifact
Tag string // The tag of the artifact to scan
ScanType string // The scan type could be sbom or vulnerability
}
// GetScanType returns the scan type. for backward compatibility, the default type is vulnerability.
func (o *Options) GetScanType() string {
if len(o.ScanType) == 0 {
o.ScanType = "vulnerability"
}
return o.ScanType
}
// Option represents an option item by func template.
@ -44,3 +53,11 @@ func WithTag(tag string) Option {
return nil
}
}
// WithScanType set the scanType
func WithScanType(scanType string) Option {
return func(options *Options) error {
options.ScanType = scanType
return nil
}
}

View File

@ -82,6 +82,9 @@ func (s *scanAPI) ScanArtifact(ctx context.Context, params operation.ScanArtifac
if !distribution.IsDigest(params.Reference) {
options = append(options, scan.WithTag(params.Reference))
}
if params.ScanRequestType != nil && validScanType(params.ScanRequestType.ScanType) {
options = append(options, scan.WithScanType(params.ScanRequestType.ScanType))
}
if err := s.scanCtl.Scan(ctx, artifact, options...); err != nil {
return s.SendError(ctx, err)
@ -112,3 +115,7 @@ func (s *scanAPI) GetReportLog(ctx context.Context, params operation.GetReportLo
return operation.NewGetReportLogOK().WithPayload(string(bytes))
}
func validScanType(scanType string) bool {
return scanType == "sbom" || scanType == "vulnerability"
}