incomplete SBOM support

go.mod

@@ -5,7 +5,7 @@ go 1.19
 require (
 	github.com/armosec/utils-k8s-go v0.0.13
 	github.com/kubescape/go-logger v0.0.11
-	github.com/kubescape/k8s-interface v0.0.122
+	github.com/kubescape/k8s-interface v0.0.123
 	github.com/kubescape/storage v0.2.0
 	go.opentelemetry.io/otel v1.11.2
 	go.opentelemetry.io/otel/trace v1.11.2

go.sum

@@ -225,8 +225,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kubescape/go-logger v0.0.11 h1:oucpq2S7+DT7O+UclG5IrmHado/tj6+IkYf9czVk/aY=
 github.com/kubescape/go-logger v0.0.11/go.mod h1:yGiKBJ2lhq/kxzY/MVYDREL9fLV3RGD6gv+UFjslaew=
-github.com/kubescape/k8s-interface v0.0.122 h1:Aq6xf1wq+nl2UtLX6rjFaGULZxES8OlzvXNLQcZk9+0=
-github.com/kubescape/k8s-interface v0.0.122/go.mod h1:ENpA9SkkS6E3PIT+AaMu/JGkuyE04aUamY+a7WLqsJQ=
+github.com/kubescape/k8s-interface v0.0.123 h1:7KjQ1bHoaggzAPcufdT6NZeffyL4t0WWZBoaJ1tCgmY=
+github.com/kubescape/k8s-interface v0.0.123/go.mod h1:ENpA9SkkS6E3PIT+AaMu/JGkuyE04aUamY+a7WLqsJQ=
 github.com/kubescape/storage v0.2.0 h1:WZXy4Dyjf5ltEMtk0SOD9RFL1haS9ffFPGfs1gUV1aM=
 github.com/kubescape/storage v0.2.0/go.mod h1:sPE749pFNoxoskBn6JTpNQyguF2rv/u2kYqzRd3MvXw=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=

pkg/conthandler/container_main_handler.go

@@ -8,6 +8,7 @@ import (
 	v1 "sniffer/pkg/conthandler/v1"
 	accumulator "sniffer/pkg/event_data_storage"
 	"sniffer/pkg/sbom"
+	sbomV1 "sniffer/pkg/sbom/v1"
 	"sniffer/pkg/storageclient"
 	"strings"
 	"sync"
@@ -23,6 +24,7 @@ import (
 const (
 	RelevantCVEsService = "RelevantCVEsService"
 	StepGetSBOM         = "StepGetSBOM"
+	StepValidateSBOM         = "StepValidateSBOM"
 	StepEventAggregator = "StepEventAggregator"
 )
 
@@ -94,6 +96,13 @@ func (ch *ContainerHandler) afterTimerActions() error {
 				logger.L().Debug("failed to get SBOM", []helpers.IDetails{helpers.String("container ID", afterTimerActionsData.containerID), helpers.String("container name", containerData.event.GetContainerName()), helpers.String("k8s resource ", containerData.event.GetK8SWorkloadID()), helpers.Error(err)}...)
 				continue
 			}
+			if err = containerData.sbomClient.ValidateSBOM(); err != nil {
+				ctx, span := otel.Tracer("").Start(context.GetBackgroundContext(), "afterTimerActions")
+				logger.L().Ctx(ctx).Warning("SBOM is incomplete", []helpers.IDetails{helpers.String("container ID", afterTimerActionsData.containerID), helpers.String("container name", containerData.event.GetContainerName()), helpers.String("k8s resource ", containerData.event.GetK8SWorkloadID()), helpers.Error(err)}...)
+				containerData.syncChannel[StepValidateSBOM] <- err
+				span.End()
+				continue
+			}
 			if err = containerData.sbomClient.FilterSBOM(fileList); err != nil {
 				ctx, span := otel.Tracer("").Start(context.GetBackgroundContext(), "afterTimerActions")
 				logger.L().Ctx(ctx).Warning("failed to filter SBOM", []helpers.IDetails{helpers.String("container ID", afterTimerActionsData.containerID), helpers.String("container name", containerData.event.GetContainerName()), helpers.String("k8s resource", containerData.event.GetK8SWorkloadID()), helpers.Error(err)}...)
@@ -130,8 +139,11 @@ func (ch *ContainerHandler) startTimer(watchedContainer watchedContainerData, co
 			watchedContainer.snifferTicker.Stop()
 			err = containerHasTerminatedError
 		}
+	case err = <-watchedContainer.syncChannel[StepValidateSBOM]:
+		if errors.Is(err, sbomV1.SBOMIncomplete) {
+			return err
+		}
 	}
-
 	return err
 }
 
@@ -173,6 +185,9 @@ func (ch *ContainerHandler) startRelevancyProcess(contEvent v1.ContainerEventDat
 				logger.L().Ctx(ctx).Warning("container monitoring got drop events - we may miss some realtime data", helpers.String("container ID", contEvent.GetContainerID()), helpers.String("container name", contEvent.GetContainerName()), helpers.String("k8s resources", contEvent.GetK8SWorkloadID()), helpers.Error(err))
 			} else if errors.Is(err, containerHasTerminatedError) {
 				break
+			} else if errors.Is(err, sbomV1.SBOMIncomplete) {
+				logger.L().Ctx(ctx).Warning("container monitoring stopped - incomplete SBOM", helpers.String("container ID", contEvent.GetContainerID()), helpers.String("container name", contEvent.GetContainerName()), helpers.String("k8s resources", contEvent.GetK8SWorkloadID()), helpers.Error(err))
+				break
 			}
 		}
 		span.End()
@@ -214,6 +229,7 @@ func (ch *ContainerHandler) handleContainerRunningEvent(contEvent v1.ContainerEv
 		syncChannel: map[string]chan error{
 			StepGetSBOM:         make(chan error, 10),
 			StepEventAggregator: make(chan error, 10),
+			StepValidateSBOM: make(chan error, 10),
 		},
 	}
 	ch.watchedContainers.Store(contEvent.GetContainerID(), newWatchedContainer)

pkg/sbom/sbom.go

@@ -95,3 +95,7 @@ func (sc *SBOMStructure) CleanResources() {
 func IsAlreadyExist() error {
 	return errorsOfSBOM[DataAlreadyExist]
 }
+
+func (sc *SBOMStructure) ValidateSBOM() error {
+	return sc.SBOMData.ValidateSBOM()
+}

pkg/sbom/sbom_interface.go

@@ -2,6 +2,7 @@ package sbom
 
 type SBOMClient interface {
 	GetSBOM(imageID string) error
+	ValidateSBOM() error
 	FilterSBOM(sbomFileRelevantMap map[string]bool) error
 	StoreFilterSBOM(instanceID string) error
 	CleanResources()