Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support syft #191

Merged
merged 28 commits into from
Jan 2, 2024
Merged

Support syft #191

merged 28 commits into from
Jan 2, 2024

Conversation

Daniel-GrunbergerCA
Copy link
Collaborator

@Daniel-GrunbergerCA Daniel-GrunbergerCA commented Nov 21, 2023
edited by codiumai-pr-agent bot

PR Type:

Enhancement

PR Description:

This PR introduces support for handling Software Bill of Materials (SBOMs) in Syft format. The changes are as follows:

  • Replaces the types of SPDX SBOMs with Syft ones in the watcher.
  • Updates the watcher tests to reflect these changes.
  • Fixes dependencies to the latest Storage version.

PR Main Files Walkthrough:

files:
  • watcher/watcher_test.go: Replaced SPDX SBOMs with Syft SBOMs in the test cases. Updated the expected SBOM names in the tests.
  • watcher/watcher.go: Replaced SPDX SBOMs with Syft SBOMs in the SBOM event handlers. Updated the SBOM watcher to handle Syft SBOMs.
  • go.sum: Updated the project dependencies.
  • go.mod: Updated the project dependencies.

User Description:

This PR introduces support for watching sboms and filteredsboms on syft format. It replaces the types of spdx sboms with syft ones.

Daniel Grunberger and others added 5 commits November 20, 2023 16:50
update watcher
8e16590 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
@vladklokun
fix: reconcile dependencies to latest Storage
3192624 
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
fix tests
175f845 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
rename test var
fe29a75 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
Merge branch 'main' into support-syft
05ab610 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
@codiumai-pr-agent codiumai-pr-agent bot added the enhancement New feature or request label Nov 21, 2023
@codiumai-pr-agent CodiumAI PR-Agent
Copy link

PR Analysis

  • 🎯 Main theme: The PR introduces support for handling Software Bill of Materials (SBOMs) in Syft format, replacing the types of SPDX SBOMs with Syft ones in the watcher and updating the watcher tests to reflect these changes.
  • 📝 PR summary: This PR is an enhancement that aims to support the Syft format for Software Bill of Materials (SBOMs). It involves changes in the watcher and its tests, replacing SPDX SBOMs with Syft SBOMs. The PR also updates the project dependencies to the latest Storage version.
  • 📌 Type of PR: Enhancement
  • 🧪 Relevant tests added: Yes
  • ⏱️ Estimated effort to review [1-5]: 3, because the PR involves changes in the core functionality of the watcher and its tests, which requires a good understanding of the existing codebase and the new Syft format for SBOMs.
  • 🔒 Security concerns: No security concerns found

PR Feedback

  • 💡 General suggestions: The PR seems to be well-structured and the changes are consistent with the stated goal of supporting the Syft format for SBOMs. It would be beneficial to ensure that the new format is fully compatible with the existing functionality and that all edge cases are covered in the tests.

  • 🤖 Code feedback:

How to use

Instructions

To invoke the PR-Agent, add a comment using one of the following commands:
/review: Request a review of your Pull Request.
/describe: Update the PR title and description based on the contents of the PR.
/improve [--extended]: Suggest code improvements. Extended mode provides a higher quality feedback.
/ask <QUESTION>: Ask a question about the PR.
/update_changelog: Update the changelog based on the PR's contents.
/add_docs: Generate docstring for new components introduced in the PR.
/generate_labels: Generate labels for the PR based on the PR's contents.
see the tools guide for more details.

To edit any configuration parameter from the configuration.toml, add --config_path=new_value.
For example: /review --pr_reviewer.extra_instructions="focus on the file: ..."
To list the possible configuration parameters, add a /config comment.

matthyx
matthyx reviewed Nov 21, 2023
View reviewed changes
go.mod Show resolved Hide resolved
update go version
a9de50e 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
@github-actions GitHub Actions
Copy link

Summary:

  • License scan: failure
  • Credentials scan: success
  • Vulnerabilities scan: success
  • Unit test: success
  • Go linting: failure

@matthyx
Copy link
Contributor

matthyx commented Nov 23, 2023

  • Go linting: failure

Can you check why?

@Daniel-GrunbergerCA
Copy link
Collaborator Author

Daniel-GrunbergerCA commented Nov 23, 2023
edited

  • Go linting: failure

Can you check why?

It's because I don't check the error returned:
Error return value of (github.com/kubescape/storage/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1.SBOMSPDXv2p3Interface).Delete is not checked (errcheck)

I don't check since it is deleting older spdx sboms, and we can't do anything it there is an error (also I have asked @vladklokun if he thinks we should leave this check)
There is also another place on the code where we didn't check before and I also don't check ..

amirmalka and others added 3 commits November 27, 2023 12:24
@amirmalka
error handling, restored commented-out code (#192)
db56b48 
Signed-off-by: Amir Malka <amirm@armosec.io>
@dwertent
Create scorecard.yml (#177)
739d889 
* Create scorecard.yml

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* Update README.md

Signed-off-by: David Wertenteil <dwertent@armosec.io>

---------

Signed-off-by: David Wertenteil <dwertent@armosec.io>
@amirmalka
comment delete (#193)
c220fcf 
Signed-off-by: Amir Malka <amirm@armosec.io>
dwertent
dwertent reviewed Dec 11, 2023
View reviewed changes
watcher/watcher.go
@@ -327,7 +327,7 @@ func (wh *WatchHandler) HandleSBOMEvents(sbomEvents <-chan watch.Event, errorCh
defer close(errorCh)

for event := range sbomEvents {
obj, ok := event.Object.(*spdxv1beta1.SBOMSummary)
obj, ok := event.Object.(*spdxv1beta1.SBOMSyft)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Daniel-GrunbergerCA Are we not using summary objects?

dwertent and others added 12 commits December 13, 2023 11:56
@dwertent
bump version
dc3b5d8 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
@dwertent
Merge pull request #194 from kubescape/backend-pkg
b8b4a44 
bump version
update readme
98c410d 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
@dwertent
Merge pull request #195 from kubescape/update-doc
d20d287 
update readme
@dwertent
adding makefile
8f8e664 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
@dwertent
bump k8s-interface pkg
1d3f32f 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
@dwertent
fixed tests
89d4da4 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
@dwertent
Merge pull request #197 from kubescape/fix-naming-convention
2683d24 
bump k8s-interface pkg
@dwertent
bump to version 155 (#198)
6c5d56d 
* bump to version 155

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* fix hash

Signed-off-by: David Wertenteil <dwertent@armosec.io>

---------

Signed-off-by: David Wertenteil <dwertent@armosec.io>
@dwertent
update watcher
08287f0 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
@vladklokun @dwertent
fix: reconcile dependencies to latest Storage
09fd59a 
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
@dwertent
fix tests
0b73ea0 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
Daniel Grunberger and others added 7 commits December 31, 2023 15:12
@dwertent
rename test var
8ab45f8 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
@dwertent
update go version
a269121 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
@dwertent
adding makefile
f12cd9e 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
@dwertent
update go mod
13ae84b 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
@dwertent
update watcher
099e9e3 
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
@dwertent
Merge branch 'support-syft' of github.com:armosec/k8s-ca-websocket in…
b5148bf 
…to support-syft

Signed-off-by: David Wertenteil <dwertent@armosec.io>
@dwertent
fixed test
0354d31 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 2, 2024

Summary:

  • License scan: failure
  • Credentials scan: success
  • Vulnerabilities scan: failure
  • Unit test: success
  • Go linting: failure

@dwertent dwertent merged commit cc84e9b into main Jan 2, 2024
6 of 7 checks passed
@dwertent dwertent deleted the support-syft branch January 2, 2024 06:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthyx matthyx matthyx left review comments

@dwertent dwertent dwertent left review comments

@vladklokun vladklokun Awaiting requested review from vladklokun

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Daniel-GrunbergerCA @matthyx @vladklokun @dwertent @amirmalka