Separate the execution vendor type sbom from image_scan

fixes goharbor#20495 Signed-off-by: stonezdj <stone.zhang@broadcom.com>
stonezdj · May 28, 2024 · 44fb1d3 · 44fb1d3
1 parent 1f0c828
commit 44fb1d3
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 2 deletions.
diff --git a/src/controller/scan/base_controller.go b/src/controller/scan/base_controller.go
@@ -333,7 +333,11 @@ func (bc *basicController) Scan(ctx context.Context, artifact *ar.Artifact, opti
 		if op := operator.FromContext(ctx); op != "" {
 			extraAttrs["operator"] = op
 		}
-		executionID, err := bc.execMgr.Create(ctx, job.ImageScanJobVendorType, artifact.ID, task.ExecutionTriggerManual, extraAttrs)
+		vendorType := handler.JobVendorType()
+		// for vulnerability and generate sbom, use different vendor type
+		// because the execution reaper only keep the latest one execution for the same vendor type
+		// both vulnerability and sbom need to keep the latest scan execution to get the latest scan status
+		executionID, err := bc.execMgr.Create(ctx, vendorType, artifact.ID, task.ExecutionTriggerManual, extraAttrs)
 		if err != nil {
 			return err
 		}
@@ -960,7 +964,8 @@ func (bc *basicController) launchScanJob(ctx context.Context, param *launchScanJ
 	params[sca.JobParameterRequest] = sJSON
 	params[sca.JobParameterMimes] = mimes
 	params[sca.JobParameterRobot] = robotJSON
-
+	// because there is only one task type implementation
+	// both the vulnerability scan and generate sbom use the same job type for now
 	j := &task.Job{
 		Name: job.ImageScanJobVendorType,
 		Metadata: &job.Metadata{

diff --git a/src/jobservice/job/known_jobs.go b/src/jobservice/job/known_jobs.go
@@ -22,6 +22,8 @@ const (
 
 	// ImageScanJobVendorType is name of scan job it will be used as key to register to job service.
 	ImageScanJobVendorType = "IMAGE_SCAN"
+	// SBOMJobVendorType is name of SBOM job it will be used as key to register to job service.
+	SBOMJobVendorType = "SBOM"
 	// GarbageCollectionVendorType job name
 	GarbageCollectionVendorType = "GARBAGE_COLLECTION"
 	// ReplicationVendorType : the name of the replication job in job service
@@ -52,6 +54,7 @@ var (
 	// executionSweeperCount stores the count for execution retained
 	executionSweeperCount = map[string]int64{
 		ImageScanJobVendorType:          1,
+		SBOMJobVendorType:               1,
 		ScanAllVendorType:               1,
 		PurgeAuditVendorType:            10,
 		ExecSweepVendorType:             10,

diff --git a/src/pkg/scan/handler.go b/src/pkg/scan/handler.go
@@ -50,6 +50,8 @@ type Handler interface {
 	// PostScan defines the operation after scan
 	PostScan(ctx job.Context, sr *v1.ScanRequest, rp *scan.Report, rawReport string, startTime time.Time, robot *model.Robot) (string, error)
 	ReportHandler
+	// JobVendorType returns the job vendor type
+	JobVendorType() string
 }
 
 // ReportHandler handler for scan report, it could be sbom report or vulnerability report

diff --git a/src/pkg/scan/sbom/sbom.go b/src/pkg/scan/sbom/sbom.go
@@ -345,3 +345,7 @@ func (h *scanHandler) GetSummary(ctx context.Context, art *artifact.Artifact, mi
 	err = json.Unmarshal([]byte(reportContent), &result)
 	return result, err
 }
+
+func (h *scanHandler) JobVendorType() string {
+	return job.SBOMJobVendorType
+}
diff --git a/src/pkg/scan/vulnerability/vul.go b/src/pkg/scan/vulnerability/vul.go
@@ -301,3 +301,7 @@ func (h *scanHandler) GetSummary(ctx context.Context, ar *artifact.Artifact, mim
 
 	return summaries, nil
 }
+
+func (h *scanHandler) JobVendorType() string {
+	return job.ImageScanJobVendorType
+}