Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(sbom): scan results of SBOMs generated from container images are missing layers #7635

Conversation

fabriziosestito
Copy link
Contributor

@fabriziosestito fabriziosestito commented Oct 2, 2024

Description

When scanning a SBOM generated from a container image, layers are missing from the scan results.
This happens because layers are explicitly removed if the scanned artifact is not of the type container image.
However, this removes the layers when a container image SBOM is generated from a container image.
Moreover, setting layers to an empty value is not needed as layers are not present when scanning artifacts that are not container images or SBOMs of container images anyway.

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@CLAassistant
Copy link

CLAassistant commented Oct 2, 2024

CLA assistant check
All committers have signed the CLA.

@fabriziosestito fabriziosestito changed the title fix(scanner): scan results of SBOMs generated from container images are missing layers fix(sbom): scan results of SBOMs generated from container images are missing layers Oct 2, 2024
@fabriziosestito fabriziosestito force-pushed the fix/scan-from-containers-sbom-missing-layers branch from 0205c55 to 845bfb8 Compare October 2, 2024 12:21
@knqyf263
Copy link
Collaborator

Thanks for your contribution. Could you fix tests?

@fabriziosestito
Copy link
Contributor Author

fabriziosestito commented Oct 17, 2024

@knqyf263 I've updated the existing integration tests and fixtures in 83479df

@knqyf263
Copy link
Collaborator

@DmitriyLewen Would you also take a look?

Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried, but couldn't think of a issues for these changes 😄
Approved.

cc. @knqyf263

@knqyf263 knqyf263 enabled auto-merge December 11, 2024 16:20
@knqyf263 knqyf263 added this pull request to the merge queue Dec 11, 2024
Merged via the queue into aquasecurity:main with commit f9fceb5 Dec 11, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants