Merge pull request #119 from paketo-buildpacks/sbom-fix

Added support to create launch sbom
paketo-buildpacks · Nov 25, 2021 · 73823fb · 73823fb
2 parents fa1f905 + afafafc
commit 73823fb
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/native/build.go b/native/build.go
@@ -20,6 +20,9 @@ import (
 	"fmt"
 	"path/filepath"
 
+	"github.com/paketo-buildpacks/libpak/effect"
+	"github.com/paketo-buildpacks/libpak/sbom"
+
 	"github.com/buildpacks/libcnb"
 	"github.com/heroku/color"
 	"github.com/magiconair/properties"
@@ -37,7 +40,8 @@ const (
 )
 
 type Build struct {
-	Logger bard.Logger
+	Logger      bard.Logger
+	SBOMScanner sbom.SBOMScanner
 }
 
 func (b Build) Build(context libcnb.BuildContext) (libcnb.BuildResult, error) {
@@ -99,6 +103,13 @@ func (b Build) Build(context libcnb.BuildContext) (libcnb.BuildResult, error) {
 		libcnb.Process{Type: "web", Command: command, Direct: true, Default: true},
 	)
 
+	if b.SBOMScanner == nil {
+		b.SBOMScanner = sbom.NewSyftCLISBOMScanner(context.Layers, effect.NewExecutor(), b.Logger)
+	}
+	if err := b.SBOMScanner.ScanLaunch(context.Application.Path, libcnb.SyftJSON, libcnb.CycloneDXJSON); err != nil {
+		return libcnb.BuildResult{}, fmt.Errorf("unable to create Build SBoM \n%w", err)
+	}
+
 	return result, nil
 }
 

diff --git a/native/build_test.go b/native/build_test.go
@@ -23,6 +23,8 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/paketo-buildpacks/libpak/sbom/mocks"
+
 	"github.com/buildpacks/libcnb"
 	. "github.com/onsi/gomega"
 	"github.com/paketo-buildpacks/libpak/bard"
@@ -35,15 +37,18 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 	var (
 		Expect = NewWithT(t).Expect
 
-		ctx   libcnb.BuildContext
-		build native.Build
-		out   bytes.Buffer
+		ctx         libcnb.BuildContext
+		build       native.Build
+		out         bytes.Buffer
+		sbomScanner mocks.SBOMScanner
 	)
 
 	it.Before(func() {
 		var err error
 
 		build.Logger = bard.NewLogger(&out)
+		sbomScanner = mocks.SBOMScanner{}
+		sbomScanner.On("ScanLaunch", ctx.Application.Path, libcnb.SyftJSON, libcnb.CycloneDXJSON).Return(nil)
 
 		ctx.Application.Path, err = ioutil.TempDir("", "build-application")
 		Expect(err).NotTo(HaveOccurred())
@@ -90,6 +95,7 @@ Start-Class: test-start-class
 			libcnb.Process{Type: "task", Command: filepath.Join(ctx.Application.Path, "test-start-class"), Direct: true},
 			libcnb.Process{Type: "web", Command: filepath.Join(ctx.Application.Path, "test-start-class"), Direct: true, Default: true},
 		))
+		sbomScanner.AssertCalled(t, "ScanLaunch", ctx.Application.Path, libcnb.SyftJSON, libcnb.CycloneDXJSON)
 	})
 
 	context("BP_BOOT_NATIVE_IMAGE", func() {
@@ -122,6 +128,7 @@ Start-Class: test-start-class
 			))
 
 			Expect(out.String()).To(ContainSubstring("$BP_BOOT_NATIVE_IMAGE has been deprecated. Please use $BP_NATIVE_IMAGE instead."))
+			sbomScanner.AssertCalled(t, "ScanLaunch", ctx.Application.Path, libcnb.SyftJSON, libcnb.CycloneDXJSON)
 		})
 	})