Skip to content

Commit

Permalink
Merge pull request #1190 from zregvart/issue/EC-931
Browse files Browse the repository at this point in the history 
SBOM loading optimization
  • Loading branch information
@lcarva
lcarva authored Oct 16, 2024
2 parents ffd2d49 + 3e33195 commit c352863
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 7 deletions.
7 changes: 2 additions & 5 deletions policy/lib/sbom/sbom.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,18 +39,15 @@ _cyclonedx_sboms_from_oci := [sbom |
sbom.bomFormat == "CycloneDX"
]

default spdx_sboms := []

spdx_sboms := sboms if {
sboms := array.concat(_spdx_sboms_from_attestations, _spdx_sboms_from_oci)
count(sboms) > 0
} else := _spdx_sboms_from_image

default _spdx_sboms_from_image := []

_spdx_sboms_from_image := [sbom] if {
sbom := input.image.files[_sbom_spdx_image_path]
} else := [sbom] if {
input.image.config.Labels.vendor == "Red Hat, Inc."
sbom := ec.oci.image_files(input.image.ref, [_sbom_spdx_image_path])[_sbom_spdx_image_path]
}

_spdx_sboms_from_attestations := [statement.predicate |
Expand Down
4 changes: 2 additions & 2 deletions policy/lib/sbom/sbom_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,9 @@ test_cyclonedx_sboms_fallback_live_fetch if {
with ec.oci.image_files as mock_ec_oci_image_files(sbom._sbom_cyclonedx_image_path)
}

test_spdx_sboms_fallback_live_fetch if {
test_spdx_sboms_fallback__no_live_fetch if {
image := json.remove(_spdx_image, ["files"])
expected := [{"sbom": "from live image"}]
expected := []
lib.assert_equal(sbom.spdx_sboms, expected) with input.attestations as []
with input.image as image
with ec.oci.blob as mock_ec_oci_spdx_blob
Expand Down

0 comments on commit c352863

Please sign in to comment.