Send SBOM w/ xeol.io event (#83)

Signed-off-by: Benji Visser <benji@093b.org>
xeol-io · Jul 25, 2023 · f9638b7 · f9638b7
1 parent 4d68006
commit f9638b7
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/cmd/root.go b/cmd/root.go
@@ -1,13 +1,17 @@
 package cmd
 
 import (
+	"bytes"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"os"
 	"sync"
 	"time"
 
+	"github.com/CycloneDX/cyclonedx-go"
 	"github.com/anchore/stereoscope"
+	"github.com/anchore/syft/syft/formats/common/cyclonedxhelpers"
 	"github.com/anchore/syft/syft/sbom"
 	"github.com/anchore/syft/syft/source"
 	"github.com/spf13/cobra"
@@ -322,12 +326,21 @@ func startWorker(userInput string, failOnEolFound bool, eolMatchDate time.Time)
 		}
 
 		if appConfig.APIKey != "" {
+			buf := new(bytes.Buffer)
+			bom := cyclonedxhelpers.ToFormatModel(*sbom)
+			enc := cyclonedx.NewBOMEncoder(buf, cyclonedx.BOMFileFormatJSON)
+			if err := enc.Encode(bom); err != nil {
+				errs <- fmt.Errorf("failed to encode sbom: %w", err)
+				return
+			}
+
 			if err := x.SendEvent(report.XeolEventPayload{
 				Matches:   allMatches.Sorted(),
 				Packages:  packages,
 				Context:   pkgContext,
 				AppConfig: appConfig,
 				ImageName: sbom.Source.ImageMetadata.UserInput,
+				Sbom:      base64.StdEncoding.EncodeToString(buf.Bytes()),
 			}); err != nil {
 				errs <- fmt.Errorf("failed to send eol event: %w", err)
 				return

diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module github.com/xeol-io/xeol
 go 1.18
 
 require (
+	github.com/CycloneDX/cyclonedx-go v0.7.1
 	github.com/Masterminds/semver v1.5.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/adrg/xdg v0.4.0
@@ -56,7 +57,6 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v0.13.0 // indirect
 	cloud.google.com/go/storage v1.28.1 // indirect
-	github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect
 	github.com/DataDog/zstd v1.4.5 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect

diff --git a/xeol/report/model.go b/xeol/report/model.go
@@ -11,4 +11,5 @@ type XeolEventPayload struct {
 	Context   pkg.Context
 	AppConfig interface{}
 	ImageName string
+	Sbom      string
 }