Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add missing use-csub flag to oci collector #2424

Merged
merged 1 commit into from
Jan 9, 2025
Merged

Add missing use-csub flag to oci collector #2424

merged 1 commit into from
Jan 9, 2025

Conversation

robert-cronin
Copy link
Collaborator

@robert-cronin robert-cronin commented Jan 8, 2025
edited
Loading

Description of the PR

Fixes #2423

PR Checklist

  • All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
  • All new changes are covered by tests
  • If GraphQL schema is changed, make generate has been run
  • If GraphQL schema is changed, GraphQL client updates/additions have been made
  • If OpenAPI spec is changed, make generate has been run
  • If ent schema is changed, make generate has been run
  • If collectsub protobuf has been changed, make proto has been run
  • All CI checks are passing (tests and formatting)
  • All dependent PRs have already been merged

@robert-cronin
Copy link
Collaborator Author

Manual validation:

❯ go run cmd/guacone/main.go collect image --use-csub=false ghcr.io/guacsec/go-multi-test:7ddfb3e035b42cd70649cc33393fe32c
{"level":"info","ts":1736313693.8390496,"caller":"logging/logger.go:79","msg":"Logging at info level","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313693.839099,"caller":"cli/init.go:65","msg":"Using config file: /home/rob/go/src/guacsec/guac/guac.yaml","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313695.0066664,"caller":"oci/oci.go:254","msg":"ghcr.io/guacsec/go-multi-test:7ddfb3e035b42cd70649cc33393fe32c is manifest list with 2 platforms","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313695.0067863,"caller":"oci/oci.go:270","msg":"Fetching platform linux/arm64","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313695.006807,"caller":"oci/oci.go:285","msg":"Fetching sha256:1bc7e53e25de5c00ecaeca1473ab56bfaf4e39cea747edcf7db467389a287931 for platform linux/arm64","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313695.0068114,"caller":"oci/oci.go:270","msg":"Fetching platform linux/amd64","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313695.0068402,"caller":"oci/oci.go:285","msg":"Fetching sha256:a743268cd3c56f921f3fb706cc0425c8ab78119fd433e38bb7c5dcd5635b0d10 for platform linux/amd64","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313695.4518943,"caller":"oci/oci.go:420","msg":"unable to get manifest for ghcr.io/guacsec/go-multi-test:sha256-a743268cd3c56f921f3fb706cc0425c8ab78119fd433e38bb7c5dcd5635b0d10.att: failed to get manifest ghcr.io/guacsec/go-multi-test:sha256-a743268cd3c56f921f3fb706cc0425c8ab78119fd433e38bb7c5dcd5635b0d10.att: request failed: not found [http 404]: {\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\"}]}\n","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313695.62856,"caller":"oci/oci.go:420","msg":"unable to get manifest for ghcr.io/guacsec/go-multi-test:sha256-1bc7e53e25de5c00ecaeca1473ab56bfaf4e39cea747edcf7db467389a287931.att: failed to get manifest ghcr.io/guacsec/go-multi-test:sha256-1bc7e53e25de5c00ecaeca1473ab56bfaf4e39cea747edcf7db467389a287931.att: request failed: not found [http 404]: {\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\"}]}\n","guac-version":"v0.0.1-custom"}
{"level":"error","ts":1736313696.215383,"caller":"collector/collector.go:109","msg":"emit error: unable to ingest document: unable to ingest doc tree: unable to parse purl pkg:golang/@?type=module: purl is missing name","guac-version":"v0.0.1-custom","documentHash":"sha256_aadfbce7773de2b65884fbf874b0e50cff4e4426829f50395443af08f421bad3","stacktrace":"github.com/guacsec/guac/pkg/handler/collector.Collect\n\t/home/rob/go/src/guacsec/guac/pkg/handler/collector/collector.go:109\ngithub.heygears.com/guacsec/guac/cmd/guacone/cmd.init.func13\n\t/home/rob/go/src/guacsec/guac/cmd/guacone/cmd/oci.go:131\ngithub.heygears.com/spf13/cobra.(*Command).execute\n\t/home/rob/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:989\ngithub.heygears.com/spf13/cobra.(*Command).ExecuteC\n\t/home/rob/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:1117\ngithub.heygears.com/spf13/cobra.(*Command).Execute\n\t/home/rob/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:1041\ngithub.heygears.com/guacsec/guac/cmd/guacone/cmd.Execute\n\t/home/rob/go/src/guacsec/guac/cmd/guacone/cmd/root.go:57\nmain.main\n\t/home/rob/go/src/guacsec/guac/cmd/guacone/main.go:23\nruntime.main\n\t/home/rob/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.3.linux-amd64/src/runtime/proc.go:272"}
{"level":"error","ts":1736313696.500125,"caller":"collector/collector.go:109","msg":"emit error: unable to ingest document: unable to ingest doc tree: unable to parse purl pkg:golang/@?type=module: purl is missing name","guac-version":"v0.0.1-custom","documentHash":"sha256_9886f252864b09a8fd96c167766091438215aaee59d700420a1e7280ce27c4b8","stacktrace":"github.com/guacsec/guac/pkg/handler/collector.Collect\n\t/home/rob/go/src/guacsec/guac/pkg/handler/collector/collector.go:109\ngithub.heygears.com/guacsec/guac/cmd/guacone/cmd.init.func13\n\t/home/rob/go/src/guacsec/guac/cmd/guacone/cmd/oci.go:131\ngithub.heygears.com/spf13/cobra.(*Command).execute\n\t/home/rob/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:989\ngithub.heygears.com/spf13/cobra.(*Command).ExecuteC\n\t/home/rob/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:1117\ngithub.heygears.com/spf13/cobra.(*Command).Execute\n\t/home/rob/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:1041\ngithub.heygears.com/guacsec/guac/cmd/guacone/cmd.Execute\n\t/home/rob/go/src/guacsec/guac/cmd/guacone/cmd/root.go:57\nmain.main\n\t/home/rob/go/src/guacsec/guac/cmd/guacone/main.go:23\nruntime.main\n\t/home/rob/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.3.linux-amd64/src/runtime/proc.go:272"}
{"level":"info","ts":1736313696.981129,"caller":"oci/oci.go:346","msg":"Found 0 referrers for sha256:a743268cd3c56f921f3fb706cc0425c8ab78119fd433e38bb7c5dcd5635b0d10","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313696.9850986,"caller":"oci/oci.go:346","msg":"Found 0 referrers for sha256:1bc7e53e25de5c00ecaeca1473ab56bfaf4e39cea747edcf7db467389a287931","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313697.2026038,"caller":"oci/oci.go:420","msg":"unable to get manifest for ghcr.io/guacsec/go-multi-test:sha256-534035553d1270a98dab3512fde0987e7709ec6b878c8fd60fdaf0d8e1611979.att: failed to get manifest ghcr.io/guacsec/go-multi-test:sha256-534035553d1270a98dab3512fde0987e7709ec6b878c8fd60fdaf0d8e1611979.att: request failed: not found [http 404]: {\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\"}]}\n","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313697.8926206,"caller":"helpers/bulk.go:47","msg":"assembling Package: 4","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.894372,"caller":"helpers/bulk.go:63","msg":"assembling Source: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8948076,"caller":"helpers/bulk.go:73","msg":"assembling Artifact: 4","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.895351,"caller":"helpers/bulk.go:88","msg":"assembling Materials (Artifact): 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8957531,"caller":"helpers/bulk.go:97","msg":"assembling Builder: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8961594,"caller":"helpers/bulk.go:106","msg":"assembling Vulnerability: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.896593,"caller":"helpers/bulk.go:115","msg":"assembling Licenses: 1","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.896975,"caller":"helpers/bulk.go:122","msg":"assembling CertifyScorecard: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.896991,"caller":"helpers/bulk.go:128","msg":"assembling IsDependency: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8970008,"caller":"helpers/bulk.go:137","msg":"assembling IsOccurrence: 4","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8979814,"caller":"helpers/bulk.go:146","msg":"assembling HasSLSA: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8979964,"caller":"helpers/bulk.go:152","msg":"assembling CertifyVuln: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8980029,"caller":"helpers/bulk.go:158","msg":"assembling VulnMetadata: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.898011,"caller":"helpers/bulk.go:164","msg":"assembling VulnEqual: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.898017,"caller":"helpers/bulk.go:170","msg":"assembling HasSourceAt: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.898023,"caller":"helpers/bulk.go:176","msg":"assembling CertifyBad: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8980296,"caller":"helpers/bulk.go:182","msg":"assembling CertifyGood: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8980439,"caller":"helpers/bulk.go:188","msg":"assembling PointOfContact: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8980565,"caller":"helpers/bulk.go:194","msg":"assembling HasMetadata: 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8980668,"caller":"helpers/bulk.go:200","msg":"assembling HasSBOM: 1","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8986592,"caller":"helpers/bulk.go:211","msg":"assembling VEX : 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.8986762,"caller":"helpers/bulk.go:217","msg":"assembling HashEqual : 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.898687,"caller":"helpers/bulk.go:223","msg":"assembling PkgEqual : 0","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.898697,"caller":"helpers/bulk.go:229","msg":"assembling CertifyLegal : 4","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313697.9000442,"caller":"ingestor/ingestor.go:80","msg":"[10.227778ms] completed doc {Collector:OCICollector Source:ghcr.io/guacsec/go-multi-test:sha256-534035553d1270a98dab3512fde0987e7709ec6b878c8fd60fdaf0d8e1611979.sbom DocumentRef:sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d}","guac-version":"v0.0.1-custom","documentHash":"sha256_64704ff72bb6bdc4eb8d0aa0977745da1b6fc61c2add64b5d7a60064225c3a2d"}
{"level":"info","ts":1736313698.321642,"caller":"oci/oci.go:346","msg":"Found 0 referrers for ","guac-version":"v0.0.1-custom"}
{"level":"info","ts":1736313698.3216896,"caller":"cmd/oci.go:125","msg":"collector ended gracefully","guac-version":"v0.0.1-custom"}
{"level":"fatal","ts":1736313698.3217008,"caller":"cmd/oci.go:136","msg":"completed ingestion with errors","guac-version":"v0.0.1-custom","stacktrace":"github.com/guacsec/guac/cmd/guacone/cmd.init.func13\n\t/home/rob/go/src/guacsec/guac/cmd/guacone/cmd/oci.go:136\ngithub.heygears.com/spf13/cobra.(*Command).execute\n\t/home/rob/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:989\ngithub.heygears.com/spf13/cobra.(*Command).ExecuteC\n\t/home/rob/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:1117\ngithub.heygears.com/spf13/cobra.(*Command).Execute\n\t/home/rob/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:1041\ngithub.heygears.com/guacsec/guac/cmd/guacone/cmd.Execute\n\t/home/rob/go/src/guacsec/guac/cmd/guacone/cmd/root.go:57\nmain.main\n\t/home/rob/go/src/guacsec/guac/cmd/guacone/main.go:23\nruntime.main\n\t/home/rob/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.3.linux-amd64/src/runtime/proc.go:272"}
exit status 1

mihaimaruseac
mihaimaruseac approved these changes Jan 8, 2025
View reviewed changes
Copy link
Collaborator

@mihaimaruseac mihaimaruseac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but you need to amend the commit for DCO

@robert-cronin
Add missing use-csub flag to oci collector
88f9884 
Signed-off-by: robert-cronin <robert.owen.cronin@gmail.com>
@robert-cronin robert-cronin force-pushed the fix/use-csub-flag-missing-oci-collector branch from 61a82f7 to 88f9884 Compare January 8, 2025 22:13
@kodiakhq kodiakhq bot merged commit 2d684f0 into guacsec:main Jan 9, 2025
8 checks passed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@pxp928 pxp928 pxp928 approved these changes

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

@jeffmendoza jeffmendoza Awaiting requested review from jeffmendoza jeffmendoza is a code owner

Assignees
No one assigned
Labels
size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[bug] use-csub flag missing from OCI Collector
3 participants
@robert-cronin @mihaimaruseac @pxp928