-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbuild-sbom.py
executable file
·59 lines (49 loc) · 1.6 KB
/
build-sbom.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/usr/bin/env python
import docker
import json
import os
import uuid
from esbulkstream import Documents
def main():
cwd = os.getcwd()
docker_client = docker.from_env()
es = Documents('sbom')
with open("top-containers.json") as fh:
container_names = json.load(fh)['containers']
for c in container_names:
print("Scanning %s" % c)
if c == "elasticsearch":
c = "elasticsearch:8.1.2"
elif c == "logstash":
c = "logstash:8.1.2"
elif c == "kibana":
c = "kibana:8.1.2"
elif c == "jenkins":
c = "jenkins:2.60.3"
elif c == "oraclelinux":
c = "oraclelinux:8"
elif c == "opensuse":
continue
elif c == "ubuntu-debootstrap":
continue
elif c == "notary":
c = "notary:signer"
elif c == "docker-dev":
continue
elif c == "ibm-semeru-runtimes":
c = "ibm-semeru-runtimes:open-8u322-b06-jre-centos7"
elif c == "scratch":
continue
elif c == "clefos":
# Syft doesn't like this image, just skip it
continue
else:
c = f"{c}:latest"
docker_client.images.pull(c)
output = docker_client.containers.run("anchore/syft", \
"-o json --file /SBOMs/%s.json packages docker:%s" % (c, c), \
auto_remove=True, \
environment=["SYFT_FILE_METADATA_CATALOGER_ENABLED=true"], \
volumes=[f"{cwd}/SBOMs:/SBOMs", "/var/run/docker.sock:/var/run/docker.sock"])
if __name__ == "__main__":
main()