feat: add large SBOM generation configuration and enhance encoder settings for CycloneDX and SPDX formats

2 weeks ago · eba48ba9d2
parent 31dc693589
commit eba48ba9d2
2 changed files with 49 additions and 8 deletions
--- a/examples/hcl/sbom-test/large-sbom.pkr.hcl
+++ b/examples/hcl/sbom-test/large-sbom.pkr.hcl
@ -0,0 +1,43 @@
+packer {
+  required_plugins {
+    docker = {
+      source  = "github.com/hashicorp/docker"
+      version = ">= 1.0.0"
+    }
+  }
+}
+
+variable "hcp_bucket_name" {
+  type        = string
+  default     = "sbom-bucket-test"
+  description = "HCP Packer bucket name."
+}
+
+variable "image_name" {
+  type        = string
+  default = "localhost:5000/huge-sbom-image"
+  description = "Docker image to build from for large SBOM generation."
+}
+
+source "docker" "ubuntu" {
+  image  = var.image_name
+  commit = true
+}
+
+build {
+  name    = "sbom-test"
+  sources = ["source.docker.ubuntu"]
+
+  hcp_packer_registry {
+    bucket_name = var.hcp_bucket_name
+  }
+
+  provisioner "hcp-sbom" {
+    auto_generate = true
+    scan_path     = "/"
+    destination   = "./sbom"
+    sbom_name     = "auto-sbom"
+    scanner_args  = ["-o", "spdx-json"]
+    execute_command = "chmod +x {{.Path}} && {{.Path}} sbom-generate {{.Args}} {{.ScanPath}} > {{.Output}}"
+  }
+}
--- a/internal/sbom/generator_syft.go
+++ b/internal/sbom/generator_syft.go
@ -62,11 +62,10 @@ func (g *Generator) Generate(ctx context.Context) ([]byte, error) {
 func (g *Generator) encodeToFormat(sbomData *sbom.SBOM) ([]byte, error) {
 	switch g.config.Format {
 	case FormatCycloneDX:
+		cycloneCfg := cyclonedxjson.DefaultEncoderConfig()
+		cycloneCfg.Pretty = true
 		encoder, err := cyclonedxjson.NewFormatEncoderWithConfig(
-			cyclonedxjson.EncoderConfig{
-				Version: "1.5",
-				Pretty:  true,
-			},
+			cycloneCfg,
 		)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create CycloneDX encoder: %w", err)
@ -74,11 +73,10 @@ func (g *Generator) encodeToFormat(sbomData *sbom.SBOM) ([]byte, error) {
 		return format.Encode(*sbomData, encoder)

 	case FormatSPDX:
+		spdxCfg := spdxjson.DefaultEncoderConfig()
+		spdxCfg.Pretty = true
 		encoder, err := spdxjson.NewFormatEncoderWithConfig(
-			spdxjson.EncoderConfig{
-				Version: "2.3",
-				Pretty:  true,
-			},
+			spdxCfg,
 		)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create SPDX encoder: %w", err)