sbom: fix inconsistencies in sbom protocol

Since we construct the args for the image based on the Entrypoint + Cmd, we shouldn't error out early if no Cmd is set, but only if neither Entrypoint or Cmd are set. Additionally, we should avoid setting BUILDKIT_SCAN_SOURCE_EXTRAS if no extras have been specified. Signed-off-by: Justin Chadwell <me@jedevc.com>
moby · Nov 18, 2022 · 081d4ed · 081d4ed
1 parent f771330
commit 081d4ed
Showing 1 changed file with 13 additions and 9 deletions.
diff --git a/frontend/attest/sbom.go b/frontend/attest/sbom.go
@@ -38,25 +38,29 @@ func CreateSBOMScanner(ctx context.Context, resolver llb.ImageMetaResolver, scan
 	if err := json.Unmarshal(dt, &cfg); err != nil {
 		return nil, err
 	}
-	if len(cfg.Config.Cmd) == 0 {
+	var args []string
+	args = append(args, cfg.Config.Entrypoint...)
+	args = append(args, cfg.Config.Cmd...)
+	if len(args) == 0 {
 		return nil, errors.Errorf("scanner %s does not have cmd", scanner)
 	}
 
 	return func(ctx context.Context, name string, ref llb.State, extras map[string]llb.State) (result.Attestation, llb.State, error) {
 		srcDir := "/run/src/"
 		outDir := "/run/out/"
 
-		args := []string{}
-		args = append(args, cfg.Config.Entrypoint...)
-		args = append(args, cfg.Config.Cmd...)
-		runscan := llb.Image(scanner).Run(
+		opts := []llb.RunOption{
 			llb.Dir(cfg.Config.WorkingDir),
-			llb.AddEnv("BUILDKIT_SCAN_SOURCE", path.Join(srcDir, "core")),
-			llb.AddEnv("BUILDKIT_SCAN_SOURCE_EXTRAS", path.Join(srcDir, "extras/")),
-			llb.AddEnv("BUILDKIT_SCAN_DESTINATION", outDir),
 			llb.Args(args),
-			llb.WithCustomName(fmt.Sprintf("[%s] generating sbom using %s", name, scanner)))
+			llb.WithCustomName(fmt.Sprintf("[%s] generating sbom using %s", name, scanner)),
+			llb.AddEnv("BUILDKIT_SCAN_DESTINATION", outDir),
+			llb.AddEnv("BUILDKIT_SCAN_SOURCE", path.Join(srcDir, "core")),
+		}
+		if len(extras) > 0 {
+			opts = append(opts, llb.AddEnv("BUILDKIT_SCAN_SOURCE_EXTRAS", path.Join(srcDir, "extras/")))
+		}
 
+		runscan := llb.Image(scanner).Run(opts...)
 		runscan.AddMount(path.Join(srcDir, "core"), ref, llb.Readonly)
 		for k, extra := range extras {
 			runscan.AddMount(path.Join(srcDir, "extras", k), extra, llb.Readonly)