KubeArmor icon indicating copy to clipboard operation
KubeArmor copied to clipboard

Published 20 hours ago verified publisher icon kubearmor

feat: generate SBOM during KubeArmor release

Open sandipanpanda opened this issue 10 months ago • 1 comments

Purpose of PR?:

Generate Software Bill of Materials (SBOM) using Kubernetes bom during KubeArmor release. Automate SBOM generation.

This checks the SBOM check of KubeArmor under Security tab on CLOMonitor and increase the CLOMonitor score of KubeArmor.

Ref KubeArmor Security

Next step: We can scan the generated SBOM for vulnerabilities using Trivy.

Does this PR introduce a breaking change? No

If the changes in this PR are manually verified, list down the scenarios covered::

Additional information for reviewer? : Mention if this PR is part of any design or a continuation of previous PRs

Checklist:

  • [ ] Bug fix. Fixes #
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] This change requires a documentation update
  • [x] PR Title follows the convention of <type>(<scope>): <subject>
  • [ ] Commit has unit tests
  • [ ] Commit has integration tests

sandipanpanda avatar Apr 22 '24 14:04 sandipanpanda

Hey @sandipanpanda,

Thanks for the PR 🙌🏽 Looks in the right direction. Can we handle this for all the kubearmor images? (operator,snitch and controller) Ref

1. https://github.com/kubearmor/KubeArmor/blob/main/.github/workflows/ci-operator-release.yaml

2. https://github.com/kubearmor/KubeArmor/blob/688d9e83d5cd62118ed79773a76d77aeb2f3f597/.github/workflows/ci-latest-release.yml#L211

Hi @daemon1024, thanks for pointing that out. Yes, this is doable.

sandipanpanda avatar Apr 22 '24 20:04 sandipanpanda