Track processed images via Annotations #18

ckotzbauer · 2022-01-26T06:01:15Z

Currently with git as the only target it is possible to only analyze images with digests which are not available in the git-repository yet.
With additional targets (e.g. Depdency Track) this is not (easy) possible anymore.

Suggestion:

Add annotations to pods for each container-image which already has been processed

annotations:
  ckotzbauer.sbom-operator.io/<containername>: <containerdigest>

A container-image would be analyzed when the annotation for a particular container of the pod is missing or the digest differs from the current container-digest. To force a single image the annotation can be removed manually.

Add a operator-flag --ignore-annotations to force analysis for all images (in case that there is a new target configured which has to be populated for the first time). After that the flag has to be removed.

/kind feature

The text was updated successfully, but these errors were encountered:

ref: #18 Signed-off-by: Christian Kotzbauer <[email protected]>

github-actions bot added the kind/feature Categorizes issue or PR as related to a new feature. label Jan 26, 2022

ckotzbauer added a commit that referenced this issue Jan 27, 2022

feat: track process with annotations

ed59b5a

ref: #18 Signed-off-by: Christian Kotzbauer <[email protected]>

ckotzbauer added a commit that referenced this issue Jan 28, 2022

feat: add ignore-annotations flag

a93d296

ref: #18 Signed-off-by: Christian Kotzbauer <[email protected]>

ckotzbauer closed this as completed Jan 28, 2022

derkoe mentioned this issue Jan 30, 2022

The ClusterRole is missing pod get and update #24

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Track processed images via Annotations #18

Track processed images via Annotations #18

ckotzbauer commented Jan 26, 2022

Track processed images via Annotations #18

Track processed images via Annotations #18

Comments

ckotzbauer commented Jan 26, 2022