Skip to content

Commit

Permalink
Merge pull request #3408 from jedevc/dockerfile-sbom-reachable
Browse files Browse the repository at this point in the history 
dockerfile: collect all dependencies as extra scan targets
  • Loading branch information
@jedevc
jedevc authored Dec 14, 2022
2 parents 0cdcfd6 + 1b0587e commit 20334fd
Showing 1 changed file with 15 additions and 6 deletions.
21 changes: 15 additions & 6 deletions frontend/dockerfile/dockerfile2llb/convert.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,15 +103,10 @@ func Dockerfile2LLB(ctx context.Context, dt []byte, opt ConvertOpt) (*llb.State,
if ds.scanContext {
sbom.Extras["context"] = ds.opt.buildContext
}
for dsi := ds; dsi != nil; dsi = dsi.base {
for _, dsi := range findReachable(ds) {
if ds != dsi && dsi.scanStage {
sbom.Extras[dsi.stageName] = dsi.state
}
for dsi2 := range dsi.deps {
if dsi2.scanStage {
sbom.Extras[dsi2.stageName] = dsi2.state
}
}
}

return &ds.state, &ds.image, &sbom, nil
Expand Down Expand Up @@ -1536,6 +1531,20 @@ func isReachable(from, to *dispatchState) (ret bool) {
return false
}

func findReachable(from *dispatchState) (ret []*dispatchState) {
if from == nil {
return nil
}
ret = append(ret, from)
if from.base != nil {
ret = append(ret, findReachable(from.base)...)
}
for d := range from.deps {
ret = append(ret, findReachable(d)...)
}
return ret
}

func hasCircularDependency(states []*dispatchState) (bool, *dispatchState) {
var visit func(state *dispatchState) bool
if states == nil {
Expand Down

0 comments on commit 20334fd

Please sign in to comment.