@@ -104,6 +104,7 @@ def main():
104104
105105
106106def scan_image (secobserve_api_token : str , image : str , product_name : str , product_version : str ) -> None :
107+ mode = "sbom"
107108 extract_sbom_cmd = [
108109 "cosign" ,
109110 "verify-attestation" ,
@@ -118,15 +119,19 @@ def scan_image(secobserve_api_token: str, image: str, product_name: str, product
118119 print (" " .join (extract_sbom_cmd ))
119120
120121 result = subprocess .run (extract_sbom_cmd , stdout = subprocess .PIPE , stderr = subprocess .PIPE )
121- cosign_output = json .loads (result .stdout .decode ('utf-8' ))
122- payload = base64 .b64decode (cosign_output ["payload" ]).decode ('utf-8' )
123- sbom = json .loads (payload )["predicate" ]
124- with open ("/tmp/stackable/bom.json" , "w" ) as f :
125- json .dump (sbom , f )
122+ if result .returncode == 0 :
123+ cosign_output = json .loads (result .stdout .decode ('utf-8' ))
124+ payload = base64 .b64decode (cosign_output ["payload" ]).decode ('utf-8' )
125+ sbom = json .loads (payload )["predicate" ]
126+ with open ("/tmp/stackable/bom.json" , "w" ) as f :
127+ json .dump (sbom , f )
128+ else :
129+ print ("No SBOM found, falling back to image mode" )
130+ mode = "image" # fallback to image mode if no SBOM is available
126131
127132 # Run Trivy
128133 env = {}
129- env ["TARGET" ] = "/tmp/bom.json"
134+ env ["TARGET" ] = image if mode == "image" else "/tmp/bom.json"
130135 env ["SO_UPLOAD" ] = "true"
131136 env ["SO_PRODUCT_NAME" ] = product_name
132137 env ["SO_API_BASE_URL" ] = "https://secobserve-backend.stackable.tech"
@@ -140,7 +145,7 @@ def scan_image(secobserve_api_token: str, image: str, product_name: str, product
140145 "docker" ,
141146 "run" ,
142147 "--entrypoint" ,
143- "/entrypoints/entrypoint_trivy_sbom .sh" ,
148+ "/entrypoints/entrypoint_trivy_" + mode + " .sh" ,
144149 "-v" ,
145150 "/tmp/stackable:/tmp" ,
146151 "-v" ,
@@ -165,7 +170,7 @@ def scan_image(secobserve_api_token: str, image: str, product_name: str, product
165170 "docker" ,
166171 "run" ,
167172 "--entrypoint" ,
168- "/entrypoints/entrypoint_grype_sbom .sh" ,
173+ "/entrypoints/entrypoint_grype_" + mode + " .sh" ,
169174 "-v" ,
170175 "/tmp/stackable:/tmp" ,
171176 "-v" ,
0 commit comments