Skip to content

feat: native sbom generation for hcp #13566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
anurag5sh merged 31 commits into from
Mar 25, 2026
Merged

feat: native sbom generation for hcp #13566

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
7e03d63
add configuration fields to SBOMInternalProvisioner
anurag5sh Feb 25, 2026
0929f45
add os detection
anurag5sh Feb 25, 2026
520e8dd
move implementation to hcp-sbom
anurag5sh Feb 25, 2026
6bc7512
upload scanner binary and execute
anurag5sh Feb 25, 2026
a1952c2
use latest syft version always
anurag5sh Mar 9, 2026
cb2e4c0
reduce duplicate code
anurag5sh Mar 9, 2026
ad5aa85
rename config fields appropriately
anurag5sh Mar 10, 2026
e6b94f1
default to cyclonedx
anurag5sh Mar 10, 2026
07c4634
add syft dependency
anurag5sh Mar 10, 2026
b3c29ac
add support for elevated user for windows
anurag5sh Mar 14, 2026
cf39b3f
add retry for download
anurag5sh Mar 14, 2026
587d2fb
add syft dependency
anurag5sh Mar 14, 2026
c939d19
optimization for windows
anurag5sh Mar 16, 2026
08bbd98
improve docs
anurag5sh Mar 16, 2026
ba617b2
update config usage rules
anurag5sh Mar 16, 2026
2bbe514
Merge branch 'main' into anurag/native_sbom
anurag5sh Mar 17, 2026
aa53af0
add unit tests
anurag5sh Mar 17, 2026
e6781c9
update golang version, fix linter issues
anurag5sh Mar 17, 2026
2ce644b
refactor and improvements
anurag5sh Mar 18, 2026
79d6e3f
simplify few lines
anurag5sh Mar 18, 2026
b7f4440
refactor retry for scanner download
anurag5sh Mar 20, 2026
cc19bb7
resolved conflicts
anurag5sh Mar 20, 2026
6f79ca2
resolve conflicts from main
anurag5sh Mar 20, 2026
5e2a9e0
Merge branch 'main' into anurag/native_sbom
anurag5sh Mar 20, 2026
04cae0d
stick to syft v1 for compatibility
anurag5sh Mar 23, 2026
be3138e
fix lint issues
anurag5sh Mar 23, 2026
30b154d
stricter version check for syft
anurag5sh Mar 23, 2026
9a254de
fix version eg
anurag5sh Mar 24, 2026
c7c162a
update go version to 1.25.7
anurag5sh Mar 24, 2026
11cec3c
Merge branch 'main' into anurag/native_sbom
anurag5sh Mar 24, 2026
b1c06de
go mod changes
anurag5sh Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .go-version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.24.0
1.25.7
12 changes: 9 additions & 3 deletions .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# Copyright IBM Corp. 2013, 2025
# SPDX-License-Identifier: BUSL-1.1

version: 2

issues:
# List of regexps of issue texts to exclude, empty list by default.
# But independently from this option we use default exclude patterns,
Expand Down Expand Up @@ -34,15 +36,17 @@ linters:
disable-all: true
enable:
- errcheck
- goimports
- gosimple
- govet
- ineffassign
- staticcheck
- unconvert
- unused
fast: true

formatters:
enable:
- goimports

# options for analysis running
run:
# default concurrency is a available CPU number
Expand Down Expand Up @@ -94,7 +98,9 @@ run:
# output configuration options
output:
# colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
format: colored-line-number
formats:
colored-line-number:
path: stdout

# print lines of code with issue, default is true
print-issued-lines: true
Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ install-gen-deps: ## Install dependencies for code generation

install-lint-deps: ## Install linter dependencies
@echo "==> Updating linter dependencies..."
@curl -sSfL -q https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.64.8
@curl -sSfL -q https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v2.11.3

dev: ## Build and install a development build
@grep 'const VersionPrerelease = ""' version/version.go > /dev/null ; if [ $$? -eq 0 ]; then \
Expand Down
279 changes: 222 additions & 57 deletions go.mod
View file
Open in desktop

Large diffs are not rendered by default.

1,171 changes: 1,050 additions & 121 deletions go.sum
View file
Open in desktop

Large diffs are not rendered by default.

20 changes: 16 additions & 4 deletions packer/provisioner.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,13 @@ import (
"fmt"
"log"
"os"
"time"

hcpSbomProvisioner "github.com/hashicorp/packer/provisioner/hcp-sbom"

hcpPackerModels "github.com/hashicorp/hcp-sdk-go/clients/cloud-packer-service/stable/2023-01-01/models"
"github.com/klauspost/compress/zstd"

"time"

"github.com/hashicorp/hcl/v2/hcldec"
packersdk "github.com/hashicorp/packer-plugin-sdk/packer"
"github.com/hashicorp/packer-plugin-sdk/packerbuilderdata"
Expand Down Expand Up @@ -254,8 +253,15 @@ type SBOMInternalProvisioner struct {
SBOMName string
}

func (p *SBOMInternalProvisioner) ConfigSpec() hcldec.ObjectSpec { return p.ConfigSpec() }
func (p *SBOMInternalProvisioner) FlatConfig() interface{} { return p.FlatConfig() }
func (p *SBOMInternalProvisioner) ConfigSpec() hcldec.ObjectSpec { return p.Provisioner.ConfigSpec() }
func (p *SBOMInternalProvisioner) FlatConfig() interface{} {
// Try to delegate to inner provisioner if it implements FlatConfig
if fc, ok := p.Provisioner.(interface{ FlatConfig() interface{} }); ok {
return fc.FlatConfig()
}
return nil
}

func (p *SBOMInternalProvisioner) Prepare(raws ...interface{}) error {
return p.Provisioner.Prepare(raws...)
}
Expand All @@ -264,6 +270,7 @@ func (p *SBOMInternalProvisioner) Provision(
ctx context.Context, ui packersdk.Ui, comm packersdk.Communicator,
generatedData map[string]interface{},
) error {
// Original implementation - all logic now in hcp-sbom provisioner
cwd, err := os.Getwd()
if err != nil {
return fmt.Errorf("failed to get current working directory for Packer SBOM: %s", err)
Expand Down Expand Up @@ -297,6 +304,11 @@ func (p *SBOMInternalProvisioner) Provision(
if err != nil {
return fmt.Errorf("failed to open Packer SBOM file %q: %s", tmpFileName, err)
}
defer func() {
if err := packerSbom.Close(); err != nil {
log.Printf("[WARN] Failed to close Packer SBOM file: %s", err)
}
}()

provisionerOut := &hcpSbomProvisioner.PackerSBOM{}
err = json.NewDecoder(packerSbom).Decode(provisionerOut)
Expand Down
Loading
Loading