⭐️ collect running kernel in sbom (#3616)

mondoohq · Mar 21, 2024 · 55d6b18 · 55d6b18
1 parent 692d02f
commit 55d6b18
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 5 deletions.
diff --git a/sbom/report_collection.go b/sbom/report_collection.go
@@ -53,11 +53,18 @@ type BomPackage struct {
 	FilePaths []string `json:"files.map,omitempty"`
 }
 
+type KernelInstalled struct {
+	Name    string
+	Running bool
+	Version string
+}
+
 type BomReport struct {
-	Asset          *BomAsset    `json:"asset,omitempty"`
-	Packages       []BomPackage `json:"packages.list,omitempty"`
-	PythonPackages []BomPackage `json:"python.packages,omitempty"`
-	NpmPackages    []BomPackage `json:"npm.packages.list,omitempty"`
+	Asset           *BomAsset         `json:"asset,omitempty"`
+	Packages        []BomPackage      `json:"packages.list,omitempty"`
+	PythonPackages  []BomPackage      `json:"python.packages,omitempty"`
+	NpmPackages     []BomPackage      `json:"npm.packages.list,omitempty"`
+	KernelInstalled []KernelInstalled `json:"kernel.installed,omitempty"`
 }
 
 func (b *BomReport) ToJSON() ([]byte, error) {

diff --git a/sbom/sbom.go b/sbom/sbom.go
@@ -23,6 +23,8 @@ import (
 //go:embed sbom.mql.yaml
 var sbomQueryPack []byte
 
+var LABEL_KERNEL_RUNNING = "mondoo.com/os/kernel-running"
+
 func QueryPack() (*explorer.Bundle, error) {
 	return explorer.BundleFromYAML(sbomQueryPack)
 }
@@ -87,6 +89,21 @@ func GenerateBom(r *ReportCollectionJson) ([]Sbom, error) {
 				bom.Asset.Platform.Labels = rb.Asset.Labels
 				bom.Asset.PlatformIds = enrichPlatformIds(rb.Asset.IDs)
 			}
+
+			if bom.Asset == nil {
+				bom.Asset = &Asset{}
+			}
+			if bom.Asset.Labels == nil {
+				bom.Asset.Labels = map[string]string{}
+			}
+
+			// store version of running kernel
+			for _, kernel := range rb.KernelInstalled {
+				if kernel.Running {
+					bom.Asset.Labels[LABEL_KERNEL_RUNNING] = kernel.Version
+				}
+			}
+
 			if rb.Packages != nil {
 				for _, pkg := range rb.Packages {
 					bomPkg := &Package{

diff --git a/sbom/sbom.mql.yaml b/sbom/sbom.mql.yaml
@@ -18,4 +18,10 @@ packs:
         mql: python.packages { name version purl cpes.map(uri) file.path }
       - uid: mondoo-sbom-npm-packages
         title: Retrieve list of installed npm packages
-        mql: npm.packages { name version purl cpes.map(uri) files.map(path) }
+        mql: npm.packages { name version purl cpes.map(uri) files.map(path) }
+      - uid: mondoo-sbom-kernel-installed
+        filters:
+          - asset.family.contains('linux')
+          - asset.runtime != 'container' && asset.kind != 'container' && asset.kind != 'container-image'
+        title: Retrieve information about the installed kernel
+        mql: kernel.installed