From 55d6b1899494789414941dbe5ceb9a76eaf64c80 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Thu, 21 Mar 2024 11:29:21 +0100 Subject: [PATCH] =?UTF-8?q?=E2=AD=90=EF=B8=8F=20collect=20running=20kernel?= =?UTF-8?q?=20in=20sbom=20(#3616)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sbom/report_collection.go | 15 +++++++++++---- sbom/sbom.go | 17 +++++++++++++++++ sbom/sbom.mql.yaml | 8 +++++++- 3 files changed, 35 insertions(+), 5 deletions(-) diff --git a/sbom/report_collection.go b/sbom/report_collection.go index 818c325dba..08632ba65e 100644 --- a/sbom/report_collection.go +++ b/sbom/report_collection.go @@ -53,11 +53,18 @@ type BomPackage struct { FilePaths []string `json:"files.map,omitempty"` } +type KernelInstalled struct { + Name string + Running bool + Version string +} + type BomReport struct { - Asset *BomAsset `json:"asset,omitempty"` - Packages []BomPackage `json:"packages.list,omitempty"` - PythonPackages []BomPackage `json:"python.packages,omitempty"` - NpmPackages []BomPackage `json:"npm.packages.list,omitempty"` + Asset *BomAsset `json:"asset,omitempty"` + Packages []BomPackage `json:"packages.list,omitempty"` + PythonPackages []BomPackage `json:"python.packages,omitempty"` + NpmPackages []BomPackage `json:"npm.packages.list,omitempty"` + KernelInstalled []KernelInstalled `json:"kernel.installed,omitempty"` } func (b *BomReport) ToJSON() ([]byte, error) { diff --git a/sbom/sbom.go b/sbom/sbom.go index 8eaebdfb69..02cba2ef7b 100644 --- a/sbom/sbom.go +++ b/sbom/sbom.go @@ -23,6 +23,8 @@ import ( //go:embed sbom.mql.yaml var sbomQueryPack []byte +var LABEL_KERNEL_RUNNING = "mondoo.com/os/kernel-running" + func QueryPack() (*explorer.Bundle, error) { return explorer.BundleFromYAML(sbomQueryPack) } @@ -87,6 +89,21 @@ func GenerateBom(r *ReportCollectionJson) ([]Sbom, error) { bom.Asset.Platform.Labels = rb.Asset.Labels bom.Asset.PlatformIds = enrichPlatformIds(rb.Asset.IDs) } + + if bom.Asset == nil { + bom.Asset = &Asset{} + } + if bom.Asset.Labels == nil { + bom.Asset.Labels = map[string]string{} + } + + // store version of running kernel + for _, kernel := range rb.KernelInstalled { + if kernel.Running { + bom.Asset.Labels[LABEL_KERNEL_RUNNING] = kernel.Version + } + } + if rb.Packages != nil { for _, pkg := range rb.Packages { bomPkg := &Package{ diff --git a/sbom/sbom.mql.yaml b/sbom/sbom.mql.yaml index 759cd60553..e8e0473448 100644 --- a/sbom/sbom.mql.yaml +++ b/sbom/sbom.mql.yaml @@ -18,4 +18,10 @@ packs: mql: python.packages { name version purl cpes.map(uri) file.path } - uid: mondoo-sbom-npm-packages title: Retrieve list of installed npm packages - mql: npm.packages { name version purl cpes.map(uri) files.map(path) } \ No newline at end of file + mql: npm.packages { name version purl cpes.map(uri) files.map(path) } + - uid: mondoo-sbom-kernel-installed + filters: + - asset.family.contains('linux') + - asset.runtime != 'container' && asset.kind != 'container' && asset.kind != 'container-image' + title: Retrieve information about the installed kernel + mql: kernel.installed