From 3af5722b5198f70fa133fc358860aef1430690e9 Mon Sep 17 00:00:00 2001
From: Blaize M Kaye <blaize.kaye@gmail.com>
Date: Mon, 15 Jan 2024 08:33:37 +1300
Subject: [PATCH 1/2] Replaces grype with trivy for cyclonedx generation

---
 Dockerfile                                         | 3 ---
 legacy/scripts/exec-generate-insights-configmap.sh | 8 ++++++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 53f759bc..5cac30c0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -111,9 +111,6 @@ RUN curl -sSL https://github.com/uselagoon/lagoon-linter/releases/download/v0.8.
 #     | tar -xz -C /usr/local/bin build-deploy-tool
 COPY --from=golang /app/build-deploy-tool /usr/local/bin/build-deploy-tool
 
-RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin > /dev/null 2>&1
-#curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin > /dev/null 2>&1
-
 # enable running unprivileged
 RUN fix-permissions /home && fix-permissions /kubectl-build-deploy
 
diff --git a/legacy/scripts/exec-generate-insights-configmap.sh b/legacy/scripts/exec-generate-insights-configmap.sh
index 66abf4d1..adaaba10 100755
--- a/legacy/scripts/exec-generate-insights-configmap.sh
+++ b/legacy/scripts/exec-generate-insights-configmap.sh
@@ -1,7 +1,10 @@
 #!/bin/bash
 
 TMP_DIR="${TMP_DIR:-/tmp}"
-SBOM_OUTPUT="cyclonedx-json"
+#SBOM_OUTPUT="cyclonedx-json" -- This is the syft format
+# We're moving to trivy
+SBOM_OUTPUT="cyclonedx"
+
 SBOM_OUTPUT_FILE="${TMP_DIR}/${IMAGE_NAME}.cyclonedx.json.gz"
 SBOM_CONFIGMAP="lagoon-insights-sbom-${IMAGE_NAME}"
 IMAGE_INSPECT_CONFIGMAP="lagoon-insights-image-${IMAGE_NAME}"
@@ -45,7 +48,8 @@ processImageInspect
 echo "Running sbom scan using syft"
 echo "Image being scanned: ${IMAGE_FULL}"
 
-DOCKER_HOST=docker-host.lagoon.svc docker run --rm -v /var/run/docker.sock:/var/run/docker.sock imagecache.amazeeio.cloud/anchore/syft packages ${IMAGE_FULL} --quiet -o ${SBOM_OUTPUT} | gzip > ${SBOM_OUTPUT_FILE}
+#DOCKER_HOST=docker-host.lagoon.svc docker run --rm -v /var/run/docker.sock:/var/run/docker.sock imagecache.amazeeio.cloud/anchore/syft packages ${IMAGE_FULL} --quiet -o ${SBOM_OUTPUT} | gzip > ${SBOM_OUTPUT_FILE}
+DOCKER_HOST=docker-host.lagoon.svc docker run --rm -v /var/run/docker.sock:/var/run/docker.sock imagecache.amazeeio.cloud/aquasec/trivy image ${IMAGE_FULL} --format ${SBOM_OUTPUT} | gzip > ${SBOM_OUTPUT_FILE}
 
 FILESIZE=$(stat -c%s "$SBOM_OUTPUT_FILE")
 echo "Size of ${SBOM_OUTPUT_FILE} = $FILESIZE bytes."

From 7f52b44ea1e409c84d02fdb900eb0e56774aa4cf Mon Sep 17 00:00:00 2001
From: Blaize M Kaye <blaize.kaye@gmail.com>
Date: Mon, 15 Jan 2024 11:31:20 +1300
Subject: [PATCH 2/2] Removes extraneous code

---
 legacy/scripts/exec-generate-insights-configmap.sh | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/legacy/scripts/exec-generate-insights-configmap.sh b/legacy/scripts/exec-generate-insights-configmap.sh
index adaaba10..9d43ee98 100755
--- a/legacy/scripts/exec-generate-insights-configmap.sh
+++ b/legacy/scripts/exec-generate-insights-configmap.sh
@@ -1,8 +1,6 @@
 #!/bin/bash
 
 TMP_DIR="${TMP_DIR:-/tmp}"
-#SBOM_OUTPUT="cyclonedx-json" -- This is the syft format
-# We're moving to trivy
 SBOM_OUTPUT="cyclonedx"
 
 SBOM_OUTPUT_FILE="${TMP_DIR}/${IMAGE_NAME}.cyclonedx.json.gz"
@@ -45,10 +43,9 @@ processImageInspect() {
 
 processImageInspect
 
-echo "Running sbom scan using syft"
+echo "Running sbom scan using trivy"
 echo "Image being scanned: ${IMAGE_FULL}"
 
-#DOCKER_HOST=docker-host.lagoon.svc docker run --rm -v /var/run/docker.sock:/var/run/docker.sock imagecache.amazeeio.cloud/anchore/syft packages ${IMAGE_FULL} --quiet -o ${SBOM_OUTPUT} | gzip > ${SBOM_OUTPUT_FILE}
 DOCKER_HOST=docker-host.lagoon.svc docker run --rm -v /var/run/docker.sock:/var/run/docker.sock imagecache.amazeeio.cloud/aquasec/trivy image ${IMAGE_FULL} --format ${SBOM_OUTPUT} | gzip > ${SBOM_OUTPUT_FILE}
 
 FILESIZE=$(stat -c%s "$SBOM_OUTPUT_FILE")