-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Batch processing of sbom file with count of components more then 2000 (AWS Inspector limit) #80
Comments
Hello, thank you for reaching out. |
Hello, thank you again for creating this issue. I'm going to mark this issue as on-hold until we begin work on the feature. |
@iriabov Hello, we recently increased the permitted component count to 5,000. |
Hi @bluesentinelsec Thank you! |
Contributions are certainly welcome. :) #1. First generate a large sbom
./inspector-sbomgen container --image large_image:latest -o large_sbom.json
#2. Now scan the SBOM; the program will need to handle chunking the scan into multiple requests,
# and then reassembling the responses into a single JSON document.
./scan_sbom_in_chunks.py --f your_large_sbom.json --profile your_aws_profile
# You'll need to use the AWS SDK to interact with Inspector's ScanSbom API. Be advised, I think this is a non-trivial program to write; no worries if you need to back out because this is likely a moderate amount of work. Otherwise, feel free to take a stab and we'll provide feedback if you open a pull request. |
Description
We catch the limitation error in the AWS Inpector CLI command to scan SBOM files. Error log message:
An error occurred (ValidationException) when calling the ScanSbom operation: Input SBOM failed validation: Max number of components exceeded (2000)
You can find the package limit in AWS documentation:
https://docs.aws.amazon.com/inspector/v2/APIReference/API_scan_ScanSbom.html#API_scan_ScanSbom_RequestSyntax
Expected Behavior
Divide the SBOM file by chunks (with the same metadata and max count of components - 2000). The next step is scanning these files independently. The last step is calculating vulnerabilities from all files.
Actual Behavior
We have an error in the scanning GH action:
An error occurred (ValidationException) when calling the ScanSbom operation: Input SBOM failed validation: Max number of components exceeded (2000)
Steps to Reproduce
Build the image with more the 2000 of components in SBOM file.
Other Information
Please provide any additional information such as logs or screenshots.
The text was updated successfully, but these errors were encountered: