Release v0.3.79

Summary

Report SBOM generation failures to POST /k8s/v2/scanFailure (careportreceiver) so users receive Slack/Teams notifications via the existing scan failure pipeline (event-ingester → UNS).

Changes

New files:

File	Purpose
pkg/sbommanager/sbom_failure_reporter.go	SbomFailureReporter interface (single method)
pkg/sbommanager/v1/http_failure_reporter.go	HTTPSbomFailureReporter — POSTs to careportreceiver with X-API-KEY auth

Modified files:

File	Change
pkg/sbommanager/v1/sbom_manager.go	Added reportFailure() helper, instrumented 7 failure paths
cmd/main.go	Create reporter when EVENT_RECEIVER_REST_URL env var is set

Instrumented failure paths:

Failure	Reason Code	Path
Sidecar OOM after max retries	scanner_oom_killed	Sidecar
Sidecar scan error	sbom_generation_failed	Sidecar
Image too large for source	image_too_large	In-process
Syft SBOM generation failed	sbom_generation_failed	In-process
SBOM exceeds size limit	sbom_too_large	Both
Failed to save SBOM	sbom_storage_failed	Both

Design

• Same ScanFailureReport struct and endpoint as kubevuln (#334)
• Enabled via EVENT_RECEIVER_REST_URL env var (Helm chart sets this)
• Fire-and-forget: reporting in goroutine with 10s timeout, errors logged
• No env var = no reporter = no reporting (backward compatible)
• Uses access key from /etc/credentials for X-API-KEY header

Related

• Jira: SUB-7109
• Parent: SUB-7074
• kubevuln: kubescape/kubevuln#334
• armoapi-go: armosec/armoapi-go#625

Test plan

• GOOS=linux go build ./cmd/... passes
• GOOS=linux go build ./pkg/sbommanager/... passes
• No go.mod/go.sum changes (uses existing armoapi-go v0.0.693)
• E2E: deploy with EVENT_RECEIVER_REST_URL set, trigger SBOM failure, verify Slack notification

Summary by CodeRabbit

• New Features

  • SBOM generation now emits failure reports to a configurable backend when a receiver URL is set.
  • Added a failure-reporting contract and an HTTP reporter that can include account/cluster identifiers and an optional API key.

• Tests

  • Added unit tests validating HTTP reporting behavior, headers, payloads, and error handling.

• Chores

  • Added a PR image build workflow to build and push test images for pull requests.

Release v0.3.75

Summary by CodeRabbit

• Bug Fixes
  • Improved hardlink and symlink monitoring compatibility on arm64 architecture systems.

Release v0.3.71

Summary by CodeRabbit

• Chores
  • Updated numerous third‑party dependencies for compatibility, stability, and observability.
  • Refined metadata label handling and validation for more consistent resource metadata (including cloud account identifier normalization) and switched workload metadata sourcing for improved consistency.
  • Added an optional label-overrides capability to allow explicit label adjustments.
  • Added additional informational logging when container profiles are enqueued/saved to improve observability.
• Tests
  • Updated a unit test input to exercise case/format variations in instance IDs.

Release v0.3.69

Summary

• SBOM scanner sidecar: Moves Syft-based SBOM generation into a separate gRPC sidecar container within the node-agent pod, preventing OOM kills from crashing the main node-agent process
• Shared helpers refactor: Extracts NodeSource, NodeResolver, and toSyftDocument into a syftutil subpackage to avoid import cycles between the main agent and the sidecar binary
• Full fallback support: When the sidecar is not configured, the existing in-process Syft scanning continues to work; when the sidecar is configured but not ready, scans are deferred

Key changes

Area	Files
Protobuf service	pkg/sbomscanner/v1/proto/scanner.proto — CreateSBOM and Health RPCs
gRPC server	pkg/sbomscanner/v1/server.go — sequential processing, timeout, image-too-large handling
gRPC client	pkg/sbomscanner/v1/client.go — reconnection backoff, health checks, crash detection
Scanner binary	cmd/sbom-scanner/main.go — Unix socket listener, graceful shutdown
SbomManager	pkg/sbommanager/v1/sbom_manager.go — sidecar/not-ready/fallback branching, retry tracking, TooLarge-with-memory-limit annotations
Observability	pkg/sbommanager/v1/metrics.go — sbom_scan_total, sbom_scan_duration_seconds, sbom_scanner_restarts_total, sbom_scanner_ready
Shared helpers	pkg/sbommanager/v1/syftutil/ — extracted source.go, resolver.go, document.go, helpers.go
Dockerfile	build/Dockerfile — builds and copies both node-agent and sbom-scanner binaries
Wiring	cmd/main.go — creates scanner client from SBOM_SCANNER_SOCKET env var

Test plan

• Unit tests for gRPC server (health, invalid input, image-too-large, cancelled context)
• Integration tests (full scan lifecycle, simulated OOM/crash, image-too-large via sidecar, ready check)
• Existing sbommanager tests pass (source_test, sbom_manager_test)
• Syftutil package tests pass (toLayers test moved from sbommanager)
• Full go build ./... passes
• CI pipeline
• Staging deployment with Helm chart changes (companion PR)

Made with Cursor

Summary by CodeRabbit

• New Features

  • SBOM generation can be offloaded to a dedicated scanner sidecar with health/readiness checks, timeouts, and in-process fallback.
  • Runtime image now includes the sbom-scanner executable.
  • Prometheus metrics for scan counts, durations, readiness, and scanner restarts.
  • Configurable scanner memory limits, image/SBOM size limits, automatic crash detection and retry logic.
  • SBOM output conversion improved for downstream storage/consumption.

• Tests

  • End-to-end and integration tests covering scanner lifecycle, error scenarios, resource limits, and readiness.

Release v0.3.63

Summary by CodeRabbit

• New Features

  • Cloud metadata integration for enhanced container profile labeling with cloud-specific information

• Configuration Changes

  • Maximum sniffing time per container: increased to 24 hours
  • Data update period: increased to 10 minutes

• Dependencies

  • Updated core dependencies to latest versions

• Improvements

  • Enhanced null-safety checks and lifecycle management for container profiles

Release v0.3.60

Summary by CodeRabbit

• Bug Fixes

  • Prevent duplicate readiness signaling to avoid panics during concurrent container operations.
  • Skip SBOM processing when a container image name is missing to avoid unnecessary handling.
  • Ignore host containers across multiple subsystems to avoid spurious processing and storage.

• Improvements

  • Host container metadata now includes a container identifier.
  • Ensure container identity is populated earlier to improve hostname resolution.
  • Optimize host-container startup by skipping shared-data waits for host paths.

Release v0.3.57

Summary by CodeRabbit

• Refactor
  • Getters now tolerate missing or unreadable fields and return safe defaults (empty values, nil or zero) instead of surfacing errors.
  • Reduced noisy per-field error logging; replaced with non-fatal, silent reads and a single warning when a field accessor is absent.
  • Retained public APIs and overall data-path behavior while improving resilience to partial data.

Release v0.3.54

Summary by CodeRabbit

• Bug Fixes

  • Improved event handling to ensure consistent and reliable data retrieval across different event types, preventing potential inconsistencies.

• Chores

  • Enhanced logging capabilities for improved system observability and troubleshooting.

Release v0.3.53

Truncate HTTP body to Content-Length in ParseHttpRequest and ParseHttpResponse to avoid BPF buffer garbage in parsed bodies.

Note: this only fixes the case where Content-Length is present. The proper fix is adding a buf_len field to the HTTP BPF gadget (syscall return value) so we can truncate at the source.

Summary by CodeRabbit

• Bug Fixes

  • Request and response bodies now honor Content-Length and properly decode chunked Transfer-Encoding, trimming excess buffer data so payloads no longer include stray bytes.

• Tests

  • Added comprehensive parsing tests that simulate fixed-size buffer garbage and cover requests/responses across Content-Length scenarios (zero, absent, truncated, oversized) and chunked decoding.

Release v0.3.48

Summary by CodeRabbit

• New Features

  • Added support for extracting Elastic Container Service (ECS) metadata from events.

• Bug Fixes

  • Improved stability by gracefully handling missing event fields; system now returns safe defaults instead of crashing.

• Refactor

  • Streamlined event field access logic for improved consistency and maintainability across event types.