chore: address review feedback for sbom scanner changes

Agent-Logs-Url: https://github.com/project-zot/zot/sessions/eb3437af-edc8-4846-a9d9-f92bfe579c1e Co-authored-by: rchincha <45800463+rchincha@users.noreply.github.com>
2026-06-17 21:17:58 +08:00 · 2026-05-18 22:49:14 +00:00
parent 4e66891b72
commit 01cd3143b9
1 changed files with 3 additions and 1 deletions
@@ -307,7 +307,7 @@ func (scanner Scanner) runTrivy(ctx context.Context, opts flag.Options) (types.R
 	}

 	report := types.Report{}
-	sbomContent := []byte(nil)
+	var sbomContent []byte

 	err = scanner.withTempDir(func() error {
 		runner, err := artifact.NewRunner(ctx, opts, artifact.TargetContainerImage)
@@ -562,6 +562,8 @@ func (scanner Scanner) scanManifest(ctx context.Context, repo, digest string) (m
 		return cveidMap, err
 	}

+	// SBOM persistence is best-effort: CVE scanning should still complete even if
+	// SBOM artifact upload fails.
 	if err = scanner.storeSBOMAsOCIArtifact(repo, digest, sbomContent); err != nil {
 		scanner.log.Warn().Err(err).Str("image", image).Msg("failed to store generated sbom as OCI artifact")
 	}