feat(k8s): cyclonedx kbom support (#4557)

* feat: cyclonedx kbom support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: cyclonedx kbom support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: update sum db

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: update sum db

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: update sumdb

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: update sumdb

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>

pkg/k8s/commands/cluster.go

@@ -11,6 +11,7 @@ import (
 	"github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s"
 	"github.com/aquasecurity/trivy/pkg/flag"
 	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 
@@ -21,16 +22,26 @@ func clusterRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) err
 	}
 	var artifacts []*artifacts.Artifact
 	var err error
-	if opts.Scanners.AnyEnabled(types.MisconfigScanner) && slices.Contains(opts.Components, "infra") {
-		artifacts, err = trivyk8s.New(cluster, log.Logger).ListArtifactAndNodeInfo(ctx, opts.NodeCollectorNamespace, opts.ExcludeNodes, opts.Tolerations...)
+	switch opts.Format {
+	case report.FormatCycloneDX:
+		artifacts, err = trivyk8s.New(cluster, log.Logger).ListBomInfo(ctx)
 		if err != nil {
 			return xerrors.Errorf("get k8s artifacts with node info error: %w", err)
 		}
-	} else {
-		artifacts, err = trivyk8s.New(cluster, log.Logger).ListArtifacts(ctx)
-		if err != nil {
-			return xerrors.Errorf("get k8s artifacts error: %w", err)
+	case report.FormatJSON, report.FormatTable:
+		if opts.Scanners.AnyEnabled(types.MisconfigScanner) && slices.Contains(opts.Components, "infra") {
+			artifacts, err = trivyk8s.New(cluster, log.Logger).ListArtifactAndNodeInfo(ctx, opts.NodeCollectorNamespace, opts.ExcludeNodes, opts.Tolerations...)
+			if err != nil {
+				return xerrors.Errorf("get k8s artifacts with node info error: %w", err)
+			}
+		} else {
+			artifacts, err = trivyk8s.New(cluster, log.Logger).ListArtifacts(ctx)
+			if err != nil {
+				return xerrors.Errorf("get k8s artifacts error: %w", err)
+			}
 		}
+	default:
+		return xerrors.Errorf(`unknown format %q. Use "json" or "table" or "cyclonedx"`, opts.Format)
 	}
 
 	runner := newRunner(opts, cluster.GetCurrentContext())

pkg/k8s/commands/run.go

@@ -13,6 +13,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/commands/operation"
 	cr "github.com/aquasecurity/trivy/pkg/compliance/report"
 	"github.com/aquasecurity/trivy/pkg/flag"
+	k8sRep "github.com/aquasecurity/trivy/pkg/k8s"
 	"github.com/aquasecurity/trivy/pkg/k8s/report"
 	"github.com/aquasecurity/trivy/pkg/k8s/scanner"
 	"github.com/aquasecurity/trivy/pkg/log"
@@ -88,8 +89,8 @@ func (r *runner) run(ctx context.Context, artifacts []*artifacts.Artifact) error
 		}
 		r.flagOpts.ScanOptions.Scanners = scanners
 	}
-
-	rpt, err := s.Scan(ctx, artifacts)
+	var rpt report.Report
+	rpt, err = s.Scan(ctx, artifacts)
 	if err != nil {
 		return xerrors.Errorf("k8s scan error: %w", err)
 	}
@@ -110,13 +111,14 @@ func (r *runner) run(ctx context.Context, artifacts []*artifacts.Artifact) error
 		})
 	}
 
-	if err := report.Write(rpt, report.Option{
+	if err := k8sRep.Write(rpt, report.Option{
 		Format:     r.flagOpts.Format,
 		Report:     r.flagOpts.ReportFormat,
 		Output:     r.flagOpts.Output,
 		Severities: r.flagOpts.Severities,
 		Components: r.flagOpts.Components,
 		Scanners:   r.flagOpts.ScanOptions.Scanners,
+		APIVersion: r.flagOpts.AppVersion,
 	}); err != nil {
 		return xerrors.Errorf("unable to write results: %w", err)
 	}