github.com/kastenhq/syft@v0.0.0-20230821225854-0710af25cdbe/cmd/syft/cli/attest.go

github.com/kastenhq/syft@v0.0.0-20230821225854-0710af25cdbe/cmd/syft/cli/attest.go (about)

     1  package cli
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  
     7  	"github.com/spf13/cobra"
     8  	"github.com/spf13/viper"
     9  
    10  	"github.com/kastenhq/syft/cmd/syft/cli/attest"
    11  	"github.com/kastenhq/syft/cmd/syft/cli/options"
    12  	"github.com/kastenhq/syft/internal"
    13  	"github.com/kastenhq/syft/internal/config"
    14  )
    15  
    16  const (
    17  	attestExample = `  {{.appName}} {{.command}} --output [FORMAT] alpine:latest defaults to using images from a Docker daemon. If Docker is not present, the image is pulled directly from the registry
    18  `
    19  	attestSchemeHelp = "\n" + indent + schemeHelpHeader + "\n" + imageSchemeHelp
    20  	attestHelp       = attestExample + attestSchemeHelp
    21  )
    22  
    23  func Attest(v *viper.Viper, app *config.Application, ro *options.RootOptions, po *options.PackagesOptions, ao *options.AttestOptions) *cobra.Command {
    24  	cmd := &cobra.Command{
    25  		Use:   "attest --output [FORMAT] <IMAGE>",
    26  		Short: "Generate an SBOM as an attestation for the given [SOURCE] container image",
    27  		Long:  "Generate a packaged-based Software Bill Of Materials (SBOM) from a container image as the predicate of an in-toto attestation that will be uploaded to the image registry",
    28  		Example: internal.Tprintf(attestHelp, map[string]interface{}{
    29  			"appName": internal.ApplicationName,
    30  			"command": "attest",
    31  		}),
    32  		Args: func(cmd *cobra.Command, args []string) error {
    33  			if err := app.LoadAllValues(v, ro.Config); err != nil {
    34  				return fmt.Errorf("unable to load configuration: %w", err)
    35  			}
    36  
    37  			newLogWrapper(app)
    38  			logApplicationConfig(app)
    39  			return validateArgs(cmd, args)
    40  		},
    41  		SilenceUsage:  true,
    42  		SilenceErrors: true,
    43  		RunE: func(cmd *cobra.Command, args []string) error {
    44  			if app.CheckForAppUpdate {
    45  				checkForApplicationUpdate()
    46  				// TODO: this is broke, the bus isn't available yet
    47  			}
    48  
    49  			return attest.Run(cmd.Context(), app, args)
    50  		},
    51  	}
    52  
    53  	// syft attest is an enhancement of the packages command, so it should have the same flags
    54  	err := po.AddFlags(cmd, v)
    55  	if err != nil {
    56  		log.Fatal(err)
    57  	}
    58  
    59  	// syft attest has its own options not included as part of the packages command
    60  	err = ao.AddFlags(cmd, v)
    61  	if err != nil {
    62  		log.Fatal(err)
    63  	}
    64  
    65  	return cmd
    66  }