github.com/kastenhq/syft@v0.0.0-20230821225854-0710af25cdbe/cmd/syft/cli/packages.go

github.com/kastenhq/syft@v0.0.0-20230821225854-0710af25cdbe/cmd/syft/cli/packages.go (about)

     1  package cli
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  
     7  	"github.com/spf13/cobra"
     8  	"github.com/spf13/viper"
     9  
    10  	"github.com/kastenhq/syft/cmd/syft/cli/options"
    11  	"github.com/kastenhq/syft/cmd/syft/cli/packages"
    12  	"github.com/kastenhq/syft/internal"
    13  	"github.com/kastenhq/syft/internal/config"
    14  )
    15  
    16  const (
    17  	packagesExample = `  {{.appName}} {{.command}} alpine:latest                                a summary of discovered packages
    18    {{.appName}} {{.command}} alpine:latest -o json                        show all possible cataloging details
    19    {{.appName}} {{.command}} alpine:latest -o cyclonedx                   show a CycloneDX formatted SBOM
    20    {{.appName}} {{.command}} alpine:latest -o cyclonedx-json              show a CycloneDX JSON formatted SBOM
    21    {{.appName}} {{.command}} alpine:latest -o spdx                        show a SPDX 2.3 Tag-Value formatted SBOM
    22    {{.appName}} {{.command}} alpine:latest -o spdx@2.2                    show a SPDX 2.2 Tag-Value formatted SBOM
    23    {{.appName}} {{.command}} alpine:latest -o spdx-json                   show a SPDX 2.3 JSON formatted SBOM
    24    {{.appName}} {{.command}} alpine:latest -o spdx-json@2.2               show a SPDX 2.2 JSON formatted SBOM
    25    {{.appName}} {{.command}} alpine:latest -vv                            show verbose debug information
    26    {{.appName}} {{.command}} alpine:latest -o template -t my_format.tmpl  show a SBOM formatted according to given template file
    27  
    28    Supports the following image sources:
    29      {{.appName}} {{.command}} yourrepo/yourimage:tag     defaults to using images from a Docker daemon. If Docker is not present, the image is pulled directly from the registry.
    30      {{.appName}} {{.command}} path/to/a/file/or/dir      a Docker tar, OCI tar, OCI directory, SIF container, or generic filesystem directory
    31  `
    32  
    33  	schemeHelpHeader = "You can also explicitly specify the scheme to use:"
    34  	imageSchemeHelp  = `    {{.appName}} {{.command}} docker:yourrepo/yourimage:tag            explicitly use the Docker daemon
    35      {{.appName}} {{.command}} podman:yourrepo/yourimage:tag            explicitly use the Podman daemon
    36      {{.appName}} {{.command}} registry:yourrepo/yourimage:tag          pull image directly from a registry (no container runtime required)
    37      {{.appName}} {{.command}} docker-archive:path/to/yourimage.tar     use a tarball from disk for archives created from "docker save"
    38      {{.appName}} {{.command}} oci-archive:path/to/yourimage.tar        use a tarball from disk for OCI archives (from Skopeo or otherwise)
    39      {{.appName}} {{.command}} oci-dir:path/to/yourimage                read directly from a path on disk for OCI layout directories (from Skopeo or otherwise)
    40      {{.appName}} {{.command}} singularity:path/to/yourimage.sif        read directly from a Singularity Image Format (SIF) container on disk
    41  `
    42  	nonImageSchemeHelp = `    {{.appName}} {{.command}} dir:path/to/yourproject                  read directly from a path on disk (any directory)
    43      {{.appName}} {{.command}} file:path/to/yourproject/file            read directly from a path on disk (any single file)
    44  `
    45  	packagesSchemeHelp = "\n" + indent + schemeHelpHeader + "\n" + imageSchemeHelp + nonImageSchemeHelp
    46  
    47  	packagesHelp = packagesExample + packagesSchemeHelp
    48  )
    49  
    50  //nolint:dupl
    51  func Packages(v *viper.Viper, app *config.Application, ro *options.RootOptions, po *options.PackagesOptions) *cobra.Command {
    52  	cmd := &cobra.Command{
    53  		Use:   "packages [SOURCE]",
    54  		Short: "Generate a package SBOM",
    55  		Long:  "Generate a packaged-based Software Bill Of Materials (SBOM) from container images and filesystems",
    56  		Example: internal.Tprintf(packagesHelp, map[string]interface{}{
    57  			"appName": internal.ApplicationName,
    58  			"command": "packages",
    59  		}),
    60  		Args: func(cmd *cobra.Command, args []string) error {
    61  			if err := app.LoadAllValues(v, ro.Config); err != nil {
    62  				return fmt.Errorf("invalid application config: %w", err)
    63  			}
    64  			// configure logging for command
    65  			newLogWrapper(app)
    66  			logApplicationConfig(app)
    67  			return validateArgs(cmd, args)
    68  		},
    69  		SilenceUsage:  true,
    70  		SilenceErrors: true,
    71  		RunE: func(cmd *cobra.Command, args []string) error {
    72  			if app.CheckForAppUpdate {
    73  				// TODO: this is broke, the bus isn't available yet
    74  				checkForApplicationUpdate()
    75  			}
    76  			return packages.Run(cmd.Context(), app, args)
    77  		},
    78  	}
    79  
    80  	err := po.AddFlags(cmd, v)
    81  	if err != nil {
    82  		log.Fatal(err)
    83  	}
    84  
    85  	return cmd
    86  }