github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/cmd/gosbom/cli/attest.go

github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/cmd/gosbom/cli/attest.go (about)

     1  package cli
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  
     7  	"github.com/nextlinux/gosbom/cmd/gosbom/cli/attest"
     8  	"github.com/nextlinux/gosbom/cmd/gosbom/cli/options"
     9  	"github.com/nextlinux/gosbom/internal"
    10  	"github.com/nextlinux/gosbom/internal/config"
    11  	"github.com/spf13/cobra"
    12  	"github.com/spf13/viper"
    13  )
    14  
    15  const (
    16  	attestExample = `  {{.appName}} {{.command}} --output [FORMAT] alpine:latest defaults to using images from a Docker daemon. If Docker is not present, the image is pulled directly from the registry
    17  `
    18  	attestSchemeHelp = "\n" + indent + schemeHelpHeader + "\n" + imageSchemeHelp
    19  	attestHelp       = attestExample + attestSchemeHelp
    20  )
    21  
    22  func Attest(v *viper.Viper, app *config.Application, ro *options.RootOptions, po *options.PackagesOptions, ao *options.AttestOptions) *cobra.Command {
    23  	cmd := &cobra.Command{
    24  		Use:   "attest --output [FORMAT] <IMAGE>",
    25  		Short: "Generate an SBOM as an attestation for the given [SOURCE] container image",
    26  		Long:  "Generate a packaged-based Software Bill Of Materials (SBOM) from a container image as the predicate of an in-toto attestation that will be uploaded to the image registry",
    27  		Example: internal.Tprintf(attestHelp, map[string]interface{}{
    28  			"appName": internal.ApplicationName,
    29  			"command": "attest",
    30  		}),
    31  		Args: func(cmd *cobra.Command, args []string) error {
    32  			if err := app.LoadAllValues(v, ro.Config); err != nil {
    33  				return fmt.Errorf("unable to load configuration: %w", err)
    34  			}
    35  
    36  			newLogWrapper(app)
    37  			logApplicationConfig(app)
    38  			return validateArgs(cmd, args)
    39  		},
    40  		SilenceUsage:  true,
    41  		SilenceErrors: true,
    42  		RunE: func(cmd *cobra.Command, args []string) error {
    43  			if app.CheckForAppUpdate {
    44  				checkForApplicationUpdate()
    45  			}
    46  
    47  			return attest.Run(cmd.Context(), app, args)
    48  		},
    49  	}
    50  
    51  	// gosbom attest is an enhancement of the packages command, so it should have the same flags
    52  	err := po.AddFlags(cmd, v)
    53  	if err != nil {
    54  		log.Fatal(err)
    55  	}
    56  
    57  	// gosbom attest has its own options not included as part of the packages command
    58  	err = ao.AddFlags(cmd, v)
    59  	if err != nil {
    60  		log.Fatal(err)
    61  	}
    62  
    63  	return cmd
    64  }