github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/cmd/gosbom/cli/packages.go

github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/cmd/gosbom/cli/packages.go (about)

     1  package cli
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  
     7  	"github.com/nextlinux/gosbom/cmd/gosbom/cli/options"
     8  	"github.com/nextlinux/gosbom/cmd/gosbom/cli/packages"
     9  	"github.com/nextlinux/gosbom/internal"
    10  	"github.com/nextlinux/gosbom/internal/config"
    11  	"github.com/spf13/cobra"
    12  	"github.com/spf13/viper"
    13  )
    14  
    15  const (
    16  	packagesExample = `  {{.appName}} {{.command}} alpine:latest                                a summary of discovered packages
    17    {{.appName}} {{.command}} alpine:latest -o json                        show all possible cataloging details
    18    {{.appName}} {{.command}} alpine:latest -o cyclonedx                   show a CycloneDX formatted SBOM
    19    {{.appName}} {{.command}} alpine:latest -o cyclonedx-json              show a CycloneDX JSON formatted SBOM
    20    {{.appName}} {{.command}} alpine:latest -o spdx                        show a SPDX 2.3 Tag-Value formatted SBOM
    21    {{.appName}} {{.command}} alpine:latest -o spdx@2.2                    show a SPDX 2.2 Tag-Value formatted SBOM
    22    {{.appName}} {{.command}} alpine:latest -o spdx-json                   show a SPDX 2.3 JSON formatted SBOM
    23    {{.appName}} {{.command}} alpine:latest -o spdx-json@2.2               show a SPDX 2.2 JSON formatted SBOM
    24    {{.appName}} {{.command}} alpine:latest -vv                            show verbose debug information
    25    {{.appName}} {{.command}} alpine:latest -o template -t my_format.tmpl  show a SBOM formatted according to given template file
    26  
    27    Supports the following image sources:
    28      {{.appName}} {{.command}} yourrepo/yourimage:tag     defaults to using images from a Docker daemon. If Docker is not present, the image is pulled directly from the registry.
    29      {{.appName}} {{.command}} path/to/a/file/or/dir      a Docker tar, OCI tar, OCI directory, SIF container, or generic filesystem directory
    30  `
    31  
    32  	schemeHelpHeader = "You can also explicitly specify the scheme to use:"
    33  	imageSchemeHelp  = `    {{.appName}} {{.command}} docker:yourrepo/yourimage:tag            explicitly use the Docker daemon
    34      {{.appName}} {{.command}} podman:yourrepo/yourimage:tag            explicitly use the Podman daemon
    35      {{.appName}} {{.command}} registry:yourrepo/yourimage:tag          pull image directly from a registry (no container runtime required)
    36      {{.appName}} {{.command}} docker-archive:path/to/yourimage.tar     use a tarball from disk for archives created from "docker save"
    37      {{.appName}} {{.command}} oci-archive:path/to/yourimage.tar        use a tarball from disk for OCI archives (from Skopeo or otherwise)
    38      {{.appName}} {{.command}} oci-dir:path/to/yourimage                read directly from a path on disk for OCI layout directories (from Skopeo or otherwise)
    39      {{.appName}} {{.command}} singularity:path/to/yourimage.sif        read directly from a Singularity Image Format (SIF) container on disk
    40  `
    41  	nonImageSchemeHelp = `    {{.appName}} {{.command}} dir:path/to/yourproject                  read directly from a path on disk (any directory)
    42      {{.appName}} {{.command}} file:path/to/yourproject/file            read directly from a path on disk (any single file)
    43  `
    44  	packagesSchemeHelp = "\n" + indent + schemeHelpHeader + "\n" + imageSchemeHelp + nonImageSchemeHelp
    45  
    46  	packagesHelp = packagesExample + packagesSchemeHelp
    47  )
    48  
    49  //nolint:dupl
    50  func Packages(v *viper.Viper, app *config.Application, ro *options.RootOptions, po *options.PackagesOptions) *cobra.Command {
    51  	cmd := &cobra.Command{
    52  		Use:   "packages [SOURCE]",
    53  		Short: "Generate a package SBOM",
    54  		Long:  "Generate a packaged-based Software Bill Of Materials (SBOM) from container images and filesystems",
    55  		Example: internal.Tprintf(packagesHelp, map[string]interface{}{
    56  			"appName": internal.ApplicationName,
    57  			"command": "packages",
    58  		}),
    59  		Args: func(cmd *cobra.Command, args []string) error {
    60  			if err := app.LoadAllValues(v, ro.Config); err != nil {
    61  				return fmt.Errorf("invalid application config: %w", err)
    62  			}
    63  			// configure logging for command
    64  			newLogWrapper(app)
    65  			logApplicationConfig(app)
    66  			return validateArgs(cmd, args)
    67  		},
    68  		SilenceUsage:  true,
    69  		SilenceErrors: true,
    70  		RunE: func(cmd *cobra.Command, args []string) error {
    71  			if app.CheckForAppUpdate {
    72  				checkForApplicationUpdate()
    73  			}
    74  			return packages.Run(cmd.Context(), app, args)
    75  		},
    76  	}
    77  
    78  	err := po.AddFlags(cmd, v)
    79  	if err != nil {
    80  		log.Fatal(err)
    81  	}
    82  
    83  	return cmd
    84  }