Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds convenience methods for using the Syft CLI to create SBoM information #104

Merged
merged 1 commit into from
Nov 18, 2021

Conversation

dmikusa
Copy link
Contributor

@dmikusa dmikusa commented Nov 16, 2021

Summary

  • Supports running syft against a directory & generating one or more output formats
  • Automatically converts syft generated CycloneDX XML to JSON, which is what buildpacks require
  • This is working around a couple features not present in syft at the moment, such as support for multiple output formats or conversion, and being able to output directly to CycloneDX JSON. When those features are added, we can trim this code back accordingly. The function signatures should not need to change for that.

Use Cases

Checklist

  • I have viewed, signed, and submitted the Contributor License Agreement.
  • I have linked issue(s) that this PR should close using keywords or the Github UI (See docs)
  • I have added an integration test, if necessary.
  • I have reviewed the styleguide for guidance on my code quality.
  • I'm happy with the commit history on this PR (I have rebased/squashed as needed).

@dmikusa dmikusa added type:enhancement A general enhancement semver:minor A change requiring a minor version bump labels Nov 16, 2021
@dmikusa dmikusa requested a review from a team November 16, 2021 17:24
@dmikusa
Copy link
Contributor Author

dmikusa commented Nov 16, 2021

Tests are failing because this depends on buildpacks/libcnb#95.

@sambhav
Copy link
Contributor

sambhav commented Nov 16, 2021

Related - anchore/syft#631

@dmikusa dmikusa force-pushed the syft-support branch 3 times, most recently from 70e1b08 to 63efa6f Compare November 18, 2021 14:41
…ation

- Supports running syft against a directory & generating one or more output formats
- Automatically converts syft generated CycloneDX XML to JSON, which is what buildpacks require
- This is working around a couple features not present in syft at the moment, such as support for multiple output formats or conversion, and being able to output directly to CycloneDX JSON. When those features are added, we can trim this code back accordingly. The function signatures should not need to change for that.
- There is no official libcnb release yet, so this branch is pointing to the latest commit. When libcnb releases, we'll need to bump this dependency in go.mod back to a release

Signed-off-by: Daniel Mikusa <[email protected]>
@dmikusa dmikusa merged commit 6006d2f into main Nov 18, 2021
@dmikusa dmikusa deleted the syft-support branch November 18, 2021 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
semver:minor A change requiring a minor version bump type:enhancement A general enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants