diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md index 20b05eb7ef..ca6ea10495 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md @@ -15,6 +15,7 @@ zarf package inspect [PACKAGE] [flags] ``` -h, --help help for inspect + -s, --sbom View SBOM contents while inspecting the package. --tmpdir string Specify the temporary directory to use for intermediate files ``` @@ -29,4 +30,3 @@ zarf package inspect [PACKAGE] [flags] ### SEE ALSO * [zarf package](zarf_package.md) - Zarf package commands for creating, deploying, and inspecting packages - diff --git a/src/cmd/package.go b/src/cmd/package.go index 78c791cda4..d4b190bb1e 100644 --- a/src/cmd/package.go +++ b/src/cmd/package.go @@ -129,4 +129,5 @@ func init() { packageDeployCmd.Flags().StringVar(&config.DeployOptions.SGetKeyPath, "sget", "", "Path to public sget key file for remote packages signed via cosign") packageInspectCmd.Flags().StringVar(&config.CommonOptions.TempDirectory, "tmpdir", "", "Specify the temporary directory to use for intermediate files") + packageInspectCmd.Flags().BoolVarP(&packager.ViewSBOM, "sbom", "s", false, "View SBOM contents while inspecting the package.") } diff --git a/src/internal/packager/inspect.go b/src/internal/packager/inspect.go index 9d90153947..4d8fd160ff 100644 --- a/src/internal/packager/inspect.go +++ b/src/internal/packager/inspect.go @@ -1,15 +1,20 @@ package packager import ( + "fmt" "io/ioutil" "path/filepath" + "github.com/AlecAivazis/survey/v2" "github.com/defenseunicorns/zarf/src/config" "github.com/defenseunicorns/zarf/src/internal/message" "github.com/defenseunicorns/zarf/src/internal/utils" "github.com/mholt/archiver/v3" ) +// ViewSBOM indicates if image SBOM information should be displayed when inspecting a package +var ViewSBOM bool + // Inspect list the contents of a package func Inspect(packageName string) { tempPath := createPaths() @@ -39,4 +44,28 @@ func Inspect(packageName string) { } message.Infof("The package was built with Zarf CLI version %s\n", config.GetBuildData().Version) + + if ViewSBOM { + err = archiver.Extract(packageName, "sboms", tempPath.base) + if err != nil { + message.Fatalf(err, "Unable to extract sbom information from the package.") + } + + sbomViewFiles, _ := filepath.Glob(tempPath.sboms + "/sbom-viewer-*") + if len(sbomViewFiles) > 1 { + link := sbomViewFiles[0] + msg := fmt.Sprintf("This package has %d images with software bill-of-materials (SBOM) included. You can view them now in the zarf-sbom folder in this directory or to go directly to one, open this in your browser: %s\n\n", len(sbomViewFiles), link) + message.Note(msg) + + // Use survey.Input to hang until user input + var value string + prompt := &survey.Input{ + Message: "Hit the 'enter' key when you are done viewing the SBOM files", + Default: "", + } + _ = survey.AskOne(prompt, &value) + } else { + message.Note("There were no images with software bill-of-materials (SBOM) included.") + } + } }