Skip to content

Commit

Permalink
Using syft
Browse files Browse the repository at this point in the history 
Signed-off-by: naveensrinivasan <[email protected]>
  • Loading branch information
@naveensrinivasan
naveensrinivasan committed Aug 18, 2024
1 parent a715fb7 commit 5f20a7d
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
1 change: 0 additions & 1 deletion bom.json
View file

This file was deleted.

11 changes: 7 additions & 4 deletions pkg/sbom/sbom.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"fmt"
"os/exec"
"strings"
"time"

proto "github.com/protobom/protobom/pkg/reader"
Expand All @@ -22,16 +23,18 @@ func ValidateSBOM(sbom string) error {
// GenerateSBOMWithCycloneDX generates an SBOM using the cdxgen binary.
func GenerateSBOMWithCycloneDX(directory, outputFile, repo string) error {
// Check if cdxgen is installed
_, err := exec.LookPath("cdxgen")
_, err := exec.LookPath("syft")
if err != nil {
return fmt.Errorf("cdxgen is not installed or not in PATH: %w", err)
return fmt.Errorf("syft is not installed or not in PATH: %w", err)
}

// Generate the output file name by replacing slashes with underscores and appending .json extension
escapedRepo := strings.ReplaceAll(repo, "/", "_")
outputFileName := fmt.Sprintf("%s.json", escapedRepo)
// Create a context with a 5-minute timeout
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
defer cancel()

cmd := exec.CommandContext(ctx, "cdxgen", "-r", "-o", outputFile, "--no-install-deps", "--project-name", repo, "--install-deps", "false", "--spec-version", "1.5", directory)
cmd := exec.CommandContext(ctx, "syft", "scan", directory, "-o", "cyclonedx-json", "--file", outputFileName)
fmt.Println("Executing command: for the repo", repo, cmd.String())
output, err := cmd.CombinedOutput()
if ctx.Err() == context.DeadlineExceeded {
Expand Down

0 comments on commit 5f20a7d

Please sign in to comment.