wip

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
anchore · Feb 9, 2022 · 54e11be · 54e11be
1 parent f317b53
commit 54e11be
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/attestation.sjon b/attestation.sjon
diff --git a/cmd/attest.go b/cmd/attest.go
@@ -48,7 +48,14 @@ const (
 )
 
 var (
-	keyPath   string
+	keyPath         string
+	acceptedFormats = []format.Option{
+		format.JSONOption,
+		format.CycloneDxXMLOption,
+		format.CycloneDxJSONOption,
+		format.SPDXJSONOption,
+		format.SPDXTagValueOption,
+	}
 	attestCmd = &cobra.Command{
 		Use:   "attest --output [FORMAT] --key [KEY] [SOURCE]",
 		Short: "Generate a package SBOM as an attestation to [SOURCE]",
@@ -106,6 +113,7 @@ func attestationExecWorker(ctx context.Context, userInput string, ko sign.KeyOpt
 	errs := make(chan error)
 	go func() {
 		defer close(errs)
+
 		// TODO: lift scheme detection into public to shortcircuit on dir/file
 		// PR Review - where should we validate?
 		s, src, err := generateSBOM(userInput, errs)
@@ -114,6 +122,14 @@ func attestationExecWorker(ctx context.Context, userInput string, ko sign.KeyOpt
 			return
 		}
 
+		formatOption := format.ParseOption(outputFormat)
+		for _, option := range acceptedFormats {
+			if formatOption == option {
+
+				break
+			}
+		}
+
 		// TODO: currently forced into only SPDX; allow user to specify
 		bytes, err := syft.Encode(*s, format.SPDXJSONOption)
 		if err != nil {
@@ -189,4 +205,7 @@ func setAttestFlags(flags *pflag.FlagSet) {
 	flags.StringVarP(&keyPath, "key", "", "",
 		"private key to use to sign attestation",
 	)
+	flags.StringVarP(&outputFormat, "output", "-o", "",
+		"SBOM predicate output format",
+	)
 }