From 54e11be3a2493fe3dc88001e04a053657be346ff Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Tue, 8 Feb 2022 16:12:54 -0500 Subject: [PATCH] wip Signed-off-by: Christopher Phillips --- attestation.sjon | 0 cmd/attest.go | 21 ++++++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) delete mode 100644 attestation.sjon diff --git a/attestation.sjon b/attestation.sjon deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/cmd/attest.go b/cmd/attest.go index 1a3ab660f54..22bcb6c4b36 100644 --- a/cmd/attest.go +++ b/cmd/attest.go @@ -48,7 +48,14 @@ const ( ) var ( - keyPath string + keyPath string + acceptedFormats = []format.Option{ + format.JSONOption, + format.CycloneDxXMLOption, + format.CycloneDxJSONOption, + format.SPDXJSONOption, + format.SPDXTagValueOption, + } attestCmd = &cobra.Command{ Use: "attest --output [FORMAT] --key [KEY] [SOURCE]", Short: "Generate a package SBOM as an attestation to [SOURCE]", @@ -106,6 +113,7 @@ func attestationExecWorker(ctx context.Context, userInput string, ko sign.KeyOpt errs := make(chan error) go func() { defer close(errs) + // TODO: lift scheme detection into public to shortcircuit on dir/file // PR Review - where should we validate? s, src, err := generateSBOM(userInput, errs) @@ -114,6 +122,14 @@ func attestationExecWorker(ctx context.Context, userInput string, ko sign.KeyOpt return } + formatOption := format.ParseOption(outputFormat) + for _, option := range acceptedFormats { + if formatOption == option { + + break + } + } + // TODO: currently forced into only SPDX; allow user to specify bytes, err := syft.Encode(*s, format.SPDXJSONOption) if err != nil { @@ -189,4 +205,7 @@ func setAttestFlags(flags *pflag.FlagSet) { flags.StringVarP(&keyPath, "key", "", "", "private key to use to sign attestation", ) + flags.StringVarP(&outputFormat, "output", "-o", "", + "SBOM predicate output format", + ) }