Port cyclonedx presenter to format object (#589)

* add new cyclonedx format object Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove cyclonedx presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove cyclonedx presenter call Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove dependence on golden images for format tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wire up new formt + rename all-presenters ref Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add CLI test to ensure that all formats can be expressed as report output Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add cyclonedx version and encoding format to package name Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * optionally preserve format snapshot images Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting + text unit tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2025-11-17 08:23:15 +01:00 · 2021-10-29 10:17:03 -04:00 · 2021-10-29 10:17:03 -04:00 · 4a2d1d7225
commit 4a2d1d7225
parent 3286a4d4cc
25 changed files with 387 additions and 226 deletions
--- a/cmd/packages.go
+++ b/cmd/packages.go
@ -103,7 +103,7 @@ func setPackageFlags(flags *pflag.FlagSet) {
 	flags.StringP(
 		"output", "o", string(format.TableOption),
-		fmt.Sprintf("report output formatter, options=%v", format.AllPresenters),
+		fmt.Sprintf("report output formatter, options=%v", format.AllOptions),
 	)
 	flags.StringP(
--- a/internal/formats/common/testutils/utils.go
+++ b/internal/formats/common/testutils/utils.go
@ -4,13 +4,13 @@ import (
 	"bytes"
 	"testing"
 	"github.com/anchore/syft/syft/presenter"
 	"github.com/anchore/go-testutils"
 	"github.com/anchore/stereoscope/pkg/filetree"
 	"github.com/anchore/stereoscope/pkg/image"
 	"github.com/anchore/stereoscope/pkg/imagetest"
 	"github.com/anchore/syft/syft/distro"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/presenter"
 	"github.com/anchore/syft/syft/source"
 	"github.com/sergi/go-diff/diffmatchpatch"
 	"github.com/stretchr/testify/assert"
@ -18,6 +18,18 @@ import (
 type redactor func(s []byte) []byte
 type imageCfg struct {
 	fromSnapshot bool
 }
 type ImageOption func(cfg *imageCfg)
 func FromSnapshot() ImageOption {
 	return func(cfg *imageCfg) {
 		cfg.fromSnapshot = true
 	}
 }
 func AssertPresenterAgainstGoldenImageSnapshot(t *testing.T, pres presenter.Presenter, testImage string, updateSnapshot bool, redactors ...redactor) {
 	var buffer bytes.Buffer
@ -78,11 +90,37 @@ func AssertPresenterAgainstGoldenSnapshot(t *testing.T, pres presenter.Presenter
 	}
 }
-func ImageInput(t testing.TB, testImage string) (*pkg.Catalog, source.Metadata, *distro.Distro) {
+func ImageInput(t testing.TB, testImage string, options ...ImageOption) (*pkg.Catalog, source.Metadata, *distro.Distro) {
 	t.Helper()
 	catalog := pkg.NewCatalog()
-	img := imagetest.GetGoldenFixtureImage(t, testImage)
+	var cfg imageCfg
 	var img *image.Image
 	for _, opt := range options {
 		opt(&cfg)
 	}
 	switch cfg.fromSnapshot {
 	case true:
 		img = imagetest.GetGoldenFixtureImage(t, testImage)
 	default:
 		img = imagetest.GetFixtureImage(t, "docker-archive", testImage)
 	}
 	populateImageCatalog(catalog, img)
 	// this is a hard coded value that is not given by the fixture helper and must be provided manually
 	img.Metadata.ManifestDigest = "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368"
 	src, err := source.NewFromImage(img, "user-image-input")
 	assert.NoError(t, err)
 	dist, err := distro.NewDistro(distro.Debian, "1.2.3", "like!")
 	assert.NoError(t, err)
 	return catalog, src.Metadata, &dist
 }
 func populateImageCatalog(catalog *pkg.Catalog, img *image.Image) {
 	_, ref1, _ := img.SquashedTree().File("/somefile-1.txt", filetree.FollowBasenameLinks)
 	_, ref2, _ := img.SquashedTree().File("/somefile-2.txt", filetree.FollowBasenameLinks)
@ -127,20 +165,21 @@ func ImageInput(t testing.TB, testImage string) (*pkg.Catalog, source.Metadata,
 			pkg.MustCPE("cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"),
 		},
 	})
 }
-	// this is a hard coded value that is not given by the fixture helper and must be provided manually
+func DirectoryInput(t testing.TB) (*pkg.Catalog, source.Metadata, *distro.Distro) {
-	img.Metadata.ManifestDigest = "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368"
+	catalog := newDirectoryCatalog()
 	src, err := source.NewFromImage(img, "user-image-input")
 	assert.NoError(t, err)
 	dist, err := distro.NewDistro(distro.Debian, "1.2.3", "like!")
 	assert.NoError(t, err)
 	src, err := source.NewFromDirectory("/some/path")
 	assert.NoError(t, err)
 	return catalog, src.Metadata, &dist
 }
-func DirectoryInput(t testing.TB) (*pkg.Catalog, source.Metadata, *distro.Distro) {
+func newDirectoryCatalog() *pkg.Catalog {
 	catalog := pkg.NewCatalog()
 	// populate catalog with test data
@ -190,11 +229,5 @@ func DirectoryInput(t testing.TB) (*pkg.Catalog, source.Metadata, *distro.Distro
 		},
 	})
-	dist, err := distro.NewDistro(distro.Debian, "1.2.3", "like!")
+	return catalog
 	assert.NoError(t, err)
 	src, err := source.NewFromDirectory("/some/path")
 	assert.NoError(t, err)
 	return catalog, src.Metadata, &dist
 }
--- a/internal/formats/cyclonedx12xml/encoder.go
+++ b/internal/formats/cyclonedx12xml/encoder.go
@ -0,0 +1,29 @@
 package cyclonedx12xml
 import (
 	"encoding/xml"
 	"io"
 	"github.com/anchore/syft/syft/distro"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/source"
 )
 func encoder(output io.Writer, catalog *pkg.Catalog, srcMetadata *source.Metadata, d *distro.Distro, scope source.Scope) error {
 	enc := xml.NewEncoder(output)
 	enc.Indent("", "  ")
 	_, err := output.Write([]byte(xml.Header))
 	if err != nil {
 		return err
 	}
 	err = enc.Encode(toFormatModel(catalog, srcMetadata, d, scope))
 	if err != nil {
 		return err
 	}
 	_, err = output.Write([]byte("\n"))
 	return err
 }
--- a/internal/presenter/packages/cyclonedx_presenter_test.go
+++ b/internal/presenter/packages/cyclonedx_presenter_test.go
@ -1,10 +1,12 @@
-package packages
+package cyclonedx12xml
 import (
 	"flag"
 	"regexp"
 	"testing"
 	"github.com/anchore/syft/syft/source"
 	"github.com/anchore/syft/internal/formats/common/testutils"
 )
@ -13,7 +15,7 @@ var updateCycloneDx = flag.Bool("update-cyclonedx", false, "update the *.golden
 func TestCycloneDxDirectoryPresenter(t *testing.T) {
 	catalog, metadata, _ := testutils.DirectoryInput(t)
 	testutils.AssertPresenterAgainstGoldenSnapshot(t,
-		NewCycloneDxPresenter(catalog, metadata),
+		Format().Presenter(catalog, &metadata, nil, source.SquashedScope),
 		*updateCycloneDx,
 		cycloneDxRedactor,
 	)
@ -23,7 +25,7 @@ func TestCycloneDxImagePresenter(t *testing.T) {
 	testImage := "image-simple"
 	catalog, metadata, _ := testutils.ImageInput(t, testImage)
 	testutils.AssertPresenterAgainstGoldenImageSnapshot(t,
-		NewCycloneDxPresenter(catalog, metadata),
+		Format().Presenter(catalog, &metadata, nil, source.SquashedScope),
 		testImage,
 		*updateCycloneDx,
 		cycloneDxRedactor,
--- a/internal/formats/cyclonedx12xml/format.go
+++ b/internal/formats/cyclonedx12xml/format.go
@ -0,0 +1,12 @@
 package cyclonedx12xml
 import "github.com/anchore/syft/syft/format"
 func Format() format.Format {
 	return format.NewFormat(
 		format.CycloneDxOption,
 		encoder,
 		nil,
 		nil,
 	)
 }
--- a/internal/formats/cyclonedx12xml/model/bom_descriptor.go
+++ b/internal/formats/cyclonedx12xml/model/bom_descriptor.go
@ -0,0 +1,31 @@
 package model
 import (
 	"encoding/xml"
 )
 // Source: https://cyclonedx.org/ext/bom-descriptor/
 // BomDescriptor represents all metadata surrounding the BOM report (such as when the BOM was made, with which tool, and the item being cataloged).
 type BomDescriptor struct {
 	XMLName   xml.Name                `xml:"metadata"`
 	Timestamp string                  `xml:"timestamp,omitempty"` // The date and time (timestamp) when the document was created
 	Tools     []BomDescriptorTool     `xml:"tools>tool"`          // The tool used to create the BOM.
 	Component *BomDescriptorComponent `xml:"component"`           // The component that the BOM describes.
 }
 // BomDescriptorTool represents the tool that created the BOM report.
 type BomDescriptorTool struct {
 	XMLName xml.Name `xml:"tool"`
 	Vendor  string   `xml:"vendor,omitempty"`  // The vendor of the tool used to create the BOM.
 	Name    string   `xml:"name,omitempty"`    // The name of the tool used to create the BOM.
 	Version string   `xml:"version,omitempty"` // The version of the tool used to create the BOM.
 	// TODO: hashes, author, manufacture, supplier
 	// TODO: add user-defined fields for the remaining build/version parameters
 }
 // BomDescriptorComponent represents the software/package being cataloged.
 type BomDescriptorComponent struct {
 	XMLName xml.Name `xml:"component"`
 	Component
 }
--- a/internal/formats/cyclonedx12xml/model/component.go
+++ b/internal/formats/cyclonedx12xml/model/component.go
@ -0,0 +1,20 @@
 package model
 import "encoding/xml"
 // Component represents a single element in the CycloneDX BOM
 type Component struct {
 	XMLName     xml.Name   `xml:"component"`
 	Type        string     `xml:"type,attr"`             // Required; Describes if the component is a library, framework, application, container, operating system, firmware, hardware device, or file
 	Supplier    string     `xml:"supplier,omitempty"`    // The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.
 	Author      string     `xml:"author,omitempty"`      // The person(s) or organization(s) that authored the component
 	Publisher   string     `xml:"publisher,omitempty"`   // The person(s) or organization(s) that published the component
 	Group       string     `xml:"group,omitempty"`       // The high-level classification that a project self-describes as. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name.
 	Name        string     `xml:"name"`                  // Required; The name of the component as defined by the project
 	Version     string     `xml:"version"`               // Required; The version of the component as defined by the project
 	Description string     `xml:"description,omitempty"` // A description of the component
 	Licenses    *[]License `xml:"licenses>license"`      // A node describing zero or more license names, SPDX license IDs or expressions
 	PackageURL  string     `xml:"purl,omitempty"`        // Specifies the package-url (PackageURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec
 	// TODO: source, hashes, copyright, cpe, purl, swid, modified, pedigree, externalReferences
 	// TODO: add user-defined parameters for syft-specific values (image layer index, cataloger, location path, etc.)
 }
--- a/internal/formats/cyclonedx12xml/model/document.go
+++ b/internal/formats/cyclonedx12xml/model/document.go
@ -0,0 +1,17 @@
 package model
 import (
 	"encoding/xml"
 )
 // Source: https://github.com/CycloneDX/specification
 // Document represents a CycloneDX BOM Document.
 type Document struct {
 	XMLName       xml.Name       `xml:"bom"`
 	XMLNs         string         `xml:"xmlns,attr"`
 	Version       int            `xml:"version,attr"`
 	SerialNumber  string         `xml:"serialNumber,attr"`
 	BomDescriptor *BomDescriptor `xml:"metadata"`             // The BOM descriptor extension
 	Components    []Component    `xml:"components>component"` // The BOM contents
 }
--- a/internal/formats/cyclonedx12xml/model/license.go
+++ b/internal/formats/cyclonedx12xml/model/license.go
@ -0,0 +1,10 @@
 package model
 import "encoding/xml"
 // License represents a single software license for a Component
 type License struct {
 	XMLName xml.Name `xml:"license"`
 	ID      string   `xml:"id,omitempty"`   // A valid SPDX license ID
 	Name    string   `xml:"name,omitempty"` // If SPDX does not define the license used, this field may be used to provide the license name
 }
--- a/internal/formats/cyclonedx12xml/test-fixtures/image-simple/Dockerfile
+++ b/internal/formats/cyclonedx12xml/test-fixtures/image-simple/Dockerfile
@ -0,0 +1,4 @@
 # Note: changes to this file will result in updating several test values. Consider making a new image fixture instead of editing this one.
 FROM scratch
 ADD file-1.txt /somefile-1.txt
 ADD file-2.txt /somefile-2.txt
--- a/internal/formats/cyclonedx12xml/test-fixtures/image-simple/file-1.txt
+++ b/internal/formats/cyclonedx12xml/test-fixtures/image-simple/file-1.txt
@ -0,0 +1 @@
 this file has contents
--- a/internal/formats/cyclonedx12xml/test-fixtures/image-simple/file-2.txt
+++ b/internal/formats/cyclonedx12xml/test-fixtures/image-simple/file-2.txt
@ -0,0 +1 @@
 file-2 contents!
--- a/internal/formats/cyclonedx12xml/test-fixtures/snapshot/TestCycloneDxDirectoryPresenter.golden
+++ b/internal/formats/cyclonedx12xml/test-fixtures/snapshot/TestCycloneDxDirectoryPresenter.golden
@ -0,0 +1,34 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <bom xmlns="http://cyclonedx.org/schema/bom/1.2" version="1" serialNumber="urn:uuid:5404937f-72d6-44a2-8e9b-954305ecb4f6">
  <metadata>
    <timestamp>2021-06-23T13:40:33-04:00</timestamp>
    <tools>
      <tool>
        <vendor>anchore</vendor>
        <name>syft</name>
        <version>[not provided]</version>
      </tool>
    </tools>
    <component type="file">
      <name>/some/path</name>
      <version></version>
    </component>
  </metadata>
  <components>
    <component type="library">
      <name>package-1</name>
      <version>1.0.1</version>
      <licenses>
        <license>
          <name>MIT</name>
        </license>
      </licenses>
      <purl>a-purl-2</purl>
    </component>
    <component type="library">
      <name>package-2</name>
      <version>2.0.1</version>
      <purl>a-purl-2</purl>
    </component>
  </components>
 </bom>
--- a/internal/formats/cyclonedx12xml/test-fixtures/snapshot/TestCycloneDxImagePresenter.golden
+++ b/internal/formats/cyclonedx12xml/test-fixtures/snapshot/TestCycloneDxImagePresenter.golden
@ -0,0 +1,34 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <bom xmlns="http://cyclonedx.org/schema/bom/1.2" version="1" serialNumber="urn:uuid:e34bad2e-cd27-483c-86dc-f4e26d6103b0">
  <metadata>
    <timestamp>2021-06-23T13:40:33-04:00</timestamp>
    <tools>
      <tool>
        <vendor>anchore</vendor>
        <name>syft</name>
        <version>[not provided]</version>
      </tool>
    </tools>
    <component type="container">
      <name>user-image-input</name>
      <version>sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368</version>
    </component>
  </metadata>
  <components>
    <component type="library">
      <name>package-1</name>
      <version>1.0.1</version>
      <licenses>
        <license>
          <name>MIT</name>
        </license>
      </licenses>
      <purl>a-purl-1</purl>
    </component>
    <component type="library">
      <name>package-2</name>
      <version>2.0.1</version>
      <purl>a-purl-2</purl>
    </component>
  </components>
 </bom>
--- a/internal/formats/cyclonedx12xml/to_format_model.go
+++ b/internal/formats/cyclonedx12xml/to_format_model.go
@ -0,0 +1,97 @@
 package cyclonedx12xml
 import (
 	"encoding/xml"
 	"time"
 	"github.com/anchore/syft/internal"
 	"github.com/anchore/syft/internal/formats/cyclonedx12xml/model"
 	"github.com/anchore/syft/internal/version"
 	"github.com/anchore/syft/syft/distro"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/source"
 	"github.com/google/uuid"
 )
 // toFormatModel creates and populates a new in-memory representation of a CycloneDX 1.2 document
 func toFormatModel(catalog *pkg.Catalog, srcMetadata *source.Metadata, _ *distro.Distro, _ source.Scope) model.Document {
 	versionInfo := version.FromBuild()
 	doc := model.Document{
 		XMLNs:         "http://cyclonedx.org/schema/bom/1.2",
 		Version:       1,
 		SerialNumber:  uuid.New().URN(),
 		BomDescriptor: toBomDescriptor(internal.ApplicationName, versionInfo.Version, srcMetadata),
 	}
 	// attach components
 	for _, p := range catalog.Sorted() {
 		doc.Components = append(doc.Components, toComponent(p))
 	}
 	return doc
 }
 func toComponent(p *pkg.Package) model.Component {
 	return model.Component{
 		Type:       "library", // TODO: this is not accurate
 		Name:       p.Name,
 		Version:    p.Version,
 		PackageURL: p.PURL,
 		Licenses:   toLicenses(p.Licenses),
 	}
 }
 // NewBomDescriptor returns a new BomDescriptor tailored for the current time and "syft" tool details.
 func toBomDescriptor(name, version string, srcMetadata *source.Metadata) *model.BomDescriptor {
 	return &model.BomDescriptor{
 		XMLName:   xml.Name{},
 		Timestamp: time.Now().Format(time.RFC3339),
 		Tools: []model.BomDescriptorTool{
 			{
 				Vendor:  "anchore",
 				Name:    name,
 				Version: version,
 			},
 		},
 		Component: toBomDescriptorComponent(srcMetadata),
 	}
 }
 func toBomDescriptorComponent(srcMetadata *source.Metadata) *model.BomDescriptorComponent {
 	if srcMetadata == nil {
 		return nil
 	}
 	switch srcMetadata.Scheme {
 	case source.ImageScheme:
 		return &model.BomDescriptorComponent{
 			Component: model.Component{
 				Type:    "container",
 				Name:    srcMetadata.ImageMetadata.UserInput,
 				Version: srcMetadata.ImageMetadata.ManifestDigest,
 			},
 		}
 	case source.DirectoryScheme:
 		return &model.BomDescriptorComponent{
 			Component: model.Component{
 				Type: "file",
 				Name: srcMetadata.Path,
 			},
 		}
 	}
 	return nil
 }
 func toLicenses(licenses []string) *[]model.License {
 	if len(licenses) == 0 {
 		return nil
 	}
 	var result []model.License
 	for _, licenseName := range licenses {
 		result = append(result, model.License{
 			Name: licenseName,
 		})
 	}
 	return &result
 }
--- a/internal/formats/formats.go
+++ b/internal/formats/formats.go
@ -3,6 +3,8 @@ package formats
 import (
 	"bytes"
 	"github.com/anchore/syft/internal/formats/cyclonedx12xml"
 	"github.com/anchore/syft/internal/formats/table"
 	"github.com/anchore/syft/internal/formats/syftjson"
@ -14,6 +16,7 @@ func All() []format.Format {
 	return []format.Format{
 		syftjson.Format(),
 		table.Format(),
 		cyclonedx12xml.Format(),
 	}
 }
--- a/internal/formats/syftjson/encoder_test.go
+++ b/internal/formats/syftjson/encoder_test.go
@ -22,7 +22,7 @@ func TestDirectoryPresenter(t *testing.T) {
 func TestImagePresenter(t *testing.T) {
 	testImage := "image-simple"
-	catalog, metadata, distro := testutils.ImageInput(t, testImage)
+	catalog, metadata, distro := testutils.ImageInput(t, testImage, testutils.FromSnapshot())
 	testutils.AssertPresenterAgainstGoldenImageSnapshot(t,
 		format.NewPresenter(encoder, catalog, &metadata, distro, source.SquashedScope),
 		testImage,
--- a/internal/presenter/packages/cyclonedx_bom_descriptor.go
+++ b/internal/presenter/packages/cyclonedx_bom_descriptor.go
@ -1,69 +0,0 @@
 package packages
 import (
 	"encoding/xml"
 	"time"
 	"github.com/anchore/syft/syft/source"
 )
 // Source: https://cyclonedx.org/ext/bom-descriptor/
 // CycloneDxBomDescriptor represents all metadata surrounding the BOM report (such as when the BOM was made, with which tool, and the item being cataloged).
 type CycloneDxBomDescriptor struct {
 	XMLName   xml.Name              `xml:"metadata"`
 	Timestamp string                `xml:"timestamp,omitempty"` // The date and time (timestamp) when the document was created
 	Tools     []CycloneDxBdTool     `xml:"tools>tool"`          // The tool used to create the BOM.
 	Component *CycloneDxBdComponent `xml:"component"`           // The component that the BOM describes.
 }
 // CycloneDxBdTool represents the tool that created the BOM report.
 type CycloneDxBdTool struct {
 	XMLName xml.Name `xml:"tool"`
 	Vendor  string   `xml:"vendor,omitempty"`  // The vendor of the tool used to create the BOM.
 	Name    string   `xml:"name,omitempty"`    // The name of the tool used to create the BOM.
 	Version string   `xml:"version,omitempty"` // The version of the tool used to create the BOM.
 	// TODO: hashes, author, manufacture, supplier
 	// TODO: add user-defined fields for the remaining build/version parameters
 }
 // CycloneDxBdComponent represents the software/package being cataloged.
 type CycloneDxBdComponent struct {
 	XMLName xml.Name `xml:"component"`
 	CycloneDxComponent
 }
 // NewCycloneDxBomDescriptor returns a new CycloneDxBomDescriptor tailored for the current time and "syft" tool details.
 func NewCycloneDxBomDescriptor(name, version string, srcMetadata source.Metadata) *CycloneDxBomDescriptor {
 	descriptor := CycloneDxBomDescriptor{
 		XMLName:   xml.Name{},
 		Timestamp: time.Now().Format(time.RFC3339),
 		Tools: []CycloneDxBdTool{
 			{
 				Vendor:  "anchore",
 				Name:    name,
 				Version: version,
 			},
 		},
 	}
 	switch srcMetadata.Scheme {
 	case source.ImageScheme:
 		descriptor.Component = &CycloneDxBdComponent{
 			CycloneDxComponent: CycloneDxComponent{
 				Type:    "container",
 				Name:    srcMetadata.ImageMetadata.UserInput,
 				Version: srcMetadata.ImageMetadata.ManifestDigest,
 			},
 		}
 	case source.DirectoryScheme:
 		descriptor.Component = &CycloneDxBdComponent{
 			CycloneDxComponent: CycloneDxComponent{
 				Type: "file",
 				Name: srcMetadata.Path,
 			},
 		}
 	}
 	return &descriptor
 }
--- a/internal/presenter/packages/cyclonedx_component.go
+++ b/internal/presenter/packages/cyclonedx_component.go
@ -1,27 +0,0 @@
 package packages
 import "encoding/xml"
 // CycloneDxComponent represents a single element in the CycloneDX BOM
 type CycloneDxComponent struct {
 	XMLName     xml.Name            `xml:"component"`
 	Type        string              `xml:"type,attr"`             // Required; Describes if the component is a library, framework, application, container, operating system, firmware, hardware device, or file
 	Supplier    string              `xml:"supplier,omitempty"`    // The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.
 	Author      string              `xml:"author,omitempty"`      // The person(s) or organization(s) that authored the component
 	Publisher   string              `xml:"publisher,omitempty"`   // The person(s) or organization(s) that published the component
 	Group       string              `xml:"group,omitempty"`       // The high-level classification that a project self-describes as. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name.
 	Name        string              `xml:"name"`                  // Required; The name of the component as defined by the project
 	Version     string              `xml:"version"`               // Required; The version of the component as defined by the project
 	Description string              `xml:"description,omitempty"` // A description of the component
 	Licenses    *[]CycloneDxLicense `xml:"licenses>license"`      // A node describing zero or more license names, SPDX license IDs or expressions
 	PackageURL  string              `xml:"purl,omitempty"`        // Specifies the package-url (PackageURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec
 	// TODO: source, hashes, copyright, cpe, purl, swid, modified, pedigree, externalReferences
 	// TODO: add user-defined parameters for syft-specific values (image layer index, cataloger, location path, etc.)
 }
 // CycloneDxLicense represents a single software license for a CycloneDxComponent
 type CycloneDxLicense struct {
 	XMLName xml.Name `xml:"license"`
 	ID      string   `xml:"id,omitempty"`   // A valid SPDX license ID
 	Name    string   `xml:"name,omitempty"` // If SPDX does not define the license used, this field may be used to provide the license name
 }
--- a/internal/presenter/packages/cyclonedx_document.go
+++ b/internal/presenter/packages/cyclonedx_document.go
@ -1,57 +0,0 @@
 package packages
 import (
 	"encoding/xml"
 	"github.com/anchore/syft/internal"
 	"github.com/anchore/syft/internal/version"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/source"
 	"github.com/google/uuid"
 )
 // Source: https://github.com/CycloneDX/specification
 // CycloneDxDocument represents a CycloneDX BOM CycloneDxDocument.
 type CycloneDxDocument struct {
 	XMLName       xml.Name                `xml:"bom"`
 	XMLNs         string                  `xml:"xmlns,attr"`
 	Version       int                     `xml:"version,attr"`
 	SerialNumber  string                  `xml:"serialNumber,attr"`
 	BomDescriptor *CycloneDxBomDescriptor `xml:"metadata"`             // The BOM descriptor extension
 	Components    []CycloneDxComponent    `xml:"components>component"` // The BOM contents
 }
 // NewCycloneDxDocument returns a CycloneDX CycloneDxDocument object populated with the catalog contents.
 func NewCycloneDxDocument(catalog *pkg.Catalog, srcMetadata source.Metadata) CycloneDxDocument {
 	versionInfo := version.FromBuild()
 	doc := CycloneDxDocument{
 		XMLNs:         "http://cyclonedx.org/schema/bom/1.2",
 		Version:       1,
 		SerialNumber:  uuid.New().URN(),
 		BomDescriptor: NewCycloneDxBomDescriptor(internal.ApplicationName, versionInfo.Version, srcMetadata),
 	}
 	// attach components
 	for _, p := range catalog.Sorted() {
 		component := CycloneDxComponent{
 			Type:       "library", // TODO: this is not accurate
 			Name:       p.Name,
 			Version:    p.Version,
 			PackageURL: p.PURL,
 		}
 		var licenses []CycloneDxLicense
 		for _, licenseName := range p.Licenses {
 			licenses = append(licenses, CycloneDxLicense{
 				Name: licenseName,
 			})
 		}
 		if len(licenses) > 0 {
 			component.Licenses = &licenses
 		}
 		doc.Components = append(doc.Components, component)
 	}
 	return doc
 }
--- a/internal/presenter/packages/cyclonedx_presenter.go
+++ b/internal/presenter/packages/cyclonedx_presenter.go
@ -1,47 +0,0 @@
 /*
 Package cyclonedx is responsible for generating a CycloneDX XML report for the given container image or file system.
 */
 package packages
 import (
 	"encoding/xml"
 	"io"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/source"
 )
 // CycloneDxPresenter writes a CycloneDX report from the given Catalog and Locations contents
 type CycloneDxPresenter struct {
 	catalog     *pkg.Catalog
 	srcMetadata source.Metadata
 }
 // NewCycloneDxPresenter creates a CycloneDX presenter from the given Catalog and Locations objects.
 func NewCycloneDxPresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *CycloneDxPresenter {
 	return &CycloneDxPresenter{
 		catalog:     catalog,
 		srcMetadata: srcMetadata,
 	}
 }
 // Present writes the CycloneDX report to the given io.Writer.
 func (pres *CycloneDxPresenter) Present(output io.Writer) error {
 	bom := NewCycloneDxDocument(pres.catalog, pres.srcMetadata)
 	encoder := xml.NewEncoder(output)
 	encoder.Indent("", "  ")
 	_, err := output.Write([]byte(xml.Header))
 	if err != nil {
 		return err
 	}
 	err = encoder.Encode(bom)
 	if err != nil {
 		return err
 	}
 	_, err = output.Write([]byte("\n"))
 	return err
 }
--- a/internal/presenter/packages/text_presenter_test.go
+++ b/internal/presenter/packages/text_presenter_test.go
@ -19,7 +19,7 @@ func TestTextDirectoryPresenter(t *testing.T) {
 func TestTextImagePresenter(t *testing.T) {
 	testImage := "image-simple"
-	catalog, metadata, _ := testutils.ImageInput(t, testImage)
+	catalog, metadata, _ := testutils.ImageInput(t, testImage, testutils.FromSnapshot())
 	testutils.AssertPresenterAgainstGoldenImageSnapshot(t,
 		NewTextPresenter(catalog, metadata),
 		testImage,
--- a/syft/format/option.go
+++ b/syft/format/option.go
@ -12,7 +12,7 @@ const (
 	SPDXJSONOption      Option = "spdx-json"
 )
-var AllPresenters = []Option{
+var AllOptions = []Option{
 	JSONOption,
 	TextOption,
 	TableOption,
--- a/syft/presenter/packages/presenter.go
+++ b/syft/presenter/packages/presenter.go
@ -16,8 +16,6 @@ func Presenter(option format.Option, config PresenterConfig) presenter.Presenter
 	switch option {
 	case format.TextOption:
 		return packages.NewTextPresenter(config.Catalog, config.SourceMetadata)
 	case format.CycloneDxOption:
 		return packages.NewCycloneDxPresenter(config.Catalog, config.SourceMetadata)
 	case format.SPDXTagValueOption:
 		return packages.NewSPDXTagValuePresenter(config.Catalog, config.SourceMetadata)
 	case format.SPDXJSONOption:
--- a/test/cli/all_formats_expressible_test.go
+++ b/test/cli/all_formats_expressible_test.go
@ -0,0 +1,35 @@
 package cli
 import (
 	"fmt"
 	"strings"
 	"testing"
 	"github.com/anchore/syft/syft/format"
 )
 func TestAllFormatsExpressible(t *testing.T) {
 	commonAssertions := []traitAssertion{
 		func(tb testing.TB, stdout, _ string, _ int) {
 			tb.Helper()
 			if len(stdout) < 1000 {
 				tb.Errorf("there may not be any report output (len=%d)", len(stdout))
 			}
 		},
 		assertSuccessfulReturnCode,
 	}
 	for _, o := range format.AllOptions {
 		t.Run(fmt.Sprintf("format:%s", o), func(t *testing.T) {
 			cmd, stdout, stderr := runSyft(t, nil, "dir:./test-fixtures/image-pkg-coverage", "-o", string(o))
 			for _, traitFn := range commonAssertions {
 				traitFn(t, stdout, stderr, cmd.ProcessState.ExitCode())
 			}
 			if t.Failed() {
 				t.Log("STDOUT:\n", stdout)
 				t.Log("STDERR:\n", stderr)
 				t.Log("COMMAND:", strings.Join(cmd.Args, " "))
 			}
 		})
 	}
 }