mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
81 lines
2.7 KiB
Go
81 lines
2.7 KiB
Go
package cli
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
|
|
sigopts "github.com/sigstore/cosign/cmd/cosign/cli/options"
|
|
"github.com/spf13/cobra"
|
|
"github.com/spf13/viper"
|
|
|
|
"github.com/anchore/syft/cmd/syft/cli/attest"
|
|
"github.com/anchore/syft/cmd/syft/cli/options"
|
|
"github.com/anchore/syft/internal"
|
|
"github.com/anchore/syft/internal/config"
|
|
)
|
|
|
|
const (
|
|
attestExample = ` {{.appName}} {{.command}} --output [FORMAT] --key [KEY] alpine:latest
|
|
Supports the following image sources:
|
|
{{.appName}} {{.command}} --key [KEY] yourrepo/yourimage:tag defaults to using images from a Docker daemon. If Docker is not present, the image is pulled directly from the registry.
|
|
{{.appName}} {{.command}} --key [KEY] path/to/a/file/or/dir only for OCI tar or OCI directory
|
|
`
|
|
attestSchemeHelp = "\n" + indent + schemeHelpHeader + "\n" + imageSchemeHelp
|
|
|
|
attestHelp = attestExample + attestSchemeHelp
|
|
)
|
|
|
|
func Attest(v *viper.Viper, app *config.Application, ro *options.RootOptions) *cobra.Command {
|
|
ao := options.AttestOptions{}
|
|
cmd := &cobra.Command{
|
|
Use: "attest --output [FORMAT] --key [KEY] [SOURCE]",
|
|
Short: "Generate a package SBOM as an attestation for the given [SOURCE] container image",
|
|
Long: "Generate a packaged-based Software Bill Of Materials (SBOM) from a container image as the predicate of an in-toto attestation",
|
|
Example: internal.Tprintf(attestHelp, map[string]interface{}{
|
|
"appName": internal.ApplicationName,
|
|
"command": "attest",
|
|
}),
|
|
Args: func(cmd *cobra.Command, args []string) error {
|
|
// run to unmarshal viper object onto app config
|
|
// the viper object correctly
|
|
if err := app.LoadAllValues(v, ro.Config); err != nil {
|
|
return fmt.Errorf("invalid application config: %v", err)
|
|
}
|
|
// configure logging for command
|
|
newLogWrapper(app)
|
|
logApplicationConfig(app)
|
|
return validateArgs(cmd, args)
|
|
},
|
|
SilenceUsage: true,
|
|
SilenceErrors: true,
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
// this MUST be called first to make sure app config decodes
|
|
// the viper object correctly
|
|
if app.CheckForAppUpdate {
|
|
checkForApplicationUpdate()
|
|
}
|
|
|
|
// build cosign key options for attestation
|
|
ko := sigopts.KeyOpts{
|
|
KeyRef: app.Attest.KeyRef,
|
|
FulcioURL: app.Attest.FulcioURL,
|
|
IDToken: app.Attest.FulcioIdentityToken,
|
|
InsecureSkipFulcioVerify: app.Attest.InsecureSkipFulcioVerify,
|
|
RekorURL: app.Attest.RekorURL,
|
|
OIDCIssuer: app.Attest.OIDCIssuer,
|
|
OIDCClientID: app.Attest.OIDCClientID,
|
|
OIDCRedirectURL: app.Attest.OIDCRedirectURL,
|
|
}
|
|
|
|
return attest.Run(cmd.Context(), app, ko, args)
|
|
},
|
|
}
|
|
|
|
err := ao.AddFlags(cmd, v)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
return cmd
|
|
}
|