feat: include Snyk CLI as a generator tool in SBOM documents (#4945)

snyk · Nov 24, 2023 · 97746db · 97746db
1 parent ea0f51e
commit 97746db
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 3 deletions.
diff --git a/cliv2/go.mod b/cliv2/go.mod
@@ -11,7 +11,7 @@ require (
  github.com/rs/zerolog v1.31.0
  github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73
  github.com/snyk/cli-extension-iac-rules v0.0.0-20230601153200-c572cfce46ce
- github.com/snyk/cli-extension-sbom v0.0.0-20230926124903-9705d7d47d8f
+ github.com/snyk/cli-extension-sbom v0.0.0-20231123083311-52b1cecc1a7a
  github.com/snyk/container-cli v0.0.0-20230920093251-fe865879a91f
  github.com/snyk/go-application-framework v0.0.0-20231121110922-9719383f0706
  github.com/snyk/go-httpauth v0.0.0-20231117135515-eb445fea7530

diff --git a/cliv2/go.sum b/cliv2/go.sum
@@ -661,8 +661,8 @@ github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73 h1:rw
 github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73/go.mod h1:QF3v8HBpOpyudYNCuR8LqfULutO76c91sBdLzD+pBJU=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20230601153200-c572cfce46ce h1:WchwuyPX4mEr7tFCGD6EsjwTDipFWfLxs4Wps6KB3b4=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20230601153200-c572cfce46ce/go.mod h1:5/IYYTgf32pST7St4GhS3KNz32WE17Ys+Hdb5Pqxex0=
-github.com/snyk/cli-extension-sbom v0.0.0-20230926124903-9705d7d47d8f h1:U3DQ9wnHJzs8NcM+kkjxDkOa/zkqLeiUs+eL/dLHsic=
-github.com/snyk/cli-extension-sbom v0.0.0-20230926124903-9705d7d47d8f/go.mod h1:O/cjwCbKhJQWyXHPmNbZ7ToQKnhyw0VUp1Qhim3WEcw=
+github.com/snyk/cli-extension-sbom v0.0.0-20231123083311-52b1cecc1a7a h1:oRrk9bvMXdAVhRt84Y8G06+Op7fYQYrRuslngG9BPZk=
+github.com/snyk/cli-extension-sbom v0.0.0-20231123083311-52b1cecc1a7a/go.mod h1:IwRGWjRuNkY08O7NJb7u3JuQkroEB8Qi1MlASpZVu1Q=
 github.com/snyk/container-cli v0.0.0-20230920093251-fe865879a91f h1:ghajT5PEiLP8XNFIdc7Yn4Th74RH/9Q++dDOp6Cb9eo=
 github.com/snyk/container-cli v0.0.0-20230920093251-fe865879a91f/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
 github.com/snyk/go-application-framework v0.0.0-20231121110922-9719383f0706 h1:z/g5P0kS7bedN07rNChlPEifKvAe9+hufGEEifPNcJg=

diff --git a/test/acceptance/fake-server.ts b/test/acceptance/fake-server.ts
@@ -521,6 +521,7 @@ export const fakeServer = (basePath: string, snykToken: string): FakeServer => {
  (req, res) => {
  const depGraph: void | Record<string, any> = req.body.depGraph;
  const depGraphs: void | Record<string, any>[] = req.body.depGraphs;
+ const tools: void | Record<string, any>[] = req.body.tools;
  let bom: Record<string, unknown> = { bomFormat: 'CycloneDX' };
 
  if (Array.isArray(depGraphs) && req.body.subject) {
@@ -542,6 +543,13 @@ export const fakeServer = (basePath: string, snykToken: string): FakeServer => {
  };
  }
 
+ if (Array.isArray(tools)) {
+ bom.metadata = {
+ ...(bom.metadata as any),
+ tools: [...tools, { name: 'fake-server' }],
+ };
+ }
+
  res.status(200).send(bom);
  },
  );

diff --git a/test/jest/acceptance/snyk-sbom/sbom.spec.ts b/test/jest/acceptance/snyk-sbom/sbom.spec.ts
@@ -54,4 +54,27 @@ describe('snyk sbom (mocked server only)', () => {
  expect(bom.metadata.component.name).toEqual('npm-package');
  expect(bom.components).toHaveLength(3);
  });
+
+ test('`sbom` includes a tool name in the document', async () => {
+ const project = await createProjectFromWorkspace('npm-package');
+
+ const { stdout } = await runSnykCLI(
+ `sbom --org aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee --format cyclonedx1.4+json --debug`,
+ {
+ cwd: project.path(),
+ env,
+ },
+ );
+ const bom = JSON.parse(stdout);
+
+ expect(bom.metadata.tools).toEqual(
+ expect.arrayContaining([
+ {
+ vendor: 'Snyk',
+ name: 'snyk-cli',
+ version: expect.any(String),
+ },
+ ]),
+ );
+ });
 });