refactor: use abstract SBOM in lib/snyk

snyk · Jun 20, 2023 · f2596d5 · f2596d5
1 parent 4f32fba
commit f2596d5
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 14 deletions.
diff --git a/internal/commands/snyk/enrich.go b/internal/commands/snyk/enrich.go
@@ -1,14 +1,13 @@
 package snyk
 
 import (
-	"bytes"
 	"os"
 
-	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
 
 	"github.com/snyk/parlay/internal/utils"
+	"github.com/snyk/parlay/lib/sbom"
 	"github.com/snyk/parlay/lib/snyk"
 )
 
@@ -23,16 +22,15 @@ func NewEnrichCommand(logger zerolog.Logger) *cobra.Command {
 				logger.Fatal().Err(err).Msg("Problem reading input")
 			}
 
-			bom := new(cdx.BOM)
-			decoder := cdx.NewBOMDecoder(bytes.NewReader(b), cdx.BOMFileFormatJSON)
-			if err = decoder.Decode(bom); err != nil {
-				logger.Fatal().Err(err).Msg("Problem decoding SBOM")
+			doc, err := sbom.DecodeSBOMDocument(b)
+			if err != nil {
+				logger.Fatal().Err(err).Msg("Failed to read SBOM input")
 			}
 
-			bom = snyk.EnrichSBOM(bom)
-			err = cdx.NewBOMEncoder(os.Stdout, cdx.BOMFileFormatJSON).Encode(bom)
-			if err != nil {
-				logger.Fatal().Err(err).Msg("Problem encoding SBOM")
+			snyk.EnrichSBOM(doc)
+
+			if err := doc.Encode(os.Stdout); err != nil {
+				logger.Fatal().Err(err).Msg("Failed to encode new SBOM")
 			}
 		},
 	}

diff --git a/lib/scorecard/enrich_test.go b/lib/scorecard/enrich_test.go
@@ -7,8 +7,9 @@ import (
 
 	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/jarcoal/httpmock"
-	"github.com/snyk/parlay/lib/sbom"
 	"github.com/stretchr/testify/assert"
+
+	"github.com/snyk/parlay/lib/sbom"
 )
 
 func TestEnrichSBOM(t *testing.T) {

diff --git a/lib/snyk/enrich.go b/lib/snyk/enrich.go
@@ -26,12 +26,15 @@ import (
 	"github.com/package-url/packageurl-go"
 	"github.com/remeh/sizedwaitgroup"
 
+	"github.com/snyk/parlay/lib/sbom"
 	"github.com/snyk/parlay/snyk/issues"
 )
 
-func EnrichSBOM(bom *cdx.BOM) *cdx.BOM {
+func EnrichSBOM(doc *sbom.SBOMDocument) *sbom.SBOMDocument {
+	bom := doc.BOM
+
 	if bom.Components == nil {
-		return bom
+		return doc
 	}
 
 	wg := sizedwaitgroup.New(20)
@@ -157,7 +160,7 @@ func EnrichSBOM(bom *cdx.BOM) *cdx.BOM {
 		}
 	}
 	bom.Vulnerabilities = &vulns
-	return bom
+	return doc
 }
 
 func levelToCdxSeverity(level *string) (severity cdx.Severity) {