feat(sbom): Introduce experimental sbom test command (#5176)

* feat(sbom): Introduce experimental sbom test command --------- Co-authored-by: Tim Pickles <[email protected]>
snyk · Apr 18, 2024 · ea6293b · ea6293b
1 parent ed2e754
commit ea6293b
Show file tree

Hide file tree

Showing 6 changed files with 172 additions and 3 deletions.
diff --git a/cliv2/go.mod b/cliv2/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/rs/zerolog v1.32.0
 	github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73
 	github.com/snyk/cli-extension-iac-rules v0.0.0-20240404084125-0098857e0e1a
-	github.com/snyk/cli-extension-sbom v0.0.0-20240314090036-46535b380426
+	github.com/snyk/cli-extension-sbom v0.0.0-20240418082712-4732b4b2d7b3
 	github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1
 	github.com/snyk/go-application-framework v0.0.0-20240417122153-755586b0312f
 	github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65

diff --git a/cliv2/go.sum b/cliv2/go.sum
@@ -243,6 +243,8 @@ github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQ
 github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
 github.com/bmatcuk/doublestar/v4 v4.6.0 h1:HTuxyug8GyFbRkrffIpzNCSK4luc0TY3wzXvzIZhEXc=
 github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
+github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
+github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA=
 github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q=
@@ -727,8 +729,8 @@ github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73 h1:rw
 github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73/go.mod h1:QF3v8HBpOpyudYNCuR8LqfULutO76c91sBdLzD+pBJU=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20240404084125-0098857e0e1a h1:pvj3bsgPMmYma56TU+rjFsulqS2kV1D2kBg1mVb8Et4=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20240404084125-0098857e0e1a/go.mod h1:4c6XS4n6mWbJM9md3r4B2NFgjs2tyi8GzGlz1BbWIx0=
-github.com/snyk/cli-extension-sbom v0.0.0-20240314090036-46535b380426 h1:MXbip3nmiOym3/9bNWlPISVOAEAAz4FDcPvqOMPcCc4=
-github.com/snyk/cli-extension-sbom v0.0.0-20240314090036-46535b380426/go.mod h1:g2VgZU79btvZrAP3oHZGv3tHD9POVOx5a3DY894rS4w=
+github.com/snyk/cli-extension-sbom v0.0.0-20240418082712-4732b4b2d7b3 h1:2dOzIy4L0LRH7EnMw//80K510ZgoXiDPpylpGNRSZTI=
+github.com/snyk/cli-extension-sbom v0.0.0-20240418082712-4732b4b2d7b3/go.mod h1:lqmQT+QdzLdfi7qsqIH4qvCsSWu+P09GDFwQcmFfC0g=
 github.com/snyk/code-client-go v1.4.2 h1:Vy27Xr6CVAs0qKZlU8I/fxWWI6X2ppzan6IZnUJYmvg=
 github.com/snyk/code-client-go v1.4.2/go.mod h1:Kkr7pQc8ItsBZSYd6A1S4r4VHO6HNyTWZsqi18sAtwQ=
 github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1 h1:9RKY9NdX5DrJAoVXDP0JiqrXT+4Nb9NH8pjEcA0NsLA=

diff --git a/test/acceptance/fake-server.ts b/test/acceptance/fake-server.ts
@@ -603,6 +603,57 @@ export const fakeServer = (basePath: string, snykToken: string): FakeServer => {
     res.status(200).send({});
   });
 
+  app.post(`/rest/orgs/:orgId/sbom_tests`, (req, res) => {
+    const response = {
+      data: {
+        id: '4b341b8a-4697-4e35-928b-4b9ae37f8ea8',
+        type: 'sbom_tests',
+      },
+      jsonapi: {
+        version: '1.0',
+      },
+      links: {
+        self:
+          '/rest/orgs/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/sbom_tests?version=2023-08-31~beta',
+        related:
+          '/rest/orgs/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/sbom_tests/4b341b8a-4697-4e35-928b-4b9ae37f8ea8?version=2023-08-31~beta',
+      },
+    };
+    res.status(201);
+    res.send(response);
+  });
+
+  app.get(`/rest/orgs/:orgId/sbom_tests/:id`, (req, res) => {
+    const response = {
+      data: {
+        id: '4b341b8a-4697-4e35-928b-4b9ae37f8ea8',
+        type: 'sbom_tests',
+        attributes: {
+          status: 'finished',
+        },
+      },
+      jsonapi: {
+        version: '1.0',
+      },
+      links: {
+        self:
+          '/rest/orgs/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/sbom_tests/4b341b8a-4697-4e35-928b-4b9ae37f8ea8?version=2023-08-31~beta',
+        related:
+          '/rest/orgs/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/sbom_tests/4b341b8a-4697-4e35-928b-4b9ae37f8ea8/results?version=2023-08-31~beta',
+      },
+    };
+    res.status(303);
+    res.send(response);
+  });
+
+  app.get(`/rest/orgs/:orgId/sbom_tests/:id/results`, (req, res) => {
+    const body = fs.readFileSync(
+      path.resolve(getFixturePath('sbom'), 'npm-sbom-test-response.json'),
+      'utf8',
+    );
+    res.send(JSON.parse(body));
+  });
+
   app.post(
     basePath.replace('v1', 'hidden') + '/orgs/:org/sbom',
     express.json(),

diff --git a/test/fixtures/sbom/npm-sbom-cdx15.json b/test/fixtures/sbom/npm-sbom-cdx15.json
@@ -0,0 +1,2 @@
+{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:f441a916-51e8-4a53-b5e7-db914182fa7c","version":1,"metadata":{"timestamp":"2024-04-12T09:28:22Z","tools":{"components":[{"type":"application","author":"Snyk","name":"snyk-cli","version":"1.1288.0"}],"services":[{"provider":{"name":"Snyk"},"name":"SBOM Export API","version":"v1.84.1"}]},"component":{"bom-ref":"[email protected]","type":"application","name":"development","version":"1.0.0","purl":"pkg:npm/[email protected]"}},"components":[{"bom-ref":"[email protected]","type":"library","name":"minimatch","version":"3.0.4","purl":"pkg:npm/[email protected]"},{"bom-ref":"[email protected]","type":"library","name":"brace-expansion","version":"1.1.11","purl":"pkg:npm/[email protected]"},{"bom-ref":"[email protected]","type":"library","name":"balanced-match","version":"1.0.2","purl":"pkg:npm/[email protected]"},{"bom-ref":"[email protected]","type":"library","name":"concat-map","version":"0.0.1","purl":"pkg:npm/[email protected]"},{"bom-ref":"[email protected]","type":"library","name":"semver","version":"7.3.5","purl":"pkg:npm/[email protected]"},{"bom-ref":"[email protected]","type":"library","name":"lru-cache","version":"6.0.0","purl":"pkg:npm/[email protected]"},{"bom-ref":"[email protected]","type":"library","name":"yallist","version":"4.0.0","purl":"pkg:npm/[email protected]"}],"dependencies":[{"ref":"[email protected]","dependsOn":["[email protected]","[email protected]"]},{"ref":"[email protected]","dependsOn":["[email protected]"]},{"ref":"[email protected]","dependsOn":["[email protected]","[email protected]"]},{"ref":"[email protected]"},{"ref":"[email protected]"},{"ref":"[email protected]","dependsOn":["[email protected]"]},{"ref":"[email protected]","dependsOn":["[email protected]"]},{"ref":"[email protected]"}]}
+