feat: include Snyk CLI as a generator tool in SBOM documents (#4945)

mcombuechen · web-flow · commit 97746db348f8 · 2023-11-24T15:54:04.000+01:00
diff --git a/cliv2/go.mod b/cliv2/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/rs/zerolog v1.31.0
 	github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73
 	github.com/snyk/cli-extension-iac-rules v0.0.0-20230601153200-c572cfce46ce
-	github.com/snyk/cli-extension-sbom v0.0.0-20230926124903-9705d7d47d8f
+	github.com/snyk/cli-extension-sbom v0.0.0-20231123083311-52b1cecc1a7a
 	github.com/snyk/container-cli v0.0.0-20230920093251-fe865879a91f
 	github.com/snyk/go-application-framework v0.0.0-20231121110922-9719383f0706
 	github.com/snyk/go-httpauth v0.0.0-20231117135515-eb445fea7530
diff --git a/cliv2/go.sum b/cliv2/go.sum
@@ -661,8 +661,8 @@ github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73 h1:rw
 github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73/go.mod h1:QF3v8HBpOpyudYNCuR8LqfULutO76c91sBdLzD+pBJU=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20230601153200-c572cfce46ce h1:WchwuyPX4mEr7tFCGD6EsjwTDipFWfLxs4Wps6KB3b4=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20230601153200-c572cfce46ce/go.mod h1:5/IYYTgf32pST7St4GhS3KNz32WE17Ys+Hdb5Pqxex0=
-github.com/snyk/cli-extension-sbom v0.0.0-20230926124903-9705d7d47d8f h1:U3DQ9wnHJzs8NcM+kkjxDkOa/zkqLeiUs+eL/dLHsic=
-github.com/snyk/cli-extension-sbom v0.0.0-20230926124903-9705d7d47d8f/go.mod h1:O/cjwCbKhJQWyXHPmNbZ7ToQKnhyw0VUp1Qhim3WEcw=
+github.com/snyk/cli-extension-sbom v0.0.0-20231123083311-52b1cecc1a7a h1:oRrk9bvMXdAVhRt84Y8G06+Op7fYQYrRuslngG9BPZk=
+github.com/snyk/cli-extension-sbom v0.0.0-20231123083311-52b1cecc1a7a/go.mod h1:IwRGWjRuNkY08O7NJb7u3JuQkroEB8Qi1MlASpZVu1Q=
 github.com/snyk/container-cli v0.0.0-20230920093251-fe865879a91f h1:ghajT5PEiLP8XNFIdc7Yn4Th74RH/9Q++dDOp6Cb9eo=
 github.com/snyk/container-cli v0.0.0-20230920093251-fe865879a91f/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
 github.com/snyk/go-application-framework v0.0.0-20231121110922-9719383f0706 h1:z/g5P0kS7bedN07rNChlPEifKvAe9+hufGEEifPNcJg=
diff --git a/test/acceptance/fake-server.ts b/test/acceptance/fake-server.ts
@@ -521,6 +521,7 @@ export const fakeServer = (basePath: string, snykToken: string): FakeServer => {
     (req, res) => {
       const depGraph: void | Record<string, any> = req.body.depGraph;
       const depGraphs: void | Record<string, any>[] = req.body.depGraphs;
+      const tools: void | Record<string, any>[] = req.body.tools;
       let bom: Record<string, unknown> = { bomFormat: 'CycloneDX' };
 
       if (Array.isArray(depGraphs) && req.body.subject) {
@@ -542,6 +543,13 @@ export const fakeServer = (basePath: string, snykToken: string): FakeServer => {
         };
       }
 
+      if (Array.isArray(tools)) {
+        bom.metadata = {
+          ...(bom.metadata as any),
+          tools: [...tools, { name: 'fake-server' }],
+        };
+      }
+
       res.status(200).send(bom);
     },
   );
diff --git a/test/jest/acceptance/snyk-sbom/sbom.spec.ts b/test/jest/acceptance/snyk-sbom/sbom.spec.ts
@@ -54,4 +54,27 @@ describe('snyk sbom (mocked server only)', () => {
     expect(bom.metadata.component.name).toEqual('npm-package');
     expect(bom.components).toHaveLength(3);
   });
+
+  test('`sbom` includes a tool name in the document', async () => {
+    const project = await createProjectFromWorkspace('npm-package');
+
+    const { stdout } = await runSnykCLI(
+      `sbom --org aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee --format cyclonedx1.4+json --debug`,
+      {
+        cwd: project.path(),
+        env,
+      },
+    );
+    const bom = JSON.parse(stdout);
+
+    expect(bom.metadata.tools).toEqual(
+      expect.arrayContaining([
+        {
+          vendor: 'Snyk',
+          name: 'snyk-cli',
+          version: expect.any(String),
+        },
+      ]),
+    );
+  });
 });
