Merge branch 'main' into fix_lint_errors

Signed-off-by: Vivek Kumar Sahu <[email protected]>

Author: viveksahu26

.github/workflows/build.yml

@@ -38,7 +38,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: .
-          platforms: linux/amd64
+          platforms: linux/amd64, linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -1,4 +1,6 @@
-FROM golang:1.22.2-alpine AS builder
+# Use buildx for multi-platform builds
+# Build stage
+FROM --platform=$BUILDPLATFORM golang:1.22.2-alpine AS builder
 LABEL org.opencontainers.image.source="https://github.com/interlynk-io/sbomqs"
 
 RUN apk add --no-cache make git
@@ -7,23 +9,17 @@ COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
 
-RUN make ; make build
+# Build for multiple architectures
+ARG TARGETOS TARGETARCH
+RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -a -o sbomqs .
 
+# Final stage
 FROM scratch
 LABEL org.opencontainers.image.source="https://github.com/interlynk-io/sbomqs"
 LABEL org.opencontainers.image.description="Quality metrics for your sboms"
 LABEL org.opencontainers.image.licenses=Apache-2.0
 
-COPY --from=builder /bin/sh /bin/grep /bin/busybox /bin/touch /bin/chmod /bin/mkdir /bin/date /bin/cat /bin/
-COPY --from=builder /etc/ssl/certs /etc/ssl/certs
-COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1
-COPY --from=builder /tmp /tmp
-COPY --from=builder /usr/bin /usr/bin
-
 # Copy our static executable
-COPY --from=builder /app/build/sbomqs /app/sbomqs
-
-# Disable version check
-ENV INTERLYNK_DISABLE_VERSION_CHECK=true
+COPY --from=builder /app/sbomqs /app/sbomqs
 
-ENTRYPOINT [ "/app/sbomqs" ]
+ENTRYPOINT ["/app/sbomqs"]

cmd/compliance.go

@@ -28,6 +28,20 @@ var complianceCmd = &cobra.Command{
 	Long: `Check if your SBOM complies with various SBOM standards like NTIA minimum elements, BSI TR-03183-2, OpenChain Telco.
 	Generate a compliance report for an SBOM file.
 	`,
+	Example: ` sbomqs compliance --bsi|--oct  [--basic|--json] <SBOM file>
+
+  # Check a BSI TR-03183-2 v1.1 compliance against a SBOM in a table output
+  sbomqs compliance --bsi samples/sbomqs-spdx-syft.json
+
+  # Check a BSI TR-03183-2 v1.1 compliance against a SBOM in a JSON output
+  sbomqs compliance --bsi --json samples/sbomqs-spdx-syft.json
+
+  # Check a OpenChain Telco compliance against a SBOM in a table output
+  sbomqs compliance --oct samples/sbomqs-spdx-syft.json
+
+  # Check a OpenChain Telco compliance against a SBOM in a JSON output
+  sbomqs compliance --oct --json samples/sbomqs-spdx-syft.json
+`,
 	Args: func(cmd *cobra.Command, args []string) error {
 		if err := cobra.ExactArgs(1)(cmd, args); err != nil {
 			return fmt.Errorf("compliance requires a single argument, the path to an SBOM file")

cmd/score.go

@@ -65,7 +65,25 @@ var scoreCmd = &cobra.Command{
 	Use:          "score",
 	Short:        "comprehensive quality score for your sbom",
 	SilenceUsage: true,
-	Args: func(_ *cobra.Command, args []string) error {
+	Example: ` sbomqs score [--category <category>] [--feature <feature>]  [--basic|--json]  <SBOM file>
+
+  # Get a score against a SBOM in a table output
+  sbomqs score samples/sbomqs-spdx-syft.json
+
+  # Get a score against a SBOM in a basic output
+  sbomqs score --basic samples/sbomqs-spdx-syft.json
+
+  # Get a score against a SBOM in a JSON output
+  sbomqs score --json samples/sbomqs-spdx-syft.json
+ 
+  # Get a score for a 'NTIA-minimum-elements' category against a SBOM in a table output
+  sbomqs score --category NTIA-minimum-elements samples/sbomqs-spdx-syft.json
+
+  # Get a score for a 'NTIA-minimum-elements' category and 'sbom_authors' feature against a SBOM in a table output
+  sbomqs score --category NTIA-minimum-elements --feature sbom_authors samples/sbomqs-spdx-syft.json
+`,
+
+	Args: func(cmd *cobra.Command, args []string) error {
 		if len(args) <= 0 {
 			if len(inFile) <= 0 && len(inDirPath) <= 0 {
 				return fmt.Errorf("provide a path to an sbom file or directory of sbom files")
@@ -188,8 +206,8 @@ func init() {
 	scoreCmd.Flags().StringP("configpath", "", "", "scoring based on config path")
 
 	// Filter Control
-	scoreCmd.Flags().StringP("category", "c", "", "filter by category")
-	scoreCmd.Flags().StringP("feature", "f", "", "filter by feature")
+	scoreCmd.Flags().StringP("category", "c", "", "filter by category (e.g. 'NTIA-minimum-elements', 'Quality', 'Semantic', 'Sharing', 'Structural')")
+	scoreCmd.Flags().StringP("feature", "f", "", "filter by feature (e.g. 'sbom_authors',  'comp_with_name', 'sbom_creation_timestamp') ")
 
 	// Spec Control
 	scoreCmd.Flags().BoolP("spdx", "", false, "limit scoring to spdx sboms")