Skip to content

Commit ac85531

Browse files
add the sbom auto install for a given tool
1 parent 7aa295c commit ac85531

2 files changed

Lines changed: 31 additions & 5 deletions

File tree

cmd/compliance/sbom.go

Lines changed: 30 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -322,6 +322,11 @@ func enhanceSBOM(cfg *config.Config, mgr *manager.Manager, cmd *cobra.Command) e
322322

323323
// resolveSBOMTool finds the tool binary in goenv-managed paths
324324
func resolveSBOMTool(cfg *config.Config, tool string) (string, error) {
325+
sbomTools := map[string]string{
326+
"cyclonedx-gomod": "github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod",
327+
"syft": "github.com/anchore/syft/cmd/syft",
328+
}
329+
325330
// Check host-specific bin directory first using consolidated utility
326331
hostBin := cfg.HostBinDir()
327332
if toolPath, err := utils.FindExecutable(hostBin, tool); err == nil {
@@ -333,14 +338,37 @@ func resolveSBOMTool(cfg *config.Config, tool string) (string, error) {
333338
return path, nil
334339
}
335340

341+
goTool, ok := sbomTools[tool]
342+
if !ok {
343+
return "", fmt.Errorf("unsupported SBOM tool: %s", tool)
344+
}
345+
346+
goTool = fmt.Sprintf("%s@latest", goTool)
347+
348+
fmt.Printf("goenv: %s not found in goenv-managed paths or system PATH. Attempting to install...\n", tool)
349+
350+
cmd := exec.Command("goenv", "tools", "install", goTool)
351+
cmd.Stdout = os.Stdout
352+
cmd.Stderr = os.Stderr
353+
354+
err := cmd.Run()
355+
if err == nil {
356+
// Retry finding the tool after installation; it will be rehashed into the shims automatically
357+
if toolPath, err := utils.FindExecutable(hostBin, tool); err == nil {
358+
return toolPath, nil
359+
}
360+
} else {
361+
return "", fmt.Errorf("goenv: Failed to install %s: %w", tool, err)
362+
}
363+
336364
// Tool not found - provide actionable error
337365
return "", fmt.Errorf(`%s not found
338366
339367
To install:
340-
goenv tools install %s@latest
368+
goenv tools install %s
341369
342370
Or install system-wide with:
343-
go install <package-path>`, tool, tool)
371+
go install %s`, tool, goTool, goTool)
344372
}
345373

346374
// buildCycloneDXCommand builds the cyclonedx-gomod command

cmd/compliance/sbom_test.go

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -128,9 +128,7 @@ func TestResolveSBOMTool_NotFound(t *testing.T) {
128128
_, err := resolveSBOMTool(cfg, "nonexistent-tool")
129129
assert.Error(t, err, "Expected error for non-existent tool")
130130

131-
assert.Contains(t, err.Error(), "not found", "Expected 'not found' error %v", err)
132-
133-
assert.Contains(t, err.Error(), "goenv tools install", "Expected installation instructions in error %v", err)
131+
assert.Contains(t, err.Error(), "unsupported SBOM tool", "Expected 'unsupported SBOM tool' error %v", err)
134132
}
135133

136134
func TestBuildCycloneDXCommand(t *testing.T) {

0 commit comments

Comments
 (0)