Adding guac analyze command to guacone #2737
Conversation
Signed-off-by: arorasoham9 <[email protected]>
Kusari Analysis ResultsAnalysis for commit: bc57a19, performed at: 2025-08-11T05:20:18Z • • Recommendation✅ PROCEED with this Pull Request Summary✅ No Flagged Issues Detected All values appear to be within acceptable risk parameters. No pinned version dependency changes, code issues or exposed secrets detected! Found this helpful? Give it a 👍 or 👎 reaction! |
Signed-off-by: arorasoham9 <[email protected]>
|
Kusari PR Analysis rerun based on - bc57a19 performed at: 2025-08-11T05:19:59Z - link to updated analysis |
| } | ||
|
|
||
| switch args[0] { | ||
| case "diff": |
|
|
||
| var analyzeCmd = &cobra.Command{ | ||
| Use: "analyze <operation> <sboms> [flags] ", | ||
| Short: "analyze is a CLI tool tailored for comparing, intersecting, and merging Software Bill of Materials (SBOMs) within GUAC", |
There was a problem hiding this comment.
Description can be improved
| logger.Fatalf("unable to print intersect analysis: %v", err) | ||
| } | ||
|
|
||
| case "union": |
There was a problem hiding this comment.
enum, reuse from pkg
| set.StringSlice("analyze-slsa", []string{}, "two slsa to analyze") | ||
| set.Bool("analyze-uri-input", false, "input is a URI") | ||
| set.Bool("analyze-purl-input", false, "input is a pURL") | ||
| set.Bool("analyze-id-input", false, "input is an Id") |
There was a problem hiding this comment.
Inconsistency in flag hints case.
| set.StringSlice("analyze-slsa", []string{}, "two slsa to analyze") | ||
| set.Bool("analyze-uri-input", false, "input is a URI") | ||
| set.Bool("analyze-purl-input", false, "input is a pURL") | ||
| set.Bool("analyze-id-input", false, "input is an Id") |
|
|
||
| func init() { | ||
| set, err := cli.BuildFlags([]string{ | ||
| "analyze-sboms", |
There was a problem hiding this comment.
Change to just sbom and slsa?
| set.Bool("kubescape-filtered", false, "If false: get/watch \"sbomsyfts\", if true: get/watch \"sbomsyftfiltereds\"") | ||
|
|
||
| // SBOM Analyzer flags | ||
| set.StringSlice("analyze-sboms", []string{}, "two sboms to analyze") |
There was a problem hiding this comment.
change to "sbom"
| } | ||
|
|
||
| if args[0] != "intersect" && args[0] != "union" && args[0] != "diff" { | ||
| fmt.Println("invalid positional argument. Must be one of: intersect, union or diff.") |
There was a problem hiding this comment.
just call it intersection, union, and difference?
|
This pull request has been automatically marked as stale because it has not had recent activity (60 days of inactivity). |
1 participant
Description of the PR
This PR adds a command to guacone which utilizes the guac analyze package, PR.
guacone analyze diff --uri --sboms=https://anchore.com/syft/image/k8s.gcr.io/kube-apiserver-v1.24.1-583a02ce-8f7e-4794-91af-35f27ffeb73d,https://anchore.com/syft/image/k8s.gcr.io/kube-apiserver-v1.24.2-ee7e0a81-87de-4761-9689-4f7162d81e44CI will likely fail as this PR is dependent on #2733. Do not review or merge.
PR Checklist
-sflag togit commit.make generatehas been runmake generatehas been runmake generatehas been runcollectsubprotobuf has been changed,make protohas been run