introduce sbom.Descriptor

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

cmd/packages.go

@@ -13,6 +13,7 @@ import (
 	"github.com/anchore/syft/internal/formats"
 	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/internal/ui"
+	"github.com/anchore/syft/internal/version"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/event"
 	"github.com/anchore/syft/syft/format"
@@ -263,6 +264,11 @@ func packagesExecWorker(userInput string) <-chan error {
 
 		s := sbom.SBOM{
 			Source: src.Metadata,
+			Descriptor: sbom.Descriptor{
+				Name:          internal.ApplicationName,
+				Version:       version.FromBuild().Version,
+				Configuration: appConfig,
+			},
 		}
 
 		var relationships []<-chan artifact.Relationship
@@ -283,7 +289,7 @@ func packagesExecWorker(userInput string) <-chan error {
 
 		bus.Publish(partybus.Event{
 			Type:  event.PresenterReady,
-			Value: f.Presenter(s, appConfig),
+			Value: f.Presenter(s),
 		})
 	}()
 	return errs

cmd/power_user.go

@@ -10,6 +10,7 @@ import (
 	"github.com/anchore/syft/internal/formats/syftjson"
 	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/internal/ui"
+	"github.com/anchore/syft/internal/version"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/event"
 	"github.com/anchore/syft/syft/sbom"
@@ -123,6 +124,11 @@ func powerUserExecWorker(userInput string) <-chan error {
 
 		s := sbom.SBOM{
 			Source: src.Metadata,
+			Descriptor: sbom.Descriptor{
+				Name:          internal.ApplicationName,
+				Version:       version.FromBuild().Version,
+				Configuration: appConfig,
+			},
 		}
 
 		var relationships []<-chan artifact.Relationship
@@ -137,7 +143,7 @@ func powerUserExecWorker(userInput string) <-chan error {
 
 		bus.Publish(partybus.Event{
 			Type:  event.PresenterReady,
-			Value: syftjson.Format().Presenter(s, *appConfig),
+			Value: syftjson.Format().Presenter(s),
 		})
 	}()
 

internal/anchore/import_package_sbom.go

@@ -25,7 +25,7 @@ type packageSBOMImportAPI interface {
 func packageSbomModel(s sbom.SBOM) (*external.ImagePackageManifest, error) {
 	var buf bytes.Buffer
 
-	err := syftjson.Format().Presenter(s, nil).Present(&buf)
+	err := syftjson.Format().Presenter(s).Present(&buf)
 	if err != nil {
 		return nil, fmt.Errorf("unable to serialize results: %w", err)
 	}

internal/anchore/import_package_sbom_test.go

@@ -105,7 +105,7 @@ func TestPackageSbomToModel(t *testing.T) {
 	}
 
 	var buf bytes.Buffer
-	pres := syftjson.Format().Presenter(s, nil)
+	pres := syftjson.Format().Presenter(s)
 	if err := pres.Present(&buf); err != nil {
 		t.Fatalf("unable to get expected json: %+v", err)
 	}

internal/formats/common/testutils/utils.go

@@ -124,6 +124,15 @@ func ImageInput(t testing.TB, testImage string, options ...ImageOption) sbom.SBO
 			Distro:         &dist,
 		},
 		Source: src.Metadata,
+		Descriptor: sbom.Descriptor{
+			Name:    "syft",
+			Version: "v0.42.0-bogus",
+			// the application configuration should be persisted here, however, we do not want to import
+			// the application configuration in this package (it's reserved only for ingestion by the cmd package)
+			Configuration: map[string]string{
+				"config-key": "config-value",
+			},
+		},
 	}
 }
 
@@ -187,6 +196,15 @@ func DirectoryInput(t testing.TB) sbom.SBOM {
 			Distro:         &dist,
 		},
 		Source: src.Metadata,
+		Descriptor: sbom.Descriptor{
+			Name:    "syft",
+			Version: "v0.42.0-bogus",
+			// the application configuration should be persisted here, however, we do not want to import
+			// the application configuration in this package (it's reserved only for ingestion by the cmd package)
+			Configuration: map[string]string{
+				"config-key": "config-value",
+			},
+		},
 	}
 }
 

internal/formats/cyclonedx12xml/encoder.go

@@ -7,7 +7,7 @@ import (
 	"github.com/anchore/syft/syft/sbom"
 )
 
-func encoder(output io.Writer, s sbom.SBOM, _ interface{}) error {
+func encoder(output io.Writer, s sbom.SBOM) error {
 	enc := xml.NewEncoder(output)
 	enc.Indent("", "  ")
 

internal/formats/cyclonedx12xml/encoder_test.go

@@ -12,7 +12,7 @@ var updateCycloneDx = flag.Bool("update-cyclonedx", false, "update the *.golden
 
 func TestCycloneDxDirectoryPresenter(t *testing.T) {
 	testutils.AssertPresenterAgainstGoldenSnapshot(t,
-		Format().Presenter(testutils.DirectoryInput(t), nil),
+		Format().Presenter(testutils.DirectoryInput(t)),
 		*updateCycloneDx,
 		cycloneDxRedactor,
 	)
@@ -21,7 +21,7 @@ func TestCycloneDxDirectoryPresenter(t *testing.T) {
 func TestCycloneDxImagePresenter(t *testing.T) {
 	testImage := "image-simple"
 	testutils.AssertPresenterAgainstGoldenImageSnapshot(t,
-		Format().Presenter(testutils.ImageInput(t, testImage), nil),
+		Format().Presenter(testutils.ImageInput(t, testImage)),
 		testImage,
 		*updateCycloneDx,
 		cycloneDxRedactor,

internal/formats/spdx22json/encoder.go

@@ -9,7 +9,7 @@ import (
 
 const anchoreNamespace = "https://anchore.com/syft"
 
-func encoder(output io.Writer, s sbom.SBOM, _ interface{}) error {
+func encoder(output io.Writer, s sbom.SBOM) error {
 	doc := toFormatModel(s)
 
 	enc := json.NewEncoder(output)

internal/formats/spdx22json/encoder_test.go

@@ -12,7 +12,7 @@ var updateSpdxJson = flag.Bool("update-spdx-json", false, "update the *.golden f
 
 func TestSPDXJSONDirectoryPresenter(t *testing.T) {
 	testutils.AssertPresenterAgainstGoldenSnapshot(t,
-		Format().Presenter(testutils.DirectoryInput(t), nil),
+		Format().Presenter(testutils.DirectoryInput(t)),
 		*updateSpdxJson,
 		spdxJsonRedactor,
 	)
@@ -21,7 +21,7 @@ func TestSPDXJSONDirectoryPresenter(t *testing.T) {
 func TestSPDXJSONImagePresenter(t *testing.T) {
 	testImage := "image-simple"
 	testutils.AssertPresenterAgainstGoldenImageSnapshot(t,
-		Format().Presenter(testutils.ImageInput(t, testImage, testutils.FromSnapshot()), nil),
+		Format().Presenter(testutils.ImageInput(t, testImage, testutils.FromSnapshot())),
 		testImage,
 		*updateSpdxJson,
 		spdxJsonRedactor,

internal/formats/spdx22tagvalue/encoder.go

@@ -7,7 +7,7 @@ import (
 	"github.com/spdx/tools-golang/tvsaver"
 )
 
-func encoder(output io.Writer, s sbom.SBOM, _ interface{}) error {
+func encoder(output io.Writer, s sbom.SBOM) error {
 	model := toFormatModel(s)
 	return tvsaver.Save2_2(&model, output)
 }

internal/formats/spdx22tagvalue/encoder_test.go

@@ -13,7 +13,7 @@ var updateSpdxTagValue = flag.Bool("update-spdx-tv", false, "update the *.golden
 func TestSPDXTagValueDirectoryPresenter(t *testing.T) {
 
 	testutils.AssertPresenterAgainstGoldenSnapshot(t,
-		Format().Presenter(testutils.DirectoryInput(t), nil),
+		Format().Presenter(testutils.DirectoryInput(t)),
 		*updateSpdxTagValue,
 		spdxTagValueRedactor,
 	)
@@ -22,7 +22,7 @@ func TestSPDXTagValueDirectoryPresenter(t *testing.T) {
 func TestSPDXTagValueImagePresenter(t *testing.T) {
 	testImage := "image-simple"
 	testutils.AssertPresenterAgainstGoldenImageSnapshot(t,
-		Format().Presenter(testutils.ImageInput(t, testImage, testutils.FromSnapshot()), nil),
+		Format().Presenter(testutils.ImageInput(t, testImage, testutils.FromSnapshot())),
 		testImage,
 		*updateSpdxTagValue,
 		spdxTagValueRedactor,

internal/formats/syftjson/decoder_test.go

@@ -15,7 +15,7 @@ func TestEncodeDecodeCycle(t *testing.T) {
 	originalSBOM := testutils.ImageInput(t, testImage)
 
 	var buf bytes.Buffer
-	assert.NoError(t, encoder(&buf, originalSBOM, map[string]string{"config": "value"}))
+	assert.NoError(t, encoder(&buf, originalSBOM))
 
 	actualSBOM, err := decoder(bytes.NewReader(buf.Bytes()))
 	assert.NoError(t, err)

internal/formats/syftjson/encoder.go

@@ -7,8 +7,8 @@ import (
 	"github.com/anchore/syft/syft/sbom"
 )
 
-func encoder(output io.Writer, s sbom.SBOM, appConfig interface{}) error {
-	doc := ToFormatModel(s, appConfig)
+func encoder(output io.Writer, s sbom.SBOM) error {
+	doc := ToFormatModel(s)
 
 	enc := json.NewEncoder(output)
 	// prevent > and < from being escaped in the payload

internal/formats/syftjson/encoder_test.go

@@ -4,10 +4,11 @@ import (
 	"flag"
 	"testing"
 
+	"github.com/anchore/syft/syft/file"
+
 	"github.com/anchore/syft/syft/artifact"
 
 	"github.com/anchore/syft/syft/distro"
-	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/sbom"
 	"github.com/anchore/syft/syft/source"
@@ -19,21 +20,21 @@ var updateJson = flag.Bool("update-json", false, "update the *.golden files for
 
 func TestDirectoryPresenter(t *testing.T) {
 	testutils.AssertPresenterAgainstGoldenSnapshot(t,
-		Format().Presenter(testutils.DirectoryInput(t), nil),
+		Format().Presenter(testutils.DirectoryInput(t)),
 		*updateJson,
 	)
 }
 
 func TestImagePresenter(t *testing.T) {
 	testImage := "image-simple"
 	testutils.AssertPresenterAgainstGoldenImageSnapshot(t,
-		Format().Presenter(testutils.ImageInput(t, testImage, testutils.FromSnapshot()), nil),
+		Format().Presenter(testutils.ImageInput(t, testImage, testutils.FromSnapshot())),
 		testImage,
 		*updateJson,
 	)
 }
 
-func TestFullJSONDocument(t *testing.T) {
+func TestEncodeFullJSONDocument(t *testing.T) {
 	catalog := pkg.NewCatalog()
 
 	p1 := pkg.Package{
@@ -180,12 +181,19 @@ func TestFullJSONDocument(t *testing.T) {
 				RepoDigests: []string{},
 			},
 		},
+		Descriptor: sbom.Descriptor{
+			Name:    "syft",
+			Version: "v0.42.0-bogus",
+			// the application configuration should be persisted here, however, we do not want to import
+			// the application configuration in this package (it's reserved only for ingestion by the cmd package)
+			Configuration: map[string]string{
+				"config-key": "config-value",
+			},
+		},
 	}
 
 	testutils.AssertPresenterAgainstGoldenSnapshot(t,
-		Format().Presenter(s, map[string]string{
-			"app": "config",
-		}),
+		Format().Presenter(s),
 		*updateJson,
 	)
 }

internal/formats/syftjson/test-fixtures/snapshot/TestDirectoryPresenter.golden

@@ -77,7 +77,10 @@
  },
  "descriptor": {
   "name": "syft",
-  "version": "[not provided]"
+  "version": "v0.42.0-bogus",
+  "configuration": {
+   "config-key": "config-value"
+  }
  },
  "schema": {
   "version": "2.0.0",

internal/formats/syftjson/test-fixtures/snapshot/TestFullJSONDocument.golden → internal/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden

@@ -173,9 +173,9 @@
  },
  "descriptor": {
   "name": "syft",
-  "version": "[not provided]",
+  "version": "v0.42.0-bogus",
   "configuration": {
-   "app": "config"
+   "config-key": "config-value"
   }
  },
  "schema": {

internal/formats/syftjson/test-fixtures/snapshot/TestImagePresenter.golden

@@ -98,7 +98,10 @@
  },
  "descriptor": {
   "name": "syft",
-  "version": "[not provided]"
+  "version": "v0.42.0-bogus",
+  "configuration": {
+   "config-key": "config-value"
+  }
  },
  "schema": {
   "version": "2.0.0",

internal/formats/syftjson/to_format_model.go

@@ -14,14 +14,13 @@ import (
 	"github.com/anchore/syft/internal"
 	"github.com/anchore/syft/internal/formats/syftjson/model"
 	"github.com/anchore/syft/internal/log"
-	"github.com/anchore/syft/internal/version"
 	"github.com/anchore/syft/syft/distro"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/source"
 )
 
 // TODO: this is exported for the use of the power-user command (temp)
-func ToFormatModel(s sbom.SBOM, applicationConfig interface{}) model.Document {
+func ToFormatModel(s sbom.SBOM) model.Document {
 	src, err := toSourceModel(s.Source)
 	if err != nil {
 		log.Warnf("unable to create syft-json source object: %+v", err)
@@ -34,18 +33,22 @@ func ToFormatModel(s sbom.SBOM, applicationConfig interface{}) model.Document {
 		Secrets:               toSecrets(s.Artifacts.Secrets),
 		Source:                src,
 		Distro:                toDistroModel(s.Artifacts.Distro),
-		Descriptor: model.Descriptor{
-			Name:          internal.ApplicationName,
-			Version:       version.FromBuild().Version,
-			Configuration: applicationConfig,
-		},
+		Descriptor:            toDescriptor(s.Descriptor),
 		Schema: model.Schema{
 			Version: internal.JSONSchemaVersion,
 			URL:     fmt.Sprintf("https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-%s.json", internal.JSONSchemaVersion),
 		},
 	}
 }
 
+func toDescriptor(d sbom.Descriptor) model.Descriptor {
+	return model.Descriptor{
+		Name:          d.Name,
+		Version:       d.Version,
+		Configuration: d.Configuration,
+	}
+}
+
 func toSecrets(data map[source.Coordinates][]file.SearchResult) []model.Secrets {
 	results := make([]model.Secrets, 0)
 	for coordinates, secrets := range data {

internal/formats/syftjson/to_syft_model.go

@@ -20,10 +20,19 @@ func toSyftModel(doc model.Document) (*sbom.SBOM, error) {
 			PackageCatalog: toSyftCatalog(doc.Artifacts),
 			Distro:         &dist,
 		},
-		Source: *toSyftSourceData(doc.Source),
+		Source:     *toSyftSourceData(doc.Source),
+		Descriptor: toSyftDescriptor(doc.Descriptor),
 	}, nil
 }
 
+func toSyftDescriptor(d model.Descriptor) sbom.Descriptor {
+	return sbom.Descriptor{
+		Name:          d.Name,
+		Version:       d.Version,
+		Configuration: d.Configuration,
+	}
+}
+
 func toSyftSourceData(s model.Source) *source.Metadata {
 	switch s.Type {
 	case "directory":

internal/formats/table/encoder.go

@@ -11,7 +11,7 @@ import (
 	"github.com/olekukonko/tablewriter"
 )
 
-func encoder(output io.Writer, s sbom.SBOM, _ interface{}) error {
+func encoder(output io.Writer, s sbom.SBOM) error {
 	var rows [][]string
 
 	columns := []string{"Name", "Version", "Type"}

internal/formats/table/encoder_test.go

@@ -12,7 +12,7 @@ var updateTableGoldenFiles = flag.Bool("update-table", false, "update the *.gold
 
 func TestTablePresenter(t *testing.T) {
 	testutils.AssertPresenterAgainstGoldenSnapshot(t,
-		Format().Presenter(testutils.DirectoryInput(t), nil),
+		Format().Presenter(testutils.DirectoryInput(t)),
 		*updateTableGoldenFiles,
 	)
 }

internal/formats/text/encoder.go

@@ -10,7 +10,7 @@ import (
 	"github.com/anchore/syft/syft/source"
 )
 
-func encoder(output io.Writer, s sbom.SBOM, _ interface{}) error {
+func encoder(output io.Writer, s sbom.SBOM) error {
 	// init the tabular writer
 	w := new(tabwriter.Writer)
 	w.Init(output, 0, 8, 0, '\t', tabwriter.AlignRight)