feat: use sbom api v2024-04-22

- Use RFC 3339 for all timestamps in sbom test result - Introduced by should pick the first occurrence for human readable sbom test.
snyk · Apr 29, 2024 · e87d2bd · e87d2bd
1 parent fb24c02
commit e87d2bd
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 3 deletions.
diff --git a/cliv2/go.mod b/cliv2/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/rs/zerolog v1.32.0
 	github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73
 	github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672
-	github.com/snyk/cli-extension-sbom v0.0.0-20240418082712-4732b4b2d7b3
+	github.com/snyk/cli-extension-sbom v0.0.0-20240426072511-94652d584413
 	github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1
 	github.com/snyk/go-application-framework v0.0.0-20240423090544-b0ba7f6ed181
 	github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65

diff --git a/cliv2/go.sum b/cliv2/go.sum
@@ -725,8 +725,8 @@ github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73 h1:rw
 github.com/snyk/cli-extension-dep-graph v0.0.0-20230926124856-b0fdf1ee6f73/go.mod h1:QF3v8HBpOpyudYNCuR8LqfULutO76c91sBdLzD+pBJU=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672 h1:AkLej8Lk//vFex1fiygSYFrQTUd0xP+GyRbsI+m2kwQ=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672/go.mod h1:2vKTUsW73sVbDcyD19iNLfN0so2GSu9BE3k/fqG0mjA=
-github.com/snyk/cli-extension-sbom v0.0.0-20240418082712-4732b4b2d7b3 h1:2dOzIy4L0LRH7EnMw//80K510ZgoXiDPpylpGNRSZTI=
-github.com/snyk/cli-extension-sbom v0.0.0-20240418082712-4732b4b2d7b3/go.mod h1:lqmQT+QdzLdfi7qsqIH4qvCsSWu+P09GDFwQcmFfC0g=
+github.com/snyk/cli-extension-sbom v0.0.0-20240426072511-94652d584413 h1:DrieS0CPi1GEnAv8xdUJ7ceqgqUaFJyJAXIZ4I24KCI=
+github.com/snyk/cli-extension-sbom v0.0.0-20240426072511-94652d584413/go.mod h1:lqmQT+QdzLdfi7qsqIH4qvCsSWu+P09GDFwQcmFfC0g=
 github.com/snyk/code-client-go v1.4.5 h1:r112huvRXv6gsHNUkeFLMbEz8dOLBv+v/hZDJfuPZaA=
 github.com/snyk/code-client-go v1.4.5/go.mod h1:Kkr7pQc8ItsBZSYd6A1S4r4VHO6HNyTWZsqi18sAtwQ=
 github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1 h1:9RKY9NdX5DrJAoVXDP0JiqrXT+4Nb9NH8pjEcA0NsLA=

diff --git a/test/jest/acceptance/snyk-sbom-test/all-projects.spec.ts b/test/jest/acceptance/snyk-sbom-test/all-projects.spec.ts
@@ -74,6 +74,41 @@ describe('snyk sbom test (mocked server only)', () => {
     expect(stderr).toEqual('');
   });
 
+  test('`npm CycloneDX JSON with --json`', async () => {
+    const fileToTest = path.resolve(
+      getFixturePath('sbom'),
+      'npm-sbom-cdx15.json',
+    );
+
+    const {
+      code,
+      stdout,
+      stderr,
+    } = await runSnykCLI(
+      `sbom test --org aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee --experimental --file ${fileToTest} --json`,
+      { env },
+    );
+
+    // Verify consistent timestamp format
+    expect(stdout).toMatch('"disclosureTime": "2022-10-18T06:00:25Z",');
+    expect(stdout).toMatch('"publicationTime": "2022-10-18T06:29:18Z"');
+    expect(stdout).toMatch('"creationTime": "2022-10-18T06:10:47Z",');
+
+    // Verify other fields
+    expect(stdout).toMatch(
+      '"CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",',
+    );
+    expect(stdout).toMatch(
+      '"title": "Regular Expression Denial of Service (ReDoS)",',
+    );
+    expect(stdout).toMatch('"version": "3.0.4",');
+    expect(stdout).toMatch('"name": "minimatch"');
+
+    expect(code).toEqual(1);
+
+    expect(stderr).toEqual('');
+  });
+
   test('`missing experimental flag`', async () => {
     const fileToTest = path.resolve(
       getFixturePath('sbom'),