Changed to CycloneDX

Signed-off-by: naveensrinivasan <[email protected]>

main.go

@@ -103,6 +103,12 @@ func main() {
 						Usage:   "Maximum number of results to return",
 						Value:   100,
 					},
+					&cli.IntFlag{
+						Name:    "skip",
+						Aliases: []string{"s"},
+						Usage:   "Number of records to skip",
+						Value:   0,
+					},
 				},
 				Action: querySQLiteData,
 			},
@@ -137,6 +143,12 @@ func main() {
 						Usage:   "Maximum number of results to return",
 						Value:   100,
 					},
+					&cli.IntFlag{
+						Name:    "skip",
+						Aliases: []string{"s"},
+						Usage:   "Number of records to skip",
+						Value:   0,
+					},
 				},
 				Action: downloadSBOMs,
 			},
@@ -311,7 +323,13 @@ func querySQLiteData(c *cli.Context) error {
 		filterCriteria = append(filterCriteria, criterion)
 	}
 
-	filteredData, err := csv.FilterSQLiteData(db, filterCriteria, c.Int("max-results"))
+	options := csv.FilterOptions{
+		Criteria:    filterCriteria,
+		MaxResults:  c.Int("max-results"),
+		SkipRecords: c.Int("skip"),
+	}
+
+	filteredData, err := csv.FilterSQLiteData(db, options)
 	if err != nil {
 		return fmt.Errorf("failed to filter SQLite data: %w", err)
 	}
@@ -347,7 +365,13 @@ func downloadSBOMs(c *cli.Context) error {
 		filterCriteria = append(filterCriteria, criterion)
 	}
 
-	filteredData, err := csv.FilterSQLiteData(db, filterCriteria, c.Int("max-results"))
+	options := csv.FilterOptions{
+		Criteria:    filterCriteria,
+		MaxResults:  c.Int("max-results"),
+		SkipRecords: c.Int("skip"),
+	}
+
+	filteredData, err := csv.FilterSQLiteData(db, options)
 	if err != nil {
 		return fmt.Errorf("failed to filter SQLite data: %w", err)
 	}
@@ -402,7 +426,7 @@ func downloadSBOMs(c *cli.Context) error {
 		repoURLWithoutScheme := strings.TrimPrefix(repo.RepoURL, "http://")
 		repoURLWithoutScheme = strings.TrimPrefix(repoURLWithoutScheme, "https://")
 		// Generate SBOM using Syft
-		err = sbom.GenerateSBOMWithSyft(tempDir, outputFile, repoURLWithoutScheme)
+		err = sbom.GenerateSBOMWithCycloneDX(tempDir, outputFile, repoURLWithoutScheme)
 		if err != nil {
 			fmt.Printf("Failed to generate SBOM for %s: %v\n", repo.RepoURL, err)
 			continue

pkg/csv/cvssql.go

@@ -219,14 +219,21 @@ func HandleNullValue(value interface{}) interface{} {
 	return value
 }
 
+// FilterOptions defines options for filtering rows
+type FilterOptions struct {
+	Criteria    []FilterCriteria
+	MaxResults  int
+	SkipRecords int // Number of records to skip
+}
+
 // FilterSQLiteData filters data in SQLite based on multiple criteria and returns a slice of RepoData structs
-func FilterSQLiteData(db *sql.DB, criteria []FilterCriteria, maxResults int) ([]RepoData, error) {
+func FilterSQLiteData(db *sql.DB, options FilterOptions) ([]RepoData, error) {
 	var filteredRecords []RepoData
 
 	// Build query
 	query := "SELECT * FROM repos WHERE "
 	args := []interface{}{}
-	for i, criterion := range criteria {
+	for i, criterion := range options.Criteria {
 		if i > 0 {
 			query += " AND "
 		}
@@ -237,6 +244,14 @@ func FilterSQLiteData(db *sql.DB, criteria []FilterCriteria, maxResults int) ([]
 	// Add ORDER BY clause for Criticality Score (default_score) in descending order
 	query += " ORDER BY default_score DESC"
 
+	// Add LIMIT and OFFSET clauses
+	if options.MaxResults > 0 {
+		query += fmt.Sprintf(" LIMIT %d", options.MaxResults)
+	}
+	if options.SkipRecords > 0 {
+		query += fmt.Sprintf(" OFFSET %d", options.SkipRecords)
+	}
+	fmt.Println(query)
 	rows, err := db.Query(query, args...)
 	if err != nil {
 		return nil, fmt.Errorf("failed to query sqlite: %w", err)
@@ -249,10 +264,6 @@ func FilterSQLiteData(db *sql.DB, criteria []FilterCriteria, maxResults int) ([]
 	}
 
 	for rows.Next() {
-		if maxResults > 0 && len(filteredRecords) >= maxResults {
-			break
-		}
-
 		columnPointers := make([]interface{}, len(columns))
 		columnValues := make([]interface{}, len(columns))
 		for i := range columnValues {
@@ -316,4 +327,4 @@ func FilterSQLiteData(db *sql.DB, criteria []FilterCriteria, maxResults int) ([]
 	}
 
 	return filteredRecords, nil
-}
+}

pkg/sbom/sbom.go

@@ -17,20 +17,18 @@ func ValidateSBOM(sbom string) error {
 	return nil
 }
 
-// GenerateSBOMWithSyft generates an SBOM using the syft binary.
-func GenerateSBOMWithSyft(directory, outputFile, repo string) error {
-	// Check if syft is installed
-	_, err := exec.LookPath("syft")
+// GenerateSBOMWithCycloneDX generates an SBOM using the cdxgen binary.
+func GenerateSBOMWithCycloneDX(directory, outputFile, repo string) error {
+	// Check if cdxgen is installed
+	_, err := exec.LookPath("cdxgen")
 	if err != nil {
-		return fmt.Errorf("syft is not installed or not in PATH: %w", err)
+		return fmt.Errorf("cdxgen is not installed or not in PATH: %w", err)
 	}
-	cmd := exec.Command("syft", "scan", fmt.Sprintf("dir:%s", directory), //nolint:gosec
-		"-o", "cyclonedx-json", "--file", outputFile,
-		"--select-catalogers", "+github-actions-usage-cataloger", "--source-name", repo)
+	cmd := exec.Command("cdxgen", "-r", "-o", outputFile, "--install-deps", "false", "--spec-version", "1.5", directory)
 
 	output, err := cmd.CombinedOutput()
 	if err != nil {
-		return fmt.Errorf("error generating SBOM with syft: %w\nOutput: %s", err, output)
+		return fmt.Errorf("error generating SBOM with cdxgen: %w\nOutput: %s", err, output)
 	}
 
 	return nil