You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be great if the CLI functions which read SBOMs support reading from piped standard input.
There are some cases where it is much more convenient to pipe output of one tool into another one instead of requiring files. For example: using the tools to validate a SBOM in a container requires: saving the SBOM to a file, run the container with a mounted filesystem containing the SBOM, referencing the same SBOM using a path matching how the container mount was specified, etc. whereas doing something like cat <sbom> | docker run --rm -i spdx-java-tools-validator:latest could be much simpler and could prevent needing an intermediary file altogether in certain circumstances.
A suggestion: one reasonably simple way to do this is just check the file input being just a single dash, - (like implemented in vim: vi -), which causes the system to explicitly read from stdin instead of attempting to load a file. This would allow something like the aforementioned cat <sbom> | docker run --rm -i spdx-java-tools-validator:latest Verify - to work for the example.
The text was updated successfully, but these errors were encountered:
It would be great if the CLI functions which read SBOMs support reading from piped standard input.
There are some cases where it is much more convenient to pipe output of one tool into another one instead of requiring files. For example: using the tools to validate a SBOM in a container requires: saving the SBOM to a file, run the container with a mounted filesystem containing the SBOM, referencing the same SBOM using a path matching how the container mount was specified, etc. whereas doing something like
cat <sbom> | docker run --rm -i spdx-java-tools-validator:latestcould be much simpler and could prevent needing an intermediary file altogether in certain circumstances.A suggestion: one reasonably simple way to do this is just check the file input being just a single dash,
-(like implemented in vim:vi -), which causes the system to explicitly read from stdin instead of attempting to load a file. This would allow something like the aforementionedcat <sbom> | docker run --rm -i spdx-java-tools-validator:latest Verify -to work for the example.The text was updated successfully, but these errors were encountered: