SBOM ingestion

cli/docs/enrich/help.go

@@ -0,0 +1,13 @@
+package enrich
+
+import (
+	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
+)
+
+func GetDescription() string {
+	return "Enrich sbom format JSON located on the local file-system with Xray."
+}
+
+func GetArguments() []components.Argument {
+	return []components.Argument{{Name: "File path", Description: `Specifies the local file system path of the JSON to be scanned.`}}
+}

cli/docs/flags.go

@@ -22,6 +22,7 @@ const (
 	Audit                = "audit"
 	CurationAudit        = "curation-audit"
 	GitCountContributors = "count-contributors"
+	Enrich               = "sbom-enrich"
 
 	// TODO: Deprecated commands (remove at next CLI major version)
 	AuditMvn    = "audit-maven"
@@ -134,6 +135,9 @@ var commandFlags = map[string][]string{
 		url, user, password, accessToken, ServerId, SpecFlag, Threads, scanRecursive, scanRegexp, scanAnt,
 		Project, Watches, RepoPath, Licenses, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly,
 	},
+	Enrich: {
+		url, user, password, accessToken, ServerId, Threads,
+	},
 	BuildScan: {
 		url, user, password, accessToken, ServerId, Project, Vuln, OutputFormat, Fail, ExtendedTable, Rescan,
 	},

cli/scancommands.go

@@ -2,6 +2,8 @@ package cli
 
 import (
 	"fmt"
+	enrichDocs "github.com/jfrog/jfrog-cli-security/cli/docs/enrich"
+	"github.com/jfrog/jfrog-cli-security/commands/enrich"
 	"os"
 	"strings"
 
@@ -51,6 +53,14 @@ func getAuditAndScansCommands() []components.Command {
 			Category:    auditScanCategory,
 			Action:      ScanCmd,
 		},
+		{
+			Name:        "sbom-enrich",
+			Aliases:     []string{"se"},
+			Flags:       flags.GetCommandFlags(flags.Enrich),
+			Description: enrichDocs.GetDescription(),
+			Arguments:   enrichDocs.GetArguments(),
+			Action:      EnrichCmd,
+		},
 		{
 			Name:        "build-scan",
 			Aliases:     []string{"bs"},
@@ -154,6 +164,32 @@ func getAuditAndScansCommands() []components.Command {
 	}
 }
 
+func EnrichCmd(c *components.Context) error {
+	if len(c.Arguments) == 0 {
+		return pluginsCommon.PrintHelpAndReturnError("providing a file path argument is mandatory", c)
+	}
+	serverDetails, err := createServerDetailsWithConfigOffer(c)
+	if err != nil {
+		return err
+	}
+	if err = validateXrayContext(c, serverDetails); err != nil {
+		return err
+	}
+	specFile := createDefaultScanSpec(c, addTrailingSlashToRepoPathIfNeeded(c))
+	if err = spec.ValidateSpec(specFile.Files, false, false); err != nil {
+		return err
+	}
+	threads, err := pluginsCommon.GetThreadsCount(c)
+	if err != nil {
+		return err
+	}
+	EnrichCmd := enrich.NewEnrichCommand().
+		SetServerDetails(serverDetails).
+		SetThreads(threads).
+		SetSpec(specFile)
+	return commandsCommon.Exec(EnrichCmd)
+}
+
 func ScanCmd(c *components.Context) error {
 	if len(c.Arguments) == 0 && !c.IsFlagSet(flags.SpecFlag) {
 		return pluginsCommon.PrintHelpAndReturnError("providing either a <source pattern> argument or the 'spec' option is mandatory", c)