include sbom param in git audit cmd

attiasas · attiasas · commit b91778ed86d9 · 2025-10-21T15:03:35.000+03:00
diff --git a/cli/docs/flags.go b/cli/docs/flags.go
@@ -183,7 +183,7 @@ var commandFlags = map[string][]string{
 		scanProjectKey, Watches, ScanVuln, Fail,
 		// Scan params
 		Threads, ExclusionsAudit,
-		Sca, Iac, Sast, Secrets, WithoutCA, SecretValidation,
+		Sca, Iac, Sast, Secrets, WithoutCA, SecretValidation, Sbom,
 		// Output params
 		Licenses, OutputFormat, ExtendedTable, OutputDir, UploadRtRepoPath,
 		// Scan Logic params
diff --git a/cli/gitcommands.go b/cli/gitcommands.go
@@ -70,6 +70,7 @@ func GitAuditCmd(c *components.Context) error {
 	} else if len(subScans) > 0 {
 		gitAuditCmd.SetScansToPerform(subScans)
 	}
+	gitAuditCmd.SetIncludeSbom(shouldIncludeSbom(c, format))
 	if threads, err := pluginsCommon.GetThreadsCount(c); err != nil {
 		return err
 	} else {
diff --git a/cli/scancommands.go b/cli/scancommands.go
@@ -287,7 +287,7 @@ func ScanCmd(c *components.Context) error {
 		SetBaseRepoPath(repoPath).
 		SetIncludeVulnerabilities(c.GetBoolFlagValue(flags.Vuln) || shouldIncludeVulnerabilities(c)).
 		SetIncludeLicenses(c.GetBoolFlagValue(flags.Licenses)).
-		SetIncludeSbom(c.GetBoolFlagValue(flags.Sbom)).
+		SetIncludeSbom(shouldIncludeSbom(c, format)).
 		SetFail(c.GetBoolFlagValue(flags.Fail)).
 		SetPrintExtendedTable(c.GetBoolFlagValue(flags.ExtendedTable)).
 		SetBypassArchiveLimits(c.GetBoolFlagValue(flags.BypassArchiveLimits)).
@@ -453,16 +453,11 @@ func CreateAuditCmd(c *components.Context) (string, string, *coreConfig.ServerDe
 	auditCmd.SetScaScanStrategy(scaScanStrategy)
 	auditCmd.SetViolationGenerator(violationGenerator)
 	auditCmd.SetUploadCdxResults(uploadResults).SetRtResultRepository(c.GetStringFlagValue(flags.UploadRtRepoPath))
-	// Make sure include SBOM is only set if the output format supports it
-	includeSbom := c.GetBoolFlagValue(flags.Sbom)
-	if includeSbom && format != outputFormat.Table && format != outputFormat.CycloneDx {
-		log.Warn(fmt.Sprintf("The '--%s' flag is only supported with the 'table' or 'cyclonedx' output format. The SBOM will not be included in the output.", flags.Sbom))
-	}
 	auditCmd.SetTargetRepoPath(addTrailingSlashToRepoPathIfNeeded(c)).
 		SetProject(getProject(c)).
 		SetIncludeVulnerabilities(c.GetBoolFlagValue(flags.Vuln)).
 		SetIncludeLicenses(c.GetBoolFlagValue(flags.Licenses)).
-		SetIncludeSbom(includeSbom).
+		SetIncludeSbom(shouldIncludeSbom(c, format)).
 		SetFail(c.GetBoolFlagValue(flags.Fail)).
 		SetPrintExtendedTable(c.GetBoolFlagValue(flags.ExtendedTable)).
 		SetMinSeverityFilter(minSeverity).
@@ -709,7 +704,7 @@ func DockerScan(c *components.Context, image string) error {
 		SetBaseRepoPath(addTrailingSlashToRepoPathIfNeeded(c)).
 		SetIncludeVulnerabilities(c.GetBoolFlagValue(flags.Vuln) || shouldIncludeVulnerabilities(c)).
 		SetIncludeLicenses(c.GetBoolFlagValue(flags.Licenses)).
-		SetIncludeSbom(c.GetBoolFlagValue(flags.Sbom)).
+		SetIncludeSbom(shouldIncludeSbom(c, format)).
 		SetFail(c.GetBoolFlagValue(flags.Fail)).
 		SetPrintExtendedTable(c.GetBoolFlagValue(flags.ExtendedTable)).
 		SetBypassArchiveLimits(c.GetBoolFlagValue(flags.BypassArchiveLimits)).
diff --git a/cli/utils.go b/cli/utils.go
@@ -187,3 +187,12 @@ func getFlagValueAsString(c *components.Context, flag components.Flag) string {
 	}
 	return ""
 }
+
+func shouldIncludeSbom(c *components.Context, format outputFormat.OutputFormat) bool {
+	// Make sure include SBOM is only set if the output format supports it
+	includeSbom := c.GetBoolFlagValue(flags.Sbom)
+	if includeSbom && format != outputFormat.Table && format != outputFormat.CycloneDx {
+		log.Warn(fmt.Sprintf("The '--%s' flag is only supported with the 'table' or 'cyclonedx' output format. The SBOM will not be included in the output.", flags.Sbom))
+	}
+	return includeSbom
+}
diff --git a/commands/git/audit/gitaudit.go b/commands/git/audit/gitaudit.go
@@ -87,7 +87,7 @@ func toAuditParams(params GitAuditParams) *sourceAudit.AuditParams {
 		params.gitContext.Source.GitRepoHttpsCloneUrl,
 		params.resultsContext.IncludeVulnerabilities,
 		params.resultsContext.IncludeLicenses,
-		false,
+		params.includeSbom,
 	)
 	auditParams.SetResultsContext(resultContext)
 	log.Debug(fmt.Sprintf("Results context: %+v", resultContext))
diff --git a/commands/git/audit/gitauditparams.go b/commands/git/audit/gitauditparams.go
@@ -23,6 +23,7 @@ type GitAuditParams struct {
 	failBuild      bool
 	// Scan params
 	scansToPerform []utils.SubScanType
+	includeSbom    bool
 	threads        int
 	exclusions     []string
 	// Output params
@@ -163,3 +164,8 @@ func (gap *GitAuditParams) SetRtResultRepository(rtResultRepository string) *Git
 func (gap *GitAuditParams) RtResultRepository() string {
 	return gap.rtResultRepository
 }
+
+func (gap *GitAuditParams) SetIncludeSbom(includeSbom bool) *GitAuditParams {
+	gap.includeSbom = includeSbom
+	return gap
+}

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ func GitAuditCmd(c *components.Context) error {`
`70`	`70`	`} else if len(subScans) > 0 {`
`71`	`71`	`gitAuditCmd.SetScansToPerform(subScans)`
`72`	`72`	`}`
	`73`	`+ gitAuditCmd.SetIncludeSbom(shouldIncludeSbom(c, format))`
`73`	`74`	`if threads, err := pluginsCommon.GetThreadsCount(c); err != nil {`
`74`	`75`	`return err`
`75`	`76`	`} else {`
Original file line number	Diff line number	Diff line change
`@@ -187,3 +187,12 @@ func getFlagValueAsString(c *components.Context, flag components.Flag) string {`
`187`	`187`	`}`
`188`	`188`	`return ""`
`189`	`189`	`}`
	`190`	`+`
	`191`	`+func shouldIncludeSbom(c *components.Context, format outputFormat.OutputFormat) bool {`
	`192`	`+ // Make sure include SBOM is only set if the output format supports it`
	`193`	`+ includeSbom := c.GetBoolFlagValue(flags.Sbom)`
	`194`	`+ if includeSbom && format != outputFormat.Table && format != outputFormat.CycloneDx {`
	`195`	`+ log.Warn(fmt.Sprintf("The '--%s' flag is only supported with the 'table' or 'cyclonedx' output format. The SBOM will not be included in the output.", flags.Sbom))`
	`196`	`+ }`
	`197`	`+ return includeSbom`
	`198`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func toAuditParams(params GitAuditParams) *sourceAudit.AuditParams {`
`87`	`87`	`params.gitContext.Source.GitRepoHttpsCloneUrl,`
`88`	`88`	`params.resultsContext.IncludeVulnerabilities,`
`89`	`89`	`params.resultsContext.IncludeLicenses,`
`90`		`- false,`
	`90`	`+ params.includeSbom,`
`91`	`91`	`)`
`92`	`92`	`auditParams.SetResultsContext(resultContext)`
`93`	`93`	`log.Debug(fmt.Sprintf("Results context: %+v", resultContext))`