Allow image upload without sbom

commands/cmd.go

@@ -25,6 +25,7 @@ import (
 	"strings"
 
 	"github.com/docker/index-cli-plugin/internal"
+	"github.com/docker/index-cli-plugin/sbom"
 
 	"github.com/moby/term"
 	"github.com/pkg/errors"
@@ -38,7 +39,6 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/index-cli-plugin/format"
 	"github.com/docker/index-cli-plugin/query"
-	"github.com/docker/index-cli-plugin/sbom"
 	"github.com/docker/index-cli-plugin/types"
 )
 
@@ -73,8 +73,8 @@ func NewRootCmd(name string, isPlugin bool, dockerCli command.Cli) *cobra.Comman
 	config := dockerCli.ConfigFile()
 
 	var (
-		output, ociDir, image, workspace                       string
-		apiKeyStdin, includeCves, includeBaseImages, remediate bool
+		output, ociDir, image, workspace                                    string
+		apiKeyStdin, includeCves, includeBaseImages, remediate, includeSbom bool
 	)
 
 	logoutCommand := &cobra.Command{
@@ -181,14 +181,18 @@ func NewRootCmd(name string, isPlugin bool, dockerCli command.Cli) *cobra.Comman
 			if err != nil {
 				return err
 			}
+			if !includeSbom {
+				sb.Artifacts = nil
+			}
 			return sbom.UploadSbom(sb, workspace, apiKey)
 		},
 	}
 	uploadCommandFlags := uploadCommand.Flags()
-	uploadCommandFlags.StringVar(&image, "image", "", "Image reference to index")
-	uploadCommandFlags.StringVar(&ociDir, "oci-dir", "", "Path to image in OCI format")
-	uploadCommandFlags.StringVar(&workspace, "workspace", "", "Atomist workspace")
+	uploadCommandFlags.StringVarP(&image, "image", "i", "", "Image reference to index")
+	uploadCommandFlags.StringVarP(&ociDir, "oci-dir", "d", "", "Path to image in OCI format")
+	uploadCommandFlags.StringVarP(&workspace, "workspace", "w", "", "Atomist workspace")
 	uploadCommandFlags.BoolVar(&apiKeyStdin, "api-key-stdin", false, "Atomist API key")
+	uploadCommandFlags.BoolVarP(&includeSbom, "sbom", "s", false, "Add SBOM")
 
 	cveCommand := &cobra.Command{
 		Use:   "cve [OPTIONS] CVE_ID",

sbom/upload.go

@@ -145,16 +145,18 @@ func transactSbom(sb *types.Sbom, newTransaction func() skill.Transaction) (*Ima
 		Layers:               &layers,
 		BlobDigest:           digests[len(digests)-1].String(),
 		DiffChainId:          diffIds[len(diffIds)-1].String(),
-
-		SbomVersion:      sb.Descriptor.SbomVersion,
-		SbomState:        Indexing,
-		SbomLastUpdated:  &now,
-		SbomPackageCount: len(sb.Artifacts),
 	}
 	if sha != "" {
 		image.Sha = sha
 	}
 
+	if sb.Artifacts != nil {
+		image.SbomVersion = sb.Descriptor.SbomVersion
+		image.SbomState = Indexing
+		image.SbomLastUpdated = &now
+		image.SbomPackageCount = len(sb.Artifacts)
+	}
+
 	if sb.Source.Image.Tags != nil && len(*sb.Source.Image.Tags) > 0 {
 		image.Tags = &skill.ManyRef{Add: *sb.Source.Image.Tags}
 
@@ -189,8 +191,7 @@ func transactSbom(sb *types.Sbom, newTransaction func() skill.Transaction) (*Ima
 		transaction := newTransaction().Ordered()
 
 		image = ImageEntity{
-			Digest:    sb.Source.Image.Digest,
-			SbomState: Indexing,
+			Digest: sb.Source.Image.Digest,
 		}
 
 		for _, p := range packages {
@@ -235,8 +236,13 @@ func transactSbom(sb *types.Sbom, newTransaction func() skill.Transaction) (*Ima
 	}
 
 	image = ImageEntity{
-		Digest:    sb.Source.Image.Digest,
-		SbomState: Indexed,
+		Digest:       sb.Source.Image.Digest,
+		Repository:   &repository,
+		Repositories: &[]RepositoryEntity{repository},
+		SbomState:    Indexed,
+	}
+	if sb.Artifacts != nil {
+		image.SbomState = Indexed
 	}
 	err = newTransaction().Ordered().AddEntities(image).Transact()
 	if err != nil {
@@ -401,7 +407,7 @@ type ImageEntity struct {
 	DiffChainId          string                       `edn:"docker.image/diff-chain-id,omitempty"`
 	Sha                  string                       `edn:"docker.image/sha,omitempty"`
 
-	SbomState        edn.Keyword `edn:"sbom/state"`
+	SbomState        edn.Keyword `edn:"sbom/state,omitempty"`
 	SbomVersion      string      `edn:"sbom/version,omitempty"`
 	SbomLastUpdated  *time.Time  `edn:"sbom/last-updated,omitempty"`
 	SbomPackageCount int         `edn:"sbom/package-count,omitempty"`