search

CycloneDX / cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
https://cyclonedx.org/
Apache License 2.0
314 stars 62 forks source link

[docs] Clarify Option Placement in verify file Command Help #414

Open viveksahu26 opened 13 hours ago

viveksahu26 commented 13 hours ago

Description:

The help documentation for the verify file command in cyclonedx-cli appears to incorrectly specify the placement of options like --key-file and --signature-file.

Current Help Text:

Usage:
  cyclonedx-cli [options] verify file <file>

This suggests that options such as --key-file and --signature-file should be placed before the verify file subcommand. For example:

cyclonedx-cli --key-file public_key.pem --signature-file sbom.sig verify file SPDXJSONExample-v2.3.spdx.json

However, this does not work. The correct syntax is:

cyclonedx-cli verify file SPDXJSONExample-v2.3.spdx.json --key-file public_key.pem --signature-file sbom.sig

Expected Behavior:

The help text should clarify that the options --key-file and --signature-file must be placed after the verify file subcommand and <file> argument.

andreas-hilti commented 10 hours ago

Compare also https://github.com/CycloneDX/cyclonedx-cli/issues/382.

viveksahu26 commented 9 hours ago

Yes, it's duplicate.