surendrapathak
commented
1 year ago Use case sbomgr should be able to list PURLs matching a given component name from multiple SBOMs in a simple table e.g.
sbomgr packages - E -P 'aerospike' -O tool, purl
-O should support
- file : Name of the SBOM file
- filep : Full path of the file (including name)
- tool : SBOM generator tool
- tools: SBOM generator version
- cpe : the first CPE listed in the matching package (e.g., cpe:xxx [+3 more])
- purl: similar to CPE
- name : Component name
- version : Component version (or 'N/A')
Limit:
- O is limited to tabular output and is ignored for JSON output
- Use 'tabs' for whitespace between column
Actual Behavior Example of grepping through 'aerospike' image for purl 'aerospike'
Note that the last column is a PURL and it can be understood why grep matched them.
Example of grepping through 'aerospike' image for CPE 'aerospike'
Note that the last column is still PURL, and it is unclear why these were matched and not others.
Expected Behavior Both CPE and PURL searches should display information in a way it is consistent with the user's expectations. So, showing the match or letting the user customize the output will be a better experience.