From 2c84edb46972e0d42de2e206157aa6a262d88553 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Meira?=
 <6381457+afsmeira@users.noreply.github.com>
Date: Wed, 18 Sep 2024 10:25:59 +0100
Subject: [PATCH] feature: Add SBOM support as a possible result [TAROT-2832]

---
 go.mod         |  1 +
 go.sum         | 12 ++++++++++++
 result.go      | 15 +++++++++++++++
 result_test.go |  7 ++++++-
 4 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 53b3635..252dc94 100644
--- a/go.mod
+++ b/go.mod
@@ -3,6 +3,7 @@ module github.com/codacy/codacy-engine-golang-seed/v6
 go 1.21
 
 require (
+	github.com/CycloneDX/cyclonedx-go v0.9.1
 	github.com/samber/lo v1.47.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0
diff --git a/go.sum b/go.sum
index adfd291..18237e0 100644
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,7 @@
+github.com/CycloneDX/cyclonedx-go v0.9.1 h1:yffaWOZsv77oTJa/SdVZYdgAgFioCeycBUKkqS2qzQM=
+github.com/CycloneDX/cyclonedx-go v0.9.1/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw=
+github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
+github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -11,6 +15,14 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/terminalstatic/go-xsd-validate v0.1.5 h1:RqpJnf6HGE2CB/lZB1A8BYguk8uRtcvYAPLCF15qguo=
+github.com/terminalstatic/go-xsd-validate v0.1.5/go.mod h1:18lsvYFofBflqCrvo1umpABZ99+GneNTw2kEEc8UPJw=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
 golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
diff --git a/result.go b/result.go
index 20e6b4e..7995ee3 100644
--- a/result.go
+++ b/result.go
@@ -3,6 +3,7 @@ package codacytool
 import (
 	"encoding/json"
 
+	"github.com/CycloneDX/cyclonedx-go"
 	"github.com/sirupsen/logrus"
 )
 
@@ -44,6 +45,20 @@ func (i FileError) GetFile() string {
 	return i.File
 }
 
+// SBOM represents a Software Bill of Materials in the CycloneDX format.
+type SBOM struct {
+	cyclonedx.BOM
+}
+
+func (s SBOM) ToJSON() ([]byte, error) {
+	return json.Marshal(s)
+}
+
+// GetFile always returns an empty value since SBOM is for the whole project, not a single file.
+func (s SBOM) GetFile() string {
+	return ""
+}
+
 type Results []Result
 
 func (r Results) ToJSON() []string {
diff --git a/result_test.go b/result_test.go
index ad868db..03b90ae 100644
--- a/result_test.go
+++ b/result_test.go
@@ -19,15 +19,17 @@ func TestResultsToJSON(t *testing.T) {
 		File:    "file-error",
 		Message: "file-error",
 	}
+	sbom := SBOM{}
 	badResult := BadResult{}
 
 	expectedJSONResults := []string{
 		`{"filename":"file","line":5,"message":"message","patternId":"pattern ID"}`,
 		`{"filename":"file-error","message":"file-error"}`,
+		`{"bomFormat":"","specVersion":"SpecVersion(0)","version":0}`,
 	}
 
 	// Act
-	jsonResults := Results{issue, fileError, badResult}.ToJSON()
+	jsonResults := Results{issue, fileError, sbom, badResult}.ToJSON()
 
 	// Assert
 	// Since a JSON object does not have order, we can't simply assert by doing `assert.ElementsMatch`.
@@ -44,14 +46,17 @@ func TestResultsGetFile(t *testing.T) {
 	// Arrange
 	issue := Issue{File: "issue-file"}
 	fileError := FileError{File: "file-error"}
+	sbom := SBOM{}
 
 	// Act
 	issueFile := issue.GetFile()
 	fileErrorFile := fileError.GetFile()
+	sbomFile := sbom.GetFile()
 
 	// Assert
 	assert.Equal(t, "issue-file", issueFile)
 	assert.Equal(t, "file-error", fileErrorFile)
+	assert.Empty(t, sbomFile)
 }
 
 type BadResult struct{}