Bump syft to v0.41.1 (#3)

Author: wagoodman

cmd/output_writer.go

@@ -56,10 +56,7 @@ func parseOptions(outputs []string, defaultFile string) (out []sbom.WriterOption
 			continue
 		}
 
-		out = append(out, sbom.WriterOption{
-			Format: format,
-			Path:   file,
-		})
+		out = append(out, sbom.NewWriterOption(format, file))
 	}
 	return out, errs
 }

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/adrg/xdg v0.2.1
 	github.com/anchore/stereoscope v0.0.0-20220307154759-8a5a70c227d3
-	github.com/anchore/syft v0.41.0
+	github.com/anchore/syft v0.41.1
 	github.com/containerd/containerd v1.5.10 // indirect
 	github.com/containerd/continuity v0.2.2 // indirect
 	github.com/docker/cli v20.10.12+incompatible

go.sum

@@ -267,8 +267,8 @@ github.com/anchore/packageurl-go v0.0.0-20210922164639-b3fa992ebd29 h1:K9Lfnxwhq
 github.com/anchore/packageurl-go v0.0.0-20210922164639-b3fa992ebd29/go.mod h1:Oc1UkGaJwY6ND6vtAqPSlYrptKRJngHwkwB6W7l1uP0=
 github.com/anchore/stereoscope v0.0.0-20220307154759-8a5a70c227d3 h1:Kx2jlMdENAf4cVjYGYLI+fiavVhzhtmU89GUYDITJ1w=
 github.com/anchore/stereoscope v0.0.0-20220307154759-8a5a70c227d3/go.mod h1:XESZQTgFETDBatmyoet6XZ0zVknoIMDSAhj2INj2a5w=
-github.com/anchore/syft v0.41.0 h1:d39UthynwpE88iAWJYRYDFVarfkGOcqCQHt6IPHXWBs=
-github.com/anchore/syft v0.41.0/go.mod h1:SQuKJ0oTc1cJGRE1dYbFWN+uPb9R2zltCoqpnWyDJ/M=
+github.com/anchore/syft v0.41.1 h1:HzRwGX3Qv6CLA1oveqx+K8tfs/2jo+w6O/VeeL8oiZE=
+github.com/anchore/syft v0.41.1/go.mod h1:SQuKJ0oTc1cJGRE1dYbFWN+uPb9R2zltCoqpnWyDJ/M=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.0/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=

test/cli/sbom_cmd_test.go

@@ -1,6 +1,8 @@
 package cli
 
 import (
+	"fmt"
+	"path/filepath"
 	"strings"
 	"testing"
 )
@@ -118,6 +120,26 @@ func TestSBOMCmdFlags(t *testing.T) {
 				assertSuccessfulReturnCode,
 			},
 		},
+		{
+			name: "json-file-flag",
+			args: []string{"sbom", "-o", "json", "--file", filepath.Join(tmp, "output-1.json"), coverageImage},
+			assertions: []traitAssertion{
+				assertSuccessfulReturnCode,
+				assertFileOutput(t, filepath.Join(tmp, "output-1.json"),
+					assertJsonReport,
+				),
+			},
+		},
+		{
+			name: "json-output-flag-to-file",
+			args: []string{"sbom", "-o", fmt.Sprintf("json=%s", filepath.Join(tmp, "output-2.json")), coverageImage},
+			assertions: []traitAssertion{
+				assertSuccessfulReturnCode,
+				assertFileOutput(t, filepath.Join(tmp, "output-2.json"),
+					assertJsonReport,
+				),
+			},
+		},
 	}
 
 	for _, tt := range tests {

test/cli/trait_assertions_test.go

@@ -10,10 +10,26 @@ import (
 	"testing"
 
 	"github.com/acarl005/stripansi"
+	"github.com/stretchr/testify/require"
 )
 
 type traitAssertion func(tb testing.TB, stdout, stderr string, rc int)
 
+func assertFileOutput(tb testing.TB, path string, assertions ...traitAssertion) traitAssertion {
+	tb.Helper()
+
+	return func(tb testing.TB, _, stderr string, rc int) {
+		content, err := os.ReadFile(path)
+		require.NoError(tb, err)
+		contentStr := string(content)
+
+		for _, assertion := range assertions {
+			// treat the file content as stdout
+			assertion(tb, contentStr, stderr, rc)
+		}
+	}
+}
+
 func assertJsonReport(tb testing.TB, stdout, _ string, _ int) {
 	tb.Helper()
 	var data interface{}