From f9638b756637dfade877d00dcbac0bd15f13e056 Mon Sep 17 00:00:00 2001
From: Benji Visser <benji@093b.org>
Date: Mon, 24 Jul 2023 22:40:02 -0600
Subject: [PATCH] Send SBOM w/ xeol.io event (#83)

Signed-off-by: Benji Visser <benji@093b.org>
---
 cmd/root.go          | 13 +++++++++++++
 go.mod               |  2 +-
 xeol/report/model.go |  1 +
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/cmd/root.go b/cmd/root.go
index 9147c02d..ff9b19af 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -1,13 +1,17 @@
 package cmd
 
 import (
+	"bytes"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"os"
 	"sync"
 	"time"
 
+	"github.com/CycloneDX/cyclonedx-go"
 	"github.com/anchore/stereoscope"
+	"github.com/anchore/syft/syft/formats/common/cyclonedxhelpers"
 	"github.com/anchore/syft/syft/sbom"
 	"github.com/anchore/syft/syft/source"
 	"github.com/spf13/cobra"
@@ -322,12 +326,21 @@ func startWorker(userInput string, failOnEolFound bool, eolMatchDate time.Time)
 		}
 
 		if appConfig.APIKey != "" {
+			buf := new(bytes.Buffer)
+			bom := cyclonedxhelpers.ToFormatModel(*sbom)
+			enc := cyclonedx.NewBOMEncoder(buf, cyclonedx.BOMFileFormatJSON)
+			if err := enc.Encode(bom); err != nil {
+				errs <- fmt.Errorf("failed to encode sbom: %w", err)
+				return
+			}
+
 			if err := x.SendEvent(report.XeolEventPayload{
 				Matches:   allMatches.Sorted(),
 				Packages:  packages,
 				Context:   pkgContext,
 				AppConfig: appConfig,
 				ImageName: sbom.Source.ImageMetadata.UserInput,
+				Sbom:      base64.StdEncoding.EncodeToString(buf.Bytes()),
 			}); err != nil {
 				errs <- fmt.Errorf("failed to send eol event: %w", err)
 				return
diff --git a/go.mod b/go.mod
index b9e29bdb..d7d03064 100644
--- a/go.mod
+++ b/go.mod
@@ -3,6 +3,7 @@ module github.com/xeol-io/xeol
 go 1.18
 
 require (
+	github.com/CycloneDX/cyclonedx-go v0.7.1
 	github.com/Masterminds/semver v1.5.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/adrg/xdg v0.4.0
@@ -56,7 +57,6 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v0.13.0 // indirect
 	cloud.google.com/go/storage v1.28.1 // indirect
-	github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect
 	github.com/DataDog/zstd v1.4.5 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
diff --git a/xeol/report/model.go b/xeol/report/model.go
index a36e9de1..b6172804 100644
--- a/xeol/report/model.go
+++ b/xeol/report/model.go
@@ -11,4 +11,5 @@ type XeolEventPayload struct {
 	Context   pkg.Context
 	AppConfig interface{}
 	ImageName string
+	Sbom      string
 }