feat: Return NTIA Compliance as return code

anthonyharrison · Oct 5, 2023 · 5b6c554 · 5b6c554
1 parent 5ea2405
commit 5b6c554
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -54,13 +54,14 @@ Output:
 The `--input-file` option is used to specify the SBOM to be processed. The format of the SBOM is determined according to
 the following filename conventions.
 
-| SBOM      | Format    | Filename extension |
-| --------- | --------- |--------------------|
-| SPDX      | TagValue  | .spdx              |
-| SPDX      | JSON      | .spdx.json         |
-| SPDX      | YAML      | .spdx.yaml         |
-| SPDX      | YAML      | .spdx.yml          |
-| CycloneDX | JSON      | .json              |
+| SBOM      | Format   | Filename extension |
+| --------- |----------|--------------------|
+| SPDX      | TagValue | .spdx              |
+| SPDX      | JSON     | .spdx.json         |
+| SPDX      | YAML     | .spdx.yaml         |
+| SPDX      | YAML     | .spdx.yml          |
+| CycloneDX | JSON     | .json              |
+| CycloneDX | XML      | .xml               |
 
 The `--offline` option is used when the tool is used in an environment where access to external systems is not available. This means
 that some audit checks are not performed.
@@ -445,7 +446,7 @@ As the `--verbose` option is specified, the resulting JSON file contains the res
   ],
   "summary": [
     {
-      "text": "NTIA conformant",
+      "text": "NTIA Summary",
       "state": "Pass"
     },
     {
@@ -460,6 +461,14 @@ As the `--verbose` option is specified, the resulting JSON file contains the res
 }
 ```
 
+## Return Values
+
+The following values are returned:
+
+- -1 indicates SBOM file not specified
+- 0 indicates NTIA compliance has failed
+- 1 indicates NTIA compliance has passed
+
 ## License
 
 Licensed under the Apache 2.0 License.

diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,4 @@
-lib4sbom >= 0.4.0
+lib4sbom >= 0.5.0
 rich
 requests
 packageurl-python

diff --git a/sbomaudit/audit.py b/sbomaudit/audit.py
@@ -601,3 +601,5 @@ def audit_sbom(self, sbom_parser):
         self._show_text(f"Checks passed {self.check_count['Pass']}")
         self._show_text(f"Checks failed {self.check_count['Fail']}")
         self.audit["summary"] = self.component
+
+        return valid_sbom
diff --git a/sbomaudit/cli.py b/sbomaudit/cli.py
@@ -167,6 +167,7 @@ def main(argv=None):
     }
 
     sbom_parser = SBOMParser()
+    ntia_compliance = False
     # Load SBOM - will autodetect SBOM type
     try:
         sbom_parser.parse_file(input_file)
@@ -176,7 +177,7 @@ def main(argv=None):
             sbom_audit.process_file(args["allow"], allow=True)
         if args["deny"]:
             sbom_audit.process_file(args["deny"], allow=False)
-        sbom_audit.audit_sbom(sbom_parser)
+        ntia_compliance = sbom_audit.audit_sbom(sbom_parser)
 
         if args["output_file"] != "":
             audit_out = SBOMOutput(args["output_file"], "json")
@@ -185,7 +186,8 @@ def main(argv=None):
     except FileNotFoundError:
         print(f"{input_file} not found")
 
-    return 0
+    # Return 0 for False, 1 for True
+    return int(ntia_compliance)
 
 
 if __name__ == "__main__":

diff --git a/sbomaudit/version.py b/sbomaudit/version.py
@@ -1,4 +1,4 @@
 # Copyright (C) 2023 Anthony Harrison
 # SPDX-License-Identifier: Apache-2.0
 
-VERSION: str = "0.3.0"
+VERSION: str = "0.3.1"