Merge pull request #17 from aniruth37/main

jeffmendoza · web-flow · commit 1d6b09253074 · 2025-11-25T15:12:03.000-08:00
feat: introduce min-score parameter as a score threshold
diff --git a/README.md b/README.md
@@ -19,14 +19,13 @@ Make sure `$GOBIN` is in your path.
 
 Example:
 ```sh
-cdsbom -out enhanced-sbom.json input-sbom.json
+cdsbom -min-score 50 -out enhanced-sbom.json input-sbom.json
 ```
 
 This will read `input-sbom.json` and query ClearlyDefined for License
 information. The License fields in the SBOM will be replaced to use the license
-data returned from ClearlyDefined. A new sbom will be written to
-`enhanced-sbom.json` with the updated fields in the same format as the input
-sbom.
+data returned from ClearlyDefined (with the Clearly Defined effective score greater than or equal to the **min-score**).
+A new sbom will be written to `enhanced-sbom.json` with the updated fields in the same format as the input sbom.
 
 Supported formats are the [same as
 Protobom](https://github.com/protobom/protobom/blob/main/README.md#supported-versions-and-formats).
diff --git a/main.go b/main.go
@@ -22,11 +22,11 @@ import (
 )
 
 func main() {
-	inFile, outFile := flags()
+	inFile, outFile, minScore := flags()
 
 	document, format := read(inFile)
 
-	if err := enhance.Do(context.Background(), document); err != nil {
+	if err := enhance.Do(context.Background(), document, minScore); err != nil {
 		fmt.Printf("Error enhancing sbom: %v\n", err)
 		os.Exit(1)
 	}
@@ -36,9 +36,10 @@ func main() {
 }
 
 // flags sets up and parses flags. Return values are input file and output file
-// respecively.
-func flags() (string, string) {
+// respectively.
+func flags() (string, string, int) {
 	o := flag.String("out", "", "Name of output file, default is <infile>-new.json")
+	s := flag.Int("min-score", 0, "The minimum effective cd score for license confidence (0-100). Default is 0.")
 
 	flag.Usage = func() {
 		fmt.Printf("Usage of %s:\n", os.Args[0])
@@ -66,7 +67,7 @@ func flags() (string, string) {
 		}
 	}
 
-	return i, *o
+	return i, *o, *s
 }
 
 // read reads in the sbom document and also returns the format.
diff --git a/pkg/enhance/enhance.go b/pkg/enhance/enhance.go
@@ -45,13 +45,13 @@ func init() {
 // provided protobom Document with results from ClearlyDefined Warnings and
 // updates are printed to stdout. TODO: Update to use a provided io.Writer or
 // logger, also to use provided http client/transport and context.
-func Do(ctx context.Context, s *sbom.Document) error {
+func Do(ctx context.Context, s *sbom.Document, minScore int) error {
 	coords := CoordList(s)
 	defs, err := getDefs(ctx, coords)
 	if err != nil {
 		return err
 	}
-	updateLicenses(s, defs)
+	updateLicenses(s, defs, minScore)
 	return nil
 }
 
@@ -121,13 +121,13 @@ func getDefsFromService(ctx context.Context, coords []string) (map[string]*cd.De
 	return defs, nil
 }
 
-func updateLicenses(s *sbom.Document, defs map[string]*cd.Definition) {
+func updateLicenses(s *sbom.Document, defs map[string]*cd.Definition, minScore int) {
 	for _, node := range s.GetNodeList().GetNodes() {
-		updateNode(node, defs)
+		updateNode(node, defs, minScore)
 	}
 }
 
-func updateNode(n *sbom.Node, defs map[string]*cd.Definition) {
+func updateNode(n *sbom.Node, defs map[string]*cd.Definition, minScore int) {
 	p := n.GetIdentifiers()[int32(sbom.SoftwareIdentifierType_PURL)]
 	if p == "" {
 		return
@@ -145,7 +145,7 @@ func updateNode(n *sbom.Node, defs map[string]*cd.Definition) {
 	}
 	old := strings.Join(n.GetLicenses(), " AND ")
 	new := d.Licensed.Declared
-	if old != new {
+	if old != new && d.Scores.Effective >= minScore {
 		fmt.Printf("Update Declared License\n")
 		fmt.Printf("Name: %v\tVersion: %v\n", n.GetName(), n.GetVersion())
 		fmt.Printf("\t\t\t\tSBOM License: %q\tCD License: %q\n", old, new)
@@ -154,7 +154,7 @@ func updateNode(n *sbom.Node, defs map[string]*cd.Definition) {
 
 	oldDisc := n.GetLicenseConcluded()
 	newDisc := strings.Join(d.Licensed.Facets.Core.Discovered.Expressions, " AND ")
-	if oldDisc != newDisc {
+	if oldDisc != newDisc && d.Scores.Effective >= minScore {
 		fmt.Printf("Update Discovered License\n")
 		fmt.Printf("Name: %v\tVersion: %v\n", n.GetName(), n.GetVersion())
 		fmt.Printf("\t\t\t\tSBOM License: %q\tCD License: %q\n", oldDisc, newDisc)

Original file line number	Diff line number	Diff line change
`@@ -22,11 +22,11 @@ import (`
`22`	`22`	`)`
`23`	`23`
`24`	`24`	`func main() {`
`25`		`- inFile, outFile := flags()`
	`25`	`+ inFile, outFile, minScore := flags()`
`26`	`26`
`27`	`27`	`document, format := read(inFile)`
`28`	`28`
`29`		`- if err := enhance.Do(context.Background(), document); err != nil {`
	`29`	`+ if err := enhance.Do(context.Background(), document, minScore); err != nil {`
`30`	`30`	`fmt.Printf("Error enhancing sbom: %v\n", err)`
`31`	`31`	`os.Exit(1)`
`32`	`32`	`}`
`@@ -36,9 +36,10 @@ func main() {`
`36`	`36`	`}`
`37`	`37`
`38`	`38`	`// flags sets up and parses flags. Return values are input file and output file`
`39`		`-// respecively.`
`40`		`-func flags() (string, string) {`
	`39`	`+// respectively.`
	`40`	`+func flags() (string, string, int) {`
`41`	`41`	`o := flag.String("out", "", "Name of output file, default is <infile>-new.json")`
	`42`	`+ s := flag.Int("min-score", 0, "The minimum effective cd score for license confidence (0-100). Default is 0.")`
`42`	`43`
`43`	`44`	`flag.Usage = func() {`
`44`	`45`	`fmt.Printf("Usage of %s:\n", os.Args[0])`
`@@ -66,7 +67,7 @@ func flags() (string, string) {`
`66`	`67`	`}`
`67`	`68`	`}`
`68`	`69`
`69`		`- return i, *o`
	`70`	`+ return i, o, s`
`70`	`71`	`}`
`71`	`72`
`72`	`73`	`// read reads in the sbom document and also returns the format.`