Offer a CLI for interacting with the REST API and other related tasks

[nscuro]

Functionality should include:

• Interacting with REST API
  • List, view, create, update, delete
  • Upload BOMs
• Quality gate functionality for CI
  1. Upload BOM
  2. Wait for Processing to complete
  3. Fetch findings and policy violations
  4. Evaluate against quality gate definition
• Validating of vulnerability policies (Support global vulnerability analysis policies #930)
  • JSON schema validation
  • Validation of CEL expressions
• Testing vulnerability policies against provided inputs

Some high-level thoughts on implementation:

• While other technologies like Go are way better suited for CLI use cases, using a different technology means we cannot share any code with the main codebase

[VinodAnandan]

While other technologies like Go are way better suited for CLI use cases, using a different technology means we cannot share any code with the main codebase

Could you please share more details on this ?

[nscuro]

@VinodAnandan If we use the same technology for both API server and CLI, we have opportunities to share code among them. API models, validation, potentially CEL evaluation and more. If we use Java in the API server and Go in the CLI, we always have to keep the Go code in sync.

I'm not saying this is the definitive way forward, but it should be a well-thought out decision no matter which tech we end up using.