feat: add CycloneDX/cyclonedx-cli

[ryodocx]

CycloneDX/cyclonedx-cli: CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions

$ aqua g -i CycloneDX/cyclonedx-cli

How to confirm if this package works well

Command and output

$ cyclonedx-cli --help
cyclonedx-osx-arm64

Usage:
  cyclonedx-osx-arm64 [options] [command]

Options:
  --version       Show version information
  -?, -h, --help  Show help and usage information

Commands:
  add                         Add information to a BOM (currently supports files)
  analyze                     Analyze a BOM file
  convert                     Convert between different BOM formats
  diff <from-file> <to-file>  Generate a BOM diff
  keygen                      Generates an RSA public/private key pair for BOM signing
  merge                       Merge two or more BOMs
  sign                        Sign a BOM or file
  validate                    Validate a BOM
  verify                      Verify signatures for BOMs and files

Reference

• https://github.com/CycloneDX/cyclonedx-cli/blob/main/README.md

[suzuki-shunsuke]

Thank you for your contribution!

[suzuki-shunsuke]

I read README, https://github.com/CycloneDX/cyclonedx-cli
but I couldn't understand the command name is cyclonedx or cyclonedx-cli, because both of them are used in README.

cyclonedx-cli validate --input-file sbom.xml --fail-on-errors

--

Usage:
cyclonedx verify file [options]

I installed this tool with Homebrew according to the README, then installed command name is not cyclonedx-cli but cyclonedx.

$ brew install cyclonedx/cyclonedx/cyclonedx-cli
==> Tapping cyclonedx/cyclonedx
Cloning into '/opt/homebrew/Library/Taps/cyclonedx/homebrew-cyclonedx'...
remote: Enumerating objects: 51, done.
remote: Counting objects: 100% (51/51), done.
remote: Compressing objects: 100% (40/40), done.
remote: Total 51 (delta 11), reused 45 (delta 8), pack-reused 0
Receiving objects: 100% (51/51), 20.50 KiB | 20.50 MiB/s, done.
Resolving deltas: 100% (11/11), done.
Tapped 2 formulae (15 files, 41.1KB).
==> Fetching cyclonedx/cyclonedx/cyclonedx-cli
==> Downloading https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-osx-arm64
==> Downloading from https://objects.githubusercontent.com/github-production-release-asset-2e65be/306314377/eab2b032-2d93-46bf-8fe7-bef194d8af9d?X-Amz-Algor
######################################################################## 100.0%
==> Installing cyclonedx-cli from cyclonedx/cyclonedx
🍺  /opt/homebrew/Cellar/cyclonedx-cli/0.24.2: 3 files, 21.8MB, built in 1 second
==> Running `brew cleanup cyclonedx-cli`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).

$ which cyclonedx-cli
cyclonedx-cli not found

$ which cyclonedx    
/opt/homebrew/bin/cyclonedx

So I guess the command name should be cyclonedx.

[suzuki-shunsuke]

Of course, we can support both cyclonedx and cyclonedx-cli, but supporting both of them may be confusing.
Users may wonder which command should be used.
So I'd like to support only one command at the moment.
We can add the other when it will be needed.

[ryodocx]

I noticed the same problem too.
agree your idea and file changes.

[suzuki-shunsuke]

• CLI name is ambiguous, because both cyclonedx-cli and cyclonedx are used in document CycloneDX/cyclonedx-cli#297

[suzuki-shunsuke]

Released. https://github.com/aquaproj/aqua-registry/releases/tag/v3.112.0