Allow specific versions of formats to be specified

cmd/syft/cli/attest/attest.go

@@ -22,7 +22,6 @@ import (
 	"github.com/anchore/syft/syft/event/monitor"
 	"github.com/anchore/syft/syft/formats/syftjson"
 	"github.com/anchore/syft/syft/formats/table"
-	"github.com/anchore/syft/syft/formats/template"
 	"github.com/anchore/syft/syft/sbom"
 	"github.com/anchore/syft/syft/source"
 )
@@ -176,16 +175,9 @@ func execWorker(app *config.Application, si source.Input, writer sbom.Writer) <-
 }
 
 func ValidateOutputOptions(app *config.Application) error {
-	var usesTemplateOutput bool
-	for _, o := range app.Outputs {
-		if o == template.ID.String() {
-			usesTemplateOutput = true
-			break
-		}
-	}
-
-	if usesTemplateOutput && app.OutputTemplatePath == "" {
-		return fmt.Errorf(`must specify path to template file when using "template" output format`)
+	err := packages.ValidateOutputOptions(app)
+	if err != nil {
+		return err
 	}
 
 	if len(app.Outputs) > 1 {

cmd/syft/cli/convert/convert.go

@@ -8,7 +8,7 @@ import (
 	"github.com/anchore/syft/cmd/syft/cli/options"
 	"github.com/anchore/syft/internal/config"
 	"github.com/anchore/syft/internal/log"
-	"github.com/anchore/syft/syft"
+	"github.com/anchore/syft/syft/formats"
 )
 
 func Run(_ context.Context, app *config.Application, args []string) error {
@@ -34,7 +34,7 @@ func Run(_ context.Context, app *config.Application, args []string) error {
 		_ = f.Close()
 	}()
 
-	sbom, _, err := syft.Decode(f)
+	sbom, _, err := formats.Decode(f)
 	if err != nil {
 		return fmt.Errorf("failed to decode SBOM: %w", err)
 	}

cmd/syft/cli/options/packages.go

@@ -7,7 +7,7 @@ import (
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 
-	"github.com/anchore/syft/syft"
+	"github.com/anchore/syft/syft/formats"
 	"github.com/anchore/syft/syft/formats/table"
 	"github.com/anchore/syft/syft/pkg/cataloger"
 	"github.com/anchore/syft/syft/source"
@@ -30,8 +30,8 @@ func (o *PackagesOptions) AddFlags(cmd *cobra.Command, v *viper.Viper) error {
 	cmd.Flags().StringVarP(&o.Scope, "scope", "s", cataloger.DefaultSearchConfig().Scope.String(),
 		fmt.Sprintf("selection of layers to catalog, options=%v", source.AllScopes))
 
-	cmd.Flags().StringArrayVarP(&o.Output, "output", "o", FormatAliases(table.ID),
-		fmt.Sprintf("report output format, options=%v", FormatAliases(syft.FormatIDs()...)))
+	cmd.Flags().StringArrayVarP(&o.Output, "output", "o", []string{string(table.ID)},
+		fmt.Sprintf("report output format, options=%v", formats.AllIDs()))
 
 	cmd.Flags().StringVarP(&o.File, "file", "", "",
 		"file to write the default report output to (default is STDOUT)")

cmd/syft/cli/options/writer.go

@@ -6,7 +6,7 @@ import (
 
 	"github.com/hashicorp/go-multierror"
 
-	"github.com/anchore/syft/syft"
+	"github.com/anchore/syft/syft/formats"
 	"github.com/anchore/syft/syft/formats/table"
 	"github.com/anchore/syft/syft/formats/template"
 	"github.com/anchore/syft/syft/sbom"
@@ -32,7 +32,7 @@ func MakeWriter(outputs []string, defaultFile, templateFilePath string) (sbom.Wr
 func parseOutputs(outputs []string, defaultFile, templateFilePath string) (out []sbom.WriterOption, errs error) {
 	// always should have one option -- we generally get the default of "table", but just make sure
 	if len(outputs) == 0 {
-		outputs = append(outputs, string(table.ID))
+		outputs = append(outputs, table.ID.String())
 	}
 
 	for _, name := range outputs {
@@ -52,9 +52,9 @@ func parseOutputs(outputs []string, defaultFile, templateFilePath string) (out [
 			file = parts[1]
 		}
 
-		format := syft.FormatByName(name)
+		format := formats.ByName(name)
 		if format == nil {
-			errs = multierror.Append(errs, fmt.Errorf(`unsupported output format "%s", supported formats are: %+v`, name, FormatAliases(syft.FormatIDs()...)))
+			errs = multierror.Append(errs, fmt.Errorf(`unsupported output format "%s", supported formats are: %+v`, name, formats.AllIDs()))
 			continue
 		}
 

cmd/syft/cli/poweruser/poweruser.go

@@ -26,9 +26,10 @@ import (
 	"github.com/anchore/syft/syft/source"
 )
 
-func Run(ctx context.Context, app *config.Application, args []string) error {
+func Run(_ context.Context, app *config.Application, args []string) error {
+	f := syftjson.Format()
 	writer, err := sbom.NewWriter(sbom.WriterOption{
-		Format: syftjson.Format(),
+		Format: f,
 		Path:   app.File,
 	})
 	if err != nil {

syft/formats.go

@@ -30,12 +30,12 @@ const (
 
 // TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0
 func FormatIDs() (ids []sbom.FormatID) {
-	return formats.IDs()
+	return formats.AllIDs()
 }
 
 // TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0
 func FormatByID(id sbom.FormatID) sbom.Format {
-	return formats.ByID(id)
+	return formats.ByNameAndVersion(string(id), "")
 }
 
 // TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0

syft/formats/cyclonedxjson/format.go

@@ -7,13 +7,14 @@ import (
 	"github.com/anchore/syft/syft/sbom"
 )
 
-const ID sbom.FormatID = "cyclonedx-1-json"
+const ID sbom.FormatID = "cyclonedx-json"
 
 func Format() sbom.Format {
 	return sbom.NewFormat(
-		ID,
+		sbom.AnyVersion,
 		encoder,
 		cyclonedxhelpers.GetDecoder(cyclonedx.BOMFileFormatJSON),
 		cyclonedxhelpers.GetValidator(cyclonedx.BOMFileFormatJSON),
+		ID,
 	)
 }

syft/formats/cyclonedxxml/format.go

@@ -7,13 +7,14 @@ import (
 	"github.com/anchore/syft/syft/sbom"
 )
 
-const ID sbom.FormatID = "cyclonedx-1-xml"
+const ID sbom.FormatID = "cyclonedx-xml"
 
 func Format() sbom.Format {
 	return sbom.NewFormat(
-		ID,
+		sbom.AnyVersion,
 		encoder,
 		cyclonedxhelpers.GetDecoder(cyclonedx.BOMFileFormatXML),
 		cyclonedxhelpers.GetValidator(cyclonedx.BOMFileFormatXML),
+		ID, "cyclonedx", "cyclone",
 	)
 }

syft/formats/formats.go

@@ -5,8 +5,11 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"regexp"
 	"strings"
 
+	"golang.org/x/exp/slices"
+
 	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/syft/formats/cyclonedxjson"
 	"github.com/anchore/syft/syft/formats/cyclonedxxml"
@@ -26,8 +29,11 @@ func Formats() []sbom.Format {
 		cyclonedxxml.Format(),
 		cyclonedxjson.Format(),
 		github.Format(),
-		spdxtagvalue.Format(),
-		spdxjson.Format(),
+		spdxtagvalue.Format2_1(),
+		spdxtagvalue.Format2_2(),
+		spdxtagvalue.Format2_3(),
+		spdxjson.Format2_2(),
+		spdxjson.Format2_3(),
 		table.Format(),
 		text.Format(),
 		template.Format(),
@@ -47,53 +53,51 @@ func Identify(by []byte) sbom.Format {
 	return nil
 }
 
+// ByName accepts a name@version string, such as:
+//
+//	spdx-json@2.1 or cyclonedx@2
 func ByName(name string) sbom.Format {
-	cleanName := cleanFormatName(name)
-	for _, f := range Formats() {
-		if cleanFormatName(string(f.ID())) == cleanName {
-			return f
-		}
+	parts := strings.SplitN(name, "@", 2)
+	version := sbom.AnyVersion
+	if len(parts) > 1 {
+		version = parts[1]
 	}
-
-	// handle any aliases for any supported format
-	switch cleanName {
-	case "json", "syftjson":
-		return ByID(syftjson.ID)
-	case "cyclonedx", "cyclone", "cyclonedxxml":
-		return ByID(cyclonedxxml.ID)
-	case "cyclonedxjson":
-		return ByID(cyclonedxjson.ID)
-	case "github", "githubjson":
-		return ByID(github.ID)
-	case "spdx", "spdxtv", "spdxtagvalue":
-		return ByID(spdxtagvalue.ID)
-	case "spdxjson":
-		return ByID(spdxjson.ID)
-	case "table":
-		return ByID(table.ID)
-	case "text":
-		return ByID(text.ID)
-	case "template":
-		ByID(template.ID)
-	}
-
-	return nil
+	return ByNameAndVersion(parts[0], version)
 }
 
-func IDs() (ids []sbom.FormatID) {
+func ByNameAndVersion(name string, version string) sbom.Format {
+	name = cleanFormatName(name)
+	var mostRecentFormat sbom.Format
 	for _, f := range Formats() {
-		ids = append(ids, f.ID())
+		for _, n := range f.IDs() {
+			if cleanFormatName(string(n)) == name && versionMatches(f.Version(), version) {
+				if mostRecentFormat == nil || f.Version() > mostRecentFormat.Version() {
+					mostRecentFormat = f
+				}
+			}
+		}
 	}
-	return ids
+	return mostRecentFormat
 }
 
-func ByID(id sbom.FormatID) sbom.Format {
-	for _, f := range Formats() {
-		if f.ID() == id {
-			return f
-		}
+func versionMatches(version string, match string) bool {
+	if version == sbom.AnyVersion || match == sbom.AnyVersion {
+		return true
 	}
-	return nil
+
+	dots := strings.Count(match, ".")
+	if dots == 0 {
+		match += ".*"
+	}
+	match = strings.ReplaceAll(match, ".", "\\.")
+	match = strings.ReplaceAll(match, "*", ".*")
+	match = strings.ReplaceAll(match, "\\..*", "(\\..*)*")
+	match = fmt.Sprintf("^%s$", match)
+	matcher, err := regexp.Compile(match)
+	if err != nil {
+		return false
+	}
+	return matcher.MatchString(version)
 }
 
 func cleanFormatName(name string) string {
@@ -127,3 +131,13 @@ func Decode(reader io.Reader) (*sbom.SBOM, sbom.Format, error) {
 	s, err := f.Decode(bytes.NewReader(by))
 	return s, f, err
 }
+
+func AllIDs() (ids []sbom.FormatID) {
+	for _, f := range Formats() {
+		if slices.Contains(ids, f.ID()) {
+			continue
+		}
+		ids = append(ids, f.ID())
+	}
+	return ids
+}