feat: sbom auto detection for command line

[mastersans]

fix: #3437
Added Sbom Auto Detection to work out the Sbom type automatically.

[codecov-commenter]

Codecov Report

Attention: 7 lines in your changes are missing coverage. Please review.

Comparison is base (d6cbe40) 75.41% compared to head (342c45f) 78.77%.
Report is 7 commits behind head on main.

Files	Patch %	Lines
cve_bin_tool/sbom_detection.py	76.00%	4 Missing and 2 partials ⚠️
cve_bin_tool/cli.py	87.50%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3734      +/-   ##
==========================================
+ Coverage   75.41%   78.77%   +3.36%     
==========================================
  Files         808      807       -1     
  Lines       11983    11880     -103     
  Branches     1598     1374     -224     
==========================================
+ Hits         9037     9359     +322     
+ Misses       2593     2091     -502     
- Partials      353      430      +77     

Flag	Coverage Δ
longtests	?
win-longtests	78.77% <83.33%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mastersans]

I opened this PR for initial review but test_config_generator of test_cli.py probably will fail as i have made arguement default of --sbom to "".😅

[mastersans]

Hey @anthonyharrison @terriko can you guide me with this one, the feature is working as expected but I am little unsure if its the correct way of approaching it. Thanks😊

[terriko]

Looks like you just need to change test_config_generator which can be found in test_cli.py:

cve-bin-tool/test/test_cli.py

Line 752 in 9342261

def test_config_generator(self, args, expected_files, expected_contents, caplog):

If you look above that you can see the data structures it's expecting to find. You probably just need to take out the line that includes spdx, although you might need to replace it with a blank. Experiment!

[terriko]

This is looking good, but needs at least one test. The comment from CodeCov above will give you a list of specific lines that need testing.

[mastersans]

closing and reopening for test.

[mastersans]

I have also re-enable the test_sbom which was failing due the overwritting of entries by OSV.

[terriko]

Thanks, this looks great now!