-
Notifications
You must be signed in to change notification settings - Fork 42
Description
It would be great if the CLI functions which read SBOMs support reading from piped standard input.
There are some cases where it is much more convenient to pipe output of one tool into another one instead of requiring files. For example: using the tools to validate a SBOM in a container requires: saving the SBOM to a file, run the container with a mounted filesystem containing the SBOM, referencing the same SBOM using a path matching how the container mount was specified, etc. whereas doing something like cat <sbom> | docker run --rm -i spdx-java-tools-validator:latest
could be much simpler and could prevent needing an intermediary file altogether in certain circumstances.
A suggestion: one reasonably simple way to do this is just check the file input being just a single dash, -
(like implemented in vim: vi -
), which causes the system to explicitly read from stdin instead of attempting to load a file. This would allow something like the aforementioned cat <sbom> | docker run --rm -i spdx-java-tools-validator:latest Verify -
to work for the example.
Activity