package sbom_test import ( "context" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/attestation/sbom" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/rekortest" ) func TestRekor_RetrieveSBOM(t *testing.T) { tests := []struct { name string digest string want string wantErr string }{ { name: "happy path", digest: "sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", want: `{"bomFormat":"CycloneDX","specVersion":"1.5","version":2}`, }, { name: "404", digest: "sha256:unknown", wantErr: "failed to search", }, } log.InitLogger(false, true) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { ts := rekortest.NewServer(t) defer ts.Close() // Set the testing URL rc, err := sbom.NewRekor(ts.URL()) require.NoError(t, err) got, err := rc.RetrieveSBOM(context.Background(), tt.digest) if tt.wantErr != "" { assert.ErrorContains(t, err, tt.wantErr) return } require.NoError(t, err, tt.name) assert.Equal(t, tt.want, string(got)) }) } }