fix: syft example cmd path & better syft licenses template

telekom · Jan 20, 2025 · 66000a6 · 66000a6
1 parent 3cb2c57
commit 66000a6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/scripts/sbom/README.md b/scripts/sbom/README.md
@@ -8,16 +8,16 @@ Install the Syft binary.
 
 Use the following command to generate a simple SBOM file form the repository:
 
-```SH
+```shell
 syft .
 ```
 
 Alternative output variants can be found [here](https://github.com/anchore/syft/wiki/Output-Formats).
 
 Use the following command to generate a SBOM markdown file using the `example.sbom.tmpl` goTemplate template file:
 
-```SH
-SYFT_GOLANG_SEARCH_REMOTE_LICENSES=true syft ghcr.io/caas-team/sparrow:v0.5.0 -o template -t syft.sbom.tmpl
+```shell
+SYFT_GOLANG_SEARCH_REMOTE_LICENSES=true syft ghcr.io/caas-team/sparrow:v0.5.0 -o template -t scripts/sbom/example.sbom.tmpl
 ```
 
 Setting the env variable `SYFT_GOLANG_SEARCH_REMOTE_LICENSES=true` will ensure to lookup licenses remotely. In this example the sparrow image in version `v0.5.0` is scanned.
diff --git a/scripts/sbom/example.sbom.tmpl b/scripts/sbom/example.sbom.tmpl
@@ -1,5 +1,5 @@
 | Package | Type | Version | Licenses |
 | ------- | ---- | ------- | -------- |
 {{- range .artifacts}}
-| {{.name}} | {{.type}} | {{.version}} | {{range .licenses}}{{.value}}, {{end}} |
+| {{.name}} | {{.type}} | {{.version}} | {{range $index, $licence := .licenses}}{{- if $index}}, {{end}}{{$licence.value}}{{end}} |
 {{- end}}