Docs/examples each cmd (#207)

* add enrich examples

* add remove examples

* add edit examples

* add assemble examples

Author: viveksahu26

samples/test/assemble/README.md

@@ -0,0 +1,41 @@
+# Testing Editing Feature
+
+- This is for testing of assemble command. And below commands are the examples of the same.
+- Assembly supported 3 ways of assembling SBOMs:
+  - Flag merge
+  - Assembly Merge
+  - Hierarchical Merge
+
+- Flat Merge means:
+
+  - Does not reference input SBOM primary components.
+  - In this, all the all the primary components as well as components of all SBOMs are placed under components section.
+  - Primary components of input SBOMs are dependencies.
+
+- Assembly Merge:
+  - References input SBOM primary components as subcomponents of primary component of final SBOM.
+  - Excludes primary components of input SBOMs
+  - No dependencies listed
+
+- Hierarchical Merge
+  - Does not reference input SBOM primary components under metadata.component
+  - Hierarchically organizes components under respective primary components
+  - Lists primary components of input SBOMs as dependencies
+
+## 1. Flag Merge
+
+```bash
+sbomasm assemble -n "foo" -t "library" -v "v1.0.1" --flatMerge sbomex-cdx.json sbomgr-cdx.json -o flat-flag-merge-sbom.spdx.json
+```
+
+## 2. Assemble Merge
+
+```bash
+sbomasm assemble -n "foo" -t "library" -v "v1.0.1" --assemblyMerge sbomex-cdx.json sbomgr-cdx.json -o assemble-flag-merge-sbom.spdx.json
+```
+
+## 3. Hierarchical Merge (Default)
+
+```bash
+sbomasm assemble -n "foo" -t "library" -v "v1.0.1" sbomex-cdx.json sbomgr-cdx.json -o hierar-flag-merge-sbom.spdx.json
+```

samples/test/edit/README.md

@@ -0,0 +1,124 @@
+# Testing Editing Feature
+
+- This is simply to test all the features related to edit command.
+- It allows edit on the basis of subject. It support 3 kinds of subjects: Document, Primary COmponent, and Cmponent with name and version.
+
+## Examples
+
+### 1. Edit Document
+
+1. Append author to the document
+
+```bash
+sbomasm edit --subject document --author "Interlynk (hello@interlynk.io)"  samples/test/edit/in-complete-sbom.spdx.json -o append-author-sbom.spdx.json --append
+
+sbomasm edit --subject document --author "Interlynk (hello@interlynk.io)"  samples/test/edit/in-complete-sbom.cdx.json -o append-author-sbom.cdx.json --append
+```
+
+- Similarly for other fields:
+
+```bash
+# supplier(SPDX doesn't support)
+sbomasm edit --subject document --supplier "Interlynk (https://interlynk.io)"  samples/test/edit/in-complete-sbom.cdx.json -o append-supplier-sbom.cdx.json --append
+
+# lifecycle
+sbomasm edit --subject document --lifecycle "source" samples/test/edit/in-complete-sbom.spdx.json -o append-lifecycle-sbom.spdx.json --append
+
+sbomasm edit --subject document --lifecycle "source" samples/test/edit/in-complete-sbom.cdx.json -o append-lifecycle-sbom.cdx.json --append
+
+# license
+sbomasm edit --subject document --license "CC0-1.1" samples/test/edit/in-complete-sbom.spdx.json -o append-license-sbom.spdx.json
+
+sbomasm edit --subject document --license "Acme Customer Data License" samples/test/edit/in-complete-sbom.cdx.json -o append-license-sbom.cdx.json 
+
+# repository(SPDX doesn't support)
+sbomasm edit --subject document --repository "https://kyverno.io/" samples/test/edit/in-complete-sbom.cdx.json -o append-repo-sbom.cdx.json --append
+```
+
+### 2. Edit Primary Component
+
+```bash
+sbomasm edit --subject primary-component --author "Jim (jim@nirmata.com)" samples/test/edit/in-complete-sbom.spdx.json -o append-pc-author-sbom.spdx.json --append
+
+sbomasm edit --subject primary-component --author "Interlynk (hello@interlynk.io)"  samples/test/edit/in-complete-sbom.cdx.json -o append-author-sbom.cdx.json --append
+```
+
+- Similarly for other fields:
+
+```bash
+# supplier
+sbomasm edit --subject primary-component --supplier "Kyverno (https://kyverno.io)"  samples/test/edit/in-complete-sbom.spdx.json -o append-pc-supplier-sbom.spdx.json --append
+
+sbomasm edit --subject primary-component --supplier "Kyverno (https://kyverno.io)"  samples/test/edit/in-complete-sbom.cdx.json -o append-pc-supplier-sbom.cdx.json --append
+
+# license
+sbomasm edit --subject primary-component --license "Apache-2.0" samples/test/edit/in-complete-sbom.spdx.json -o append-pc-license-sbom.spdx.json
+
+sbomasm edit --subject primary-component --license "Apache-2.0" samples/test/edit/in-complete-sbom.cdx.json -o append-pc-license-sbom.cdx.json
+
+# copyright
+sbomasm edit --subject primary-component --copyright "Copyright 2025, the Kyverno project" samples/test/edit/in-complete-sbom.spdx.json -o append-pc-copyright-sbom.spdx.json
+
+sbomasm edit --subject primary-component --copyright "Copyright 2025, the Kyverno project" samples/test/edit/in-complete-sbom.cdx.json -o append-pc-copyright-sbom.cdx.json
+
+# description
+sbomasm edit --subject primary-component --description "Kyverno is a policy engine designed for Kubernetes." samples/test/edit/in-complete-sbom.spdx.json -o append-pc-description-sbom.spdx.json
+
+sbomasm edit --subject primary-component --description "Kyverno is a policy engine designed for Kubernetes." samples/test/edit/in-complete-sbom.cdx.json -o append-pc-description-sbom.cdx.json
+
+# repository
+sbomasm edit --subject primary-component --repository "https://github.com/kyverno/kyverno/releases" samples/test/edit/in-complete-sbom.spdx.json -o append-pc-repository-sbom.spdx.json
+
+
+sbomasm edit --subject primary-component --repository "https://github.com/kyverno/kyverno/releases" samples/test/edit/in-complete-sbom.cdx.json -o append-pc-repository-sbom.cdx.json
+
+# type
+sbomasm edit --subject primary-component --type "APPLICATION" samples/test/edit/in-complete-sbom.spdx.json -o append-pc-type-sbom.spdx.json
+
+sbomasm edit --subject primary-component --type "APPLICATION" samples/test/edit/in-complete-sbom.cdx.json -o append-pc-type-sbom.cdx.json
+
+```
+
+### 3. Edit Specific Component
+
+In whole examples, we will take a component `github.com/fluxcd/pkg/oci` and version `v0.45.0`
+
+```bash
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --author "Stefan Prodan (stefan@fluxcd.io)" samples/test/edit/in-complete-sbom.spdx.json -o append-comp-author-sbom.spdx.json --append
+
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --author "Stefan Prodan (stefan@fluxcd.io)"  samples/test/edit/in-complete-sbom.cdx.json -o append-comp-author-sbom.cdx.json --append
+```
+
+- Similarly for other fields:
+
+```bash
+# supplier
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --supplier "Flux (https://fluxcd.io)"  samples/test/edit/in-complete-sbom.spdx.json -o append-comp-supplier-sbom.spdx.json --append
+
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --supplier "Flux (https://fluxcd.io)"  samples/test/edit/in-complete-sbom.cdx.json -o append-comp-supplier-sbom.cdx.json --append
+
+# license
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --license "Apache-2.0" samples/test/edit/in-complete-sbom.spdx.json -o append-comp-license-sbom.spdx.json
+
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --license "Apache-2.0" samples/test/edit/in-complete-sbom.cdx.json -o append-comp-license-sbom.cdx.json
+
+# copyright
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --copyright "Copyright 2025, the FluxCD project" samples/test/edit/in-complete-sbom.spdx.json -o append-comp-copyright-sbom.spdx.json
+
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --copyright "Copyright 2025, the FluxCD project" samples/test/edit/in-complete-sbom.cdx.json -o append-comp-copyright-sbom.cdx.json
+
+# description
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --description "The OCI package provides utilities for working with OCI images and registries." samples/test/edit/in-complete-sbom.spdx.json -o append-comp-description-sbom.spdx.json
+
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --description "The OCI package provides utilities for working with OCI images and registries." samples/test/edit/in-complete-sbom.cdx.json -o append-comp-description-sbom.cdx.json
+
+# repository
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --repository "https://github.com/fluxcd/pkg/oci" samples/test/edit/in-complete-sbom.spdx.json -o append-comp-repository-sbom.spdx.json
+
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --repository "https://github.com/fluxcd/pkg/oci" samples/test/edit/in-complete-sbom.cdx.json -o append-comp-repository-sbom.cdx.json
+
+# type
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --type "library" samples/test/edit/in-complete-sbom.spdx.json -o append-comp-type-sbom.spdx.json
+
+sbomasm edit --subject component-name-version --search "github.com/fluxcd/pkg/oci (v0.45.0)" --type "library" samples/test/edit/in-complete-sbom.cdx.json -o append-comp-type-sbom.cdx.json
+```

samples/test/edit/in-complete-sbom.cdx.json

@@ -0,0 +1,108 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.4",
+  "serialNumber": "urn:uuid:4d2edcda-fcc4-42fe-8e9d-87cf33e47b94",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2025-04-25T00:42:27Z",
+    
+    "component": {
+        "bom-ref": "pkg:golang/github.com/kyverno/kyverno@v1.14.0?type=module#cmd/kyverno",
+        "type": "application",
+        "name": "github.com/kyverno/kyverno",
+        "version": "v1.14.0",
+        "purl": "pkg:golang/github.com/kyverno/kyverno@v1.14.0",
+        "cpe": "cpe:/golang/github.com/kyverno/kyverno:v1.14.0",
+        "hashes": [
+          {
+            "alg": "SHA-256",
+            "content": "89fb71dddbb3389dd3018c7f63dd6350b1611f382613c5c31edfee67006ac28e"
+          }
+        ]
+    }
+  },
+  "components": [
+    {
+      "bom-ref": "pkg:golang/github.com/fluxcd/pkg/oci@v0.45.0?type=module",
+      "type": "library",
+      "name": "github.com/fluxcd/pkg/oci",
+      "version": "v0.45.0",
+      "scope": "required",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "94fb71aaacc3385dd3018c7e63dd6750b1622f382613c5c31edfee67006ac78e"
+        }
+      ],
+      "purl": "pkg:golang/github.com/fluxcd/pkg/oci@v0.45.0",
+      "cpe": "cpe:2.3:a:fluxcd:oci:v0.45.0:*:*:*:*:*:*:*"
+    },
+    {
+      "bom-ref": "pkg:golang/github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.17.0?type=module",
+      "type": "library",
+      "name": "github.com/Azure/azure-sdk-for-go/sdk/azcore",
+      "version": "v1.17.0",
+      "scope": "required",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "834119270cfbc645d0899008e718bd7f75961580655f508f4eb47e3434e84644"
+        }
+      ],
+      "purl": "pkg:golang/github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.17.0",
+      "cpe": "cpe:/golang/github.com/azure/azure-sdk-for-go/sdk/azcore:v1.17.0"
+    },
+    {
+      "bom-ref": "pkg:golang/github.com/sigstore/rekor@v1.3.9?type=module",
+      "type": "library",
+      "name": "github.com/sigstore/rekor",
+      "version": "v1.3.9",
+      "scope": "required",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "b148d1a4a561fe1860a8632cd2df93b9b818b24b00ad9ea9a0b102dccb060335"
+        }
+      ],
+      "purl": "pkg:golang/github.com/sigstore/rekor@v1.3.9",
+      "cpe": "cpe:/golang/github.com/sigstore/rekor:v1.3.9"
+    },
+    {
+      "bom-ref": "pkg:golang/cel.dev/expr@v0.19.1?type=module",
+      "type": "library",
+      "name": "cel.dev/expr",
+      "version": "v0.19.1",
+      "scope": "required",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "35c898aed0d1211d253429c7d4b1497a0763b29371f5f239f4eed359cb9afd6e"
+        }
+      ],
+      "purl": "pkg:golang/cel.dev/expr@v0.19.1",
+      "cpe": "cpe:/golang/cel.dev/expr:v0.19.1"
+    }
+],
+"dependencies": [
+    {
+      "ref": "pkg:golang/github.com/kyverno/kyverno@v1.14.0?type=module#cmd/kyverno",
+      "dependsOn": [
+        "pkg:golang/github.com/fluxcd/pkg/oci@v0.45.0?type=module",
+        "pkg:golang/github.com/sigstore/rekor@v1.3.9?type=module"
+        ]
+    },
+    {
+      "ref": "pkg:golang/github.com/fluxcd/pkg/oci@v0.45.0?type=module",
+      "dependsOn": [
+        "pkg:golang/github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.17.0?type=module"
+      ]
+    },
+    {
+      "ref": "pkg:golang/github.com/sigstore/rekor@v1.3.9?type=module",
+      "dependsOn": [
+        "pkg:golang/cel.dev/expr@v0.19.1?type=module"
+      ]
+    }
+  ]
+}