Closed
Description
now that status show the information about policies, we could expose such info after adding a material, so for example after adding a sbom
chainloop att add --name sbom-2 --value ~/Desktop/result.cdx
we could show
INF material kind detected kind=SBOM_CYCLONEDX_JSON
INF material added to attestation
┌────────────────────────────────────────────────────────────────────────────────────┐
│ Name │ sbom-2 │
│ Type │ SBOM_CYCLONEDX_JSON │
│ Set │ Yes │
│ Required │ No │
│ Value │ result.cdx │
│ Digest │ sha256:925ed5a789bad4bc2658ba371530bf3b80639be02d7acd9069c0e52690508132 │
│ Policies │ ------ │
│ │ sbom-ntia: │
│ │ - missing author │
│ │ - missing supplier for 'alpine' │
│ │ - missing unique identifier (PURL, CPE, SWID) for 'alpine' │
│ │ sbom-banned-licenses: Ok │
│ │ sbom-freshness: Ok │
│ │ sbom-ntia: │
│ │ - missing author │
│ │ - missing supplier for 'alpine' │
│ │ - missing unique identifier (PURL, CPE, SWID) for 'alpine' │
│ │ sbom-banned-licenses: Ok │
│ │ sbom-freshness: Ok │
└──────────┴─────────────────────────────────────────────────────────────────────────┘