fix: breaking changes

e2e/go.mod

@@ -136,7 +136,7 @@ require (
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/mattn/go-shellwords v1.0.12 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect

e2e/go.sum

@@ -445,8 +445,9 @@ github.com/mattn/go-sqlite3 v1.14.18/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4=
 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
 github.com/miekg/dns v1.1.25 h1:dFwPR6SfLtrSwgDcIq2bcU/gVutB4sNApq2HBdqcakg=
 github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=

go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/CycloneDX/cyclonedx-go v0.8.0
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/Portshift/go-utils v0.0.0-20220421083203-89265d8a6487
+	github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc
 	github.com/anchore/grype v0.74.0
 	github.com/anchore/stereoscope v0.0.0-20231220161148-590920dabc54
 	github.com/anchore/syft v0.100.0
@@ -112,7 +113,6 @@ require (
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/alecthomas/chroma v0.10.0 // indirect
-	github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc // indirect
 	github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b // indirect
 	github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect

pkg/shared/analyzer/merge.go

@@ -395,11 +395,13 @@ func (m *MergedResults) getRealBomRefFromPreviousBomRef(bomRef string) string {
 func toBomDescriptor(name, version string, source utils.SourceType, srcMetadata *cdx.Metadata, hash string) *cdx.Metadata {
 	return &cdx.Metadata{
 		Timestamp: time.Now().Format(time.RFC3339),
-		Tools: &[]cdx.Tool{
-			{
-				Vendor:  "vmclarity",
-				Name:    name,
-				Version: version,
+		Tools: &cdx.ToolsChoice{
+			Components: &[]cdx.Component{
+				{
+					Author:  "vmclarity",
+					Name:    name,
+					Version: version,
+				},
 			},
 		},
 		Component: toBomDescriptorComponent(source, srcMetadata, hash),

pkg/shared/analyzer/syft/syft.go

@@ -20,7 +20,7 @@ import (
 
 	"github.com/anchore/syft/syft"
 	syft_artifact "github.com/anchore/syft/syft/artifact"
-	"github.com/anchore/syft/syft/formats/common/cyclonedxhelpers"
+	"github.com/anchore/syft/syft/format/common/cyclonedxhelpers"
 	"github.com/anchore/syft/syft/linux"
 	syft_pkg "github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/pkg/cataloger"

pkg/shared/converter/cyclonedx.go

@@ -20,11 +20,11 @@ import (
 	"fmt"
 
 	cdx "github.com/CycloneDX/cyclonedx-go"
-	"github.com/anchore/syft/syft/formats"
-	"github.com/anchore/syft/syft/formats/common/cyclonedxhelpers"
-	"github.com/anchore/syft/syft/formats/spdxjson"
-	"github.com/anchore/syft/syft/formats/spdxtagvalue"
-	"github.com/anchore/syft/syft/formats/syftjson"
+	syftFormat "github.com/anchore/syft/syft/format"
+	"github.com/anchore/syft/syft/format/common/cyclonedxhelpers"
+	"github.com/anchore/syft/syft/format/spdxjson"
+	"github.com/anchore/syft/syft/format/spdxtagvalue"
+	"github.com/anchore/syft/syft/format/syftjson"
 	syftSbom "github.com/anchore/syft/syft/sbom"
 )
 
@@ -112,21 +112,36 @@ func cycloneDxToBytesUsingSyftConversion(sbom *cdx.BOM, format SbomFormat) ([]by
 		return nil, fmt.Errorf("unable to convert BOM to intermediary format: %w", err)
 	}
 
-	var syftFormatID syftSbom.FormatID
+	var syftFormatEncoder syftSbom.FormatEncoder
 	switch format {
 	case SpdxJSON:
-		syftFormatID = spdxjson.ID
+		syftFormatEncoder, err = spdxjson.NewFormatEncoderWithConfig(
+			spdxjson.DefaultEncoderConfig(),
+		)
+		if err != nil {
+			return nil, fmt.Errorf("unable to create spdxjson encoder: %w", err)
+		}
 	case SpdxTV:
-		syftFormatID = spdxtagvalue.ID
+		syftFormatEncoder, err = spdxtagvalue.NewFormatEncoderWithConfig(
+			spdxtagvalue.DefaultEncoderConfig(),
+		)
+		if err != nil {
+			return nil, fmt.Errorf("unable to create spdxtagvalue encoder: %w", err)
+		}
 	case SyftJSON:
-		syftFormatID = syftjson.ID
+		syftFormatEncoder, err = syftjson.NewFormatEncoderWithConfig(
+			syftjson.DefaultEncoderConfig(),
+		)
+		if err != nil {
+			return nil, fmt.Errorf("unable to create syftjson encoder: %w", err)
+		}
 	case CycloneDxXML, CycloneDxJSON, Unknown:
 		fallthrough
 	default:
 		return nil, fmt.Errorf("format %v is a native cyclonedx format, use CycloneDxToNativeFormatBytes instead", format)
 	}
 
-	data, err := formats.Encode(*syftSBOM, formats.ByName(string(syftFormatID)))
+	data, err := syftFormat.Encode(*syftSBOM, syftFormatEncoder)
 	if err != nil {
 		return nil, fmt.Errorf("failed to encode sbom: %w", err)
 	}

pkg/shared/converter/cyclonedx_to_syft.go

@@ -23,10 +23,10 @@ import (
 	"os"
 
 	cdx "github.com/CycloneDX/cyclonedx-go"
-	"github.com/anchore/syft/syft/formats"
-	"github.com/anchore/syft/syft/formats/common/cyclonedxhelpers"
-	"github.com/anchore/syft/syft/formats/cyclonedxjson"
-	"github.com/anchore/syft/syft/formats/cyclonedxxml"
+	"github.com/anchore/syft/syft/format"
+	"github.com/anchore/syft/syft/format/common/cyclonedxhelpers"
+	"github.com/anchore/syft/syft/format/cyclonedxjson"
+	"github.com/anchore/syft/syft/format/cyclonedxxml"
 )
 
 var ErrFailedToGetCycloneDXSBOM = errors.New("failed to get CycloneDX SBOM from file")
@@ -44,7 +44,7 @@ func GetCycloneDXSBOMFromBytes(inputSBOMBytes []byte) (*cdx.BOM, error) {
 	// Ensure input is converted to cyclonedx regardless of the
 	// input SBOM type.
 	r := bytes.NewReader(inputSBOMBytes)
-	sbom, format, err := formats.Decode(r)
+	sbom, format, _, err := format.Decode(r)
 	if err != nil {
 		// syft's Decode has an issue with identifying cyclonedx XML
 		// with an empty component list, if syft errors, and the first
@@ -54,7 +54,7 @@ func GetCycloneDXSBOMFromBytes(inputSBOMBytes []byte) (*cdx.BOM, error) {
 		bufReader := bufio.NewReader(bytes.NewReader(inputSBOMBytes))
 		firstLine, _, rErr := bufReader.ReadLine()
 		if rErr == nil && string(firstLine) == `<?xml version="1.0" encoding="UTF-8"?>` {
-			format = formats.ByName(string(cyclonedxxml.ID))
+			format = cyclonedxxml.ID
 		} else {
 			// If no luck manually identifying the file as XML,
 			// then just return the syft error.
@@ -70,7 +70,7 @@ func GetCycloneDXSBOMFromBytes(inputSBOMBytes []byte) (*cdx.BOM, error) {
 	// cdx.BOM.
 	var bom *cdx.BOM
 	cdxFormat := cdx.BOMFileFormatXML
-	switch format.ID() {
+	switch format {
 	case cyclonedxjson.ID:
 		cdxFormat = cdx.BOMFileFormatJSON
 		fallthrough

pkg/shared/scanner/grype/local_grype.go

@@ -19,6 +19,7 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/anchore/clio"
 	"github.com/anchore/grype/grype"
 	"github.com/anchore/grype/grype/db"
 	"github.com/anchore/grype/grype/grypeerr"
@@ -125,7 +126,8 @@ func (s *LocalScanner) run(sourceType utils.SourceType, userInput string) {
 	}
 
 	s.logger.Infof("Found %d vulnerabilities", len(allMatches.Sorted()))
-	doc, err := grype_models.NewDocument(packages, context, *allMatches, ignoredMatches, vulnerabilityStore.MetadataProvider, nil, dbStatus)
+	id := clio.Identification{}
+	doc, err := grype_models.NewDocument(id, packages, context, *allMatches, ignoredMatches, vulnerabilityStore.MetadataProvider, nil, dbStatus)
 	if err != nil {
 		ReportError(s.resultChan, fmt.Errorf("failed to create document: %w", err), s.logger)
 		return