#!/bin/bash
# Generate SBOM (Software Bill of Materials) for source code
# Uses Syft to generate SBOM in multiple formats

set -e

echo "🔍 Generating SBOM for source code..."

# Check if syft is installed
if ! command -v syft &> /dev/null; then
    echo "Syft not found. Attempting to install to ./bin..."
    mkdir -p ./bin
    curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b ./bin
    export PATH="./bin:$PATH"
    
    # Verify installation
    if ! command -v syft &> /dev/null; then
        echo "❌ Failed to install syft automatically."
        echo "Please install manually:"
        echo "  brew install syft"
        echo "  or visit: https://github.com/anchore/syft#installation"
        exit 1
    fi
fi

# Show version
syft version

# Generate SBOM in table format
echo ""
echo "📋 Generating SBOM table..."
syft dir:. -o table | tee sbom.txt

# Generate SBOM in SPDX JSON format
echo ""
echo "📦 Generating SBOM in SPDX JSON format..."
syft dir:. -o spdx-json > sbom.spdx.json

# Generate SBOM in CycloneDX JSON format
echo ""
echo "🌀 Generating SBOM in CycloneDX JSON format..."
syft dir:. -o cyclonedx-json > sbom.cyclonedx.json

echo ""
echo "✅ SBOM generated successfully!"
echo ""
echo "Generated files:"
ls -lh sbom.* | cat