[SOLVED] Unable to call Anchore syft library command multiple times when embedded in Go app

Unable to call Anchore syft library command multiple times when embedded in Go app

I'm trying to embed the Anchore syft library within my Go app to generate CycloneDX SBOMs for multiple containers. The function below executes fine on the first call but subsequent calls fail with an error when the Execute is called on the cobra command.

func generateCycloneDX(ociArchiveName string, jsonOutputName string) {
    syftId := clio.Identification{Name: "syft"}
    syftCommand := cli.Command(syftId)
    syftCommand.SetArgs([]string{ociArchiveName, "-o", jsonOutputName})
    err := syftCommand.Execute()
    if err != nil {
        panic(err)
    }
}

The error is

panic: replace existing redaction store (probably unintentional)

goroutine 1 [running]:
github.com/anchore/syft/internal/redact.Set(...)
        go/pkg/mod/github.com/anchore/syft@v0.93.0/internal/redact/redact.go:11
github.com/anchore/syft/cmd/syft/cli.create.func2(0xc000490a90?)
        go/pkg/mod/github.com/anchore/syft@v0.93.0/cmd/syft/cli/cli.go:64 +0x1a5
github.com/anchore/clio.(*application).runInitializers(0xc0013bc1a0)
        go/pkg/mod/github.com/anchore/clio@v0.0.0-20231016125707-b60d41410795/application.go:110 +0x66
github.com/anchore/clio.(*application).PostLoad(0xc0013bc1a0)
        go/pkg/mod/github.com/anchore/clio@v0.0.0-20231016125707-b60d41410795/application.go:105 +0xbb
github.com/anchore/fangs.postLoad({0x1f81f40?, 0xc0013bc1a0?, 0xc0013bc1a0?})
        go/pkg/mod/github.com/anchore/fangs@v0.0.0-20230818131516-2186b10924fe/load.go:201 +0x1e5
github.com/anchore/fangs.loadConfig({{0x26109f8, 0x349e4e0}, {0x1ff3df6, 0x4}, {0x2004cda, 0xc}, {0x0, 0x0}, {0xc002b25e30, 0x5, ...}}, ...)
        go/pkg/mod/github.com/anchore/fangs@v0.0.0-20230818131516-2186b10924fe/load.go:80 +0x7d1
github.com/anchore/fangs.Load({{0x26109f8, 0x349e4e0}, {0x1ff3df6, 0x4}, {0x2004cda, 0xc}, {0x0, 0x0}, {0xc002b25e30, 0x5, ...}}, ...)
        go/pkg/mod/github.com/anchore/fangs@v0.0.0-20230818131516-2186b10924fe/load.go:16 +0x74
github.com/anchore/clio.(*application).loadConfigs(0xc0013bc1a0, 0xc000033870?, {0xc0004909f0, 0x1, 0xc0013b2700?})
        go/pkg/mod/github.com/anchore/clio@v0.0.0-20231016125707-b60d41410795/application.go:95 +0x1a5
github.com/anchore/clio.(*application).setupCommand.func1.(*application).Setup.func1(0x4?, {0xd631f2?, 0xc0013b2700?, 0xc000033af0?})
        go/pkg/mod/github.com/anchore/clio@v0.0.0-20231016125707-b60d41410795/application.go:74 +0x45
github.com/anchore/clio.(*application).setupCommand.func1(0xc0013b2700?, {0xc002e20870, 0x1, 0x3})
        go/pkg/mod/github.com/anchore/clio@v0.0.0-20231016125707-b60d41410795/application.go:316 +0x82
github.com/spf13/cobra.(*Command).execute(0xc000845200, {0xc002e20660, 0x3, 0x3})
        go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:925 +0x7f6
github.com/spf13/cobra.(*Command).ExecuteC(0xc000845200)
        go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:1068 +0x3a5
github.com/spf13/cobra.(*Command).Execute(...)
        go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:992

I can't see a way to reset the cobra command so it can be called multiple times. Is this possible?

Solution

I reached out to the Anchore Community who were able to solve my problem.

I needed to use the Syft library directly rather than via the cobra command.

For an example see https://gist.github.com/spiffcs/3027638b7ba904d07e482a712bc00d3d

Many thanks to Christopher Phillips