Openai report output (#210)

* Improvements in code coverage
* Refacotored to support multiple enrichers
* Experimental openai enrichment, Retreives vulnerability explainations from OpenAI
* Updates dependencies and versions
* Adds enrich flag to CLI
* Adds AI rendered html report
* Changes http client to resty
* Fixes test cases for Snyk
* Fixes latest version check
* Fixes epss test cases and moves epss requests to resty

.devcontainer/devcontainer.json

@@ -1,11 +1,10 @@
 {
-    "name": "devcontainer-test",
+    "name": "bomber",
     "image": "mcr.microsoft.com/devcontainers/go:1-1.22-bookworm",
     "features": {
         "ghcr.io/devcontainers-contrib/features/starship:1": {},
         "ghcr.io/azutake/devcontainer-features/go-packages-install:0": {
             "packages": [
-                "github.com/devops-kung-fu/hookz@latest",
                 "github.com/jandelgado/gcov2lcov@latest",
                 "github.com/kisielk/errcheck@latest",
                 "github.com/fzipp/gocyclo/cmd/gocyclo@latest",
@@ -17,9 +16,12 @@
     "customizations": {
         "vscode": {
             "settings": {
-                "terminal.integrated.customGlyphs": true,
-                "terminal.integrated.fontFamily": "'0xProto Nerd Font', 'Droid Sans Mono', 'monospace', monospace",
                 "editor.formatOnSave": true,
+                "editor.fontFamily": "'0xProto Nerd Font','Courier New', monospace",
+                "terminal.integrated.fontFamily": "'0xProto Nerd Font','Courier New', monospace",
+                "notebook.output.fontFamily" : "'0xProto Nerd Font','Courier New', monospace",
+                "explorer.openEditors.sortOrder": "alphabetical",
+                "explorer.openEditors.minVisible": 0,
                 "go.buildTags": "",
                 "go.toolsEnvVars": {
                     "CGO_ENABLED": "0"
@@ -43,6 +45,12 @@
                         "source.organizeImports": "always"
                     }
                 },
+                "[javascript]": {
+                    "editor.defaultFormatter": "esbenp.prettier-vscode"
+                },
+                "[markdown]": {
+                    "editor.defaultFormatter": "esbenp.prettier-vscode"
+                },
                 "markiscodecoverage.coverageThreshold": 95,
                 "markiscodecoverage.enableOnStartup": true,
                 "markiscodecoverage.searchCriteria": "*.lcov*"
@@ -54,17 +62,15 @@
                 "github.vscode-github-actions",
                 "aleksandra.go-group-imports",
                 "oderwat.indent-rainbow",
-                "yzhang.markdown-all-in-one",
                 "quicktype.quicktype",
                 "jebbs.plantuml",
                 "foxundermoon.shell-format",
                 "ahebrank.yaml2json",
-                "amazonwebservices.aws-toolkit-vscode",
+                "AmazonWebServices.amazon-q-vscode",
                 "markis.code-coverage",
-                //"defaltd.go-coverage-viewer",
-                "Gruntfuggly.todo-tree" // Highlights TODO comments"
+                "Gruntfuggly.todo-tree",
+                "esbenp.prettier-vscode"
             ]
         }
-    },
-    "postCreateCommand": "/usr/bin/bash ./.devcontainer/post-create.sh > ~/post-create.log"
+    }
 }

.github/workflows/go-quality.yml

@@ -4,40 +4,31 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-      - 
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v4
-      - 
-        name: Setup Go
+      - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
-      - 
-        name: Install Dependencies
+          go-version: "1.22"
+      - name: Install Dependencies
         run: |
           go version
           go install honnef.co/go/tools/cmd/staticcheck@latest
           go install github.com/fzipp/gocyclo/cmd/gocyclo@latest
-      - 
-        name: Test
+      - name: Test
         run: |
           go test -v -coverprofile=coverage.out ./...
           go tool cover -func=coverage.out
-      - 
-        name: CodeCov
+      - name: CodeCov
         run: bash <(curl -s https://codecov.io/bash)
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      - 
-        name: Build
+      - name: Build
         run: go build
-      - 
-        name: Vet
+      - name: Vet
         run: go vet -v
-      # - 
-        # name: staticcheck
-        # run: staticcheck -f stylish -checks all  ./...
-      - 
-        name: gocyclo
+      # -
+      # name: staticcheck
+      # run: staticcheck -f stylish -checks all  ./...
+      - name: gocyclo
         run: gocyclo .
-

.github/workflows/release.yml

@@ -3,7 +3,7 @@ name: Release
 on:
   push:
     tags:
-      - 'v*'
+      - "v*"
 
 permissions:
   contents: write
@@ -12,36 +12,30 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      -
-        name: Set up Go
+      - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: "1.23"
           check-latest: true
       - run: go version
-      - 
-        name: Generate SBOM
+      - name: Generate SBOM
         uses: anchore/sbom-action@v0
         with:
           artifact-name: bomber.cyclonedx.json
           path: .
           format: cyclonedx-json
-      - 
-        name: Release SBOM
+      - name: Release SBOM
         uses: anchore/sbom-action/publish-sbom@v0
         with:
           sbom-artifact-match: ".*\\.cyclonedx.json$"
-      -
-        name: GoReleaser Action
-        uses: goreleaser/goreleaser-action@v5.0.0
+      - name: GoReleaser Action
+        uses: goreleaser/goreleaser-action@v5.1.0
         with:
           version: ${{ env.GITHUB_REF_NAME }}
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.PUBLISHER_TOKEN }}
-

.gitignore

@@ -27,3 +27,5 @@ coverage.html
 coverage.lcov
 
 *.log
+
+__debug_bin*

.goreleaser.yaml

@@ -1,8 +1,7 @@
 project_name: bomber
 
 builds:
-  - 
-    binary: bomber
+  - binary: bomber
     env:
       - CGO_ENABLED=0
     goos:
@@ -20,26 +19,23 @@ universal_binaries:
   - replace: true
 
 brews:
-  -
-    name: bomber
+  - name: bomber
     homepage: "https://github.com/devops-kung-fu/bomber"
     tap:
       owner: devops-kung-fu
       name: homebrew-tap
     commit_author:
-      name: djschleen
-      email: djschleen@gmail.com
+      name: dkfm
+      email: admin@dkfm.io
 
 checksum:
-  name_template: 'checksums.txt'
+  name_template: "checksums.txt"
 
 nfpms:
-  - 
-    maintainer: DevOps Kung Fu Mafia <admin@dkfm.io>
+  - maintainer: DevOps Kung Fu Mafia <admin@dkfm.io>
     description: Scans SBOMs for security vulnerabilities.
     homepage: https://github.com/devops-kung-fu/bomber
     license: MPL
     formats:
       - deb
       - rpm
-