Skip to content

feat: add CLI tool support for Kind, Minikube, Cosign, Syft, and Grype#2071

Merged
thomhurst merged 1 commit intomainfrom
feature/additional-cli-tools-2
Jan 15, 2026
Merged

feat: add CLI tool support for Kind, Minikube, Cosign, Syft, and Grype#2071
thomhurst merged 1 commit intomainfrom
feature/additional-cli-tools-2

Conversation

@thomhurst
Copy link
Copy Markdown
Owner

@thomhurst thomhurst commented Jan 15, 2026

Summary

  • Add support for Kind and Minikube for local Kubernetes testing
  • Add supply chain security tools: Cosign (container signing), Syft (SBOM generation), Grype (vulnerability scanning)
  • Include CLI scrapers, project files, and GitHub workflow installation steps for all 5 tools

Test plan

  • Verify solution builds successfully
  • Trigger GitHub workflow to generate CLI options for new tools
  • Verify generated options classes work correctly

Closes #2063

🤖 Generated with Claude Code

@thomhurst @claude
feat: add CLI tool support for Kind, Minikube, Cosign, Syft, and Grype
8c99ae7 
Add support for commonly used CLI tools addressing issue #2063:

Local Kubernetes tools:
- Kind (Kubernetes IN Docker) - popular for CI testing
- Minikube - local Kubernetes cluster management

Supply chain security tools:
- Cosign - container signing and verification (Sigstore)
- Syft - SBOM generation (Anchore)
- Grype - vulnerability scanning (Anchore)

Changes include:
- CLI scrapers for all 5 tools (Cobra-based)
- Project files for each new package
- GitHub workflow updates with installation steps
- Solution file updates

Closes #2063

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@thomhurst thomhurst enabled auto-merge January 15, 2026 20:41
@thomhurst
Copy link
Copy Markdown
Owner Author

thomhurst commented Jan 15, 2026

Summary

Adds CLI tool integrations for 5 new tools: Kind and Minikube (local Kubernetes), plus Cosign, Syft, and Grype (supply chain security).

Critical Issues

None found ✅

Suggestions

1. Installation Script Security (Syft and Grype)

The Syft and Grype installations pipe curl output directly to shell:

curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin

While this is a common pattern and matches the official installation instructions, consider adding checksum verification or pinning to specific versions for reproducibility. This is consistent with how Flux is installed, so it's not a blocker—just something to consider for future hardening.

2. Version Pinning

All installation URLs use latest:

  • kind.sigs.k8s.io/dl/latest/kind-linux-amd64
  • storage.googleapis.com/minikube/releases/latest/...
  • github.com/sigstore/cosign/releases/latest/...

This could cause version drift in generated options. Consider pinning to specific versions if CLI stability is important for the options generator. However, this matches the existing pattern for other tools (ArgoCD, Flux), so it's consistent with the codebase.

3. Minor: Missing Directory Structure

The PR creates .csproj files but the actual src/ModularPipelines.{Tool}/ directories may need to be created if they don't exist. Verify the workflow handles empty directories or if you need placeholder files.

Verdict

APPROVE - No critical issues

The implementation is clean, follows existing patterns perfectly, and all 5 scrapers correctly inherit from CobraCliScraper (appropriate for Go-based CLI tools). The workflow integration is comprehensive and consistent with existing tool installations. The suggestions above are minor improvements for consideration, not blockers.

@thomhurst thomhurst merged commit ff9f408 into main Jan 15, 2026
12 checks passed
@thomhurst thomhurst deleted the feature/additional-cli-tools-2 branch January 15, 2026 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Common CLI Tools

1 participant

@thomhurst