feat: resolve windows analyzer paths

.families.yaml

@@ -3,9 +3,12 @@ sbom:
   analyzers_list:
     - "syft"
     - "gomod"
+#    - "windows"
   inputs:
     - input: "node:slim"
       input_type: "image"
+#    - input: "/mnt"
+#      input_type: "rootfs"
 #    - input: "nginx:1.10"
 #      input_type: "image"
 #  merge_with:

README.md

@@ -120,6 +120,7 @@ These tools include:
 - SBOM Generation and Analysis
   - [Syft](https://github.com/anchore/syft)
   - [Trivy](https://github.com/aquasecurity/trivy)
+  - [Windows Registry](cli/analyzer/windows)
 - Vulnerability detection
   - [Grype](https://github.com/anchore/grype)
   - [Trivy](https://github.com/aquasecurity/trivy)

cli/analyzer/windows/registry/registry.go → cli/analyzer/windows/registry.go

@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package registry
+package windows
 
 import (
 	"fmt"
@@ -287,19 +287,6 @@ func (r *Registry) GetBOM() (*cdx.BOM, error) {
 			return nil, fmt.Errorf("unable to get platform data: %w", err)
 		}
 
-		// Convert platform registry data to a list of cyclonedx properties. This
-		// provides additional details in case some of the metadata fields are missing.
-		properties := []cdx.Property{}
-		for key, value := range platformData {
-			if key == "" || value == "" { // skip empty
-				continue
-			}
-			properties = append(properties, cdx.Property{
-				Name:  fmt.Sprintf("windows:registry:%s", key),
-				Value: value,
-			})
-		}
-
 		// Extract manufacturer if available
 		var manufacturer *cdx.OrganizationalEntity
 		if name, ok := platformData["SystemManufacturer"]; ok {
@@ -327,7 +314,12 @@ func (r *Registry) GetBOM() (*cdx.BOM, error) {
 			Supplier: &cdx.OrganizationalEntity{
 				Name: "Microsoft Corporation",
 			},
-			Properties: &properties,
+			Properties: &[]cdx.Property{
+				{
+					Name:  "analyzers",
+					Value: AnalyzerName,
+				},
+			},
 		}
 	}
 

cli/analyzer/windows/registry/registry_test.go → cli/analyzer/windows/registry_test.go

@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package registry
+package windows
 
 import (
 	"fmt"

cli/analyzer/windows/windows.go

@@ -21,7 +21,6 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/openclarity/vmclarity/cli/analyzer"
-	"github.com/openclarity/vmclarity/cli/analyzer/windows/registry"
 	"github.com/openclarity/vmclarity/cli/job_manager"
 	"github.com/openclarity/vmclarity/cli/utils"
 )
@@ -51,12 +50,12 @@ func (a *Analyzer) Run(sourceType utils.SourceType, userInput string) error {
 
 		// Create Windows registry based on supported input types
 		var err error
-		var reg *registry.Registry
+		var registry *Registry
 		switch sourceType {
 		case utils.FILE: // Use file location to the registry
-			reg, err = registry.NewRegistry(userInput, a.logger)
+			registry, err = NewRegistry(userInput, a.logger)
 		case utils.ROOTFS, utils.DIR: // Use mount drive as input
-			reg, err = registry.NewRegistryForMount(userInput, a.logger)
+			registry, err = NewRegistryForMount(userInput, a.logger)
 		case utils.SBOM, utils.IMAGE, utils.DOCKERARCHIVE, utils.OCIARCHIVE, utils.OCIDIR: // Unsupported
 			fallthrough
 		default:
@@ -68,10 +67,10 @@ func (a *Analyzer) Run(sourceType utils.SourceType, userInput string) error {
 			a.setError(res, fmt.Errorf("failed to open registry: %w", err))
 			return
 		}
-		defer reg.Close()
+		defer registry.Close()
 
 		// Fetch BOM from registry details
-		bom, err := reg.GetBOM()
+		bom, err := registry.GetBOM()
 		if err != nil {
 			a.setError(res, fmt.Errorf("failed to get bom from registry: %w", err))
 			return