OpenAI integration and Bug Fixes (#196)

* Initial commit of AI rendering scaffold * Fixes test cases and ignore loading functionality * Dependency and release updates
devops-kung-fu · Feb 27, 2024 · 870ab0d · 870ab0d
1 parent 56a61bf
commit 870ab0d
Show file tree

Hide file tree

Showing 20 changed files with 143 additions and 117 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -21,7 +21,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.22'
           check-latest: true
       - run: go version
       - 
@@ -38,7 +38,7 @@ jobs:
           sbom-artifact-match: ".*\\.cyclonedx.json$"
       -
         name: GoReleaser Action
-        uses: goreleaser/goreleaser-action@v4.2.0
+        uses: goreleaser/goreleaser-action@v5.0.0
         with:
           version: ${{ env.GITHUB_REF_NAME }}
           args: release --clean

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,6 +1,7 @@
 {
     "cSpell.words": [
         "Afero",
+        "AIAPI",
         "anchore",
         "briandowns",
         "codecov",
@@ -33,6 +34,7 @@
         "kirinlabs",
         "kisielk",
         "novulns",
+        "openai",
         "OSSINDEX",
         "packageurl",
         "Packagist",

diff --git a/cmd/root.go b/cmd/root.go
@@ -15,7 +15,7 @@ import (
 )
 
 var (
-	version = "0.4.8"
+	version = "0.5.0"
 	output  string
 	//Afs stores a global OS Filesystem that is used throughout bomber
 	Afs = &afero.Afero{Fs: afero.NewOsFs()}
@@ -59,5 +59,5 @@ func Execute() {
 
 func init() {
 	rootCmd.PersistentFlags().BoolVar(&debug, "debug", false, "displays debug level log messages.")
-	rootCmd.PersistentFlags().StringVar(&output, "output", "stdout", "how bomber should output findings (json, html, stdout)")
+	rootCmd.PersistentFlags().StringVar(&output, "output", "stdout", "how bomber should output findings (json, html, ai, stdout)")
 }
diff --git a/cmd/scan.go b/cmd/scan.go
@@ -55,7 +55,8 @@ var (
 func init() {
 	rootCmd.AddCommand(scanCmd)
 	scanCmd.PersistentFlags().StringVar(&scanner.Credentials.Username, "username", "", "the user name for the provider being used.")
-	scanCmd.PersistentFlags().StringVar(&scanner.Credentials.Token, "token", "", "the API token for the provider being used.")
+	scanCmd.PersistentFlags().StringVar(&scanner.Credentials.ProviderToken, "token", "", "the API token for the provider being used.")
+	scanCmd.PersistentFlags().StringVar(&scanner.Credentials.OpenAIAPIKey, "openai-api-key", "", "an OpenAI API key used for generating AI output.")
 	scanCmd.PersistentFlags().StringVar(&scanner.ProviderName, "provider", "osv", "the vulnerability provider (ossindex, osv).")
 	scanCmd.PersistentFlags().StringVar(&scanner.IgnoreFile, "ignore-file", "", "an optional file containing CVEs to ignore when rendering output.")
 	scanCmd.PersistentFlags().StringVar(&scanner.Severity, "severity", "", "anything equal to or above this severity will be returned with non-zero error code.")

diff --git a/go.mod b/go.mod
@@ -1,15 +1,14 @@
 module github.com/devops-kung-fu/bomber
 
-go 1.21
-
-toolchain go1.21.3
+go 1.22
 
 require (
-	github.com/CycloneDX/cyclonedx-go v0.7.2
+	github.com/CycloneDX/cyclonedx-go v0.8.0
 	github.com/briandowns/spinner v1.23.0
 	github.com/devops-kung-fu/common v0.2.6
+	github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47
 	github.com/gookit/color v1.5.4
-	github.com/jarcoal/httpmock v1.3.0
+	github.com/jarcoal/httpmock v1.3.1
 	github.com/jedib0t/go-pretty/v6 v6.5.4
 	github.com/kirinlabs/HttpRequest v1.1.1
 	github.com/microcosm-cc/bluemonday v1.0.26
@@ -20,30 +19,22 @@ require (
 	github.com/stretchr/testify v1.8.4
 )
 
-require (
-	github.com/kr/pretty v0.3.0 // indirect
-	github.com/rogpeppe/go-internal v1.8.0 // indirect
-	golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b // indirect
-	golang.org/x/term v0.16.0 // indirect
-)
-
 require (
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fatih/color v1.16.0 // indirect
-	github.com/gomarkdown/markdown v0.0.0-20231115200524-a660076da3fd
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/term v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,41 +1,32 @@
-github.com/CycloneDX/cyclonedx-go v0.7.2 h1:kKQ0t1dPOlugSIYVOMiMtFqeXI2wp/f5DBIdfux8gnQ=
-github.com/CycloneDX/cyclonedx-go v0.7.2/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk=
+github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M=
+github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
 github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A=
 github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/devops-kung-fu/common v0.2.6 h1:HNL9suXELXHiSg7Ze0VinNkbngrBjovKYWPOckuarKc=
 github.com/devops-kung-fu/common v0.2.6/go.mod h1:ZLp6W5ewDWxmx45KF/Oj3IfJ3EhRALBkcfqLQnz23OU=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
-github.com/gomarkdown/markdown v0.0.0-20231115200524-a660076da3fd h1:PppHBegd3uPZ3Y/Iax/2mlCFJm1w4Qf/zP1MdW4ju2o=
-github.com/gomarkdown/markdown v0.0.0-20231115200524-a660076da3fd/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
+github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47 h1:k4Tw0nt6lwro3Uin8eqoET7MDA4JnT8YgbCjc/g5E3k=
+github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
 github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
 github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
 github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=
 github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
-github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
+github.com/jarcoal/httpmock v1.3.1 h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww=
+github.com/jarcoal/httpmock v1.3.1/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jedib0t/go-pretty/v6 v6.5.4 h1:gOGo0613MoqUcf0xCj+h/V3sHDaZasfv152G6/5l91s=
 github.com/jedib0t/go-pretty/v6 v6.5.4/go.mod h1:5LQIxa52oJ/DlDSLv0HEkWOFMDGoWkJb9ss5KqPpJBg=
 github.com/kirinlabs/HttpRequest v1.1.1 h1:eBbFzpRd/Y7vQhRY30frHK3yAJiT1wDlB31Ryzyklc0=
 github.com/kirinlabs/HttpRequest v1.1.1/go.mod h1:XV38fA4rXZox83tlEV9KIQ7Cdsut319x6NGzVLuRlB8=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
@@ -49,17 +40,13 @@ github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3r
 github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
 github.com/package-url/packageurl-go v0.1.2 h1:0H2DQt6DHd/NeRlVwW4EZ4oEI6Bn40XlNPRqegcxuo4=
 github.com/package-url/packageurl-go v0.1.2/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E=
 github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
-github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
 github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
@@ -79,22 +66,19 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
-golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b h1:EqBVA+nNsObCwQoBEHy4wLU0pi7i8a4AL3pbItPdPkE=
-golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561 h1:MDc5xs78ZrZr3HMQugiXOAkSZtfTpbJLDr/lwfgO53E=
+golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
-golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/lib/loader.go b/lib/loader.go
@@ -144,6 +144,16 @@ func (l *Loader) processCycloneDX(format cyclone.BOMFileFormat, b []byte, s []mo
 
 // LoadIgnore loads a list of CVEs entered one on each line from the filename
 func (l *Loader) LoadIgnore(ignoreFile string) (cves []string, err error) {
+	if ignoreFile == "" {
+		return
+	}
+	log.Printf("Loading ignore file: %v\n", ignoreFile)
+	exists, err := l.Afs.Exists(ignoreFile)
+	if !exists {
+		log.Printf("ignore file not found: %v\n", ignoreFile)
+		return nil, fmt.Errorf("ignore file not found: %v", ignoreFile)
+	}
+	log.Printf("ignore file found: %v\n", ignoreFile)
 	f, err := l.Afs.Open(ignoreFile)
 	if err != nil {
 		log.Printf("error opening ignore: %v\n", err)

diff --git a/lib/loader_test.go b/lib/loader_test.go
@@ -23,7 +23,7 @@ func SetupTest() {
 	l = Loader{Afs: afs}
 }
 
-func TestLoad_cyclonedx(t *testing.T) {
+func Test_Load_cyclonedx(t *testing.T) {
 	SetupTest()
 	err := afs.WriteFile("/test-cyclonedx.json", cyclonedx.TestBytes(), 0644)
 	assert.NoError(t, err)
@@ -71,7 +71,7 @@ func TestLoad_cyclonedx_stdin(t *testing.T) {
 	assert.NoError(t, err)
 }
 
-func TestLoad_SPDX(t *testing.T) {
+func Test_Load_SPDX(t *testing.T) {
 	SetupTest()
 	err := afs.WriteFile("/test-spdx.json", spdx.TestBytes(), 0644)
 	assert.NoError(t, err)
@@ -109,7 +109,7 @@ func TestLoad_syft(t *testing.T) {
 	assert.Error(t, err)
 }
 
-func TestLoad_BadJSON_SPDX(t *testing.T) {
+func Test_Load_BadJSON_SPDX(t *testing.T) {
 	SetupTest()
 	fudgedFile := spdx.TestBytes()
 	bogusString := "bogus"
@@ -161,7 +161,7 @@ func TestLoad_multiple_cyclonedx(t *testing.T) {
 	assert.Error(t, err)
 }
 
-func TestLoadIgnore(t *testing.T) {
+func Test_LoadIgnore(t *testing.T) {
 	SetupTest()
 	afs.WriteFile("test.ignore", []byte("test\ntest2"), 0644)
 
@@ -173,7 +173,27 @@ func TestLoadIgnore(t *testing.T) {
 	assert.Error(t, err)
 }
 
-func TestProcessCycloneDX_InvalidFormat(t *testing.T) {
+func Test_LoadIgnoreData(t *testing.T) {
+	SetupTest()
+
+	err := afs.WriteFile("/.bomber.ignore", []byte("CVE-2022-31163"), 0644)
+	assert.NoError(t, err)
+
+	results, err := l.LoadIgnore("/.bomber.ignore")
+
+	assert.NoError(t, err)
+	assert.Len(t, results, 1)
+	assert.Equal(t, results[0], "CVE-2022-31163")
+
+	_, err = l.LoadIgnore("test")
+	assert.Error(t, err)
+
+	results, err = l.LoadIgnore("")
+	assert.NoError(t, err)
+	assert.Len(t, results, 0)
+}
+
+func Test_ProcessCycloneDX_InvalidFormat(t *testing.T) {
 
 	invalidFile := []byte("{{")
 

diff --git a/lib/scanner.go b/lib/scanner.go
@@ -82,7 +82,7 @@ func (s *Scanner) scanPackages(purls []string) (response []models.Package, err e
 	}
 
 	// Load ignore data if specified
-	ignoredCVE, err := s.loadIgnoreData(s.IgnoreFile)
+	ignoredCVE, err := loader.LoadIgnore(s.IgnoreFile)
 	if err != nil {
 		util.PrintWarningf("Ignore flag set, but there was an error: %s", err)
 	}
@@ -134,14 +134,6 @@ func (s *Scanner) getProviderInfo() string {
 	return s.Provider.Info()
 }
 
-// loadIgnoreData loads the ignore data from a file if specified.
-func (s *Scanner) loadIgnoreData(ignoreFile string) ([]string, error) {
-	if ignoreFile != "" {
-		return loader.LoadIgnore(ignoreFile)
-	}
-	return nil, nil
-}
-
 // filterVulnerabilities filters vulnerabilities based on severity.
 func (s *Scanner) filterVulnerabilities(response []models.Package) {
 	if s.Severity != "" {

diff --git a/lib/scanner_test.go b/lib/scanner_test.go
@@ -1,4 +1,3 @@
-// Package lib contains core functionality to load Software Bill of Materials and contains common functions
 package lib
 
 import (
@@ -24,7 +23,7 @@ func (mp MockProvider) Info() string {
 	return "MockProviderInfo"
 }
 
-func TestdetectEcosystems(t *testing.T) {
+func Test_detectEcosystems(t *testing.T) {
 	scanner := Scanner{}
 
 	purls := []string{
@@ -38,27 +37,6 @@ func TestdetectEcosystems(t *testing.T) {
 	assert.ElementsMatch(t, []string{"golang", "npm"}, result, "Detected ecosystems do not match expected result")
 }
 
-func TestloadIgnoreData(t *testing.T) {
-	afs := &afero.Afero{Fs: afero.NewMemMapFs()}
-
-	err := afs.WriteFile("/.bomber.ignore", []byte("CVE-2022-31163"), 0644)
-	assert.NoError(t, err)
-
-	scanner := Scanner{}
-	results, err := scanner.loadIgnoreData("/.bomber.ignore")
-
-	assert.NoError(t, err)
-	assert.Len(t, results, 1)
-	assert.Equal(t, results[0], "CVE-2022-31163")
-
-	_, err = scanner.loadIgnoreData("test")
-	assert.Error(t, err)
-
-	results, err = scanner.loadIgnoreData("")
-	assert.NoError(t, err)
-	assert.Len(t, results, 0)
-}
-
 func TestScanner_Scan(t *testing.T) {
 	output := util.CaptureOutput(func() {
 		afs := &afero.Afero{Fs: afero.NewMemMapFs()}

diff --git a/models/structs.go b/models/structs.go
@@ -65,8 +65,9 @@ type ScannedFile struct {
 
 // Credentials the user credentials used by a provider to authenticate to an API
 type Credentials struct {
-	Username string
-	Token    string
+	Username      string
+	ProviderToken string
+	OpenAIAPIKey  string
 }
 
 // NewResults defines the high level output of bomber

diff --git a/providers/ossindex/OSSIndex.go b/providers/ossindex/OSSIndex.go
@@ -44,7 +44,7 @@ func (Provider) Scan(purls []string, credentials *models.Credentials) (packages
 		var coordinates CoordinateRequest
 		coordinates.Coordinates = append(coordinates.Coordinates, p...)
 		req := HttpRequest.NewRequest()
-		req.SetBasicAuth(credentials.Username, credentials.Token)
+		req.SetBasicAuth(credentials.Username, credentials.ProviderToken)
 
 		resp, _ := req.JSON().Post(ossindexURL, coordinates)
 		defer func() {
@@ -85,11 +85,11 @@ func validateCredentials(credentials *models.Credentials) (err error) {
 		credentials.Username = os.Getenv("BOMBER_PROVIDER_USERNAME")
 	}
 
-	if credentials.Token == "" {
-		credentials.Token = os.Getenv("BOMBER_PROVIDER_TOKEN")
+	if credentials.ProviderToken == "" {
+		credentials.ProviderToken = os.Getenv("BOMBER_PROVIDER_TOKEN")
 	}
 
-	if credentials.Username == "" && credentials.Token == "" {
+	if credentials.Username == "" && credentials.ProviderToken == "" {
 		err = errors.New("bomber requires a username and token to use the OSS Index provider")
 	}
 	return