Support offline validation (no network) using only built-in, local sc…

…hema

Signed-off-by: Matt Rutkowski <[email protected]>

.vscode/launch.json

@@ -4,6 +4,17 @@
     // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
     "version": "0.2.0",
     "configurations": [
+
+        {
+            "showGlobalVariables": true,
+            "name": "Debug: validate",
+            "type": "go",
+            "request": "launch",
+            "mode": "debug",
+            "program": "main.go", // "program": "${file}",
+            "args": ["validate", "-i", "examples/cyclonedx/SBOM/protonmail-webclient-v4-0912dff/bom.json"],
+            "dlvFlags": ["--check-go-version=false"]
+        },
         {
             "showGlobalVariables": true,
             "name": "Debug: validate (offline)",

README.md

@@ -328,6 +328,10 @@ Use the [schema](#schema) command to list supported schemas formats, versions an
 
 Customized JSON schemas can also be permanently configured as named schema "variants" within the utility's configuration file. See [adding schemas](#adding-schemas).
 
+- **Overriding default schema** 
+  - Using the [`--force` flag](#--force-flag) and passing in a URI to an alternative JSON schema.
+- **"Customized" schema** variants, perhaps derived from standard BOM schemas, can be used for validation using the `--variant` flag (e.g., industry or company-specific schemas). 
+  - **Note**: *These variants need to be built into the utility binary as a resource.*
 - **Overriding default schema** 
   - Using the [`--force` flag](#--force-flag) and passing in a URI to an alternative JSON schema.
 - **"Customized" schema** variants, perhaps derived from standard BOM schemas, can be used for validation using the `--variant` flag (e.g., industry or company-specific schemas). 
@@ -339,6 +343,11 @@ The following flags can be used to improve performance when formatting error out
 
 ##### `--force` flag
 
+You can override the schema used for validation *(which defaults to the schema that matches the declared format and version found in the input BOM file)* by providing a different one using the `--force` flag. This may be useful to verify a BOM contents against a newer specification version or provide a customized schema.
+  - **Note**: *The `--force` flag works with schema files with valid URIs which include URLs (e.g., 'https://') and files (e.g., 'file://').*
+
+##### `--force` flag
+
 You can override the schema used for validation *(which defaults to the schema that matches the declared format and version found in the input BOM file)* by providing a different one using the `--force` flag. This may be useful to verify a BOM contents against a newer specification version or provide a customized schema.
   - **Note**: *The `--force` flag works with schema files with valid URIs which include URLs (e.g., 'https://') and files (e.g., 'file://').*
 
@@ -386,12 +395,6 @@ echo $?
 0  // no error (valid)
 ```
 
-##### Example: Validate 1.5
-
-```bash
-./sbom-utility validate -i test/cyclonedx/cdx-1-5-mature-example-1.json
-```
-
 ##### Example: Validate using a remote JSON schema file using '--force' flag
 
 ```bash

cmd/validate.go

@@ -323,7 +323,7 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
 		}
 
 		if errLoad != nil {
-			return INVALID, bom, schemaErrors, fmt.Errorf("unable to load schema: '%s'", schemaName)
+			return INVALID, bom, schemaErrors, fmt.Errorf("unable to load schema: `%s`", schemaName)
 		}
 	}