chore: update developer documentation and validate makefile

Makefile

@@ -5,7 +5,7 @@ TOOL_DIR = .tool
 BINNY = $(TOOL_DIR)/binny
 TASK = $(TOOL_DIR)/task
 
-.DEFAULT_GOAL := make-default
+.DEFAULT_GOAL := default
 
 ## Bootstrapping targets #################################
 # note: we need to assume that binny and task have not already been installed

Taskfile.yaml

@@ -11,6 +11,28 @@ vars:
   NEXT_VERSION: VERSION
 
 tasks:
+  default:
+    # desc: Run all validation tasks
+    aliases:
+      - pr-validations
+      - validations
+    cmds:
+      - task: static-analysis
+      - task: test
+      - task: build
+
+  static-analysis:
+    desc: Run all static analysis tasks
+    cmds:
+      - task: check-go-mod-tidy
+      - task: check-licenses
+      - task: lint
+
+  test:
+    desc: Run all levels of test
+    cmds:
+      - task: unit
+
   ## Bootstrap tasks #################################
   binny:
     internal: true

cmd/grant/cli/command/check.go

@@ -2,7 +2,6 @@ package command
 
 import (
 	"fmt"
-	"os"
 	"slices"
 	"strings"
 
@@ -105,5 +104,5 @@ func runCheck(cfg *CheckConfig, userInput []string) (errs error) {
 		return errors.Wrap(err, fmt.Sprintf("unable to create report for inputs %s", userInput))
 	}
 
-	return rep.Render(os.Stdout)
+	return rep.Render()
 }

cmd/grant/cli/command/list.go

@@ -1,7 +1,6 @@
 package command
 
 import (
-	"os"
 	"slices"
 
 	"github.com/spf13/cobra"
@@ -57,5 +56,5 @@ func runList(cfg *ListConfig, userInput []string) error {
 	if err != nil {
 		return err
 	}
-	return rep.RenderList(os.Stdout)
+	return rep.RenderList()
 }

cmd/grant/cli/internal/check/report.go

@@ -2,7 +2,6 @@ package check
 
 import (
 	"errors"
-	"io"
 	"time"
 
 	"github.com/gookit/color"
@@ -64,27 +63,27 @@ func NewReport(rc ReportConfig, userRequests ...string) (*Report, error) {
 }
 
 // Render will call Render on each result in the report and return the report
-func (r *Report) Render(out io.Writer) error {
+func (r *Report) Render() error {
 	switch r.Config.Format {
 	case Table:
-		return r.renderCheckTree(out)
+		return r.renderCheckTree()
 	case JSON:
 		return errors.New("json format not yet supported")
 	}
 	return errors.Join(r.errors...)
 }
 
-func (r *Report) RenderList(out io.Writer) error {
+func (r *Report) RenderList() error {
 	switch r.Config.Format {
 	case Table:
-		return r.renderList(out)
+		return r.renderList()
 	case JSON:
 		return errors.New("json format not yet supported")
 	}
 	return errors.Join(r.errors...)
 }
 
-func (r *Report) renderCheckTree(out io.Writer) error {
+func (r *Report) renderCheckTree() error {
 	var uiLists []list.Writer
 	for _, res := range r.Results {
 		resulList := newList()
@@ -127,7 +126,7 @@ func (r *Report) renderCheckTree(out io.Writer) error {
 	return nil
 }
 
-func (r *Report) renderList(out io.Writer) error {
+func (r *Report) renderList() error {
 	var uiLists []list.Writer
 	for _, res := range r.Results {
 		resulList := newList()
@@ -147,7 +146,6 @@ func (r *Report) renderList(out io.Writer) error {
 				resulList.UnIndent()
 				resulList.UnIndent()
 			}
-
 		}
 		renderOrphanPackages(resulList, res, true)
 	}
@@ -180,7 +178,6 @@ func renderOrphanPackages(l list.Writer, res evalutation.Result, invert bool) {
 	}
 	l.UnIndent()
 	l.UnIndent()
-	return
 }
 
 func renderEvaluations(rule grant.Rule, showPackages bool, l list.Writer, e evalutation.LicenseEvaluations) {
@@ -211,7 +208,6 @@ func renderEvaluations(rule grant.Rule, showPackages bool, l list.Writer, e eval
 		}
 	}
 	l.UnIndent()
-	return
 }
 
 func newList() list.Writer {

docs/DESIGN.md

@@ -1,9 +1,9 @@
 ## Summary
 
-Grant is a license compliance tool that reads and audits license from SBOM inputs.
-It generates a pass or fail check depending on if the read licenses are in a deny list.
+Grant is a license compliance tool that reads and audits license from container images, SBOM documents, and directory scans.
+It generates a pass or fail check depending on if the read licenses adhear to the user's supplied rulesjk
 
-### Syft Updates
+### Syft Updates Needed to Support Grant
 
 - [Google String Classifier License](https://github.com/google/licenseclassifier/tree/main/stringclassifier)
 

docs/DEVELOPING.md

@@ -1 +1,51 @@
-# Developing
+# Developing
+
+## Getting started
+
+In order to test and develop in this repo you will need the following dependencies installed:
+- Golang
+- Docker
+- make
+
+After cloning the following step can help you get setup:
+1. run `make tools` to download tools, create the `/.tmp` dir, and download helper utilities.
+2. run `make` to view the selection of developer commands in the Makefile
+3. run `make build` to build the release snapshot binaries and packages
+4. for an even quicker start you can run `go run cmd/grant/main.go` to print the syft help.
+    - this command `go run cmd/grant/main.go check alpine:latest` will compile and run grant against the alpine:latest image
+5. view the README or grant help output for more output options
+
+The main make tasks for common static analysis and testing are `lint`, `format`, `lint-fix`, `unit`
+
+See `make help` for all the current make tasks.
+
+## Architecture
+
+At a high level, this is the package structure of grant:
+```
+./cmd/grant/
+│   ├── cli/
+│   │   ├── cli.go          // where all commands are wired up
+│   │   ├── command/        // all command implementations
+│   │   ├── internal/       // all internal command implementations
+│   │   ├── option/         // all command flags and configuration options
+│   │   └── tui/            // all handlers for events that are shown on the UI
+│   └── main.go             // entrypoint for the application
+└── grant/                  // the "core" grant library
+```
+
+## Testing
+
+### Levels of testing
+
+- `unit`: The default level of test which is distributed throughout the repo are unit tests. Any `_test.go` file that
+  does not reside somewhere within the `/test` directory is a unit test. Other forms of testing should be organized in
+  the `/test` directory. These tests should focus on correctness of functionality in depth. % test coverage metrics
+  only considers unit tests and no other forms of testing.
+
+- `integration`: TODO
+
+- `cli`: located with in `test/cli`, TODO
+
+- `acceptance`: located within `test/compare` and `test/install`, these are smoke-like tests that ensure that application  
+  packaging and installation works as expected. TODO

go.mod

@@ -15,7 +15,9 @@ require (
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-cmp v0.6.0
 	github.com/google/licenseclassifier/v2 v2.0.0
+	github.com/gookit/color v1.5.4
 	github.com/hashicorp/go-multierror v1.1.1
+	github.com/jedib0t/go-pretty/v6 v6.4.9
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/cobra v1.8.0
@@ -44,7 +46,6 @@ require (
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
-	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/becheran/wildmatch-go v1.0.0 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
@@ -84,8 +85,6 @@ require (
 	github.com/go-git/go-git/v5 v5.10.1 // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/errors v0.20.4 // indirect
-	github.com/go-openapi/strfmt v0.21.9 // indirect
 	github.com/go-restruct/restruct v1.2.0-alpha // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -95,15 +94,11 @@ require (
 	github.com/google/licensecheck v0.3.1 // indirect
 	github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 // indirect
 	github.com/google/uuid v1.4.0 // indirect
-	github.com/gookit/color v1.5.4 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/iancoleman/strcase v0.3.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jedib0t/go-prettY v4.3.0+incompatible // indirect
-	github.com/jedib0t/go-pretty v4.3.0+incompatible // indirect
-	github.com/jedib0t/go-pretty/v6 v6.4.9 // indirect
 	github.com/jinzhu/copier v0.4.0 // indirect
 	github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
@@ -133,7 +128,6 @@ require (
 	github.com/muesli/reflow v0.3.0 // indirect
 	github.com/muesli/termenv v0.15.2 // indirect
 	github.com/nwaples/rardecode v1.1.0 // indirect
-	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
 	github.com/opencontainers/runc v1.1.5 // indirect
@@ -178,7 +172,6 @@ require (
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
-	go.mongodb.org/mongo-driver v1.13.0 // indirect
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.14.0 // indirect