keep original file order in SBOM Enrich (#258)

Author: barv-jfrog

Diff for: commands/enrich/enrich.go

@@ -1,10 +1,10 @@
 package enrich
 
 import (
-	"encoding/json"
 	"encoding/xml"
 	"errors"
 	"fmt"
+	"github.com/jfrog/jfrog-cli-security/utils/results/output"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -17,7 +17,6 @@ import (
 	"github.com/jfrog/jfrog-cli-security/commands/enrich/enrichgraph"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-cli-security/utils/results"
-	"github.com/jfrog/jfrog-cli-security/utils/results/output"
 	"github.com/jfrog/jfrog-cli-security/utils/techutils"
 	"github.com/jfrog/jfrog-cli-security/utils/xray"
 	"github.com/jfrog/jfrog-client-go/artifactory/services/fspatterns"
@@ -27,6 +26,7 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/jfrog/jfrog-client-go/xray/services"
+	orderedJson "github.com/virtuald/go-ordered-json"
 )
 
 type FileContext func(string) parallel.TaskFunc
@@ -75,8 +75,8 @@ func AppendVulnsToJson(cmdResults *results.SecurityCommandResults) error {
 	if err != nil {
 		return fmt.Errorf("error reading file: %s", err.Error())
 	}
-	var data map[string]interface{}
-	err = json.Unmarshal(fileContent, &data)
+	var data orderedJson.OrderedObject
+	err = orderedJson.Unmarshal(fileContent, &data)
 	if err != nil {
 		return fmt.Errorf("error parsing JSON: %s", err.Error())
 	}
@@ -93,7 +93,7 @@ func AppendVulnsToJson(cmdResults *results.SecurityCommandResults) error {
 			vulnerabilities = append(vulnerabilities, vulnerability)
 		}
 	}
-	data["vulnerabilities"] = vulnerabilities
+	data = append(data, orderedJson.Member{Key: "vulnerabilities", Value: vulnerabilities})
 	return output.PrintJson(data)
 }
 

Diff for: go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/owenrumney/go-sarif/v2 v2.3.0
 	github.com/stretchr/testify v1.9.0
 	github.com/urfave/cli v1.22.16
+	github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74
 	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
 	golang.org/x/sync v0.9.0
 	golang.org/x/text v0.20.0

Diff for: go.sum

@@ -257,6 +257,8 @@ github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ=
 github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po=
 github.com/vbauerster/mpb/v8 v8.8.3 h1:dTOByGoqwaTJYPubhVz3lO5O6MK553XVgUo33LdnNsQ=
 github.com/vbauerster/mpb/v8 v8.8.3/go.mod h1:JfCCrtcMsJwP6ZwMn9e5LMnNyp3TVNpUWWkN+nd4EWk=
+github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo=
+github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
 github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc=

Diff for: utils/utils.go

@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	orderedJson "github.com/virtuald/go-ordered-json"
 	"os"
 	"path/filepath"
 	"strings"
@@ -112,7 +113,7 @@ func UniqueUnion[T comparable](arr []T, elements ...T) []T {
 
 func GetAsJsonBytes(output interface{}, escapeValues, indent bool) (results []byte, err error) {
 	if escapeValues {
-		if results, err = json.Marshal(output); errorutils.CheckError(err) != nil {
+		if results, err = orderedJson.Marshal(output); errorutils.CheckError(err) != nil {
 			return
 		}
 	} else {