refactor(cyclonedx): implement json.Unmarshaler (#2662)

* refactor(cyclonedx): implement json.Unmarshaler

* fix: use pointer

pkg/fanal/artifact/sbom/sbom.go

@@ -59,18 +59,11 @@ func (a Artifact) Inspect(_ context.Context) (types.ArtifactReference, error) {
 		return types.ArtifactReference{}, xerrors.Errorf("seek error: %w", err)
 	}
 
-	var unmarshaler sbom.Unmarshaler
-	switch format {
-	case sbom.FormatCycloneDXJSON:
-		unmarshaler = cyclonedx.NewJSONUnmarshaler()
-	default:
-		return types.ArtifactReference{}, xerrors.Errorf("%s scanning is not yet supported", format)
-
-	}
-	bom, err := unmarshaler.Unmarshal(f)
+	bom, err := a.Decode(f, format)
 	if err != nil {
-		return types.ArtifactReference{}, xerrors.Errorf("failed to unmarshal: %w", err)
+		return types.ArtifactReference{}, xerrors.Errorf("SBOM decode error: %w", err)
 	}
+
 	blobInfo := types.BlobInfo{
 		SchemaVersion: types.BlobJSONSchemaVersion,
 		OS:            bom.OS,
@@ -104,6 +97,30 @@ func (a Artifact) Inspect(_ context.Context) (types.ArtifactReference, error) {
 	}, nil
 }
 
+func (a Artifact) Decode(f io.Reader, format sbom.Format) (sbom.SBOM, error) {
+	var (
+		v       interface{}
+		bom     sbom.SBOM
+		decoder interface{ Decode(any) error }
+	)
+
+	switch format {
+	case sbom.FormatCycloneDXJSON:
+		v = &cyclonedx.CycloneDX{SBOM: &bom}
+		decoder = json.NewDecoder(f)
+	default:
+		return sbom.SBOM{}, xerrors.Errorf("%s scanning is not yet supported", format)
+
+	}
+
+	// Decode a file content into sbom.SBOM
+	if err := decoder.Decode(v); err != nil {
+		return sbom.SBOM{}, xerrors.Errorf("failed to decode: %w", err)
+	}
+
+	return bom, nil
+}
+
 func (a Artifact) Clean(reference types.ArtifactReference) error {
 	return a.cache.DeleteBlobs(reference.BlobIDs)
 }