Feat: add aibom test command

[sburuiana-snyk]

Pull Request Submission Checklist

• Follows CONTRIBUTING guidelines
• Commit messages
  are release-note ready, emphasizing
  what was changed, not how.
• Includes detailed description of changes
• Contains risk assessment (Low | Medium | High)
• Highlights breaking API changes (if applicable)
• Links to automated tests covering new functionality
• Includes manual testing instructions (if necessary)
• Updates relevant GitBook documentation (PR link: here)
• [?] Includes product update to be announced in the next stable release notes -- product knows about it, do I need them to have an update message that I attach to this PR?

What does this PR do?

Bumps up the cli-extension-aibom version to include the latest aibom test feature.
This feature was added in PR#56 and PR#57 in the extension, and is explained in those PR descriptions together with examples.

This PR also includes new tests for this feature.

Risk assessment (Low | Medium | High)?

I would say this is low, as it doesn't impact any existing CLI features.

Any background context you want to provide?

What are the relevant tickets?

AIBOM-16

Screenshots (if appropriate)

See the screenshots in the cli-extension-aibom PRs linked above.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Minor: Potential File Leak 🟡 [minor] In the test 'aibom test with --json-file-output writes results to file', the temporary file created at outputPath is deleted using fs.unlinkSync(outputPath) at the end of the test. However, if any assertion (like expect(code).toEqual(1)) fails, the deletion line is skipped, leaving the temporary file on the filesystem. Consider using a try...finally block or a global afterEach hook to ensure the file is always cleaned up, or use a utility like createProject if applicable. expect(result.data.attributes.issues[0].description).toEqual( 'Disallowed model', ); fs.unlinkSync(outputPath); Minor: Inconsistent Import Style 🟡 [minor] The test file uses a top-level import for the os module but uses a dynamic await import('fs') inside a test block. For consistency and performance (avoiding repeated imports if the test is modified or expanded), the fs module should be imported at the top of the file alongside os and path. const fs = await import('fs');

📚 Repository Context Analyzed This review considered 13 relevant code sections from 9 files (average relevance: 0.98) cliv2/cmd/cliv2/main.go (lines 93-760) package.json (2 segments, lines 1-100) scripts/upgrade-snyk-go-dependencies.go (lines 1-134) dangerfile.js (lines 1-111) CONTRIBUTING.md (4 segments, lines 301-400) help/cli-commands/iac-rules-test.md (lines 1-38) help/cli-commands/test.md (lines 1-100) ... and 2 more file(s)