fix(sbom): --enrich=all should be the default (#6095)

currently the generated SBOMs might not be too useful without enriching,
as they won't have dependencies licenses and things like that.

enriching fixes it. It's done on goreleaser `main`, not sure if we
should make this the default or not 🤔

you can verify a SBOM with:

```sh
jq -r '.components[] | .name + " " + ([.licenses[]?.license.id] | join(","))' file.sbom.json
```

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

.goreleaser.yaml

@@ -330,12 +330,6 @@ snapcrafts:
 
 sboms:
   - artifacts: archive
-    args:
-      - scan
-      - "--enrich=all"
-      - "$artifact"
-      - "--output"
-      - "cyclonedx-json=$document"
 
 signs:
   - cmd: cosign

internal/pipe/sbom/sbom.go

@@ -75,7 +75,7 @@ func setConfigDefaults(cfg *config.SBOM) error {
 	}
 	if cfg.Cmd == "syft" {
 		if len(cfg.Args) == 0 {
-			cfg.Args = []string{"$artifact", "--output", "spdx-json=$document"}
+			cfg.Args = []string{"$artifact", "--output", "spdx-json=$document", "--enrich", "all"}
 		}
 		if len(cfg.Env) == 0 && (cfg.Artifacts == "source" || cfg.Artifacts == "archive") {
 			cfg.Env = []string{

internal/pipe/sbom/sbom_test.go

@@ -24,7 +24,7 @@ func TestDescription(t *testing.T) {
 }
 
 func TestSBOMCatalogDefault(t *testing.T) {
-	defaultArgs := []string{"$artifact", "--output", "spdx-json=$document"}
+	defaultArgs := []string{"$artifact", "--output", "spdx-json=$document", "--enrich", "all"}
 	defaultSboms := []string{
 		"{{ .ArtifactName }}.sbom.json",
 	}

www/docs/customization/sbom.md

@@ -53,7 +53,7 @@ sboms:
 
     # Command line arguments for the command
     #
-    # Default: ["$artifact", "--output", "spdx-json=$document"].
+    # Default: ["$artifact", "--output", "spdx-json=$document", "--enrich", "all"].
     # Templates: allowed.
     args: ["$artifact", "--output", "cyclonedx-json=$document"]