gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 07:40:48 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(spdx): add workaround for no src packages (#4118)

Browse Source
This commit is contained in:
Masahiro331
2023-04-28 13:16:21 +09:00
committed by GitHub
parent 45bc9e0de4
commit 1be1e2e638
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/sbom/cyclonedx/marshal.go
View File

@@ -392,6 +392,9 @@ func (e *Marshaler) reportToCdxComponent(r types.Report) (*cdx.Component, error)
component.BOMRef = p.ToString()
component.PackageURL = p.ToString()
}
case ftypes.ArtifactVM:
component.Type = cdx.ComponentTypeContainer
component.BOMRef = e.newUUID().String()
case ftypes.ArtifactFilesystem, ftypes.ArtifactRemoteRepository:
component.Type = cdx.ComponentTypeApplication
component.BOMRef = e.newUUID().String()

2
pkg/sbom/spdx/marshal.go
View File

@@ -319,7 +319,7 @@ func (m *Marshaler) pkgToSpdxPackage(t, pkgDownloadLocation string, class types.
}
var pkgSrcInfo string
if class == types.ClassOSPkg {
if class == types.ClassOSPkg && pkg.SrcName != "" {
pkgSrcInfo = fmt.Sprintf("%s: %s %s", SourcePackagePrefix, pkg.SrcName, utils.FormatSrcVersion(pkg))
}