mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
fix(sbom): use NOASSERTION for licenses fields in SPDX formats (#7403)
This commit is contained in:
DmitriyLewen
12
integration/testdata/julia-spdx.json.golden
vendored
12
integration/testdata/julia-spdx.json.golden
vendored
@@ -31,8 +31,8 @@
|
|||||||
"downloadLocation": "NONE",
|
"downloadLocation": "NONE",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"sourceInfo": "package found in: Manifest.toml",
|
"sourceInfo": "package found in: Manifest.toml",
|
||||||
"licenseConcluded": "NONE",
|
"licenseConcluded": "NOASSERTION",
|
||||||
"licenseDeclared": "NONE",
|
"licenseDeclared": "NOASSERTION",
|
||||||
"externalRefs": [
|
"externalRefs": [
|
||||||
{
|
{
|
||||||
"referenceCategory": "PACKAGE-MANAGER",
|
"referenceCategory": "PACKAGE-MANAGER",
|
||||||
@@ -54,8 +54,8 @@
|
|||||||
"downloadLocation": "NONE",
|
"downloadLocation": "NONE",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"sourceInfo": "package found in: Manifest.toml",
|
"sourceInfo": "package found in: Manifest.toml",
|
||||||
"licenseConcluded": "NONE",
|
"licenseConcluded": "NOASSERTION",
|
||||||
"licenseDeclared": "NONE",
|
"licenseDeclared": "NOASSERTION",
|
||||||
"externalRefs": [
|
"externalRefs": [
|
||||||
{
|
{
|
||||||
"referenceCategory": "PACKAGE-MANAGER",
|
"referenceCategory": "PACKAGE-MANAGER",
|
||||||
@@ -77,8 +77,8 @@
|
|||||||
"downloadLocation": "NONE",
|
"downloadLocation": "NONE",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"sourceInfo": "package found in: Manifest.toml",
|
"sourceInfo": "package found in: Manifest.toml",
|
||||||
"licenseConcluded": "NONE",
|
"licenseConcluded": "NOASSERTION",
|
||||||
"licenseDeclared": "NONE",
|
"licenseDeclared": "NOASSERTION",
|
||||||
"externalRefs": [
|
"externalRefs": [
|
||||||
{
|
{
|
||||||
"referenceCategory": "PACKAGE-MANAGER",
|
"referenceCategory": "PACKAGE-MANAGER",
|
||||||
|
|||||||
@@ -33,6 +33,7 @@ const (
|
|||||||
CreatorOrganization = "aquasecurity"
|
CreatorOrganization = "aquasecurity"
|
||||||
CreatorTool = "trivy"
|
CreatorTool = "trivy"
|
||||||
noneField = "NONE"
|
noneField = "NONE"
|
||||||
|
noAssertionField = "NOASSERTION"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@@ -378,7 +379,7 @@ func (m *Marshaler) spdxAttributionTexts(c *core.Component) []string {
|
|||||||
|
|
||||||
func (m *Marshaler) spdxLicense(c *core.Component) string {
|
func (m *Marshaler) spdxLicense(c *core.Component) string {
|
||||||
if len(c.Licenses) == 0 {
|
if len(c.Licenses) == 0 {
|
||||||
return noneField
|
return noAssertionField
|
||||||
}
|
}
|
||||||
return NormalizeLicense(c.Licenses)
|
return NormalizeLicense(c.Licenses)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -217,8 +217,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "actioncontroller",
|
PackageName: "actioncontroller",
|
||||||
PackageVersion: "7.0.1",
|
PackageVersion: "7.0.1",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PackageAttributionTexts: []string{
|
PackageAttributionTexts: []string{
|
||||||
"PkgType: bundler",
|
"PkgType: bundler",
|
||||||
},
|
},
|
||||||
@@ -238,8 +238,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "actionpack",
|
PackageName: "actionpack",
|
||||||
PackageVersion: "7.0.1",
|
PackageVersion: "7.0.1",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PackageAttributionTexts: []string{
|
PackageAttributionTexts: []string{
|
||||||
"PkgType: bundler",
|
"PkgType: bundler",
|
||||||
},
|
},
|
||||||
@@ -259,8 +259,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "actionpack",
|
PackageName: "actionpack",
|
||||||
PackageVersion: "7.0.1",
|
PackageVersion: "7.0.1",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PackageAttributionTexts: []string{
|
PackageAttributionTexts: []string{
|
||||||
"PkgType: bundler",
|
"PkgType: bundler",
|
||||||
},
|
},
|
||||||
@@ -536,8 +536,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "actionpack",
|
PackageName: "actionpack",
|
||||||
PackageVersion: "7.0.1",
|
PackageVersion: "7.0.1",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PackageExternalReferences: []*spdx.PackageExternalReference{
|
PackageExternalReferences: []*spdx.PackageExternalReference{
|
||||||
{
|
{
|
||||||
Category: tspdx.CategoryPackageManager,
|
Category: tspdx.CategoryPackageManager,
|
||||||
@@ -561,8 +561,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "actionpack",
|
PackageName: "actionpack",
|
||||||
PackageVersion: "7.0.1",
|
PackageVersion: "7.0.1",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PackageExternalReferences: []*spdx.PackageExternalReference{
|
PackageExternalReferences: []*spdx.PackageExternalReference{
|
||||||
{
|
{
|
||||||
Category: tspdx.CategoryPackageManager,
|
Category: tspdx.CategoryPackageManager,
|
||||||
@@ -750,8 +750,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "actioncable",
|
PackageName: "actioncable",
|
||||||
PackageVersion: "6.1.4.1",
|
PackageVersion: "6.1.4.1",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PackageExternalReferences: []*spdx.PackageExternalReference{
|
PackageExternalReferences: []*spdx.PackageExternalReference{
|
||||||
{
|
{
|
||||||
Category: tspdx.CategoryPackageManager,
|
Category: tspdx.CategoryPackageManager,
|
||||||
@@ -771,8 +771,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "com.example:example",
|
PackageName: "com.example:example",
|
||||||
PackageVersion: "1.0.0",
|
PackageVersion: "1.0.0",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PackageExternalReferences: []*spdx.PackageExternalReference{
|
PackageExternalReferences: []*spdx.PackageExternalReference{
|
||||||
{
|
{
|
||||||
Category: tspdx.CategoryPackageManager,
|
Category: tspdx.CategoryPackageManager,
|
||||||
@@ -889,8 +889,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "org.apache.logging.log4j:log4j-core",
|
PackageName: "org.apache.logging.log4j:log4j-core",
|
||||||
PackageVersion: "2.17.0",
|
PackageVersion: "2.17.0",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PackageExternalReferences: []*spdx.PackageExternalReference{
|
PackageExternalReferences: []*spdx.PackageExternalReference{
|
||||||
{
|
{
|
||||||
Category: tspdx.CategoryPackageManager,
|
Category: tspdx.CategoryPackageManager,
|
||||||
@@ -1229,8 +1229,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageSPDXIdentifier: spdx.ElementID("Package-b1c3b9e2363f5ff7"),
|
PackageSPDXIdentifier: spdx.ElementID("Package-b1c3b9e2363f5ff7"),
|
||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "./private_repos/cnrm.googlesource.com/cnrm/",
|
PackageName: "./private_repos/cnrm.googlesource.com/cnrm/",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PrimaryPackagePurpose: tspdx.PackagePurposeLibrary,
|
PrimaryPackagePurpose: tspdx.PackagePurposeLibrary,
|
||||||
PackageSupplier: &spdx.Supplier{Supplier: tspdx.PackageSupplierNoAssertion},
|
PackageSupplier: &spdx.Supplier{Supplier: tspdx.PackageSupplierNoAssertion},
|
||||||
PackageSourceInfo: "package found in: /usr/local/bin/test",
|
PackageSourceInfo: "package found in: /usr/local/bin/test",
|
||||||
@@ -1243,8 +1243,8 @@ func TestMarshaler_Marshal(t *testing.T) {
|
|||||||
PackageDownloadLocation: "NONE",
|
PackageDownloadLocation: "NONE",
|
||||||
PackageName: "golang.org/x/crypto",
|
PackageName: "golang.org/x/crypto",
|
||||||
PackageVersion: "v0.0.1",
|
PackageVersion: "v0.0.1",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NOASSERTION",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NOASSERTION",
|
||||||
PackageExternalReferences: []*spdx.PackageExternalReference{
|
PackageExternalReferences: []*spdx.PackageExternalReference{
|
||||||
{
|
{
|
||||||
Category: tspdx.CategoryPackageManager,
|
Category: tspdx.CategoryPackageManager,
|
||||||
|
|||||||
Reference in New Issue
Block a user