fix(sbom): change error to warning for multiple OSes (#6541)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

integration/testdata/fixtures/sbom/minikube-kbom.json

@@ -48,6 +48,22 @@
         }
       ]
     },
+    {
+      "bom-ref": "b6f66546-5a5c-4fe8-a30f-acb04013c151",
+      "type": "operating-system",
+      "name": "ubuntu",
+      "version": "22.04.2",
+      "properties": [
+        {
+          "name": "aquasecurity:trivy:Class",
+          "value": "os-pkgs"
+        },
+        {
+          "name": "aquasecurity:trivy:Type",
+          "value": "ubuntu"
+        }
+      ]
+    },
     {
       "bom-ref": "a62abb1f-cb38-4fde-90f3-2bda3b87ddb2",
       "type": "application",
@@ -325,6 +341,10 @@
       "ref": "5262e708-f1a3-4fca-a1c3-0a8384f7f4a5",
       "dependsOn": []
     },
+    {
+      "ref": "b6f66546-5a5c-4fe8-a30f-acb04013c151",
+      "dependsOn": []
+    },
     {
       "ref": "a62abb1f-cb38-4fde-90f3-2bda3b87ddb2",
       "dependsOn": [
@@ -336,6 +356,7 @@
       "ref": "a6350ac3-52f6-4c5f-a3e3-184b9a634bef",
       "dependsOn": [
         "5262e708-f1a3-4fca-a1c3-0a8384f7f4a5",
+        "b6f66546-5a5c-4fe8-a30f-acb04013c151",
         "a62abb1f-cb38-4fde-90f3-2bda3b87ddb2"
       ]
     },

pkg/sbom/io/decode.go

@@ -5,6 +5,7 @@ import (
 	"slices"
 	"sort"
 	"strconv"
+	"sync"
 
 	debver "github.com/knqyf263/go-deb-version"
 	rpmver "github.com/knqyf263/go-rpm-version"
@@ -107,11 +108,16 @@ func (m *Decoder) decodeRoot(s *types.SBOM) error {
 }
 
 func (m *Decoder) decodeComponents(sbom *types.SBOM) error {
+	onceMultiOSWarn := sync.OnceFunc(func() {
+		log.Logger.Warn("Multiple OS components are not supported, taking the first one and ignoring the rest")
+	})
+
 	for id, c := range m.bom.Components() {
 		switch c.Type {
 		case core.TypeOS:
 			if m.osID != uuid.Nil {
-				return xerrors.New("multiple OS components are not supported")
+				onceMultiOSWarn()
+				continue
 			}
 			m.osID = id
 			sbom.Metadata.OS = &ftypes.OS{