From b2cff60798f9a3f90ae4ee9c17fa534851da050d Mon Sep 17 00:00:00 2001 From: anthonyharrison Date: Sun, 1 Dec 2024 17:33:39 +0000 Subject: [PATCH] fix: get version specific metadata (fixes #24) --- sbom4python/scanner.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/sbom4python/scanner.py b/sbom4python/scanner.py index 0eb0b8d..71457fc 100644 --- a/sbom4python/scanner.py +++ b/sbom4python/scanner.py @@ -106,7 +106,7 @@ def _create_package(self, package, version, parent="-", requirements=None): self.sbom_package.initialise() offline = False try: - self.package_metadata.get_package(package) + self.package_metadata.get_package(package, version) except Exception as ex: offline = True if self.debug: @@ -268,9 +268,9 @@ def _create_package(self, package, version, parent="-", requirements=None): self.sbom_package.set_cpe( f"cpe:2.3:a:{component_supplier.replace(' ', '_').lower()}:{package}:{cpe_version}:*:*:*:*:*:*:*" ) - checksum = self.package_metadata.get_checksum(version=version) + checksum, checksum_algorithm = self.package_metadata.get_checksum(version=version) if checksum is not None: - self.sbom_package.set_checksum("SHA1", checksum) + self.sbom_package.set_checksum(checksum_algorithm, checksum) # Copyright self.sbom_package.set_copyrighttext("NOASSERTION") # Store package data @@ -451,8 +451,6 @@ def process_module(self, module, parent="-"): # Prevent metadata being reprocessed self.metadata = {} else: - if self.debug: - print(f"Metadata for {module}\n{self.metadata}") self._create_package(package, version, parent) self._create_relationship(package, parent) if self.include_file: