From 22039f207ee3b9d45e868b9ff284f69645d3548b Mon Sep 17 00:00:00 2001
From: Jan Hensel <ceo@dubious.engineering>
Date: Tue, 13 Aug 2024 10:38:39 +0200
Subject: [PATCH] fix: Verify metadata is non-nil before accessing for
 timestamp

This lead to a segfault when metadata was not present in the BOM.

I don't love the code structure, but I preferred making a small
change for mergability, one which is also in line with how previous
nil-checks are performed.
---
 pkg/cdx/cdx_report.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/cdx/cdx_report.go b/pkg/cdx/cdx_report.go
index 8abb53e..18e2359 100644
--- a/pkg/cdx/cdx_report.go
+++ b/pkg/cdx/cdx_report.go
@@ -190,7 +190,7 @@ func GetCycloneDXReport(filename string) scorecard.SbomReport {
 		}
 	}
 
-	if bom.Metadata.Timestamp != "" {
+	if bom.Metadata != nil && bom.Metadata.Timestamp != "" {
 		r.hasCreationTimestamp = true
 	}