Skip to content

Commit

Permalink
sbom: add multiple pkgbase if they match
Browse files Browse the repository at this point in the history
We have multiple packages with the same CPE, and since we now have
multiple components with the same name they get merged by grype into
one, which means each SBOM component can point to multiple pkgbase
values.
  • Loading branch information
lazka committed Dec 23, 2024
1 parent da03cb0 commit 5fe2218
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion msys2_devtools/sbom.py
Original file line number Diff line number Diff line change
Expand Up @@ -176,8 +176,12 @@ def get_component_key(component: Component) -> str:
return (component.name, component.version, component.purl, cpe_key)

for component in src_bom.components:
assert isinstance(component, Component)
key = get_component_key(component)
properties[key] = component.properties
if key not in properties:
properties[key] = component.properties
else:
properties[key].update(component.properties)

with open(args.target_sbom, "r", encoding="utf-8") as h:
target_bom: Bom = Bom.from_json(json.loads(h.read()))
Expand Down

0 comments on commit 5fe2218

Please sign in to comment.