Skip to content

Commit 63b0d95

Browse files
wp0pwWaldemar Parzonka
wp0pw
and
Waldemar Parzonka
authored
Handle two version of syft (#19)
* #6211 add alternative version of syft for jar files * #6211 deal with the case we have no metadata in xml * #6211 make xml modification more resilent Co-authored-by: Waldemar Parzonka <[email protected]>
1 parent b3e49aa commit 63b0d95

File tree

1 file changed

+17
-5
lines changed

1 file changed

+17
-5
lines changed

scripts/sbom_scraper.sh

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -213,7 +213,7 @@ then
213213
INPUT=$(ls)
214214
OUTFILE=${INPUT}.${FORMAT}.sbom
215215
OUTPUT="${TEMPDIR}/${OUTFILE}"
216-
syft -q packages --scope all-layers -o "${FORMAT}" "file:${INPUT}" > "${OUTPUT}"
216+
syftjar -q packages --scope all-layers -o "${FORMAT}" "file:${INPUT}" > "${OUTPUT}"
217217
popd > /dev/null
218218

219219
COMPONENT_NAME=$(xq -r .bom.metadata.component.name "$OUTPUT")
@@ -403,11 +403,14 @@ et = ET.parse(sys.stdin)
403403
root = et.getroot()
404404
405405
metadata = root.find('metadata', ns)
406+
if not metadata:
407+
metadata = ET.SubElement(root, 'metadata')
406408
407409
# Add this tool
408410
tools = metadata.find('tools', ns)
409411
if not tools:
410412
tools = ET.SubElement(metadata, 'tools')
413+
411414
tool = ET.SubElement(tools, 'tool')
412415
ET.SubElement(tool, 'vendor').text = '$TOOL_VENDOR'
413416
ET.SubElement(tool, 'name').text = '$TOOL_NAME'
@@ -426,6 +429,8 @@ ET.SubElement(author, 'name').text = '$AUTHOR_NAME'
426429
ET.SubElement(author, 'email').text = '$AUTHOR_EMAIL'
427430
428431
component = metadata.find('component', ns)
432+
if not component:
433+
component = ET.SubElement(metadata, 'component')
429434
430435
# Update component publisher and author
431436
publisher = component.find('publisher', ns)
@@ -436,14 +441,21 @@ publisher.text = '$COMPONENT_AUTHOR_NAME'
436441
author = component.find('author', ns)
437442
if not author:
438443
author = ET.Element('author')
439-
component.insert(0, author)
444+
component.insert(1, author)
440445
author.text = '$COMPONENT_AUTHOR_NAME'
441446
442447
# Update component name and version
443-
component.find('name', ns).text = '$COMPONENT_NAME'
448+
name = component.find('name', ns)
449+
if not name:
450+
name = ET.SubElement(component, 'name')
451+
452+
name.text = '$COMPONENT_NAME'
444453
component_version = '$COMPONENT_VERSION'
445454
if component_version:
446-
component.find('version', ns).text = component_version
455+
version = component.find('version', ns)
456+
if not version:
457+
version = ET.SubElement(component, 'version')
458+
version.text = component_version
447459
448460
# Update component hash
449461
component_hash_alg = '${COMPONENT_HASH_ALG}'
@@ -458,7 +470,7 @@ if component_hash_alg:
458470
supplier = component.find('supplier', ns)
459471
if not supplier:
460472
supplier = ET.Element('supplier')
461-
component.insert(0, supplier)
473+
component.insert(4, supplier)
462474
ET.SubElement(supplier, 'name').text = '$SUPPLIER_NAME'
463475
ET.SubElement(supplier, 'url').text = '$SUPPLIER_URL'
464476

0 commit comments

Comments
 (0)