Skip to content

Commit

Permalink
MergeCommand.cs: use new cyclonedx-dotnet-library features to Cleanup…
Browse files Browse the repository at this point in the history
…MetadataComponent() and CleanupEmptyLists() as a finishing touch, to avoid inducing a spec violation with a duplicate bom-ref

Signed-off-by: Jim Klimov <[email protected]>
  • Loading branch information
jimklimov committed Aug 11, 2023
1 parent 5de8d19 commit cea2b51
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion src/cyclonedx/Commands/MergeCommand.cs
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,9 @@ public static async Task<int> Merge(MergeCommandOptions options)
}
else
{
// otherwise use the first non-null component from the input BOMs as the default
// otherwise use the first non-null component from the input
// BOMs as the default; note CleanupMetadataComponent() below
// to ensure that such bom-ref exists in the document only once.
foreach (var bom in inputBoms)
{
if(bom.Metadata != null && bom.Metadata.Component != null)
Expand All @@ -101,8 +103,19 @@ public static async Task<int> Merge(MergeCommandOptions options)
}
}

outputBom = CycloneDXUtils.CleanupMetadataComponent(outputBom);
outputBom = CycloneDXUtils.CleanupEmptyLists(outputBom);

outputBom.Version = 1;
outputBom.SerialNumber = "urn:uuid:" + System.Guid.NewGuid().ToString();
if (outputBom.Metadata is null)
{
outputBom.Metadata = new Metadata();
}
if (outputBom.Metadata.Timestamp is null)
{
outputBom.Metadata.Timestamp = DateTime.Now;
}

if (!outputToConsole)
{
Expand Down

0 comments on commit cea2b51

Please sign in to comment.