From 04af59c2906bcfc7f7970b4e8f45a90f04313170 Mon Sep 17 00:00:00 2001 From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Date: Fri, 7 Jun 2024 14:44:07 +0600 Subject: [PATCH] fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866) --- pkg/sbom/io/decode.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/sbom/io/decode.go b/pkg/sbom/io/decode.go index e4df3bee8489..917684962d20 100644 --- a/pkg/sbom/io/decode.go +++ b/pkg/sbom/io/decode.go @@ -271,6 +271,11 @@ func (m *Decoder) fillSrcPkg(c *core.Component, pkg *ftypes.Package) { } m.parseSrcVersion(pkg, c.SrcVersion) + // Source info was added from component or properties + if pkg.SrcName != "" && pkg.SrcVersion != "" { + return + } + // Fill source package information for components in third-party SBOMs . if pkg.SrcName == "" { pkg.SrcName = pkg.Name