Merge pull request #6 from jedevc/sbom-files

Add files import from SPDX
docker · Sep 2, 2022 · 172ddb0 · 172ddb0
2 parents f893912 + d221bdf
commit 172ddb0
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/sbom.go b/sbom.go
@@ -50,6 +50,7 @@ type Package struct {
 	DownloadURL string
 	HomepageURL string
 	License     []string
+	Files       []string
 
 	CPEs []string
 }
@@ -127,6 +128,15 @@ func addSPDX(img *Image, doc *spdx.Document2_2) {
 	}
 
 	for _, p := range doc.Packages {
+		var files []string
+		for _, f := range p.Files {
+			if f == nil {
+				// HACK: the SPDX parser is broken with multiple files in hasFiles
+				continue
+			}
+			files = append(files, f.FileName)
+		}
+
 		pkg := Package{
 			Name:        p.PackageName,
 			Version:     p.PackageVersion,
@@ -135,6 +145,7 @@ func addSPDX(img *Image, doc *spdx.Document2_2) {
 			HomepageURL: p.PackageHomePage,
 			DownloadURL: p.PackageDownloadLocation,
 			License:     strings.Split(p.PackageLicenseConcluded, " AND "),
+			Files:       files,
 		}
 
 		typ := pkgTypeUnknown