Skip to content

Commit

Permalink
fix(sbom): parse type framework as library when unmarshalling `Cy…
Browse files Browse the repository at this point in the history
…cloneDX` files (aquasecurity#7527)
  • Loading branch information
DmitriyLewen authored Sep 18, 2024
1 parent d1d7132 commit aeb7039
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion pkg/sbom/cyclonedx/testdata/happy/third-party-bom.json
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@
},
{
"bom-ref": "pkg:composer/pear/[email protected]",
"type": "library",
"type": "framework",
"name": "pear/pear_exception",
"version": "v1.0.0",
"purl": "pkg:composer/pear/[email protected]"
Expand Down
5 changes: 4 additions & 1 deletion pkg/sbom/cyclonedx/unmarshal.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,10 @@ func (b *BOM) unmarshalType(t cdx.ComponentType) (core.ComponentType, error) {
ctype = core.TypeContainerImage
case cdx.ComponentTypeApplication:
ctype = core.TypeApplication
case cdx.ComponentTypeLibrary:
// There are not many differences between a `library` and a `framework` components, and sometimes it is difficult to choose the right type.
// That is why some users choose `framework` type.
// So we should parse and scan `framework` components as libraries.
case cdx.ComponentTypeLibrary, cdx.ComponentTypeFramework:
ctype = core.TypeLibrary
case cdx.ComponentTypeOS:
ctype = core.TypeOS
Expand Down

0 comments on commit aeb7039

Please sign in to comment.