Merge branch 'fix/support-cdxgen' into 'main' (91b0d813) · Commits · to be continuous... / tools / dt-sbom-scanner

.gitignore

+1 −0

+223 −195

File changed.

Preview size limit exceeded, changes collapsed.

+1 −1

Original line number	Diff line number	Diff line
		@@ -17,7 +17,7 @@ sbom-scanner = "sbom_scanner.scan:run"
		[tool.poetry.dependencies]
		python = "^3.11"
		requests = "^2.32.2"
		cyclonedx-python-lib = "^7.4.0"
		cyclonedx-python-lib = "^8.5.0"

		[tool.poetry.group.dev.dependencies]
		# new development dependencies can be added with 'poetry add -D yyy'

+8 −7

Original line number	Diff line number	Diff line
		@@ -30,16 +30,17 @@ def load_bom(file: Path) -> Bom:

		try:
		with catch_warnings(record=True) as warnings:
		if file.suffix == ".xml":
		with open(file) as reader:
		if file.suffix == ".xml":
		bom = Bom.from_xml(reader)
		else:
		with open(file) as reader:
		# NOTE: This is a hack to remove conflicting metadata
		# NOTE: This is a hack to remove conflicting fields
		# https://github.com/CycloneDX/cyclonedx-python-lib/issues/578
		raw_json = json.load(reader)
		raw_json["metadata"].pop("tools", None)
		raw_json["metadata"].pop("lifecycles", None)
		for component in raw_json.get("components", []):
		component.pop("evidence", None)
		raw_json.pop("annotations", None)
		raw_json.pop("formulation", None)
		bom = Bom.from_json(raw_json)

		# Restore original method