Unverified Commit b4bc6fcb authored by Stein Welberg's avatar Stein Welberg
Browse files

fix: gracefully handle missing VEX file 



The script supports uploading multiple SBOMs. In case one of the SBOMs does not have a VEX file yet, the script previously would fails. It is nicer to just not upload the VEX file in that case and log a warning.

Signed-off-by: default avatarStein Welberg <mail@steinwelberg.nl>
parent 0a135584

sbom_scanner/scan.py

+0 −9
Original line number Diff line number Diff line
@@ -747,11 +747,6 @@ class Scanner: 
                sbom_file_prefix = sbom_file_path.name.split(".")[0]

                vex_file_path = sbom_file_path.with_name(f"{sbom_file_prefix}.vex.json")



                if self.upload_vex and not vex_file_path.exists():

                    fail(

                        f"- VEX file {AnsiColors.HRED}not found{AnsiColors.RESET}: {AnsiColors.HGRAY}{vex_file_path}{AnsiColors.RESET}"

                    )



                sbom = sbom_utils.load_bom(sbom_file_path)

                if self.merge:

                    sboms.append(sbom)
@@ -794,10 +789,6 @@ class Scanner: 
                    merged_sbom, Path(self.merge_output), self.cdx_schema_version

                )

            vex_file_path = Path(self.merged_vex_file) if self.merged_vex_file else None

            if self.upload_vex and not vex_file_path.exists():

                fail(

                    f"- VEX file {AnsiColors.HRED}not found{AnsiColors.RESET}: {AnsiColors.HGRAY}{vex_file_path}{AnsiColors.RESET}"

                )



            self.publish(merged_sbom, "merged", vex_file_path)