fix: Update file delta_sbom.py to check (!493) · Merge requests · hoppr / hoppr

Seth Stevens requested to merge fix-295 into dev Oct 12, 2023

This MR is to fix #295 (closed). The issue is that if a component in one of the sBOMs provided to Hoppr during a delta execution does not have a purl, Hoppr will error out due to a TypeError. This MR uses code provided by @lmco.jhoward to check if either the new or previous component is missing a purl (a falsy value purl), then return False if this is the state. This avoids an error state with Hoppr.

Checklist

unit tests updated to test changes

Description

Checks if the purl of either the new or previous component is a falsy value, then returns False if true. Simple change to the delta_sbom.py file. Code was graciously provided by Jonathan. Unit tests updated to cover this case.

Context

Working with Hoppr and attempting to use -pd flag to generate delta bundle, using syft generated BOMs for a docker image. #295 (closed) has more details.

Intent

Test for component not having a purl and deal with that situation gracefully

fix: Update file delta_sbom.py to check

Checklist

Description

Context

Intent

Merge request reports