Fix component equality logic and add hash checking
Checklist
-
documentation is changed or added in./docs
-
unit tests updated to test changes
Description
Context
While updating hoppr-cop, it was found that the component equality check always returns False
if neither a purl
nor bom-ref
are present, such as in the case for metadata.tools.components
or vulnerability.tools.components
.
Intent
- Compare all other fields on both components if
purl
orbom-ref
is not present - Add logic to compare hashes with matching hash algorithms on both components