Skip to content

Fix component equality logic and add hash checking

Jonathan Howard requested to merge component-equality-check into dev

Checklist

  • documentation is changed or added in ./docs
  • unit tests updated to test changes

Description

Context

While updating hoppr-cop, it was found that the component equality check always returns False if neither a purl nor bom-ref are present, such as in the case for metadata.tools.components or vulnerability.tools.components.

Intent

  • Compare all other fields on both components if purl or bom-ref is not present
  • Add logic to compare hashes with matching hash algorithms on both components

Merge request reports