This is an automated email from the ASF dual-hosted git repository. arm pushed a commit to branch sbom_report_updates in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit 23e133f42b726d63506d98fb4c0c6fafd6cef753 Author: Alastair McFarlane <[email protected]> AuthorDate: Thu Dec 11 14:29:42 2025 +0000 Include source component on the conformance error model. Skip missing component errors for "file" components as they don't have PURLs etc. --- atr/sbom/conformance.py | 14 ++++++++++++-- atr/sbom/models/bom.py | 1 + atr/sbom/models/conformance.py | 1 + 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/atr/sbom/conformance.py b/atr/sbom/conformance.py index f3e868a..50c3f78 100644 --- a/atr/sbom/conformance.py +++ b/atr/sbom/conformance.py @@ -289,7 +289,8 @@ def ntia_2021_issues( cpe_is_none = bom_value.metadata.component.cpe is None purl_is_none = bom_value.metadata.component.purl is None swid_is_none = bom_value.metadata.component.swid is None - if cpe_is_none and purl_is_none and swid_is_none: + type_is_file = bom_value.metadata.component.model_extra.get('type', None) == 'file' + if cpe_is_none and purl_is_none and swid_is_none and not type_is_file: warnings.append( models.conformance.MissingComponentProperty( property=models.conformance.ComponentProperty.IDENTIFIER @@ -307,11 +308,16 @@ def ntia_2021_issues( errors.append(models.conformance.MissingProperty(property=models.conformance.Property.METADATA)) for index, component in enumerate(bom_value.components or []): + component_type = component.model_extra.get('type', None) + component_friendly_name = component.name + if component_type is not None: + component_friendly_name = f"{component_type}: {component_friendly_name}" if component.supplier is None: errors.append( models.conformance.MissingComponentProperty( property=models.conformance.ComponentProperty.SUPPLIER, index=index, + component=component_friendly_name, ) ) @@ -320,6 +326,7 @@ def ntia_2021_issues( models.conformance.MissingComponentProperty( property=models.conformance.ComponentProperty.NAME, index=index, + component=component_friendly_name, ) ) @@ -328,17 +335,20 @@ def ntia_2021_issues( models.conformance.MissingComponentProperty( property=models.conformance.ComponentProperty.VERSION, index=index, + component=component_friendly_name, ) ) component_cpe_is_none = component.cpe is None component_purl_is_none = component.purl is None component_swid_is_none = component.swid is None - if component_cpe_is_none and component_purl_is_none and component_swid_is_none: + component_type_is_file = component_type == 'file' + if component_cpe_is_none and component_purl_is_none and component_swid_is_none and not component_type_is_file: warnings.append( models.conformance.MissingComponentProperty( property=models.conformance.ComponentProperty.IDENTIFIER, index=index, + component=component_friendly_name, ) ) diff --git a/atr/sbom/models/bom.py b/atr/sbom/models/bom.py index b5c0a4b..1700a6d 100644 --- a/atr/sbom/models/bom.py +++ b/atr/sbom/models/bom.py @@ -28,6 +28,7 @@ class Swid(Lax): class Supplier(Lax): name: str | None = None + url: str | None = None class License(Lax): diff --git a/atr/sbom/models/conformance.py b/atr/sbom/models/conformance.py index 95faaa1..2d14a04 100644 --- a/atr/sbom/models/conformance.py +++ b/atr/sbom/models/conformance.py @@ -57,6 +57,7 @@ class MissingProperty(Strict): class MissingComponentProperty(Strict): kind: Literal["missing_component_property"] = "missing_component_property" property: ComponentProperty + component: str | None = None index: int | None = None def __str__(self) -> str: --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
