Skip to content

Commit b0c96e8

Browse files
garethrgarethr
committed
Use the new license expression data from the API
This fixes the issue where license information wasn't normalised. It's currently just grabbing the first record. Need to deal with the corner case of multiple expressions.
1 parent 2a358e4 commit b0c96e8

File tree

6 files changed

+381
-9
lines changed

6 files changed

+381
-9
lines changed

ecosystems/packages/packages.go

+3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ecosystems/repos/repos.go

+244-2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/enrich.go

+6-3
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,12 @@ func EnrichSBOM(bom *cdx.BOM) *cdx.BOM {
2626
if packageData.Description != nil {
2727
component.Description = *packageData.Description
2828
}
29-
if packageData.Licenses != nil {
30-
licences := cdx.LicenseChoice{Expression: *packageData.Licenses}
31-
component.Licenses = &cdx.Licenses{licences}
29+
if packageData.NormalizedLicenses != nil {
30+
if len(packageData.NormalizedLicenses) > 0 {
31+
expression := packageData.NormalizedLicenses[0]
32+
licences := cdx.LicenseChoice{Expression: expression}
33+
component.Licenses = &cdx.Licenses{licences}
34+
}
3235
}
3336
}
3437
}

0 commit comments

Comments
 (0)