From 5035d9ca1a76e163f32f0700b79a538c53b08d7c Mon Sep 17 00:00:00 2001
From: Ahmet Taha <mail@ahmetozdemir.de>
Date: Wed, 13 Sep 2023 19:14:14 +0200
Subject: [PATCH] fix: allow cyclonedx json input with no components (#2127)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Ahmet Taha Özdemir <me@ahoz.de>
---
 syft/formats/common/cyclonedxhelpers/decoder.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/syft/formats/common/cyclonedxhelpers/decoder.go b/syft/formats/common/cyclonedxhelpers/decoder.go
index 741e51ea5..3400cf9ef 100644
--- a/syft/formats/common/cyclonedxhelpers/decoder.go
+++ b/syft/formats/common/cyclonedxhelpers/decoder.go
@@ -27,7 +27,8 @@ func GetValidator(format cyclonedx.BOMFileFormat) sbom.Validator {
 		}
 
 		xmlWithoutNS := format == cyclonedx.BOMFileFormatXML && !strings.Contains(bom.XMLNS, cycloneDXXmlSchema)
-		if (cyclonedx.BOM{} == *bom || bom.Components == nil || xmlWithoutNS) {
+		xmlWithoutComponents := format == cyclonedx.BOMFileFormatXML && bom.Components == nil
+		if (cyclonedx.BOM{} == *bom || xmlWithoutComponents || xmlWithoutNS) {
 			return fmt.Errorf("not a valid CycloneDX document")
 		}
 		return nil