diff --git a/internal/formats/common/spdxhelpers/to_syft_model.go b/internal/formats/common/spdxhelpers/to_syft_model.go index 57dbe3692..f71e63573 100644 --- a/internal/formats/common/spdxhelpers/to_syft_model.go +++ b/internal/formats/common/spdxhelpers/to_syft_model.go @@ -322,13 +322,17 @@ func extractMetadata(p *spdx.Package2_2, info pkgInfo) (pkg.MetadataType, interf } else { epoch = &converted } + license := p.PackageLicenseDeclared + if license == "" { + license = p.PackageLicenseConcluded + } return pkg.RpmdbMetadataType, pkg.RpmdbMetadata{ Name: p.PackageName, Version: p.PackageVersion, Epoch: epoch, Arch: arch, SourceRpm: upstreamValue, - License: p.PackageLicenseConcluded, + License: license, Vendor: p.PackageOriginatorOrganization, } case pkg.DebPkg: diff --git a/syft/pkg/cataloger/rpmdb/parse_rpmdb.go b/syft/pkg/cataloger/rpmdb/parse_rpmdb.go index 10b3b6c4c..d3ec6e205 100644 --- a/syft/pkg/cataloger/rpmdb/parse_rpmdb.go +++ b/syft/pkg/cataloger/rpmdb/parse_rpmdb.go @@ -92,6 +92,10 @@ func newPkg(resolver source.FilePathResolver, dbLocation source.Location, entry Metadata: metadata, } + if entry.License != "" { + p.Licenses = append(p.Licenses, entry.License) + } + p.SetID() return &p, nil } diff --git a/syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go b/syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go index d378e36e9..659c6d898 100644 --- a/syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go +++ b/syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go @@ -75,6 +75,7 @@ func TestParseRpmDB(t *testing.T) { FoundBy: catalogerName, Type: pkg.RpmPkg, MetadataType: pkg.RpmdbMetadataType, + Licenses: []string{"MIT"}, Metadata: pkg.RpmdbMetadata{ Name: "dive", Epoch: nil, @@ -102,6 +103,7 @@ func TestParseRpmDB(t *testing.T) { FoundBy: catalogerName, Type: pkg.RpmPkg, MetadataType: pkg.RpmdbMetadataType, + Licenses: []string{"MIT"}, Metadata: pkg.RpmdbMetadata{ Name: "dive", Epoch: nil,