oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: use organization for package supplier when reading Java vendor fields (#3093)

Browse Source 
Signed-off-by: Harippriya Sivapatham <harippriyasivapatham@gmail.com>
This commit is contained in:
Harippriya Sivapatham 2024-08-04 01:30:55 +05:30 committed by GitHub
parent 623532e3ed
commit cc15edca62
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
syft/format/internal/spdxutil/helpers/originator_supplier.go
View File

@ -56,6 +56,10 @@ func Originator(p pkg.Package) (typ string, author string) { // nolint: funlen
if author == "" { if author == "" {
author = metadata.Manifest.Main.MustGet("Implementation-Vendor") author = metadata.Manifest.Main.MustGet("Implementation-Vendor")
} }
// Vendor is specified, hence set 'Organization' as the PackageSupplier
if author != "" {
typ = orgType
}
} }
case pkg.LinuxKernelModule: case pkg.LinuxKernelModule:

8
syft/format/internal/spdxutil/helpers/originator_supplier_test.go
View File

@ -138,8 +138,8 @@ func Test_OriginatorSupplier(t *testing.T) {
}, },
}, },
}, },
originator: "Person: auth-spec", originator: "Organization: auth-spec",
supplier: "Person: auth-spec", supplier: "Organization: auth-spec",
}, },
{ {
name: "from java -- fallback to impl vendor in main manifest section", name: "from java -- fallback to impl vendor in main manifest section",
@ -155,8 +155,8 @@ func Test_OriginatorSupplier(t *testing.T) {
}, },
}, },
}, },
originator: "Person: auth-impl", originator: "Organization: auth-impl",
supplier: "Person: auth-impl", supplier: "Organization: auth-impl",
}, },
{ {
name: "from java -- non-main manifest sections ignored", name: "from java -- non-main manifest sections ignored",