[GH] SBOM report updates (tooling-trusted-releases)

Fri, 12 Dec 2025 07:05:30 -0800 


sbp commented on code in PR #418:
URL: 
https://github.com/apache/tooling-trusted-releases/pull/418#discussion_r2611677607


##########
atr/sbom/conformance.py:
##########
@@ -289,7 +289,8 @@ def ntia_2021_issues(
             cpe_is_none = bom_value.metadata.component.cpe is None
             purl_is_none = bom_value.metadata.component.purl is None
             swid_is_none = bom_value.metadata.component.swid is None
-            if cpe_is_none and purl_is_none and swid_is_none:
+            type_is_file = bom_value.metadata.component.type == "file"
+            if cpe_is_none and purl_is_none and swid_is_none and not 
type_is_file:

Review Comment:
   Needs parentheses around `not type_is_file`.



##########
atr/sbom/conformance.py:
##########
@@ -328,17 +335,20 @@ def ntia_2021_issues(
                 models.conformance.MissingComponentProperty(
                     property=models.conformance.ComponentProperty.VERSION,
                     index=index,
+                    component=component_friendly_name,
                 )
             )
 
         component_cpe_is_none = component.cpe is None
         component_purl_is_none = component.purl is None
         component_swid_is_none = component.swid is None
-        if component_cpe_is_none and component_purl_is_none and 
component_swid_is_none:
+        component_type_is_file = component_type == "file"
+        if component_cpe_is_none and component_purl_is_none and 
component_swid_is_none and not component_type_is_file:

Review Comment:
   Needs parentheses around `not component_type_is_file`.



##########
atr/get/sbom.py:
##########
@@ -194,10 +194,12 @@ def _vulnerability_component_details(block: htm.Block, 
component: results.OSVCom
     for vuln in component.vulnerabilities:
         vuln_id = vuln.get("id", "Unknown")
         vuln_summary = vuln.get("summary", "No summary available")
+        vuln_refs = [r for r in vuln.get("references", []) if r.get("type", 
"") == "WEB"]
+        vuln_primary_ref = vuln_refs[0] if len(vuln_refs) > 0 else {}

Review Comment:
   Needs parentheses around `len(vuln_refs) > 0`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to