@@ -23,23 +23,25 @@ def parse_cyclonedx_json(self, sbom_file):
2323 """parses CycloneDX JSON BOM file extracting package name, version and license"""
2424 data = json .load (open (sbom_file ))
2525 packages = {}
26- for d in data ["components" ]:
27- if d ["type" ] in ["library" , "application" , "operating-system" ]:
28- package = d ["name" ]
29- version = d ["version" ]
30- license = "NOT FOUND"
31- # Multiple ways of defining license data
32- if "licenses" in d and len (d ["licenses" ]) > 0 :
33- license_data = d ["licenses" ][0 ]
34- if "license" in license_data :
35- if "id" in license_data ["license" ]:
36- license = license_data ["license" ]["id" ]
37- elif "name" in license_data ["license" ]:
38- license = license_data ["license" ]["name" ]
39- elif "expression" in license_data :
40- license = license_data ["expression" ]
41- if package not in packages :
42- packages [package ] = [version , license ]
26+ # Check that valid CycloneDX JSON file is being processed
27+ if "components" in data :
28+ for d in data ["components" ]:
29+ if d ["type" ] in ["library" , "application" , "operating-system" ]:
30+ package = d ["name" ]
31+ version = d ["version" ]
32+ license = "NOT FOUND"
33+ # Multiple ways of defining license data
34+ if "licenses" in d and len (d ["licenses" ]) > 0 :
35+ license_data = d ["licenses" ][0 ]
36+ if "license" in license_data :
37+ if "id" in license_data ["license" ]:
38+ license = license_data ["license" ]["id" ]
39+ elif "name" in license_data ["license" ]:
40+ license = license_data ["license" ]["name" ]
41+ elif "expression" in license_data :
42+ license = license_data ["expression" ]
43+ if package not in packages :
44+ packages [package ] = [version , license ]
4345
4446 return packages
4547
0 commit comments