fix: license handling in CycloneDX

anthonyharrison · anthonyharrison · commit bf7c89adf791 · 2024-08-29T16:44:27.000+01:00
diff --git a/sbomdiff/cyclonedx_parser.py b/sbomdiff/cyclonedx_parser.py
@@ -34,8 +34,9 @@ def parse_cyclonedx_json(self, sbom_file):
                     # Multiple ways of defining license data
                     if "licenses" in d and len(d["licenses"]) > 0:
                         license_data = d["licenses"][0]
-                    elif "evidence" in d and len(d["evidence"]["licenses"]) > 0:
-                        license_data = d["evidence"]["licenses"][0]
+                    elif "evidence" in d:
+                        if "licenses" in d["evidence"]:
+                            license_data = d["evidence"]["licenses"]
                     if license_data is not None:
                         license = None
                         if "license" in license_data:
