create isoccur for top level package when artifact is found (#2137)

pxp928 · web-flow · commit f5e60a9d81b3 · 2024-09-19T05:39:28.000Z
Signed-off-by: pxp928 &lt;parth.psu@gmail.com&gt;
diff --git a/internal/testing/testdata/testdata.go b/internal/testing/testdata/testdata.go
@@ -1127,6 +1127,16 @@ var (
 	}
 
 	CdxIngestionPredicates = assembler.IngestPredicates{
+		IsOccurrence: []assembler.IsOccurrenceIngest{
+			{
+				Pkg: cdxTopLevelPack,
+				Artifact: &model.ArtifactInputSpec{
+					Algorithm: "sha256",
+					Digest:    "6ad5b696af3ca05a048bd29bf0f623040462638cb0b29c8d702cbb2805687388",
+				},
+				IsOccurrence: isOccurrenceJustifyTopPkg,
+			},
+		},
 		IsDependency: CdxDeps,
 		HasSBOM:      CdxHasSBOM,
 	}
diff --git a/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go b/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
@@ -387,6 +387,8 @@ func (c *cyclonedxParser) GetPredicates(ctx context.Context) *assembler.IngestPr
 					logger.Infof("CDX artifact was not parsable: %v", err)
 				} else {
 					topLevelArts = append(topLevelArts, artInput)
+					// append to packageArtifacts so that isOccurrence is created
+					c.packageArtifacts[c.cdxBom.Metadata.Component.BOMRef] = append(c.packageArtifacts[c.cdxBom.Metadata.Component.BOMRef], artInput)
 					logger.Infof("getArtInput %v", artInput)
 				}
 			}

Original file line number	Diff line number	Diff line change
`@@ -387,6 +387,8 @@ func (c cyclonedxParser) GetPredicates(ctx context.Context) assembler.IngestPr`
`387`	`387`	`logger.Infof("CDX artifact was not parsable: %v", err)`
`388`	`388`	`} else {`
`389`	`389`	`topLevelArts = append(topLevelArts, artInput)`
	`390`	`+ // append to packageArtifacts so that isOccurrence is created`
	`391`	`+ c.packageArtifacts[c.cdxBom.Metadata.Component.BOMRef] = append(c.packageArtifacts[c.cdxBom.Metadata.Component.BOMRef], artInput)`
`390`	`392`	`logger.Infof("getArtInput %v", artInput)`
`391`	`393`	`}`
`392`	`394`	`}`