⭐️ support cnquery sbom with shell (#5782)

chris-rock · web-flow · commit 6f6e456774b1 · 2025-07-15T13:56:28.000+02:00
diff --git a/providers/sbom.go b/providers/sbom.go
@@ -95,6 +95,7 @@ func (s *sbomProviderService) Connect(req *plugin.ConnectReq, callback plugin.Pr
 		sbom.NewCycloneDX(sbom.FormatCycloneDxXML),
 		sbom.NewSPDX(sbom.FormatSpdxTagValue),
 		sbom.NewSPDX(sbom.FormatSpdxJSON),
+		sbom.New(sbom.FormatJson),
 	)
 
 	var sbomReport *sbom.Sbom
diff --git a/sbom/cnquery_bom.go b/sbom/cnquery_bom.go
@@ -5,6 +5,7 @@ package sbom
 
 import (
 	"encoding/json"
+	"fmt"
 	"io"
 )
 
@@ -54,5 +55,10 @@ func (ccx *CnqueryBOM) Parse(r io.Reader) (*Sbom, error) {
 		return nil, err
 	}
 
+	// Test if the SBOM has a valid structure
+	if s.Asset == nil {
+		return nil, fmt.Errorf("unable to parse cnquery SBOM: missing asset information")
+	}
+
 	return &s, nil
 }
diff --git a/sbom/spdx.go b/sbom/spdx.go
@@ -168,13 +168,13 @@ func (s *Spdx) Parse(r io.Reader) (*Sbom, error) {
 	// try to parse all supported SPDX format
 	if s.Format == FormatSpdxTagValue {
 		doc, err := tagvalue.Read(r)
-		if err == nil {
+		if err == nil && doc.SPDXVersion != "" {
 			return s.convertToSbom(doc), nil
 		}
 	} else if s.Format == FormatSpdxJSON {
 		var doc spdx.Document
 		err := json.NewDecoder(r).Decode(&doc)
-		if err == nil {
+		if err == nil && doc.SPDXVersion != "" {
 			return s.convertToSbom(&doc), nil
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -95,6 +95,7 @@ func (s sbomProviderService) Connect(req plugin.ConnectReq, callback plugin.Pr`
`95`	`95`	`sbom.NewCycloneDX(sbom.FormatCycloneDxXML),`
`96`	`96`	`sbom.NewSPDX(sbom.FormatSpdxTagValue),`
`97`	`97`	`sbom.NewSPDX(sbom.FormatSpdxJSON),`
	`98`	`+ sbom.New(sbom.FormatJson),`
`98`	`99`	`)`
`99`	`100`
`100`	`101`	`var sbomReport *sbom.Sbom`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ package sbom`
`5`	`5`
`6`	`6`	`import (`
`7`	`7`	`"encoding/json"`
	`8`	`+ "fmt"`
`8`	`9`	`"io"`
`9`	`10`	`)`
`10`	`11`
`@@ -54,5 +55,10 @@ func (ccx CnqueryBOM) Parse(r io.Reader) (Sbom, error) {`
`54`	`55`	`return nil, err`
`55`	`56`	`}`
`56`	`57`
	`58`	`+ // Test if the SBOM has a valid structure`
	`59`	`+ if s.Asset == nil {`
	`60`	`+ return nil, fmt.Errorf("unable to parse cnquery SBOM: missing asset information")`
	`61`	`+ }`
	`62`	`+`
`57`	`63`	`return &s, nil`
`58`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -168,13 +168,13 @@ func (s Spdx) Parse(r io.Reader) (Sbom, error) {`
`168`	`168`	`// try to parse all supported SPDX format`
`169`	`169`	`if s.Format == FormatSpdxTagValue {`
`170`	`170`	`doc, err := tagvalue.Read(r)`
`171`		`- if err == nil {`
	`171`	`+ if err == nil && doc.SPDXVersion != "" {`
`172`	`172`	`return s.convertToSbom(doc), nil`
`173`	`173`	`}`
`174`	`174`	`} else if s.Format == FormatSpdxJSON {`
`175`	`175`	`var doc spdx.Document`
`176`	`176`	`err := json.NewDecoder(r).Decode(&doc)`
`177`		`- if err == nil {`
	`177`	`+ if err == nil && doc.SPDXVersion != "" {`
`178`	`178`	`return s.convertToSbom(&doc), nil`
`179`	`179`	`}`
`180`	`180`	`}`