sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

fix: SBOM multi-ecosystem support with correct package managers and licenses #8

Merged
sharang merged 2 commits from fix/sbom-package-manager-from-purl into main 2026-03-10 12:37:30 +00:00
Conversation 0 Commits 2 Files Changed 7 +18 -7
2 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 1d861ef8fc - Show all commits

21
compliance-agent/src/pipeline/sbom.rs
View File

@@ -77,13 +77,22 @@ async fn generate_lockfiles(repo_path: &Path) {
tracing::info!("attempting to generate pip requirements for SBOM scan");
if repo_path.join("pyproject.toml").exists() {
let result = tokio::process::Command::new("pip-compile")
.args(["--quiet", "--output-file", "requirements.txt", "pyproject.toml"])
.args([
"--quiet",
"--output-file",
"requirements.txt",
"pyproject.toml",
])
.current_dir(repo_path)
.output()
.await;
match result {
Ok(o) if o.status.success() => tracing::info!("requirements.txt generated via pip-compile"),
_ => tracing::warn!("pip-compile not available or failed, Syft will parse pyproject.toml directly"),
Ok(o) if o.status.success() => {
tracing::info!("requirements.txt generated via pip-compile")
}
_ => tracing::warn!(
"pip-compile not available or failed, Syft will parse pyproject.toml directly"
),
}
}
}
@@ -154,7 +163,11 @@ async fn enrich_cargo_licenses(repo_path: &Path, entries: &mut [SbomEntry]) {
let license_map: std::collections::HashMap<(&str, &str), &str> = meta
.packages
.iter()
.filter_map(|p| p.license.as_deref().map(|l| (p.name.as_str(), p.version.as_str(), l)))
.filter_map(|p| {
p.license
.as_deref()
.map(|l| (p.name.as_str(), p.version.as_str(), l))
})
.map(|(n, v, l)| ((n, v), l))
.collect();

4
compliance-dashboard/src/pages/sbom.rs
View File

@@ -37,9 +37,7 @@ pub fn SbomPage() -> Element {
});
// ── Dynamic filter options (package managers + licenses from DB) ──
let sbom_filters = use_resource(|| async {
fetch_sbom_filters().await.ok()
});
let sbom_filters = use_resource(|| async { fetch_sbom_filters().await.ok() });
// ── SBOM list (filtered) ──
let sbom = use_resource(move || {