adding some more error handling for when trivy glitches out on their …

…licensing
WarnerMedia · Dec 16, 2024 · ef40d6e · ef40d6e
1 parent 7cfadd2
commit ef40d6e
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/backend/engine/processor/sbom_cdx.py b/backend/engine/processor/sbom_cdx.py
@@ -49,9 +49,10 @@ def process_dependency(dep: dict, scan: Scan) -> None:
         # Add the license object to the list for this component
         licenses.append(license_obj_cache[license_id])
 
+    # Logging when a component has more than 15 licenses, as that is usually caused by a bug by Trivy
+    if len(licenses) > 15:
+        logger.error(f"{component} potentially contains incorrect license information")
     # Update the component's set of licenses
-    if len(licenses) > 20:
-        logger.error(f"too many license reported: {licenses}")
     if licenses:
         component.licenses.set(licenses)