From ef40d6e89012428ea85d85625349e4f9ba6f4fca Mon Sep 17 00:00:00 2001 From: faizanH Date: Mon, 16 Dec 2024 13:32:26 -0500 Subject: [PATCH] adding some more error handling for when trivy glitches out on their licensing --- backend/engine/processor/sbom_cdx.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/backend/engine/processor/sbom_cdx.py b/backend/engine/processor/sbom_cdx.py index b7a5583d..5d5f2e60 100644 --- a/backend/engine/processor/sbom_cdx.py +++ b/backend/engine/processor/sbom_cdx.py @@ -49,9 +49,10 @@ def process_dependency(dep: dict, scan: Scan) -> None: # Add the license object to the list for this component licenses.append(license_obj_cache[license_id]) + # Logging when a component has more than 15 licenses, as that is usually caused by a bug by Trivy + if len(licenses) > 15: + logger.error(f"{component} potentially contains incorrect license information") # Update the component's set of licenses - if len(licenses) > 20: - logger.error(f"too many license reported: {licenses}") if licenses: component.licenses.set(licenses)