@@ -725,6 +725,10 @@ def to_spdx(project, include_files=False):
725725 discoveredpackage_qs = get_queryset (project , "discoveredpackage" )
726726 discovereddependency_qs = get_queryset (project , "discovereddependency" )
727727
728+ packages_as_spdx = []
729+ license_expressions = []
730+ relationships = []
731+
728732 project_inputs_as_spdx_packages = get_inputs_as_spdx_packages (project )
729733
730734 # Use the Project's input(s) as the root element(s) that the SPDX document
@@ -734,25 +738,24 @@ def to_spdx(project, include_files=False):
734738 # See https://github.com/spdx/spdx-spec/issues/395 and
735739 # https://github.com/aboutcode-org/scancode.io/issues/564#issuecomment-3269296563
736740 # for detailed context.
737- describes = [
738- input_as_spdx_package .spdx_id
739- for input_as_spdx_package in project_inputs_as_spdx_packages
740- ]
741- packages_as_spdx = project_inputs_as_spdx_packages
741+ if project_inputs_as_spdx_packages :
742+ packages_as_spdx .extend (project_inputs_as_spdx_packages )
743+ describes = [
744+ input_as_spdx_package .spdx_id
745+ for input_as_spdx_package in project_inputs_as_spdx_packages
746+ ]
742747
743- # Fallback to the Project as the SPDX root element for the "documentDescribes"
744- if not project_inputs_as_spdx_packages :
748+ # Fallback to the Project as the SPDX root element for the "documentDescribes",
749+ # if not inputs are available.
750+ else :
745751 project_as_root_package = spdx .Package (
746752 spdx_id = f"SPDXRef-scancodeio-project-{ project .uuid } ,
747753 name = project .name ,
748754 files_analyzed = True ,
749755 )
750- packages_as_spdx = [ project_as_root_package ]
756+ packages_as_spdx . append ( project_as_root_package )
751757 describes = [project_as_root_package .spdx_id ]
752758
753- license_expressions = []
754- relationships = []
755-
756759 for package in discoveredpackage_qs :
757760 spdx_package = package .as_spdx ()
758761 packages_as_spdx .append (spdx_package )
0 commit comments