Add support when the "components" entry is missing #1727

Signed-off-by: tdruez <[email protected]>

Author: tdruez

scanpipe/pipes/cyclonedx.py

@@ -285,7 +285,7 @@ def is_empty(value):
         elif isinstance(value, list) and not any(value):
             return True
 
-    for component in cyclonedx_document_json["components"]:
+    for component in cyclonedx_document_json.get("components", []):
         for property_name, property_value in component.items():
             if is_empty(property_value) or property_name in ignored_properties:
                 entries_to_delete.append((component, property_name))

scanpipe/tests/data/cyclonedx/missing_components.json

@@ -0,0 +1,21 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:b74fe5df-e965-415e-ba65-f38421a0695d",
+  "version": 1,
+  "metadata": {
+    "component": {
+      "bom-ref": "804c3391-e6f9-415f-bb7a-cb6653853a46",
+      "name": "name",
+      "type": "library"
+    },
+    "timestamp": "2024-03-07T17:05:37.329061+00:00",
+    "tools": [
+      {
+        "name": "ScanCode.io",
+        "version": "0.0.0"
+      }
+    ]
+  }
+}

scanpipe/tests/pipes/test_cyclonedx.py

@@ -270,6 +270,11 @@ def test_scanpipe_cyclonedx_resolve_cyclonedx_packages_pre_validation(self):
         expected = [{"name": "asgiref", "package_uid": "pkg:pypi/[email protected]"}]
         self.assertEqual(expected, package_data)
 
+    def test_scanpipe_cyclonedx_resolve_cyclonedx_packages_missing_components(self):
+        input_location = self.data / "missing_components.json"
+        package_data = cyclonedx.resolve_cyclonedx_packages(input_location)
+        self.assertEqual([], package_data)
+
     def test_scanpipe_cyclonedx_cleanup_components_properties(self):
         cyclonedx_document_json = {
             "components": [