Some small fixes in SBOM generation
1) Fix column name typo in compliance metadata db
2) Add new identifier type: Piper
3) Add checking in case some static libraries' soong module could not be identified, which happens on some java static libraries
Test: presubmits
Test: build/soong/tests/sbom_test.sh
Change-Id: I2815ddff5f39b5a562668ac19f694461f8a01cd7
diff --git a/tools/sbom/compliance_metadata.py b/tools/sbom/compliance_metadata.py
index 9910217..aba61a8 100644
--- a/tools/sbom/compliance_metadata.py
+++ b/tools/sbom/compliance_metadata.py
@@ -94,7 +94,7 @@
cursor.close()
rows = []
for m in multi_built_file_modules:
- built_files = m['installed_file'].strip().split(' ')
+ built_files = m['built_file'].strip().split(' ')
for f in built_files:
rows.append((m['module_id'], m['module_name'], m['package'], f))
self.conn.executemany('insert into module_built_file values (?, ?, ?, ?)', rows)
diff --git a/tools/sbom/gen_sbom.py b/tools/sbom/gen_sbom.py
index 756d9db..77bccbb 100644
--- a/tools/sbom/gen_sbom.py
+++ b/tools/sbom/gen_sbom.py
@@ -92,6 +92,7 @@
'SVN',
'Hg',
'Darcs',
+ 'Piper',
'VCS',
'Archive',
'PrebuiltByAlphabet',
@@ -708,7 +709,10 @@
'installed_file': dep_file,
'is_prebuilt_make_module': False
}
- file_metadata.update(db.get_soong_module_of_built_file(dep_file))
+ soong_module = db.get_soong_module_of_built_file(dep_file)
+ if not soong_module:
+ continue
+ file_metadata.update(soong_module)
if is_source_package(file_metadata) or is_prebuilt_package(file_metadata):
add_package_of_file(file_id, file_metadata, doc, report)
else: