Fix failing tests #1145

Signed-off-by: tdruez <tdruez@nexb.com>

scanpipe/pipes/cyclonedx.py

@@ -153,12 +153,14 @@ def is_cyclonedx_bom(input_location):
 def cyclonedx_component_to_package_data(cdx_component, dependencies=None):
     """Return package_data from CycloneDX component."""
     dependencies = dependencies or {}
+    extra_data = {}
 
     # Store the original bom_ref and dependencies for future processing.
     bom_ref = str(cdx_component.bom_ref)
-    extra_data = {"bom_ref": bom_ref}
-    if depends_on := dependencies.get(bom_ref):
-        extra_data["depends_on"] = depends_on
+    if bom_ref:
+        extra_data["bom_ref"] = bom_ref
+        if depends_on := dependencies.get(bom_ref):
+            extra_data["depends_on"] = depends_on
 
     package_url_dict = {}
     if cdx_component.purl:

scanpipe/tests/pipes/test_cyclonedx.py

@@ -167,6 +167,7 @@ def test_scanpipe_cyclonedx_component_to_package_data(self):
             "extracted_license_statement": "OFL-1.1\nApache-2.0",
             "version": "0.10.2",
             "extra_data": {
+                "bom_ref": "pkg:pypi/toml@0.10.2?extension=tar.gz",
                 "externalReferences": {
                     "advisories": ["https://cyclonedx.org/advisories"],
                     "bom": ["https://cyclonedx.org/bom"],
@@ -241,7 +242,10 @@ def test_scanpipe_cyclonedx_resolve_cyclonedx_packages_pre_validation(self):
         # by the pre-validation cleanup.
         input_location = self.data / "broken_sbom.json"
         package_data = cyclonedx.resolve_cyclonedx_packages(input_location)
-        self.assertEqual([{"name": "asgiref"}], package_data)
+        self.assertEqual(
+            [{"extra_data": {"bom_ref": "pkg:pypi/asgiref@3.3.0"}, "name": "asgiref"}],
+            package_data,
+        )
 
     def test_scanpipe_cyclonedx_cleanup_components_properties(self):
         cyclonedx_document_json = {