Merge remote-tracking branch 'upstream/main' into group-json-output

google · Dec 11, 2022 · 25916f4 · 25916f4
2 parents 55afa55 + 4452f8c
commit 25916f4
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/internal/sbom/cyclonedx.go b/internal/sbom/cyclonedx.go
@@ -2,6 +2,7 @@ package sbom
 
 import (
 	"io"
+	"strings"
 
 	"github.com/CycloneDX/cyclonedx-go"
 )
@@ -35,12 +36,12 @@ func (c *CycloneDX) enumeratePackages(bom *cyclonedx.BOM, callback func(Identifi
 
 func (c *CycloneDX) GetPackages(r io.ReadSeeker, callback func(Identifier) error) error {
 	var bom cyclonedx.BOM
-
+	
 	for _, formatType := range cycloneDXTypes {
 		r.Seek(0, io.SeekStart)
 		decoder := cyclonedx.NewBOMDecoder(r, formatType)
 		err := decoder.Decode(&bom)
-		if err == nil && bom.BOMFormat == "CycloneDX" {
+		if err == nil && (bom.BOMFormat == "CycloneDX" || strings.HasPrefix(bom.XMLNS, "http://cyclonedx.org/schema/bom")) {
 			return c.enumeratePackages(&bom, callback)
 		}
 	}