chore:SP-1964 Removes sbom.json feature

README.md

@@ -56,9 +56,6 @@ For example workflow runs, check out our
 | **Parameter**              | **Description**                                                                                                                                          | **Required** | **Default**                          | 
 |----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|--------------------------------------|
 | output.filepath            | Scan output file name.                                                                                                                                   | Optional     | `results.json`                       |
-| sbom.enabled               | Enable or disable scanning based on the SBOM file. 'scanossSettings' must be disabled for sbom file to work.                                             | Optional     | `false`                              |
-| sbom.filepath              | Filepath of the SBOM file to be used for scanning                                                                                                        | Optional     | `sbom.json`                          |
-| sbom.type                  | Type of SBOM operation: either 'identify' or 'ignore                                                                                                     | Optional     | `identify`                           |
 | dependencies.enabled       | Option to enable or disable scanning of dependencies.                                                                                                    | Optional     | `false`                              |
 | dependencies.scope         | Gets development or production dependencies (scopes: prod - dev)                                                                                         | Optional     | -                                    |
 | dependencies.scope.include | Custom list of dependency scopes to be included. Provide scopes as a comma-separated list.                                                               | Optional     | -                                    |
@@ -92,8 +89,8 @@ The SCANOSS Code Scan Action includes two configurable policies:
 1. Copyleft: This policy checks if any component or code snippet is associated with a copyleft license. If such a
    license is detected, the pull request (PR) is rejected. The default list of Copyleft licenses is defined in the following [file](https://github.com/scanoss/gha-code-scan/blob/main/src/utils/license.utils.ts).
 
-2. Undeclared: This policy compares the components detected in the repository against those declared in an sbom.json
-   file (customizable through the sbom.filepath parameter). If there are undeclared components, the PR is rejected.
+2. Undeclared: This policy compares the components detected in the repository against those declared in scanoss.json
+   file (customizable through the settingsFilepath parameter). If there are undeclared components, the PR is rejected.
 
 In this scenario, a classic policy is executed that will fail if copyleft licenses are found within the results:
 
@@ -133,7 +130,7 @@ jobs:
         id: scanoss-code-scan-step
         uses: scanoss/code-scan-action@v0
         with:
-          policies: copyleft, undeclared  #NOTE: undeclared policy requires a sbom.json in the project root
+          policies: copyleft, undeclared 
           dependencies.enabled: true
           # api-url: <YOUR_API_URL>
           # api-key: <YOUR_API_KEY>

__tests__/scan-service.test.ts

@@ -122,7 +122,6 @@ describe('ScanService', () => {
       dependencyScopeInclude: '',
       dependencyScopeExclude: '',
       dependenciesEnabled: true,
-      sbomEnabled: false,
       scanFiles: true,
       skipSnippets: false,
       settingsFilePath: 'scanoss.json',

action.yml

@@ -14,18 +14,6 @@ inputs:
     description: 'Halt if a check fails'
     required: false
     default: true
-  sbom.enabled:
-    description: 'Enable SBOM Identify'
-    required: false
-    default: false
-  sbom.filepath:
-    description: 'SBOM filepath'
-    required: false
-    default: 'sbom.json'
-  sbom.type:
-    description: 'SBOM type (identify | ignore)'
-    required: false
-    default: 'identify'
   api.key:
     description: 'SCANOSS API Key token (optional - not required for default OSSKB URL)'
     required: false

package.json

@@ -1,7 +1,7 @@
 {
   "name": "scanoss-code-scan-action",
   "description": "SCANOSS Code Scan Action",
-  "version": "0.2.3",
+  "version": "1.0.1",
   "author": "SCANOSS",
   "private": true,
   "homepage": "https://github.com/scanoss/code-scan-action/",

src/app.input.ts

@@ -25,9 +25,6 @@ import * as core from '@actions/core';
 
 export const POLICIES = core.getInput('policies');
 export const POLICIES_HALT_ON_FAILURE = core.getInput('policies.halt_on_failure') === 'true';
-export const SBOM_ENABLED = core.getInput('sbom.enabled') === 'true';
-export const SBOM_FILEPATH = core.getInput('sbom.filepath');
-export const SBOM_TYPE = core.getInput('sbom.type');
 export const DEPENDENCIES_ENABLED = core.getInput('dependencies.enabled') === 'true';
 export const DEPENDENCIES_SCOPE = core.getInput('dependencies.scope');
 export const DEPENDENCY_SCOPE_EXCLUDE = core.getInput('dependencies.scope.exclude');

src/services/scan.service.ts

@@ -48,21 +48,6 @@ export async function uploadResults(): Promise<void> {
 }
 
 export interface Options {
-  /**
-   * Whether SBOM ingestion is enabled. Optional.
-   */
-  sbomEnabled?: boolean;
-
-  /**
-   * Specifies the SBOM processing type: "identify" or "ignore". Optional.
-   */
-  sbomType?: string;
-
-  /**
-   * Absolute path to the SBOM file. Required if sbomEnabled is set to true.
-   */
-  sbomFilepath?: string;
-
   /**
    * Enables scanning for dependencies, utilizing scancode internally. Optional.
    */
@@ -161,9 +146,6 @@ export class ScanService {
   private DEFAULT_SETTING_FILE_PATH = 'scanoss.json';
   constructor(options?: Options) {
     this.options = options || {
-      sbomFilepath: inputs.SBOM_FILEPATH,
-      sbomType: inputs.SBOM_TYPE,
-      sbomEnabled: inputs.SBOM_ENABLED,
       apiKey: inputs.API_KEY,
       apiUrl: inputs.API_URL,
       dependenciesEnabled: inputs.DEPENDENCIES_ENABLED,
@@ -344,13 +326,8 @@ export class ScanService {
    * @private
    */
   private async detectSBOM(): Promise<string[]> {
-    if (this.options.scanossSettings && this.options.sbomEnabled) {
-      core.warning(`sbom and SCANOSS settings cannot be both enabled`);
-    }
-
     // Overrides sbom file if is set
     if (this.options.scanossSettings) {
-      core.debug(`[SCANOSS SETTINGS ENABLED] ${this.options.sbomFilepath}, ${this.options.sbomFilepath}`);
       try {
         await fs.promises.access(this.options.settingsFilePath, fs.constants.F_OK);
         return ['--settings', this.options.settingsFilePath];
@@ -361,17 +338,7 @@ export class ScanService {
         return [];
       }
     }
-
-    if (!this.options.sbomEnabled || !this.options.sbomFilepath) return [];
-    core.debug(`[SBOM ENABLED] ${this.options.sbomFilepath}, ${this.options.sbomFilepath}`);
-    try {
-      await fs.promises.access(this.options.sbomFilepath, fs.constants.F_OK);
-      core.debug(`[SBOM ENABLED] - Adding sbom to scan parameters`);
-      return [`--${this.options.sbomType?.toLowerCase()}`, this.options.sbomFilepath];
-    } catch (error: any) {
-      core.error(error.message);
-      return [];
-    }
+    return [];
   }
 
   private async parseResult(): Promise<ScannerResults> {