scanoss · francostramana · May 2, 2024 · Apr 30, 2024 · May 2, 2024
diff --git a/dist/index.js b/dist/index.js
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "scanoss-code-scan-action",
   "description": "SCANOSS Code Scan Action",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "author": "SCANOSS",
   "private": true,
   "homepage": "https://github.com/scanoss/code-scan-action/",

diff --git a/src/policies/policy-check.ts b/src/policies/policy-check.ts
@@ -28,7 +28,7 @@
 import { GitHub } from '@actions/github/lib/utils';
 import * as inputs from '../app.input';

 export enum CONCLUSION {
  ActionRequired = 'action_required',
  Cancelled = 'cancelled',
  Failure = 'failure',
@@ -39,7 +39,7 @@
  TimedOut = 'timed_out'
 }

 export enum STATUS {
  UNINITIALIZED = 'UNINITIALIZED',
  INITIALIZED = 'INITIALIZED',
  RUNNING = 'RUNNING',
@@ -49,11 +49,11 @@
 export abstract class PolicyCheck {
   private octokit: InstanceType<typeof GitHub>;
 
-  private checkName: string;
+  protected checkName: string;
 
   private checkRunId: number;
 
  private _raw: any;

  private _status: STATUS;

@@ -67,7 +67,7 @@
    this.checkRunId = -1;
  }

  async start(): Promise<any> {
    const result = await this.octokit.rest.checks.create({
      owner: context.repo.owner,
      repo: context.repo.repo,
@@ -90,7 +90,7 @@
    return this._conclusion;
  }

  get raw(): any {
    return this._raw;
  }

@@ -98,7 +98,7 @@
    return `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}/job/${this.raw.id}`;
  }

  async run(scannerResults: ScannerResults): Promise<void> {
    if (this._status === STATUS.UNINITIALIZED)
      throw new Error(`Error on finish. Policy "${this.checkName}" is not created.`);


diff --git a/src/policies/undeclared-policy-check.ts b/src/policies/undeclared-policy-check.ts
@@ -26,6 +26,7 @@ import { CHECK_NAME } from '../app.config';
 import { ScannerResults } from '../services/result.interfaces';
 import { Component, getComponents } from '../services/result.service';
 import * as inputs from '../app.input';
+import * as core from '@actions/core';
 import { parseSBOM } from '../utils/sbom.utils';
 import { generateTable } from '../utils/markdown.utils';
 
@@ -45,12 +46,20 @@ export class UndeclaredPolicyCheck extends PolicyCheck {
     super.run(scannerResults);
 
     const nonDeclaredComponents: Component[] = [];
+    let declaredComponents: Partial<Component>[] = [];
 
     const comps = getComponents(scannerResults);
-    const sbom = await parseSBOM(inputs.SBOM_FILEPATH);
+
+    // get declared components
+    try {
+      const sbom = await parseSBOM(inputs.SBOM_FILEPATH);
+      declaredComponents = sbom.components || [];
+    } catch (e) {
+      core.info(`Warning on policy check: ${this.checkName}. SBOM file could not be parsed (${inputs.SBOM_FILEPATH})`);
+    }
 
     comps.forEach(c => {
-      if (!sbom.components.some(component => component.purl === c.purl)) {
+      if (!declaredComponents.some(component => component.purl === c.purl)) {
         nonDeclaredComponents.push(c);
       }
     });