feat(python): Include Conda packages in SBOMs (#3379)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
2025-12-22 15:16:33 -08:00 · 2023-01-10 06:11:17 -08:00
parent fbd8a13d54
commit b88bccae6e
23 changed files with 677 additions and 31 deletions
--- a/integration/fs_test.go
+++ b/integration/fs_test.go
@@ -28,6 +28,8 @@ func TestFilesystem(t *testing.T) {
 		helmValuesFile []string
 		skipFiles      []string
 		skipDirs       []string
+		command        string
+		format         string
 	}
 	tests := []struct {
 		name   string
@@ -263,6 +265,24 @@ func TestFilesystem(t *testing.T) {
 			},
 			golden: "testdata/secrets.json.golden",
 		},
+		{
+			name: "conda generating CycloneDX SBOM",
+			args: args{
+				command: "rootfs",
+				format:  "cyclonedx",
+				input:   "testdata/fixtures/fs/conda",
+			},
+			golden: "testdata/conda-cyclonedx.json.golden",
+		},
+		{
+			name: "conda generating SPDX SBOM",
+			args: args{
+				command: "rootfs",
+				format:  "spdx-json",
+				input:   "testdata/fixtures/fs/conda",
+			},
+			golden: "testdata/conda-spdx.json.golden",
+		},
 	}

 	// Set up testing DB
@@ -273,9 +293,24 @@ func TestFilesystem(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+
+			command := "fs"
+			if tt.args.command != "" {
+				command = tt.args.command
+			}
+
+			format := "json"
+			if tt.args.format != "" {
+				format = tt.args.format
+			}
+
 			osArgs := []string{
-				"-q", "--cache-dir", cacheDir, "fs", "--skip-db-update", "--skip-policy-update",
-				"--format", "json", "--offline-scan", "--security-checks", tt.args.securityChecks,
+				"-q", "--cache-dir", cacheDir, command, "--skip-db-update", "--skip-policy-update",
+				"--format", format, "--offline-scan",
+			}
+
+			if tt.args.securityChecks != "" {
+				osArgs = append(osArgs, "--security-checks", tt.args.securityChecks)
 			}

 			if len(tt.args.policyPaths) != 0 {
@@ -353,7 +388,16 @@ func TestFilesystem(t *testing.T) {
 			require.NoError(t, err)

 			// Compare want and got
-			compareReports(t, tt.golden, outputFile)
+			switch format {
+			case "cyclonedx":
+				compareCycloneDX(t, tt.golden, outputFile)
+			case "spdx-json":
+				compareSpdxJson(t, tt.golden, outputFile)
+			case "json":
+				compareReports(t, tt.golden, outputFile)
+			default:
+				require.Fail(t, "invalid format", "format: %s", format)
+			}
 		})
 	}
 }