inspect: provide access to multiple spdx documents

Signed-off-by: Justin Chadwell <me@jedevc.com>
2 years ago · 3ce17b01dc
parent e68c566c1c
commit 3ce17b01dc
1 changed files with 7 additions and 4 deletions
--- a/util/imagetools/loader.go
+++ b/util/imagetools/loader.go
@ -255,7 +255,8 @@ func (l *loader) scanConfig(ctx context.Context, fetcher remotes.Fetcher, desc o
 }

 type sbomStub struct {
-	SPDX interface{} `json:",omitempty"`
+	SPDX  interface{}   `json:",omitempty"`
+	SPDXs []interface{} `json:",omitempty"`
 }

 func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
@ -281,10 +282,12 @@ func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *resul
 				if err := json.Unmarshal(dt, &spdx); err != nil {
 					return err
 				}
-				as.sbom = &sbomStub{
-					SPDX: spdx.Predicate,
+
+				if as.sbom == nil {
+					as.sbom = &sbomStub{}
+					as.sbom.SPDX = spdx.Predicate
 				}
-				break
+				as.sbom.SPDXs = append(as.sbom.SPDXs, spdx.Predicate)
 			}
 		}
 	}