From 3ce17b01dc614f4224d7f13a993b6ba235dfdab9 Mon Sep 17 00:00:00 2001
From: Justin Chadwell <me@jedevc.com>
Date: Mon, 9 Jan 2023 18:15:01 +0000
Subject: [PATCH] inspect: provide access to multiple spdx documents

Signed-off-by: Justin Chadwell <me@jedevc.com>
---
 util/imagetools/loader.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/util/imagetools/loader.go b/util/imagetools/loader.go
index 076db5f2..dc5a3163 100644
--- a/util/imagetools/loader.go
+++ b/util/imagetools/loader.go
@@ -255,7 +255,8 @@ func (l *loader) scanConfig(ctx context.Context, fetcher remotes.Fetcher, desc o
 }
 
 type sbomStub struct {
-	SPDX interface{} `json:",omitempty"`
+	SPDX  interface{}   `json:",omitempty"`
+	SPDXs []interface{} `json:",omitempty"`
 }
 
 func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
@@ -281,10 +282,12 @@ func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *resul
 				if err := json.Unmarshal(dt, &spdx); err != nil {
 					return err
 				}
-				as.sbom = &sbomStub{
-					SPDX: spdx.Predicate,
+
+				if as.sbom == nil {
+					as.sbom = &sbomStub{}
+					as.sbom.SPDX = spdx.Predicate
 				}
-				break
+				as.sbom.SPDXs = append(as.sbom.SPDXs, spdx.Predicate)
 			}
 		}
 	}