diff --git a/src/internal/packager/sbom/catalog.go b/src/internal/packager/sbom/catalog.go index 550a664f47..e0fee676f6 100755 --- a/src/internal/packager/sbom/catalog.go +++ b/src/internal/packager/sbom/catalog.go @@ -236,6 +236,21 @@ func (b *Builder) createFileSBOM(componentSBOM types.ComponentSBOM, component st } for pkg := range cat.Enumerate() { + containsSource := false + + // See if the source locations for this package contain the file Zarf indexed + for _, location := range pkg.Locations.ToSlice() { + if location.RealPath == fileSource.Metadata.Path { + containsSource = true + } + } + + // If the locations do not contain the source file (i.e. the package was inside a tarball), add the file source + if !containsSource { + sourceLocation := source.NewLocation(fileSource.Metadata.Path) + pkg.Locations.Add(sourceLocation) + } + catalog.Add(pkg) } diff --git a/src/internal/packager/sbom/viewer/common.js b/src/internal/packager/sbom/viewer/common.js index b8899688cf..37c63a4e32 100644 --- a/src/internal/packager/sbom/viewer/common.js +++ b/src/internal/packager/sbom/viewer/common.js @@ -9,14 +9,14 @@ const mailtoMaintainerReplace = ` |  $1`; document.body.appendChild(artifactsTable); -function fileList(metadata) { - if (metadata) { - const list = (metadata.files || []).map((file) => file.path || '').filter((test) => test); +function fileList(files, artifactName) { + if (files) { + const list = (files || []).map((file) => file.path || '').filter((test) => test); if (list.length > 0) { flatList = list.sort().join('
'); return `${list.length} files`; } } diff --git a/src/internal/packager/sbom/viewer/compare.js b/src/internal/packager/sbom/viewer/compare.js index 37a42f15dc..27b462d87e 100644 --- a/src/internal/packager/sbom/viewer/compare.js +++ b/src/internal/packager/sbom/viewer/compare.js @@ -87,7 +87,8 @@ function loadDataTable(artifacts, dataTable) { artifact.type, artifact.name, artifact.version, - fileList(artifact.metadata), + fileList(artifact.locations, artifact.name), + (artifact.metadata && fileList(artifact.metadata.files, artifact.name)) || '-', (artifact.metadata && artifact.metadata.description) || '-', ((artifact.metadata && artifact.metadata.maintainer) || '-').replace( /\u003c(.*)\u003e/, @@ -98,7 +99,7 @@ function loadDataTable(artifacts, dataTable) { }); const data = { - headings: ['Difference', 'Type', 'Name', 'Version', 'Files', 'Notes', 'Maintainer', 'Size'], + headings: ['Difference', 'Type', 'Name', 'Version', 'Sources', 'Package Files', 'Notes', 'Maintainer', 'Size'], data: transformedData }; diff --git a/src/internal/packager/sbom/viewer/viewer.js b/src/internal/packager/sbom/viewer/viewer.js index d6b0c8eff6..17475c78d3 100644 --- a/src/internal/packager/sbom/viewer/viewer.js +++ b/src/internal/packager/sbom/viewer/viewer.js @@ -15,7 +15,8 @@ function initData() { artifact.type, artifact.name, artifact.version, - fileList(artifact.metadata), + fileList(artifact.locations, artifact.name), + (artifact.metadata && fileList(artifact.metadata.files, artifact.name)) || '-', (artifact.metadata && artifact.metadata.description) || '-', ((artifact.metadata && artifact.metadata.maintainer) || '-').replace( /\u003c(.*)\u003e/, @@ -26,7 +27,7 @@ function initData() { }); const data = { - headings: ['Type', 'Name', 'Version', 'Files', 'Notes', 'Maintainer', 'Size'], + headings: ['Type', 'Name', 'Version', 'Sources', 'Package Files', 'Notes', 'Maintainer', 'Size'], data: transformedData };