in pkg/sbom.go [65:91]
func getSPDXDocumentFromSBOMBytes(sbomBytes []byte, strict bool) (*SPDXDocument, error) {
var jsonDoc map[string]interface{}
err := json.Unmarshal(sbomBytes, &jsonDoc)
if err != nil {
return nil, fmt.Errorf("error unmarshaling SBOM bytes: %w", err)
}
version, ok := jsonDoc["spdxVersion"].(string)
if !ok {
return nil, fmt.Errorf("SBOM does not contain spdxVersion field")
}
sbomReader := bytes.NewReader(sbomBytes)
doc, err := spdxjson.Read(sbomReader)
if err != nil && !strict {
fmt.Printf("Warning: error parsing SPDX document: %v. Falling back to simple JSON parsing.\n", err)
doc, err = GetSBOMFromMap(jsonDoc)
if err != nil {
return nil, fmt.Errorf("error parsing SPDX document from map: %w", err)
}
}
if err != nil && strict {
return nil, fmt.Errorf("error parsing SPDX document: %w", err)
}
return &SPDXDocument{Version: version, Document: doc}, nil
}