From cc15edca622175e89c1675a659bfa021f152cdd4 Mon Sep 17 00:00:00 2001 From: Harippriya Sivapatham <33924695+harippriyas@users.noreply.github.com> Date: Sun, 4 Aug 2024 01:30:55 +0530 Subject: [PATCH] fix: use organization for package supplier when reading Java vendor fields (#3093) Signed-off-by: Harippriya Sivapatham --- .../internal/spdxutil/helpers/originator_supplier.go | 4 ++++ .../internal/spdxutil/helpers/originator_supplier_test.go | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/syft/format/internal/spdxutil/helpers/originator_supplier.go b/syft/format/internal/spdxutil/helpers/originator_supplier.go index 61ebf36753b..d2af96971b3 100644 --- a/syft/format/internal/spdxutil/helpers/originator_supplier.go +++ b/syft/format/internal/spdxutil/helpers/originator_supplier.go @@ -56,6 +56,10 @@ func Originator(p pkg.Package) (typ string, author string) { // nolint: funlen if author == "" { author = metadata.Manifest.Main.MustGet("Implementation-Vendor") } + // Vendor is specified, hence set 'Organization' as the PackageSupplier + if author != "" { + typ = orgType + } } case pkg.LinuxKernelModule: diff --git a/syft/format/internal/spdxutil/helpers/originator_supplier_test.go b/syft/format/internal/spdxutil/helpers/originator_supplier_test.go index 5c46685f2bf..51965925d1c 100644 --- a/syft/format/internal/spdxutil/helpers/originator_supplier_test.go +++ b/syft/format/internal/spdxutil/helpers/originator_supplier_test.go @@ -138,8 +138,8 @@ func Test_OriginatorSupplier(t *testing.T) { }, }, }, - originator: "Person: auth-spec", - supplier: "Person: auth-spec", + originator: "Organization: auth-spec", + supplier: "Organization: auth-spec", }, { name: "from java -- fallback to impl vendor in main manifest section", @@ -155,8 +155,8 @@ func Test_OriginatorSupplier(t *testing.T) { }, }, }, - originator: "Person: auth-impl", - supplier: "Person: auth-impl", + originator: "Organization: auth-impl", + supplier: "Organization: auth-impl", }, { name: "from java -- non-main manifest sections ignored",