feat(cyclonedx): Set basic supplier information

While at it, also set author information for package components. See [1] for context. [1]: #7449 Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
oss-review-toolkit · Dec 10, 2024 · 097eb5d · 097eb5d
1 parent cd6e57e
commit 097eb5d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/plugins/reporters/cyclonedx/src/main/kotlin/BomExtensions.kt b/plugins/reporters/cyclonedx/src/main/kotlin/BomExtensions.kt
@@ -37,6 +37,8 @@ import org.cyclonedx.model.Dependency
 import org.cyclonedx.model.ExtensibleType
 import org.cyclonedx.model.ExternalReference
 import org.cyclonedx.model.LicenseChoice
+import org.cyclonedx.model.OrganizationalContact
+import org.cyclonedx.model.OrganizationalEntity
 import org.cyclonedx.model.vulnerability.Vulnerability.Rating.Method
 
 import org.ossreviewtoolkit.model.Identifier
@@ -118,6 +120,11 @@ internal fun Bom.addComponent(input: ReporterInput, pkg: Package, dependencyType
         name = pkg.id.name
         version = pkg.id.version
 
+        authors = pkg.authors.map { OrganizationalContact().apply { name = it } }
+        supplier = authors.takeUnless { it.isEmpty() }?.let {
+            OrganizationalEntity().apply { contacts = authors }
+        }
+
         description = pkg.description
 
         // TODO: Map package-manager-specific OPTIONAL scopes.

diff --git a/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt b/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt
@@ -32,6 +32,7 @@ import org.cyclonedx.model.ExternalReference
 import org.cyclonedx.model.LicenseChoice
 import org.cyclonedx.model.Metadata
 import org.cyclonedx.model.OrganizationalContact
+import org.cyclonedx.model.OrganizationalEntity
 import org.cyclonedx.model.license.Expression
 import org.cyclonedx.model.metadata.ToolInformation
 
@@ -215,6 +216,10 @@ class CycloneDxReporter(
                             version = project.id.version
 
                             authors = project.authors.map { OrganizationalContact().apply { name = it } }
+                            supplier = authors.takeUnless { it.isEmpty() }?.let {
+                                OrganizationalEntity().apply { contacts = authors }
+                            }
+
                             description = project.description
                         }
                     }