From e5e0bd3cb031c9f22e979a91f513681b24a61a18 Mon Sep 17 00:00:00 2001
From: Waldemar Parzonka <waldemar.parzonka@jitsuin.com>
Date: Fri, 29 Jul 2022 14:25:54 +0100
Subject: [PATCH 1/3] #6211 add alternative version of syft for jar files

---
 scripts/sbom_scraper.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/sbom_scraper.sh b/scripts/sbom_scraper.sh
index b1d6391..6b679a6 100755
--- a/scripts/sbom_scraper.sh
+++ b/scripts/sbom_scraper.sh
@@ -213,7 +213,7 @@ then
     INPUT=$(ls)
     OUTFILE=${INPUT}.${FORMAT}.sbom
     OUTPUT="${TEMPDIR}/${OUTFILE}"
-    syft -q packages --scope all-layers -o "${FORMAT}" "file:${INPUT}" > "${OUTPUT}"
+    syftjar -q packages --scope all-layers -o "${FORMAT}" "file:${INPUT}" > "${OUTPUT}"
     popd > /dev/null
 
     COMPONENT_NAME=$(xq -r .bom.metadata.component.name "$OUTPUT")

From f7821f7aa753cd8b42e997c155c2dfd1964ff308 Mon Sep 17 00:00:00 2001
From: Waldemar Parzonka <waldemar.parzonka@jitsuin.com>
Date: Fri, 29 Jul 2022 18:06:45 +0100
Subject: [PATCH 2/3] #6211 deal with the case we have no metadata in xml

---
 scripts/sbom_scraper.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/sbom_scraper.sh b/scripts/sbom_scraper.sh
index 6b679a6..39eb62e 100755
--- a/scripts/sbom_scraper.sh
+++ b/scripts/sbom_scraper.sh
@@ -403,6 +403,8 @@ et = ET.parse(sys.stdin)
 root = et.getroot()
 
 metadata = root.find('metadata', ns)
+if not metadata:
+    metadata = ET.SubElement(root, 'metadata')
 
 # Add this tool
 tools = metadata.find('tools', ns)

From e79fe24578293d6993071ae0e4fd6391a61615a7 Mon Sep 17 00:00:00 2001
From: Waldemar Parzonka <waldemar.parzonka@jitsuin.com>
Date: Mon, 1 Aug 2022 11:14:06 +0100
Subject: [PATCH 3/3] #6211 make xml modification more resilent

---
 scripts/sbom_scraper.sh | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/scripts/sbom_scraper.sh b/scripts/sbom_scraper.sh
index 39eb62e..11db81a 100755
--- a/scripts/sbom_scraper.sh
+++ b/scripts/sbom_scraper.sh
@@ -410,6 +410,7 @@ if not metadata:
 tools = metadata.find('tools', ns)
 if not tools:
     tools = ET.SubElement(metadata, 'tools')
+
 tool = ET.SubElement(tools, 'tool')
 ET.SubElement(tool, 'vendor').text = '$TOOL_VENDOR'
 ET.SubElement(tool, 'name').text = '$TOOL_NAME'
@@ -428,6 +429,8 @@ ET.SubElement(author, 'name').text = '$AUTHOR_NAME'
 ET.SubElement(author, 'email').text = '$AUTHOR_EMAIL'
 
 component = metadata.find('component', ns)
+if not component:
+    component = ET.SubElement(metadata, 'component')
 
 # Update component publisher and author
 publisher = component.find('publisher', ns)
@@ -438,14 +441,21 @@ publisher.text = '$COMPONENT_AUTHOR_NAME'
 author = component.find('author', ns)
 if not author:
     author = ET.Element('author')
-    component.insert(0, author)
+    component.insert(1, author)
 author.text = '$COMPONENT_AUTHOR_NAME'
 
 # Update component name and version
-component.find('name', ns).text = '$COMPONENT_NAME'
+name = component.find('name', ns)
+if not name:
+    name = ET.SubElement(component, 'name')
+
+name.text = '$COMPONENT_NAME'
 component_version = '$COMPONENT_VERSION'
 if component_version:
-    component.find('version', ns).text = component_version
+    version = component.find('version', ns)
+    if not version:
+        version = ET.SubElement(component, 'version')
+    version.text = component_version
 
 # Update component hash
 component_hash_alg = '${COMPONENT_HASH_ALG}'
@@ -460,7 +470,7 @@ if component_hash_alg:
 supplier = component.find('supplier', ns)
 if not supplier:
     supplier = ET.Element('supplier')
-    component.insert(0, supplier)
+    component.insert(4, supplier)
 ET.SubElement(supplier, 'name').text = '$SUPPLIER_NAME'
 ET.SubElement(supplier, 'url').text = '$SUPPLIER_URL'