Fix sbom scanning code (#360)

Bug in sbom scanning code to quit immediately after successfully parsing but not finding any packages, rather than trying all formats.
google · Apr 26, 2023 · c6d02d1 · c6d02d1
1 parent 10f7408
commit c6d02d1
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go
@@ -261,14 +261,17 @@ func scanSBOMFile(r reporter.Reporter, query *osv.BatchedQuery, path string, fro
 			return nil
 		})
 		if err == nil {
-			// Found the right format.
+			// Found a parsable format.
 			if count == 0 {
-				return sbom.InvalidFormatError{
+				// But no entries found, so maybe not the correct format
+				errs = append(errs, sbom.InvalidFormatError{
 					Msg: "no Package URLs found",
 					Errs: []error{
 						fmt.Errorf("scanned %s as %s SBOM, but failed to find any package URLs, this is required to scan SBOMs", path, provider.Name()),
 					},
-				}
+				})
+
+				continue
 			}
 			r.PrintText(fmt.Sprintf("Scanned %s as %s SBOM and found %d packages\n", path, provider.Name(), count))
 			if ignoredCount > 0 {