From 47bc466f07e896f92798f9e62ef4a8a5a0cf0743 Mon Sep 17 00:00:00 2001
From: bd-spratikbharti <spratikbharti@blackduck.com>
Date: Fri, 24 Apr 2026 15:06:43 +0530
Subject: [PATCH] Allow Setuptools detector to succeed with empty BOM when no
 dependencies found

---
 .../setuptools/SetupToolsExtractUtils.java            | 11 ++++++++---
 .../buildless/SetupToolsBuildlessDetectable.java      | 11 +++--------
 .../setuptools/parse/SetupToolsTomlParser.java        |  4 ++++
 .../setuptools/tbuild/SetupToolsBuildDetectable.java  |  9 ++-------
 4 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/SetupToolsExtractUtils.java b/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/SetupToolsExtractUtils.java
index e39c25618e..85703f0b14 100644
--- a/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/SetupToolsExtractUtils.java
+++ b/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/SetupToolsExtractUtils.java
@@ -6,6 +6,8 @@
 import java.util.List;
 
 import org.apache.commons.io.FileUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.tomlj.Toml;
 import org.tomlj.TomlArray;
 import org.tomlj.TomlParseResult;
@@ -19,7 +21,9 @@
 import com.blackduck.integration.detectable.detectables.setuptools.parse.SetupToolsTomlParser;
 
 public class SetupToolsExtractUtils {
-    
+
+    private static final Logger logger = LoggerFactory.getLogger(SetupToolsExtractUtils.class);
+
     private static final String BUILD_KEY = "build-system.requires";
     private static final String REQUIRED_KEY = "setuptools";
     private static final String TOML_DEPENDENCIES = "project.dependencies";
@@ -87,7 +91,8 @@ public static SetupToolsParser resolveSetupToolsParser(TomlParseResult parsedTom
                 return cfgParser;
             }
         }
-        
-        return null;
+
+        logger.warn("No dependencies found in pyproject.toml, setup.cfg, or setup.py. An empty BOM will be generated.");
+        return new SetupToolsTomlParser(parsedToml);
     }
 }
diff --git a/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/buildless/SetupToolsBuildlessDetectable.java b/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/buildless/SetupToolsBuildlessDetectable.java
index fee1d6a52e..42306905c7 100644
--- a/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/buildless/SetupToolsBuildlessDetectable.java
+++ b/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/buildless/SetupToolsBuildlessDetectable.java
@@ -21,7 +21,6 @@
 import com.blackduck.integration.detectable.detectable.result.DetectableResult;
 import com.blackduck.integration.detectable.detectable.result.ExceptionDetectableResult;
 import com.blackduck.integration.detectable.detectable.result.PassedDetectableResult;
-import com.blackduck.integration.detectable.detectable.result.SetupToolsNoDependenciesDetectableResult;
 import com.blackduck.integration.detectable.detectable.result.SetupToolsRequiresNotFoundDetectableResult;
 import com.blackduck.integration.detectable.detectables.setuptools.SetupToolsExtractUtils;
 import com.blackduck.integration.detectable.detectables.setuptools.SetupToolsExtractor;
@@ -75,14 +74,10 @@ public DetectableResult applicable() {
 
     @Override
     public DetectableResult extractable() throws DetectableException {
-        try {            
-            // Ensure dependencies/requirements are specified in a toml, cfg, or py file.
+        try {
+            // Resolve the appropriate parser for dependencies (toml, cfg, or py file).
             setupToolsParser = SetupToolsExtractUtils.resolveSetupToolsParser(parsedToml, fileFinder, environment);
-            
-            if (setupToolsParser == null) {
-               return new SetupToolsNoDependenciesDetectableResult(); 
-            }
-            
+
             return new PassedDetectableResult();
         } catch (Exception e) {
             return new ExceptionDetectableResult(e);
diff --git a/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/parse/SetupToolsTomlParser.java b/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/parse/SetupToolsTomlParser.java
index d8bfd97fa9..5785084d05 100644
--- a/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/parse/SetupToolsTomlParser.java
+++ b/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/parse/SetupToolsTomlParser.java
@@ -33,6 +33,10 @@ public List<PythonDependency> parseDirectDependencies(TomlParseResult tomlParseR
 
         TomlArray dependencies = tomlParseResult.getArray("project.dependencies");
 
+        if (dependencies == null || dependencies.isEmpty()) {
+            return results;
+        }
+
         for (int i = 0; i < dependencies.size(); i++) {
             String dependencyLine = dependencies.getString(i);
             
diff --git a/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/tbuild/SetupToolsBuildDetectable.java b/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/tbuild/SetupToolsBuildDetectable.java
index 9c8f1ae46f..dc3d555700 100644
--- a/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/tbuild/SetupToolsBuildDetectable.java
+++ b/detectable/src/main/java/com/blackduck/integration/detectable/detectables/setuptools/tbuild/SetupToolsBuildDetectable.java
@@ -24,7 +24,6 @@
 import com.blackduck.integration.detectable.detectable.result.ExceptionDetectableResult;
 import com.blackduck.integration.detectable.detectable.result.ExecutableNotFoundDetectableResult;
 import com.blackduck.integration.detectable.detectable.result.PassedDetectableResult;
-import com.blackduck.integration.detectable.detectable.result.SetupToolsNoDependenciesDetectableResult;
 import com.blackduck.integration.detectable.detectable.result.SetupToolsRequiresNotFoundDetectableResult;
 import com.blackduck.integration.detectable.detectables.setuptools.SetupToolsExtractUtils;
 import com.blackduck.integration.detectable.detectables.setuptools.SetupToolsExtractor;
@@ -89,13 +88,9 @@ public DetectableResult extractable() throws DetectableException {
                 return new ExecutableNotFoundDetectableResult("pip");
             }
             
-            // Ensure dependencies/requirements are specified in a toml, cfg, or py file.
+            // Resolve the appropriate parser for dependencies (toml, cfg, or py file).
             setupToolsParser = SetupToolsExtractUtils.resolveSetupToolsParser(parsedToml, fileFinder, environment);
-            
-            if (setupToolsParser == null) {
-               return new SetupToolsNoDependenciesDetectableResult(); 
-            }
-            
+
             return new PassedDetectableResult();
         } catch (Exception e) {
             return new ExceptionDetectableResult(e);