Fixed bug where load components only returns components found by the same scanner and not by others

patrick.rissmann@l3montree.com · patrick.rissmann@l3montree.com · commit 01f5f0856eca · 2025-04-10T13:07:45.000+02:00
diff --git a/internal/core/assetversion/asset_version_service.go b/internal/core/assetversion/asset_version_service.go
@@ -336,8 +336,8 @@ func buildBomRefMap(bom normalize.SBOM) map[string]cdx.Component {
 
 func (s *service) UpdateSBOM(assetVersion models.AssetVersion, scannerID string, sbom normalize.SBOM) error {
 	// load the asset components
-	scannerID = "AdditionalScanner"
-	assetComponents, err := s.componentRepository.LoadComponents(nil, assetVersion.Name, assetVersion.AssetID, scannerID)
+
+	assetComponents, err := s.componentRepository.LoadComponents(nil, assetVersion.Name, assetVersion.AssetID, "")
 	if err != nil {
 		return errors.Wrap(err, "could not load asset components")
 	}
diff --git a/internal/database/repositories/component_repository.go b/internal/database/repositories/component_repository.go
@@ -200,22 +200,27 @@ func (c *componentRepository) HandleStateDiff(tx core.DB, assetVersionName strin
 	needToBeChanged := comparison.InBoth
 
 	return c.GetDB(tx).Transaction(func(tx *gorm.DB) error {
+		//We remove the scanner id from all components in removed and if it was the only scanner id we remove the component
 		dependenciesToUpdate, err := removeScannerIDFromComponents(tx, c, removed, scannerID)
 		if err != nil {
 			return err
 		}
+
+		//Now we want to update the database with the new scanner id values
 		if len(dependenciesToUpdate) > 0 {
 			err := c.db.Save(dependenciesToUpdate).Error
 			if err != nil {
 				return err
 			}
 		}
 
+		//Next step is adding the scanner id to all existing component dependencies we just found
 		for i := range needToBeChanged {
 			if !strings.Contains(needToBeChanged[i].ScannerIDs, scannerID) {
 				needToBeChanged[i].ScannerIDs = needToBeChanged[i].ScannerIDs + scannerID + " "
 			}
 		}
+		//We also need to update these changes in the database
 		if len(needToBeChanged) > 0 {
 			err := c.db.Save(needToBeChanged).Error
 			if err != nil {
@@ -229,6 +234,7 @@ func (c *componentRepository) HandleStateDiff(tx core.DB, assetVersionName strin
 			added[i].AssetVersionName = assetVersionName
 		}
 
+		//At last we create all the new component dependencies
 		return c.CreateComponents(tx, added)
 	})
 }

Original file line number	Diff line number	Diff line change
`@@ -200,22 +200,27 @@ func (c *componentRepository) HandleStateDiff(tx core.DB, assetVersionName strin`
`200`	`200`	`needToBeChanged := comparison.InBoth`
`201`	`201`
`202`	`202`	`return c.GetDB(tx).Transaction(func(tx *gorm.DB) error {`
	`203`	`+ //We remove the scanner id from all components in removed and if it was the only scanner id we remove the component`
`203`	`204`	`dependenciesToUpdate, err := removeScannerIDFromComponents(tx, c, removed, scannerID)`
`204`	`205`	`if err != nil {`
`205`	`206`	`return err`
`206`	`207`	`}`
	`208`	`+`
	`209`	`+ //Now we want to update the database with the new scanner id values`
`207`	`210`	`if len(dependenciesToUpdate) > 0 {`
`208`	`211`	`err := c.db.Save(dependenciesToUpdate).Error`
`209`	`212`	`if err != nil {`
`210`	`213`	`return err`
`211`	`214`	`}`
`212`	`215`	`}`
`213`	`216`
	`217`	`+ //Next step is adding the scanner id to all existing component dependencies we just found`
`214`	`218`	`for i := range needToBeChanged {`
`215`	`219`	`if !strings.Contains(needToBeChanged[i].ScannerIDs, scannerID) {`
`216`	`220`	`needToBeChanged[i].ScannerIDs = needToBeChanged[i].ScannerIDs + scannerID + " "`
`217`	`221`	`}`
`218`	`222`	`}`
	`223`	`+ //We also need to update these changes in the database`
`219`	`224`	`if len(needToBeChanged) > 0 {`
`220`	`225`	`err := c.db.Save(needToBeChanged).Error`
`221`	`226`	`if err != nil {`
`@@ -229,6 +234,7 @@ func (c *componentRepository) HandleStateDiff(tx core.DB, assetVersionName strin`
`229`	`234`	`added[i].AssetVersionName = assetVersionName`
`230`	`235`	`}`
`231`	`236`
	`237`	`+ //At last we create all the new component dependencies`
`232`	`238`	`return c.CreateComponents(tx, added)`
`233`	`239`	`})`
`234`	`240`	`}`