feat: v8.2.0 (#320)

* fix: Bug fix for trigger fossology process validation. (#277)

* fixed test case issue
* conan processer update
* updated requested code changes
* pushed updated code
* Bug fix for Dependency issue
* updated exculde component logic while using purl
* Requested code changes updated

* requested changes

* updated code

* updated code

* Fossology url validation

* Revert "Fossology url validation"

This reverts commit 5b7a52f.

* Fossology validation

* Refactor code changes

* updated

* updated

* Adding UT for the pipeline artifactory uploader

* Adding license details to the file

* Updated code changes as per review comments

* updated code

* Requested changes pushed

* updated test case

* updated code changes

* updated requested changes

* updated

* Updated requested changes

* updated changes

* Fixed test case issue

* updated requested changes

* updated test cases

* Removed unnessasary publish artifacts

* Updated code changes

* Updated requested changes

* updated requested changes

* Updated code changes

* issue display

* updated changes

* removed unnessasary lines

* Removed sucess message

* Undo Changes

* undo test case

* updated code changes for Environment helper

* rmoved empty line

* updated small correction

* updated code changes

* updated test cases

* updated code changes

* Added the telemetry

* added the code for telemtry

* updated creator helper

* Updated for the console data

* Revert "Updated for the console data"

This reverts commit be61315.

* Reapply "Updated for the console data"

This reverts commit d27c32f.

* modified the component creator code

* resolved the review comments

* added the license header

* added the lct prefix in the test

* added the missing property group

* Fixed IT test cases for telemetry and updated project file

* added license header

* added header for unit test

* updated code changes for retry

* updated code changes

* Updated code changes

* updated document

* Updated changes for document

* Updated code

* code refactoring

* Updated code changes

* sonar fixes

* added sonar fixes

* Updated requested code changes

* added sonar fixes

* Code coverage

* improved code coverage

* update

* Code Coverage improve

* code coverage improve

* Updated code changes

* update code changes

* updated the code

* Added headers

* Decoupling SW360 and Jfrog connection Code changes

* fixed failed test case

* updated test cases

* missed file

* updated

* Updated code changes

* Updated code changes for test cases

* updated code changes

* Small correction

* Updated code changes

* Updated requested changes

* Updated reviewed comments

* small corrections

* Updated changes

* Updated images

* Updated code changes

* updated code changes

* pushed updated code

* Updated test cases

* support for linux also

* Add using directive for System.Runtime.InteropServices

Added a new using directive for the System.Runtime.InteropServices
namespace in the TestHelper.cs file to enable the use of its types
and methods.

* Refactor file path construction for robustness

Updated file path construction to use `Path.GetFullPath` and `Path.Combine` instead of string concatenation. This change affects the `Setup` and test methods in `ComponentCreatorInitialAlpine.cs`, `PackageIdentifierBasicSBOMAlpine.cs`, and `PackageIdentifierInitialAlpine.cs`. These updates enhance code maintainability and cross-platform compatibility.

* Simplify file paths in Alpine test files

Adjusted the file paths for `CCTComparisonBomTestFile` and `CCTLocalBomTestFile` in `ComponentCreatorInitialAlpine.cs`, `PackageIdentifierBasicSBOMAlpine.cs`, and `PackageIdentifierInitialAlpine.cs` by removing one level of directory traversal (`"..",`) from the `Path.Combine` method calls.

* Improve process management in TestHelper.cs

- Set CreateNoWindow to true for ProcessStartInfo
- Add real-time capturing of stdout and stderr
- Replace synchronous ReadToEnd with async reading
- Remove conditional compilation block for debugging
- Modify process exit code check to < 0
- Update output messages for executable path and args

* Refactor path construction to use System.IO methods

Updated file path constructions to use `Path.GetFullPath` and `Path.Combine` methods instead of string concatenations, ensuring platform-independent paths. Changes affect multiple files and methods, including test setups and directory checks. Removed unnecessary `RuntimeInformation` usage and simplified logging in `TestHelper.cs`. Improved code robustness and portability across different operating systems.

* Refactor TestHelper.cs for better process handling

Updated TestHelper.cs to improve process execution:
- Added System.Runtime.InteropServices namespace.
- Modified methods to determine executable names based on OS.
- Used Path.Combine for constructing executable paths.
- Set CreateNoWindow to true to prevent window creation.
- Captured and printed output/error streams in real-time.
- Started reading output/error streams asynchronously.
- Removed synchronous output reading and DEBUG block.
- Enhanced error logging with more descriptive messages.
- Removed BOMCreated flag setting on process exit.
- Ensured consistent formatting and code cleanup.

* Improve path construction using Path.GetFullPath and Path.Combine

Updated the way `packagjsonPath` is constructed by replacing string
concatenation with `Path.GetFullPath` and `Path.Combine`. This change
enhances the reliability and readability of the path construction.

* Update test URLs in appsettingsUnitTest.json

Added comments to indicate URLs are for testing purposes.
Updated SW360URL to "http://localhost:8090".
Updated FossologyURL to "http://localhost:8091".
Changed JFrogURL from empty string to "http://localhost:9000".

* Remove assertion for Entity Framework download URL

The code change removes the assertion that checks the expected download URL of the Entity Framework in the `ComponentCreatorInitialAlpine.cs` file within the `SW360IntegrationTest.Alpine` namespace. The removed line is:
 Assert.AreEqual(expecteddownloadurl, downloadurl, "Test download Url of Entity Framework");

* Clear URLs in appsettingsUnitTest.json

Updated SW360URL, FossologyURL, and JFrogURL in appsettingsUnitTest.json from specific local addresses to empty strings. This change removes the hardcoded local URLs, likely to prepare for a different configuration or environment setup.

* Remove placeholder URLs from appsettingsUnitTest.json

Deleted empty string placeholders for SW360URL, FossologyURL, and JFrogURL in the appsettingsUnitTest.json file.

* Refactor file path construction for platform-independence

Updated file path construction to use Path.GetFullPath and Path.Combine methods instead of string concatenation with backslashes. This change enhances platform-independence and reduces errors by ensuring the correct directory separator is used. Affected multiple test files across namespaces: ArtifactoryUploader.UTest, LCT.PackageIdentifier.UTest, and LCT.SW360PackageCreator.UTest.

* Fix casing of environment variable in test assertion

Correct the casing of the environment variable name from "unknown" to "Unknown" in `RuntimeEnvironmentTests.cs` to ensure compatibility with case-sensitive systems.

* Refactor path construction for platform independence

Updated file path construction to use `Path.GetFullPath` and `Path.Combine` instead of string concatenation with backslashes. This change enhances the robustness and platform independence of the code.

- Updated paths in `PackageUploadHelperTest.cs`, `CycloneBomProcessorTests.cs`, `DebianParserTests.cs`, `DisplayInformationTests.cs`, `MavenParserTests.cs`, `NPMParserTests.cs`, `NugetParserTests.cs`, and `ScannerTests.cs`.
- Changed `ProjectName` from "test" to "Test" in `PackageUploaderTest.cs`.

* Fix path handling in test files for cross-platform support

Updated `CycloneBomProcessorTests.cs`:
- Removed trailing backslash from `sourcePath`.
- Used `Path.GetFullPath` and `Path.Combine` for `output.json` path.

Updated `CreatorHelperTest.cs`:
- Appended `Path.DirectorySeparatorChar` to `localPathforDownload`.

* Update ReleaseId in AttachReport to a more realistic invalid URL

Changed ReleaseId in AttachReport from "invalid-url" to "http://invalid-url"
to ensure it is recognized as an HTTP URL. This modification is necessary
for testing purposes to verify that the system correctly identifies and
handles invalid URLs.

* Comment out test for UriFormatException in SW360 API

The test method `SW360Apicommunication_AttachComponentSourceToSW360_ThrowsUriFormatException` has been commented out. This method was originally designed to test if the `AttachComponentSourceToSW360` method throws a `UriFormatException` when provided with an invalid URL. The code within the method has been commented out, effectively disabling the test without removing it entirely.

* Disable specific test method by commenting out [Test] attribute

The `[Test]` attribute has been commented out, effectively disabling the test method `SW360Apicommunication_AttachComponentSourceToSW360_ThrowsUriFormatException`. This change ensures that this particular test will not be executed during the test suite run.

* Update SW360ApicommunicationUTest for platform-specific checks

Updated using directives to include System.Runtime.InteropServices and System.Security. Uncommented and modified SW360Apicommunication_AttachComponentSourceToSW360_ThrowsUriFormatException to include OS-specific exception handling: UriFormatException for Windows and InvalidCastException for other platforms. No changes to SW360Apicommunication_GetProjects_ReturnsInvalidOperationException.

* Running code cleanup visual studio - with
1. remove unnecessary imports or using
2. sort imports or using
3. format document

* Updating the year in the license header.

* Update copyright year to 2025

The copyright year in the `SPDX-FileCopyrightText` comment was updated from 2024 to 2025, reflecting the new year for the copyright notice.

* Added Headers for new files

* Adding a pipeline to run the job in azure devops

* Update azure-pipelines-UT-IT-Sonar.yml for Azure Pipelines

* Update azure-pipelines-UT-IT-Sonar.yml for Azure Pipelines

* Updated Versions in project files

* Updating the version to 8.0.0 in the required places

* Adding new workflows

* workflow changes

* Disable automatic pipeline trigger on push events

The trigger configuration for the pipeline has been modified:
- The pipeline will no longer automatically run on every commit to any branch, as the push trigger has been set to `trigger: none`.
- The pull request (PR) trigger configuration remains unchanged, ensuring that the pipeline runs when a PR is created or updated.

* Update pr-checks.yml

* Update pr-checks.yml

* Update azure-pipelines-UT-IT-Sonar.yml for Azure Pipelines

* Update pr-checks.yml

* Update pr-checks.yml

* Update pr-checks.yml

* Update pr-checks.yml

* Update pr-checks.yml

* Update pr-checks.yml

* Update pr-checks.yml

* Update pr-checks.yml

* added ut for jfrogrepoupdater

* added ut for the telemetry

* added ut

* added ut

* updated

* updated the ut

* added ut

* ut fix

* added ut

* added ut

* updated ut

* removed ut failing

* added ut

* updated ut

* added ut

* updated code changes for fossology

* updated code changes

* updated warning message

* ci(pipeline): add and update Azure Pipelines with caching, environment fixes, and improved tests (#266)

### Description

This pull request introduces updates and enhancements to the Azure Pipelines configuration for the `continuous-clearing` project. The changes include:

1. **Pipeline Enhancements**:
   - Added new pipeline files for build and deployment processes.
   - Updated pipeline configurations to improve efficiency and reliability.

2. **Performance Improvements**:
   - Added caching mechanisms in `UploadToArtifactory` to reduce network calls.

3. **Bug Fixes**:
   - Corrected casing for environment variables in runtime.

4. **Refactoring**:
   - Updated repository filtering and environment variable naming conventions.
   - Encapsulated `LogFolderPath` in the `Directory` class.
   - Improved conditional checks for test mode.

5. **Feature Updates**:
   - Enhanced the logic for constructing the `logPath` in `log4net`.
   - Added container checks for log and BOM uploads.

6. **Testing Improvements**:
   - Added unit tests for `AttachmentHelper` exception handling.
   - Improved JSON validation and normalized line endings in parser tests.
   - Added tests for Conan package `CreateFileForMultipleVersions` functionality.
   - Removed outdated test files and assertions.

These changes aim to improve the build pipeline's performance, reliability, and maintainability while enhancing test coverage.

* updated code changes

* updated changes

* updated code changes

* Updated new changes

* removed unnessasary spaces

* Fixed sonarcube issues

* sonarcube issues fixed

* improved code coverage

* updated

* updated code coverage

* Fixed Review Comments

* code coverage improve

* Bug fixes of all excs

* code cleanup

* updated retry logic warning message

* updated code changes

* sonar cube issues fix

* undo log folder initiation

* sonar cube issues fix

* updated code

* updated code for sonar issues

* updated changes

* updated changes

* sonar issues fixed

* updated test cases

* testing in pipeline

* testing

* testing

* testing

* sonar issues fix

* updated test cases

* revert the changes

* sonar issue fix

* unnessasry values removed

* fixed issue

* updated change

* sonar issues fixed

* updated masked token

* updated test cases for sensitive data

* Updated requested changes

* sonar issue fixed

* Updated requested changes

* refactor(logging,formatting): improve readability and logs (#273)

Fixed various formatting issues across multiple files to ensure consistent code style and readability. Removed unused imports in Program.cs to improve maintainability.

These changes collectively improve the clarity, maintainability, and quality of the codebase.

Co-authored-by: Aditya Narayan <[email protected]>

* docs: Update OSS ReadMe and enhance usage documentation (#274)

* Updating the readMe OSS

* Add copyright notice to usage documentation for Alpine and Debian attachment manuals

- Updated the Alpine Overview documentation to include a copyright notice.
- Updated the Debian Overview documentation to include a copyright notice.

* feat(config): add new parameters and restructure app settings for improved configuration management

* fix(docs): correct formatting and examples in CA_UsageDocument.md

---------

Co-authored-by: Aditya Narayan <[email protected]>

* Trigger fossology process validation failed we make it as application exit

* reverted changes

---------

Co-authored-by: Chalapala RaghavendraReddy <[email protected]>
Co-authored-by: Aditya Narayan <[email protected]>
Co-authored-by: Aditya Narayan <[email protected]>
Co-authored-by: Malavika <[email protected]>
Co-authored-by: MalavikaKrishnan100 <[email protected]>

* feat: Upgrade the CA Tool to support the latest CycloneDX SBOM schema (v1.6) with Siemens SBOM Standard version v3 (#283)

* Integrate cycloneDx SBom with1.6 version

* code cleanup

* sonar issues

* Resolved warnings

* updated changes

* updated readme file

* reverted spaces

* updated requested changes

* updated document

* removed spaces

* missed

* missed

---------

Co-authored-by: Chalapala RaghavendraReddy <[email protected]>

* Bug fixes for all three excs

* removed line

* sonar issues fixed

* requested changes

* feat: .NET Framework Detection and SBOM Enhancement (#284)

* feat: release activities for 8.1.0 (#290)

* Bug fixes

* updated

* updatedtestcases

* updated test cases

* updated as per review comments

* removed testing code

* initial (#293)

Co-authored-by: sumanthkb <[email protected]>

* bug fixed

* updated source code

* removed docker file

* SonarMaintainabulity issues

* sonar issues fix

* sonar issues

* code coverage

* sonar issues

* sonar issues fix

* sonar issues

* telemetry issues fix

* Updated application insights connection string

* requested changes

* today work

* chore: updating the branch for the time being

* updated usage doc

* Updated retry attempt warning message

* updated changes

* Add approval check for ComparisonBomData processing

* review comments added

* corrected log message

* Today work

* updated changes today work

* Today work

* Updated code changes

* removed space

* sonar issues fix

* file headers added

* sonar issues fix

* code coverage improve

* bug fix: artifactory uploder failing

* Added integration test cases

* Added headers for newly added files

* updated review comments

* Today work

* Today Work

* Today work

* removed empty lines

* removed

* removed space

* updatedchanges

* removed

* added unit test

* added ut

* removed duplicate lines

* Removed failed test cases

* added ut

* Removed unnessary using and space

* Update CA_UsageDocument.md

* Update CA_UsageDocument.md

* Updated code with review comments

* sonarissues fix

* removed method

* sonarissue fixed

* refactor(program): improve BOM file path handling in ArtifactoryUploader (#301)

Added a new method for flexible BOM file retrieval and standardized backup file naming with a new constant. Updated relevant using directives for consistency.

Co-authored-by: sumanthkb <[email protected]>

* Updated code changes

* Fixed failed test cases

* Updated dev property value

* Bug fix

* sonar issue fix

* Implement PEM signature verification and related tests

- Added PemSignatureVerifier class to validate digital signatures using PEM-encoded certificates and public keys.
- Introduced methods to handle RSA, ECDSA, and DSA algorithms for signature verification.
- Created NamingConventionOfSPDXFile method in BomHelper to check for related files based on SPDX naming conventions.
- Integrated NamingConventionOfSPDXFile method into various processor classes (ConanProcessor, MavenProcessor, NpmProcessor, PythonProcessor, NugetProcessor) to ensure proper file validation.
- Developed comprehensive unit tests for PemSignatureVerifier covering various scenarios, including valid and invalid certificates, public keys, and edge cases.
- Ensured proper handling of exceptions and logging for better traceability during signature validation.

* Bug fixes for identify debian package by using package url,remove duplicate properties

* Refactor code changes

* Enhance logging and BOM file handling

- Improved logging in `PackageUploadHelper.cs` for the `GetComponentListFromComparisonBOM` method, including warnings for invalid SPDX file signatures.

* added ut

* sonar fixes

* updated properties

* reverted the fix

* Refactor signature verification in PemSignatureVerifier

Removed dual hash algorithm check; now only SHA256 is used for signature verification. This simplifies the process and enhances security by relying on a stronger hash algorithm.

* feat: v8.2.0 release checklist updated (#316)

* Update CA_UsageDocument.md

* Update CA_UsageDocument.md

* Test

* Removed unused imports

* Update readme

---------

Co-authored-by: K B, Sumanth (FT D AA IN SGI EA EBT BE) <[email protected]>

* Version chnage in Nuspec

---------

Co-authored-by: RaghavendraReddy Chalapala <[email protected]>
Co-authored-by: Chalapala RaghavendraReddy <[email protected]>
Co-authored-by: Aditya Narayan <[email protected]>
Co-authored-by: Aditya Narayan <[email protected]>
Co-authored-by: Malavika <[email protected]>
Co-authored-by: MalavikaKrishnan100 <[email protected]>
Co-authored-by: sumanthkb <[email protected]>
Co-authored-by: Khichadi, Laxmi (FT D AA IN SGI EA MED ECP PA) <[email protected]>
Co-authored-by: laxmisk <[email protected]>
Co-authored-by: ragavareddychalapala <[email protected]>

Author: 10 people

.github/workflows/build-and-release.yml

@@ -49,8 +49,8 @@ jobs:
 
       - name: Build Docker Image
         run: |
-          docker build . --file Dockerfile --tag ${{ github.repository }}:continuous-clearing-v8.1.0
-          docker save ${{ github.repository }}:continuous-clearing-v8.1.0 -o continuous-clearing-v8.1.0.tar
+          docker build . --file Dockerfile --tag ${{ github.repository }}:continuous-clearing-v8.2.0
+          docker save ${{ github.repository }}:continuous-clearing-v8.2.0 -o continuous-clearing-v8.2.0.tar
 
       - name: Upload Docker Image
         uses: actions/upload-artifact@v4
@@ -74,7 +74,7 @@ jobs:
 
       - name: Pack NuGet Package
         run: |
-          nuget pack CA.nuspec -Version 8.1.0
+          nuget pack CA.nuspec -Version 8.2.0
 
       - name: Upload NuGet Package
         uses: actions/upload-artifact@v4
@@ -114,25 +114,25 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          tag_name: v8.1.0
-          release_name: Release v8.1.0
+          tag_name: v8.2.0
+          release_name: Release v8.2.0
           body: |
             ${{ github.event.head_commit.message }}
           draft: true
           prerelease: false
 
       - name: Compress Full Build Output into ZIP
         run: |
-          powershell -Command "& {Compress-Archive -Path ${{ github.workspace }}/out/* -DestinationPath ${{ github.workspace }}/continuous-clearing-v8.1.0.zip}"
+          powershell -Command "& {Compress-Archive -Path ${{ github.workspace }}/out/* -DestinationPath ${{ github.workspace }}/continuous-clearing-v8.2.0.zip}"
 
       - name: Upload Full Build Output ZIP to Release
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ${{ github.workspace }}/continuous-clearing-v8.1.0.zip
-          asset_name: continuous-clearing-v8.1.0.zip
+          asset_path: ${{ github.workspace }}/continuous-clearing-v8.2.0.zip
+          asset_name: continuous-clearing-v8.2.0.zip
           asset_content_type: application/zip
 
       - name: Upload Docker Image(tar) to Release
@@ -141,8 +141,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./continuous-clearing-v8.1.0.tar
-          asset_name: continuous-clearing-v8.1.0.tar
+          asset_path: ./continuous-clearing-v8.2.0.tar
+          asset_name: continuous-clearing-v8.2.0.tar
           asset_content_type: application/x-tar
 
       - name: Upload NuGet Package to Release
@@ -151,8 +151,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./continuous-clearing.8.1.0.nupkg
-          asset_name: continuous-clearing.8.1.0.nupkg
+          asset_path: ./continuous-clearing.8.2.0.nupkg
+          asset_name: continuous-clearing.8.2.0.nupkg
           asset_content_type: application/octet-stream
 
       - name: Upload ReadmeOSS_nupkg file to Release 

CA.nuspec

@@ -4,7 +4,7 @@
 <package >
   <metadata>
     <id>continuous-clearing</id>
-    <version>8.1.0</version>
+	<version>8.2.0</version>
     <authors>Siemens AG</authors>
     <owners>continuous-clearing contributors</owners>
     <projectUrl>https://github.com/siemens/continuous-clearing</projectUrl>

ReadmeOSS_continuous-clearing_DockerImage.html

@@ -0,0 +1,145 @@
+{
+  "spdxVersion": "SPDX-2.3",
+  "dataLicense": "CC0-1.0",
+  "SPDXID": "SPDXRef-DOCUMENT",
+  "name": "unknown",
+  "documentNamespace": "https://anchore.com/Clearing%20Automation%20Tool/unknown-source-type/unknown-a7765742-1e1f-4f17-b7c8-fdfacd263e26",
+  "creationInfo": {
+    "licenseListVersion": "3.25",
+    "creators": [ "Organization: Anchore, Inc", "Tool: Clearing Automation Tool-8.0.0" ],
+    "created": "2025-07-14T09:39:47Z"
+  },
+  "packages": [
+    {
+      "name": "apk-tools",
+      "SPDXID": "SPDXRef-Package-apk-apk-tools-pkg-apk-alpine-apk-tools-2.12.9-r3-distro-alpine-3.16.2",
+      "versionInfo": "2.12.9-r3",
+      "supplier": "NOASSERTION",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "sourceInfo": "acquired package info from APK DB: ",
+      "licenseConcluded": "NOASSERTION",
+      "licenseDeclared": "NOASSERTION",
+      "copyrightText": "NOASSERTION",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:apk/alpine/[email protected]?arch=source&distro=alpine-3.16.2"
+        }
+      ]
+    },
+    {
+      "name": "busybox",
+      "SPDXID": "SPDXRef-Package-apk-busybox-pkg-apk-alpine-busybox-1.35.0-r17-distro-alpine-3.16.2",
+      "versionInfo": "1.35.0-r17",
+      "supplier": "NOASSERTION",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "sourceInfo": "acquired package info from APK DB: ",
+      "licenseConcluded": "NOASSERTION",
+      "licenseDeclared": "NOASSERTION",
+      "copyrightText": "NOASSERTION",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:apk/alpine/[email protected]?arch=source&distro=alpine-3.16.2"
+        }
+      ]
+    },
+    {
+      "name": "continuous-clearing",
+      "SPDXID": "SPDXRef-Package-UnknownPackage-continuous-clearing-8e0a82bb89af36a3",
+      "versionInfo": "v9.0.x",
+      "supplier": "NOASSERTION",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "sourceInfo": "acquired package info from the following paths: ",
+      "licenseConcluded": "NOASSERTION",
+      "licenseDeclared": "NOASSERTION",
+      "copyrightText": "NOASSERTION"
+    },
+    {
+      "name": "musl",
+      "SPDXID": "SPDXRef-Package-apk-musl-pkg-apk-alpine-musl-1.2.3-r0-distro-alpine-3.16.2",
+      "versionInfo": "1.2.3-r0",
+      "supplier": "NOASSERTION",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "sourceInfo": "acquired package info from APK DB: ",
+      "licenseConcluded": "NOASSERTION",
+      "licenseDeclared": "NOASSERTION",
+      "copyrightText": "NOASSERTION",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:apk/alpine/[email protected]?arch=source&distro=alpine-3.16.2"
+        }
+      ]
+    },
+    {
+      "name": "zlib",
+      "SPDXID": "SPDXRef-Package-apk-zlib-pkg-apk-alpine-zlib-1.2.12-r3-distro-alpine-3.16.2",
+      "versionInfo": "1.2.12-r3",
+      "supplier": "NOASSERTION",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "sourceInfo": "acquired package info from APK DB: ",
+      "licenseConcluded": "NOASSERTION",
+      "licenseDeclared": "NOASSERTION",
+      "copyrightText": "NOASSERTION",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:apk/alpine/[email protected]?arch=source&distro=alpine-3.16.2"
+        }
+      ]
+    },
+    {
+      "name": "",
+      "SPDXID": "SPDXRef-DocumentRoot-Unknown-",
+      "supplier": "NOASSERTION",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "licenseConcluded": "NOASSERTION",
+      "licenseDeclared": "NOASSERTION",
+      "copyrightText": "NOASSERTION",
+      "primaryPackagePurpose": "OTHER"
+    }
+  ],
+  "relationships": [
+    {
+      "spdxElementId": "SPDXRef-DocumentRoot-Unknown-",
+      "relatedSpdxElement": "SPDXRef-Package-apk-apk-tools-pkg-apk-alpine-apk-tools-2.12.9-r3-distro-alpine-3.16.2",
+      "relationshipType": "CONTAINS"
+    },
+    {
+      "spdxElementId": "SPDXRef-DocumentRoot-Unknown-",
+      "relatedSpdxElement": "SPDXRef-Package-apk-busybox-pkg-apk-alpine-busybox-1.35.0-r17-distro-alpine-3.16.2",
+      "relationshipType": "CONTAINS"
+    },
+    {
+      "spdxElementId": "SPDXRef-DocumentRoot-Unknown-",
+      "relatedSpdxElement": "SPDXRef-Package-UnknownPackage-continuous-clearing-8e0a82bb89af36a3",
+      "relationshipType": "CONTAINS"
+    },
+    {
+      "spdxElementId": "SPDXRef-DocumentRoot-Unknown-",
+      "relatedSpdxElement": "SPDXRef-Package-apk-musl-pkg-apk-alpine-musl-1.2.3-r0-distro-alpine-3.16.2",
+      "relationshipType": "CONTAINS"
+    },
+    {
+      "spdxElementId": "SPDXRef-DocumentRoot-Unknown-",
+      "relatedSpdxElement": "SPDXRef-Package-apk-zlib-pkg-apk-alpine-zlib-1.2.12-r3-distro-alpine-3.16.2",
+      "relationshipType": "CONTAINS"
+    },
+    {
+      "spdxElementId": "SPDXRef-DOCUMENT",
+      "relatedSpdxElement": "SPDXRef-DocumentRoot-Unknown-",
+      "relationshipType": "DESCRIBES"
+    }
+  ]
+}

ReadmeOSS_continuous-clearing_nupkg.html

@@ -0,0 +1 @@
+{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"unknown","documentNamespace":"https://anchore.com/Clearing%20Automation%20Tool/unknown-source-type/unknown-724369ca-de01-4a2e-be3e-dfce5d4e0600","creationInfo":{"licenseListVersion":"3.25","creators":["Organization: Anchore, Inc","Tool: Clearing Automation Tool-8.0.0"],"created":"2025-07-14T09:44:50Z"},"packages":[{"name":"continuous-clearing","SPDXID":"SPDXRef-Package-UnknownPackage-continuous-clearing-8e0a82bb89af36a3","versionInfo":"v9.0.x","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from the following paths: ","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION"},{"name":"rapidjson","SPDXID":"SPDXRef-Package-conan-rapidjson-pkg-conan-rapidjson-1.1.0","versionInfo":"1.1.0","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from conan manifest: ","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:conan/[email protected]"}]},{"name":"","SPDXID":"SPDXRef-DocumentRoot-Unknown-","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","primaryPackagePurpose":"OTHER"}],"relationships":[{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-UnknownPackage-continuous-clearing-8e0a82bb89af36a3","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-conan-rapidjson-pkg-conan-rapidjson-1.1.0","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DOCUMENT","relatedSpdxElement":"SPDXRef-DocumentRoot-Unknown-","relationshipType":"DESCRIBES"}]}

TestFiles/IntegrationTestFiles/SpdxTestFiles/Alpine/Alpine.spdx.sbom.json

@@ -0,0 +1 @@
+{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"unknown","documentNamespace":"https://anchore.com/Clearing%20Automation%20Tool/unknown-source-type/unknown-197a5d59-c2ee-4f27-b042-0e8761b64285","creationInfo":{"licenseListVersion":"3.25","creators":["Organization: Anchore, Inc","Tool: Clearing Automation Tool-8.0.0"],"created":"2025-07-14T09:45:45Z"},"packages":[{"name":"adduser","SPDXID":"SPDXRef-Package-deb-adduser-pkg-deb-debian-adduser-3.118-arch-source","versionInfo":"3.118","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from DPKG DB: ","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:deb/debian/[email protected]?arch=source"}]},{"name":"apt","SPDXID":"SPDXRef-Package-deb-apt-pkg-deb-debian-apt-1.8.2.3-arch-source","versionInfo":"1.8.2.3","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from DPKG DB: ","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:deb/debian/[email protected]?arch=source"}]},{"name":"base-files","SPDXID":"SPDXRef-Package-deb-base-files-pkg-deb-debian-base-files-10.3-2Bdeb10u10-arch-source","versionInfo":"10.3+deb10u10","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from DPKG DB: ","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:deb/debian/[email protected]%2Bdeb10u10?arch=source"}]},{"name":"base-passwd","SPDXID":"SPDXRef-Package-deb-base-passwd-pkg-deb-debian-base-passwd-3.5.46-arch-source","versionInfo":"3.5.46","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from DPKG DB: ","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:deb/debian/[email protected]?arch=source"}]},{"name":"continuous-clearing","SPDXID":"SPDXRef-Package-UnknownPackage-continuous-clearing-8e0a82bb89af36a3","versionInfo":"v9.0.x","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from the following paths: ","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION"},{"name":"","SPDXID":"SPDXRef-DocumentRoot-Unknown-","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","primaryPackagePurpose":"OTHER"}],"relationships":[{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-deb-adduser-pkg-deb-debian-adduser-3.118-arch-source","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-deb-apt-pkg-deb-debian-apt-1.8.2.3-arch-source","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-deb-base-files-pkg-deb-debian-base-files-10.3-2Bdeb10u10-arch-source","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-deb-base-passwd-pkg-deb-debian-base-passwd-3.5.46-arch-source","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-UnknownPackage-continuous-clearing-8e0a82bb89af36a3","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DOCUMENT","relatedSpdxElement":"SPDXRef-DocumentRoot-Unknown-","relationshipType":"DESCRIBES"}]}

TestFiles/IntegrationTestFiles/SpdxTestFiles/Conan/Conan.spdx.sbom.json

@@ -0,0 +1 @@
+{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"unknown","documentNamespace":"https://anchore.com/Clearing%20Automation%20Tool/unknown-source-type/unknown-a05ab23d-7b6b-47e8-a142-fba76cb23b23","creationInfo":{"licenseListVersion":"3.25","creators":["Organization: Anchore, Inc","Tool: Clearing Automation Tool-8.0.0"],"created":"2025-07-14T09:47:21Z"},"packages":[{"name":"continuous-clearing","SPDXID":"SPDXRef-Package-UnknownPackage-continuous-clearing-8e0a82bb89af36a3","versionInfo":"v9.0.x","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from the following paths: ","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION"},{"name":"hamcrest-core","SPDXID":"SPDXRef-Package-java-archive-hamcrest-core-pkg-maven-org.hamcrest-hamcrest-core-1.3","versionInfo":"1.3","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed java archive: ","licenseConcluded":"NOASSERTION","licenseDeclared":"BSD-3-Clause","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:maven/org.hamcrest/[email protected]"}]},{"name":"joda-time","SPDXID":"SPDXRef-Package-java-archive-joda-time-pkg-maven-joda-time-joda-time-2.9.2","versionInfo":"2.9.2","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed java archive: ","licenseConcluded":"NOASSERTION","licenseDeclared":"Apache-2.0","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:maven/joda-time/[email protected]"}]},{"name":"junit","SPDXID":"SPDXRef-Package-java-archive-junit-pkg-maven-junit-junit-4.12","versionInfo":"4.12","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from installed java archive: ","licenseConcluded":"NOASSERTION","licenseDeclared":"EPL-1.0","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:maven/junit/[email protected]"}]},{"name":"","SPDXID":"SPDXRef-DocumentRoot-Unknown-","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","primaryPackagePurpose":"OTHER"}],"relationships":[{"spdxElementId":"SPDXRef-Package-java-archive-hamcrest-core-pkg-maven-org.hamcrest-hamcrest-core-1.3","relatedSpdxElement":"SPDXRef-Package-java-archive-junit-pkg-maven-junit-junit-4.12","relationshipType":"DEPENDENCY_OF"},{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-UnknownPackage-continuous-clearing-8e0a82bb89af36a3","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-java-archive-hamcrest-core-pkg-maven-org.hamcrest-hamcrest-core-1.3","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-java-archive-joda-time-pkg-maven-joda-time-joda-time-2.9.2","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DocumentRoot-Unknown-","relatedSpdxElement":"SPDXRef-Package-java-archive-junit-pkg-maven-junit-junit-4.12","relationshipType":"CONTAINS"},{"spdxElementId":"SPDXRef-DOCUMENT","relatedSpdxElement":"SPDXRef-DocumentRoot-Unknown-","relationshipType":"DESCRIBES"}]}