siemens · MalavikaKrishnan100 · Oct 24, 2025 · Oct 5, 2025 · Oct 5, 2025 · Oct 6, 2025
diff --git a/doc/UsageDoc/CA_UsageDocument.md b/doc/UsageDoc/CA_UsageDocument.md
@@ -17,6 +17,11 @@
 - [Continuous Clearing Tool Execution](#continuous-clearing-tool-execution)
     - [Overview](#overview)
     - [**Prerequisite for Continuous Clearing Tool execution**](#prerequisite-for-continuous-clearing-tool-execution)
+  - [SPDX v2.3 Support](#spdx-v23-support)
+    - [File Naming Convention](#file-naming-convention)
+  - [SPDX SBOM Signature Validator](#spdx-sbom-signature-validator)
+    - [File Naming Convention](#file-naming-convention-1)
+    - [Validation Process](#validation-process)
     - [**Configuring the Continuous Clearing Tool**](#configuring-the-continuous-clearing-tool)
       - [**Method 1 - Only AppSettings**](#method-1---only-appsettings)
     - [Below rows repeat for each supported package type.](#below-rows-repeat-for-each-supported-package-type)
@@ -49,6 +54,8 @@
     - [Docker Template Specific Parameters](#docker-template-specific-parameters)
 - [Troubleshoot](#troubleshoot)
   - [Component Compliance Guidance](#component-compliance-guidance)
+    - [Purpose](#purpose)
+    - [Functionality](#functionality)
   - [General](#general)
 - [Manual Update](#manual-update)
 - [Bug or Enhancements](#bug-or-enhancements)
@@ -196,10 +203,6 @@ Users have the flexibility to generate a basic SBOM even if connections to SW360
   * **Project Type :** **Conan**
 
     * Input file repository should contain **conan.lock** file.
-
-  * **Project Type :** **Choco**
-
-   * Input file repository should contain **choco.config** / ** *.choco.config ** file.
 
   * **Project Type :**  **Debian & Alpine**
 
@@ -215,6 +218,13 @@ Users have the flexibility to generate a basic SBOM even if connections to SW360
 
       Resulted output.sbom.cdx.json file will be having the list of installed packages  and the same file will be used as  an input to Continuous clearing tool - Package identifier via the input directory parameter. The remaining process is same as other project types.
 
+  * **Project Type :** **Choco (Chocolatey)**
+
+    * Choco packages are now supported and handled just like NuGet packages.
+    * Set `ProjectType` to `CHOCO` in your configuration or command line.
+    * Input file repository should contain your Choco `.nupkg` files.
+    * Choco packages will be uploaded to the configured NuGet/Choco repositories in Artifactory.
+    * No extra configuration is needed—just include your Choco packages as you would with other supported types.
 
 ## SPDX v2.3 Support
 

diff --git a/src/AritfactoryUploader.UTest/PackageUploadHelperTest.cs b/src/AritfactoryUploader.UTest/PackageUploadHelperTest.cs
@@ -49,6 +49,7 @@ public void GetComponentListFromComparisonBOM_GivenComparisonBOM_ReturnsComponen
         [TestCase("DEBIAN", ".deb")]
         [TestCase("POETRY", ".whl")]
         [TestCase("CONAN", "package.tgz")]
+    [TestCase("CHOCO", ".nupkg")]
         public void GetPkgeNameExtensionBasedOnComponentType_GivenType_ReturnsPkgNameExtension(string type, string extension)
         {
             // Arrange
@@ -212,6 +213,7 @@ public void GetJfrogApiCommInstance_GivenComponentWithUnknownType_ReturnsJfrogAp
         [TestCase("POETRY")]
         [TestCase("CONAN")]
         [TestCase("DEBIAN")]
+    [TestCase("CHOCO")]
         public async Task JfrogNotFoundPackagesAsync_CoversAllScenarios(string compType)
         {
             // Arrange
@@ -234,7 +236,7 @@ public async Task JfrogNotFoundPackagesAsync_CoversAllScenarios(string compType)
                 Assert.AreEqual(1, displayPackagesInfo.JfrogNotFoundPackagesNpm.Count);
                 Assert.That(displayPackagesInfo.JfrogNotFoundPackagesNpm[0], Is.Not.Null);
             }
-            else if (item.ComponentType == "NUGET")
+            else if (item.ComponentType == "NUGET" || item.ComponentType == "CHOCO")
             {
                 Assert.AreEqual(1, displayPackagesInfo.JfrogNotFoundPackagesNuget.Count);
                 Assert.That(displayPackagesInfo.JfrogNotFoundPackagesNuget[0], Is.Not.Null);
@@ -268,6 +270,7 @@ public async Task JfrogNotFoundPackagesAsync_CoversAllScenarios(string compType)
         [TestCase("POETRY")]
         [TestCase("CONAN")]
         [TestCase("DEBIAN")]
+    [TestCase("CHOCO")]
         public async Task JfrogFoundPackagesAsync_CoversAllScenarios(string compType)
         {
             // Arrange
@@ -293,7 +296,7 @@ public async Task JfrogFoundPackagesAsync_CoversAllScenarios(string compType)
                 Assert.AreEqual(1, displayPackagesInfo.JfrogFoundPackagesNpm.Count);
                 Assert.That(displayPackagesInfo.JfrogFoundPackagesNpm[0], Is.Not.Null);
             }
-            else if (item.ComponentType == "NUGET")
+            else if (item.ComponentType == "NUGET" || item.ComponentType == "CHOCO")
             {
                 Assert.AreEqual(1, displayPackagesInfo.JfrogFoundPackagesNuget.Count);
                 Assert.That(displayPackagesInfo.JfrogFoundPackagesNuget[0], Is.Not.Null);

diff --git a/src/ArtifactoryUploader/ArtifactoryUploader.cs b/src/ArtifactoryUploader/ArtifactoryUploader.cs
@@ -32,6 +32,17 @@ public static async Task<HttpResponseMessage> UploadPackageToRepo(ComponentsToAr
             Logger.Debug("Starting UploadPackageToArtifactory method");
             string operationType = component.PackageType == PackageType.ClearedThirdParty
                 || component.PackageType == PackageType.Development ? "copy" : "move";
+            if (component.ComponentType == "CHOCO")
+            {
+                if (component.PackageType == PackageType.Internal)
+                {
+                    operationType = "move";
+                }
+                else
+                {
+                    operationType = "copy";
+                }
+            }
             string dryRunSuffix = component.DryRun ? " dry-run" : "";
             HttpResponseMessage responsemessage = new HttpResponseMessage();
             try
@@ -50,8 +61,14 @@ public static async Task<HttpResponseMessage> UploadPackageToRepo(ComponentsToAr
                 // Perform Copy or Move operation
                 responsemessage = component.PackageType switch
                 {
-                    PackageType.ClearedThirdParty or PackageType.Development => await JFrogApiCommInstance.CopyFromRemoteRepo(component),
-                    PackageType.Internal => await JFrogApiCommInstance.MoveFromRepo(component),
+                    PackageType.ClearedThirdParty or PackageType.Development =>
+                        (component.ComponentType == "CHOCO"
+                            ? await JFrogApiCommInstance.CopyFromRemoteRepo(component)
+                            : await JFrogApiCommInstance.CopyFromRemoteRepo(component)),
+                    PackageType.Internal =>
+                        (component.ComponentType == "CHOCO"
+                            ? await JFrogApiCommInstance.MoveFromRepo(component)
+                            : await JFrogApiCommInstance.MoveFromRepo(component)),
                     _ => new HttpResponseMessage(HttpStatusCode.NotFound)
                 };
 

diff --git a/src/ArtifactoryUploader/PackageUploadHelper.cs b/src/ArtifactoryUploader/PackageUploadHelper.cs
@@ -113,7 +113,7 @@ public static async Task JfrogNotFoundPackagesAsync(ComponentsToArtifactory item
                 ComponentsToArtifactory components = await GetSucessFulPackageinfo(item);
                 displayPackagesInfo.JfrogNotFoundPackagesNpm.Add(components);
             }
-            else if (item.ComponentType == "NUGET")
+            else if (item.ComponentType == "NUGET" || item.ComponentType == "CHOCO")
             {
                 ComponentsToArtifactory components = await GetSucessFulPackageinfo(item);
                 displayPackagesInfo.JfrogNotFoundPackagesNuget.Add(components);
@@ -149,7 +149,7 @@ public static async Task JfrogFoundPackagesAsync(ComponentsToArtifactory item, D
                 ComponentsToArtifactory components = await GetPackageinfo(item, operationType, responseMessage, dryRunSuffix);
                 displayPackagesInfo.JfrogFoundPackagesNpm.Add(components);
             }
-            else if (item.ComponentType == "NUGET")
+            else if (item.ComponentType == "NUGET" || item.ComponentType == "CHOCO")
             {
                 ComponentsToArtifactory components = await GetPackageinfo(item, operationType, responseMessage, dryRunSuffix);
                 displayPackagesInfo.JfrogFoundPackagesNuget.Add(components);
@@ -180,11 +180,10 @@ private static async Task SucessfullPackagesAsync(ComponentsToArtifactory item,
         {
             if (item.ComponentType == "NPM")
             {
-
                 ComponentsToArtifactory components = await GetSucessFulPackageinfo(item);
                 displayPackagesInfo.SuccessfullPackagesNpm.Add(components);
             }
-            else if (item.ComponentType == "NUGET")
+            else if (item.ComponentType == "NUGET" || item.ComponentType == "CHOCO")
             {
                 ComponentsToArtifactory components = await GetSucessFulPackageinfo(item);
                 displayPackagesInfo.SuccessfullPackagesNuget.Add(components);
@@ -209,10 +208,9 @@ private static async Task SucessfullPackagesAsync(ComponentsToArtifactory item,
                 ComponentsToArtifactory components = await GetSucessFulPackageinfo(item);
                 displayPackagesInfo.SuccessfullPackagesDebian.Add(components);
             }
-
         }
 
-
+        // Properly wrap UploadingThePackages as a method
         public static async Task UploadingThePackages(List<ComponentsToArtifactory> componentsToUpload, int timeout, DisplayPackagesInfo displayPackagesInfo)
         {
             Logger.Debug("Starting UploadingThePackages() method");
@@ -300,7 +298,7 @@ public static string GetPackageNameExtensionBasedOnComponentType(ComponentsToArt
             {
                 packageNameEXtension = ".tgz";
             }
-            if (package.ComponentType.Equals("NUGET", StringComparison.OrdinalIgnoreCase))
+            if (package.ComponentType.Equals("NUGET", StringComparison.OrdinalIgnoreCase) || package.ComponentType.Equals("CHOCO", StringComparison.OrdinalIgnoreCase))
             {
                 packageNameEXtension = ".nupkg";
             }

diff --git a/src/ArtifactoryUploader/UploadToArtifactory.cs b/src/ArtifactoryUploader/UploadToArtifactory.cs
@@ -95,6 +95,10 @@ private static string GetComponentType(Component item)
             {
                 return "NUGET";
             }
+            else if (item.Purl.Contains("choco", StringComparison.OrdinalIgnoreCase))
+            {
+                return "CHOCO";
+            }
             else if (item.Purl.Contains("maven", StringComparison.OrdinalIgnoreCase))
             {
                 return "MAVEN";
@@ -111,10 +115,6 @@ private static string GetComponentType(Component item)
             {
                 return "DEBIAN";
             }
-            else
-            {
-                // Do nothing
-            }
             return string.Empty;
         }
         public static string GetJfrogRepPath(ComponentsToArtifactory component)
@@ -163,6 +163,8 @@ private static string GetDestinationRepo(Component item, CommonAppSettings appSe
                         return GetRepoName(packageType, appSettings.Npm.ReleaseRepo, appSettings.Npm.DevDepRepo, appSettings.Npm.Artifactory.ThirdPartyRepos.FirstOrDefault(x => x.Upload)?.Name);
                     case "nuget":
                         return GetRepoName(packageType, appSettings.Nuget.ReleaseRepo, appSettings.Nuget.DevDepRepo, appSettings.Nuget.Artifactory.ThirdPartyRepos.FirstOrDefault(x => x.Upload)?.Name);
+                    case "choco":
+                        return GetRepoName(packageType, appSettings.Choco.ReleaseRepo, appSettings.Choco.DevDepRepo, appSettings.Choco.Artifactory.ThirdPartyRepos.FirstOrDefault(x => x.Upload)?.Name);
                     case "maven":
                         return GetRepoName(packageType, appSettings.Maven.ReleaseRepo, appSettings.Maven.DevDepRepo, appSettings.Maven.Artifactory.ThirdPartyRepos.FirstOrDefault(x => x.Upload)?.Name);
                     case "poetry":
@@ -173,7 +175,6 @@ private static string GetDestinationRepo(Component item, CommonAppSettings appSe
                         return GetRepoName(packageType, appSettings.Debian.ReleaseRepo, appSettings.Debian.DevDepRepo, appSettings.Debian.Artifactory.ThirdPartyRepos.FirstOrDefault(x => x.Upload)?.Name);
                 }
             }
-
             return string.Empty;
         }
 
@@ -228,6 +229,12 @@ public static string GetCopyURL(ComponentsToArtifactory component)
                 url = $"{component.JfrogApi}{ApiConstant.CopyPackageApi}{component.SrcRepoName}/{component.PackageName}.{component.Version}" +
                $"{ApiConstant.NugetExtension}?to=/{component.DestRepoName}/{component.Name}.{component.Version}{ApiConstant.NugetExtension}";
             }
+            else if (component.ComponentType == "CHOCO")
+            {
+                // Choco package copy URL (similar to NuGet)
+                url = $"{component.JfrogApi}{ApiConstant.CopyPackageApi}{component.SrcRepoName}/{component.PackageName}.{component.Version}.nupkg" +
+               $"?to=/{component.DestRepoName}/{component.Name}.{component.Version}.nupkg";
+            }
             else if (component.ComponentType == "MAVEN")
             {
                 url = $"{component.JfrogApi}{ApiConstant.CopyPackageApi}{component.SrcRepoName}/{component.Name}/{component.Version}" +