diff --git a/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt b/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt index 965a14da16442..6c790d8b29c7e 100644 --- a/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt +++ b/plugins/package-managers/spdx/src/main/kotlin/SpdxDocumentFile.kt @@ -525,7 +525,7 @@ class SpdxDocumentFile( scopeDependencies = scopes ) - return listOf(ProjectAnalyzerResult(project, packages)) + return listOf(ProjectAnalyzerResult(project, packages, transitiveDocument.getIssuesWithoutSpdxPackage())) } /** diff --git a/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt b/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt index 43062c4cd6e92..34677a776aeec 100644 --- a/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt +++ b/plugins/package-managers/spdx/src/main/kotlin/utils/SpdxResolvedDocument.kt @@ -133,6 +133,18 @@ internal data class SpdxResolvedDocument( return pkg } + /** + * Retrieve the issues from [issuesByReferenceId] that are not associated with any package [packagesById]. These + * issues can be related to general issues with the SPDX document. + */ + fun getIssuesWithoutSpdxPackage(): List { + return issuesByReferenceId.filterKeys { referenceId -> + packagesById.keys.none { packageId -> + packageId.startsWith("$referenceId:") + } + }.values.toList() + } + /** * Return the local definition file in which the package with the given [identifier] is declared. If the package * cannot be resolved or if it has not been declared in a local file, return *null*.