release 1.0.0

Signed-off-by: san-zrl <san@zurich.ibm.com>

Author: san-zrl

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>org.pqca</groupId>
     <artifactId>cbomkit-lib</artifactId>
-    <version>1.0.0-SNAPSHOT</version>
+    <version>1.0.0</version>
     <packaging>jar</packaging>
 
     <properties>

src/main/java/org/pqca/errors/CBOMSerializationFailed.java

@@ -19,8 +19,14 @@
  */
 package org.pqca.errors;
 
+import jakarta.annotation.Nonnull;
+
 public class CBOMSerializationFailed extends Exception {
-    public CBOMSerializationFailed(Exception e) {
+    public CBOMSerializationFailed(@Nonnull Exception e) {
         super("Could not serialize CBOM to string: " + e);
     }
+
+    public CBOMSerializationFailed() {
+        super("Could not serialize CBOM to string");
+    }
 }

src/main/java/org/pqca/scanning/CBOM.java

@@ -46,23 +46,21 @@ public record CBOM(@Nonnull Bom cycloneDXbom) {
 
     // Merge components and dependecies
     public void merge(@Nullable CBOM cbom) {
-        if (cbom != null) {
+        if (cycloneDXbom != null && cbom != null && cbom.cycloneDXbom() != null) {
             // components
             if (cbom.cycloneDXbom().getComponents() != null) {
-                if (this.cycloneDXbom().getComponents() != null) {
-                    this.cycloneDXbom().getComponents().addAll(cbom.cycloneDXbom().getComponents());
+                if (cycloneDXbom.getComponents() != null) {
+                    cycloneDXbom.getComponents().addAll(cbom.cycloneDXbom().getComponents());
                 } else {
-                    this.cycloneDXbom().setComponents(cbom.cycloneDXbom().getComponents());
+                    cycloneDXbom.setComponents(cbom.cycloneDXbom().getComponents());
                 }
             }
             // dependencies
             if (cbom.cycloneDXbom().getDependencies() != null) {
-                if (this.cycloneDXbom().getDependencies() != null) {
-                    this.cycloneDXbom()
-                            .getDependencies()
-                            .addAll(cbom.cycloneDXbom().getDependencies());
+                if (cycloneDXbom.getDependencies() != null) {
+                    cycloneDXbom.getDependencies().addAll(cbom.cycloneDXbom().getDependencies());
                 } else {
-                    this.cycloneDXbom().setDependencies(cbom.cycloneDXbom().getDependencies());
+                    cycloneDXbom.setDependencies(cbom.cycloneDXbom().getDependencies());
                 }
             }
         }
@@ -90,6 +88,10 @@ public void merge(@Nullable CBOM cbom) {
     }
 
     public void addMetadata(String gitUrl, String revision, String commit, String subFolder) {
+        if (cycloneDXbom == null) {
+            return;
+        }
+
         final Metadata metadata = new Metadata();
         metadata.setTimestamp(new Date());
 
@@ -151,6 +153,9 @@ public void write(String fileName) throws CBOMSerializationFailed {
     }
 
     public int getNumberOfFindings() {
+        if (cycloneDXbom == null || cycloneDXbom.getComponents() == null) {
+            return 0;
+        }
         return cycloneDXbom.getComponents().stream()
                 .mapToInt(component -> component.getEvidence().getOccurrences().size())
                 .sum();