From d2d4022ef36b0ccf583c9bf9436dfd75a742ee3d Mon Sep 17 00:00:00 2001
From: Teppei Fukuda <knqyf263@gmail.com>
Date: Wed, 24 Apr 2024 10:54:41 +0400
Subject: [PATCH] fix(sbom): change error to warning for multiple OSes (#6541)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 .../testdata/fixtures/sbom/minikube-kbom.json | 21 +++++++++++++++++++
 pkg/sbom/io/decode.go                         | 17 +++++++++++----
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/integration/testdata/fixtures/sbom/minikube-kbom.json b/integration/testdata/fixtures/sbom/minikube-kbom.json
index c1ee53d6c9c..a6e9bc7550a 100644
--- a/integration/testdata/fixtures/sbom/minikube-kbom.json
+++ b/integration/testdata/fixtures/sbom/minikube-kbom.json
@@ -48,6 +48,22 @@
         }
       ]
     },
+    {
+      "bom-ref": "b6f66546-5a5c-4fe8-a30f-acb04013c151",
+      "type": "operating-system",
+      "name": "ubuntu",
+      "version": "22.04.2",
+      "properties": [
+        {
+          "name": "aquasecurity:trivy:Class",
+          "value": "os-pkgs"
+        },
+        {
+          "name": "aquasecurity:trivy:Type",
+          "value": "ubuntu"
+        }
+      ]
+    },
     {
       "bom-ref": "a62abb1f-cb38-4fde-90f3-2bda3b87ddb2",
       "type": "application",
@@ -325,6 +341,10 @@
       "ref": "5262e708-f1a3-4fca-a1c3-0a8384f7f4a5",
       "dependsOn": []
     },
+    {
+      "ref": "b6f66546-5a5c-4fe8-a30f-acb04013c151",
+      "dependsOn": []
+    },
     {
       "ref": "a62abb1f-cb38-4fde-90f3-2bda3b87ddb2",
       "dependsOn": [
@@ -336,6 +356,7 @@
       "ref": "a6350ac3-52f6-4c5f-a3e3-184b9a634bef",
       "dependsOn": [
         "5262e708-f1a3-4fca-a1c3-0a8384f7f4a5",
+        "b6f66546-5a5c-4fe8-a30f-acb04013c151",
         "a62abb1f-cb38-4fde-90f3-2bda3b87ddb2"
       ]
     },
diff --git a/pkg/sbom/io/decode.go b/pkg/sbom/io/decode.go
index 3ebc06d3036..4a699eb59d7 100644
--- a/pkg/sbom/io/decode.go
+++ b/pkg/sbom/io/decode.go
@@ -5,6 +5,7 @@ import (
 	"slices"
 	"sort"
 	"strconv"
+	"sync"
 
 	debver "github.com/knqyf263/go-deb-version"
 	rpmver "github.com/knqyf263/go-rpm-version"
@@ -32,13 +33,16 @@ type Decoder struct {
 	osID uuid.UUID
 	pkgs map[uuid.UUID]*ftypes.Package
 	apps map[uuid.UUID]*ftypes.Application
+
+	logger *log.Logger
 }
 
 func NewDecoder(bom *core.BOM) *Decoder {
 	return &Decoder{
-		bom:  bom,
-		pkgs: make(map[uuid.UUID]*ftypes.Package),
-		apps: make(map[uuid.UUID]*ftypes.Application),
+		bom:    bom,
+		pkgs:   make(map[uuid.UUID]*ftypes.Package),
+		apps:   make(map[uuid.UUID]*ftypes.Application),
+		logger: log.WithPrefix("sbom"),
 	}
 }
 
@@ -106,11 +110,16 @@ func (m *Decoder) decodeRoot(s *types.SBOM) error {
 }
 
 func (m *Decoder) decodeComponents(sbom *types.SBOM) error {
+	onceMultiOSWarn := sync.OnceFunc(func() {
+		m.logger.Warn("Multiple OS components are not supported, taking the first one and ignoring the rest")
+	})
+
 	for id, c := range m.bom.Components() {
 		switch c.Type {
 		case core.TypeOS:
 			if m.osID != uuid.Nil {
-				return xerrors.New("multiple OS components are not supported")
+				onceMultiOSWarn()
+				continue
 			}
 			m.osID = id
 			sbom.Metadata.OS = &ftypes.OS{