diff --git a/src/server/v2.0/handler/assembler/report.go b/src/server/v2.0/handler/assembler/report.go index 54645d85a..d5bc801c7 100644 --- a/src/server/v2.0/handler/assembler/report.go +++ b/src/server/v2.0/handler/assembler/report.go @@ -97,6 +97,10 @@ func (assembler *ScanReportAssembler) Assemble(ctx context.Context) error { log.Warningf("get scan summary of artifact %s@%s for %s failed, error:%v", artifact.RepositoryName, artifact.Digest, v1.MimeTypeSBOMReport, err) } if len(overview) == 0 { + // only fetch the sbom overview from execution when the overview is empty and the artifact has child references ( image index, cnab etc) + if len(artifact.References) == 0 { + continue + } log.Warningf("overview is empty, retrieve sbom status from execution") // Get latest execution with digest, repository, and scan type is sbom, the status is the scan status query := q.New( diff --git a/src/server/v2.0/handler/assembler/report_test.go b/src/server/v2.0/handler/assembler/report_test.go index 003632068..b0dd8f9f0 100644 --- a/src/server/v2.0/handler/assembler/report_test.go +++ b/src/server/v2.0/handler/assembler/report_test.go @@ -128,7 +128,7 @@ func (suite *VulAssemblerTestSuite) TestAssembleSBOMOverviewImageIndex() { var artifact model.Artifact err := assembler.WithArtifacts(&artifact).Assemble(context.TODO()) suite.Nil(err) - suite.Equal(artifact.SBOMOverView["scan_status"], "Error") + suite.Nil(artifact.SBOMOverView["scan_status"]) mock.OnAnything(exeMgr, "List").Return(nil, nil).Once() var artifact2 model.Artifact