From edbf3806b134c801081ed28e83ecee6d7d65c613 Mon Sep 17 00:00:00 2001
From: Ritesh Noronha <ritesh.noronha@interlynk.io>
Date: Thu, 18 Apr 2024 23:26:52 -0700
Subject: [PATCH 1/2] fix spdx crash

---
 pkg/sbom/spdx.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/sbom/spdx.go b/pkg/sbom/spdx.go
index 20f540d..c36a1bf 100644
--- a/pkg/sbom/spdx.go
+++ b/pkg/sbom/spdx.go
@@ -188,7 +188,9 @@ func (s *spdxDoc) parseComps() {
 			nc.supplier = *supp
 		}
 		nc.supplierName = s.addSupplierName(index)
-		nc.sourceCodeHash = sc.PackageVerificationCode.Value
+		if sc.PackageOriginator != nil {
+			nc.sourceCodeHash = sc.PackageVerificationCode.Value
+		}
 
 		//nc.sourceCodeUrl //no conlusive way to get this from SPDX
 		if strings.ToLower(sc.PackageDownloadLocation) == "noassertion" || strings.ToLower(sc.PackageDownloadLocation) == "none" {

From 01982e1d543ec3fab6f2c5929c3048292ef88347 Mon Sep 17 00:00:00 2001
From: Ritesh Noronha <ritesh.noronha@interlynk.io>
Date: Thu, 18 Apr 2024 23:40:24 -0700
Subject: [PATCH 2/2] update golang docker image

---
 Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b5cf1b4..3f45a7b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20-alpine AS builder
+FROM golang:1.22.2-alpine AS builder
 LABEL org.opencontainers.image.source="https://github.com/interlynk-io/sbomqs"
 
 RUN apk add --no-cache make git
@@ -6,6 +6,7 @@ WORKDIR /app
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
+
 RUN make ; make build
 
 FROM scratch
@@ -17,4 +18,4 @@ LABEL org.opencontainers.image.licenses=Apache-2.0
 COPY --from=builder /app/build/sbomqs /app/sbomqs
 ENV INTERLYNK_DISABLE_VERSION_CHECK=true
 
-ENTRYPOINT [ "/app/sbomqs" ]
\ No newline at end of file
+ENTRYPOINT [ "/app/sbomqs" ]