@@ -626,16 +626,21 @@ def main():
626626 packages [matchname + matchver ] = packages .get (matchname + matchver , 0 ) + 1
627627
628628 kb_match = None
629+ bd_proj = False
629630 if package .external_references :
630631 foundpurl = False
631632 for ref in package .external_references :
632- # There can be multiple extrefs; try to locate a purl .
633- # If there are multiple purls , use the first one.
633+ # There can be multiple extrefs; try to locate a pURL .
634+ # If there are multiple pURLs , use the first one.
634635 if (ref .reference_type == "purl" ):
635636 foundpurl = True
636637 kb_match = find_comp_in_kb (ref .locator )
637638 extref = ref .locator
638639 break
640+ # Skip BD project/versions. These occur in BD-generated BOMs.
641+ if (ref .reference_type == "BlackDuck-Version" ):
642+ bd_proj = True
643+ break
639644 if not foundpurl :
640645 nopurl += 1
641646 print (f" No pURL provided for { package .name } { package .version } )
@@ -648,14 +653,17 @@ def main():
648653 else :
649654 print (f" No KB match for { package .name } { package .version } )
650655 else :
656+ # No external references field was provided
651657 nopurl += 1
652658 print (f" No pURL provided for { package .name } { package .version } )
653659
660+ if bd_proj :
661+ print (f" Skipping BD project/version in BOM: { package .name } { package .version } )
662+ continue
663+
654664 if find_comp_in_bom (matchname , matchver , version ):
655665 bom_matches += 1
656666 print (f" Found component in BOM: { matchname } { matchver } )
657- # It's in the BOM so we are happy
658- # Everything else below is related to adding to the BOM
659667 continue
660668
661669 # If we've gotten this far, the package is not in the BOM.
0 commit comments