Add automation for SBOM field

natalialuzuriaga · natalialuzuriaga · commit ee20a67fce15 · 2025-09-12T14:25:11.000-07:00
Signed-off-by: Natalia Luzuriaga &lt;natalia.luzuriaga@cms.hhs.gov&gt;
diff --git a/dist/index.js b/dist/index.js
diff --git a/src/main.ts b/src/main.ts
@@ -22,9 +22,9 @@ const baselineCodeJSON: CodeJSON = {
   repositoryHost: "github",
   repositoryVisibility: "",
   homepageURL: "",
-	downloadURL: "",
-	disclaimerURL: "",
-	disclaimerText: "",
+  downloadURL: "",
+  disclaimerURL: "",
+  disclaimerText: "",
   vcs: "git",
   laborHours: 0,
   reuseFrequency: {
@@ -38,9 +38,9 @@ const baselineCodeJSON: CodeJSON = {
   maintenance: "",
   contractNumber: [],
   SBOM: "",
-	relatedCode: [],
-	reusedCode: [],
-	partners: [],
+  relatedCode: [],
+  reusedCode: [],
+  partners: [],
   date: {
     created: "",
     lastModified: "",
@@ -73,6 +73,9 @@ async function getMetaData(
   // preserve existing feedback mechanisms if they exist, otherwise default to GitHub Issues
   const feedbackMechanism = existingCodeJSON?.feedbackMechanism || `${partialCodeJSON.repositoryURL}/issues`;
 
+  // preserve existing SBOM link if they exist, otherwise default to GitHub SBOM link
+  const SBOM = existingCodeJSON?.SBOM || `${partialCodeJSON.repositoryURL}/network/dependencies`;
+
   // only use the calculated description if its not empty, otherwise keep existing
   const shouldUpdateDescription =
     partialCodeJSON.description && partialCodeJSON.description.trim() !== "";
@@ -106,6 +109,7 @@ async function getMetaData(
         partialCodeJSON.date?.metaDataLastUpdated ?? new Date().toISOString(),
     },
     feedbackMechanism,
+    SBOM
   };
 }
 
diff --git a/src/model.ts b/src/model.ts
@@ -22,7 +22,7 @@ export interface CodeJSON {
   languages: string[]; // calculated
   maintenance: string;
   contractNumber: string[];
-  SBOM: string;
+  SBOM: string; //calculated
   relatedCode?: RelatedCode[];
   reusedCode?: ReusedCode[];
   partners?: Partner[];
