Add authors field to the CycloneDX output (#1990)

Signed-off-by: tdruez <tdruez@aboutcode.org>

Author: tdruez

scanpipe/models.py

@@ -73,6 +73,7 @@
 from commoncode.fileutils import parent_directory
 from cyclonedx import model as cyclonedx_model
 from cyclonedx.model import component as cyclonedx_component
+from cyclonedx.model import contact as cyclonedx_contact
 from cyclonedx.model import license as cyclonedx_license
 from extractcode import EXTRACT_SUFFIX
 from licensedcode.cache import build_spdx_license_expression
@@ -3666,6 +3667,42 @@ class AbstractPackage(models.Model):
     class Meta:
         abstract = True
 
+    def extract_from_parties(self, roles):
+        """
+        Extract parties matching the given roles, deduplicated by name.
+
+        Args:
+            roles: Tuple of role strings to filter by.
+
+        Returns:
+            List of party dicts matching the specified roles, unique by name.
+
+        """
+        seen_names = set()
+        results = []
+        for party in self.parties or []:
+            if party.get("role") in roles:
+                name = party.get("name")
+                if name and name not in seen_names:
+                    seen_names.add(name)
+                    results.append(party)
+        return results
+
+    def get_author_names(self, roles=("author", "maintainer")):
+        """
+        Return a sorted list of party names matching the specified roles.
+
+        Args:
+            roles: Tuple of role strings to filter by.
+            Defaults to ("author", "maintainer").
+
+        Returns:
+            Sorted list of party names.
+
+        """
+        parties = self.extract_from_parties(roles=roles)
+        return sorted(party["name"] for party in parties)
+
 
 class DiscoveredPackage(
     ProjectRelatedModel,
@@ -3952,6 +3989,14 @@ def as_cyclonedx(self):
             if (hash_value := getattr(self, field_name))
         ]
 
+        authors = [
+            cyclonedx_contact.OrganizationalContact(
+                name=party.get("name", ""),
+                email=party.get("email", ""),
+            )
+            for party in self.extract_from_parties(roles=("author", "maintainer"))
+        ]
+
         # Those fields are not supported natively by CycloneDX but are required to
         # load the BOM without major data loss.
         # See https://github.com/nexB/aboutcode-cyclonedx-taxonomy
@@ -4012,6 +4057,7 @@ def as_cyclonedx(self):
             properties=properties,
             external_references=external_references,
             evidence=evidence,
+            authors=authors,
         )
 
 

scanpipe/pipes/ort.py

@@ -136,12 +136,6 @@ def to_ort_package_list_yml(project):
 
     dependencies = []
     for package in project.discoveredpackages.all():
-        authors = {
-            party.get("name").strip()
-            for party in package.parties
-            if party.get("role") in ("author", "maintainer") and party.get("name")
-        }
-
         dependency = Dependency(
             id=f"{project_type or package.type}::{package.name}:{package.version}",
             purl=package.purl,
@@ -150,7 +144,7 @@ def to_ort_package_list_yml(project):
             vcs=Vcs(url=package.vcs_url),
             description=package.description,
             homepageUrl=package.homepage_url,
-            authors=sorted(authors),
+            authors=package.get_author_names(),
         )
         dependencies.append(dependency)
 

scanpipe/tests/__init__.py

@@ -196,6 +196,42 @@ def make_mock_response(url, content=b"\x00", status_code=200, headers=None):
     "extra_data": {},
 }
 
+parties_data1 = [
+    {
+        "name": "AboutCode and others",
+        "role": "author",
+        "type": "person",
+        "email": "info@aboutcode.org",
+        "url": None,
+    },
+    # Duplicate on purpose
+    {
+        "name": "AboutCode and others",
+        "role": "author",
+        "type": "person",
+        "email": "info@aboutcode.org",
+        "url": None,
+    },
+    {
+        "name": "Debian X Strike Force",
+        "role": "maintainer",
+        "email": "debian-x@lists.debian.org",
+    },
+    {
+        "name": "JBoss.org Community",
+        "role": "developer",
+        "type": "person",
+        "email": None,
+    },
+    {
+        "url": "http://www.apache.org/",
+        "name": "The Apache Software Foundation",
+        "role": "owner",
+        "type": "organization",
+        "email": None,
+    },
+]
+
 package_data1 = {
     "type": "deb",
     "namespace": "debian",