diff --git a/Library/Homebrew/sbom.rb b/Library/Homebrew/sbom.rb index 94e369b3874e6d..339f18b3ce7b75 100644 --- a/Library/Homebrew/sbom.rb +++ b/Library/Homebrew/sbom.rb @@ -23,7 +23,8 @@ class SBOM sig { params(formula: Formula, compiler: T.nilable(String), stdlib: T.nilable(String)).returns(T.attached_class) } def self.create(formula, compiler: nil, stdlib: nil) build = formula.build - runtime_deps = formula.runtime_dependencies(undeclared: false) + runtime_deps = formula.runtime_formula_dependencies(undeclared: false) + attributes = { name: formula.name, homebrew_version: HOMEBREW_VERSION, @@ -297,16 +298,15 @@ def to_spdx_sbom sig { params(formula: Formula, deps: T::Array[Dependency]).returns(T::Array[T::Hash[Symbol, String]]) } def self.runtime_deps_hash(formula, deps) deps.map do |dep| - f = dep.to_formula { - full_name: f.full_name, - name: f.name, - version: f.version.to_s, - revision: f.revision, - pkg_version: f.pkg_version.to_s, - declared_directly: formula.deps.include?(dep), - license: SPDX.license_expression_to_string(f.license), - bottle: f.bottle_hash, + full_name: dep.full_name, + name: dep.name, + version: dep.version.to_s, + revision: dep.revision, + pkg_version: dep.pkg_version.to_s, + declared_directly: true, + license: SPDX.license_expression_to_string(dep.license), + bottle: dep.bottle_hash, } end end diff --git a/Library/Homebrew/test/sbom_spec.rb b/Library/Homebrew/test/sbom_spec.rb index d25d4bb7408ec6..543243bb85109f 100644 --- a/Library/Homebrew/test/sbom_spec.rb +++ b/Library/Homebrew/test/sbom_spec.rb @@ -25,6 +25,18 @@ uses_from_macos "zlib" end + beanstalkd = formula "beanstalkd" do + url "one-1.1" + end + + zlib = formula "zlib" do + url "two-1.1" + end + + allow(f).to receive_messages( + runtime_formula_dependencies: [beanstalkd, zlib] + ) + sbom = described_class.create(f) expect(sbom).to be_valid end