interlynk-io · riteshnoronha · Oct 30, 2024 · Oct 30, 2024 · Oct 30, 2024
diff --git a/pkg/compliance/bsi.go b/pkg/compliance/bsi.go
@@ -362,50 +362,50 @@ func bsiComponentDepth(doc sbom.Document, component sbom.GetComponent) *db.Recor
 		if component.GetPrimaryCompInfo().IsPresent() {
 			result = strings.Join(bsiGetAllPrimaryDepenciesByName, ", ")
 			score = 10.0
-			return db.NewRecordStmt(COMP_DEPTH, component.GetName(), result, score, "")
+			return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), result, score, "")
 		}
 
 		dependencies = doc.GetRelationships(common.GetID(component.GetSpdxID()))
 		if dependencies == nil {
 			if bsiPrimaryDependencies[common.GetID(component.GetSpdxID())] {
-				return db.NewRecordStmt(COMP_DEPTH, component.GetName(), "included-in", 10.0, "")
+				return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), "included-in", 10.0, "")
 			}
-			return db.NewRecordStmt(COMP_DEPTH, component.GetName(), "no-relationship", 0.0, "")
+			return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), "no-relationship", 0.0, "")
 		}
 		allDepByName = common.GetDependenciesByName(dependencies, bsiCompIDWithName)
 		if bsiPrimaryDependencies[common.GetID(component.GetSpdxID())] {
 			allDepByName = append([]string{"included-in"}, allDepByName...)
 			result = strings.Join(allDepByName, ", ")
-			return db.NewRecordStmt(COMP_DEPTH, component.GetName(), result, 10.0, "")
+			return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), result, 10.0, "")
 		}
 		result = strings.Join(allDepByName, ", ")
-		return db.NewRecordStmt(COMP_DEPTH, component.GetName(), result, 10.0, "")
+		return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), result, 10.0, "")
 
 	} else if doc.Spec().GetSpecType() == "cyclonedx" {
 		if component.GetPrimaryCompInfo().IsPresent() {
 			result = strings.Join(bsiGetAllPrimaryDepenciesByName, ", ")
 			score = 10.0
-			return db.NewRecordStmt(COMP_DEPTH, component.GetName(), result, score, "")
+			return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), result, score, "")
 		}
 		id := component.GetID()
 		dependencies = doc.GetRelationships(id)
 		if len(dependencies) == 0 {
 			if bsiPrimaryDependencies[id] {
-				return db.NewRecordStmt(COMP_DEPTH, component.GetName(), "included-in", 10.0, "")
+				return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), "included-in", 10.0, "")
 			}
-			return db.NewRecordStmt(COMP_DEPTH, component.GetName(), "no-relationship", 0.0, "")
+			return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), "no-relationship", 0.0, "")
 		}
 		allDepByName = common.GetDependenciesByName(dependencies, bsiCompIDWithName)
 		if bsiPrimaryDependencies[id] {
 			allDepByName = append([]string{"included-in"}, allDepByName...)
 			result = strings.Join(allDepByName, ", ")
-			return db.NewRecordStmt(COMP_DEPTH, component.GetName(), result, 10.0, "")
+			return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), result, 10.0, "")
 		}
 		result = strings.Join(allDepByName, ", ")
-		return db.NewRecordStmt(COMP_DEPTH, component.GetName(), result, 10.0, "")
+		return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), result, 10.0, "")
 	}
 
-	return db.NewRecordStmt(COMP_DEPTH, component.GetName(), "no-relationships", 0.0, "")
+	return db.NewRecordStmt(COMP_DEPTH, common.UniqueElementID(component), "no-relationships", 0.0, "")
 }
 
 func bsiComponentLicense(component sbom.GetComponent) *db.Record {
@@ -414,7 +414,7 @@ func bsiComponentLicense(component sbom.GetComponent) *db.Record {
 
 	if len(licenses) == 0 {
 		// fmt.Printf("component %s : %s has no licenses\n", component.Name(), component.Version())
-		return db.NewRecordStmt(COMP_LICENSE, component.GetName(), "not-compliant", score, "")
+		return db.NewRecordStmt(COMP_LICENSE, common.UniqueElementID(component), "not-compliant", score, "")
 	}
 
 	var spdx, aboutcode, custom int
@@ -442,10 +442,10 @@ func bsiComponentLicense(component sbom.GetComponent) *db.Record {
 
 	if total != len(licenses) {
 		score = 0.0
-		return db.NewRecordStmt(COMP_LICENSE, component.GetName(), "not-compliant", score, "")
+		return db.NewRecordStmt(COMP_LICENSE, common.UniqueElementID(component), "not-compliant", score, "")
 	}
 
-	return db.NewRecordStmt(COMP_LICENSE, component.GetName(), "compliant", 10.0, "")
+	return db.NewRecordStmt(COMP_LICENSE, common.UniqueElementID(component), "compliant", 10.0, "")
 }
 
 func bsiComponentSourceHash(component sbom.GetComponent) *db.Record {
@@ -457,7 +457,7 @@ func bsiComponentSourceHash(component sbom.GetComponent) *db.Record {
 		score = 10.0
 	}
 
-	return db.NewRecordStmtOptional(COMP_SOURCE_HASH, component.GetName(), result, score)
+	return db.NewRecordStmtOptional(COMP_SOURCE_HASH, common.UniqueElementID(component), result, score)
 }
 
 func bsiComponentOtherUniqIDs(component sbom.GetComponent) *db.Record {
@@ -470,7 +470,7 @@ func bsiComponentOtherUniqIDs(component sbom.GetComponent) *db.Record {
 		result = string(purl[0])
 		score = 10.0
 
-		return db.NewRecordStmtOptional(COMP_OTHER_UNIQ_IDS, component.GetName(), result, score)
+		return db.NewRecordStmtOptional(COMP_OTHER_UNIQ_IDS, common.UniqueElementID(component), result, score)
 	}
 
 	cpes := component.GetCpes()
@@ -479,29 +479,29 @@ func bsiComponentOtherUniqIDs(component sbom.GetComponent) *db.Record {
 		result = string(cpes[0])
 		score = 10.0
 
-		return db.NewRecordStmtOptional(COMP_OTHER_UNIQ_IDS, component.GetName(), result, score)
+		return db.NewRecordStmtOptional(COMP_OTHER_UNIQ_IDS, common.UniqueElementID(component), result, score)
 	}
 
-	return db.NewRecordStmtOptional(COMP_OTHER_UNIQ_IDS, component.GetName(), "", 0.0)
+	return db.NewRecordStmtOptional(COMP_OTHER_UNIQ_IDS, common.UniqueElementID(component), "", 0.0)
 }
 
 func bsiComponentDownloadURL(component sbom.GetComponent) *db.Record {
 	result := component.GetDownloadLocationURL()
 
 	if result != "" {
-		return db.NewRecordStmtOptional(COMP_DOWNLOAD_URL, component.GetName(), result, 10.0)
+		return db.NewRecordStmtOptional(COMP_DOWNLOAD_URL, common.UniqueElementID(component), result, 10.0)
 	}
-	return db.NewRecordStmtOptional(COMP_DOWNLOAD_URL, component.GetName(), "", 0.0)
+	return db.NewRecordStmtOptional(COMP_DOWNLOAD_URL, common.UniqueElementID(component), "", 0.0)
 }
 
 func bsiComponentSourceCodeURL(component sbom.GetComponent) *db.Record {
 	result := component.SourceCodeURL()
 
 	if result != "" {
-		return db.NewRecordStmtOptional(COMP_SOURCE_CODE_URL, component.GetName(), result, 10.0)
+		return db.NewRecordStmtOptional(COMP_SOURCE_CODE_URL, common.UniqueElementID(component), result, 10.0)
 	}
 
-	return db.NewRecordStmtOptional(COMP_SOURCE_CODE_URL, component.GetName(), "", 0.0)
+	return db.NewRecordStmtOptional(COMP_SOURCE_CODE_URL, common.UniqueElementID(component), "", 0.0)
 }
 
 func bsiComponentHash(component sbom.GetComponent) *db.Record {
@@ -519,27 +519,27 @@ func bsiComponentHash(component sbom.GetComponent) *db.Record {
 		}
 	}
 
-	return db.NewRecordStmt(COMP_HASH, component.GetName(), result, score, "")
+	return db.NewRecordStmt(COMP_HASH, common.UniqueElementID(component), result, score, "")
 }
 
 func bsiComponentVersion(component sbom.GetComponent) *db.Record {
 	result := component.GetVersion()
 
 	if result != "" {
-		return db.NewRecordStmt(COMP_VERSION, component.GetName(), result, 10.0, "")
+		return db.NewRecordStmt(COMP_VERSION, common.UniqueElementID(component), result, 10.0, "")
 	}
 
-	return db.NewRecordStmt(COMP_VERSION, component.GetName(), "", 0.0, "")
+	return db.NewRecordStmt(COMP_VERSION, common.UniqueElementID(component), "", 0.0, "")
 }
 
 func bsiComponentName(component sbom.GetComponent) *db.Record {
 	result := component.GetName()
 
 	if result != "" {
-		return db.NewRecordStmt(COMP_NAME, component.GetName(), result, 10.0, "")
+		return db.NewRecordStmt(COMP_NAME, common.UniqueElementID(component), result, 10.0, "")
 	}
 
-	return db.NewRecordStmt(COMP_NAME, component.GetName(), "", 0.0, "")
+	return db.NewRecordStmt(COMP_NAME, common.UniqueElementID(component), "", 0.0, "")
 }
 
 func bsiComponentCreator(component sbom.GetComponent) *db.Record {
@@ -554,7 +554,7 @@ func bsiComponentCreator(component sbom.GetComponent) *db.Record {
 		}
 
 		if result != "" {
-			return db.NewRecordStmt(COMP_CREATOR, component.GetName(), result, score, "")
+			return db.NewRecordStmt(COMP_CREATOR, common.UniqueElementID(component), result, score, "")
 		}
 
 		if supplier.GetURL() != "" {
@@ -563,7 +563,7 @@ func bsiComponentCreator(component sbom.GetComponent) *db.Record {
 		}
 
 		if result != "" {
-			return db.NewRecordStmt(COMP_CREATOR, component.GetName(), result, score, "")
+			return db.NewRecordStmt(COMP_CREATOR, common.UniqueElementID(component), result, score, "")
 		}
 
 		if supplier.GetContacts() != nil {
@@ -576,7 +576,7 @@ func bsiComponentCreator(component sbom.GetComponent) *db.Record {
 			}
 
 			if result != "" {
-				return db.NewRecordStmt(COMP_CREATOR, component.GetName(), result, score, "")
+				return db.NewRecordStmt(COMP_CREATOR, common.UniqueElementID(component), result, score, "")
 			}
 		}
 	}
@@ -590,7 +590,7 @@ func bsiComponentCreator(component sbom.GetComponent) *db.Record {
 		}
 
 		if result != "" {
-			return db.NewRecordStmt(COMP_CREATOR, component.GetName(), result, score, "")
+			return db.NewRecordStmt(COMP_CREATOR, common.UniqueElementID(component), result, score, "")
 		}
 
 		if manufacturer.GetURL() != "" {
@@ -599,7 +599,7 @@ func bsiComponentCreator(component sbom.GetComponent) *db.Record {
 		}
 
 		if result != "" {
-			return db.NewRecordStmt(COMP_CREATOR, component.GetName(), result, score, "")
+			return db.NewRecordStmt(COMP_CREATOR, common.UniqueElementID(component), result, score, "")
 		}
 
 		if manufacturer.GetContacts() != nil {
@@ -612,10 +612,10 @@ func bsiComponentCreator(component sbom.GetComponent) *db.Record {
 			}
 
 			if result != "" {
-				return db.NewRecordStmt(COMP_CREATOR, component.GetName(), result, score, "")
+				return db.NewRecordStmt(COMP_CREATOR, common.UniqueElementID(component), result, score, "")
 			}
 		}
 	}
 
-	return db.NewRecordStmt(COMP_CREATOR, component.GetName(), "", 0.0, "")
+	return db.NewRecordStmt(COMP_CREATOR, common.UniqueElementID(component), "", 0.0, "")
 }
diff --git a/pkg/compliance/common/common.go b/pkg/compliance/common/common.go
@@ -358,3 +358,7 @@ func GetDependenciesByName(dependencies []string, compIDWithName map[string]stri
 func GetID(componentID string) string {
 	return "SPDXRef-" + componentID
 }
+
+func UniqueElementID(component sbom.GetComponent) string {
+	return component.GetName() + "-" + component.GetVersion()
+}
diff --git a/pkg/compliance/fsct/fsct.go b/pkg/compliance/fsct/fsct.go
@@ -197,7 +197,7 @@ func fsctPackageName(component sbom.GetComponent) *db.Record {
 		score = 10.0
 		maturity = "Minimum"
 	}
-	return db.NewRecordStmt(COMP_NAME, component.GetName(), result, score, maturity)
+	return db.NewRecordStmt(COMP_NAME, common.UniqueElementID(component), result, score, maturity)
 }
 
 func fsctPackageVersion(component sbom.GetComponent) *db.Record {
@@ -208,7 +208,7 @@ func fsctPackageVersion(component sbom.GetComponent) *db.Record {
 		maturity = "Minimum"
 	}
 
-	return db.NewRecordStmt(COMP_VERSION, component.GetName(), result, score, maturity)
+	return db.NewRecordStmt(COMP_VERSION, common.UniqueElementID(component), result, score, maturity)
 }
 
 func fsctPackageSupplier(component sbom.GetComponent) *db.Record {
@@ -230,7 +230,7 @@ func fsctPackageSupplier(component sbom.GetComponent) *db.Record {
 		maturity = "None"
 	}
 
-	return db.NewRecordStmt(COMP_SUPPLIER, component.GetName(), result, score, maturity)
+	return db.NewRecordStmt(COMP_SUPPLIER, common.UniqueElementID(component), result, score, maturity)
 }
 
 func fsctPackageUniqIDs(component sbom.GetComponent) *db.Record {
@@ -274,7 +274,7 @@ func fsctPackageUniqIDs(component sbom.GetComponent) *db.Record {
 		maturity = "Minimum"
 		result = strings.Join(uniqIDResults, ", ")
 	}
-	return db.NewRecordStmt(COMP_UNIQ_ID, component.GetName(), result, score, maturity)
+	return db.NewRecordStmt(COMP_UNIQ_ID, common.UniqueElementID(component), result, score, maturity)
 }
 
 func fsctPackageHash(doc sbom.Document, component sbom.GetComponent) *db.Record {
@@ -308,7 +308,7 @@ func fsctPackageHash(doc sbom.Document, component sbom.GetComponent) *db.Record
 		maturity = "None"
 	}
 
-	return db.NewRecordStmt(COMP_CHECKSUM, component.GetName(), result, score, maturity)
+	return db.NewRecordStmt(COMP_CHECKSUM, common.UniqueElementID(component), result, score, maturity)
 }
 
 func IsComponentPartOfPrimaryDependency(id string) bool {
@@ -329,7 +329,7 @@ func fsctPackageDependencies(doc sbom.Document, component sbom.GetComponent) *db
 			result = strings.Join(GetAllPrimaryDepenciesByName, ", ")
 			score = 10.0
 			maturity = "Minimum"
-			return db.NewRecordStmt(COMP_RELATIONSHIP, component.GetName(), result, score, maturity)
+			return db.NewRecordStmt(COMP_RELATIONSHIP, common.UniqueElementID(component), result, score, maturity)
 		}
 
 		// get dependencies for normal component
@@ -359,7 +359,7 @@ func fsctPackageDependencies(doc sbom.Document, component sbom.GetComponent) *db
 			result = strings.Join(GetAllPrimaryDepenciesByName, ", ")
 			score = 10.0
 			maturity = "Minimum"
-			return db.NewRecordStmt(COMP_RELATIONSHIP, component.GetName(), result, score, maturity)
+			return db.NewRecordStmt(COMP_RELATIONSHIP, common.UniqueElementID(component), result, score, maturity)
 		}
 
 		dependencies = doc.GetRelationships(component.GetID())
@@ -402,15 +402,15 @@ func fsctPackageDependencies(doc sbom.Document, component sbom.GetComponent) *db
 
 	}
 
-	return db.NewRecordStmt(COMP_RELATIONSHIP, component.GetName(), result, score, maturity)
+	return db.NewRecordStmt(COMP_RELATIONSHIP, common.UniqueElementID(component), result, score, maturity)
 }
 
 func fsctPackageLicense(component sbom.GetComponent) *db.Record {
 	result, score, maturity := "", 0.0, "None"
 
 	licenses := component.Licenses()
 	if len(licenses) == 0 {
-		return db.NewRecordStmt(COMP_LICENSE, component.GetName(), result, score, maturity)
+		return db.NewRecordStmt(COMP_LICENSE, common.UniqueElementID(component), result, score, maturity)
 	}
 
 	hasFullName, hasIdentifier, hasText, hasURL, hasSpdx := false, false, false, false, false
@@ -451,7 +451,7 @@ func fsctPackageLicense(component sbom.GetComponent) *db.Record {
 	// Truncate license content to 1-2 lines
 	_ = truncateContent(licenseContent, 100) // Adjust the length as needed
 
-	return db.NewRecordStmt(COMP_LICENSE, component.GetName(), result, score, maturity)
+	return db.NewRecordStmt(COMP_LICENSE, common.UniqueElementID(component), result, score, maturity)
 }
 
 // Helper function to truncate content
@@ -476,5 +476,5 @@ func fsctPackageCopyright(component sbom.GetComponent) *db.Record {
 		result = truncateContent(result, 50)
 	}
 
-	return db.NewRecordStmt(COMP_COPYRIGHT, component.GetName(), result, score, maturity)
+	return db.NewRecordStmt(COMP_COPYRIGHT, common.UniqueElementID(component), result, score, maturity)
 }