Added catch for empty results file in dependency track (#146)

Alex-1089 · web-flow · commit e1320cc2c16b · 2025-08-20T17:07:42.000+01:00
* Added catch for empty results file in dependency track
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.31.4] - 2025-08-20
+### Added
+- Added support for empty dependency track project policy checks
+
 ## [1.31.3] - 2025-08-19
 ### Fixed
 - Added handling for empty results files
@@ -642,4 +646,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.31.0]: https://github.com/scanoss/scanoss.py/compare/v1.30.0...v1.31.0
 [1.31.1]: https://github.com/scanoss/scanoss.py/compare/v1.31.0...v1.31.1
 [1.31.2]: https://github.com/scanoss/scanoss.py/compare/v1.31.1...v1.31.2
-[1.31.2]: https://github.com/scanoss/scanoss.py/compare/v1.31.2...v1.31.3
+[1.31.3]: https://github.com/scanoss/scanoss.py/compare/v1.31.2...v1.31.3
+[1.31.4]: https://github.com/scanoss/scanoss.py/compare/v1.31.3...v1.31.4
diff --git a/src/scanoss/__init__.py b/src/scanoss/__init__.py
@@ -22,4 +22,4 @@
   THE SOFTWARE.
 """
 
-__version__ = '1.31.3'
+__version__ = '1.31.4'
diff --git a/src/scanoss/cli.py b/src/scanoss/cli.py
@@ -803,7 +803,8 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
     p_inspect_dt_project_violation.add_argument(
         '--timeout', '-M',
         required=False,
-        default='300',
+        default=300,
+        type=float,
         help='Timeout (in seconds) for API communication (optional - default 300 sec)'
     )
 
diff --git a/src/scanoss/inspection/dependency_track/project_violation.py b/src/scanoss/inspection/dependency_track/project_violation.py
@@ -31,7 +31,7 @@
 
 # Constants
 PROCESSING_RETRY_DELAY = 5  # seconds
-DEFAULT_TIME_OUT = 300
+DEFAULT_TIME_OUT = 300.0
 MILLISECONDS_TO_SECONDS = 1000
 
 
@@ -257,6 +257,12 @@ def _safe_timestamp(field, value=None, default=0) -> float:
             self.print_msg(f'last_occurrence: {last_occurrence}')
             self.print_msg(f'last_vulnerability_analysis is updated: {last_vulnerability_analysis >= last_import}')
             self.print_msg(f'last_occurrence is updated: {last_occurrence >= last_import}')
+        # Catches case where vulnerability analysis is skipped for empty SBOMs
+        if 0 < last_import <= last_occurrence:
+            component_count = metrics.get('components', 0) if isinstance(metrics, dict) else 0
+            if component_count < 1:
+                self.print_msg('Notice: Empty SBOM detected. Assuming no violations.')
+                return True
         # If all timestamps are zero, this indicates no processing has occurred
         if last_vulnerability_analysis == 0 or last_occurrence == 0 or last_import == 0:
             self.print_stderr(f'Warning: Some project data appears to be unset. Returning False: {dt_project}')

Original file line number	Diff line number	Diff line change
`@@ -803,7 +803,8 @@ def setup_args() -> None: # noqa: PLR0912, PLR0915`
`803`	`803`	`p_inspect_dt_project_violation.add_argument(`
`804`	`804`	`'--timeout', '-M',`
`805`	`805`	`required=False,`
`806`		`- default='300',`
	`806`	`+ default=300,`
	`807`	`+ type=float,`
`807`	`808`	`help='Timeout (in seconds) for API communication (optional - default 300 sec)'`
`808`	`809`	`)`
`809`	`810`