fix: remove fallback logic for Source Code Download URL

capycli/bom/create_components.py

@@ -236,10 +236,13 @@ def add_licenses(self, cx_comp: Component, data: Dict[str, Any]) -> None:
         data["mainLicenseIds"] = licenses
 
     def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]:
-        """Create release data structure as expected by SW360 REST API
+        """Create the Release data structure as expected by SW360 REST API.
 
-        :param item: a single bill of materials item - a release
-        :type item: dictionary
+        If the Source Code Download URL is missing in the given Release, try to update the VCS/Repository URL
+        of the corresponding SW360 Component with the repository or website URL from the Release.
+
+        :param cx_comp: a single bill of materials item - a Release
+        :type cx_comp: Component
         :return: the release
         :rtype: release (dictionary)
         """
@@ -251,6 +254,8 @@ def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]:
         src_url = str(CycloneDxSupport.get_ext_ref_source_url(cx_comp))
         if src_url:
             data["sourceCodeDownloadurl"] = src_url
+        else:
+            print_red("    No Source Code Download URL found.")
 
         bin_url = str(CycloneDxSupport.get_ext_ref_binary_url(cx_comp))
         if bin_url:
@@ -266,17 +271,6 @@ def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]:
         data["additionalData"] = {}
         data["additionalData"]["createdWith"] = capycli.get_app_signature()
 
-        # use project site as fallback for source code download url
-        website = CycloneDxSupport.get_ext_ref_website(cx_comp)
-        repo = CycloneDxSupport.get_ext_ref_repository(cx_comp)
-        if not src_url:
-            if repo:
-                print("    Using repository for source code download URL...")
-                data["sourceCodeDownloadurl"] = str(repo)
-            elif website:
-                print("    Using website for source code download URL...")
-                data["sourceCodeDownloadurl"] = str(website)
-
         language = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_LANGUAGE)
         if language:
             data["languages"] = []

tests/test_bom_create_components.py

@@ -61,7 +61,7 @@ def test_create_component(self) -> None:
 
         release_data = {"name": "activemodel", "version": "5.2.4.3",
                         "mainlineState": "OPEN", "languages": ["Ruby"],
-                        "sourceCodeDownloadurl": "http://test.org",
+                        "sourceCodeDownloadurl": "http://test.org/activemodel@5.2.4.3.zip",
                         "externalIds": {"package-url": "pkg:gem/activemodel@5.2.4.3"},
                         "additionalData": {"createdWith": capycli.get_app_signature()}}
         responses.add(
@@ -85,6 +85,7 @@ def test_create_component(self) -> None:
         CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_LANGUAGE, "Ruby")
         CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_CATEGORIES, "devel")
         CycloneDxSupport.update_or_set_ext_ref(item, ExternalReferenceType.WEBSITE, "", "http://test.org")
+        CycloneDxSupport.update_or_set_ext_ref(item, ExternalReferenceType.SOURCE_DISTRIBUTION, "", "http://test.org/activemodel@5.2.4.3.zip")
 
         self.app.create_component_and_release(item)
         assert len(responses.calls) == 3