Fixed source filtering bug for spdx conversion

Alex-1089 · Alex-1089 · commit 6107d333c3fa · 2025-10-21T12:26:47.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.37.1] - 2025-10-21
+### Added
+- Added source filtering to cyclonedx conversion
+### Fixed
+- Fixed dependencies being skipped during spdx conversion
+
 ## [1.37.0] - 2025-10-17
 ### Added
 - Added delta folder and file copy command
@@ -689,3 +695,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.35.0]: https://github.com/scanoss/scanoss.py/compare/v1.34.0...v1.35.0
 [1.36.0]: https://github.com/scanoss/scanoss.py/compare/v1.35.0...v1.36.0
 [1.37.0]: https://github.com/scanoss/scanoss.py/compare/v1.36.0...v1.37.0
+[1.37.1]: https://github.com/scanoss/scanoss.py/compare/v1.37.0...v1.37.1
diff --git a/src/scanoss/__init__.py b/src/scanoss/__init__.py
@@ -22,4 +22,4 @@
   THE SOFTWARE.
 """
 
-__version__ = '1.37.0'
+__version__ = '1.37.1'
diff --git a/src/scanoss/cyclonedx.py b/src/scanoss/cyclonedx.py
@@ -152,7 +152,11 @@ def parse(self, data: dict):  # noqa: PLR0912, PLR0915
                     fdl = []
                     if licenses:
                         for lic in licenses:
-                            fdl.append({'id': lic.get('name')})
+                            name = lic.get('name')
+                            source = lic.get('source')
+                            if source not in ('component_declared', 'license_file', 'file_header'):
+                                continue
+                            fdl.append({'id': name})
                     fd['licenses'] = fdl
                     cdx[purl] = fd
         # self.print_stderr(f'VD: {vdx}')
@@ -295,7 +299,8 @@ def produce_from_str(self, json_str: str, output_file: str = None) -> bool:
         except Exception as e:
             self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
             return False
-        return self.produce_from_json(data, output_file)
+        success, _ = self.produce_from_json(data, output_file)
+        return success
 
     def _normalize_vulnerability_id(self, vuln: dict) -> tuple[str, str]:
         """
diff --git a/src/scanoss/spdxlite.py b/src/scanoss/spdxlite.py
@@ -247,8 +247,9 @@ def _process_licenses(self, licenses: list) -> list:
         for license_info in licenses:
             name = license_info.get('name')
             source = license_info.get('source')
-            if source not in ("component_declared", "license_file", "file_header"):
-                continue
+            if source is not None or source == '':
+                if source not in ("component_declared", "license_file", "file_header"):
+                    continue
             if name and name not in seen_names:
                 processed_licenses.append({'id': name})
                 seen_names.add(name)
