From b8b060384b85733fd6035282bbfa181b84caac7d Mon Sep 17 00:00:00 2001
From: Alex Egan <alexegan7002@gmail.com>
Date: Wed, 20 Aug 2025 16:45:00 +0100
Subject: [PATCH 1/2] Added catch for empty results file in dependency track

---
 CHANGELOG.md                                              | 7 ++++++-
 src/scanoss/__init__.py                                   | 2 +-
 src/scanoss/cli.py                                        | 3 ++-
 .../inspection/dependency_track/project_violation.py      | 8 +++++++-
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a422aa7f..50d7f25d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.31.4] - 2025-08-20
+### Added
+- Added support for empty dependency track project policy checks
+
 ## [1.31.3] - 2025-08-19
 ### Fixed
 - Added handling for empty results files
@@ -642,4 +646,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.31.0]: https://github.com/scanoss/scanoss.py/compare/v1.30.0...v1.31.0
 [1.31.1]: https://github.com/scanoss/scanoss.py/compare/v1.31.0...v1.31.1
 [1.31.2]: https://github.com/scanoss/scanoss.py/compare/v1.31.1...v1.31.2
-[1.31.2]: https://github.com/scanoss/scanoss.py/compare/v1.31.2...v1.31.3
+[1.31.3]: https://github.com/scanoss/scanoss.py/compare/v1.31.2...v1.31.3
+[1.31.4]: https://github.com/scanoss/scanoss.py/compare/v1.31.3...v1.31.4
diff --git a/src/scanoss/__init__.py b/src/scanoss/__init__.py
index 40a8be75..9287075b 100644
--- a/src/scanoss/__init__.py
+++ b/src/scanoss/__init__.py
@@ -22,4 +22,4 @@
   THE SOFTWARE.
 """
 
-__version__ = '1.31.3'
+__version__ = '1.31.4'
diff --git a/src/scanoss/cli.py b/src/scanoss/cli.py
index abbfdc3e..7e447522 100644
--- a/src/scanoss/cli.py
+++ b/src/scanoss/cli.py
@@ -803,7 +803,8 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
     p_inspect_dt_project_violation.add_argument(
         '--timeout', '-M',
         required=False,
-        default='300',
+        default=300,
+        type=float,
         help='Timeout (in seconds) for API communication (optional - default 300 sec)'
     )
 
diff --git a/src/scanoss/inspection/dependency_track/project_violation.py b/src/scanoss/inspection/dependency_track/project_violation.py
index a5876682..a7d4858c 100644
--- a/src/scanoss/inspection/dependency_track/project_violation.py
+++ b/src/scanoss/inspection/dependency_track/project_violation.py
@@ -31,7 +31,7 @@
 
 # Constants
 PROCESSING_RETRY_DELAY = 5  # seconds
-DEFAULT_TIME_OUT = 300
+DEFAULT_TIME_OUT = 300.0
 MILLISECONDS_TO_SECONDS = 1000
 
 
@@ -257,6 +257,12 @@ def _safe_timestamp(field, value=None, default=0) -> float:
             self.print_msg(f'last_occurrence: {last_occurrence}')
             self.print_msg(f'last_vulnerability_analysis is updated: {last_vulnerability_analysis >= last_import}')
             self.print_msg(f'last_occurrence is updated: {last_occurrence >= last_import}')
+        # Catches case where vulnerability analysis is skipped for empty SBOMs
+        if last_occurrence >= last_import:
+            component_count = metrics.get('components', 0) if isinstance(metrics, dict) else 0
+            if component_count < 1:
+                self.print_msg('Notice: Empty SBOM detected. Assuming no violations.')
+                return True
         # If all timestamps are zero, this indicates no processing has occurred
         if last_vulnerability_analysis == 0 or last_occurrence == 0 or last_import == 0:
             self.print_stderr(f'Warning: Some project data appears to be unset. Returning False: {dt_project}')

From 06151b3e5d77c806370b6f33e18061e4523d8f3a Mon Sep 17 00:00:00 2001
From: Alex Egan <alexegan7002@gmail.com>
Date: Wed, 20 Aug 2025 16:59:05 +0100
Subject: [PATCH 2/2] Fixed logic

---
 src/scanoss/inspection/dependency_track/project_violation.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/scanoss/inspection/dependency_track/project_violation.py b/src/scanoss/inspection/dependency_track/project_violation.py
index a7d4858c..9e2d5ed2 100644
--- a/src/scanoss/inspection/dependency_track/project_violation.py
+++ b/src/scanoss/inspection/dependency_track/project_violation.py
@@ -258,7 +258,7 @@ def _safe_timestamp(field, value=None, default=0) -> float:
             self.print_msg(f'last_vulnerability_analysis is updated: {last_vulnerability_analysis >= last_import}')
             self.print_msg(f'last_occurrence is updated: {last_occurrence >= last_import}')
         # Catches case where vulnerability analysis is skipped for empty SBOMs
-        if last_occurrence >= last_import:
+        if 0 < last_import <= last_occurrence:
             component_count = metrics.get('components', 0) if isinstance(metrics, dict) else 0
             if component_count < 1:
                 self.print_msg('Notice: Empty SBOM detected. Assuming no violations.')