From f5e60a9d81b3313a92935c8a875459abcef77c40 Mon Sep 17 00:00:00 2001
From: Parth Patel <88045217+pxp928@users.noreply.github.com>
Date: Thu, 19 Sep 2024 01:39:28 -0400
Subject: [PATCH] create isoccur for top level package when artifact is found
 (#2137)

Signed-off-by: pxp928 <parth.psu@gmail.com>
---
 internal/testing/testdata/testdata.go             | 10 ++++++++++
 pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go |  2 ++
 2 files changed, 12 insertions(+)

diff --git a/internal/testing/testdata/testdata.go b/internal/testing/testdata/testdata.go
index a93e04f7ae..b6211eb8e0 100644
--- a/internal/testing/testdata/testdata.go
+++ b/internal/testing/testdata/testdata.go
@@ -1127,6 +1127,16 @@ var (
 	}
 
 	CdxIngestionPredicates = assembler.IngestPredicates{
+		IsOccurrence: []assembler.IsOccurrenceIngest{
+			{
+				Pkg: cdxTopLevelPack,
+				Artifact: &model.ArtifactInputSpec{
+					Algorithm: "sha256",
+					Digest:    "6ad5b696af3ca05a048bd29bf0f623040462638cb0b29c8d702cbb2805687388",
+				},
+				IsOccurrence: isOccurrenceJustifyTopPkg,
+			},
+		},
 		IsDependency: CdxDeps,
 		HasSBOM:      CdxHasSBOM,
 	}
diff --git a/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go b/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
index 4a3188bcbe..1218437c1d 100644
--- a/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
+++ b/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
@@ -387,6 +387,8 @@ func (c *cyclonedxParser) GetPredicates(ctx context.Context) *assembler.IngestPr
 					logger.Infof("CDX artifact was not parsable: %v", err)
 				} else {
 					topLevelArts = append(topLevelArts, artInput)
+					// append to packageArtifacts so that isOccurrence is created
+					c.packageArtifacts[c.cdxBom.Metadata.Component.BOMRef] = append(c.packageArtifacts[c.cdxBom.Metadata.Component.BOMRef], artInput)
 					logger.Infof("getArtInput %v", artInput)
 				}
 			}