From 17b900cb14015c094d50a1e8702bed0a1bdd5957 Mon Sep 17 00:00:00 2001
From: DmitriyLewen <dmitriy.lewen@smartforce.io>
Date: Tue, 19 Mar 2024 16:53:12 +0600
Subject: [PATCH] fix(spdx): check to nil CreationInfo

---
 pkg/sbom/spdx/unmarshal.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/sbom/spdx/unmarshal.go b/pkg/sbom/spdx/unmarshal.go
index 5b1d4138e7cb..14b34c1c0caf 100644
--- a/pkg/sbom/spdx/unmarshal.go
+++ b/pkg/sbom/spdx/unmarshal.go
@@ -255,6 +255,10 @@ func (s *SPDX) parseExternalReferences(refs []*spdx.PackageExternalReference) (*
 }
 
 func (s *SPDX) isTrivySBOM(spdxDocument *spdx.Document) bool {
+	if spdxDocument == nil || spdxDocument.CreationInfo == nil || spdxDocument.CreationInfo.Creators == nil {
+		return false
+	}
+
 	for _, c := range spdxDocument.CreationInfo.Creators {
 		if c.CreatorType == "Tool" && strings.HasPrefix(c.Creator, "trivy") {
 			return true