Merge pull request #1491 from blackducksoftware/dev/devm/IDETECT-3456

devmehtabd · web-flow · commit bf0a0576fafb · 2025-07-31T10:27:44.000-04:00
Exclude Ignored Components from Risk Reports
diff --git a/src/main/java/com/blackduck/integration/detect/workflow/blackduck/report/service/ReportService.java b/src/main/java/com/blackduck/integration/detect/workflow/blackduck/report/service/ReportService.java
@@ -129,23 +129,16 @@ public ReportData getRiskReportData(ProjectView project, ProjectVersionView vers
         HttpUrl originalVersionUrl = version.getHref();
         boolean policyFailure = false;
         for (ProjectVersionComponentVersionView projectVersionComponentView : bomEntries) {
+            if(projectVersionComponentView.getIgnored()) {
+                continue;
+            }
             String policyStatus = projectVersionComponentView.getApprovalStatus().toString();
             if (StringUtils.isBlank(policyStatus)) {
-                HttpUrl componentPolicyStatusURL;
-                if (!StringUtils.isBlank(projectVersionComponentView.getComponentVersion())) {
-                    componentPolicyStatusURL = getComponentPolicyURL(originalVersionUrl, projectVersionComponentView.getComponentVersion());
-                } else {
-                    componentPolicyStatusURL = getComponentPolicyURL(originalVersionUrl, projectVersionComponentView.getComponent());
-                }
-                if (!policyFailure) {
-                    // FIXME if we could check if Black Duck has the policy module we could remove a lot of the mess
-                    try {
-                        PolicyStatusView bomPolicyStatus = blackDuckApiClient.getResponse(componentPolicyStatusURL, PolicyStatusView.class);
-                        policyStatus = bomPolicyStatus.getApprovalStatus().toString();
-                    } catch (IntegrationException e) {
-                        policyFailure = true;
-                        logger.debug("Could not get the component policy status, the Black Duck policy module is not enabled");
-                    }
+                try {
+                    policyStatus = checkPolicyStatusIfBlank(projectVersionComponentView, policyStatus, originalVersionUrl, policyFailure);
+                } catch (IntegrationException e) {
+                    policyFailure = true;
+                    logger.debug("Could not get the component policy status, the Black Duck policy module is not enabled");
                 }
             }
 
@@ -161,6 +154,21 @@ public ReportData getRiskReportData(ProjectView project, ProjectVersionView vers
         return reportData;
     }
 
+    private String checkPolicyStatusIfBlank(ProjectVersionComponentVersionView projectVersionComponentView, String policyStatus, HttpUrl originalVersionUrl, boolean policyFailure) throws IntegrationException {
+        HttpUrl componentPolicyStatusURL;
+        if (!StringUtils.isBlank(projectVersionComponentView.getComponentVersion())) {
+            componentPolicyStatusURL = getComponentPolicyURL(originalVersionUrl, projectVersionComponentView.getComponentVersion());
+        } else {
+            componentPolicyStatusURL = getComponentPolicyURL(originalVersionUrl, projectVersionComponentView.getComponent());
+        }
+        if (!policyFailure) {
+            // FIXME if we could check if Black Duck has the policy module we could remove a lot of the mess
+            PolicyStatusView bomPolicyStatus = blackDuckApiClient.getResponse(componentPolicyStatusURL, PolicyStatusView.class);
+            policyStatus = bomPolicyStatus.getApprovalStatus().toString();
+        }
+        return policyStatus;
+    }
+
     private LocalDateTime getDateTimeOfLatestScanForProjectVersion(ProjectVersionView projectVersion, String projectName) throws IntegrationException {
         List<CodeLocationView> codeLocations = blackDuckApiClient.getAllResponses(projectVersion.metaCodelocationsLink());
         if (codeLocations.isEmpty()) {
