3 files changed, 64 insertions, 19 deletions

diff --git a/lib/gitlab/ci/parsers/sbom/component.rb b/lib/gitlab/ci/parsers/sbom/component.rb
new file mode 100644
index 00000000000..1a4aa5071ae
--- /dev/null
+++ b/lib/gitlab/ci/parsers/sbom/component.rb
@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Ci
+    module Parsers
+      module Sbom
+        class Component
+          include Gitlab::Utils::StrongMemoize
+
+          TRIVY_SOURCE_PACKAGE_FIELD = 'SrcName'
+
+          def initialize(data)
+            @data = data
+          end
+
+          def parse
+            ::Gitlab::Ci::Reports::Sbom::Component.new(
+              type: data['type'],
+              name: data['name'],
+              purl: purl,
+              version: data['version'],
+              properties: properties,
+              source_package_name: source_package_name
+            )
+          end
+
+          private
+
+          attr_reader :data
+
+          def purl
+            return unless data['purl']
+
+            ::Sbom::PackageUrl.parse(data['purl'])
+          end
+          strong_memoize_attr :purl
+
+          def properties
+            CyclonedxProperties.parse_trivy_source(data['properties'])
+          end
+          strong_memoize_attr :properties
+
+          def source_package_name
+            return unless container_scanning_component?
+
+            properties&.data&.dig(TRIVY_SOURCE_PACKAGE_FIELD) || data['name']
+          end
+
+          def container_scanning_component?
+            return false unless data['purl']
+
+            Enums::Sbom.container_scanning_purl_type?(purl.type)
+          end
+          strong_memoize_attr :container_scanning_component?
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/ci/parsers/sbom/cyclonedx.rb b/lib/gitlab/ci/parsers/sbom/cyclonedx.rb
index 62cd322e141..9c48dd69a41 100644
--- a/lib/gitlab/ci/parsers/sbom/cyclonedx.rb
+++ b/lib/gitlab/ci/parsers/sbom/cyclonedx.rb
@@ -58,15 +58,7 @@ module Gitlab
 
           def parse_components
             data['components']&.each_with_index do |component_data, index|
-              properties = component_data['properties']
-              component = ::Gitlab::Ci::Reports::Sbom::Component.new(
-                type: component_data['type'],
-                name: component_data['name'],
-                purl: component_data['purl'],
-                version: component_data['version']
-              )
-
-              component.properties = CyclonedxProperties.parse_trivy_source(properties) if properties
+              component = Component.new(component_data).parse
               report.add_component(component) if component.ingestible?
             rescue ::Sbom::PackageUrl::InvalidPackageUrl
               report.add_error("/components/#{index}/purl is invalid")
diff --git a/lib/gitlab/ci/reports/sbom/component.rb b/lib/gitlab/ci/reports/sbom/component.rb
index 1a3f689c1d7..6cc588d113c 100644
--- a/lib/gitlab/ci/reports/sbom/component.rb
+++ b/lib/gitlab/ci/reports/sbom/component.rb
@@ -8,14 +8,15 @@ module Gitlab
           include Gitlab::Utils::StrongMemoize
 
           attr_reader :component_type, :version, :path
-          attr_accessor :properties
+          attr_accessor :properties, :purl, :source_package_name
 
-          def initialize(type:, name:, purl:, version:, properties: nil)
+          def initialize(type:, name:, purl:, version:, properties: nil, source_package_name: nil)
             @component_type = type
             @name = name
-            @raw_purl = purl
+            @purl = purl
             @version = version
             @properties = properties
+            @source_package_name = source_package_name
           end
 
           def <=>(other)
@@ -26,13 +27,6 @@ module Gitlab
             supported_component_type? && supported_purl_type?
           end
 
-          def purl
-            return unless @raw_purl
-
-            ::Sbom::PackageUrl.parse(@raw_purl)
-          end
-          strong_memoize_attr :purl
-
           def purl_type
             purl.type
           end