2 files changed, 43 insertions, 6 deletions
diff --git a/spec/lib/gitlab/ci/parsers/sbom/cyclonedx_properties_spec.rb b/spec/lib/gitlab/ci/parsers/sbom/cyclonedx_properties_spec.rb
index 38b229e0dd8..f09b85aa2c7 100644
--- a/spec/lib/gitlab/ci/parsers/sbom/cyclonedx_properties_spec.rb
+++ b/spec/lib/gitlab/ci/parsers/sbom/cyclonedx_properties_spec.rb
@@ -3,7 +3,7 @@
 require 'fast_spec_helper'
 
 RSpec.describe Gitlab::Ci::Parsers::Sbom::CyclonedxProperties do
-  subject(:parse_source) { described_class.parse_source(properties) }
+  subject(:parse_source_from_properties) { described_class.parse_source(properties) }
 
   context 'when properties are nil' do
     let(:properties) { nil }
@@ -50,9 +50,9 @@ RSpec.describe Gitlab::Ci::Parsers::Sbom::CyclonedxProperties do
     end
 
     it 'does not call dependency_scanning parser' do
-      expect(Gitlab::Ci::Parsers::Sbom::Source::DependencyScanning).not_to receive(:parse_source)
+      expect(Gitlab::Ci::Parsers::Sbom::Source::DependencyScanning).not_to receive(:source)
 
-      parse_source
+      parse_source_from_properties
     end
   end
 
@@ -82,7 +82,7 @@ RSpec.describe Gitlab::Ci::Parsers::Sbom::CyclonedxProperties do
     it 'passes only supported properties to the dependency scanning parser' do
       expect(Gitlab::Ci::Parsers::Sbom::Source::DependencyScanning).to receive(:source).with(expected_input)
 
-      parse_source
+      parse_source_from_properties
     end
   end
 end
diff --git a/spec/lib/gitlab/ci/parsers/sbom/cyclonedx_spec.rb b/spec/lib/gitlab/ci/parsers/sbom/cyclonedx_spec.rb
index f3636106b98..0b094880f69 100644
--- a/spec/lib/gitlab/ci/parsers/sbom/cyclonedx_spec.rb
+++ b/spec/lib/gitlab/ci/parsers/sbom/cyclonedx_spec.rb
@@ -100,16 +100,53 @@ RSpec.describe Gitlab::Ci::Parsers::Sbom::Cyclonedx do
       ]
     end
 
+    before do
+      allow(report).to receive(:add_component)
+    end
+
     it 'adds each component, ignoring unused attributes' do
       expect(report).to receive(:add_component)
-        .with(an_object_having_attributes(name: "activesupport", version: "5.1.4", component_type: "library"))
+        .with(
+          an_object_having_attributes(
+            name: "activesupport",
+            version: "5.1.4",
+            component_type: "library",
+            purl: an_object_having_attributes(type: "gem")
+          )
+        )
       expect(report).to receive(:add_component)
-        .with(an_object_having_attributes(name: "byebug", version: "10.0.0", component_type: "library"))
+        .with(
+          an_object_having_attributes(
+            name: "byebug",
+            version: "10.0.0",
+            component_type: "library",
+            purl: an_object_having_attributes(type: "gem")
+          )
+        )
       expect(report).to receive(:add_component)
         .with(an_object_having_attributes(name: "minimal-component", version: nil, component_type: "library"))
 
       parse!
     end
+
+    context 'when a component has an invalid purl' do
+      before do
+        components.push(
+          {
+            "name" => "invalid-component",
+            "version" => "v0.0.1",
+            "purl" => "pkg:nil",
+            "type" => "library"
+          }
+        )
+      end
+
+      it 'adds an error to the report' do
+        expect(report).to receive(:add_error).with("/components/#{components.size - 1}/purl is invalid")
+
+        parse!
+      end
+    end
   end
 
   context 'when report has metadata properties' do