From f186d22bf275e872bd664f07131604f6a0216f20 Mon Sep 17 00:00:00 2001
From: Aqua Security automated builds
 <54269356+aqua-bot@users.noreply.github.com>
Date: Fri, 7 Jun 2024 14:32:05 +0300
Subject: [PATCH] fix(sbom): don't overwrite `srcEpoch` when decoding SBOM
 files [backport: release/v0.52] (#6881)

Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
---
 pkg/sbom/io/decode.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/sbom/io/decode.go b/pkg/sbom/io/decode.go
index e4df3bee8489..917684962d20 100644
--- a/pkg/sbom/io/decode.go
+++ b/pkg/sbom/io/decode.go
@@ -271,6 +271,11 @@ func (m *Decoder) fillSrcPkg(c *core.Component, pkg *ftypes.Package) {
 	}
 	m.parseSrcVersion(pkg, c.SrcVersion)
 
+	// Source info was added from component or properties
+	if pkg.SrcName != "" && pkg.SrcVersion != "" {
+		return
+	}
+
 	// Fill source package information for components in third-party SBOMs .
 	if pkg.SrcName == "" {
 		pkg.SrcName = pkg.Name