fix: write fossa-sbom.json with indent=2 for consistency

Author: flowstate

socketsecurity/socketcli.py

@@ -58,6 +58,10 @@ def build_license_artifact_payload(
         all_packages[package.id] = output
     return all_packages
 
+def _write_attribution_file(config, payload: dict) -> None:
+    Core.save_file(config.license_file_name, json.dumps(payload, indent=2))
+
+
 def cli():
     try:
         main_code()
@@ -780,7 +784,7 @@ def _is_unprocessed(c):
             legal_format=getattr(config, "legal_format", "socket"),
             config=config,
         )
-        core.save_file(config.license_file_name, json.dumps(all_packages))
+        _write_attribution_file(config, all_packages)
 
     # If we forced API mode due to no supported files, behave as if --disable-blocking was set
     if force_api_mode:

tests/unit/test_socketcli.py

@@ -69,6 +69,27 @@ class Config:
     }
 
 
+def test_fossa_attribution_file_is_written_indented(tmp_path):
+    """fossa-sbom.json should be written with indent=2, matching fossa-analyze.json."""
+    import json
+    from socketsecurity import socketcli
+    from types import SimpleNamespace
+
+    target = tmp_path / "fossa-sbom.json"
+    config = SimpleNamespace(license_file_name=str(target))
+    payload = {
+        "copyrightsByLicense": {},
+        "deepDependencies": [],
+        "directDependencies": [],
+        "licenses": {},
+        "project": {"name": "x", "revision": "y"},
+    }
+    socketcli._write_attribution_file(config, payload)
+    content = target.read_text()
+    assert "\n  " in content, f"Expected indented JSON, got: {content!r}"
+    assert json.loads(content) == payload
+
+
 def test_build_license_artifact_payload_fossa_format_serializes_dependencies():
     class Config:
         repo = "owner/repo"