SocketDev
diff --git a/‎tests/fixtures/fossa/README.md‎
Lines changed: 10 additions & 0 deletions b/‎tests/fixtures/fossa/README.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎tests/fixtures/fossa/fossa-analyze-empty.json‎
Lines changed: 13 additions & 0 deletions b/‎tests/fixtures/fossa/fossa-analyze-empty.json‎
Lines changed: 13 additions & 0 deletions
@@ -0,0 +1,10 @@
+# FOSSA reference fixtures
+
+Captured from a UiPath Azure DevOps pipeline (CE-199, build 12109922) for parity testing.
+
+- `fossa-analyze-populated.json` — composed FOSSA analyze artifact with 11 vulnerabilities.
+- `fossa-analyze-empty.json` — composed FOSSA analyze artifact with zero vulnerabilities.
+- `fossa-sbom-populated.json` — `fossa report --json attribution` output with direct + deep dependencies.
+- `fossa-sbom-empty-deep.json` — attribution output with empty `deepDependencies`.
+
+Source assets retained at `assets/` (gitignored) for reference. These four files are the structural-parity baseline.
@@ -0,0 +1,13 @@
+{
+  "project": {
+    "branch": "refs/heads/master",
+    "id": "custom+6060/DevTools-Validation-Pipeline-03cb9ead2f744dfa5506ec0c915423947ec2fe11-go-linux",
+    "project": "6060/DevTools-Validation-Pipeline",
+    "projectId": "custom+6060/DevTools-Validation-Pipeline",
+    "revision": "12109922-03cb9ead2f744dfa5506ec0c915423947ec2fe11-go-linux",
+    "url": "https://app.fossa.com/account/saml/6060?next=/projects/custom%252b6060%252fDevTools-Validation-Pipeline/refs/branch/refs%252fheads%252fmaster/12109922-03cb9ead2f744dfa5506ec0c915423947ec2fe11-go-linux"
+  },
+  "vulnerability": [],
+  "licensing": [],
+  "quality": []
+}