From 98611e3925cf387160189484c8181e44fb3de81f Mon Sep 17 00:00:00 2001
From: Zureno <pranshu21freak@gmail.com>
Date: Sat, 14 Mar 2026 20:34:46 -0400
Subject: [PATCH] arn on duplicate service BOM refs during BOM processing

Signed-off-by: Zureno <pranshu21freak@gmail.com>
---
 .../dependencytrack/tasks/BomUploadProcessingTask.java    | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java b/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java
index 300ed4371c..b11ec8ecc6 100644
--- a/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java
+++ b/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java
@@ -675,7 +675,13 @@ private static Predicate<ServiceComponent> distinctServicesByIdentity(
         final var identitiesSeen = new HashSet<ComponentIdentity>();
         return service -> {
             final var componentIdentity = new ComponentIdentity(service);
-            identitiesByBomRef.putIfAbsent(service.getBomRef(), componentIdentity);
+            final boolean isBomRefUnique = identitiesByBomRef.putIfAbsent(service.getBomRef(), componentIdentity) == null;
+            if (!isBomRefUnique) {
+            LOGGER.warn("""
+                BOM ref %s is associated with multiple services in the BOM; \
+                BOM refs are required to be unique; Please report this to the vendor \
+                of the tool that generated the BOM""".formatted(service.getBomRef()));
+            }
             bomRefsByIdentity.put(componentIdentity, service.getBomRef());
             final boolean isSeenBefore = !identitiesSeen.add(componentIdentity);
             if (LOGGER.isDebugEnabled() && isSeenBefore) {