boman-cli 2.5.2__tar.gz → 2.5.4__tar.gz

{boman_cli-2.5.2 → boman_cli-2.5.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: boman-cli
-Version: 2.5.2
+Version: 2.5.4
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -105,11 +105,19 @@ Example: boman-cli -a run -zap_session_script ./session.js
 2  : Auth error
 3  : Docker/System error
 4  : Misconfig error
-
+5  : Failing based on SLA
 
 
 
 ### Release Note:
+
+### 2.5.4
+- **CLOC** - New feature. CLI will now generate lines of code of the repo and push it to SaaS.
+- **Dev Attribution** - New feature, Dev names for fetched for the findings and shared with SaaS.
+
+### 2.5.3
+- **SLA** - new feature. Build fail SLA has been introduced it can be configured in SaaS platform. Build fails if the condition is met menioned in SaaS. Check Build SLA in SLA menu for more info.
+
 ### 2.5.1
 - **SBOM** Added New fields as per certin
 

{boman_cli-2.5.2 → boman_cli-2.5.4}/README.md

@@ -74,11 +74,19 @@ Example: boman-cli -a run -zap_session_script ./session.js
 2  : Auth error
 3  : Docker/System error
 4  : Misconfig error
-
+5  : Failing based on SLA
 
 
 
 ### Release Note:
+
+### 2.5.4
+- **CLOC** - New feature. CLI will now generate lines of code of the repo and push it to SaaS.
+- **Dev Attribution** - New feature, Dev names for fetched for the findings and shared with SaaS.
+
+### 2.5.3
+- **SLA** - new feature. Build fail SLA has been introduced it can be configured in SaaS platform. Build fails if the condition is met menioned in SaaS. Check Build SLA in SLA menu for more info.
+
 ### 2.5.1
 - **SBOM** Added New fields as per certin
 

{boman_cli-2.5.2 → boman_cli-2.5.4}/boman_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: boman-cli
-Version: 2.5.2
+Version: 2.5.4
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -105,11 +105,19 @@ Example: boman-cli -a run -zap_session_script ./session.js
 2  : Auth error
 3  : Docker/System error
 4  : Misconfig error
-
+5  : Failing based on SLA
 
 
 
 ### Release Note:
+
+### 2.5.4
+- **CLOC** - New feature. CLI will now generate lines of code of the repo and push it to SaaS.
+- **Dev Attribution** - New feature, Dev names for fetched for the findings and shared with SaaS.
+
+### 2.5.3
+- **SLA** - new feature. Build fail SLA has been introduced it can be configured in SaaS platform. Build fails if the condition is met menioned in SaaS. Check Build SLA in SLA menu for more info.
+
 ### 2.5.1
 - **SBOM** Added New fields as per certin
 

{boman_cli-2.5.2 → boman_cli-2.5.4}/boman_cli.egg-info/SOURCES.txt

@@ -11,6 +11,7 @@ bomancli/Config.py
 bomancli/_init_.py
 bomancli/auth.py
 bomancli/base_logger.py
+bomancli/dev_attribution.py
 bomancli/loc_finder.py
 bomancli/main.py
 bomancli/sbom_enricher.py

{boman_cli-2.5.2 → boman_cli-2.5.4}/bomancli/Config.py

@@ -121,7 +121,7 @@ class Config:
 
     log_level = "INFO"
 
-    version = 'v2.5.2'
+    version = 'v2.5.4'
 
     boman_config_file = 'boman.yaml'
     
@@ -218,7 +218,12 @@ class Config:
     reachability_language=None
     
     fail_build = False
+    sla_fail_build = False
     polling_time = 60
     polling_frequency = 10
     
-    ml_success = False
+    ml_success = False
+    
+    reason_sla_build_fail = []
+
+    cloc_total_data = None

boman_cli-2.5.4/bomancli/dev_attribution.py

@@ -0,0 +1,302 @@
+import subprocess
+import json
+import argparse
+import os
+import datetime
+import re
+from docker import errors
+from bomancli.base_logger import logging
+from bomancli.Config import Config
+# --- Git Helper Functions ---
+
+def ensure_full_git_history():
+    try:
+        is_shallow = subprocess.check_output(
+            ["git", "rev-parse", "--is-shallow-repository"],
+            text=True
+        ).strip()
+
+        if is_shallow == "true":
+            logging.info("[INFO] Shallow repository detected. Fetching full history...")
+            subprocess.run(
+                ["git", "fetch", "--prune", "--unshallow"],
+                check=False
+            )
+        else:
+            logging.info("[INFO] Repository already has full history.")
+
+    except Exception as e:
+        logging.error(f"[WARN] Could not determine git history depth: {e}", file=sys.stderr)
+
+
+
+
+
+def run_git_command(cmd, cwd=None):
+    """Run a git command and return output."""
+    try:
+        if cwd and not os.path.exists(cwd):
+            return None, "cwd_not_found"
+        result = subprocess.run(
+            cmd,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+            text=True,
+            check=False,
+            cwd=cwd,
+            encoding='utf-8', 
+            errors='replace'
+        )
+        if result.returncode != 0:
+            return None, result.stderr.strip()
+        return result.stdout.strip(), None
+    except Exception as e:
+        logging.error(f"Error running git command {' '.join(cmd)}: {e}")
+        return None, str(e)
+
+def get_branch_info(repo_root="."):
+    """Fetch current branch name, commit, and remote."""
+    branch, _ = run_git_command(["git", "rev-parse", "--abbrev-ref", "HEAD"], cwd=repo_root)
+    commit, _ = run_git_command(["git", "rev-parse", "HEAD"], cwd=repo_root)
+    remote, _ = run_git_command(["git", "config", "--get", "remote.origin.url"], cwd=repo_root)
+    
+    return {
+        "name": branch,
+        "head_commit": commit,
+        "remote_url": remote
+    }
+
+# --- Blame Logic ---
+
+def get_owner_from_lines(file_path, start_line, end_line):
+    # Ensure file exists
+    if not os.path.isfile(file_path):
+        return None, "file_not_found_on_disk"
+
+    cmd = [
+        "git", "blame",
+        "-w", "-M", "-C",
+        "-L", f"{start_line},{end_line}",
+        "--line-porcelain",
+        "--", file_path
+    ]
+
+    result, error = run_git_command(cmd)
+    
+    if error:
+        return None, error
+
+    line_authors = []
+
+    line_authors = []
+    current = {}
+
+    for line in result.splitlines():
+        # Check for new block start (Hash Line)
+        # Format: <40-hex-sha> <orig_line> <final_line> [<group_lines>]
+        if re.match(r'^[a-f0-9]{40}\s', line):
+            # If we have a previous block with sufficient data, save it
+            if "author" in current:
+                line_authors.append(current)
+            # Start new block
+            current = {}
+            parts = line.split(" ")
+            current["commit"] = parts[0]
+            continue
+
+        if line.startswith("author "):
+            current["author"] = line.replace("author ", "")
+        elif line.startswith("author-mail "):
+            current["email"] = line.replace("author-mail ", "").strip("<>")
+        elif line.startswith("author-time "):
+            current["author_time"] = int(line.replace("author-time ", ""))
+        elif line.startswith("committer-time "):
+             pass
+        elif line.startswith("summary "):
+            current["summary"] = line.replace("summary ", "")
+        elif line.startswith("\t"):  # actual code line
+            current["code"] = line.strip()
+            
+    # Capture the last block
+    if "author" in current:
+        line_authors.append(current)
+
+    if not line_authors:
+        return None, f"no_authors_parsed_from_blame. Raw output start: {result[:200]!r}"
+
+    # Aggregate stats for this specific block
+    unique_authors = {}
+    
+    for entry in line_authors:
+        email = entry.get("email")
+        if email not in unique_authors:
+            unique_authors[email] = {
+                "name": entry.get("author"),
+                "email": email,
+                "commit": entry.get("commit"),
+                "line_count": 0,
+                "timestamps": []
+            }
+        unique_authors[email]["line_count"] += 1
+        unique_authors[email]["timestamps"].append(entry.get("author_time"))
+
+    # Sort by line count
+    sorted_authors = sorted(unique_authors.values(), key=lambda x: x["line_count"], reverse=True)
+    
+    if not sorted_authors:
+        return None, "no_sorted_authors"
+
+    # Determine primary owner for this finding
+    primary = sorted_authors[0]
+    
+    # Calculate most recent time
+    all_timestamps = [t for a in unique_authors.values() for t in a["timestamps"]]
+    most_recent_ts = max(all_timestamps) if all_timestamps else 0
+    most_recent_str = datetime.datetime.fromtimestamp(most_recent_ts).strftime("%Y-%m-%d %H:%M:%S")
+
+    return {
+        "file": file_path,
+        "lines": f"{start_line}-{end_line}",
+        "authors": sorted_authors,
+        "primary_owner": primary["name"],
+        "primary_email": primary["email"],
+        "primary_commit": primary["commit"],
+        "updated_at": most_recent_str
+    }, None
+
+# --- Main Enrichment Logic ---
+
+def normalize_path(path):
+    # Remove leading prefixes often found in container scans
+    if path.startswith("/src/"): 
+        return path[5:]
+    elif path.startswith("src/"): 
+        return path[4:]
+    return path.lstrip("/")
+
+def enrich_files(input_path, output_path):
+    # 1. Load Input
+
+    logging.info(f"Loading {input_path}...")
+    
+    #logging.info('checking git swallow')
+
+    ensure_full_git_history()
+    
+    try:
+        with open(input_path, "r", encoding="utf-8") as f:
+            data = json.load(f)
+    except Exception as e:
+        logging.error(f"Error reading input file: {e}")
+        return
+
+    # Handle if root is list
+    results = data.get("results", []) if isinstance(data, dict) else data
+    if isinstance(data, list):
+        # normalize structure
+        data = {"results": results}
+
+    # 2. Prepare Globals
+    git_users_registry = {} # key: email, value: stats
+    
+    logging.info(f"Processing {len(results)} findings...")
+
+    # 3. Process Findings
+    for idx, result in enumerate(results):
+        path = normalize_path(result.get("path", ""))
+        
+        # Determine lines
+        start_line = None
+        if isinstance(result.get("start"), dict):
+            start_line = result.get("start", {}).get("line")
+        else:
+            start_line = result.get("start_line") or result.get("start") # fallback
+
+        end_line = None
+        if isinstance(result.get("end"), dict):
+            end_line = result.get("end", {}).get("line")
+        else:
+            end_line = result.get("end_line") or result.get("end") or start_line
+
+        if not path or not start_line:
+            result["attribution"] = {"status": "skipped_invalid_path_or_line"}
+            continue
+
+        if not os.path.exists(path):
+            result["attribution"] = {"status": "file_not_found", "original_path": result.get("path")}
+            continue
+        
+        # Get Blame
+        blame_info, blame_error = get_owner_from_lines(path, int(start_line), int(end_line))
+        
+        if blame_info:
+            # Enriched Attribution Field
+            result["attribution"] = {
+                "developer": blame_info["primary_owner"],
+                "email": blame_info["primary_email"],
+                "commit": blame_info["primary_commit"],
+                "updated_at": blame_info["updated_at"],
+                "confidence": "high",
+                "status": "attributed",
+                "all_authors": blame_info["authors"] # optional detail
+            }
+
+            # Update Global Registry
+            for author in blame_info["authors"]:
+                email = author["email"]
+                if email not in git_users_registry:
+                    git_users_registry[email] = {
+                        "name": author["name"],
+                        "email": email,
+                        "total_attributed_findings": 0,
+                        "last_active_ts": 0
+                    }
+                
+                # Update stats
+                reg = git_users_registry[email]
+                if author["name"] == blame_info["primary_owner"]:
+                     # Only count as 'attributed finding' if they are the primary owner? 
+                     # Or count participation? Let's count if they are primary owner.
+                     reg["total_attributed_findings"] += 1
+                
+                # Update activity time
+                # author["timestamps"] is a list of ts
+                if author["timestamps"]:
+                    max_ts = max(author["timestamps"])
+                    if max_ts > reg["last_active_ts"]:
+                        reg["last_active_ts"] = max_ts
+
+        else:
+            result["attribution"] = {"status": "blame_failed", "error": blame_error}
+    
+    # 4. Finalize Globals
+    
+    # Valid Git Users
+    final_users = []
+    for email, stats in git_users_registry.items():
+        stats["last_active"] = datetime.datetime.fromtimestamp(stats["last_active_ts"]).strftime("%Y-%m-%d %H:%M:%S")
+        del stats["last_active_ts"]
+        final_users.append(stats)
+    
+    data["git_users"] = final_users
+
+    # Branch Info
+    logging.info("Fetching branch info...")
+    data["branch_info"] = get_branch_info()
+
+    # 5. Write Output
+    logging.info(f"Writing results to {output_path}...")
+    with open(output_path, "w", encoding="utf-8") as f:
+        json.dump(data, f, indent=2)
+    logging.info("Done.")
+
+def main():
+    parser = argparse.ArgumentParser(description="Enrich OpenGrep findings with Git Blame information.")
+    parser.add_argument("--input", "-i", required=True, help="Input OpenGrep JSON file")
+    parser.add_argument("--output", "-o", default="opengrep_enriched.json", help="Output JSON file")
+    
+    args = parser.parse_args()
+    enrich_files(args.input, args.output)
+
+if __name__ == "__main__":
+    main()

{boman_cli-2.5.2 → boman_cli-2.5.4}/bomancli/loc_finder.py

@@ -1,4 +1,8 @@
 import os
+from docker import errors
+from bomancli.base_logger import logging
+from bomancli.Config import Config
+docker = Config.docker_client
 
 
 ###line counts based on given file extension --  MM
@@ -59,4 +63,31 @@ def countlines(start,lines=0, header=False, begin_start=None,extentsion='.py'):
 
 
 
-#print(countlines('/home/boxuser/box/Vuln-code/',extentsion='.rb'))
+#print(countlines('/home/boxuser/box/Vuln-code/',extentsion='.rb'))
+
+
+
+
+def run_cloc_docker():
+    
+    docker_image="bomanai/cloc:latest"
+    userid= Config.userid
+    detach=False
+    command_line = f"{Config.build_dir} --json --out=/{Config.build_dir}/cloc.json"
+    tool_name ='cloc'
+    logging.info('Generating loc')
+    try:
+
+        logging.info('Cloc Docker: Preparing %s scan for jenkins env with %s user ', tool_name , userid)    
+
+       
+        container_output = docker.containers.run(docker_image, command_line, volumes={Config.sast_build_dir: {
+                        'bind': Config.sast_build_dir}}, user=userid,detach=detach, remove=True)
+        logging.info('Cloc Docker: SUCCESS !!!. Message: %s Scan Completed',tool_name)
+
+    except errors.ContainerError as exc:
+        msg='\n The following error has been recorded while scanning SAST'
+        Utils.logError(msg,str(exc))
+        logging.error(f'SAST Docker: Failed !!!, Message: Some Error recorded while scanning {str(exc)}')
+        Config.sast_scan_status = 'Failed'
+        Config.sast_errors = f'Exit Status {exc.exit_status}:{str(exc)}]'

{boman_cli-2.5.2 → boman_cli-2.5.4}/bomancli/main.py

@@ -31,7 +31,8 @@ from bomancli.sbom_enricher import SBOMEnricher
 from bomancli import validation as Validation
 from bomancli import utils as Utils
 from bomancli import auth as Auth
-
+from bomancli.dev_attribution import enrich_files
+from bomancli import loc_finder as Loc_finder
 
 
 parser = argparse.ArgumentParser(
@@ -205,11 +206,23 @@ def runImage(data=None,type=None):
 
 
 
+        ## check whether the tool is opengrep, if yes run gitblame enricher script
+
+
+        if tool_name == 'Opengrep':
+            logging.info("Running Dev attribution on this script")
+            enrich_files(output_file,output_file)
+        else:
+            logging.info("no dev attribution has been run for this")    
+
+
+
         try:
             if Config.sast_ignore:
                 os.remove('.semgrepignore')
             if will_generate_output == 1:
-                #logging.info('WILL GENERATE OUTPUT')
+                logging.info('WILL GENERATE OUTPUT')
+                #output_file ="blame_enriched_report.json"
                 if uploadReport(output_file,tool_name,tool_id,scan_details_id,'SAST'):
                     Config.sast_scan_status = 'Completed'
                     Config.sast_upload_status ='Completed'
@@ -778,7 +791,8 @@ def uploadReport(filename,toolname,tool_id,scan_details_id,type):
         try:
             logging.info('Removing the result file')
             if type != "sbom" and type != "reachability":
-                os.remove(path)
+                logging.info("remvoing file here")
+                #os.remove(path)
             elif Config.reachability_present is not True and type == 'sbom':
                 os.remove(path)    
             elif type == "reachability":
@@ -808,7 +822,7 @@ def uploadReport(filename,toolname,tool_id,scan_details_id,type):
             else:    
                 logging.info('[COMPLETED]: %s Report uploaded Successfully! Report Name: %s',toolname,filename)
             logging.info('Removing the result file')
-            #os.remove(path)
+            os.remove(path)
             return 1
         elif r.status_code == 401 :
             logging.error('Unauthorized Access while uploading the results. Please check the app/customer tokens')
@@ -914,10 +928,10 @@ def exitFunction():
             x = requests.post(url,json=values)  
             response = x.json()
             
-            if not Config.fail_build:
-                logging.info("Fail Build was not configured")
-                Utils.get_summary_of_vulns(response)
-                break
+            # if not Config.fail_build:
+            #     logging.info("Fail Build was not configured")
+            #     Utils.get_summary_of_vulns(response)
+            #     break
             
             if "ml_status" in response.keys():
                 if response["ml_status"] == True:
@@ -1363,43 +1377,53 @@ def default():
         if main():
             logging.info('################################ BOMAN Scanning Done ################################')
             logging.info('#####################################################################################')
+            Loc_finder.run_cloc_docker()
             Utils.showSummary()
+            #Loc_finder.run_cloc_docker()
             Utils.uploadLogs()
+            
+            # Sla build failing
+            if Config.sla_fail_build == True:
+                logging.warning("Failing the build for the below reason(s).")
+                for reason in Config.reason_sla_build_fail:
+                    logging.warning(f"- {reason}")
+                logging.warning("Please check SLA menu in Boman platform for more details.")
+                exit(5) 
 
            ## checking the failbuild argument
             if args.failBuild == 'fail':
                 total_vuln = Config.high_count + Config.medium_count + Config.low_count + Config.critical_count
                 if total_vuln > 0:
                     logging.warning(f"Failing the build as {args.failBuild} is configured in failBuild argument. Boman has found {total_vuln} vulnerabilities")
-                    exit(-1)
+                    exit(5)
                 else:
                     exit(0)    
 
             elif args.failBuild == 'high':
                 if Config.high_count > 0 or Config.critical_count > 0:
                     logging.warning(f"Failing the build as {args.failBuild} is configured in failBuild argument. Boman has found {Config.high_count} {args.failBuild} vulnerabilities")
-                    exit(-1)
+                    exit(5)
                 else:
                     exit(0)     
 
             elif args.failBuild == 'medium':
                 if Config.medium_count > 0 or Config.high_count > 0:
                     logging.warning(f"Failing the build as {args.failBuild} is configured in failBuild argument. Boman has found {Config.medium_count} {args.failBuild} vulnerabilities")
-                    exit(-1)
+                    exit(5)
                 else:
                     exit(0)    
 
             elif args.failBuild == 'low':
                 if Config.low_count > 0 or Config.medium_count > 0 or Config.high_count > 0:
                     logging.warning(f"Failing the build as {args.failBuild} is configured in failBuild argument. Boman has found {Config.low_count} {args.failBuild} vulnerabilities")
-                    exit(-1)
+                    exit(5)
                 else:
                     exit(0)  
 
             elif args.failBuild == 'critical':
                 if Config.critical_count > 0:
                     logging.warning(f"Failing the build as {args.failBuild} is configured in failBuild argument. Boman has found {Config.critical_count} {args.failBuild} vulnerabilities")
-                    exit(-1)
+                    exit(5)
                 else:
                     exit(0)                     
 

{boman_cli-2.5.2 → boman_cli-2.5.4}/bomancli/sbom_enricher.py

@@ -6,6 +6,8 @@ import asyncio
 import aiohttp
 from abc import ABC, abstractmethod
 from datetime import datetime
+from bomancli.base_logger import logging
+from bomancli.Config import Config
 # -----------------------------------------------------
 # BASE FETCHERS (Modular Structure)
 # -----------------------------------------------------
@@ -99,7 +101,7 @@ class MavenFetcher(BaseFetcher):
         # --- FIX: Ensure the API response is a dictionary ---
         if not isinstance(j, dict):
             # If j is a string (non-JSON response), we skip processing and return empty data
-            print(f"[WARN] Maven API for {name} returned non-JSON data or failed parsing.")
+            logging.error(f"[WARN] Maven API for {name} returned non-JSON data or failed parsing.")
             return data
         # ----------------------------------------------------
 
@@ -334,7 +336,7 @@ class SBOMEnricher:
                 
         # Store the map for quick lookup later
         self._dependency_map = dependency_map
-        print(f"✅ Preprocessed dependency map containing {len(dependency_map)} components.")
+        logging.info(f"Preprocessed dependency map containing {len(dependency_map)} components.")
 
 
 
@@ -354,7 +356,7 @@ class SBOMEnricher:
                 fetcher_instance = Fetcher(session)
                 return await fetcher_instance.fetch_metadata(package_name, version)
             except Exception as e:
-                print(f"[ERROR] Fetcher failed for {package_type} ({package_name}): {e}")
+                logging.error(f"[ERROR] Fetcher failed for {package_type} ({package_name}): {e}")
                 return {"description": "", "release_date": ""}
         else:
             # Fallback for unknown types (e.g., github, generic files)
@@ -480,7 +482,7 @@ class SBOMEnricher:
         
         # Check for components before running async
         if not self.get_components():
-             print("No components found in SBOM to enrich.")
+             logging.info("No components found in SBOM to enrich.")
              return self.sbom_data
 
         # --- NEW STEP: PREPROCESS DEPENDENCIES ---
@@ -508,5 +510,5 @@ class SBOMEnricher:
         """Save enriched SBOM"""
         with open(output_path, "w", encoding="utf-8") as f:
             json.dump(self.sbom_data, f, indent=2)
-        print(f"✅ Enriched SBOM saved to {output_path}")
+        logging.info(f"Enriched SBOM saved to {output_path}")
 

{boman_cli-2.5.2 → boman_cli-2.5.4}/bomancli/utils.py

@@ -19,7 +19,11 @@ import json
 import xmltodict
 import yaml
 import time
- 
+from json import JSONDecodeError
+from pathlib import Path
+
+
+
 logging.basicConfig(format='%(asctime)s — %(name)s — %(levelname)s — %(funcName)s:%(lineno)d — %(message)s') 
  
 docker = Config.docker_client
@@ -263,7 +267,7 @@ def showSummary():
     logging.info('--------------------------- Scan Token: %s --------------------------------------------------------',Config.scan_token)
     if Config.git_present:
         logging.info('--------------------------- Git Details:[Repo: %s, Branch: %s ]--------------------------------------------------------',Config.git_repo,Config.git_branch)
-        logging.info('--------------------------- Language  :   Files_Size :  Percentage --------------------------------------------------------')
+        #logging.info('--------------------------- Total Lines of Code Scanned: %s --------------------------------------------------------',Config.cloc_total_data)
         # Step 3: Loop through each item in the JSON object    
         for file_type, details in Config.lingu_details.items():
             logging.info('--------------------------- %s  :   %s :  %s%%--------------------------------------------------------', file_type, details['size'], details['percentage'])
@@ -947,13 +951,71 @@ def fetch_zap_advance_config():
         exit(1) #server/saas error    
 
 
+### read cloc data
+
+def load_cloc_json_safe(path="cloc.json"):
+    empty_data = {}
+
+    try:
+        file_path = Path(path)
+
+        if not file_path.exists():
+            return empty_data
+
+        if file_path.stat().st_size == 0:
+            return empty_data
+
+        with open(file_path, "r", encoding="utf-8") as f:
+            data = json.load(f)
+
+        # Validate expected structure
+        if not isinstance(data, dict):
+            return empty_data
+
+        # Optional: cloc usually contains SUM
+        if "SUM" not in data:
+            return empty_data
+
+        Config.cloc_total_data = data['SUM']['code']
+        return data
+
+    except (JSONDecodeError, OSError, ValueError):
+        # Any parsing or IO error → empty result
+        return empty_data
+
+
+
+
+
 def uploadLogs():
     
     # Get the captured log messages
     all_logs = Config.log_stream.logs
 
-    #parameter setup
+    # fetching the cloc results
+
+    # Usage
+    cloc_data = load_cloc_json_safe("cloc.json")
+    #print(type(cloc_data))
+    # cloc_data is a STRING, not dict
+    #cloc_data = cloc_data.strip()
+
+    # try:
+    #     cloc_data = json.loads(cloc_data)  # 
+    # except json.JSONDecodeError:
+    #     cloc_data = {}                     # 
+
+
+    if not cloc_data:
+        logging.error("Invalid or empty cloc JSON, using empty data")
+    else:
+        logging.info("Valid cloc JSON loaded")
 
+    
+
+
+
+    #parameter setup
     body = {
     'auth_token': Config.app_token,
     'customer_token': Config.customer_token,
@@ -962,7 +1024,8 @@ def uploadLogs():
     'git_repo_name':Config.git_repo,
     'git_branch_name':Config.git_branch,
     'full_logs':all_logs,
-    'lingu_details':Config.lingu_details
+    'lingu_details':Config.lingu_details,
+    'loc_details':cloc_data
     # Add more parameters if needed
     }
 
@@ -972,7 +1035,7 @@ def uploadLogs():
     
         url = Config.boman_url+"/api/scan/logs/upload" 
 
-        response = requests.post(url, data=body)
+        response = requests.post(url, json=body)
 
         if response.status_code == 200:
             #logging.info('Uploading logs for the scan token %s',str(Config.scan_token))
@@ -1141,6 +1204,9 @@ def get_summary_of_vulns(response):
         Config.medium_count = vuln['MEDIUM']
         Config.high_count = vuln['HIGH']
         Config.critical_count = vuln['CRITICAL'] 
+        
+        Config.sla_fail_build= response["build_fail"]
+        Config.reason_sla_build_fail = response["reason_for_failing"]
             
         logging.info('Summary: Analyzing Vulnerabitlites Done')
 
@@ -1174,3 +1240,5 @@ def ml_start(app_token, customer_token, scan_token):
             logging.error(f"Connection Error: Can't connect to the Server, Please check your Internet connection. Error: {e}")
     else:
         logging.warning("ML Start API has been already called....")
+
+

{boman_cli-2.5.2 → boman_cli-2.5.4}/setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 environment = prod
-version = 2.5.2
+version = 2.5.4
 name = boman-cli
 saas_base_url = https://dashboard.boman.ai/