conviso-ast 3.0.0.dev1__tar.gz → 3.0.1__tar.gz

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/PKG-INFO

@@ -1,22 +1,22 @@
 Metadata-Version: 2.2
 Name: conviso-ast
-Version: 3.0.0.dev1
+Version: 3.0.1
 Maintainer: Conviso
 Maintainer-email: development@convisoappsec.com
 Project-URL: Source, https://github.com/convisoappsec/convisocli/
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
-Requires-Dist: GitPython==3.1.45
+Requires-Dist: GitPython==3.1.46
 Requires-Dist: click==8.1.8
 Requires-Dist: requests==2.32.5
-Requires-Dist: urllib3==2.4.0
+Requires-Dist: urllib3==2.6.3
 Requires-Dist: semantic-version==2.10.0
 Requires-Dist: docker==7.1.0
 Requires-Dist: PyYAML==6.0.3
 Requires-Dist: click-log==0.4.0
 Requires-Dist: transitions==0.9.2
 Requires-Dist: jsonschema==4.25.1
-Requires-Dist: giturlparse<=0.12.0
+Requires-Dist: giturlparse<=0.14.0
 Requires-Dist: jmespath==1.0.1
 Requires-Dist: setuptools==78.1.0
 Dynamic: description

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/conviso_ast.egg-info/PKG-INFO

@@ -1,22 +1,22 @@
 Metadata-Version: 2.2
 Name: conviso-ast
-Version: 3.0.0.dev1
+Version: 3.0.1
 Maintainer: Conviso
 Maintainer-email: development@convisoappsec.com
 Project-URL: Source, https://github.com/convisoappsec/convisocli/
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
-Requires-Dist: GitPython==3.1.45
+Requires-Dist: GitPython==3.1.46
 Requires-Dist: click==8.1.8
 Requires-Dist: requests==2.32.5
-Requires-Dist: urllib3==2.4.0
+Requires-Dist: urllib3==2.6.3
 Requires-Dist: semantic-version==2.10.0
 Requires-Dist: docker==7.1.0
 Requires-Dist: PyYAML==6.0.3
 Requires-Dist: click-log==0.4.0
 Requires-Dist: transitions==0.9.2
 Requires-Dist: jsonschema==4.25.1
-Requires-Dist: giturlparse<=0.12.0
+Requires-Dist: giturlparse<=0.14.0
 Requires-Dist: jmespath==1.0.1
 Requires-Dist: setuptools==78.1.0
 Dynamic: description

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/conviso_ast.egg-info/SOURCES.txt

@@ -49,13 +49,8 @@ convisoappsec/flow/graphql_api/v1/models/project.py
 convisoappsec/flow/graphql_api/v1/schemas/__init__.py
 convisoappsec/flow/graphql_api/v1/schemas/mutations/__init__.py
 convisoappsec/flow/graphql_api/v1/schemas/resolvers/__init__.py
-convisoappsec/flow/source_code_scanner/__init__.py
-convisoappsec/flow/source_code_scanner/exceptions.py
-convisoappsec/flow/source_code_scanner/scc.py
-convisoappsec/flow/source_code_scanner/source_code_scanner.py
 convisoappsec/flow/util/__init__.py
 convisoappsec/flow/util/ci_provider.py
-convisoappsec/flow/util/metrics.py
 convisoappsec/flow/util/source_code_compressor.py
 convisoappsec/flow/version_searchers/__init__.py
 convisoappsec/flow/version_searchers/sorted_by_versioning_style.py
@@ -76,6 +71,7 @@ convisoappsec/flowcli/assets/create.py
 convisoappsec/flowcli/assets/entrypoint.py
 convisoappsec/flowcli/assets/ls.py
 convisoappsec/flowcli/ast/__init__.py
+convisoappsec/flowcli/ast/dry_run.py
 convisoappsec/flowcli/ast/entrypoint.py
 convisoappsec/flowcli/companies/__init__.py
 convisoappsec/flowcli/companies/ls.py
@@ -106,15 +102,18 @@ convisoappsec/flowcli/findings/create/with_/version_tracker.py
 convisoappsec/flowcli/findings/import_sarif/__init__.py
 convisoappsec/flowcli/findings/import_sarif/entrypoint.py
 convisoappsec/flowcli/iac/__init__.py
+convisoappsec/flowcli/iac/dry_run.py
 convisoappsec/flowcli/iac/entrypoint.py
 convisoappsec/flowcli/iac/run.py
 convisoappsec/flowcli/sast/__init__.py
+convisoappsec/flowcli/sast/dry_run.py
 convisoappsec/flowcli/sast/entrypoint.py
 convisoappsec/flowcli/sast/run.py
 convisoappsec/flowcli/sbom/__init__.py
 convisoappsec/flowcli/sbom/entrypoint.py
 convisoappsec/flowcli/sbom/generate.py
 convisoappsec/flowcli/sca/__init__.py
+convisoappsec/flowcli/sca/dry_run.py
 convisoappsec/flowcli/sca/entrypoint.py
 convisoappsec/flowcli/sca/run.py
 convisoappsec/flowcli/vulnerability/__init__.py

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/conviso_ast.egg-info/requires.txt

@@ -1,13 +1,13 @@
-GitPython==3.1.45
+GitPython==3.1.46
 click==8.1.8
 requests==2.32.5
-urllib3==2.4.0
+urllib3==2.6.3
 semantic-version==2.10.0
 docker==7.1.0
 PyYAML==6.0.3
 click-log==0.4.0
 transitions==0.9.2
 jsonschema==4.25.1
-giturlparse<=0.12.0
+giturlparse<=0.14.0
 jmespath==1.0.1
 setuptools==78.1.0

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/convisoappsec/common/retry_handler.py

@@ -20,7 +20,7 @@ class RetryHandler:
         while retries < self.max_retries:
             try:
                 return func(*args, **kwargs)
-            except Exception:
+            except Exception as log_message:
                 retries += 1
                 time.sleep(delay)
                 delay *= self.backoff_factor
@@ -28,7 +28,7 @@ class RetryHandler:
                 if retries == self.max_retries:
                     full_trace = traceback.format_exc()
                     LOGGER.warning(
-                        "⚠️ Maximum retries reached. Our technical team has been notified."
+                        f"⚠️ Maximum retries reached. Our technical team has been notified. Error: {log_message}" 
                     )
 
                     try:

conviso_ast-3.0.1/convisoappsec/flow/util/__init__.py

@@ -0,0 +1,5 @@
+from .source_code_compressor import SourceCodeCompressor
+
+__all__ = [
+    'SourceCodeCompressor'
+]

conviso_ast-3.0.1/convisoappsec/flowcli/ast/dry_run.py

@@ -0,0 +1,99 @@
+import click
+import json
+import traceback
+import sys
+from convisoappsec.flowcli import help_option
+from convisoappsec.flowcli.context import pass_flow_context
+from convisoappsec.logger import LOGGER
+from convisoappsec.flowcli.common import on_http_error
+from convisoappsec.common.cleaner import Cleaner
+from convisoappsec.sast.sastbox import SASTBox
+from convisoappsec.flowcli.sast.dry_run import execute_dry_run as execute_sast_dry_run
+from convisoappsec.flowcli.sca.dry_run import execute_dry_run as execute_sca_dry_run
+from convisoappsec.flowcli.iac.dry_run import execute_dry_run as execute_iac_dry_run
+
+@click.command(name='dry-run')
+@click.option(
+    "-s", "--start-commit", required=False,
+    help="If no value is set so the empty tree hash commit is used."
+)
+@click.option(
+    "-e", "--end-commit", required=False,
+    help="If no value is set so the HEAD commit from the current branch is used"
+)
+@click.option(
+    "-r", "--repository-dir", default=".", show_default=True,
+    type=click.Path(exists=True, resolve_path=True), required=False,
+    help="The source code repository directory."
+)
+@click.option(
+    "--sastbox-registry", default="", required=False, hidden=True,
+    envvar=("CONVISO_SASTBOX_REGISTRY", "FLOW_SASTBOX_REGISTRY"),
+)
+@click.option(
+    "--sastbox-repository-name", default="", required=False, hidden=True,
+    envvar=("CONVISO_SASTBOX_REPOSITORY_NAME", "FLOW_SASTBOX_REPOSITORY_NAME"),
+)
+@click.option(
+    "--sastbox-tag", default=SASTBox.DEFAULT_TAG, required=False, hidden=True,
+    envvar=("CONVISO_SASTBOX_TAG", "FLOW_SASTBOX_TAG"),
+)
+@click.option(
+    "--sastbox-skip-login/--sastbox-no-skip-login", default=False, required=False, hidden=True,
+    envvar=("CONVISO_SASTBOX_SKIP_LOGIN", "FLOW_SASTBOX_SKIP_LOGIN"),
+)
+@click.option(
+    "--custom-sca-tags", hidden=True, required=False, multiple=True, type=(str, str),
+    help="It should be passed as <repository_name> <image_tag>."
+)
+@click.option(
+    "--scanner-timeout", hidden=True, required=False, default=7200, type=int,
+    help="Set timeout for each scanner"
+)
+@click.option(
+    '--cleanup', default=False, is_flag=True, show_default=True,
+    help="Clean up system resources."
+)
+@help_option
+@pass_flow_context
+def dry_run(flow_context, end_commit, start_commit, repository_dir,
+            sastbox_registry, sastbox_repository_name, sastbox_tag, sastbox_skip_login,
+            custom_sca_tags, scanner_timeout, cleanup):
+    """
+    Perform a dry-run AST analysis (SAST, SCA, IaC).
+    Checks API Key, runs the scans, and outputs the results in JSON format to stdout.
+    Does NOT create assets or deploys on Conviso Platform.
+    """
+    try:
+        results = {}
+
+        # Run SAST
+        sast_results = execute_sast_dry_run(
+            flow_context, end_commit, start_commit, repository_dir,
+            sastbox_registry, sastbox_repository_name, sastbox_tag, sastbox_skip_login
+        )
+        results['sast'] = sast_results
+
+        # Run SCA
+        sca_results = execute_sca_dry_run(
+            flow_context, repository_dir, custom_sca_tags, scanner_timeout
+        )
+        results['sca'] = sca_results
+
+        # Run IaC
+        iac_results = execute_iac_dry_run(
+            flow_context, repository_dir, scanner_timeout
+        )
+        results['iac'] = iac_results
+
+        print(json.dumps(results, indent=2))
+
+        if cleanup:
+            LOGGER.info("🧹 Cleaning up ...")
+            cleaner = Cleaner()
+            cleaner.cleanup()
+
+    except Exception as e:
+        traceback.print_exc(file=sys.stderr)
+        on_http_error(e)
+        sys.exit(1)

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/convisoappsec/flowcli/ast/entrypoint.py

@@ -15,7 +15,7 @@ from convisoappsec.flow import GitAdapter
 from convisoappsec.flowcli.context import pass_flow_context
 from convisoappsec.logger import LOGGER, log_and_notify_ast_event
 from convisoappsec.common.cleaner import Cleaner
-
+from .dry_run import dry_run
 
 def get_default_params_values(cmd_params):
     """ Further information in https://click.palletsprojects.com/en/8.1.x/api/?highlight=params#click.Command.params
@@ -425,3 +425,4 @@ def ast():
 
 
 ast.add_command(run)
+ast.add_command(dry_run)

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/time_.py

@@ -1,6 +1,5 @@
 import click
 # TODO: refactoring. all deploy create share some behavior
-from convisoappsec.flow.util import project_metrics
 from convisoappsec.flow.version_searchers import TimeBasedVersionSearcher
 from convisoappsec.flow.version_control_system_adapter import GitAdapter
 from convisoappsec.flowcli.context import pass_flow_context
@@ -72,7 +71,6 @@ def time_(flow_context, create_context, tag_tracker_context, attach_diff):
             previous_version=previous_version,
             diff_content=diff_content,
             metrics=deploy_metrics,
-            project_metrics=project_metrics(repository_dir),
             commit_authors=authors_data
         )
 

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/versioning_style.py

@@ -1,6 +1,5 @@
 import click
 # TODO: refactoring. all deploy create share some behavior
-from convisoappsec.flow.util import project_metrics
 from convisoappsec.flowcli.context import pass_flow_context
 from convisoappsec.flow.version_searchers import SortedByVersioningStyle
 from convisoappsec.flow.version_control_system_adapter import GitAdapter
@@ -103,7 +102,6 @@ def versioning_style(
             previous_version=previous_version,
             diff_content=diff_content,
             metrics=deploy_metrics,
-            project_metrics=project_metrics(repository_dir),
             commit_authors=authors_data
         )
 

conviso_ast-3.0.1/convisoappsec/flowcli/iac/dry_run.py

@@ -0,0 +1,94 @@
+import click
+import click_log
+import json
+import traceback
+import sys
+from convisoappsec.common.box import ContainerWrapper
+from convisoappsec.flowcli import help_option
+from convisoappsec.flowcli.context import pass_flow_context
+from convisoappsec.logger import LOGGER
+from convisoappsec.flowcli.common import on_http_error
+from convisoappsec.common.cleaner import Cleaner
+
+def execute_dry_run(flow_context, repository_dir, scanner_timeout):
+    REQUIRED_CODEBASE_PATH = '/code'
+    IAC_IMAGE_NAME = 'iac_scanner_checkov'
+    IAC_SCAN_FILENAME = '/{}.json'.format(IAC_IMAGE_NAME)
+    containers_map = {
+        IAC_IMAGE_NAME: {
+            'repository_dir': repository_dir,
+            'repository_name': IAC_IMAGE_NAME,
+            'tag': 'unstable',
+            'command': [
+                '-c', REQUIRED_CODEBASE_PATH,
+                '-o', IAC_SCAN_FILENAME,
+            ],
+        },
+    }
+
+    conviso_rest_api = flow_context.create_conviso_rest_api_client()
+    token = conviso_rest_api.docker_registry.get_sast_token()
+    
+    LOGGER.info('💬 Preparing Environment...')
+    scanners_wrapper = ContainerWrapper(
+        token=token,
+        containers_map=containers_map,
+        logger=LOGGER,
+        timeout=scanner_timeout
+    )
+
+    LOGGER.info('💬 Starting IaC...')
+    scanners_wrapper.run()
+
+    results_list = []
+    for r in scanners_wrapper.scanners:
+        report_filepath = r.results
+        if report_filepath:
+             try:
+                with open(report_filepath, 'r') as f:
+                    results_list.append(json.load(f))
+             except Exception as e:
+                click.echo(f"Error reading result file {report_filepath}: {e}", file=sys.stderr)
+
+    if len(results_list) == 1:
+        return results_list[0]
+    return results_list
+
+@click.command(name='dry-run')
+@click.option(
+    '-r', '--repository-dir', default=".", show_default=True,
+    type=click.Path(exists=True, resolve_path=True), required=False,
+    help="The source code repository directory."
+)
+@click.option(
+    "--scanner-timeout", hidden=True, required=False, default=7200, type=int,
+    help="Set timeout for each scanner"
+)
+@click.option(
+    '--cleanup', default=False, is_flag=True, show_default=True,
+    help="Clean up system resources."
+)
+@help_option
+@pass_flow_context
+def dry_run(flow_context, repository_dir, scanner_timeout, cleanup):
+    """
+    Perform a dry-run IAC analysis.
+    Checks API Key, runs the scan, and outputs the results in JSON format to stdout.
+    Does NOT create assets or deploys on Conviso Platform.
+    """
+    try:
+        results = execute_dry_run(flow_context, repository_dir, scanner_timeout)
+
+        if results:
+            print(json.dumps(results, indent=2))
+        else:
+            print(json.dumps({}, indent=2))
+
+        if cleanup:
+            LOGGER.info("🧹 Cleaning up ...")
+            cleaner = Cleaner()
+            cleaner.cleanup()
+
+    except Exception as e:
+        on_http_error(e)
+        sys.exit(1)

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/convisoappsec/flowcli/iac/entrypoint.py

@@ -2,6 +2,7 @@ import click
 
 from convisoappsec.flowcli import help_option
 from .run import run
+from .dry_run import dry_run
 
 
 @click.group()
@@ -11,6 +12,7 @@ def iac():
 
 
 iac.add_command(run)
+iac.add_command(dry_run)
 
 iac.epilog = '''
   Run flow iac COMMAND --help for more information on a command.

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/convisoappsec/flowcli/iac/run.py

@@ -142,6 +142,7 @@ def run(context, flow_context, asset_id, company_id, repository_dir, send_to_flo
 def deploy_results_to_conviso(
         conviso_api, results_filepaths, asset_id, company_id, flow_context, deploy_id, commit_ref=None, control_sync_status_id=None
 ):
+
     results_context = click.progressbar(results_filepaths, label="Sending results to the Conviso Platform...")
 
     with results_context as reports:
@@ -150,7 +151,7 @@ def deploy_results_to_conviso(
                 with open(report_path) as report_file:
                     data = parse_data(json.load(report_file))
             except Exception:
-                LOGGER.warn(f"⚠️ Error processing report file. Our technical team has been notified.")
+                LOGGER.warning(f"⚠️ Error processing report file. Our technical team has been notified.")
                 full_trace = traceback.format_exc()
                 log_and_notify_ast_event(
                     flow_context=flow_context, company_id=company_id, asset_id=asset_id,
@@ -181,6 +182,8 @@ def deploy_results_to_conviso(
                 except ResponseError as error:
                     if error.code == 'RECORD_NOT_UNIQUE':
                         continue
+                    elif error.code == "Record not found" or "Record not found" in str(error):
+                        continue
                     else:
                         retry_handler = RetryHandler(
                             flow_context=flow_context, company_id=company_id, asset_id=asset_id

conviso_ast-3.0.1/convisoappsec/flowcli/sast/dry_run.py

@@ -0,0 +1,159 @@
+import sys
+import click
+import traceback
+import json
+from convisoappsec.sast.sastbox import SASTBox
+from docker.errors import APIError
+import time
+from convisoappsec.flow import GitAdapter
+from convisoappsec.flowcli import help_option
+from convisoappsec.flowcli.context import pass_flow_context
+from convisoappsec.logger import LOGGER
+from convisoappsec.common.cleaner import Cleaner
+from convisoappsec.flowcli.common import on_http_error
+
+class DryRunSASTBox(SASTBox):
+    def recovery_technologies_file(self):
+        # Skip technology recovery and update for dry-run
+        pass
+
+def perform_dry_run_sastbox_scan(
+    conviso_rest_api, sastbox_registry, sastbox_repository_name, sastbox_tag, sastbox_skip_login, repository_dir, end_commit, start_commit, logger
+):
+    max_retries = 5
+    retries = 0
+    sastbox = DryRunSASTBox(registry=sastbox_registry, repository_name=sastbox_repository_name, tag=sastbox_tag)
+    pull_progress_bar = click.progressbar(length=sastbox.size, label="Performing SAST download...")
+
+    while retries < max_retries:
+        try:
+            if not sastbox_skip_login:
+                logger("Checking SASTBox authorization...")
+                token = conviso_rest_api.docker_registry.get_sast_token()
+                sastbox.login(token)
+
+            with pull_progress_bar as progressbar:
+                for downloaded_chunk in sastbox.pull():
+                    progressbar.update(downloaded_chunk)
+            break
+        except APIError as e:
+            retries += 1
+            logger(f"Retrying {retries}/{max_retries}...")
+            time.sleep(1)
+
+            if retries == max_retries:
+                logger("Max retries reached. Failed to perform SAST download.")
+                raise Exception(f"Max retries reached. Could not complete the SAST download. Error: {str(e)}")
+
+    logger("Starting SAST scan diff...")
+
+    reports = sastbox.run_scan_diff(repository_dir, end_commit, start_commit, log=logger)
+
+    logger("SAST scan diff done.")
+
+    results_filepaths = []
+    for r in reports:
+        try:
+            file_path = str(r)
+            results_filepaths.append(file_path)
+        except Exception as e:
+            click.echo(f"Error decoding file path: {r} with error {e}.", file=sys.stderr)
+
+    return results_filepaths
+
+def log_func(msg, new_line=True):
+    click.echo(msg, nl=new_line, err=True)
+
+def execute_dry_run(flow_context, end_commit, start_commit, repository_dir,
+                    sastbox_registry, sastbox_repository_name, sastbox_tag, sastbox_skip_login):
+    git_adapter = GitAdapter(repository_dir)
+    end_commit = end_commit or git_adapter.head_commit
+    start_commit = start_commit or git_adapter.empty_repository_tree_commit
+
+    if start_commit == end_commit:
+        return {}
+
+    conviso_rest_api = flow_context.create_conviso_rest_api_client()
+
+    results_filepaths = perform_dry_run_sastbox_scan(
+        conviso_rest_api, sastbox_registry, sastbox_repository_name, sastbox_tag,
+        sastbox_skip_login, repository_dir, end_commit, start_commit, log_func
+    )
+    
+    results_list = []
+    for path in results_filepaths:
+        try:
+            with open(path, 'r') as f:
+                results_list.append(json.load(f))
+        except Exception as e:
+            click.echo(f"Error reading result file {path}: {e}", file=sys.stderr)
+
+    if len(results_list) == 1:
+        return results_list[0]
+    return results_list
+
+@click.command(name='dry-run')
+@click.option(
+    "-s", "--start-commit", required=False,
+    help="If no value is set so the empty tree hash commit is used."
+)
+@click.option(
+    "-e", "--end-commit", required=False,
+    help="If no value is set so the HEAD commit from the current branch is used"
+)
+@click.option(
+    "-r", "--repository-dir", default=".", show_default=True,
+    type=click.Path(exists=True, resolve_path=True), required=False,
+    help="The source code repository directory."
+)
+@click.option(
+    "--sastbox-registry", default="", required=False, hidden=True,
+    envvar=("CONVISO_SASTBOX_REGISTRY", "FLOW_SASTBOX_REGISTRY"),
+)
+@click.option(
+    "--sastbox-repository-name", default="", required=False, hidden=True,
+    envvar=("CONVISO_SASTBOX_REPOSITORY_NAME", "FLOW_SASTBOX_REPOSITORY_NAME"),
+)
+@click.option(
+    "--sastbox-tag", default=SASTBox.DEFAULT_TAG, required=False, hidden=True,
+    envvar=("CONVISO_SASTBOX_TAG", "FLOW_SASTBOX_TAG"),
+)
+@click.option(
+    "--sastbox-skip-login/--sastbox-no-skip-login", default=False, required=False, hidden=True,
+    envvar=("CONVISO_SASTBOX_SKIP_LOGIN", "FLOW_SASTBOX_SKIP_LOGIN"),
+)
+@click.option(
+    '--cleanup', default=False, is_flag=True, show_default=True,
+    help="Clean up system resources."
+)
+@click.option(
+    "-o", "--output", required=False, help="Output the results to a JSON file."
+)
+@help_option
+@pass_flow_context
+def dry_run(flow_context, end_commit, start_commit, repository_dir,
+            sastbox_registry, sastbox_repository_name, sastbox_tag, sastbox_skip_login, cleanup, output):
+    try:
+        results = execute_dry_run(
+            flow_context, end_commit, start_commit, repository_dir,
+            sastbox_registry, sastbox_repository_name, sastbox_tag, sastbox_skip_login
+        )
+
+        if output:
+            with open(output, "w") as f:
+                json.dump(results if results else {}, f, indent=2)
+            LOGGER.info(f"Results saved to {output}")
+        elif results:
+            print(json.dumps(results, indent=2))
+        else:
+            print(json.dumps({}, indent=2))
+            
+        if cleanup:
+            LOGGER.info("🧹 Cleaning up ...")
+            cleaner = Cleaner()
+            cleaner.cleanup()
+
+    except Exception as e:
+        traceback.print_exc(file=sys.stderr)
+        on_http_error(e)
+        sys.exit(1)

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/convisoappsec/flowcli/sast/entrypoint.py

@@ -2,6 +2,7 @@ import click
 
 from convisoappsec.flowcli import help_option
 from .run import run
+from .dry_run import dry_run
 
 
 @click.group()
@@ -11,6 +12,7 @@ def sast():
 
 
 sast.add_command(run)
+sast.add_command(dry_run)
 
 sast.epilog = '''
   Run flow sast COMMAND --help for more information on a command.

{conviso_ast-3.0.0.dev1 → conviso_ast-3.0.1}/convisoappsec/flowcli/sbom/generate.py

@@ -182,7 +182,7 @@ def generate(context, flow_context, asset_id, company_id, repository_dir, send_t
                 stderr=subprocess.DEVNULL
             )
             command = [f"./conviso/syft scan {repository_dir} -o cyclonedx-json={file_name} "
-                       f"--select-catalogers '{','.join(catalogers)}'"]
+                       f"--select-catalogers '{','.join(catalogers)}' --exclude ./conviso"]
 
             subprocess.run(command, shell=True, check=True, capture_output=True)