devsecops-engine-tools 1.25.1__py3-none-any.whl → 1.26.0__py3-none-any.whl

devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py

@@ -22,6 +22,7 @@ from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s
 from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.printer_pretty_table.printer_pretty_table import (
     PrinterPrettyTable,
 )
+from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.syft.syft import Syft
 import sys
 import argparse
 from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
@@ -115,6 +116,7 @@ def get_inputs_from_cli(args):
         choices=["true", "false"],
         type=str,
         required=False,
+        default="false",
         help="Use Secrets Manager to get the tokens",
     )
     parser.add_argument(
@@ -122,6 +124,7 @@ def get_inputs_from_cli(args):
         choices=["true", "false"],
         type=str,
         required=False,
+        default="false",
         help="Use Vulnerability Management to send the vulnerabilities to the platform",
     )
     parser.add_argument(
@@ -129,6 +132,7 @@ def get_inputs_from_cli(args):
         choices=["true", "false"],
         type=str,
         required=False,
+        default="false",
         help="Enable or Disable the send metrics to the driven adapter metrics",
     )
     parser.add_argument(
@@ -202,6 +206,7 @@ def application_core():
         }.get(args["platform_devops"])
         metrics_manager_gateway = S3Manager()
         printer_table_gateway = PrinterPrettyTable()
+        sbom_tool_gateway = Syft()
 
         init_engine_core(
             vulnerability_management_gateway,
@@ -209,6 +214,7 @@ def application_core():
             devops_platform_gateway,
             printer_table_gateway,
             metrics_manager_gateway,
+            sbom_tool_gateway,
             args,
         )
     except Exception as e:

devsecops_engine_tools/engine_core/src/domain/model/component.py

@@ -0,0 +1,7 @@
+from dataclasses import dataclass
+
+
+@dataclass
+class Component:
+    name: str
+    version: str

devsecops_engine_tools/engine_core/src/domain/model/gateway/sbom_manager.py

@@ -0,0 +1,11 @@
+from abc import ABCMeta, abstractmethod
+from devsecops_engine_tools.engine_core.src.domain.model.component import (
+    Component,
+)
+
+class SbomManagerGateway(metaclass=ABCMeta):
+    @abstractmethod
+    def get_components(
+        self, artifact, config, service_name
+    ) -> "list[Component]":
+        "get_components"

devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py

@@ -31,3 +31,9 @@ class VulnerabilityManagementGateway(metaclass=ABCMeta):
         self, engagement_name, dict_args, secret_tool, config_tool
     ):
         "get_active_engagements"
+
+    @abstractmethod
+    def send_sbom_components(
+        self, sbom_components, service, dict_args, secret_tool, config_tool
+    ):
+        "send_sbom_components"

devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py

@@ -19,6 +19,9 @@ from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform
 from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import (
     VulnerabilityManagement,
 )
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.sbom_manager import (
+    SbomManagerGateway,
+)
 from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore
 from devsecops_engine_tools.engine_core.src.domain.model.level_vulnerability import (
     LevelVulnerability,
@@ -51,83 +54,12 @@ class HandleScan:
         vulnerability_management: VulnerabilityManagementGateway,
         secrets_manager_gateway: SecretsManagerGateway,
         devops_platform_gateway: DevopsPlatformGateway,
+        sbom_tool_gateway: SbomManagerGateway,
     ):
         self.vulnerability_management = vulnerability_management
         self.secrets_manager_gateway = secrets_manager_gateway
         self.devops_platform_gateway = devops_platform_gateway
-
-    def _define_threshold_quality_vuln(
-        self, input_core: InputCore, dict_args, secret_tool, config_tool
-    ):
-        quality_vulnerability_management = (
-            input_core.threshold_defined.quality_vulnerability_management
-        )
-        if quality_vulnerability_management:
-            product_type = self.vulnerability_management.get_product_type_service(
-                input_core.scope_pipeline, dict_args, secret_tool, config_tool
-            )
-            if product_type:
-                pt_name = product_type.name
-                apply_qualitypt = next(
-                    filter(
-                        lambda qapt: pt_name in qapt,
-                        quality_vulnerability_management["PTS"],
-                    ),
-                    None,
-                )
-                if apply_qualitypt:
-                    pt_info = apply_qualitypt[pt_name]
-                    pt_profile = pt_info["PROFILE"]
-                    pt_apps = pt_info["APPS"]
-
-                    input_core.threshold_defined.vulnerability = (
-                        LevelVulnerability(quality_vulnerability_management[pt_profile])
-                        if pt_apps == "ALL"
-                        or any(map(lambda pd: pd in input_core.scope_pipeline, pt_apps))
-                        else input_core.threshold_defined.vulnerability
-                    )
-
-    def _use_vulnerability_management(
-        self, config_tool, input_core, dict_args, secret_tool, env
-    ):
-        try:
-            self.vulnerability_management.send_vulnerability_management(
-                VulnerabilityManagement(
-                    config_tool[dict_args["tool"].upper()]["TOOL"],
-                    input_core,
-                    dict_args,
-                    secret_tool,
-                    config_tool,
-                    self.devops_platform_gateway.get_source_code_management_uri(),
-                    self.devops_platform_gateway.get_base_compact_remote_config_url(
-                        dict_args["remote_config_repo"]
-                    ),
-                    self.devops_platform_gateway.get_variable("access_token"),
-                    self.devops_platform_gateway.get_variable("build_execution_id"),
-                    self.devops_platform_gateway.get_variable("build_id"),
-                    self.devops_platform_gateway.get_variable("branch_tag"),
-                    self.devops_platform_gateway.get_variable("commit_hash"),
-                    env,
-                )
-            )
-
-            self._define_threshold_quality_vuln(
-                input_core, dict_args, secret_tool, config_tool
-            )
-
-        except ExceptionVulnerabilityManagement as ex1:
-            logger.error(str(ex1))
-        try:
-            input_core.totalized_exclusions.extend(
-                self.vulnerability_management.get_findings_excepted(
-                    input_core.scope_pipeline,
-                    dict_args,
-                    secret_tool,
-                    config_tool,
-                )
-            )
-        except ExceptionFindingsExcepted as ex2:
-            logger.error(str(ex2))
+        self.sbom_tool_gateway = sbom_tool_gateway
 
     def process(self, dict_args: any, config_tool: any):
         secret_tool = None
@@ -145,28 +77,25 @@ class HandleScan:
                 self.devops_platform_gateway,
                 env,
             )
-            if (
-                dict_args["use_vulnerability_management"] == "true"
-                and input_core.path_file_results
-            ):
-                self._use_vulnerability_management(
-                    config_tool, input_core, dict_args, secret_tool, env
-                )
+            self._use_vulnerability_management(
+                config_tool, input_core, dict_args, secret_tool, env
+            )
             return findings_list, input_core
         elif "engine_container" in dict_args["tool"]:
-            findings_list, input_core = runner_engine_container(
+            findings_list, input_core, sbom_components = runner_engine_container(
                 dict_args,
                 config_tool["ENGINE_CONTAINER"]["TOOL"],
                 secret_tool,
                 self.devops_platform_gateway,
             )
-            if (
-                dict_args["use_vulnerability_management"] == "true"
-                and input_core.path_file_results
-            ):
-                self._use_vulnerability_management(
-                    config_tool, input_core, dict_args, secret_tool, env
-                )
+            self._use_vulnerability_management(
+                config_tool,
+                input_core,
+                dict_args,
+                secret_tool,
+                env,
+                sbom_components,
+            )
             return findings_list, input_core
         elif "engine_dast" in dict_args["tool"]:
             print(MESSAGE_ENABLED)
@@ -176,39 +105,123 @@ class HandleScan:
                 config_tool["ENGINE_CODE"]["TOOL"],
                 self.devops_platform_gateway,
             )
-            if (
-                dict_args["use_vulnerability_management"] == "true"
-                and input_core.path_file_results
-            ):
-                self._use_vulnerability_management(
-                    config_tool, input_core, dict_args, secret_tool, env
-                )
+            self._use_vulnerability_management(
+                config_tool, input_core, dict_args, secret_tool, env
+            )
             return findings_list, input_core
         elif "engine_secret" in dict_args["tool"]:
             findings_list, input_core = runner_secret_scan(
                 dict_args,
                 config_tool["ENGINE_SECRET"]["TOOL"],
                 self.devops_platform_gateway,
-                secret_tool
+                secret_tool,
+            )
+            self._use_vulnerability_management(
+                config_tool, input_core, dict_args, secret_tool, env
             )
-            if (
-                dict_args["use_vulnerability_management"] == "true"
-                and input_core.path_file_results
-            ):
-                self._use_vulnerability_management(
-                    config_tool, input_core, dict_args, secret_tool, env
-                )
             return findings_list, input_core
         elif "engine_dependencies" in dict_args["tool"]:
-            findings_list, input_core = runner_engine_dependencies(
-                dict_args, config_tool, secret_tool, self.devops_platform_gateway
+            findings_list, input_core, sbom_components = runner_engine_dependencies(
+                dict_args, config_tool, secret_tool, self.devops_platform_gateway, self.sbom_tool_gateway
             )
+            self._use_vulnerability_management(
+                config_tool,
+                input_core,
+                dict_args,
+                secret_tool,
+                env,
+                sbom_components
+            )
+            return findings_list, input_core
+
+    def _define_threshold_quality_vuln(
+        self, input_core: InputCore, dict_args, secret_tool, config_tool
+    ):
+        quality_vulnerability_management = (
+            input_core.threshold_defined.quality_vulnerability_management
+        )
+        if quality_vulnerability_management:
+            product_type = self.vulnerability_management.get_product_type_service(
+                input_core.scope_pipeline, dict_args, secret_tool, config_tool
+            )
+            if product_type:
+                pt_name = product_type.name
+                apply_qualitypt = next(
+                    filter(
+                        lambda qapt: pt_name in qapt,
+                        quality_vulnerability_management["PTS"],
+                    ),
+                    None,
+                )
+                if apply_qualitypt:
+                    pt_info = apply_qualitypt[pt_name]
+                    pt_profile = pt_info["PROFILE"]
+                    pt_apps = pt_info["APPS"]
 
-            if (
-                dict_args["use_vulnerability_management"] == "true"
-                and input_core.path_file_results
-            ):
-                self._use_vulnerability_management(
-                    config_tool, input_core, dict_args, secret_tool, env
+                    input_core.threshold_defined.vulnerability = (
+                        LevelVulnerability(quality_vulnerability_management[pt_profile])
+                        if pt_apps == "ALL"
+                        or any(map(lambda pd: pd in input_core.scope_pipeline, pt_apps))
+                        else input_core.threshold_defined.vulnerability
+                    )
+
+    def _use_vulnerability_management(
+        self,
+        config_tool,
+        input_core: InputCore,
+        dict_args,
+        secret_tool,
+        env,
+        sbom_components=None,
+    ):
+        if dict_args["use_vulnerability_management"] == "true":
+            try:
+                if input_core.path_file_results:
+                    self.vulnerability_management.send_vulnerability_management(
+                        VulnerabilityManagement(
+                            config_tool[dict_args["tool"].upper()]["TOOL"],
+                            input_core,
+                            dict_args,
+                            secret_tool,
+                            config_tool,
+                            self.devops_platform_gateway.get_source_code_management_uri(),
+                            self.devops_platform_gateway.get_base_compact_remote_config_url(
+                                dict_args["remote_config_repo"]
+                            ),
+                            self.devops_platform_gateway.get_variable("access_token"),
+                            self.devops_platform_gateway.get_variable(
+                                "build_execution_id"
+                            ),
+                            self.devops_platform_gateway.get_variable("build_id"),
+                            self.devops_platform_gateway.get_variable("branch_tag"),
+                            self.devops_platform_gateway.get_variable("commit_hash"),
+                            env,
+                        )
+                    )
+
+                    if sbom_components:
+                        self.vulnerability_management.send_sbom_components(
+                            sbom_components,
+                            input_core.scope_pipeline,
+                            dict_args,
+                            secret_tool,
+                            config_tool,
+                        )
+
+                self._define_threshold_quality_vuln(
+                    input_core, dict_args, secret_tool, config_tool
                 )
-            return findings_list, input_core
+
+            except ExceptionVulnerabilityManagement as ex1:
+                logger.error(str(ex1))
+            try:
+                input_core.totalized_exclusions.extend(
+                    self.vulnerability_management.get_findings_excepted(
+                        input_core.scope_pipeline,
+                        dict_args,
+                        secret_tool,
+                        config_tool,
+                    )
+                )
+            except ExceptionFindingsExcepted as ex2:
+                logger.error(str(ex2))

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py

@@ -5,9 +5,6 @@ from devsecops_engine_tools.engine_core.src.domain.model.gateway.vulnerability_m
 from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import (
     VulnerabilityManagement,
 )
-from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import (
-    DevopsPlatformGateway
-)
 from devsecops_engine_tools.engine_utilities.defect_dojo import (
     DefectDojo,
     ImportScanRequest,
@@ -15,6 +12,7 @@ from devsecops_engine_tools.engine_utilities.defect_dojo import (
     Finding,
     Engagement,
     Product,
+    Component,
 )
 from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions
 from devsecops_engine_tools.engine_core.src.domain.model.report import Report
@@ -33,6 +31,7 @@ from functools import partial
 from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
 from devsecops_engine_tools.engine_utilities import settings
 import time
+import concurrent.futures
 
 logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
@@ -76,14 +75,14 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "KICS": "KICS Scanner",
                 "BEARER": "Bearer CLI",
                 "DEPENDENCY_CHECK": "Dependency Check Scan",
-                "SONARQUBE": "SonarQube API Import"
+                "SONARQUBE": "SonarQube API Import",
             }
 
             if any(
                 branch in str(vulnerability_management.branch_tag)
                 for branch in vulnerability_management.config_tool[
                     "VULNERABILITY_MANAGER"
-                ]["BRANCH_FILTER"].split(",")
+                ]["BRANCH_FILTER"]
             ) or (vulnerability_management.dict_args["tool"] == "engine_secret"):
                 tags = vulnerability_management.dict_args["tool"]
                 if vulnerability_management.dict_args["tool"] == "engine_iac":
@@ -178,7 +177,11 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                         "prefetch": "prod_type",
                     },
                 )
-                return response.prefetch.prod_type[str(response.results[0].prod_type)] if response.prefetch else None
+                return (
+                    response.prefetch.prod_type[str(response.results[0].prod_type)]
+                    if response.prefetch
+                    else None
+                )
 
             return self._retries_requests(request_func, dd_max_retries, retry_delay=5)
 
@@ -282,12 +285,14 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "limit": config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"][
                     "LIMITS_QUERY"
                 ],
-                "duplicate": "false"
+                "duplicate": "false",
             }
             max_retries = config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"][
                 "MAX_RETRIES_QUERY"
             ]
-            host_dd = config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["HOST_DEFECT_DOJO"]
+            host_dd = config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"][
+                "HOST_DEFECT_DOJO"
+            ]
 
             findings = self._get_findings(
                 self._get_session_manager(dict_args, secret_tool, config_tool),
@@ -337,7 +342,9 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
 
             engagements = Engagement.get_engagements(request_is, request_active).results
 
-            host_dd = config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["HOST_DEFECT_DOJO"]
+            host_dd = config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"][
+                "HOST_DEFECT_DOJO"
+            ]
 
             for engagement in engagements:
                 engagement.vm_url = f"{host_dd}/engagement/{engagement.id}/finding/open"
@@ -349,6 +356,53 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "Error getting engagements with the following error: {0} ".format(ex)
             )
 
+    def send_sbom_components(
+        self, sbom_components, service, dict_args, secret_tool, config_tool
+    ):
+        try:
+            engagements = self.get_active_engagements(
+                service, dict_args, secret_tool, config_tool
+            )
+            engagement = [
+                engagement for engagement in engagements if engagement.name == service
+            ]
+            session_manager = self._get_session_manager(
+                dict_args, secret_tool, config_tool
+            )
+
+            with concurrent.futures.ThreadPoolExecutor(max_workers=25) as executor:
+                _ = [
+                    executor.submit(
+                        self._process_component,
+                        sbom_component,
+                        session_manager,
+                        engagement,
+                    )
+                    for sbom_component in sbom_components
+                ]
+
+        except Exception as ex:
+            raise ExceptionVulnerabilityManagement(
+                "Error sending components sbom to vulnerability management with the following error: {0} ".format(
+                    ex
+                )
+            )
+
+    def _process_component(self, component_sbom, session_manager, engagement):
+        request = {
+            "name": component_sbom.name,
+            "version": component_sbom.version,
+            "engagement_id": engagement[0].id,
+        }
+        components = Component.get_component(session=session_manager, request=request)
+        if components.results == []:
+            response = Component.create_component(
+                session=session_manager, request=request
+            )
+            logger.info(
+                f"Component created: {response.name} - {response.version} found with id: {response.id}"
+            )
+
     def _get_session_manager(self, dict_args, secret_tool, config_tool):
         token_dd = dict_args.get("token_vulnerability_management") or secret_tool.get(
             "token_defect_dojo"
@@ -382,7 +436,11 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             elif finding.risk_status == "Transfer Accepted":
                 exclusions.append(
                     self._create_report_exclusion(
-                        finding, date_fn, "engine_risk", self.TRANSFERRED_FINDING, host_dd
+                        finding,
+                        date_fn,
+                        "engine_risk",
+                        self.TRANSFERRED_FINDING,
+                        host_dd,
                     )
                 )
         return exclusions
@@ -433,7 +491,6 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
 
         return create_date, expired_date
 
-
     def _create_exclusion(self, finding, date_fn, tool, reason):
         create_date, expired_date = self._date_reason_based(finding, date_fn, reason)
 
@@ -445,7 +502,7 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             severity=finding.severity,
             reason=reason,
         )
-    
+
     def _create_report_exclusion(self, finding, date_fn, tool, reason, host_dd):
         create_date, expired_date = self._date_reason_based(finding, date_fn, reason)
 
@@ -493,7 +550,7 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             false_p=finding.false_p,
             out_of_scope=finding.out_of_scope,
             service=finding.service,
-            unique_id_from_tool=finding.unique_id_from_tool
+            unique_id_from_tool=finding.unique_id_from_tool,
         )
 
     def _format_date_to_dd_format(self, date_string):
@@ -504,7 +561,9 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
         )
 
     def _get_where(self, finding, tool):
-        if tool in ["engine_container", "engine_dependencies"]:
+        if tool == "engine_dependencies":
+            return finding.component_name.replace("_", ":") + ":" + finding.component_version
+        elif tool == "engine_container":
             return finding.component_name + ":" + finding.component_version
         elif tool == "engine_dast":
             return finding.endpoints

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/syft/syft.py

@@ -0,0 +1,122 @@
+from dataclasses import dataclass
+import requests
+import subprocess
+import tarfile
+import zipfile
+import platform
+
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.sbom_manager import (
+    SbomManagerGateway,
+)
+from devsecops_engine_tools.engine_utilities.sbom.deserealizator import (
+    get_list_component,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.component import (
+    Component,
+)
+
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+@dataclass
+class Syft(SbomManagerGateway):
+
+    def get_components(self, artifact, config, service_name) -> "list[Component]":
+        try:
+            syft_version = config["SYFT"]["SYFT_VERSION"]
+            os_platform = platform.system()
+            base_url = (
+                f"https://github.com/anchore/syft/releases/download/v{syft_version}/"
+            )
+
+            command_prefix = "syft"
+            if os_platform == "Linux":
+                file = f"syft_{syft_version}_linux_amd64.tar.gz"
+                command_prefix = self._install_tool_unix(
+                    file, base_url + file, command_prefix
+                )
+            elif os_platform == "Darwin":
+                file = f"syft_{syft_version}_darwin_amd64.tar.gz"
+                command_prefix = self._install_tool_unix(
+                    file, base_url + file, command_prefix
+                )
+            elif os_platform == "Windows":
+                file = f"syft_{syft_version}_windows_amd64.zip"
+                command_prefix = self._install_tool_windows(
+                    file, base_url + file, "syft.exe"
+                )
+            else:
+                logger.warning(f"{os_platform} is not supported.")
+                return None
+
+            result_sbom = self._run_syft(command_prefix, artifact, config, service_name)
+            return get_list_component(result_sbom, config["SYFT"]["OUTPUT_FORMAT"])
+        except Exception as e:
+            logger.error(f"Error generating SBOM: {e}")
+            return None
+
+    def _run_syft(self, command_prefix, artifact, config, service_name):
+        result_file = f"{service_name}_SBOM.json"
+        command = [
+            command_prefix,
+            artifact,
+            "-o",
+            f"{config['SYFT']['OUTPUT_FORMAT']}={result_file}",
+        ]
+        try:
+            subprocess.run(
+                command,
+                check=True,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                text=True,
+            )
+            print(f"SBOM generated and saved to: {result_file}")
+            return result_file
+        except Exception as e:
+            logger.error(f"Error running syft: {e}")
+
+    def _install_tool_unix(self, file, url, command_prefix):
+        installed = subprocess.run(
+            ["which", command_prefix],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+        )
+        if installed.returncode == 1:
+            try:
+                self._download_tool(file, url)
+                with tarfile.open(file, "r:gz") as tar_file:
+                    tar_file.extract(member=tar_file.getmember("syft"))
+                    return "./syft"
+            except Exception as e:
+                logger.error(f"Error installing syft: {e}")
+        else:
+            return installed.stdout.decode("utf-8").strip()
+
+    def _install_tool_windows(self, file, url, command_prefix):
+        try:
+            installed = subprocess.run(
+                [command_prefix, "--version"],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+            )
+            return installed.stdout.decode("utf-8").strip()
+        except:
+            try:
+                self._download_tool(file, url)
+                with zipfile.ZipFile(file, "r") as zip_file:
+                    zip_file.extract(member="syft.exe")
+                    return "./syft.exe"
+            except Exception as e:
+                logger.error(f"Error installing syft: {e}")
+
+    def _download_tool(self, file, url):
+        try:
+            response = requests.get(url, allow_redirects=True)
+            with open(file, "wb") as compress_file:
+                compress_file.write(response.content)
+        except Exception as e:
+            logger.error(f"Error downloading syft: {e}")