fosslight-scanner 2.1.14__tar.gz → 2.1.16__tar.gz

{fosslight_scanner-2.1.14/src/fosslight_scanner.egg-info → fosslight_scanner-2.1.16}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fosslight_scanner
-Version: 2.1.14
+Version: 2.1.16
 Summary: FOSSLight Scanner
 Home-page: https://github.com/fosslight/fosslight_scanner
 Download-URL: https://github.com/fosslight/fosslight_scanner
@@ -20,9 +20,9 @@ Requires-Dist: openpyxl
 Requires-Dist: progress
 Requires-Dist: pyyaml
 Requires-Dist: beautifulsoup4
-Requires-Dist: fosslight_util<3.0.0,>=2.1.37
+Requires-Dist: fosslight_util<3.0.0,>=2.1.38
 Requires-Dist: fosslight_source<3.0.0,>=2.2.3
-Requires-Dist: fosslight_dependency<5.0.0,>=4.1.30
+Requires-Dist: fosslight_dependency<5.0.0,>=4.1.31
 Requires-Dist: fosslight_binary<6.0.0,>=5.1.17
 Requires-Dist: fosslight_prechecker<5.0.0,>=4.0.0
 Dynamic: author
@@ -45,8 +45,7 @@ SPDX-License-Identifier: Apache-2.0
 # FOSSLight Scanner
 <strong>Analyze at once for Open Source Compliance.</strong><br>
 
-<img src="https://img.shields.io/pypi/l/fosslight_scanner" alt="FOSSLight Scanner is released under the Apache-2.0." /> <img src="https://img.shields.io/pypi/v/fosslight_scanner" alt="Current python package version." /> <img src="https://img.shields.io/pypi/pyversions/fosslight_scanner" /> [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_scanner)
-
+<img src="https://img.shields.io/pypi/l/fosslight_scanner" alt="FOSSLight Scanner license: Apache-2.0" /> <img src="https://img.shields.io/pypi/v/fosslight_scanner" alt="Current python package version" /> <img src="https://img.shields.io/pypi/pyversions/fosslight_scanner" /> [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_scanner)
 
 **FOSSLight Scanner** performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in [FOSSLight Report][or] format.
 
@@ -72,44 +71,50 @@ SPDX-License-Identifier: Apache-2.0
   - [🚀 How to run](#-how-to-run)
     - [Parameters](#parameters)
     - [Ex 1. Local Source Analysis](#ex-1-local-source-analysis)
-    - [Ex 2. Download Link and analyze](#ex-2-download-link-and-analyze)
+    - [Ex 2. Local Source Analysis with Path to Exclude](#ex-2-local-source-analysis-with-path-to-exclude)
+    - [Ex 3. Download Link and analyze](#ex-3-download-link-and-analyze)
+    - [Ex 4. Compare the BOM of two FOSSLight reports](#ex-4-compare-the-bom-of-two-fosslight-reports)
   - [📁 Result](#-result)
   - [🐳 How to run using Docker](#-how-to-run-using-docker)
   - [👏 How to report issue](#-how-to-report-issue)
   - [📄 License](#-license)
 
-
 ## 📋 Prerequisite
 
 FOSSLight Scanner needs a Python 3.10+.
 
 ## 🎉 How to install
 
+It can be installed using pip3. It is recommended to install it in a [virtualenv](https://fosslight.org/fosslight-guide-en/scanner/etc/guide_virtualenv.html) environment.
 
-It can be installed using pip3. It is recommended to install it in the [virtualenv]([etc/guide_virtualenv.md](https://fosslight.org/fosslight-guide-en/scanner/etc/guide_virtualenv.html)) environment.
-
-```
-$ pip3 install fosslight_scanner
+```bash
+pip3 install fosslight_scanner
 ```
 
 ## 🚀 How to run
 
 FOSSLight Scanner is run with the **fosslight** command.
-``` 
+
+```bash
 fosslight [Mode] [option1] <arg1> [option2] <arg2>...
-``` 
-### Parameters   
+```
+
+### Parameters
+
 Mode
-``` 
+
+```text
         all                     Run all scanners(Default)
         source                  Run FOSSLight Source
         dependency              Run FOSSLight Dependency
         binary                  Run FOSSLight Binary
         prechecker              Run FOSSLight Prechecker
         compare                 Compare two FOSSLight reports
-``` 
+```
+
 Options:
-``` 
+
+```text
         -h                      Print help message
         -p <path>               Path to analyze (ex, -p {input_path})
                                  * Compare mode input file: Two FOSSLight reports (supports excel, yaml)
@@ -119,7 +124,7 @@ Options:
                                  * Compare mode result file: supports excel, json, yaml, html
         -o <output>             Output directory or file
         -c <number>             Number of processes to analyze source
-        -e <path>               Path to exclude from analysis (files and directories, pattern matching is available
+        -e <path>               Path to exclude from analysis (files and directories, pattern matching is available)
                                  * IMPORTANT: Always wrap patterns in quotes("") to avoid shell expansion.
                                    Example) fosslight -e "test/abc.py" "*.jar" "test/"
         -r                      Keep raw data
@@ -129,68 +134,81 @@ Options:
                                  * Direct cli flags have higher priority than setting file
                                    (ex, '-f yaml -s setting.json' - result file extension is .yaml)
 ```
-- Refs. 
-    - Additional arguments for running dependency analysis. See the [FOSSLight Dependency Guide][fd_guide] for instructions.
-    - In the case of DB URL, it is the [DB connection information to be used in FOSSLight Binary][flbindb].
-- Pattern Matching Pattern matching guide Guide for the -e Option
-    - ⚠️ Make sure to use double quotes ("") when entering values.     
-        - Example) fosslight -e "test/abc.py" "*.jar" "test/"    
-    - ⚠️ File names and extensions are case-sensitive, so please enter them exactly as intended.    
+
+- Refs.
+  - Additional arguments for running dependency analysis. See the [FOSSLight Dependency Guide][fd_guide] for instructions.
+  - In the case of DB URL, it is the [DB connection information to be used in FOSSLight Binary][flbindb].
+- Pattern matching guide for the -e option
+  - ⚠️ Make sure to use double quotes ("") when entering values.
+    - Example) fosslight -e "test/abc.py" "*.jar" "test/"
+  - ⚠️ File names and extensions are case-sensitive, so please enter them exactly as intended.
 
 [flbindb]: https://fosslight.org/fosslight-guide-en/scanner/etc/binary_db.html
 [fd_guide]: https://fosslight.org/fosslight-guide-en/scanner/2_dependency.html
 
 ### Ex 1. Local Source Analysis
+
+```bash
+fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"
 ```
-$ fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"
-```
+
+If using additional flags like -d, document them in Options section or link to related guide.
 
 ### Ex 2. Local Source Analysis with Path to Exclude
-```
-$ fosslight all -p /home/source_path -e temp_dir src/temp.py
+
+```bash
+fosslight all -p /home/source_path -e "temp_dir" "src/temp.py"
 ```
 
 ### Ex 3. Download Link and analyze
-```
-$ fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"
-```
-If you want to analyze private repository, set your github token like below.
-```
-$ fosslight all -w "https://my_github_token@github.com/Foo/private_repo
+
+```bash
+fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"
 ```
 
-### Ex 4. Compare the BOM of two FOSSLight reports with yaml or excel format and check the oss status (change/add/delete)
+If you want to analyze private repository, set your GitHub token like below.
+
+```bash
+fosslight all -w "https://my_github_token@github.com/Foo/private_repo"
 ```
-$ fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel
+
+### Ex 4. Compare the BOM of two FOSSLight reports
+
+```bash
+fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel
 ```
 
 ## 📁 Result
 
-```
+```text
 $ tree
 .
 ├── fosslight_log
-│   ├── fosslight_log_20210924_022422.txt
+│   ├── fosslight_log_20210924_022422.txt
 └── FOSSLight-Report_20210924_022422.xlsx
 ```
 
-- FOSSLight_Report-[datetime].xlsx : OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
+- FOSSLight_Report-[datetime].xlsx: OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
 - fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis
 
 ## 🐳 How to run using Docker
+
 1. Build image using Dockerfile.
+
+```bash
+docker build -t fosslight .
 ```
-$docker build -t fosslight .
-```
-2. Run with the image you built.      
+
+2. Run with the image you built.  
 ex. Output: /Users/fosslight_source_scanner/test_output, Path to be analyzed: tests/test_files
-```
-$docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output
+
+```bash
+docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output
 ```
 
 ## 👏 How to report issue
 
-Please report any ideas or bugs to improve by creating an issue in [fosslight_scanner repository][cl].    
+Please report any ideas or bugs to improve by creating an issue in [fosslight_scanner repository][cl].  
 Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.
 
 [cl]: https://github.com/fosslight/fosslight_scanner/issues

{fosslight_scanner-2.1.14 → fosslight_scanner-2.1.16}/README.md

@@ -6,8 +6,7 @@ SPDX-License-Identifier: Apache-2.0
 # FOSSLight Scanner
 <strong>Analyze at once for Open Source Compliance.</strong><br>
 
-<img src="https://img.shields.io/pypi/l/fosslight_scanner" alt="FOSSLight Scanner is released under the Apache-2.0." /> <img src="https://img.shields.io/pypi/v/fosslight_scanner" alt="Current python package version." /> <img src="https://img.shields.io/pypi/pyversions/fosslight_scanner" /> [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_scanner)
-
+<img src="https://img.shields.io/pypi/l/fosslight_scanner" alt="FOSSLight Scanner license: Apache-2.0" /> <img src="https://img.shields.io/pypi/v/fosslight_scanner" alt="Current python package version" /> <img src="https://img.shields.io/pypi/pyversions/fosslight_scanner" /> [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_scanner)
 
 **FOSSLight Scanner** performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in [FOSSLight Report][or] format.
 
@@ -33,44 +32,50 @@ SPDX-License-Identifier: Apache-2.0
   - [🚀 How to run](#-how-to-run)
     - [Parameters](#parameters)
     - [Ex 1. Local Source Analysis](#ex-1-local-source-analysis)
-    - [Ex 2. Download Link and analyze](#ex-2-download-link-and-analyze)
+    - [Ex 2. Local Source Analysis with Path to Exclude](#ex-2-local-source-analysis-with-path-to-exclude)
+    - [Ex 3. Download Link and analyze](#ex-3-download-link-and-analyze)
+    - [Ex 4. Compare the BOM of two FOSSLight reports](#ex-4-compare-the-bom-of-two-fosslight-reports)
   - [📁 Result](#-result)
   - [🐳 How to run using Docker](#-how-to-run-using-docker)
   - [👏 How to report issue](#-how-to-report-issue)
   - [📄 License](#-license)
 
-
 ## 📋 Prerequisite
 
 FOSSLight Scanner needs a Python 3.10+.
 
 ## 🎉 How to install
 
+It can be installed using pip3. It is recommended to install it in a [virtualenv](https://fosslight.org/fosslight-guide-en/scanner/etc/guide_virtualenv.html) environment.
 
-It can be installed using pip3. It is recommended to install it in the [virtualenv]([etc/guide_virtualenv.md](https://fosslight.org/fosslight-guide-en/scanner/etc/guide_virtualenv.html)) environment.
-
-```
-$ pip3 install fosslight_scanner
+```bash
+pip3 install fosslight_scanner
 ```
 
 ## 🚀 How to run
 
 FOSSLight Scanner is run with the **fosslight** command.
-``` 
+
+```bash
 fosslight [Mode] [option1] <arg1> [option2] <arg2>...
-``` 
-### Parameters   
+```
+
+### Parameters
+
 Mode
-``` 
+
+```text
         all                     Run all scanners(Default)
         source                  Run FOSSLight Source
         dependency              Run FOSSLight Dependency
         binary                  Run FOSSLight Binary
         prechecker              Run FOSSLight Prechecker
         compare                 Compare two FOSSLight reports
-``` 
+```
+
 Options:
-``` 
+
+```text
         -h                      Print help message
         -p <path>               Path to analyze (ex, -p {input_path})
                                  * Compare mode input file: Two FOSSLight reports (supports excel, yaml)
@@ -80,7 +85,7 @@ Options:
                                  * Compare mode result file: supports excel, json, yaml, html
         -o <output>             Output directory or file
         -c <number>             Number of processes to analyze source
-        -e <path>               Path to exclude from analysis (files and directories, pattern matching is available
+        -e <path>               Path to exclude from analysis (files and directories, pattern matching is available)
                                  * IMPORTANT: Always wrap patterns in quotes("") to avoid shell expansion.
                                    Example) fosslight -e "test/abc.py" "*.jar" "test/"
         -r                      Keep raw data
@@ -90,68 +95,81 @@ Options:
                                  * Direct cli flags have higher priority than setting file
                                    (ex, '-f yaml -s setting.json' - result file extension is .yaml)
 ```
-- Refs. 
-    - Additional arguments for running dependency analysis. See the [FOSSLight Dependency Guide][fd_guide] for instructions.
-    - In the case of DB URL, it is the [DB connection information to be used in FOSSLight Binary][flbindb].
-- Pattern Matching Pattern matching guide Guide for the -e Option
-    - ⚠️ Make sure to use double quotes ("") when entering values.     
-        - Example) fosslight -e "test/abc.py" "*.jar" "test/"    
-    - ⚠️ File names and extensions are case-sensitive, so please enter them exactly as intended.    
+
+- Refs.
+  - Additional arguments for running dependency analysis. See the [FOSSLight Dependency Guide][fd_guide] for instructions.
+  - In the case of DB URL, it is the [DB connection information to be used in FOSSLight Binary][flbindb].
+- Pattern matching guide for the -e option
+  - ⚠️ Make sure to use double quotes ("") when entering values.
+    - Example) fosslight -e "test/abc.py" "*.jar" "test/"
+  - ⚠️ File names and extensions are case-sensitive, so please enter them exactly as intended.
 
 [flbindb]: https://fosslight.org/fosslight-guide-en/scanner/etc/binary_db.html
 [fd_guide]: https://fosslight.org/fosslight-guide-en/scanner/2_dependency.html
 
 ### Ex 1. Local Source Analysis
+
+```bash
+fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"
 ```
-$ fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"
-```
+
+If using additional flags like -d, document them in Options section or link to related guide.
 
 ### Ex 2. Local Source Analysis with Path to Exclude
-```
-$ fosslight all -p /home/source_path -e temp_dir src/temp.py
+
+```bash
+fosslight all -p /home/source_path -e "temp_dir" "src/temp.py"
 ```
 
 ### Ex 3. Download Link and analyze
-```
-$ fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"
-```
-If you want to analyze private repository, set your github token like below.
-```
-$ fosslight all -w "https://my_github_token@github.com/Foo/private_repo
+
+```bash
+fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"
 ```
 
-### Ex 4. Compare the BOM of two FOSSLight reports with yaml or excel format and check the oss status (change/add/delete)
+If you want to analyze private repository, set your GitHub token like below.
+
+```bash
+fosslight all -w "https://my_github_token@github.com/Foo/private_repo"
 ```
-$ fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel
+
+### Ex 4. Compare the BOM of two FOSSLight reports
+
+```bash
+fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel
 ```
 
 ## 📁 Result
 
-```
+```text
 $ tree
 .
 ├── fosslight_log
-│   ├── fosslight_log_20210924_022422.txt
+│   ├── fosslight_log_20210924_022422.txt
 └── FOSSLight-Report_20210924_022422.xlsx
 ```
 
-- FOSSLight_Report-[datetime].xlsx : OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
+- FOSSLight_Report-[datetime].xlsx: OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
 - fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis
 
 ## 🐳 How to run using Docker
+
 1. Build image using Dockerfile.
+
+```bash
+docker build -t fosslight .
 ```
-$docker build -t fosslight .
-```
-2. Run with the image you built.      
+
+2. Run with the image you built.  
 ex. Output: /Users/fosslight_source_scanner/test_output, Path to be analyzed: tests/test_files
-```
-$docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output
+
+```bash
+docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output
 ```
 
 ## 👏 How to report issue
 
-Please report any ideas or bugs to improve by creating an issue in [fosslight_scanner repository][cl].    
+Please report any ideas or bugs to improve by creating an issue in [fosslight_scanner repository][cl].  
 Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.
 
 [cl]: https://github.com/fosslight/fosslight_scanner/issues
@@ -160,4 +178,4 @@ Then there will be quick bug fixes and upgrades. Ideas to improve are always wel
 
 FOSSLight Scanner is released under [Apache-2.0][l].
 
-[l]: https://github.com/fosslight/fosslight_scanner/blob/main/LICENSE
+[l]: https://github.com/fosslight/fosslight_scanner/blob/main/LICENSE

{fosslight_scanner-2.1.14 → fosslight_scanner-2.1.16}/requirements.txt

@@ -4,8 +4,8 @@ openpyxl
 progress
 pyyaml
 beautifulsoup4
-fosslight_util>=2.1.37,<3.0.0
+fosslight_util>=2.1.38,<3.0.0
 fosslight_source>=2.2.3,<3.0.0
-fosslight_dependency>=4.1.30,<5.0.0
+fosslight_dependency>=4.1.31,<5.0.0
 fosslight_binary>=5.1.17,<6.0.0
 fosslight_prechecker>=4.0.0,<5.0.0

{fosslight_scanner-2.1.14 → fosslight_scanner-2.1.16}/setup.py

@@ -15,7 +15,7 @@ with open('requirements.txt', 'r', 'utf-8') as f:
 if __name__ == "__main__":
     setup(
         name='fosslight_scanner',
-        version='2.1.14',
+        version='2.1.16',
         package_dir={"": "src"},
         packages=find_packages(where='src'),
         description='FOSSLight Scanner',

fosslight_scanner-2.1.16/src/fosslight_scanner/_help.py

@@ -0,0 +1,95 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2021 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+from fosslight_util.help import PrintHelpMsg
+from fosslight_util.output_format import SUPPORT_FORMAT
+
+_HELP_MESSAGE_SCANNER = f"""
+    📖 Usage
+    ────────────────────────────────────────────────────────────────────
+    fosslight [mode] [options] <arguments>
+
+    📝 Description
+    ────────────────────────────────────────────────────────────────────
+    FOSSLight Scanner performs comprehensive open source analysis by running
+    multiple modes (Source, Dependency, Binary) together. It can download
+    source code from URLs (git/wget) or analyze local paths, and generates
+    results in OSS Report format.
+
+    📚 Guide: https://fosslight.org/fosslight-guide/scanner/
+
+    🔧 Modes
+    ────────────────────────────────────────────────────────────────────
+    all (default)          Run all modes (Source, Dependency, Binary)
+    source                 Run FOSSLight Source analysis only
+    dependency             Run FOSSLight Dependency analysis only
+    binary                 Run FOSSLight Binary analysis only
+    compare                Compare two FOSSLight reports
+
+    Note: Multiple modes can be specified separated by comma
+          Example: fosslight source,binary -p /path/to/analyze
+
+    ⚙️  General Options
+    ────────────────────────────────────────────────────────────────────
+    -p <path>              Path to analyze
+                           • Compare mode: path to two FOSSLight reports (excel/yaml)
+    -w <url>               URL to download and analyze (git clone or wget)
+    -f <format>            Output format ({', '.join(SUPPORT_FORMAT)})
+                           • Compare mode: excel, json, yaml, html
+                           • Multiple formats: ex) -f excel yaml json (separated by space)
+    -e <pattern>           Exclude paths from analysis (files and directories)
+                           ⚠️  IMPORTANT: Always wrap in quotes to avoid shell expansion
+                           Example: fosslight -e "test/" "*.jar"
+    -o <path>              Output directory or file name
+    -c <number>            Number of processes for source analysis
+    -r                     Keep raw data from scanners
+    -t                     Hide progress bar
+    -h                     Show this help message
+    -v                     Show version information
+    -s <path>              Apply settings from JSON file(check format with 'setting.json' in this repository)
+                           Note: CLI flags override settings file
+                           Example: -f yaml -s setting.json → output is .yaml
+    --no_correction        Skip OSS information correction with sbom-info.yaml
+                           (Correction only supports excel format)
+    --correct_fpath <path> Path to sbom-info.yaml file for correction
+    --ui                   Generate UI mode result file
+    --recursive_dep        Recursively analyze dependencies
+
+    🔍 Mode-Specific Options
+    ────────────────────────────────────────────────────────────────────
+    For 'all' or 'binary' mode:
+      -u <db_url>          Database connection string
+                           Format: postgresql://username:password@host:port/database
+
+    For 'all' or 'dependency' mode:
+      -d <args>            Additional arguments for dependency analysis
+
+    💡 Examples
+    ────────────────────────────────────────────────────────────────────
+    # Scan current directory with all scanners
+    fosslight
+
+    # Scan specific path with exclusions
+    fosslight -p /path/to/source -e "test/" "node_modules/" "*.pyc"
+
+    # Generate output in specific format
+    fosslight -p /path/to/source -f yaml
+
+    # Run specific modes only
+    fosslight source,dependency -p /path/to/source
+
+    # Download and analyze from git repository
+    fosslight -w https://github.com/user/repo.git -o result_dir
+
+    # Compare two FOSSLight reports
+    fosslight compare -p report_v1.xlsx report_v2.xlsx -f excel
+
+    # Run with database connection for binary analysis
+    fosslight binary -p /path/to/binary -u "postgresql://user:pass@localhost:5432/sample"
+    """
+
+
+def print_help_msg():
+    helpMsg = PrintHelpMsg(_HELP_MESSAGE_SCANNER)
+    helpMsg.print_help_msg(True)

{fosslight_scanner-2.1.14 → fosslight_scanner-2.1.16}/src/fosslight_scanner/fosslight_scanner.py

@@ -47,7 +47,7 @@ COMPARE_OUTPUT_REPORT_PREFIX = "fosslight_compare_"
 PKG_NAME = "fosslight_scanner"
 logger = logging.getLogger(constant.LOGGER_NAME)
 warnings.simplefilter(action='ignore', category=FutureWarning)
-_output_dir = ".fosslight_raw_data"
+_output_dir = "fosslight_raw_data"
 _log_file = "fosslight_log_all_"
 _start_time = ""
 _executed_path = ""
@@ -137,7 +137,9 @@ def run_scanner(src_path, dep_arguments, output_path, keep_raw_data=False,
                 correct_mode=True, correct_fpath="", ui_mode=False, path_to_exclude=[],
                 selected_source_scanner="all", source_write_json_file=False, source_print_matched_text=False,
                 source_time_out=120, binary_simple=False, formats=[], recursive_dep=False):
+
     final_excel_dir = output_path
+    final_reports = []
     success = True
     all_cover_items = []
     all_scan_item = ScannerItem(PKG_NAME, _start_time)
@@ -145,6 +147,7 @@ def run_scanner(src_path, dep_arguments, output_path, keep_raw_data=False,
     if not remove_src_data:
         success, final_excel_dir, result_log = init(output_path)
 
+
     if not output_files:
         # If -o does not contains file name, set default name
         while len(output_files) < len(output_extensions):
@@ -267,10 +270,7 @@ def run_scanner(src_path, dep_arguments, output_path, keep_raw_data=False,
                           input_path=abs_path,
                           exclude_path=excluded_path_without_dot,
                           simple_mode=False)
-        merge_comment = []
-        for ci in all_cover_items:
-            merge_comment.append(str(f'[{ci.tool_name}] {ci.comment}'))
-        cover.comment = '\n'.join(merge_comment)
+        cover.comment = cover.create_merged_comment(all_cover_items)
         all_scan_item.cover = cover
 
         if correct_mode:
@@ -287,16 +287,8 @@ def run_scanner(src_path, dep_arguments, output_path, keep_raw_data=False,
         for success, msg, result_file in results:
             if success:
                 final_reports.append(result_file)
-                logger.info(f"Output file: {result_file}")
             else:
                 logger.error(f"Fail to generate result file {result_file}. msg:({msg})")
-        
-        if success:
-            if final_reports:
-                logger.info(f'Generated the result file: {", ".join(final_reports)}')
-                result_log["Output File"] = ', '.join(final_reports)
-            else:
-                result_log["Output File"] = 'Nothing is detected from the scanner so output file is not generated.'
 
         if ui_mode:
             if output_files:
@@ -307,7 +299,7 @@ def run_scanner(src_path, dep_arguments, output_path, keep_raw_data=False,
             ui_mode_report = f"{output_file_without_ext}.json"
             success, err_msg = create_scancodejson(all_scan_item, ui_mode_report, src_path)
             if success and os.path.isfile(ui_mode_report):
-                logger.info(f'Generated the ui mode result file: {ui_mode_report}')
+                final_reports.append(ui_mode_report)
             else:
                 logger.error(f'Fail to generate a ui mode result file({ui_mode_report}): {err_msg}')
 
@@ -322,6 +314,7 @@ def run_scanner(src_path, dep_arguments, output_path, keep_raw_data=False,
             shutil.rmtree(src_path)
     except Exception as ex:
         logger.debug(f"Error to remove temp files:{ex}")
+    return final_reports
 
 
 def download_source(link, out_dir):
@@ -351,38 +344,6 @@ def download_source(link, out_dir):
     return success, temp_src_dir, oss_name, oss_version
 
 
-def rename_and_remove_hidden_folder(output_path, output_dir, keep_raw_data=False):
-    try:
-        hidden_log_dir = os.path.join(output_path, ".fosslight_log")
-        visible_log_dir = os.path.join(output_path, "fosslight_log")
-        if os.path.exists(hidden_log_dir):
-            try:
-                if os.path.exists(visible_log_dir):
-                    shutil.rmtree(visible_log_dir)
-                shutil.move(hidden_log_dir, visible_log_dir)
-            except Exception as ex:
-                logger.debug(f"Error renaming log folder: {ex}")
-        
-        if keep_raw_data:
-            visible_raw_dir = os.path.join(os.path.dirname(output_dir), "fosslight_raw_data")
-            if os.path.exists(output_dir):
-                if os.path.exists(visible_raw_dir):
-                    shutil.rmtree(visible_raw_dir)
-                shutil.move(output_dir, visible_raw_dir)
-                logger.debug(f"Renamed {output_dir} to {visible_raw_dir}")
-        else:
-            logger.debug(f"Remove temporary files: {output_dir}")
-            if os.path.exists(output_dir):
-                shutil.rmtree(output_dir)
-            
-            visible_raw_dir = os.path.join(os.path.dirname(output_dir), "fosslight_raw_data")
-            if os.path.exists(visible_raw_dir):
-                shutil.rmtree(visible_raw_dir)
-                logger.debug(f"Removed previous raw data folder: {visible_raw_dir}")
-    except Exception as ex:
-        logger.debug(f"Error cleaning up output directories: {ex}")
-
-
 def init(output_path="", make_outdir=True):
     global _output_dir, _log_file, _start_time, logger
 
@@ -400,7 +361,7 @@ def init(output_path="", make_outdir=True):
         Path(_output_dir).mkdir(parents=True, exist_ok=True)
         _output_dir = os.path.abspath(_output_dir)
 
-    log_dir = os.path.join(output_root_dir, ".fosslight_log")
+    log_dir = os.path.join(output_root_dir, "fosslight_log")
     logger, result_log = init_log(os.path.join(log_dir, f"{_log_file}{_start_time}.txt"),
                                   True, logging.INFO, logging.DEBUG, PKG_NAME)
 
@@ -463,6 +424,9 @@ def run_main(mode_list, path_arg, dep_arguments, output_file_or_dir, file_format
     else:
         output_path = os.path.abspath(output_path)
 
+    final_dir = output_path
+    output_path = os.path.join(os.path.dirname(output_path), f".fosslight_temp_{datetime.now().strftime('%Y%m%d_%H%M%S')}")
+    final_reports = []
     if not success:
         logger.error(msg)
         sys.exit(1)
@@ -515,22 +479,39 @@ def run_main(mode_list, path_arg, dep_arguments, output_file_or_dir, file_format
                     success, src_path, default_oss_name, default_oss_version = download_source(url_to_analyze, output_path)
 
                 if src_path != "":
-                    run_scanner(src_path, dep_arguments, output_path, keep_raw_data,
-                                run_src, run_bin, run_dep, run_prechecker,
-                                remove_downloaded_source, {}, output_files,
-                                output_extensions, num_cores, db_url,
-                                default_oss_name, default_oss_version, url_to_analyze,
-                                correct_mode, correct_fpath, ui_mode, path_to_exclude,
-                                selected_source_scanner, source_write_json_file, source_print_matched_text, source_time_out,
-                                binary_simple, formats, recursive_dep)
+                    final_reports = run_scanner(src_path, dep_arguments, output_path, keep_raw_data,
+                                                run_src, run_bin, run_dep, run_prechecker,
+                                                remove_downloaded_source, {}, output_files,
+                                                output_extensions, num_cores, db_url,
+                                                default_oss_name, default_oss_version, url_to_analyze,
+                                                correct_mode, correct_fpath, ui_mode, path_to_exclude,
+                                                selected_source_scanner, source_write_json_file, source_print_matched_text, source_time_out,
+                                                binary_simple, formats, recursive_dep)
 
                 if extract_folder:
                     shutil.rmtree(extract_folder)
             else:
                 logger.error("(mode) No mode has been selected for analysis.")
-        
-        rename_and_remove_hidden_folder(output_path, _output_dir, keep_raw_data)
-
+        try:
+            if not keep_raw_data:
+                logger.debug(f"Remove temporary files: {_output_dir}")
+                shutil.rmtree(_output_dir)
+            if os.path.exists(output_path):
+                os.makedirs(final_dir, exist_ok=True)
+                for item in os.listdir(output_path):
+                    src_item = os.path.join(output_path, item)
+                    dst_item = os.path.join(final_dir, item)
+                    if os.path.isdir(src_item) and os.path.exists(dst_item):
+                        for sub_item in os.listdir(src_item):
+                            shutil.move(os.path.join(src_item, sub_item), os.path.join(dst_item, sub_item))
+                    else:
+                        shutil.move(src_item, dst_item)
+                shutil.rmtree(output_path)
+                if final_reports:
+                    final_reports = [report.replace(output_path, final_dir) for report in final_reports]
+                    logger.info(f'Output File: {", ".join(final_reports)}')
+        except Exception as ex:
+            logger.debug(f"Error to remove temp files:{ex}")
     except Exception as ex:
         logger.warning(str(ex))
         return False

{fosslight_scanner-2.1.14 → fosslight_scanner-2.1.16/src/fosslight_scanner.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fosslight_scanner
-Version: 2.1.14
+Version: 2.1.16
 Summary: FOSSLight Scanner
 Home-page: https://github.com/fosslight/fosslight_scanner
 Download-URL: https://github.com/fosslight/fosslight_scanner
@@ -20,9 +20,9 @@ Requires-Dist: openpyxl
 Requires-Dist: progress
 Requires-Dist: pyyaml
 Requires-Dist: beautifulsoup4
-Requires-Dist: fosslight_util<3.0.0,>=2.1.37
+Requires-Dist: fosslight_util<3.0.0,>=2.1.38
 Requires-Dist: fosslight_source<3.0.0,>=2.2.3
-Requires-Dist: fosslight_dependency<5.0.0,>=4.1.30
+Requires-Dist: fosslight_dependency<5.0.0,>=4.1.31
 Requires-Dist: fosslight_binary<6.0.0,>=5.1.17
 Requires-Dist: fosslight_prechecker<5.0.0,>=4.0.0
 Dynamic: author
@@ -45,8 +45,7 @@ SPDX-License-Identifier: Apache-2.0
 # FOSSLight Scanner
 <strong>Analyze at once for Open Source Compliance.</strong><br>
 
-<img src="https://img.shields.io/pypi/l/fosslight_scanner" alt="FOSSLight Scanner is released under the Apache-2.0." /> <img src="https://img.shields.io/pypi/v/fosslight_scanner" alt="Current python package version." /> <img src="https://img.shields.io/pypi/pyversions/fosslight_scanner" /> [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_scanner)
-
+<img src="https://img.shields.io/pypi/l/fosslight_scanner" alt="FOSSLight Scanner license: Apache-2.0" /> <img src="https://img.shields.io/pypi/v/fosslight_scanner" alt="Current python package version" /> <img src="https://img.shields.io/pypi/pyversions/fosslight_scanner" /> [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_scanner)
 
 **FOSSLight Scanner** performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in [FOSSLight Report][or] format.
 
@@ -72,44 +71,50 @@ SPDX-License-Identifier: Apache-2.0
   - [🚀 How to run](#-how-to-run)
     - [Parameters](#parameters)
     - [Ex 1. Local Source Analysis](#ex-1-local-source-analysis)
-    - [Ex 2. Download Link and analyze](#ex-2-download-link-and-analyze)
+    - [Ex 2. Local Source Analysis with Path to Exclude](#ex-2-local-source-analysis-with-path-to-exclude)
+    - [Ex 3. Download Link and analyze](#ex-3-download-link-and-analyze)
+    - [Ex 4. Compare the BOM of two FOSSLight reports](#ex-4-compare-the-bom-of-two-fosslight-reports)
   - [📁 Result](#-result)
   - [🐳 How to run using Docker](#-how-to-run-using-docker)
   - [👏 How to report issue](#-how-to-report-issue)
   - [📄 License](#-license)
 
-
 ## 📋 Prerequisite
 
 FOSSLight Scanner needs a Python 3.10+.
 
 ## 🎉 How to install
 
+It can be installed using pip3. It is recommended to install it in a [virtualenv](https://fosslight.org/fosslight-guide-en/scanner/etc/guide_virtualenv.html) environment.
 
-It can be installed using pip3. It is recommended to install it in the [virtualenv]([etc/guide_virtualenv.md](https://fosslight.org/fosslight-guide-en/scanner/etc/guide_virtualenv.html)) environment.
-
-```
-$ pip3 install fosslight_scanner
+```bash
+pip3 install fosslight_scanner
 ```
 
 ## 🚀 How to run
 
 FOSSLight Scanner is run with the **fosslight** command.
-``` 
+
+```bash
 fosslight [Mode] [option1] <arg1> [option2] <arg2>...
-``` 
-### Parameters   
+```
+
+### Parameters
+
 Mode
-``` 
+
+```text
         all                     Run all scanners(Default)
         source                  Run FOSSLight Source
         dependency              Run FOSSLight Dependency
         binary                  Run FOSSLight Binary
         prechecker              Run FOSSLight Prechecker
         compare                 Compare two FOSSLight reports
-``` 
+```
+
 Options:
-``` 
+
+```text
         -h                      Print help message
         -p <path>               Path to analyze (ex, -p {input_path})
                                  * Compare mode input file: Two FOSSLight reports (supports excel, yaml)
@@ -119,7 +124,7 @@ Options:
                                  * Compare mode result file: supports excel, json, yaml, html
         -o <output>             Output directory or file
         -c <number>             Number of processes to analyze source
-        -e <path>               Path to exclude from analysis (files and directories, pattern matching is available
+        -e <path>               Path to exclude from analysis (files and directories, pattern matching is available)
                                  * IMPORTANT: Always wrap patterns in quotes("") to avoid shell expansion.
                                    Example) fosslight -e "test/abc.py" "*.jar" "test/"
         -r                      Keep raw data
@@ -129,68 +134,81 @@ Options:
                                  * Direct cli flags have higher priority than setting file
                                    (ex, '-f yaml -s setting.json' - result file extension is .yaml)
 ```
-- Refs. 
-    - Additional arguments for running dependency analysis. See the [FOSSLight Dependency Guide][fd_guide] for instructions.
-    - In the case of DB URL, it is the [DB connection information to be used in FOSSLight Binary][flbindb].
-- Pattern Matching Pattern matching guide Guide for the -e Option
-    - ⚠️ Make sure to use double quotes ("") when entering values.     
-        - Example) fosslight -e "test/abc.py" "*.jar" "test/"    
-    - ⚠️ File names and extensions are case-sensitive, so please enter them exactly as intended.    
+
+- Refs.
+  - Additional arguments for running dependency analysis. See the [FOSSLight Dependency Guide][fd_guide] for instructions.
+  - In the case of DB URL, it is the [DB connection information to be used in FOSSLight Binary][flbindb].
+- Pattern matching guide for the -e option
+  - ⚠️ Make sure to use double quotes ("") when entering values.
+    - Example) fosslight -e "test/abc.py" "*.jar" "test/"
+  - ⚠️ File names and extensions are case-sensitive, so please enter them exactly as intended.
 
 [flbindb]: https://fosslight.org/fosslight-guide-en/scanner/etc/binary_db.html
 [fd_guide]: https://fosslight.org/fosslight-guide-en/scanner/2_dependency.html
 
 ### Ex 1. Local Source Analysis
+
+```bash
+fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"
 ```
-$ fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"
-```
+
+If using additional flags like -d, document them in Options section or link to related guide.
 
 ### Ex 2. Local Source Analysis with Path to Exclude
-```
-$ fosslight all -p /home/source_path -e temp_dir src/temp.py
+
+```bash
+fosslight all -p /home/source_path -e "temp_dir" "src/temp.py"
 ```
 
 ### Ex 3. Download Link and analyze
-```
-$ fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"
-```
-If you want to analyze private repository, set your github token like below.
-```
-$ fosslight all -w "https://my_github_token@github.com/Foo/private_repo
+
+```bash
+fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"
 ```
 
-### Ex 4. Compare the BOM of two FOSSLight reports with yaml or excel format and check the oss status (change/add/delete)
+If you want to analyze private repository, set your GitHub token like below.
+
+```bash
+fosslight all -w "https://my_github_token@github.com/Foo/private_repo"
 ```
-$ fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel
+
+### Ex 4. Compare the BOM of two FOSSLight reports
+
+```bash
+fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel
 ```
 
 ## 📁 Result
 
-```
+```text
 $ tree
 .
 ├── fosslight_log
-│   ├── fosslight_log_20210924_022422.txt
+│   ├── fosslight_log_20210924_022422.txt
 └── FOSSLight-Report_20210924_022422.xlsx
 ```
 
-- FOSSLight_Report-[datetime].xlsx : OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
+- FOSSLight_Report-[datetime].xlsx: OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
 - fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis
 
 ## 🐳 How to run using Docker
+
 1. Build image using Dockerfile.
+
+```bash
+docker build -t fosslight .
 ```
-$docker build -t fosslight .
-```
-2. Run with the image you built.      
+
+2. Run with the image you built.  
 ex. Output: /Users/fosslight_source_scanner/test_output, Path to be analyzed: tests/test_files
-```
-$docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output
+
+```bash
+docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output
 ```
 
 ## 👏 How to report issue
 
-Please report any ideas or bugs to improve by creating an issue in [fosslight_scanner repository][cl].    
+Please report any ideas or bugs to improve by creating an issue in [fosslight_scanner repository][cl].  
 Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.
 
 [cl]: https://github.com/fosslight/fosslight_scanner/issues

{fosslight_scanner-2.1.14 → fosslight_scanner-2.1.16}/src/fosslight_scanner.egg-info/requires.txt

@@ -4,8 +4,8 @@ openpyxl
 progress
 pyyaml
 beautifulsoup4
-fosslight_util<3.0.0,>=2.1.37
+fosslight_util<3.0.0,>=2.1.38
 fosslight_source<3.0.0,>=2.2.3
-fosslight_dependency<5.0.0,>=4.1.30
+fosslight_dependency<5.0.0,>=4.1.31
 fosslight_binary<6.0.0,>=5.1.17
 fosslight_prechecker<5.0.0,>=4.0.0

fosslight_scanner-2.1.14/src/fosslight_scanner/_help.py

@@ -1,58 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-# Copyright (c) 2021 LG Electronics Inc.
-# SPDX-License-Identifier: Apache-2.0
-from fosslight_util.help import PrintHelpMsg
-from fosslight_util.output_format import SUPPORT_FORMAT
-
-_HELP_MESSAGE_SCANNER = f"""
-    FOSSLight Scanner performs open source analysis after downloading the source from URL that can be cloned by git or wget.
-    Instead, open source analysis and checking copyright/license rules can be performed for the local source path.
-    The output result is generated in OSS Report format.
-
-    Usage: fosslight [Mode] [option1] <arg1> [option2] <arg2>...
-
-    Parameters:
-        Mode: Multiple modes can be entered by separating them with , (ex. source,binary)
-            all\t\t\t    Run all scanners(Default)
-            source\t\t    Run FOSSLight Source Scanner
-            dependency\t\t    Run FOSSLight Dependency Scanner
-            binary\t\t    Run FOSSLight Binary Scanner
-            compare\t\t    Compare two FOSSLight reports
-
-        Options:
-            -h\t\t\t    Print help message
-            -p <path>\t\t    Path to analyze (ex, -p [input_path])
-                                     * Compare mode input file: Two FOSSLight reports (supports excel, yaml)
-                                       (ex, -p [before_name].xlsx [after_name].xlsx)
-            -w <link>\t\t    Link to be analyzed can be downloaded by wget or git clone
-            -f <formats> [<format> ...]\t    FOSSLight Report file format ({', '.join(SUPPORT_FORMAT)})
-                                     * Compare mode result file: supports excel, json, yaml, html
-                                     * Multiple formats can be specified separated by space.
-            -e <path>\t\t    Path to exclude from analysis (files and directories)
-                                     * IMPORTANT: Always wrap patterns in double quotes ("") to avoid shell expansion.
-                                       Example) fosslight -e "test/abc.py" "*.jar"
-            -o <output>\t\t    Output directory or file
-            -c <number>\t\t    Number of processes to analyze source
-            -r\t\t\t    Keep raw data
-            -t\t\t\t    Hide the progress bar
-            -v\t\t\t    Print FOSSLight Scanner version
-            -s <path>\t            Path to apply setting from file (check format with 'setting.json' in this repository)
-                                     * Direct cli flags have higher priority than setting file
-                                       (ex, '-f yaml -s setting.json' - result file extension is .yaml)
-            --no_correction\t    Enter if you don't want to correct OSS information with sbom-info.yaml
-                                     * Correction mode only supported xlsx format.
-            --correct_fpath <path>  Path to the sbom-info.yaml file
-            --ui\t\t    Generate UI mode result file
-            --recursive_dep\t    Recursively analyze dependencies
-
-        Options for only 'all' or 'bin' mode
-            -u <db_url>\t\t    DB Connection(format :'postgresql://username:password@host:port/database_name')
-
-        Options for only 'all' or 'dependency' mode
-            -d <dependency_arg>\t    Additional arguments for running dependency analysis"""
-
-
-def print_help_msg():
-    helpMsg = PrintHelpMsg(_HELP_MESSAGE_SCANNER)
-    helpMsg.print_help_msg(True)