lintro 0.6.2__tar.gz → 0.7.0__tar.gz

{lintro-0.6.2/lintro.egg-info → lintro-0.7.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: lintro
-Version: 0.6.2
+Version: 0.7.0
 Summary: A unified CLI tool for code formatting, linting, and quality assurance
 Author-email: TurboCoder13 <turbocoder13@gmail.com>
 License: MIT License
@@ -50,21 +50,21 @@ Requires-Dist: toml==0.10.2
 Requires-Dist: defusedxml==0.7.1
 Provides-Extra: dev
 Requires-Dist: pytest==8.4.2; extra == "dev"
-Requires-Dist: pytest-cov==6.3.0; extra == "dev"
-Requires-Dist: pytest-mock==3.15.0; extra == "dev"
+Requires-Dist: pytest-cov==7.0.0; extra == "dev"
+Requires-Dist: pytest-mock==3.15.1; extra == "dev"
 Requires-Dist: pytest-xdist==3.8.0; extra == "dev"
-Requires-Dist: tox==4.30.1; extra == "dev"
+Requires-Dist: tox==4.30.3; extra == "dev"
 Requires-Dist: allure-pytest==2.15.0; extra == "dev"
 Requires-Dist: ruff; extra == "dev"
 Requires-Dist: mypy; extra == "dev"
 Requires-Dist: coverage-badge==1.1.2; extra == "dev"
-Requires-Dist: python-semantic-release==10.3.2; extra == "dev"
+Requires-Dist: python-semantic-release==10.4.1; extra == "dev"
 Requires-Dist: assertpy==1.1; extra == "dev"
 Requires-Dist: httpx==0.28.1; extra == "dev"
 Provides-Extra: test
 Requires-Dist: pytest==8.4.2; extra == "test"
-Requires-Dist: pytest-cov==6.3.0; extra == "test"
-Requires-Dist: pytest-mock==3.15.0; extra == "test"
+Requires-Dist: pytest-cov==7.0.0; extra == "test"
+Requires-Dist: pytest-mock==3.15.1; extra == "test"
 Requires-Dist: pytest-xdist==3.8.0; extra == "test"
 Requires-Dist: assertpy==1.1; extra == "test"
 Provides-Extra: typing
@@ -88,10 +88,12 @@ Lintro is a unified command-line interface that brings together multiple code qu
 [![Tests](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/test-and-coverage.yml?label=tests&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/test-and-coverage.yml?query=branch%3Amain)
 [![CI](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/ci-lintro-analysis.yml?label=ci&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/ci-lintro-analysis.yml?query=branch%3Amain)
 [![Docker](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/docker-build-publish.yml?label=docker&logo=docker&branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/docker-build-publish.yml?query=branch%3Amain)
+[![SBOM (main)](<https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/sbom-on-main.yml?label=sbom%20(main)&branch=main>)](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml?query=branch%3Amain)
+[![Release pipeline (tags)](<https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/publish-pypi-on-tag.yml?label=release%20pipeline%20(tags)&event=push>)](https://github.com/TurboCoder13/py-lintro/actions/workflows/publish-pypi-on-tag.yml?query=event%3Apush)
 [![PyPI](https://img.shields.io/pypi/v/lintro?label=pypi)](https://pypi.org/project/lintro/)
 
 [![CodeQL](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml?query=branch%3Amain)
-[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/TurboCoder13/py-lintro/badge)](https://scorecard.dev/viewer/?uri=github.com/TurboCoder13/py-lintro)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/TurboCoder13/py-lintro/badge)](https://scorecard.dev/viewer/?uri=github.com/TurboCoder13/py-lintro) [![SBOM](https://img.shields.io/badge/SBOM-enabled-brightgreen)](docs/security/assurance.md) [![Download SBOM](https://img.shields.io/badge/SBOM-download_latest-blue?logo=github)](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/11142/badge)](https://www.bestpractices.dev/projects/11142)
 
 ### Why Lintro?
 
@@ -112,6 +114,42 @@ Lintro is a unified command-line interface that brings together multiple code qu
 - **Docker support** for containerized environments
 - **CI/CD integration** with GitHub Actions
 
+## Security & Compliance
+
+Lintro follows modern security best practices and provides comprehensive supply chain transparency:
+
+- **SBOM Generation**: Automated Software Bill of Materials on every push to main
+- **Formats**: CycloneDX 1.6 and SPDX 2.3 (industry standards)
+- **Compliance**: Meets Executive Order 14028 requirements for federal software
+- **Download**: [Latest SBOM artifacts](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml)
+- **Documentation**: See [Security Assurance](docs/security/assurance.md) for details
+
+### What's in the SBOM?
+
+The SBOM provides a complete inventory of all dependencies:
+
+- All Python packages with exact versions
+- All npm packages (like Prettier)
+- All GitHub Actions dependencies (pinned by SHA)
+- Transitive dependencies
+- License information
+
+### For Enterprise Users
+
+Download SBOMs for security auditing and compliance:
+
+```bash
+# Download latest SBOM artifacts
+gh run download -R TurboCoder13/py-lintro \
+  --name sbom-artifacts \
+  $(gh run list -R TurboCoder13/py-lintro \
+    -w "Security - SBOM Generation" -L 1 \
+    --json databaseId -q '.[0].databaseId')
+
+# Scan for vulnerabilities (requires grype)
+grype sbom:main-*-py-lintro-sbom.spdx-2.3.json
+```
+
 ## Supported Tools
 
 | Tool                                                                                                                                                | Language            | Auto-fix |

{lintro-0.6.2 → lintro-0.7.0}/README.md

@@ -14,10 +14,12 @@ Lintro is a unified command-line interface that brings together multiple code qu
 [![Tests](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/test-and-coverage.yml?label=tests&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/test-and-coverage.yml?query=branch%3Amain)
 [![CI](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/ci-lintro-analysis.yml?label=ci&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/ci-lintro-analysis.yml?query=branch%3Amain)
 [![Docker](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/docker-build-publish.yml?label=docker&logo=docker&branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/docker-build-publish.yml?query=branch%3Amain)
+[![SBOM (main)](<https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/sbom-on-main.yml?label=sbom%20(main)&branch=main>)](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml?query=branch%3Amain)
+[![Release pipeline (tags)](<https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/publish-pypi-on-tag.yml?label=release%20pipeline%20(tags)&event=push>)](https://github.com/TurboCoder13/py-lintro/actions/workflows/publish-pypi-on-tag.yml?query=event%3Apush)
 [![PyPI](https://img.shields.io/pypi/v/lintro?label=pypi)](https://pypi.org/project/lintro/)
 
 [![CodeQL](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml?query=branch%3Amain)
-[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/TurboCoder13/py-lintro/badge)](https://scorecard.dev/viewer/?uri=github.com/TurboCoder13/py-lintro)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/TurboCoder13/py-lintro/badge)](https://scorecard.dev/viewer/?uri=github.com/TurboCoder13/py-lintro) [![SBOM](https://img.shields.io/badge/SBOM-enabled-brightgreen)](docs/security/assurance.md) [![Download SBOM](https://img.shields.io/badge/SBOM-download_latest-blue?logo=github)](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/11142/badge)](https://www.bestpractices.dev/projects/11142)
 
 ### Why Lintro?
 
@@ -38,6 +40,42 @@ Lintro is a unified command-line interface that brings together multiple code qu
 - **Docker support** for containerized environments
 - **CI/CD integration** with GitHub Actions
 
+## Security & Compliance
+
+Lintro follows modern security best practices and provides comprehensive supply chain transparency:
+
+- **SBOM Generation**: Automated Software Bill of Materials on every push to main
+- **Formats**: CycloneDX 1.6 and SPDX 2.3 (industry standards)
+- **Compliance**: Meets Executive Order 14028 requirements for federal software
+- **Download**: [Latest SBOM artifacts](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml)
+- **Documentation**: See [Security Assurance](docs/security/assurance.md) for details
+
+### What's in the SBOM?
+
+The SBOM provides a complete inventory of all dependencies:
+
+- All Python packages with exact versions
+- All npm packages (like Prettier)
+- All GitHub Actions dependencies (pinned by SHA)
+- Transitive dependencies
+- License information
+
+### For Enterprise Users
+
+Download SBOMs for security auditing and compliance:
+
+```bash
+# Download latest SBOM artifacts
+gh run download -R TurboCoder13/py-lintro \
+  --name sbom-artifacts \
+  $(gh run list -R TurboCoder13/py-lintro \
+    -w "Security - SBOM Generation" -L 1 \
+    --json databaseId -q '.[0].databaseId')
+
+# Scan for vulnerabilities (requires grype)
+grype sbom:main-*-py-lintro-sbom.spdx-2.3.json
+```
+
 ## Supported Tools
 
 | Tool                                                                                                                                                | Language            | Auto-fix |

{lintro-0.6.2 → lintro-0.7.0}/assets/images/coverage-badge.svg

@@ -9,13 +9,13 @@
     </clipPath>
     <g clip-path="url(#a)">
         <path fill="#555" d="M0 0h63v20H0z"/>
-        <path fill="#4c1" d="M63 0h36v20H63z"/>
+        <path fill="#e05d44" d="M63 0h36v20H63z"/>
         <path fill="url(#b)" d="M0 0h99v20H0z"/>
     </g>
     <g fill="#fff" text-anchor="middle" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="110">
         <text x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">coverage</text>
         <text x="325" y="140" transform="scale(.1)" textLength="530">coverage</text>
-        <text x="800" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="260">82.0%</text>
-        <text x="800" y="140" transform="scale(.1)" textLength="260">82.0%</text>
+        <text x="800" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="260">83.6%</text>
+        <text x="800" y="140" transform="scale(.1)" textLength="260">83.6%</text>
     </g>
 </svg>

{lintro-0.6.2 → lintro-0.7.0}/docs/README.md

@@ -30,7 +30,6 @@ Welcome to the Lintro documentation! This hub provides comprehensive guides for
 - **[Style Guide](style-guide.md)** - Coding standards and best practices
 - **[Coverage Setup](coverage-setup.md)** - Test coverage configuration reference
 - **[Self-Use Documentation](lintro-self-use.md)** - How Lintro uses itself
-- **[Removed CLI Options](removed_cli_options.md)** - Deprecated features reference
 
 ## 🚀 Quick Links
 
@@ -171,10 +170,12 @@ docker run --rm -v "$(pwd):/code" lintro:latest check
 
 ## 🆕 Recent Updates
 
+- **Security audit framework** - Comprehensive security verification for workflows and scripts
+- **DRY consolidation** - Reduced duplicate patterns across workflows and actions
+- **Shell-free design** - Moved inline shell commands to dedicated scripts
+- **Environment standardization** - Consistent variable usage across all workflows
 - **Documentation restructure** - Improved organization and navigation
-- **New tool analysis** - Detailed comparisons with core tools
-- **Enhanced GitHub integration** - More workflow examples
-- **Comprehensive configuration guide** - All tools covered
+- **Enhanced tool analysis** - Detailed comparisons with core tools
 
 ## 🤝 Contributing to Documentation
 

{lintro-0.6.2 → lintro-0.7.0}/docs/contributing.md

@@ -53,6 +53,19 @@ Notes:
 - If work is ambiguous (e.g., a large refactor), explicitly signal with `!` or a `BREAKING CHANGE:` footer.
 - The PR title validator (`.github/workflows/semantic-pr-title.yml`) enforces the format before merge.
 
+## Developer Certificate of Origin (required)
+
+All contributions must be signed off under the Developer Certificate of
+Origin (DCO). Use `git commit -s` (or `--signoff`) so your commit message
+contains a line like:
+
+```
+Signed-off-by: Your Name <your.email@example.com>
+```
+
+See `DCO.md` for details. Pull requests without DCO sign-offs will be asked
+to amend commits before merge.
+
 ## Quick Start
 
 1. Clone the repository:

lintro-0.7.0/docs/security/assurance.md

@@ -0,0 +1,79 @@
+# Security Assurance (Overview)
+
+This assurance note explains how `py-lintro` meets its documented security requirements and provides pointers to evidence.
+
+## Requirements Coverage
+
+- Governance and Roles — see `GOVERNANCE.md`
+- Contribution Integrity — DCO sign-offs required; see `DCO.md` and CI checks
+- Responsible Disclosure — see `SECURITY.md`
+- Branch Protection — enforced via Allstar (`.allstar/branch_protection.yaml`)
+- Dependency Hygiene — Renovate, Dependency Review CI, `uv.lock`
+- Static/SAST — Ruff, Bandit, CodeQL; policy checks for workflows (Actionlint)
+- Container and Dockerfile — Hadolint
+- SBOM (Software Bill of Materials) — Automated generation in CycloneDX 1.6 and SPDX 2.3 formats
+  - Workflow: `.github/workflows/sbom-on-main.yml`
+  - Generated on every push to main branch
+  - Includes all Python, npm, and GitHub Actions dependencies
+  - Artifacts available via GitHub Actions (90-day retention)
+  - Meets Executive Order 14028 federal software requirements
+- Documentation and Versioning — `README.md`, `CHANGELOG.md`, semantic releases
+
+## Evidence Pointers
+
+- CI Workflows: `.github/workflows/*.yml`
+- Allstar Policy: `.allstar/branch_protection.yaml`
+- Scorecard: badge in `README.md`
+- Coverage: `coverage.xml` and README badge
+
+## SBOM (Supply Chain Transparency)
+
+py-lintro automatically generates Software Bill of Materials (SBOM) for supply chain security:
+
+### What is Generated
+
+- **CycloneDX 1.6 JSON**: Industry-standard format for dependency tracking
+- **SPDX 2.3 JSON**: Linux Foundation standard for license compliance
+- **Complete inventory**: All direct and transitive dependencies
+- **Cryptographic hashes**: For verification and integrity checking
+
+### How to Access
+
+1. **Via GitHub Actions UI**:
+   - Navigate to [SBOM workflow runs](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml)
+   - Select the latest successful run
+   - Download "sbom-artifacts" from the Artifacts section
+
+2. **Via GitHub CLI**:
+
+   ```bash
+   gh run download -R TurboCoder13/py-lintro --name sbom-artifacts
+   ```
+
+3. **Via API**:
+   ```bash
+   gh api repos/TurboCoder13/py-lintro/actions/artifacts \
+     --jq '.artifacts[] | select(.name=="sbom-artifacts") | .archive_download_url'
+   ```
+
+### Use Cases
+
+- **Security Scanning**: Feed into vulnerability scanners (Grype, Snyk, etc.)
+- **License Compliance**: Audit all dependency licenses
+- **Supply Chain Security**: Track all software components
+- **Federal Compliance**: Meets EO 14028 requirements
+- **Enterprise Procurement**: Satisfy security questionnaires
+
+### File Naming Convention
+
+SBOM files are named: `{branch}-{commit-sha}-py-lintro-sbom.{format}.json`
+
+Example: `main-3b97378f3438-py-lintro-sbom.cyclonedx-1.6.json`
+
+This ensures traceability to exact codebase versions.
+
+## Continuous Improvement
+
+- Periodic updates via Renovate
+- Automated analyses (Scorecard, CodeQL)
+- Maintainer reviews for all changes

lintro-0.7.0/docs/security/requirements.md

@@ -0,0 +1,42 @@
+# Security Requirements
+
+This document summarizes security requirements adopted by `py-lintro` to support OpenSSF Best Practices (Silver).
+
+## Project and Process
+
+- FLOSS license (MIT) and public repository
+- Governance documented in `GOVERNANCE.md`
+- Responsible disclosure process in `SECURITY.md`
+- DCO required for contributions (`DCO.md`), enforced via commit sign-offs
+
+## Source Integrity and Branch Protection
+
+- All changes land via PR with maintainer review
+- Branch protection enforced on `main` (no force pushes; required reviews; admins included)
+
+## Dependencies and Supply Chain
+
+- Dependencies managed via `pyproject.toml` and `uv.lock`
+- Automated dependency updates (Renovate) with CI validation
+- Dependency Review workflow enabled in CI
+
+## Static and Policy Analysis
+
+- Linting/formatting: Ruff, Black, Prettier, Yamllint, Hadolint, Actionlint
+- Security linting: Bandit; GitHub CodeQL configured
+- OpenSSF Scorecard monitored
+
+## Build and Release
+
+- CI builds, tests, and coverage for PRs and `main`
+- Semantic versioning; signed release artifacts published via CI using OIDC
+
+## Testing and Coverage
+
+- Automated test suite with ~84% statement coverage
+- New code requires tests and coverage reporting
+
+## Secure Defaults
+
+- No execution of untrusted code
+- Docker image and scripts follow hardening practices (pinned actions, validated inputs)

{lintro-0.6.2 → lintro-0.7.0}/lintro/__init__.py

@@ -1,3 +1,3 @@
 """Lintro - A unified CLI core for code formatting, linting, and quality assurance."""
 
-__version__ = "0.6.2"
+__version__ = "0.7.0"

{lintro-0.6.2 → lintro-0.7.0}/lintro/tools/implementations/tool_prettier.py

@@ -142,11 +142,14 @@ class PrettierTool(BaseTool):
         # so the unified logger prints a single, consistent success line.
         if success:
             output = None
-        return Tool.to_result(
+
+        # Return full ToolResult so table rendering can use parsed issues
+        return ToolResult(
             name=self.name,
             success=success,
             output=output,
             issues_count=issues_count,
+            issues=issues,
         )
 
     def fix(
@@ -264,6 +267,9 @@ class PrettierTool(BaseTool):
             output=final_output,
             # For fix operations, issues_count represents remaining for summaries
             issues_count=remaining_count,
+            # Provide issues so formatters can render tables. Use initial issues
+            # (auto-fixable set) for display; fall back to remaining when none.
+            issues=(initial_issues if initial_issues else remaining_issues),
             initial_issues_count=initial_count,
             fixed_issues_count=fixed_count,
             remaining_issues_count=remaining_count,

{lintro-0.6.2 → lintro-0.7.0/lintro.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: lintro
-Version: 0.6.2
+Version: 0.7.0
 Summary: A unified CLI tool for code formatting, linting, and quality assurance
 Author-email: TurboCoder13 <turbocoder13@gmail.com>
 License: MIT License
@@ -50,21 +50,21 @@ Requires-Dist: toml==0.10.2
 Requires-Dist: defusedxml==0.7.1
 Provides-Extra: dev
 Requires-Dist: pytest==8.4.2; extra == "dev"
-Requires-Dist: pytest-cov==6.3.0; extra == "dev"
-Requires-Dist: pytest-mock==3.15.0; extra == "dev"
+Requires-Dist: pytest-cov==7.0.0; extra == "dev"
+Requires-Dist: pytest-mock==3.15.1; extra == "dev"
 Requires-Dist: pytest-xdist==3.8.0; extra == "dev"
-Requires-Dist: tox==4.30.1; extra == "dev"
+Requires-Dist: tox==4.30.3; extra == "dev"
 Requires-Dist: allure-pytest==2.15.0; extra == "dev"
 Requires-Dist: ruff; extra == "dev"
 Requires-Dist: mypy; extra == "dev"
 Requires-Dist: coverage-badge==1.1.2; extra == "dev"
-Requires-Dist: python-semantic-release==10.3.2; extra == "dev"
+Requires-Dist: python-semantic-release==10.4.1; extra == "dev"
 Requires-Dist: assertpy==1.1; extra == "dev"
 Requires-Dist: httpx==0.28.1; extra == "dev"
 Provides-Extra: test
 Requires-Dist: pytest==8.4.2; extra == "test"
-Requires-Dist: pytest-cov==6.3.0; extra == "test"
-Requires-Dist: pytest-mock==3.15.0; extra == "test"
+Requires-Dist: pytest-cov==7.0.0; extra == "test"
+Requires-Dist: pytest-mock==3.15.1; extra == "test"
 Requires-Dist: pytest-xdist==3.8.0; extra == "test"
 Requires-Dist: assertpy==1.1; extra == "test"
 Provides-Extra: typing
@@ -88,10 +88,12 @@ Lintro is a unified command-line interface that brings together multiple code qu
 [![Tests](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/test-and-coverage.yml?label=tests&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/test-and-coverage.yml?query=branch%3Amain)
 [![CI](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/ci-lintro-analysis.yml?label=ci&branch=main&logo=githubactions&logoColor=white)](https://github.com/TurboCoder13/py-lintro/actions/workflows/ci-lintro-analysis.yml?query=branch%3Amain)
 [![Docker](https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/docker-build-publish.yml?label=docker&logo=docker&branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/docker-build-publish.yml?query=branch%3Amain)
+[![SBOM (main)](<https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/sbom-on-main.yml?label=sbom%20(main)&branch=main>)](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml?query=branch%3Amain)
+[![Release pipeline (tags)](<https://img.shields.io/github/actions/workflow/status/TurboCoder13/py-lintro/publish-pypi-on-tag.yml?label=release%20pipeline%20(tags)&event=push>)](https://github.com/TurboCoder13/py-lintro/actions/workflows/publish-pypi-on-tag.yml?query=event%3Apush)
 [![PyPI](https://img.shields.io/pypi/v/lintro?label=pypi)](https://pypi.org/project/lintro/)
 
 [![CodeQL](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/TurboCoder13/py-lintro/actions/workflows/codeql.yml?query=branch%3Amain)
-[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/TurboCoder13/py-lintro/badge)](https://scorecard.dev/viewer/?uri=github.com/TurboCoder13/py-lintro)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/TurboCoder13/py-lintro/badge)](https://scorecard.dev/viewer/?uri=github.com/TurboCoder13/py-lintro) [![SBOM](https://img.shields.io/badge/SBOM-enabled-brightgreen)](docs/security/assurance.md) [![Download SBOM](https://img.shields.io/badge/SBOM-download_latest-blue?logo=github)](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/11142/badge)](https://www.bestpractices.dev/projects/11142)
 
 ### Why Lintro?
 
@@ -112,6 +114,42 @@ Lintro is a unified command-line interface that brings together multiple code qu
 - **Docker support** for containerized environments
 - **CI/CD integration** with GitHub Actions
 
+## Security & Compliance
+
+Lintro follows modern security best practices and provides comprehensive supply chain transparency:
+
+- **SBOM Generation**: Automated Software Bill of Materials on every push to main
+- **Formats**: CycloneDX 1.6 and SPDX 2.3 (industry standards)
+- **Compliance**: Meets Executive Order 14028 requirements for federal software
+- **Download**: [Latest SBOM artifacts](https://github.com/TurboCoder13/py-lintro/actions/workflows/sbom-on-main.yml)
+- **Documentation**: See [Security Assurance](docs/security/assurance.md) for details
+
+### What's in the SBOM?
+
+The SBOM provides a complete inventory of all dependencies:
+
+- All Python packages with exact versions
+- All npm packages (like Prettier)
+- All GitHub Actions dependencies (pinned by SHA)
+- Transitive dependencies
+- License information
+
+### For Enterprise Users
+
+Download SBOMs for security auditing and compliance:
+
+```bash
+# Download latest SBOM artifacts
+gh run download -R TurboCoder13/py-lintro \
+  --name sbom-artifacts \
+  $(gh run list -R TurboCoder13/py-lintro \
+    -w "Security - SBOM Generation" -L 1 \
+    --json databaseId -q '.[0].databaseId')
+
+# Scan for vulnerabilities (requires grype)
+grype sbom:main-*-py-lintro-sbom.spdx-2.3.json
+```
+
 ## Supported Tools
 
 | Tool                                                                                                                                                | Language            | Auto-fix |

{lintro-0.6.2 → lintro-0.7.0}/lintro.egg-info/SOURCES.txt

@@ -13,6 +13,8 @@ docs/getting-started.md
 docs/github-integration.md
 docs/lintro-self-use.md
 docs/style-guide.md
+docs/security/assurance.md
+docs/security/requirements.md
 docs/tool-analysis/README.md
 docs/tool-analysis/actionlint-analysis.md
 docs/tool-analysis/bandit-analysis.md
@@ -147,9 +149,11 @@ tests/integration/test_ruff_black_policy.py
 tests/integration/test_ruff_integration.py
 tests/integration/test_yamllint_integration.py
 tests/scripts/__init__.py
+tests/scripts/test_ci_post_pr_comment.py
 tests/scripts/test_delete_previous_lintro_comments.py
 tests/scripts/test_extract_version.py
 tests/scripts/test_ghcr_prune_untagged.py
+tests/scripts/test_github_comment_utilities.py
 tests/scripts/test_script_environment.py
 tests/scripts/test_semantic_release_compute_next.py
 tests/scripts/test_shell_scripts.py

{lintro-0.6.2 → lintro-0.7.0}/lintro.egg-info/requires.txt

@@ -10,22 +10,22 @@ defusedxml==0.7.1
 
 [dev]
 pytest==8.4.2
-pytest-cov==6.3.0
-pytest-mock==3.15.0
+pytest-cov==7.0.0
+pytest-mock==3.15.1
 pytest-xdist==3.8.0
-tox==4.30.1
+tox==4.30.3
 allure-pytest==2.15.0
 ruff
 mypy
 coverage-badge==1.1.2
-python-semantic-release==10.3.2
+python-semantic-release==10.4.1
 assertpy==1.1
 httpx==0.28.1
 
 [test]
 pytest==8.4.2
-pytest-cov==6.3.0
-pytest-mock==3.15.0
+pytest-cov==7.0.0
+pytest-mock==3.15.1
 pytest-xdist==3.8.0
 assertpy==1.1
 

{lintro-0.6.2 → lintro-0.7.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "lintro"
-version = "0.6.2"
+version = "0.7.0"
 description = "A unified CLI tool for code formatting, linting, and quality assurance"
 keywords = [ "linting", "formatting", "code-quality", "cli", "python", "javascript", "yaml", "docker",]
 classifiers = [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "Operating System :: OS Independent", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.13", "Topic :: Software Development :: Quality Assurance", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Utilities",]
@@ -15,7 +15,7 @@ name = "TurboCoder13"
 email = "turbocoder13@gmail.com"
 
 [dependency-groups]
-dev = [ "build==1.3.0", "pytest==8.4.2", "pytest-cov==6.3.0", "pytest-xdist==3.8.0", "twine==6.2.0", "assertpy==1.1",]
+dev = [ "build==1.3.0", "pytest==8.4.2", "pytest-cov==7.0.0", "pytest-xdist==3.8.0", "twine==6.2.0", "assertpy==1.1",]
 
 [project.license]
 file = "LICENSE"
@@ -25,8 +25,8 @@ file = "README.md"
 content-type = "text/markdown"
 
 [project.optional-dependencies]
-dev = [ "pytest==8.4.2", "pytest-cov==6.3.0", "pytest-mock==3.15.0", "pytest-xdist==3.8.0", "tox==4.30.1", "allure-pytest==2.15.0", "ruff", "mypy", "coverage-badge==1.1.2", "python-semantic-release==10.3.2", "assertpy==1.1", "httpx==0.28.1",]
-test = [ "pytest==8.4.2", "pytest-cov==6.3.0", "pytest-mock==3.15.0", "pytest-xdist==3.8.0", "assertpy==1.1",]
+dev = [ "pytest==8.4.2", "pytest-cov==7.0.0", "pytest-mock==3.15.1", "pytest-xdist==3.8.0", "tox==4.30.3", "allure-pytest==2.15.0", "ruff", "mypy", "coverage-badge==1.1.2", "python-semantic-release==10.4.1", "assertpy==1.1", "httpx==0.28.1",]
+test = [ "pytest==8.4.2", "pytest-cov==7.0.0", "pytest-mock==3.15.1", "pytest-xdist==3.8.0", "assertpy==1.1",]
 typing = [ "types-setuptools==80.9.0.20250822", "types-tabulate==0.9.0.20241207",]
 
 [project.scripts]

{lintro-0.6.2 → lintro-0.7.0}/tests/integration/test_prettier_integration.py

@@ -8,6 +8,7 @@ from loguru import logger
 
 from lintro.parsers.prettier.prettier_parser import parse_prettier_output
 from lintro.tools.implementations.tool_prettier import PrettierTool
+from lintro.utils.tool_utils import format_tool_output
 
 logger.remove()
 logger.add(lambda msg: print(msg, end=""), level="INFO")
@@ -167,3 +168,34 @@ def test_prettier_output_consistency_direct_vs_lintro(temp_prettier_file):
         f"Issue count mismatch: CLI={direct_issues}, Lintro={result.issues_count}\n"
         f"CLI Output:\n{direct_output}\nLintro Output:\n{result.output}"
     )
+
+
+def test_prettier_fix_sets_issues_for_table(temp_prettier_file):
+    """PrettierTool.fix should populate issues for table rendering.
+
+    Args:
+        temp_prettier_file: Pytest fixture providing a temporary file with violations.
+    """
+    tool = PrettierTool()
+    tool.set_options()
+
+    # Ensure there are initial issues
+    pre_result = tool.check([str(temp_prettier_file)])
+    assert pre_result.issues_count > 0
+
+    # Run fix and assert issues are provided for table formatting
+    fix_result = tool.fix([str(temp_prettier_file)])
+    assert fix_result.success is True
+    assert fix_result.remaining_issues_count == 0
+    assert fix_result.issues is not None
+    assert len(fix_result.issues) == pre_result.issues_count
+
+    # Verify that formatted output renders a table section for auto-fixables
+    formatted = format_tool_output(
+        tool_name="prettier",
+        output=fix_result.output or "",
+        group_by="auto",
+        output_format="grid",
+        issues=fix_result.issues,
+    )
+    assert "Auto-fixable issues" in formatted or formatted