owasp-depscan 5.1.2__py3-none-any.whl → 5.1.4__py3-none-any.whl

depscan/cli.py

@@ -536,6 +536,7 @@ def download_rafs_based_image():
                     nydus_download_command,
                     check=True,
                     stdout=subprocess.DEVNULL,
+                    stderr=subprocess.DEVNULL,
                 )
                 if os.path.exists(os.path.join(data_dir, "vdb.tar")):
                     rafs_image_downloaded = True

depscan/lib/logger.py

@@ -57,11 +57,16 @@ logging.basicConfig(
     ],
 )
 LOG = logging.getLogger(__name__)
-for _ in ("httpx", "oras"):
-    logging.getLogger(_).disabled = True
 
 # Set logging level
-if os.getenv("SCAN_DEBUG_MODE") == "debug" or os.getenv("AT_DEBUG_MODE") == "debug":
+if (
+    os.getenv("SCAN_DEBUG_MODE") == "debug"
+    or os.getenv("AT_DEBUG_MODE") == "debug"
+):
     LOG.setLevel(logging.DEBUG)
 
 DEBUG = logging.DEBUG
+
+for log_name, log_obj in logging.Logger.manager.loggerDict.items():
+    if log_name != __name__:
+        log_obj.disabled = True

depscan/lib/normalize.py

@@ -54,11 +54,10 @@ def create_pkg_variations(pkg_dict):
             if purl_obj:
                 pkg_type = purl_obj.get("type")
                 qualifiers = purl_obj.get("qualifiers", {})
-                namespace = purl_obj.get("namespace")
-                # npm is known for packages with no group
-                # To reduce false positives we retain such empty groups here
-                if pkg_type in ("npm",) and namespace is None:
-                    vendor_aliases.add("")
+                # npm is resulting in false positives
+                # Let's disable aliasing for now. See #194, #195, #196
+                if pkg_type in ("npm",):
+                    return pkg_list
                 if qualifiers and qualifiers.get("distro_name"):
                     os_distro_name = qualifiers.get("distro_name")
                     name_aliases.add(f"""{os_distro_name}/{name}""")

{owasp_depscan-5.1.2.dist-info → owasp_depscan-5.1.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: owasp-depscan
-Version: 5.1.2
+Version: 5.1.4
 Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
 Author-email: Team AppThreat <cloud@appthreat.com>
 License: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
 Requires-Python: >=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: appthreat-vulnerability-db >=5.5.6
+Requires-Dist: appthreat-vulnerability-db >=5.5.7
 Requires-Dist: defusedxml
 Requires-Dist: oras
 Requires-Dist: PyYAML
@@ -46,6 +46,37 @@ OWASP dep-scan is a next-generation security and risk audit tool based on known
 [![release](https://github.com/owasp-dep-scan/dep-scan/actions/workflows/pythonpublish.yml/badge.svg)](https://github.com/owasp-dep-scan/dep-scan/actions/workflows/pythonpublish.yml)
 [![Discord](https://img.shields.io/badge/-Discord-lime?style=for-the-badge&logo=discord&logoColor=white&color=black)](https://discord.gg/pF4BYWEJcS)
 
+## Contents
+- [Features](#features)
+    - [Vulnerability Data sources](#vulnerability-data-sources)
+    - [Linux distros](#linux-distros)
+- [Usage](#usage)
+    - [OCI Artifacts via ORAS cli](#oci-artifacts-via-oras-cli)
+    - [Single binary executables](#single-binary-executables)
+    - [Server mode](#server-mode)
+    - [Scanning projects locally (Python version)](#scanning-projects-locally-python-version)
+    - [Scanning containers locally (Python version)](#scanning-containers-locally-python-version)
+    - [Scanning projects locally (Docker container)](#scanning-projects-locally-docker-container)
+- [Supported languages and package format](#supported-languages-and-package-format)
+- [Reachability analysis](#reachability-analysis)
+    - [Example analysis for a Java project](#example-analysis-for-a-java-project)
+    - [Example analysis for a JavaScript project](#example-analysis-for-a-javascript-project)
+- [Customization through environment variables](#customization-through-environment-variables)
+- [GitHub Security Advisory](#github-security-advisory)
+- [Suggest mode](#suggest-mode)
+- [Package Risk audit](#package-risk-audit)
+    - [Automatic adjustment](#automatic-adjustment)
+    - [Configuring weights](#configuring-weights)
+- [Live OS scan](#live-os-scan)
+- [License scan](#license-scan)
+- [Kubernetes and Cloud apps](#kubernetes-and-cloud-apps)
+- [PDF reports](#pdf-reports)
+- [Custom reports](#custom-reports)
+- [Performance tuning](#performance-tuning)
+    - [Use nydus to speed up the initial vdb download](#use-nydus-to-speed-up-the-initial-vdb-download)
+- [Discord support](#discord-support)
+- [License](#license)
+
 ## Features
 
 -   Scan most application code - local repos, Linux container images, Kubernetes manifests, and OS - to identify known CVEs with prioritization

{owasp_depscan-5.1.2.dist-info → owasp_depscan-5.1.4.dist-info}/RECORD

@@ -1,5 +1,5 @@
 depscan/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-depscan/cli.py,sha256=2zLfxkcGL_3FbRHRS25rENmu1Ir_WmxZPPCLZ2O21TI,40511
+depscan/cli.py,sha256=ZduD_INndyYC_Gte4aKV2jTQcEqKSM7YGe_SXhTANtA,40558
 depscan/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 depscan/lib/analysis.py,sha256=GdrQbZRorQcTf4_8lC5C11phbI1iIJUNx9FhqgF4agc,50988
 depscan/lib/audit.py,sha256=6GmHOkhDYY1LCIRd-wUSrSISh6_IFR5PhOopPJIQTeE,1318
@@ -9,8 +9,8 @@ depscan/lib/csaf.py,sha256=KzolHW_gkt8ZDn4n8sUlwb1d4G6vdvCu8h5wO4DNnJ4,91834
 depscan/lib/explainer.py,sha256=yRCEroeNCSj_bUQXqwUkLHV3l7eSJvTYoms9T1CDgGk,9282
 depscan/lib/github.py,sha256=h6e_12xLwspXJbt_7lW6vuHaqgJQgyFSRCLrfUndCH4,1697
 depscan/lib/license.py,sha256=y4-WZuD2MOunKaLd2EJGcSYP6s3Lp_dgssdzhcl9eEM,2332
-depscan/lib/logger.py,sha256=UKsx_sKuSvkoR7Co4WwUzWe56Aidv0cNFQJM7lXU018,1576
-depscan/lib/normalize.py,sha256=LRVjbqXfyLakbSfyHvjBSuX7g23u9MfukJmu2otvi1Y,10736
+depscan/lib/logger.py,sha256=SOXvhlhNkBgIdzpXK7bisgniI5YtGnOWgREXS5vuKw4,1649
+depscan/lib/normalize.py,sha256=iZZylivfc15lQo4_yU0d_8CWlOFUnAIa512PSH46yrQ,10643
 depscan/lib/pkg_query.py,sha256=Hlf3LypsL7EF309HevcfhdjAOPDZbN1XRQOmjQpnxlI,20082
 depscan/lib/utils.py,sha256=fAG6eTRqEvmmbPOsMBdgQzaKo4KWAYdijRgn-_MX6t8,14428
 vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -63,9 +63,9 @@ vendor/choosealicense.com/_licenses/vim.txt,sha256=d5GQjXB328L8EBkhKgxcjk344D3K7
 vendor/choosealicense.com/_licenses/wtfpl.txt,sha256=BxXeubkvQm32MDmlZsBcbzJzBpR5kWgw0JxSR9d7f3k,948
 vendor/choosealicense.com/_licenses/zlib.txt,sha256=e6dfCeLhxD3NCnIkY4cVIagRaWdRvencjNhHZ1APvpc,1678
 vendor/spdx/json/licenses.json,sha256=_Vz_aACEg-giVk08ZBQLqB5Z3AnSWZmdD9I22ID3QNs,275192
-owasp_depscan-5.1.2.dist-info/LICENSE,sha256=oQnCbnZtJ_NLDdOLc-rVY1D1N0RNWLHPpYXcc77xzSo,1073
-owasp_depscan-5.1.2.dist-info/METADATA,sha256=dekkyDni671pV0rjKppOjMXT7LJXs4O9jWvIhRLqmWc,25287
-owasp_depscan-5.1.2.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-owasp_depscan-5.1.2.dist-info/entry_points.txt,sha256=FxQKHFWZTfKU2eBxHPFRxwhSNexntYygYhquykS8zxA,69
-owasp_depscan-5.1.2.dist-info/top_level.txt,sha256=qbHOZvNU2dXANv946hMdP2vOi0ESQB5t2ZY5ktKtXvQ,15
-owasp_depscan-5.1.2.dist-info/RECORD,,
+owasp_depscan-5.1.4.dist-info/LICENSE,sha256=oQnCbnZtJ_NLDdOLc-rVY1D1N0RNWLHPpYXcc77xzSo,1073
+owasp_depscan-5.1.4.dist-info/METADATA,sha256=fkt5Pgvpz3_3hjWZiXjhwKioYCFEvELw0n6ScOvhKS4,26928
+owasp_depscan-5.1.4.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+owasp_depscan-5.1.4.dist-info/entry_points.txt,sha256=FxQKHFWZTfKU2eBxHPFRxwhSNexntYygYhquykS8zxA,69
+owasp_depscan-5.1.4.dist-info/top_level.txt,sha256=qbHOZvNU2dXANv946hMdP2vOi0ESQB5t2ZY5ktKtXvQ,15
+owasp_depscan-5.1.4.dist-info/RECORD,,