owasp-depscan 6.0.0a3__py3-none-any.whl → 6.0.0b4__py3-none-any.whl

{owasp_depscan-6.0.0a3.dist-info → owasp_depscan-6.0.0b4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: owasp-depscan
-Version: 6.0.0a3
+Version: 6.0.0b4
 Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
 Author-email: Team AppThreat <cloud@appthreat.com>
 License-Expression: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
 Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: appthreat-vulnerability-db[oras]
+Requires-Dist: appthreat-vulnerability-db[oras]>=6.4.4
 Requires-Dist: custom-json-diff>=2.1.6
 Requires-Dist: defusedxml>=0.7.1
 Requires-Dist: PyYAML>=6.0.2
@@ -31,25 +31,24 @@ Requires-Dist: cvss>=3.4
 Requires-Dist: tomli>=2.2.1; python_full_version <= "3.11"
 Requires-Dist: ds-xbom-lib
 Requires-Dist: ds-analysis-lib
+Requires-Dist: ds-reporting-lib
 Provides-Extra: dev
-Requires-Dist: black>=25.1.0; extra == "dev"
 Requires-Dist: flake8>=7.1.2; extra == "dev"
 Requires-Dist: pytest>=8.3.4; extra == "dev"
+Requires-Dist: pytest-asyncio>=1.2.0; extra == "dev"
 Requires-Dist: pytest-cov>=6.0.0; extra == "dev"
 Requires-Dist: httpretty>=1.1.4; extra == "dev"
 Provides-Extra: server
-Requires-Dist: quart>=0.20.0; extra == "server"
+Requires-Dist: ds-server-lib; extra == "server"
 Provides-Extra: ext
 Requires-Dist: atom-tools>=0.7.8; extra == "ext"
-Requires-Dist: blint>=2.4.1; extra == "ext"
-Requires-Dist: pdfkit>=1.0.0; extra == "ext"
+Requires-Dist: blint>=3.0.5; extra == "ext"
 Provides-Extra: perf
 Requires-Dist: hishel[redis]>=0.1.1; extra == "perf"
 Provides-Extra: all
 Requires-Dist: atom-tools>=0.7.8; extra == "all"
-Requires-Dist: blint>=2.4.1; extra == "all"
-Requires-Dist: quart>=0.20.0; extra == "all"
-Requires-Dist: pdfkit>=1.0.0; extra == "all"
+Requires-Dist: blint>=3.0.5; extra == "all"
+Requires-Dist: ds-server-lib; extra == "all"
 Requires-Dist: PyGithub>=2.6.1; extra == "all"
 Requires-Dist: hishel[redis]>=0.1.1; extra == "all"
 Dynamic: license-file
@@ -58,7 +57,7 @@ Dynamic: license-file
 
 OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration with ASPM/VM platforms and in CI environments.
 
-![Depscan logo](dep-scan.png)
+<img src="depscan-logo.png" width="200" height="auto" />
 
 [![release](https://github.com/owasp-dep-scan/dep-scan/actions/workflows/pythonpublish.yml/badge.svg)](https://github.com/owasp-dep-scan/dep-scan/actions/workflows/pythonpublish.yml)
 
@@ -234,6 +233,11 @@ options:
                         depscan server host
   --server-port SERVER_PORT
                         depscan server port
+  --server-allowed-hosts [SERVER_ALLOWED_HOSTS ...]
+                        List of allowed hostnames or IPs that can access the server (e.g., 'localhost 192.168.1.10'). If unspecified, no host allowlist is
+                        enforced.
+  --server-allowed-paths [SERVER_ALLOWED_PATHS ...]
+                        List of allowed filesystem paths that can be scanned by the server. Restricts `path` parameter in /scan requests.
   --cdxgen-server CDXGEN_SERVER
                         cdxgen server url. Eg: http://cdxgen:9090
   --debug               Run depscan in debug mode.
@@ -316,13 +320,6 @@ docker compose up
 depscan --server --server-host 0.0.0.0 --server-port 7070
 ```
 
-In server mode, use the `/download-vdb` endpoint to cache the vulnerability database.
-
-```bash
-# This would take over 2 minutes
-curl http://0.0.0.0:7070/download-vdb
-```
-
 Use the `/scan` endpoint to perform scans.
 
 > [!NOTE]

{owasp_depscan-6.0.0a3.dist-info → owasp_depscan-6.0.0b4.dist-info}/RECORD

@@ -1,23 +1,23 @@
 depscan/__init__.py,sha256=u_HyD63vlgVi48bUU6bI8O1fdXJOLPaNwCrMJdCnzJE,165
-depscan/cli.py,sha256=bGTNQ6PV_GNz2YG-cGNJL57t4Ekkjr2l5FYsXKLJsAs,40885
-depscan/cli_options.py,sha256=zKje-zoM0OjCVW0pC6cRWb_8D6T-R1PTSjfGBjmSzZ8,9468
+depscan/cli.py,sha256=8_ekeym-3klttdXwTLqbiHiDV6vNtKQq8ww1MQMMFtE,32883
+depscan/cli_options.py,sha256=gTlfwv9q66B25d5XTUPkIbh_bynQCXnR447hwMXDdr4,9968
 depscan/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 depscan/lib/audit.py,sha256=i6sE-vN0Fk5gc-npHIhrrior4772_tTlPVAlznyuogo,1582
-depscan/lib/bom.py,sha256=OUFESoyPmYz0Igm9zoLn8ap6dLUJdQUb1VFN8i5lEgE,20823
+depscan/lib/bom.py,sha256=bByZcT8EFfO-GBOcSlsu43hZHw2-nnEOjC85cjIr1T8,20960
 depscan/lib/config.py,sha256=v3Rv4nyPMjvk-EbpWSSYcloQa4v2N0bTzXKWF5nDJvg,9572
-depscan/lib/explainer.py,sha256=Gw1So2sQ9qNbKYxJ0mx1KEraEltuYX284Cxy1MQeMrY,21165
+depscan/lib/explainer.py,sha256=7rNqEYfc6Ge2DNr2PQIwaZTY5yj0Q-SqmSYQHyhj0fs,22279
 depscan/lib/github.py,sha256=h6e_12xLwspXJbt_7lW6vuHaqgJQgyFSRCLrfUndCH4,1697
 depscan/lib/license.py,sha256=ChwqAXPrMcDQJqSgDag7Th8VwoRCq8oMvwPt64iL4gw,2404
 depscan/lib/logger.py,sha256=gU5epbOHlhvuFhMqRTgn71AJ4KPB5Gf2iAmgTx3qI-4,2837
 depscan/lib/tomlparse.py,sha256=q_JATqfqzv6_06wcSx0tRpcKY-x16NcNXxMnL5T1Mcw,5035
-depscan/lib/utils.py,sha256=22KOVADc6allSh8O9gzcA2jt__STmenLXfi_XGZlbwg,9407
+depscan/lib/utils.py,sha256=6KSQxBHKTkVRBLfe0u8-FChQapwqu2KOk_Xeu0u1-hY,8443
 depscan/lib/package_query/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 depscan/lib/package_query/cargo_pkg.py,sha256=mlvTJP2LIBpGWEAX2aOmQImkTzn0Ih9zup6Lp7nI-dU,5108
 depscan/lib/package_query/metadata.py,sha256=Nnh6ctLIXPRTMoHOjZC7uhmFM3ogGljg22dHkZZE62M,6617
 depscan/lib/package_query/npm_pkg.py,sha256=eXdTeq1ffxLN3fWfMh3QcGG1u0VYLGR4-0BmVoD5BPk,15443
 depscan/lib/package_query/pkg_query.py,sha256=ODnRegpD3gv5FIKy0ogXMEITcdfVVV-eoIaWf7UhrQU,7038
 depscan/lib/package_query/pypi_pkg.py,sha256=scn6UhMWqA0ajS-u5UVMGV7Vx-6PEY75lN6uET9yU5c,4808
-owasp_depscan-6.0.0a3.dist-info/licenses/LICENSE,sha256=oQnCbnZtJ_NLDdOLc-rVY1D1N0RNWLHPpYXcc77xzSo,1073
+owasp_depscan-6.0.0b4.dist-info/licenses/LICENSE,sha256=oQnCbnZtJ_NLDdOLc-rVY1D1N0RNWLHPpYXcc77xzSo,1073
 vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 vendor/choosealicense.com/_data/fields.yml,sha256=ydNsITXFUuADzGPM-jcUcJnN0r_qSGgH51oV27nX3Qs,819
 vendor/choosealicense.com/_data/meta.yml,sha256=rSNmnx0LE6VA9wnR29Y_P9s-TnADQqbdw2enE4i1mWM,1792
@@ -27,7 +27,7 @@ vendor/choosealicense.com/_licenses/afl-3.0.txt,sha256=geEcMDR01aeoPeGCdJ_JjZ4Mf
 vendor/choosealicense.com/_licenses/agpl-3.0.txt,sha256=Kh_aeCNLcVAuLPgDUCG1WS9eun6BByKKyk2Vu6ZF45c,35944
 vendor/choosealicense.com/_licenses/apache-2.0.txt,sha256=YJ4stZn4SqpB2O8p2P2wTRZPqyLo2Skso0pZnQ9Wozg,12624
 vendor/choosealicense.com/_licenses/artistic-2.0.txt,sha256=Yv9JWPxIuOcT9VDW97f9iaOq9UuSWN9XPlM4k6iBiSE,9649
-vendor/choosealicense.com/_licenses/blueoak-1.0.0.txt,sha256=WMrD25uYhI6ZAS-quCcDghSxt5y3cZWymKSdHJpZkmQ,2422
+vendor/choosealicense.com/_licenses/blueoak-1.0.0.txt,sha256=3vGJfYTAVu_6smy6FlLBh2XTzYBDduBchLU8CgRj7Yw,2425
 vendor/choosealicense.com/_licenses/bsd-2-clause-patent.txt,sha256=Nun0tMNvQE8EQ9OYuu4__J_oCv9PRefJH7TjCWWBZnk,3497
 vendor/choosealicense.com/_licenses/bsd-2-clause.txt,sha256=2CN9FlwXZBaoq5OL9-Eg2PNFCYFj_OyQF8VlL0Z_7K8,2260
 vendor/choosealicense.com/_licenses/bsd-3-clause-clear.txt,sha256=dCbal-fEXLo_-tWO4A3qAhDdvw3RFM1mU2UGuGaA4ug,2348
@@ -62,16 +62,16 @@ vendor/choosealicense.com/_licenses/mulanpsl-2.0.txt,sha256=-URwwR8aEk_uTxhRMkHz
 vendor/choosealicense.com/_licenses/ncsa.txt,sha256=TjJzqwphQaGAsPgU6vQmp_3zClN7X_kVxZ7ConaAIkI,2939
 vendor/choosealicense.com/_licenses/odbl-1.0.txt,sha256=2zFarxYKYFBr5ztVazm1wDzrAE8JLs2ZM57qcWfDkzI,26179
 vendor/choosealicense.com/_licenses/ofl-1.1.txt,sha256=rfABl7lxjv8qg1PN1kvFYFWF2xxTNugbGRd97vnFWMo,5824
-vendor/choosealicense.com/_licenses/osl-3.0.txt,sha256=4q1Y0uGQtIOD88Z1B4sc6wzJ9ztzRieUglrKqUSiK_s,11580
+vendor/choosealicense.com/_licenses/osl-3.0.txt,sha256=h9uUNnrydW8Szex8PzQ0dnbd2e4gTUe735gsfwIKwqM,11856
 vendor/choosealicense.com/_licenses/postgresql.txt,sha256=LTaJOLi4f7dA3DRsx2t4F267JuOSvHzJz5SJ7Pdpn5U,1709
 vendor/choosealicense.com/_licenses/unlicense.txt,sha256=3cLgcN8LslzpUbCVTZwbXSKxfxUNWOrGa9plPQRLte0,2001
 vendor/choosealicense.com/_licenses/upl-1.0.txt,sha256=yJ3mfZkFmzSHesz6uOF9S0fX6hkCVMhr7rmgUdGL2vc,3253
 vendor/choosealicense.com/_licenses/vim.txt,sha256=d5GQjXB328L8EBkhKgxcjk344D3K7UfcJmP1barrhHI,6119
 vendor/choosealicense.com/_licenses/wtfpl.txt,sha256=BxXeubkvQm32MDmlZsBcbzJzBpR5kWgw0JxSR9d7f3k,948
 vendor/choosealicense.com/_licenses/zlib.txt,sha256=e6dfCeLhxD3NCnIkY4cVIagRaWdRvencjNhHZ1APvpc,1678
-vendor/spdx/json/licenses.json,sha256=66zBMswN5ufUL8M9TIMV0PQH9aZK_X5mtHm3OkwKmVU,314245
-owasp_depscan-6.0.0a3.dist-info/METADATA,sha256=PNMzv77rY6OnnLcFgiZAhIU03rKYFblllVl7M_CTV14,17394
-owasp_depscan-6.0.0a3.dist-info/WHEEL,sha256=DnLRTWE75wApRYVsjgc6wsVswC54sMSJhAEd4xhDpBk,91
-owasp_depscan-6.0.0a3.dist-info/entry_points.txt,sha256=FxQKHFWZTfKU2eBxHPFRxwhSNexntYygYhquykS8zxA,69
-owasp_depscan-6.0.0a3.dist-info/top_level.txt,sha256=qbHOZvNU2dXANv946hMdP2vOi0ESQB5t2ZY5ktKtXvQ,15
-owasp_depscan-6.0.0a3.dist-info/RECORD,,
+vendor/spdx/json/licenses.json,sha256=oX5m9JJrCfwIWQt-Sxc--jPpBEKLcNKEyNA0S8VZO9U,325278
+owasp_depscan-6.0.0b4.dist-info/METADATA,sha256=_Q442bFhNyp9BuB2Cmi8lnhA7HWaFX9CBpb6h7SbJ_c,17638
+owasp_depscan-6.0.0b4.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+owasp_depscan-6.0.0b4.dist-info/entry_points.txt,sha256=QvBVhjzm1Vx1CQkACbQWeNykZInIXUFUi6scoOYA7XY,45
+owasp_depscan-6.0.0b4.dist-info/top_level.txt,sha256=qbHOZvNU2dXANv946hMdP2vOi0ESQB5t2ZY5ktKtXvQ,15
+owasp_depscan-6.0.0b4.dist-info/RECORD,,

{owasp_depscan-6.0.0a3.dist-info → owasp_depscan-6.0.0b4.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.4.0)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

{owasp_depscan-6.0.0a3.dist-info → owasp_depscan-6.0.0b4.dist-info}/entry_points.txt

@@ -1,3 +1,2 @@
 [console_scripts]
 depscan = depscan.cli:main
-scan = depscan.cli:main

vendor/choosealicense.com/_licenses/blueoak-1.0.0.txt

@@ -8,8 +8,8 @@ how: Create a text file (typically named LICENSE.md) in the root of your source
 
 using:
   drone-gc: https://github.com/drone/drone-gc/blob/master/LICENSE.md
+  Lil Scan: https://github.com/judofyr/lil-scan/blob/main/LICENSE.md
   oh-my-git: https://github.com/git-learning-game/oh-my-git/blob/main/LICENSE.md
-  punct: https://github.com/otherjoel/punct/blob/main/LICENSE.md 
 
 permissions:
   - commercial-use

vendor/choosealicense.com/_licenses/osl-3.0.txt

@@ -2,7 +2,7 @@
 title: Open Software License 3.0
 spdx-id: OSL-3.0
 
-description: OSL 3.0 is a copyleft license that does not require reciprocal licensing on linked works. It also provides an express grant of patent rights from contributors to users, with a termination clause triggered if a user files a patent infringement lawsuit.
+description: Permissions of this copyleft license are conditioned on distributing source code of licensed works and modifications under the same license. Copyright and license notices must be preserved. Contributors provide an express grant of patent rights. Using the work or modifications to provide services to external users is treated as distribution and also requires making source code available. Works that merely link to a licensed work are considered collective works and are not subject to the license's reciprocity requirements.
 
 how: Create a text file (typically named LICENSE or LICENSE.txt) in the root of your source code and copy the text of the license into the file. Files licensed under OSL 3.0 must also include the notice "Licensed under the Open Software License version 3.0" adjacent to the copyright notice.