owasp-depscan 6.0.0b3__py3-none-any.whl → 6.0.0b4__py3-none-any.whl

depscan/cli.py

@@ -2,10 +2,8 @@
 # -*- coding: utf-8 -*-
 
 import contextlib
-import json
 import os
 import sys
-import tempfile
 from typing import List
 
 from analysis_lib import (
@@ -24,7 +22,7 @@ from analysis_lib.utils import (
 )
 from analysis_lib.vdr import VDRAnalyzer
 from analysis_lib.reachability import get_reachability_impl
-from custom_json_diff.lib.utils import file_write, json_load
+from custom_json_diff.lib.utils import json_load
 from rich.panel import Panel
 from rich.terminal_theme import DEFAULT_TERMINAL_THEME, MONOKAI
 from vdb.lib import config
@@ -67,14 +65,11 @@ LOGO = """
          |
 """
 
-QUART_AVAILABLE = False
+SERVER_LIB = None
 try:
-    from quart import Quart, request
+    from server_lib import simple, ServerOptions
 
-    app = Quart(__name__, static_folder=None)
-    app.config.from_prefixed_env()
-    app.config["PROVIDE_AUTOMATIC_OPTIONS"] = True
-    QUART_AVAILABLE = True
+    SERVER_LIB = simple
 except ImportError:
     pass
 
@@ -239,237 +234,6 @@ def set_project_types(args, src_dir):
     return pkg_list, project_types_list
 
 
-if QUART_AVAILABLE:
-
-    @app.get("/")
-    async def index():
-        """
-
-        :return: An empty dictionary
-        """
-        return {}
-
-    @app.get("/download-vdb")
-    async def download_vdb():
-        """
-
-        :return: a JSON response indicating the status of the caching operation.
-        """
-        if db_lib.needs_update(days=0, hours=VDB_AGE_HOURS, default_status=False):
-            if not ORAS_AVAILABLE:
-                return {
-                    "error": "true",
-                    "message": "The oras package must be installed to automatically download the vulnerability database. Install depscan using `pip install owasp-depscan[all]` or use the official container image.",
-                }
-            if download_image(vdb_database_url, config.DATA_DIR):
-                return {
-                    "error": "false",
-                    "message": "vulnerability database downloaded successfully",
-                }
-            return {
-                "error": "true",
-                "message": "vulnerability database did not get downloaded correctly. Check the server logs.",
-            }
-        return {
-            "error": "false",
-            "message": "vulnerability database already exists",
-        }
-
-    @app.route("/scan", methods=["GET", "POST"])
-    async def run_scan():
-        """
-        :return: A JSON response containing the SBOM file path and a list of
-        vulnerabilities found in the scanned packages
-        """
-        q = request.args
-        params = await request.get_json()
-        uploaded_bom_file = await request.files
-
-        url = None
-        path = None
-        multi_project = None
-        project_type = None
-        results = []
-        profile = "generic"
-        deep = False
-        suggest_mode = True if q.get("suggest") in ("true", "1") else False
-        fuzzy_search = True if q.get("fuzzy_search") in ("true", "1") else False
-        if q.get("url"):
-            url = q.get("url")
-        if q.get("path"):
-            path = q.get("path")
-        if q.get("multiProject"):
-            multi_project = q.get("multiProject", "").lower() in ("true", "1")
-        if q.get("deep"):
-            deep = q.get("deep", "").lower() in ("true", "1")
-        if q.get("type"):
-            project_type = q.get("type")
-        if q.get("profile"):
-            profile = q.get("profile")
-        if params is not None:
-            if not url and params.get("url"):
-                url = params.get("url")
-            if not path and params.get("path"):
-                path = params.get("path")
-            if not multi_project and params.get("multiProject"):
-                multi_project = params.get("multiProject", "").lower() in (
-                    "true",
-                    "1",
-                )
-            if not deep and params.get("deep"):
-                deep = params.get("deep", "").lower() in (
-                    "true",
-                    "1",
-                )
-            if not project_type and params.get("type"):
-                project_type = params.get("type")
-            if not profile and params.get("profile"):
-                profile = params.get("profile")
-
-        if not path and not url and (uploaded_bom_file.get("file", None) is None):
-            return {
-                "error": "true",
-                "message": "path or url or a bom file upload is required",
-            }, 400
-        if not project_type:
-            return {"error": "true", "message": "project type is required"}, 400
-        if db_lib.needs_update(days=0, hours=VDB_AGE_HOURS, default_status=False):
-            return (
-                {
-                    "error": "true",
-                    "message": "Vulnerability database is empty. Prepare the "
-                    "vulnerability database by invoking /download-vdb endpoint "
-                    "before running scans.",
-                },
-                500,
-                {"Content-Type": "application/json"},
-            )
-
-        cdxgen_server = app.config.get("CDXGEN_SERVER_URL")
-        bom_file_path = None
-
-        if uploaded_bom_file.get("file", None) is not None:
-            bom_file = uploaded_bom_file["file"]
-            bom_file_content = bom_file.read().decode("utf-8")
-            try:
-                _ = json.loads(bom_file_content)
-            except Exception as e:
-                LOG.info(e)
-                return (
-                    {
-                        "error": "true",
-                        "message": "The uploaded file must be a valid JSON or XML.",
-                    },
-                    400,
-                    {"Content-Type": "application/json"},
-                )
-
-            LOG.debug("Processing uploaded file")
-            bom_file_suffix = str(bom_file.filename).rsplit(".", maxsplit=1)[-1]
-            tmp_bom_file = tempfile.NamedTemporaryFile(
-                delete=False, suffix=f".bom.{bom_file_suffix}"
-            )
-            path = tmp_bom_file.name
-            file_write(path, bom_file_content)
-
-        # Path points to a project directory
-        # Bug# 233. Path could be a url
-        if url or (path and os.path.isdir(path)):
-            with tempfile.NamedTemporaryFile(delete=False, suffix=".bom.json") as bfp:
-                project_type_list = project_type.split(",")
-                bom_status = create_bom(
-                    bfp.name,
-                    path,
-                    {
-                        "url": url,
-                        "path": path,
-                        "project_type": project_type_list,
-                        "multiProject": multi_project,
-                        "cdxgen_server": cdxgen_server,
-                        "profile": profile,
-                        "deep": deep,
-                    },
-                )
-                if bom_status:
-                    LOG.debug("BOM file was generated successfully at %s", bfp.name)
-                    bom_file_path = bfp.name
-
-        # Path points to a SBOM file
-        else:
-            if os.path.exists(path):
-                bom_file_path = path
-        # Direct purl-based lookups are not supported yet.
-        if bom_file_path is not None:
-            pkg_list, _ = get_pkg_list(bom_file_path)
-            # Here we are assuming there will be only one type
-            if project_type in type_audit_map:
-                audit_results = audit(project_type, pkg_list)
-                if audit_results:
-                    results = results + audit_results
-            if not pkg_list:
-                LOG.debug("Empty package search attempted!")
-            else:
-                LOG.debug("Scanning %d oss dependencies for issues", len(pkg_list))
-            bom_data = json_load(bom_file_path)
-            if not bom_data:
-                return (
-                    {
-                        "error": "true",
-                        "message": "Unable to generate SBOM. Check your input path or url.",
-                    },
-                    400,
-                    {"Content-Type": "application/json"},
-                )
-            options = VdrAnalysisKV(
-                project_type,
-                results,
-                pkg_aliases={},
-                purl_aliases={},
-                suggest_mode=suggest_mode,
-                scoped_pkgs={},
-                no_vuln_table=True,
-                bom_file=bom_file_path,
-                pkg_list=[],
-                direct_purls={},
-                reached_purls={},
-                console=console,
-                logger=LOG,
-                fuzzy_search=fuzzy_search,
-            )
-            vdr_result = VDRAnalyzer(vdr_options=options).process()
-            if vdr_result.success:
-                pkg_vulnerabilities = vdr_result.pkg_vulnerabilities
-                if pkg_vulnerabilities:
-                    bom_data["vulnerabilities"] = pkg_vulnerabilities
-                return json.dumps(bom_data), 200, {"Content-Type": "application/json"}
-        return (
-            {
-                "error": "true",
-                "message": "Unable to generate SBOM. Check your input path or url.",
-            },
-            500,
-            {"Content-Type": "application/json"},
-        )
-
-    def run_server(args):
-        """
-        Run depscan as server
-
-        :param args: Command line arguments passed to the function.
-        """
-        print(LOGO)
-        console.print(
-            f"Depscan server running on {args.server_host}:{args.server_port}"
-        )
-        app.config["CDXGEN_SERVER_URL"] = args.cdxgen_server
-        app.run(
-            host=args.server_host,
-            port=args.server_port,
-            debug=os.getenv("SCAN_DEBUG_MODE") == "debug",
-            use_reloader=False,
-        )
-
-
 def run_depscan(args):
     """
     Detects the project type, performs various scans and audits,
@@ -518,8 +282,20 @@ def run_depscan(args):
         os.environ["CDXGEN_DEBUG_MODE"] = "debug"
         LOG.setLevel(DEBUG)
     if args.server_mode:
-        if QUART_AVAILABLE:
-            return run_server(args)
+        if SERVER_LIB:
+            server_options = ServerOptions(
+                server_host=args.server_host,
+                server_port=args.server_port,
+                cdxgen_server=args.cdxgen_server,
+                allowed_hosts=args.server_allowed_hosts,
+                allowed_paths=args.server_allowed_paths,
+                console=console,
+                logger=LOG,
+                debug=args.enable_debug or os.environ.get("SCAN_DEBUG_MODE") == "debug",
+                create_bom=create_bom,
+                max_content_length=os.getenv("DEPSCAN_SERVER_MAX_CONTENT_LENGTH"),
+            )
+            return simple.run_server(server_options)
         else:
             LOG.info(
                 "The required packages for server mode are unavailable. Reinstall depscan using `pip install owasp-depscan[all]`."
@@ -565,9 +341,7 @@ def run_depscan(args):
     bom_dir_mode = args.bom_dir and os.path.exists(args.bom_dir)
     # Are we running with a config file
     config_file_mode = args.config and os.path.exists(args.config)
-    depscan_options = {**vars(args)}
-    depscan_options["src_dir"] = src_dir
-    depscan_options["reports_dir"] = reports_dir
+    depscan_options = {**vars(args), "src_dir": src_dir, "reports_dir": reports_dir}
     # Is the user looking for semantic analysis?
     # We can default to this when run against a BOM directory
     if (

depscan/cli_options.py

@@ -245,6 +245,19 @@ def build_parser():
         dest="server_port",
         help="depscan server port",
     )
+    parser.add_argument(
+        "--server-allowed-hosts",
+        nargs="*",
+        help="List of allowed hostnames or IPs that can access the server (e.g., 'localhost 192.168.1.10'). If unspecified, no host allowlist is enforced.",
+        default=None,
+    )
+
+    parser.add_argument(
+        "--server-allowed-paths",
+        nargs="*",
+        help="List of allowed filesystem paths that can be scanned by the server. Restricts `path` parameter in /scan requests.",
+        default=None,
+    )
     parser.add_argument(
         "--cdxgen-server",
         default=os.getenv("CDXGEN_SERVER_URL"),

depscan/lib/explainer.py

@@ -33,7 +33,7 @@ def explain(project_type, src_dir, bom_dir, vdr_file, vdr_result, explanation_mo
     pattern_methods = {}
     has_any_explanation = False
     has_any_crypto_flows = False
-    slices_files = glob.glob(f"{bom_dir}/**/*reachables.slices.json", recursive=True)
+    slices_files = glob.glob(f"{bom_dir}/**/*reachables.slices*.json", recursive=True)
     openapi_spec_files = None
     # Should we explain the endpoints and Code Hotspots
     if explanation_mode in (
@@ -70,9 +70,10 @@ The following endpoints and code hotspots were identified by depscan. Verify tha
             if "-" in fn:
                 section_label = f"# Explanations for {fn.split('-')[0].upper()}"
             console.print(Markdown(section_label))
-        if (reachables_data := json_load(sf, log=LOG)) and reachables_data.get(
-            "reachables"
-        ):
+        if reachables_data := json_load(sf, log=LOG):
+            # Backwards compatibility
+            if isinstance(reachables_data, dict) and reachables_data.get("reachables"):
+                reachables_data = reachables_data.get("reachables")
             if explanation_mode in ("NonReachables",):
                 rsection = Markdown(
                     f"""## {section_title}
@@ -193,7 +194,10 @@ def explain_reachables(
     has_explanation = False
     header_shown = False
     has_cpp_flow = False
-    for areach in reachables.get("reachables", []):
+    # Backwards compatibility
+    if isinstance(reachables, dict) and reachables.get("reachables"):
+        reachables = reachables.get("reachables")
+    for areach in reachables:
         cpp_flow = is_cpp_flow(areach.get("flows"))
         if not has_cpp_flow and cpp_flow:
             has_cpp_flow = True
@@ -465,8 +469,8 @@ def flow_to_str(explanation_mode, flow, project_type):
         and not flow.get("parentFileName").startswith("unknown")
     ):
         # strip common prefixes
-        name = flow.get('parentFileName', '')
-        for p in ('src/main/java/', 'src/main/scala/'):
+        name = flow.get("parentFileName", "")
+        for p in ("src/main/java/", "src/main/scala/"):
             name = name.removeprefix(p)
         file_loc = f"{name}#{flow.get('lineNumber')}    "
     node_desc = flow.get("code").split("\n")[0]

depscan/lib/utils.py

@@ -1,8 +1,6 @@
 import ast
 import os
 import re
-import shutil
-from datetime import datetime
 
 from custom_json_diff.lib.utils import file_read, file_write, json_load
 from jinja2 import Environment
@@ -84,11 +82,12 @@ def is_exe(src):
     Detect if the source is a binary file
 
     :param src: Source path
-    :return True if binary file. False otherwise.
+    :return: True if binary file. False otherwise.
     """
     if os.path.isfile(src):
         try:
-            return is_binary_string(open(src, "rb").read(1024))
+            with open(src, "rb") as f:
+                return is_binary_string(f.read(1024))
         except Exception:
             return False
     return False
@@ -228,40 +227,6 @@ def get_all_imports(src_dir):
     return import_list
 
 
-def export_pdf(
-    html_file,
-    pdf_file,
-    title="DepScan Analysis",
-    footer=f"Report generated by OWASP dep-scan at {datetime.now().strftime('%B %d, %Y %H:%M')}",
-):
-    """
-    Method to export html as pdf using pdfkit
-    """
-    pdf_options = {
-        "page-size": "A2",
-        "margin-top": "0.5in",
-        "margin-right": "0.25in",
-        "margin-bottom": "0.5in",
-        "margin-left": "0.25in",
-        "encoding": "UTF-8",
-        "outline": None,
-        "title": title,
-        "footer-right": footer,
-        "minimum-font-size": "12",
-        "disable-smart-shrinking": "",
-    }
-    if shutil.which("wkhtmltopdf"):
-        try:
-            import pdfkit
-
-            if not pdf_file and html_file:
-                pdf_file = html_file.replace(".html", ".pdf")
-            if os.path.exists(html_file):
-                pdfkit.from_file(html_file, pdf_file, options=pdf_options)
-        except Exception:
-            pass
-
-
 def render_template_report(
     vdr_file,
     bom_file,

{owasp_depscan-6.0.0b3.dist-info → owasp_depscan-6.0.0b4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: owasp-depscan
-Version: 6.0.0b3
+Version: 6.0.0b4
 Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
 Author-email: Team AppThreat <cloud@appthreat.com>
 License-Expression: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
 Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: appthreat-vulnerability-db[oras]>=6.4.3
+Requires-Dist: appthreat-vulnerability-db[oras]>=6.4.4
 Requires-Dist: custom-json-diff>=2.1.6
 Requires-Dist: defusedxml>=0.7.1
 Requires-Dist: PyYAML>=6.0.2
@@ -33,24 +33,22 @@ Requires-Dist: ds-xbom-lib
 Requires-Dist: ds-analysis-lib
 Requires-Dist: ds-reporting-lib
 Provides-Extra: dev
-Requires-Dist: black>=25.1.0; extra == "dev"
 Requires-Dist: flake8>=7.1.2; extra == "dev"
 Requires-Dist: pytest>=8.3.4; extra == "dev"
+Requires-Dist: pytest-asyncio>=1.2.0; extra == "dev"
 Requires-Dist: pytest-cov>=6.0.0; extra == "dev"
 Requires-Dist: httpretty>=1.1.4; extra == "dev"
 Provides-Extra: server
-Requires-Dist: quart>=0.20.0; extra == "server"
+Requires-Dist: ds-server-lib; extra == "server"
 Provides-Extra: ext
 Requires-Dist: atom-tools>=0.7.8; extra == "ext"
-Requires-Dist: blint>=2.4.1; extra == "ext"
-Requires-Dist: pdfkit>=1.0.0; extra == "ext"
+Requires-Dist: blint>=3.0.5; extra == "ext"
 Provides-Extra: perf
 Requires-Dist: hishel[redis]>=0.1.1; extra == "perf"
 Provides-Extra: all
 Requires-Dist: atom-tools>=0.7.8; extra == "all"
-Requires-Dist: blint>=2.4.1; extra == "all"
-Requires-Dist: quart>=0.20.0; extra == "all"
-Requires-Dist: pdfkit>=1.0.0; extra == "all"
+Requires-Dist: blint>=3.0.5; extra == "all"
+Requires-Dist: ds-server-lib; extra == "all"
 Requires-Dist: PyGithub>=2.6.1; extra == "all"
 Requires-Dist: hishel[redis]>=0.1.1; extra == "all"
 Dynamic: license-file
@@ -59,7 +57,7 @@ Dynamic: license-file
 
 OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration with ASPM/VM platforms and in CI environments.
 
-![Depscan logo](dep-scan.png)
+<img src="depscan-logo.png" width="200" height="auto" />
 
 [![release](https://github.com/owasp-dep-scan/dep-scan/actions/workflows/pythonpublish.yml/badge.svg)](https://github.com/owasp-dep-scan/dep-scan/actions/workflows/pythonpublish.yml)
 
@@ -235,6 +233,11 @@ options:
                         depscan server host
   --server-port SERVER_PORT
                         depscan server port
+  --server-allowed-hosts [SERVER_ALLOWED_HOSTS ...]
+                        List of allowed hostnames or IPs that can access the server (e.g., 'localhost 192.168.1.10'). If unspecified, no host allowlist is
+                        enforced.
+  --server-allowed-paths [SERVER_ALLOWED_PATHS ...]
+                        List of allowed filesystem paths that can be scanned by the server. Restricts `path` parameter in /scan requests.
   --cdxgen-server CDXGEN_SERVER
                         cdxgen server url. Eg: http://cdxgen:9090
   --debug               Run depscan in debug mode.
@@ -317,13 +320,6 @@ docker compose up
 depscan --server --server-host 0.0.0.0 --server-port 7070
 ```
 
-In server mode, use the `/download-vdb` endpoint to cache the vulnerability database.
-
-```bash
-# This would take over 2 minutes
-curl http://0.0.0.0:7070/download-vdb
-```
-
 Use the `/scan` endpoint to perform scans.
 
 > [!NOTE]

{owasp_depscan-6.0.0b3.dist-info → owasp_depscan-6.0.0b4.dist-info}/RECORD

@@ -1,23 +1,23 @@
 depscan/__init__.py,sha256=u_HyD63vlgVi48bUU6bI8O1fdXJOLPaNwCrMJdCnzJE,165
-depscan/cli.py,sha256=7QDlrQz4g_fLwGjWxyAnLoIISG1Yg8WdIGtRKhyk3NU,41229
-depscan/cli_options.py,sha256=zKje-zoM0OjCVW0pC6cRWb_8D6T-R1PTSjfGBjmSzZ8,9468
+depscan/cli.py,sha256=8_ekeym-3klttdXwTLqbiHiDV6vNtKQq8ww1MQMMFtE,32883
+depscan/cli_options.py,sha256=gTlfwv9q66B25d5XTUPkIbh_bynQCXnR447hwMXDdr4,9968
 depscan/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 depscan/lib/audit.py,sha256=i6sE-vN0Fk5gc-npHIhrrior4772_tTlPVAlznyuogo,1582
 depscan/lib/bom.py,sha256=bByZcT8EFfO-GBOcSlsu43hZHw2-nnEOjC85cjIr1T8,20960
 depscan/lib/config.py,sha256=v3Rv4nyPMjvk-EbpWSSYcloQa4v2N0bTzXKWF5nDJvg,9572
-depscan/lib/explainer.py,sha256=yyGE7FwXmzcTniYewHBSkxtfgR6wilG5KXn6WgyyiWY,22018
+depscan/lib/explainer.py,sha256=7rNqEYfc6Ge2DNr2PQIwaZTY5yj0Q-SqmSYQHyhj0fs,22279
 depscan/lib/github.py,sha256=h6e_12xLwspXJbt_7lW6vuHaqgJQgyFSRCLrfUndCH4,1697
 depscan/lib/license.py,sha256=ChwqAXPrMcDQJqSgDag7Th8VwoRCq8oMvwPt64iL4gw,2404
 depscan/lib/logger.py,sha256=gU5epbOHlhvuFhMqRTgn71AJ4KPB5Gf2iAmgTx3qI-4,2837
 depscan/lib/tomlparse.py,sha256=q_JATqfqzv6_06wcSx0tRpcKY-x16NcNXxMnL5T1Mcw,5035
-depscan/lib/utils.py,sha256=22KOVADc6allSh8O9gzcA2jt__STmenLXfi_XGZlbwg,9407
+depscan/lib/utils.py,sha256=6KSQxBHKTkVRBLfe0u8-FChQapwqu2KOk_Xeu0u1-hY,8443
 depscan/lib/package_query/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 depscan/lib/package_query/cargo_pkg.py,sha256=mlvTJP2LIBpGWEAX2aOmQImkTzn0Ih9zup6Lp7nI-dU,5108
 depscan/lib/package_query/metadata.py,sha256=Nnh6ctLIXPRTMoHOjZC7uhmFM3ogGljg22dHkZZE62M,6617
 depscan/lib/package_query/npm_pkg.py,sha256=eXdTeq1ffxLN3fWfMh3QcGG1u0VYLGR4-0BmVoD5BPk,15443
 depscan/lib/package_query/pkg_query.py,sha256=ODnRegpD3gv5FIKy0ogXMEITcdfVVV-eoIaWf7UhrQU,7038
 depscan/lib/package_query/pypi_pkg.py,sha256=scn6UhMWqA0ajS-u5UVMGV7Vx-6PEY75lN6uET9yU5c,4808
-owasp_depscan-6.0.0b3.dist-info/licenses/LICENSE,sha256=oQnCbnZtJ_NLDdOLc-rVY1D1N0RNWLHPpYXcc77xzSo,1073
+owasp_depscan-6.0.0b4.dist-info/licenses/LICENSE,sha256=oQnCbnZtJ_NLDdOLc-rVY1D1N0RNWLHPpYXcc77xzSo,1073
 vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 vendor/choosealicense.com/_data/fields.yml,sha256=ydNsITXFUuADzGPM-jcUcJnN0r_qSGgH51oV27nX3Qs,819
 vendor/choosealicense.com/_data/meta.yml,sha256=rSNmnx0LE6VA9wnR29Y_P9s-TnADQqbdw2enE4i1mWM,1792
@@ -27,7 +27,7 @@ vendor/choosealicense.com/_licenses/afl-3.0.txt,sha256=geEcMDR01aeoPeGCdJ_JjZ4Mf
 vendor/choosealicense.com/_licenses/agpl-3.0.txt,sha256=Kh_aeCNLcVAuLPgDUCG1WS9eun6BByKKyk2Vu6ZF45c,35944
 vendor/choosealicense.com/_licenses/apache-2.0.txt,sha256=YJ4stZn4SqpB2O8p2P2wTRZPqyLo2Skso0pZnQ9Wozg,12624
 vendor/choosealicense.com/_licenses/artistic-2.0.txt,sha256=Yv9JWPxIuOcT9VDW97f9iaOq9UuSWN9XPlM4k6iBiSE,9649
-vendor/choosealicense.com/_licenses/blueoak-1.0.0.txt,sha256=WMrD25uYhI6ZAS-quCcDghSxt5y3cZWymKSdHJpZkmQ,2422
+vendor/choosealicense.com/_licenses/blueoak-1.0.0.txt,sha256=3vGJfYTAVu_6smy6FlLBh2XTzYBDduBchLU8CgRj7Yw,2425
 vendor/choosealicense.com/_licenses/bsd-2-clause-patent.txt,sha256=Nun0tMNvQE8EQ9OYuu4__J_oCv9PRefJH7TjCWWBZnk,3497
 vendor/choosealicense.com/_licenses/bsd-2-clause.txt,sha256=2CN9FlwXZBaoq5OL9-Eg2PNFCYFj_OyQF8VlL0Z_7K8,2260
 vendor/choosealicense.com/_licenses/bsd-3-clause-clear.txt,sha256=dCbal-fEXLo_-tWO4A3qAhDdvw3RFM1mU2UGuGaA4ug,2348
@@ -62,16 +62,16 @@ vendor/choosealicense.com/_licenses/mulanpsl-2.0.txt,sha256=-URwwR8aEk_uTxhRMkHz
 vendor/choosealicense.com/_licenses/ncsa.txt,sha256=TjJzqwphQaGAsPgU6vQmp_3zClN7X_kVxZ7ConaAIkI,2939
 vendor/choosealicense.com/_licenses/odbl-1.0.txt,sha256=2zFarxYKYFBr5ztVazm1wDzrAE8JLs2ZM57qcWfDkzI,26179
 vendor/choosealicense.com/_licenses/ofl-1.1.txt,sha256=rfABl7lxjv8qg1PN1kvFYFWF2xxTNugbGRd97vnFWMo,5824
-vendor/choosealicense.com/_licenses/osl-3.0.txt,sha256=4q1Y0uGQtIOD88Z1B4sc6wzJ9ztzRieUglrKqUSiK_s,11580
+vendor/choosealicense.com/_licenses/osl-3.0.txt,sha256=h9uUNnrydW8Szex8PzQ0dnbd2e4gTUe735gsfwIKwqM,11856
 vendor/choosealicense.com/_licenses/postgresql.txt,sha256=LTaJOLi4f7dA3DRsx2t4F267JuOSvHzJz5SJ7Pdpn5U,1709
 vendor/choosealicense.com/_licenses/unlicense.txt,sha256=3cLgcN8LslzpUbCVTZwbXSKxfxUNWOrGa9plPQRLte0,2001
 vendor/choosealicense.com/_licenses/upl-1.0.txt,sha256=yJ3mfZkFmzSHesz6uOF9S0fX6hkCVMhr7rmgUdGL2vc,3253
 vendor/choosealicense.com/_licenses/vim.txt,sha256=d5GQjXB328L8EBkhKgxcjk344D3K7UfcJmP1barrhHI,6119
 vendor/choosealicense.com/_licenses/wtfpl.txt,sha256=BxXeubkvQm32MDmlZsBcbzJzBpR5kWgw0JxSR9d7f3k,948
 vendor/choosealicense.com/_licenses/zlib.txt,sha256=e6dfCeLhxD3NCnIkY4cVIagRaWdRvencjNhHZ1APvpc,1678
-vendor/spdx/json/licenses.json,sha256=FXeJupGYSuy6XGe4QWjbvUGiNbkQp1aapkv0KoiyQpA,318777
-owasp_depscan-6.0.0b3.dist-info/METADATA,sha256=4Vun159I4kjIAXBrdNGZLwAmDzupQn2qP57CV40VHk4,17433
-owasp_depscan-6.0.0b3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-owasp_depscan-6.0.0b3.dist-info/entry_points.txt,sha256=QvBVhjzm1Vx1CQkACbQWeNykZInIXUFUi6scoOYA7XY,45
-owasp_depscan-6.0.0b3.dist-info/top_level.txt,sha256=qbHOZvNU2dXANv946hMdP2vOi0ESQB5t2ZY5ktKtXvQ,15
-owasp_depscan-6.0.0b3.dist-info/RECORD,,
+vendor/spdx/json/licenses.json,sha256=oX5m9JJrCfwIWQt-Sxc--jPpBEKLcNKEyNA0S8VZO9U,325278
+owasp_depscan-6.0.0b4.dist-info/METADATA,sha256=_Q442bFhNyp9BuB2Cmi8lnhA7HWaFX9CBpb6h7SbJ_c,17638
+owasp_depscan-6.0.0b4.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+owasp_depscan-6.0.0b4.dist-info/entry_points.txt,sha256=QvBVhjzm1Vx1CQkACbQWeNykZInIXUFUi6scoOYA7XY,45
+owasp_depscan-6.0.0b4.dist-info/top_level.txt,sha256=qbHOZvNU2dXANv946hMdP2vOi0ESQB5t2ZY5ktKtXvQ,15
+owasp_depscan-6.0.0b4.dist-info/RECORD,,

vendor/choosealicense.com/_licenses/blueoak-1.0.0.txt

@@ -8,8 +8,8 @@ how: Create a text file (typically named LICENSE.md) in the root of your source
 
 using:
   drone-gc: https://github.com/drone/drone-gc/blob/master/LICENSE.md
+  Lil Scan: https://github.com/judofyr/lil-scan/blob/main/LICENSE.md
   oh-my-git: https://github.com/git-learning-game/oh-my-git/blob/main/LICENSE.md
-  punct: https://github.com/otherjoel/punct/blob/main/LICENSE.md 
 
 permissions:
   - commercial-use

vendor/choosealicense.com/_licenses/osl-3.0.txt

@@ -2,7 +2,7 @@
 title: Open Software License 3.0
 spdx-id: OSL-3.0
 
-description: OSL 3.0 is a copyleft license that does not require reciprocal licensing on linked works. It also provides an express grant of patent rights from contributors to users, with a termination clause triggered if a user files a patent infringement lawsuit.
+description: Permissions of this copyleft license are conditioned on distributing source code of licensed works and modifications under the same license. Copyright and license notices must be preserved. Contributors provide an express grant of patent rights. Using the work or modifications to provide services to external users is treated as distribution and also requires making source code available. Works that merely link to a licensed work are considered collective works and are not subject to the license's reciprocity requirements.
 
 how: Create a text file (typically named LICENSE or LICENSE.txt) in the root of your source code and copy the text of the license into the file. Files licensed under OSL 3.0 must also include the notice "Licensed under the Open Software License version 3.0" adjacent to the copyright notice.