python-ort 0.6.2__tar.gz → 0.6.4__tar.gz

{python_ort-0.6.2 → python_ort-0.6.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python-ort
-Version: 0.6.2
+Version: 0.6.4
 Summary: A Python Ort model serialization library
 License-Expression: MIT
 License-File: LICENSE
@@ -13,6 +13,7 @@ Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
 Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Dist: packageurl-python>=0.17.6
 Requires-Dist: pydantic>=2.12.5
 Requires-Python: >=3.10
 Description-Content-Type: text/markdown

{python_ort-0.6.2 → python_ort-0.6.4}/pyproject.toml

@@ -1,16 +1,17 @@
 [build-system]
-requires = ["uv_build>=0.8.12,<0.10.0"]
+requires = ["uv_build>=0.8.12,<0.11.0"]
 build-backend = "uv_build"
 
 [project]
 name = "python-ort"
-version = "0.6.2"
+version = "0.6.4"
 description = "A Python Ort model serialization library"
 readme = "README.md"
 license = "MIT"
 license-files = ["LICENSE"]
 requires-python = ">=3.10"
 dependencies = [
+    "packageurl-python>=0.17.6",
     "pydantic>=2.12.5",
 ]
 classifiers = [
@@ -36,9 +37,9 @@ module-root = "src"
 dev = [
     "datamodel-code-generator[http]>=0.54.0",
     "pytest>=9.0.2",
-    "rich>=14.3.2",
-    "ruff>=0.15.1",
-    "ty>=0.0.17",
+    "rich>=14.3.3",
+    "ruff>=0.15.4",
+    "ty>=0.0.20",
     "types-pyyaml>=6.0.12.20250915",
 ]
 

{python_ort-0.6.2 → python_ort-0.6.4}/src/ort/__init__.py

@@ -2,9 +2,9 @@
 #
 # SPDX-License-Identifier: MIT
 
-from ort.models.analyzer_result import AnalyzerResult
-from ort.models.ort_result import OrtResult
-from ort.models.repository_configuration import RepositoryConfiguration
+from .models.analyzer_result import AnalyzerResult
+from .models.config.repository_configuration import RepositoryConfiguration
+from .models.ort_result import OrtResult
 
 __all__ = [
     "AnalyzerResult",

{python_ort-0.6.2 → python_ort-0.6.4}/src/ort/models/__init__.py

@@ -6,6 +6,13 @@ from .advisor_result import AdvisorResult
 from .advisor_run import AdvisorRun
 from .analyzer_result import AnalyzerResult
 from .analyzer_run import AnalyzerRun
+from .config.excludes import Excludes
+from .config.includes import Includes
+from .config.path_exclude import PathExclude
+from .config.path_exclude_reason import PathExcludeReason
+from .config.path_include import PathInclude
+from .config.path_include_reason import PathIncludeReason
+from .config.repository_configuration import RepositoryConfiguration
 from .dependency_graph import DependencyGraph
 from .dependency_graph_edge import DependencyGraphEdge
 from .dependency_graph_node import DependencyGraphNode
@@ -23,7 +30,6 @@ from .package_reference import PackageReference
 from .project import Project
 from .remote_artifact import RemoteArtifact
 from .repository import Repository
-from .repository_configuration import RepositoryConfiguration
 from .root_dependency_index import RootDependencyIndex
 from .scope import Scope
 from .source_code_origin import SourceCodeOrigin
@@ -44,6 +50,8 @@ __all__ = [
     "Hash",
     "HashAlgorithm",
     "Identifier",
+    "Includes",
+    "Excludes",
     "Issue",
     "OrtResult",
     "Package",
@@ -51,6 +59,10 @@ __all__ = [
     "PackageCurationData",
     "PackageLinkage",
     "PackageReference",
+    "PathExcludeReason",
+    "PathIncludeReason",
+    "PathExclude",
+    "PathInclude",
     "Project",
     "RemoteArtifact",
     "Repository",

python_ort-0.6.4/src/ort/models/config/excludes.py

@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .path_exclude import PathExclude
+from .scope_exclude import ScopeExclude
+
+
+class Excludes(BaseModel):
+    """
+    Defines which parts of a repository should be excluded.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    paths: list[PathExclude] = Field(
+        default_factory=list,
+        description="Path excludes.",
+    )
+
+    scopes: list[ScopeExclude] = Field(
+        default_factory=list,
+        description="Scopes that will be excluded from all projects.",
+    )

python_ort-0.6.4/src/ort/models/config/includes.py

@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .path_include import PathInclude
+
+
+class Includes(BaseModel):
+    """
+    Defines which parts of a repository should be excluded.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    paths: list[PathInclude] = Field(
+        default_factory=list,
+        description="Path includes.",
+    )

python_ort-0.6.4/src/ort/models/config/issue_resolution.py

@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .issue_resolution_reason import IssueResolutionReason
+
+
+class IssueResolution(BaseModel):
+    """
+    Defines the resolution of an [Issue]. This can be used to silence false positives, or issues that have been
+    identified as not being relevant.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    message: str = Field(
+        description="A regular expression string to match the messages of issues to resolve. Whitespace in the message"
+        "will be [collapsed][collapseWhitespace] and it will be converted to a [Regex] using"
+        "[RegexOption.DOT_MATCHES_ALL].",
+    )
+
+    reason: IssueResolutionReason = Field(
+        description="The reason why the issue is resolved.",
+    )
+
+    comment: str = Field(
+        description="A comment to further explain why the [reason] is applicable here.",
+    )

python_ort-0.6.4/src/ort/models/config/issue_resolution_reason.py

@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from enum import IntEnum
+
+
+class IssueResolutionReason(IntEnum):
+    """
+    Possible reasons for resolving an Issue using an IssueResolution.
+
+    properties:
+        BUILD_TOOL_ISSUE:
+            The issue originates from the build tool used by the project.
+        CANT_FIX_ISSUE:
+            The issue can not be fixed.
+            For example, it requires a change to be made by a third party that is not responsive.
+        SCANNER_ISSUE:
+            The issue is due to an irrelevant scanner issue.
+            For example, a time out on a large file that is not distributed.
+    """
+
+    BUILD_TOOL_ISSUE = 1
+    CANT_FIX_ISSUE = 2
+    SCANNER_ISSUE = 3

python_ort-0.6.4/src/ort/models/config/license_choice.py

@@ -0,0 +1,45 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de     Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+from pydantic import BaseModel, ConfigDict, Field
+
+from ...utils.spdx.spdx_license_choice import SpdxLicenseChoice
+from ..identifier import Identifier
+
+
+class PackageLicenseChoice(BaseModel):
+    """
+    SpdxLicenseChoice]s defined for an artifact.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    package_id: Identifier = Field(
+        ...,
+        description="Package ID",
+    )
+    license_choice: list[SpdxLicenseChoice] = Field(
+        default_factory=list,
+        description="List of spdx license",
+    )
+
+
+class LicenseChoice(BaseModel):
+    """
+    [SpdxLicenseChoice]s that are applied to all packages in the repository. As the [SpdxLicenseChoice] is applied to
+    each package that offers this license as a choice, [SpdxLicenseChoice.given] can not be null. This helps only
+    applying the choice to a wanted [SpdxLicenseChoice.given] as opposed to all licenses with that choice, which
+    could lead to unwanted applied choices.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    repository_license_choices: list[SpdxLicenseChoice] = Field(
+        default_factory=list,
+        description="SPDX",
+    )
+    package_license_choice: list[PackageLicenseChoice] = Field(
+        default_factory=list,
+        description="Package",
+    )

{python_ort-0.6.2 → python_ort-0.6.4}/src/ort/models/config/path_exclude.py

@@ -1,10 +1,12 @@
-# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
 # SPDX-License-Identifier: MIT
 
 
-from pydantic import BaseModel, ConfigDict, Field
+from pydantic import BaseModel, ConfigDict, Field, field_validator
 
-from ort.models.config.path_exclude_reason import PathExcludeReason
+from ort.utils import convert_enum
+
+from .path_exclude_reason import PathExcludeReason
 
 
 class PathExclude(BaseModel):
@@ -30,3 +32,8 @@ class PathExclude(BaseModel):
         default_factory=str,
         description="A comment to further explain why the [reason] is applicable here.",
     )
+
+    @field_validator("reason", mode="before")
+    @classmethod
+    def validate_reason(cls, value):
+        return convert_enum(PathExcludeReason, value)

{python_ort-0.6.2 → python_ort-0.6.4}/src/ort/models/config/path_exclude_reason.py

@@ -1,73 +1,47 @@
 # SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
 # SPDX-License-Identifier: MIT
 
-from enum import Enum, auto
+from enum import IntEnum
 
 
-class PathExcludeReason(Enum):
+class PathExcludeReason(IntEnum):
     """
     Possible reasons for excluding a path.
-    Attributes
+
+    Attributes:
         BUILD_TOOL_OF
             The path only contains tools used for building source code which are not included in
             distributed build artifacts.
-
         DATA_FILE_OF
             The path only contains data files such as fonts or images which are not included in
             distributed build artifacts.
-
         DOCUMENTATION_OF
             The path only contains documentation which is not included in distributed build artifacts.
-
         EXAMPLE_OF
             The path only contains source code examples which are not included in distributed build
             artifacts.
-
         OPTIONAL_COMPONENT_OF
             The path only contains optional components for the code that is built which are not included
             in distributed build artifacts.
-
         OTHER
             Any other reason which cannot be represented by any other element of PathExcludeReason.
-
         PROVIDED_BY
             The path only contains packages or sources for packages that have to be provided by the user
             of distributed build artifacts.
-
         TEST_OF
             The path only contains files used for testing source code which are not included in
             distributed build artifacts.
-
         TEST_TOOL_OF
             The path only contains tools used for testing source code which are not included in
             distributed build artifacts.
     """
 
-    # The path only contains tools used for building source code which are not included in distributed build artifacts.
-    BUILD_TOOL_OF = auto()
-
-    # The path only contains data files such as fonts or images which are not included in distributed build artifacts.
-    DATA_FILE_OF = auto()
-
-    # The path only contains documentation which is not included in distributed build artifacts.
-    DOCUMENTATION_OF = auto()
-
-    # The path only contains source code examples which are not included in distributed build artifacts.
-    EXAMPLE_OF = auto()
-
-    # The path only contains optional components for the code that is built which are not included
-    # in distributed build artifacts.
-    OPTIONAL_COMPONENT_OF = auto()
-
-    # Any other reason which cannot be represented by any other element of PathExcludeReason.
-    OTHER = auto()
-
-    # The path only contains packages or sources for packages that have to be provided by the user
-    # of distributed build artifacts.
-    PROVIDED_BY = auto()
-
-    # The path only contains files used for testing source code which are not included in distributed build artifacts.
-    TEST_OF = auto()
-
-    # The path only contains tools used for testing source code which are not included in distributed build artifacts.
-    TEST_TOOL_OF = auto()
+    BUILD_TOOL_OF = 1
+    DATA_FILE_OF = 2
+    DOCUMENTATION_OF = 3
+    EXAMPLE_OF = 4
+    OPTIONAL_COMPONENT_OF = 5
+    OTHER = 6
+    PROVIDED_BY = 7
+    TEST_OF = 8
+    TEST_TOOL_OF = 9

python_ort-0.6.4/src/ort/models/config/path_include.py

@@ -0,0 +1,39 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field, field_validator
+
+from ort.utils import convert_enum
+
+from .path_include_reason import PathIncludeReason
+
+
+class PathInclude(BaseModel):
+    """
+    Defines paths which should be excluded. Each file or directory that is matched by the [glob][pattern] is marked as
+    excluded. If a project definition file is matched by the [pattern], the whole project is excluded. For details about
+    the glob syntax see the [FileMatcher] implementation.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    pattern: str = Field(
+        description="A glob to match the path of the project definition file, relative to the root of the repository."
+    )
+
+    reason: PathIncludeReason = Field(
+        description="The reason why the project is included, out of a predefined choice.",
+    )
+
+    comment: str = Field(
+        default_factory=str,
+        description="A comment to further explain why the [reason] is applicable here.",
+    )
+
+    @field_validator("reason", mode="before")
+    @classmethod
+    def validate_reason(cls, value):
+        return convert_enum(PathIncludeReason, value)

python_ort-0.6.4/src/ort/models/config/path_include_reason.py

@@ -0,0 +1,19 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from enum import IntEnum
+
+
+class PathIncludeReason(IntEnum):
+    """
+    Possible reasons for including a path.
+
+    Attributes:
+        SOURCE_OF
+            The path contains source code used to build distributed build artifacts.
+        OTHER
+            A fallback reason for the [PathIncludeReason] when none of the other reasons apply.
+    """
+
+    SOURCE_OF = 1
+    OTHER = 2

python_ort-0.6.4/src/ort/models/config/repository_configuration.py

@@ -0,0 +1,66 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .curations import Curations
+from .excludes import Excludes
+from .includes import Includes
+from .license_choice import LicenseChoice
+from .package_configuration import PackageConfiguration
+from .repository_analyzer_configuration import RepositoryAnalyzerConfiguration
+from .resolutions import Resolutions
+from .snippet.snippet_choice import SnippetChoice
+
+
+class RepositoryConfiguration(BaseModel):
+    """
+    Represents the configuration for an OSS-Review-Toolkit (ORT) repository.
+
+    This class defines various configuration options for analyzing, including, excluding,
+    resolving, and curating artifacts in a repository. It also provides settings for package
+    configurations, license choices, and snippet choices.
+
+    Usage:
+        Instantiate this class to specify repository-level configuration for ORT analysis.
+        Each field corresponds to a specific aspect of the repository's configuration.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    analyzer: RepositoryAnalyzerConfiguration | None = Field(
+        default=None,
+        description="Define Analyzer specific options",
+    )
+    includes: Includes | None = Field(
+        default=None,
+        description="Defines which parts of a repository should be included.",
+    )
+    excludes: Excludes | None = Field(
+        default=None,
+        description="Defines which parts of a repository should be excluded.",
+    )
+    resolutions: Resolutions | None = Field(
+        default=None,
+        description="Defines resolutions for issues with this repository.",
+    )
+    curations: Curations | None = Field(
+        default=None,
+        description="Defines curations for packages used as dependencies by projects in this repository,"
+        " or curations for license findings in the source code of a project in this repository.",
+    )
+    package_configurations: list[PackageConfiguration] = Field(
+        default_factory=list,
+        description="A configuration for a specific package and provenance.",
+    )
+    license_choices: LicenseChoice | None = Field(
+        None,
+        description="A configuration to select a license from a multi-licensed package.",
+    )
+    snippet_choices: list[SnippetChoice] = Field(
+        default_factory=list,
+        description="A configuration to select a snippet from a package with multiple snippet findings.",
+    )

python_ort-0.6.4/src/ort/models/config/resolutions.py

@@ -0,0 +1,35 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .issue_resolution import IssueResolution
+from .rule_violation_resolution import RuleViolationResolution
+from .vulnerability_resolution import VulnerabilityResolution
+
+
+class Resolutions(BaseModel):
+    """
+    Resolutions for issues with a repository.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    issues: list[IssueResolution] = Field(
+        default_factory=list,
+        description="Resolutions for issues with the analysis or scan of the projects"
+        "in this repository and their dependencies.",
+    )
+
+    rule_violations: list[RuleViolationResolution] = Field(
+        default_factory=list,
+        description="Resolutions for license policy violations.",
+    )
+
+    vulnerabilities: list[VulnerabilityResolution] = Field(
+        default_factory=list,
+        description="Resolutions for vulnerabilities provided by the advisor.",
+    )

python_ort-0.6.4/src/ort/models/config/rule_violation_reason.py

@@ -0,0 +1,33 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from enum import IntEnum
+
+
+class RuleViolationResolutionReason(IntEnum):
+    """
+    Properties:
+        CANT_FIX_EXCEPTION:
+            The rule violation cannot be fixed and is acceptable in this case.
+        DYNAMIC_LINKAGE_EXCEPTION:
+            The rule violation is acceptable given the fact that the dependency it relates to is
+            dynamically linked.
+        EXAMPLE_OF_EXCEPTION:
+            The rule violation is due to an inclusion of example code into a file and is acceptable
+            in this case.
+        LICENSE_ACQUIRED_EXCEPTION:
+            The rule violation is acceptable because the license for the respective package has been
+            acquired.
+        NOT_MODIFIED_EXCEPTION:
+            The rule violation is acceptable given the fact that the code it relates to has not been
+            modified.
+        PATENT_GRANT_EXCEPTION:
+            The implied patent grant is acceptable in this case.
+    """
+
+    CANT_FIX_EXCEPTION = 1
+    DYNAMIC_LINKAGE_EXCEPTION = 2
+    EXAMPLE_OF_EXCEPTION = 3
+    LICENSE_ACQUIRED_EXCEPTION = 4
+    NOT_MODIFIED_EXCEPTION = 5
+    PATENT_GRANT_EXCEPTION = 6

python_ort-0.6.4/src/ort/models/config/rule_violation_resolution.py

@@ -0,0 +1,39 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field, field_validator
+
+from ort.utils import convert_enum
+
+from .rule_violation_reason import RuleViolationResolutionReason
+
+
+class RuleViolationResolution(BaseModel):
+    """
+    Defines the resolution of a [RuleViolation]. This can be used to silence rule violations that
+    have been identified as not being relevant or are acceptable / approved.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    message: str = Field(
+        description="A regular expression string to match the messages of rule violations to resolve."
+        "Whitespace in the message will be [collapsed][collapseWhitespace] and it will be converted to"
+        "a [Regex] using [RegexOption.DOT_MATCHES_ALL]."
+    )
+
+    reason: RuleViolationResolutionReason = Field(
+        description="The reason why the rule violation is resolved.",
+    )
+
+    comment: str = Field(
+        description="A comment to further explain why the [reason] is applicable here.",
+    )
+
+    @field_validator("reason", mode="before")
+    @classmethod
+    def validate_reason(cls, value):
+        return convert_enum(RuleViolationResolutionReason, value)

python_ort-0.6.4/src/ort/models/config/scope_exclude.py

@@ -0,0 +1,36 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field, field_validator
+
+from ort.models.config.scope_exclude_reason import ScopeExcludeReason
+from ort.utils import convert_enum
+
+
+class ScopeExclude(BaseModel):
+    """
+    Defines a scope that should be excluded.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    pattern: str = Field(
+        description="A regular expression to match the names of scopes to exclude.",
+    )
+
+    reason: ScopeExcludeReason = Field(
+        description="The reason for excluding the scope.",
+    )
+
+    comment: str = Field(
+        default_factory=str,
+        description="A comment to further explain why the [reason] is applicable here.",
+    )
+
+    @field_validator("reason", mode="before")
+    @classmethod
+    def validate_reason(cls, value):
+        return convert_enum(ScopeExcludeReason, value)