scanoss 1.16.0__py3-none-any.whl → 1.17.1__py3-none-any.whl

scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = "1.16.0"
+__version__ = "1.17.1"

scanoss/cli.py

@@ -25,15 +25,13 @@ import argparse
 import os
 from pathlib import Path
 import sys
-from array import array
-
 import pypac
-
+from scanoss.inspection.copyleft import Copyleft
+from scanoss.inspection.undeclared_component import UndeclaredComponent
 from .threadeddependencies import SCOPE
-from .scanner import Scanner
 from .scanoss_settings import ScanossSettings
 from .scancodedeps import ScancodeDeps
-from .scanner import FAST_WINNOWING, Scanner
+from .scanner import Scanner
 from .scantype import ScanType
 from .filecount import FileCount
 from .cyclonedx import CycloneDx
@@ -171,19 +169,19 @@ def setup_args() -> None:
     # Component Sub-command: component crypto
     c_crypto = comp_sub.add_parser('crypto', aliases=['cr'],
                                    description=f'Show Cryptographic algorithms: {__version__}',
-                                   help='Retreive cryptographic algorithms for the given components')
+                                   help='Retrieve cryptographic algorithms for the given components')
     c_crypto.set_defaults(func=comp_crypto)
 
     # Component Sub-command: component vulns
     c_vulns = comp_sub.add_parser('vulns', aliases=['vulnerabilities', 'vu'],
                                   description=f'Show Vulnerability details: {__version__}',
-                                  help='Retreive vulnerabilities for the given components')
+                                  help='Retrieve vulnerabilities for the given components')
     c_vulns.set_defaults(func=comp_vulns)
 
     # Component Sub-command: component semgrep
     c_semgrep = comp_sub.add_parser('semgrep', aliases=['sp'],
                                    description=f'Show Semgrep findings: {__version__}',
-                                   help='Retreive semgrep issues/findings for the given components')
+                                   help='Retrieve semgrep issues/findings for the given components')
     c_semgrep.set_defaults(func=comp_semgrep)
 
     # Component Sub-command: component search
@@ -299,6 +297,31 @@ def setup_args() -> None:
     )
     p_results.set_defaults(func=results)
 
+
+    # Sub-command: inspect
+    p_inspect = subparsers.add_parser('inspect', aliases=['insp', 'ins'],
+                                   description=f'Inspect results: {__version__}',
+                                   help='Inspect results')
+    # Sub-parser: inspect
+    p_inspect_sub = p_inspect.add_subparsers(title='Inspect Commands', dest='subparsercmd',
+                                             description='Inspect sub-commands', help='Inspect sub-commands')
+    # Inspect Sub-command: inspect copyleft
+    p_copyleft = p_inspect_sub.add_parser('copyleft', aliases=['cp'],description="Inspect for copyleft licenses", help='Inspect for copyleft licenses')
+    p_copyleft.add_argument('--include', help='List of Copyleft licenses to append to the default list. Provide licenses as a comma-separated list.')
+    p_copyleft.add_argument('--exclude', help='List of Copyleft licenses to remove from default list. Provide licenses as a comma-separated list.')
+    p_copyleft.add_argument('--explicit', help='Explicit list of Copyleft licenses to consider. Provide licenses as a comma-separated list.s')
+    p_copyleft.set_defaults(func=inspect_copyleft)
+
+    # Inspect Sub-command: inspect undeclared
+    p_undeclared = p_inspect_sub.add_parser('undeclared', aliases=['un'],description="Inspect for undeclared components", help='Inspect for undeclared components')
+    p_undeclared.set_defaults(func=inspect_undeclared)
+
+    for p in [p_copyleft, p_undeclared]:
+        p.add_argument('-i', '--input', nargs='?', help='Path to results file')
+        p.add_argument('-f', '--format',required=False ,choices=['json', 'md'], default='json', help='Output format (default: json)')
+        p.add_argument('-o', '--output', type=str, help='Save details into a file')
+        p.add_argument('-s', '--status', type=str, help='Save summary data into Markdown file')
+
     # Global Scan command options
     for p in [p_scan]:
         p.add_argument('--apiurl', type=str,
@@ -344,7 +367,7 @@ def setup_args() -> None:
 
     # Help/Trace command options
     for p in [p_scan, p_wfp, p_dep, p_fc, p_cnv, p_c_loc, p_c_dwnld, p_p_proxy, c_crypto, c_vulns, c_search,
-              c_versions, c_semgrep, p_results]:
+              c_versions, c_semgrep, p_results, p_undeclared, p_copyleft]:
         p.add_argument('--debug', '-d', action='store_true', help='Enable debug messages')
         p.add_argument('--trace', '-t', action='store_true', help='Enable trace messages, including API posts')
         p.add_argument('--quiet', '-q', action='store_true', help='Enable quiet mode')
@@ -357,9 +380,10 @@ def setup_args() -> None:
         parser.print_help()  # No sub command subcommand, print general help
         exit(1)
     else:
-        if (args.subparser == 'utils' or args.subparser == 'ut' or
-            args.subparser == 'component' or args.subparser == 'comp') \
-                and not args.subparsercmd:
+        if ((args.subparser == 'utils' or args.subparser == 'ut' or
+            args.subparser == 'component' or args.subparser == 'comp' or
+            args.subparser == 'inspect' or args.subparser == 'insp' or args.subparser == 'ins')
+            and not args.subparsercmd):
             parser.parse_args([args.subparser, '--help'])  # Force utils helps to be displayed
             exit(1)
     args.func(parser, args)  # Execute the function associated with the sub-command
@@ -778,6 +802,64 @@ def convert(parser, args):
     if not success:
         exit(1)
 
+def inspect_copyleft(parser, args):
+    """
+    Run the "inspect" sub-command
+    Parameters
+    ----------
+        parser: ArgumentParser
+            command line parser object
+        args: Namespace
+            Parsed arguments
+    """
+    if args.input is None:
+        print_stderr('Please specify an input file to inspect')
+        parser.parse_args([args.subparser, args.subparsercmd, '-h'])
+        exit(1)
+    output: str = None
+    if args.output:
+        output = args.output
+        open(output, 'w').close()
+
+    status_output: str = None
+    if args.status:
+        status_output = args.status
+        open(status_output, 'w').close()
+
+    i_copyleft = Copyleft(debug=args.debug, trace=args.trace, quiet=args.quiet, filepath=args.input,
+                          format_type=args.format, status=status_output, output=output, include=args.include,
+                         exclude=args.exclude, explicit=args.explicit)
+    status, _ = i_copyleft.run()
+    sys.exit(status)
+
+def inspect_undeclared(parser, args):
+    """
+    Run the "inspect" sub-command
+    Parameters
+    ----------
+        parser: ArgumentParser
+            command line parser object
+        args: Namespace
+            Parsed arguments
+    """
+    if args.input is None:
+        print_stderr('Please specify an input file to inspect')
+        parser.parse_args([args.subparser, args.subparsercmd, '-h'])
+        exit(1)
+    output: str = None
+    if args.output:
+        output = args.output
+        open(output, 'w').close()
+
+    status_output: str = None
+    if args.status:
+        status_output = args.status
+        open(status_output, 'w').close()
+    i_undeclared = UndeclaredComponent(debug=args.debug, trace=args.trace, quiet=args.quiet,
+                                       filepath=args.input, format_type=args.format,
+                                       status=status_output, output=output)
+    status, _ = i_undeclared.run()
+    sys.exit(status)
 
 def utils_certloc(*_):
     """
@@ -787,7 +869,6 @@ def utils_certloc(*_):
     import certifi
     print(f'CA Cert File: {certifi.where()}')
 
-
 def utils_cert_download(_, args):
     """
     Run the "utils cert-download" sub-command
@@ -820,7 +901,7 @@ def utils_cert_download(_, args):
             else:
                 cn = cert_components.get('CN')
             if not args.quiet:
-                print_stderr(f'Centificate {index} - CN: {cn}')
+                print_stderr(f'Certificate {index} - CN: {cn}')
             if sys.version_info[0] >= 3:
                 print((crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')).strip(), file=file)  # Print the downloaded PEM certificate
             else:

scanoss/data/build_date.txt

@@ -1 +1 @@
-date: 20241010135530, utime: 1728568530
+date: 20241024162611, utime: 1729787171

scanoss/inspection/__init__.py

@@ -0,0 +1,23 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2024, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""

scanoss/inspection/copyleft.py

@@ -0,0 +1,156 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2024, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""
+import json
+from typing import Dict, Any
+from scanoss.inspection.policy_check import PolicyCheck, PolicyStatus
+
+class Copyleft(PolicyCheck):
+    """
+    SCANOSS Copyleft class
+    Inspects components for copyleft licenses
+    """
+
+    def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False, filepath: str = None,
+                 format_type: str = 'json', status: str = None, output: str = None, include: str = None,
+                 exclude: str = None, explicit: str = None):
+        """
+               Initialize the Copyleft class.
+
+               :param debug: Enable debug mode
+               :param trace: Enable trace mode (default True)
+               :param quiet: Enable quiet mode
+               :param filepath: Path to the file containing component data
+               :param format_type: Output format ('json' or 'md')
+               :param status: Path to save the status output
+               :param output: Path to save detailed output
+               :param include: Licenses to include in the analysis
+               :param exclude: Licenses to exclude from the analysis
+               :param explicit: Explicitly defined licenses
+        """
+        super().__init__(debug, trace, quiet, filepath, format_type, status, output, name='Copyleft Policy')
+        self.license_util.init(include, exclude, explicit)
+        self.filepath = filepath
+        self.format = format
+        self.output = output
+        self.status = status
+        self.include = include
+        self.exclude = exclude
+        self.explicit = explicit
+
+    def _json(self, components: list) -> Dict[str, Any]:
+        """
+           Format the components with copyleft licenses as JSON.
+
+           :param components: List of components with copyleft licenses
+           :return: Dictionary with formatted JSON details and summary
+        """
+        details = {}
+        if len(components) > 0:
+            details = { 'components': components }
+        return {
+            'details':  f'{json.dumps(details, indent=2)}\n',
+            'summary': f'{len(components)} component(s) with copyleft licenses were found.\n'
+        }
+
+    def _markdown(self, components: list) -> Dict[str,Any]:
+        """
+        Format the components with copyleft licenses as Markdown.
+
+        :param components: List of components with copyleft licenses
+        :return: Dictionary with formatted Markdown details and summary
+        """
+        headers = ['Component', 'Version', 'License', 'URL', 'Copyleft']
+        centered_columns = [1, 4]
+        rows: [[]]= []
+        for component in components:
+            for lic in component['licenses']:
+                row = [
+                    component['purl'],
+                    component['version'],
+                    lic['spdxid'],
+                    lic['url'],
+                    'YES' if lic['copyleft'] else 'NO'
+                ]
+                rows.append(row)
+            # End license loop
+        # End component loop
+        return  {
+            'details': f'### Copyleft licenses\n{self.generate_table(headers,rows,centered_columns)}\n',
+            'summary' : f'{len(components)} component(s) with copyleft licenses were found.\n'
+        }
+
+    def _filter_components_with_copyleft_licenses(self, components: list) -> list:
+        """
+           Filter the components list to include only those with copyleft licenses.
+
+           :param components: List of all components
+           :return: List of components with copyleft licenses
+        """
+        filtered_components = []
+        for component in components:
+            copyleft_licenses = [lic for lic in component['licenses'] if lic['copyleft']]
+            if copyleft_licenses:
+                filtered_component = component
+                filtered_component['licenses'] = copyleft_licenses
+                del filtered_component['status']
+                filtered_components.append(filtered_component)
+        # End component loop
+        self.print_debug(f'Copyleft components: {filtered_components}')
+        return filtered_components
+
+    def run(self):
+        """
+        Run the copyleft license inspection process.
+
+        This method performs the following steps:
+        1. Get all components
+        2. Filter components with copyleft licenses
+        3. Format the results
+        4. Save the output to files if required
+
+        :return: Dictionary containing the inspection results
+        """
+        self._debug()
+        # Get the components from the results
+        components = self._get_components()
+        if components is None:
+            return PolicyStatus.ERROR.value, {}
+        # Get a list of copyleft components if they exist
+        copyleft_components = self._filter_components_with_copyleft_licenses(components)
+        # Get a formatter for the output results
+        formatter = self._get_formatter()
+        if formatter is None:
+            return PolicyStatus.ERROR.value, {}
+        # Format the results
+        results = formatter(copyleft_components)
+        ## Save outputs if required
+        self.print_to_file_or_stdout(results['details'], self.output)
+        self.print_to_file_or_stderr(results['summary'], self.status)
+        # Check to see if we have policy violations
+        if len(copyleft_components) <= 0:
+            return PolicyStatus.FAIL.value, results
+        return PolicyStatus.SUCCESS.value, results
+#
+# End of Copyleft Class
+#

scanoss/inspection/policy_check.py

@@ -0,0 +1,341 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2024, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""
+import json
+import os.path
+from abc import abstractmethod
+from enum import Enum
+from typing import Callable, List, Dict, Any
+from scanoss.inspection.utils.license_utils import LicenseUtil
+from scanoss.scanossbase import ScanossBase
+
+class PolicyStatus(Enum):
+    """
+    Enumeration representing the status of a policy check.
+
+    Attributes:
+        SUCCESS (int): Indicates that the policy check passed successfully (value: 0).
+        FAIL (int): Indicates that the policy check failed (value: 1).
+        ERROR (int): Indicates that an error occurred during the policy check (value: 2).
+    """
+    SUCCESS = 0
+    FAIL = 1
+    ERROR = 2
+#
+# End of PolicyStatus Class
+#
+
+class ComponentID(Enum):
+    """
+    Enumeration representing different types of software components.
+
+    Attributes:
+        FILE (str): Represents a file component (value: "file").
+        SNIPPET (str): Represents a code snippet component (value: "snippet").
+        DEPENDENCY (str): Represents a dependency component (value: "dependency").
+    """
+    FILE = "file"
+    SNIPPET = "snippet"
+    DEPENDENCY = "dependency"
+#
+# End of ComponentID Class
+#
+
+class PolicyCheck(ScanossBase):
+    """
+    A base class for implementing various software policy checks.
+
+    This class provides a framework for policy checking, including methods for
+    processing components, generating output in different formats.
+
+    Attributes:
+        VALID_FORMATS (set): A set of valid output formats ('md', 'json').
+
+    Inherits from:
+        ScanossBase: A base class providing common functionality for SCANOSS-related operations.
+    """
+
+    VALID_FORMATS = {'md', 'json'}
+
+    def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False, filepath: str = None,
+                 format_type: str = None, status: str = None, output: str = None, name: str = None):
+        super().__init__(debug, trace, quiet)
+        self.license_util = LicenseUtil()
+        self.filepath = filepath
+        self.name = name
+        self.output = output
+        self.format_type = format_type
+        self.status = status
+        self.results = self._load_input_file()
+
+    @abstractmethod
+    def run(self):
+        """
+        Execute the policy check process.
+
+        This abstract method should be implemented by subclasses to perform specific
+        policy checks. The general structure of this method typically includes:
+        1. Retrieving components
+        2. Filtering components based on specific criteria
+        3. Formatting the results
+        4. Saving the output to files if required
+
+        :return: A tuple containing:
+                 - First element: PolicyStatus enum value (SUCCESS, FAIL, or ERROR)
+                 - Second element: Dictionary containing the inspection results
+        """
+        pass
+
+    @abstractmethod
+    def _json(self, components: list) -> Dict[str, Any]:
+        """
+            Format the policy checks results as JSON.
+            This method should be implemented by subclasses to create a Markdown representation
+            of the policy check results.
+
+            :param components: List of components to be formatted.
+            :return: A dictionary containing two keys:
+                     - 'details': A JSON-formatted string with the full list of components
+                     - 'summary': A string summarizing the number of components found
+        """
+        pass
+
+    @abstractmethod
+    def _markdown(self, components: list) -> Dict[str, Any]:
+        """
+        Generate Markdown output for the policy check results.
+
+        This method should be implemented by subclasses to create a Markdown representation
+        of the policy check results.
+
+        :param components: List of components to be included in the output.
+        :return: A dictionary representing the Markdown output.
+        """
+        pass
+
+    def _append_component(self,components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Append a new component to the component's dictionary.
+
+        This function creates a new entry in the components dictionary for the given component,
+        or updates an existing entry if the component already exists. It also processes the
+        licenses associated with the component.
+
+        :param components: The existing dictionary of components
+        :param new_component: The new component to be added or updated
+        :return: The updated components dictionary
+        """
+        component_key = f"{new_component['purl'][0]}@{new_component['version']}"
+        components[component_key] = {
+            'purl': new_component['purl'][0],
+            'version': new_component['version'],
+            'licenses': {},
+            'status': new_component['status'],
+        }
+        if not new_component.get('licenses'):
+            self.print_stderr(f'WARNING: Results missing licenses. Skipping.')
+            return components
+        # Process licenses for this component
+        for l in new_component['licenses']:
+            if l.get('name'):
+                spdxid = l['name']
+                components[component_key]['licenses'][spdxid] = {
+                    'spdxid': spdxid,
+                    'copyleft': self.license_util.is_copyleft(spdxid),
+                    'url': self.license_util.get_spdx_url(spdxid),
+                }
+        return components
+
+    def _get_components_from_results(self,results: Dict[str, Any]) -> list or None:
+        """
+            Process the results dictionary to extract and format component information.
+
+            This function iterates through the results dictionary, identifying components from
+            different sources (files, snippets, and dependencies). It consolidates this information
+            into a list of unique components, each with its associated licenses and other details.
+
+            :param results: A dictionary containing the raw results of a component scan
+            :return: A list of dictionaries, each representing a unique component with its details
+        """
+        if results is None:
+            self.print_stderr(f'ERROR: Results cannot be empty')
+            return None
+        components = {}
+        for component in results.values():
+            for c in component:
+                component_id = c.get('id')
+                if not component_id:
+                    self.print_stderr(f'WARNING: Result missing id. Skipping.')
+                    continue
+                if component_id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
+                    if not c.get('purl'):
+                        self.print_stderr(f'WARNING: Result missing purl. Skipping.')
+                        continue
+                    if len(c.get('purl')) <= 0:
+                        self.print_stderr(f'WARNING: Result missing purls. Skipping.')
+                        continue
+                    if not c.get('version'):
+                        self.print_stderr(f'WARNING: Result missing version. Skipping.')
+                        continue
+                    component_key = f"{c['purl'][0]}@{c['version']}"
+                    # Initialize or update the component entry
+                    if component_key not in components:
+                        components = self._append_component(components, c)
+                if c['id'] == ComponentID.DEPENDENCY.value:
+                    if c.get('dependency') is None:
+                        continue
+                    for d in c['dependencies']:
+                        if not d.get('purl'):
+                            self.print_stderr(f'WARNING: Result missing purl. Skipping.')
+                            continue
+                        if len(d.get('purl')) <= 0:
+                            self.print_stderr(f'WARNING: Result missing purls. Skipping.')
+                            continue
+                        if not d.get('version'):
+                            self.print_stderr(f'WARNING: Result missing version. Skipping.')
+                            continue
+                        component_key = f"{d['purl'][0]}@{d['version']}"
+                        if component_key not in components:
+                            components = self._append_component(components, d)
+                    # End of dependencies loop
+                # End if
+            # End of component loop
+        # End of results loop
+        results = list(components.values())
+        for component in results:
+            component['licenses'] = list(component['licenses'].values())
+
+        return results
+
+    def generate_table(self, headers, rows, centered_columns=None):
+        """
+        Generate a Markdown table.
+
+        :param headers: List of headers for the table.
+        :param rows: List of rows for the table.
+        :param centered_columns: List of column indices to be centered.
+        :return: A string representing the Markdown table.
+        """
+        col_sep = ' | '
+        centered_column_set = set(centered_columns or [])
+        if headers is None:
+            self.print_stderr('ERROR: Header are no set')
+            return None
+        # Decide which separator to use
+        def create_separator(index):
+            if centered_columns is None:
+                return '-'
+            return ':-:' if index in centered_column_set else '-'
+        # Build the row separator
+        row_separator = col_sep + col_sep.join(create_separator(index) for index, _ in enumerate(headers)) + col_sep
+        # build table rows
+        table_rows = [col_sep + col_sep.join(headers) + col_sep, row_separator]
+        table_rows.extend(col_sep + col_sep.join(row) + col_sep for row in rows)
+        return '\n'.join(table_rows)
+
+    def _get_formatter(self)-> Callable[[List[dict]], Dict[str,Any]] or None:
+        """
+        Get the appropriate formatter function based on the specified format.
+
+        :return: Formatter function (either _json or _markdown)
+        """
+        valid_format = self._is_valid_format()
+        if not valid_format:
+            return None
+        # a map of which format function to return
+        function_map = {
+            'json': self._json,
+            'md': self._markdown
+        }
+        return function_map[self.format_type]
+
+    def _debug(self):
+        """
+        Print debug information about the policy check.
+
+        This method prints various attributes of the PolicyCheck instance for debugging purposes.
+        """
+        if self.debug:
+            self.print_stderr(f'Policy: {self.name}')
+            self.print_stderr(f'Format: {self.format_type}')
+            self.print_stderr(f'Status: {self.status}')
+            self.print_stderr(f'Output: {self.output}')
+            self.print_stderr(f'Input: {self.filepath}')
+
+    def _is_valid_format(self) -> bool:
+        """
+        Validate if the format specified is supported.
+
+        This method checks if the format stored in format is one of the
+        valid formats defined in self.VALID_FORMATS.
+
+        :return: bool: True if the format is valid, False otherwise.
+        """
+        if self.format_type not in self.VALID_FORMATS:
+            valid_formats_str = ', '.join(self.VALID_FORMATS)
+            self.print_stderr(f'ERROR: Invalid format "{self.format_type}". Valid formats are: {valid_formats_str}')
+            return False
+        return True
+
+    def _load_input_file(self):
+        """
+        Load the result.json file
+
+          Returns:
+              Dict[str, Any]: The parsed JSON data
+          """
+        if not os.path.exists(self.filepath):
+            self.print_stderr(f'ERROR: The file "{self.filepath}" does not exist.')
+            return None
+        with open(self.filepath, "r") as jsonfile:
+            try:
+                return json.load(jsonfile)
+            except Exception as e:
+                self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
+        return None
+
+    def _get_components(self):
+        """
+        Retrieve and process components from the preloaded results.
+
+        This method performs the following steps:
+        1. Checks if the results have been previously loaded (self.results).
+        2. Extracts and processes components from the loaded results.
+
+        :return: A list of processed components, or None if an error occurred during any step.
+                 Possible reasons for returning None include:
+                 - Results not loaded (self.results is None)
+                 - Failure to extract components from the results
+
+        Note:
+        - This method assumes that the results have been previously loaded and stored in self.results.
+        - If results is None, the method returns None without performing any further operations.
+        - The actual processing of components is delegated to the _get_components_from_results method.
+        """
+        if self.results is None:
+            return None
+        components = self._get_components_from_results(self.results)
+        return components
+#
+# End of PolicyCheck Class
+#

scanoss/inspection/undeclared_component.py

@@ -0,0 +1,167 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2024, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""
+import json
+from typing import Dict, Any
+from scanoss.inspection.policy_check import PolicyCheck, PolicyStatus
+
+class UndeclaredComponent(PolicyCheck):
+    """
+    SCANOSS UndeclaredComponent class
+    Inspects for undeclared components
+    """
+
+    def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False, filepath: str = None,
+                 format_type: str = 'json', status: str = None, output: str = None):
+        """
+        Initialize the UndeclaredComponent class.
+
+        :param debug: Enable debug mode
+        :param trace: Enable trace mode (default True)
+        :param quiet: Enable quiet mode
+        :param filepath: Path to the file containing component data
+        :param format_type: Output format ('json' or 'md')
+        :param status: Path to save status output
+        :param output: Path to save detailed output
+        """
+        super().__init__(debug, trace, quiet, filepath, format_type, status, output,
+                         name='Undeclared Components Policy')
+        self.filepath = filepath
+        self.format = format
+        self.output = output
+        self.status = status
+
+    def _get_undeclared_component(self, components: list)-> list or None:
+        """
+           Filter the components list to include only undeclared components.
+
+           :param components: List of all components
+           :return: List of undeclared components
+        """
+        if components is None:
+            self.print_stderr(f'WARNING: No components provided!')
+            return None
+        undeclared_components = []
+        for component in components:
+            if component['status'] == 'pending':
+                del component['status']
+                undeclared_components.append(component)
+        # end component loop
+        return undeclared_components
+
+    def _get_summary(self, components: list) -> str:
+        """
+        Get a summary of the undeclared components.
+
+        :param components: List of all components
+        :return: Component summary markdown
+        """
+        summary = f'{len(components)} undeclared component(s) were found.\n'
+        if len(components) > 0:
+            summary += (f'Add the following snippet into your `sbom.json` file\n'
+                        f'\n```json\n{json.dumps(self._generate_sbom_file(components), indent=2)}\n```\n')
+        return summary
+
+    def _json(self, components: list) -> Dict[str, Any]:
+        """
+        Format the undeclared components as JSON.
+
+        :param components: List of undeclared components
+        :return: Dictionary with formatted JSON details and summary
+        """
+        details = {}
+        if len(components) > 0:
+            details = {'components': components}
+        return {
+            'details':  f'{json.dumps(details, indent=2)}\n',
+            'summary': self._get_summary(components),
+        }
+
+    def _markdown(self, components: list) -> Dict[str,Any]:
+        """
+         Format the undeclared components as Markdown.
+
+         :param components: List of undeclared components
+         :return: Dictionary with formatted Markdown details and summary
+         """
+        headers = ['Component', 'Version', 'License']
+        rows: [[]]= []
+        # TODO look at using SpdxLite license name lookup method
+        for component in components:
+            licenses = " - ".join(lic.get('spdxid', 'Unknown') for lic in component['licenses'])
+            rows.append([component['purl'], component['version'], licenses])
+        return  {
+            'details': f'### Undeclared components\n{self.generate_table(headers,rows)}\n',
+            'summary': self._get_summary(components),
+        }
+
+    def _generate_sbom_file(self, components: list) -> list:
+        """
+         Generate a list of PURLs for the SBOM file.
+
+         :param components: List of undeclared components
+         :return: List of dictionaries containing PURLs
+         """
+        sbom = {}
+        if components is None:
+            self.print_stderr(f'WARNING: No components provided!')
+        else:
+            for component in components:
+                sbom[component['purl']] = { 'purl': component['purl'] }
+        return list(sbom.values())
+
+    def run(self):
+        """
+        Run the undeclared component inspection process.
+
+        This method performs the following steps:
+        1. Get all components
+        2. Filter undeclared components
+        3. Format the results
+        4. Save the output to files if required
+
+        :return: Dictionary containing the inspection results
+        """
+        self._debug()
+        components = self._get_components()
+        if components is None:
+            return PolicyStatus.ERROR.value, {}
+        # Get undeclared component summary (if any)
+        undeclared_components = self._get_undeclared_component(components)
+        if undeclared_components is None:
+            return PolicyStatus.ERROR.value, {}
+        self.print_debug(f'Undeclared components: {undeclared_components}')
+        formatter = self._get_formatter()
+        if formatter is None:
+            return PolicyStatus.ERROR.value, {}
+        results = formatter(undeclared_components)
+        # Output the results
+        self.print_to_file_or_stdout(results['details'], self.output)
+        self.print_to_file_or_stderr(results['summary'], self.status)
+        # Determine if the filter found results or not
+        if len(undeclared_components) <= 0:
+            return PolicyStatus.FAIL.value, results
+        return PolicyStatus.SUCCESS.value, results
+#
+# End of UndeclaredComponent Class
+#

scanoss/inspection/utils/license_utils.py

@@ -0,0 +1,115 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2024, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""
+from scanoss.scanossbase import ScanossBase
+
+DEFAULT_COPYLEFT_LICENSES = {
+    'agpl-3.0-only', 'artistic-1.0', 'artistic-2.0', 'cc-by-sa-4.0', 'cddl-1.0', 'cddl-1.1', 'cecill-2.1',
+    'epl-1.0', 'epl-2.0', 'gfdl-1.1-only', 'gfdl-1.2-only', 'gfdl-1.3-only', 'gpl-1.0-only', 'gpl-2.0-only',
+    'gpl-3.0-only', 'lgpl-2.1-only', 'lgpl-3.0-only', 'mpl-1.1', 'mpl-2.0', 'sleepycat', 'watcom-1.0'
+}
+
+class LicenseUtil(ScanossBase):
+    """
+        A utility class for handling software licenses, particularly copyleft licenses.
+
+        This class provides functionality to initialize, manage, and query a set of
+        copyleft licenses. It also offers a method to generate URLs for license information.
+    """
+    BASE_SPDX_ORG_URL = 'https://spdx.org/licenses'
+    BASE_OSADL_URL = 'https://www.osadl.org/fileadmin/checklists/unreflicenses'
+
+    def __init__(self,debug: bool = False, trace: bool = True, quiet: bool = False):
+        super().__init__(debug, trace, quiet)
+        self.default_copyleft_licenses = set(DEFAULT_COPYLEFT_LICENSES)
+        self.copyleft_licenses = set()
+
+    def init(self, include: str = None, exclude: str = None, explicit: str = None):
+        """
+            Initialize the set of copyleft licenses based on user input.
+
+            This method allows for customization of the copyleft license set by:
+            - Setting an explicit list of licenses
+            - Including additional licenses to the default set
+            - Excluding specific licenses from the default set
+
+            :param include: Comma-separated string of licenses to include
+            :param exclude: Comma-separated string of licenses to exclude
+            :param explicit: Comma-separated string of licenses to use exclusively
+        """
+        if self.debug:
+            self.print_stderr(f'Include Copyleft licenses: ${include}')
+            self.print_stderr(f'Exclude Copyleft licenses: ${exclude}')
+            self.print_stderr(f'Explicit Copyleft licenses: ${explicit}')
+        if explicit:
+            explicit = explicit.strip()
+        if explicit:
+            exp = [item.strip().lower() for item in explicit.split(',')]
+            self.copyleft_licenses = set(exp)
+            self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            return
+        # If no explicit licenses were set, set default ones
+        self.copyleft_licenses = self.default_copyleft_licenses.copy()
+        if include:
+            include = include.strip()
+        if include:
+            inc =[item.strip().lower() for item in include.split(',')]
+            self.copyleft_licenses.update(inc)
+        if exclude:
+            exclude = exclude.strip()
+        if exclude:
+            inc = [item.strip().lower() for item in exclude.split(',')]
+            for lic in inc:
+                self.copyleft_licenses.discard(lic)
+        self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+
+    def is_copyleft(self, spdxid: str) -> bool:
+        """
+           Check if a given license is considered copyleft.
+
+           :param spdxid: The SPDX identifier of the license to check
+           :return: True if the license is copyleft, False otherwise
+        """
+        return spdxid.lower() in self.copyleft_licenses
+
+    def get_spdx_url(self, spdxid: str) -> str:
+        """
+           Generate the URL for the SPDX page of a license.
+
+           :param spdxid: The SPDX identifier of the license
+           :return: The URL of the SPDX page for the given license
+        """
+        return f'{self.BASE_SPDX_ORG_URL}/{spdxid}.html'
+
+
+    def get_osadl_url(self, spdxid: str) -> str:
+        """
+        Generate the URL for the OSADL (Open Source Automation Development Lab) page of a license.
+
+        :param spdxid: The SPDX identifier of the license
+        :return: The URL of the OSADL page for the given license
+        """
+        return f'{self.BASE_OSADL_URL}/{spdxid}.txt'
+#
+# End of LicenseUtil Class
+#

scanoss/inspection/utils/markdown_utils.py

@@ -0,0 +1,23 @@
+def generate_table(headers, rows, centered_columns=None):
+    """
+     Generate Markdown table
+     :param headers: List of headers
+     :param rows: Rows
+     :param centered_columns: List with centered columns
+     """
+    COL_SEP = ' | '
+    centered_column_set = set(centered_columns or [])
+    def create_separator(header, index):
+        if centered_columns is None:
+            return '-'
+        return ':-:' if index in centered_column_set else '-'
+
+    row_separator = COL_SEP + COL_SEP.join(
+        create_separator(header, index) for index, header in enumerate(headers)
+    ) + COL_SEP
+
+    table_rows = [COL_SEP + COL_SEP.join(headers) + COL_SEP]
+    table_rows.append(row_separator)
+    table_rows.extend(COL_SEP + COL_SEP.join(row) + COL_SEP for row in rows)
+
+    return '\n'.join(table_rows)

scanoss/inspection/utils/result_utils.py

@@ -0,0 +1,79 @@
+from enum import Enum
+from typing import Dict, Any
+
+from scanoss.inspection.utils.license_utils import license_util
+
+
+class ComponentID(Enum):
+    FILE = "file"
+    SNIPPET = "snippet"
+    DEPENDENCY = "dependency"
+
+
+def _append_component(components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
+    """
+    Append a new component to the components dictionary.
+
+    This function creates a new entry in the components dictionary for the given component,
+    or updates an existing entry if the component already exists. It also processes the
+    licenses associated with the component.
+
+    :param components: The existing dictionary of components
+    :param new_component: The new component to be added or updated
+    :return: The updated components dictionary
+    """
+    component_key = f"{new_component['purl'][0]}@{new_component['version']}"
+    components[component_key] = {
+        'purl': new_component['purl'][0],
+        'version': new_component['version'],
+        'licenses': {},
+        'status': new_component['status'],
+    }
+
+    # Process licenses for this component
+    for l in new_component['licenses']:
+        spdxid = l['name']
+        components[component_key]['licenses'][spdxid] = {
+            'spdxid': spdxid,
+            'copyleft': license_util.is_copyleft(spdxid),
+            'url': l.get('url')
+        }
+
+    return components
+
+
+def get_components(results: Dict[str, Any]) -> list:
+    """
+        Process the results dictionary to extract and format component information.
+
+        This function iterates through the results dictionary, identifying components from
+        different sources (files, snippets, and dependencies). It consolidates this information
+        into a list of unique components, each with its associated licenses and other details.
+
+        :param results: A dictionary containing the raw results of a component scan
+        :return: A list of dictionaries, each representing a unique component with its details
+    """
+    components = {}
+    for component in results.values():
+        for c in component:
+            if c['id'] in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
+                component_key = f"{c['purl'][0]}@{c['version']}"
+
+                # Initialize or update the component entry
+                if component_key not in components:
+                    components = _append_component(components, c)
+
+            if c['id'] == ComponentID.DEPENDENCY.value:
+                for d in c['dependencies']:
+                    component_key = f"{d['purl'][0]}@{d['version']}"
+
+                    if component_key not in components:
+                        components = _append_component(components, d)
+                # End of for loop
+            # End if
+        # End if
+    results = list(components.values())
+    for component in results:
+        component['licenses'] = list(component['licenses'].values())
+
+    return results

scanoss/results.py

@@ -86,7 +86,7 @@ class Results(ScanossBase):
         self.output_file = output_file
         self.output_format = output_format
 
-    def _load_file(self, file: str) -> Dict[str, Any]:
+    def load_file(self, file: str) -> Dict[str, Any]:
         """Load the JSON file
 
         Args:
@@ -106,7 +106,7 @@ class Results(ScanossBase):
         Load the file and transform the data into a list of dictionaries with the filename and the file data
         """
 
-        raw_data = self._load_file(file)
+        raw_data = self.load_file(file)
         return self._transform_data(raw_data)
 
     @staticmethod

scanoss/scanossbase.py

@@ -89,3 +89,13 @@ class ScanossBase:
                 f.write(msg)
         else:
             self.print_stdout(msg)
+
+    def print_to_file_or_stderr(self, msg: str, file: str = None):
+        """
+        Print message to file if provided or stderr
+        """
+        if file:
+            with open(file, "w") as f:
+                f.write(msg)
+        else:
+            self.print_stderr(msg)

scanoss/spdxlite.py

@@ -175,7 +175,7 @@ class SpdxLite:
         # pip3 install jsonschema
         # jsonschema -i spdxlite.json  <(curl https://raw.githubusercontent.com/spdx/spdx-spec/v2.2/schemas/spdx-schema.json)
         # Validation can also be done online here: https://tools.spdx.org/app/validate/
-        now = datetime.datetime.utcnow()
+        now = datetime.datetime.utcnow() # TODO replace with recommended format
         md5hex = hashlib.md5(f'{raw_data}-{now}'.encode('utf-8')).hexdigest()
         data = {
             'spdxVersion': 'SPDX-2.2',
@@ -183,7 +183,7 @@ class SpdxLite:
             'SPDXID': f'SPDXRef-{md5hex}',
             'name': 'SCANOSS-SBOM',
             'creationInfo': {
-                'created': now.strftime('%Y-%m-%dT%H:%M:%S') + now.strftime('.%f')[:4] + 'Z',
+                'created': now.strftime('%Y-%m-%dT%H:%M:%SZ'),
                 'creators': [f'Tool: SCANOSS-PY: {__version__}', f'Person: {getpass.getuser()}']
             },
             'documentNamespace': f'https://spdx.org/spdxdocs/scanoss-py-{__version__}-{md5hex}',

{scanoss-1.16.0.dist-info → scanoss-1.17.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: scanoss
-Version: 1.16.0
+Version: 1.17.1
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.16.0.dist-info → scanoss-1.17.1.dist-info}/RECORD

@@ -4,22 +4,22 @@ protoc_gen_swagger/options/annotations_pb2.py,sha256=b25EDD6gssUWnFby9gxgcpLIROT
 protoc_gen_swagger/options/annotations_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
 protoc_gen_swagger/options/openapiv2_pb2.py,sha256=vYElGp8E1vGHszvWqX97zNG9GFJ7u2QcdK9ouq0XdyI,14939
 protoc_gen_swagger/options/openapiv2_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
-scanoss/__init__.py,sha256=0h0EuhMJeA8cpYqOnCxwfM-gtnXaB0BFmm8FwkEwnKI,1163
-scanoss/cli.py,sha256=k7RJVh36CwxUwDqOVHkXdArWp4QpzJVCSQ0haJWenKA,46686
+scanoss/__init__.py,sha256=NqMUgZAgLLsgxOynmMFGMJ8NVk9h-smhQ0yEnPqj-WE,1163
+scanoss/cli.py,sha256=6NlNf1PHlaWNpsDhXFXvrwdLUFiCHbPypj4eFl4rJ5U,50665
 scanoss/components.py,sha256=ZHZ1KA69shxOASZK7USD9yPTITpAc_RXL5q5zpDK23o,12590
 scanoss/csvoutput.py,sha256=hBwr_Fc6mBdOdXgyQcdFrockYH-PJ0jblowlExJ6OPg,9925
 scanoss/cyclonedx.py,sha256=JVBYeR3D-i4yP9cVSyWvm0_7Y8Kr2MC5GxMgRGAf8R0,12585
 scanoss/filecount.py,sha256=o7xb6m387ucnsU4H1OXGzf_AdWsudhAHe49T8uX4Ieo,6660
-scanoss/results.py,sha256=8AJgXeZRc7Ugf4iM_NvFD8zPD2Y4NLePwNzZKUmmFi4,9885
+scanoss/results.py,sha256=7G33QAYYI9qI61TCzXjSLYXMmg5CDtZS5e2QhnQfE74,9883
 scanoss/scancodedeps.py,sha256=_9d7MAV20-FrET7mF7gW-BZiz2eHrtwudgrEcSX0oZQ,11321
 scanoss/scanner.py,sha256=Boxk0A-AuS0DMB4UYArU0PWZ0yJlK4v1YgdeVnKmJck,52023
 scanoss/scanoss_settings.py,sha256=NpNZ2aCpRG2EqfJc9_BK6SnODqkOwVBEq3u-9s0KxPI,5986
 scanoss/scanossapi.py,sha256=TJxPctr-0DTn_26LfM__OAMfntaXzvheFTbdmU-5pnM,11953
-scanoss/scanossbase.py,sha256=ucG85doysZT3KLgApg2CiVm3-YLcdBQ2HmkZ9YnJSxA,2806
+scanoss/scanossbase.py,sha256=zMDRCLbrcoRvYEKQRuZXnBiVY4_Vsplmg_APbB65oaU,3084
 scanoss/scanossgrpc.py,sha256=ythZkr6F0P0hl_KPYoHkos_IL97TxLKeYfAouX_CUnM,20491
 scanoss/scanpostprocessor.py,sha256=tfQk6GBmW1Yd2rqHHp6QKiYVdmTkBAcpoE4HHN__oKo,5899
 scanoss/scantype.py,sha256=R2-ExLGOrYxaJFtIK2AEo2caD0XrN1zpF5q1qT9Zsyc,1326
-scanoss/spdxlite.py,sha256=IsWP9o1D8ryT1_5LeobIEhWJXNFbffoWCy1yaeZY2X0,15638
+scanoss/spdxlite.py,sha256=ZRcqMHutagRLX1GY7mqrzCsZernTVi5mCp6QZtGoZfY,15646
 scanoss/threadeddependencies.py,sha256=sOIAjiPTmxybKz2yhT4-ixXBeC4K8UQVq6JQj4e8mLc,9906
 scanoss/threadedscanning.py,sha256=T0tL8W1IEX_hLY5ksrAl_iQqtxT_KbyDhTDHo6a7xFE,9387
 scanoss/winnowing.py,sha256=HzMWRYh1XB4so71br-DUPpV6OlmymDfsnU-EOCCObJM,18734
@@ -50,12 +50,19 @@ scanoss/api/vulnerabilities/__init__.py,sha256=FLQtiDiv85Q1Chk-sJ9ky9WOV1mulZhEK
 scanoss/api/vulnerabilities/v2/__init__.py,sha256=FLQtiDiv85Q1Chk-sJ9ky9WOV1mulZhEKjiBihlwiaM,1139
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py,sha256=CFhF80av8tenGvn9AIsGEtRJPuV2dC_syA5JLZb2lDw,5464
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py,sha256=HlS4k4Zmx6RIAqaO9I96jD-eyF5yU6Xx04pVm7pdqOg,6864
-scanoss/data/build_date.txt,sha256=Y087LKNPYOukJKz1qnrj5bG17xeBavkMK7KMr_uNZZk,40
+scanoss/data/build_date.txt,sha256=PiBVnmfpEupnCtyNYoAIaej2BfQh7qbXTnoD-oofinE,40
 scanoss/data/spdx-exceptions.json,sha256=s7UTYxC7jqQXr11YBlIWYCNwN6lRDFTR33Y8rpN_dA4,17953
 scanoss/data/spdx-licenses.json,sha256=A6Z0q82gaTLtnopBfzeIVZjJFxkdRW1g2TuumQc-lII,228794
-scanoss-1.16.0.dist-info/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
-scanoss-1.16.0.dist-info/METADATA,sha256=b9mSpB5aYU5kLfcWSjYwiAwAd1uBGI1Stw30NU0rKsY,5936
-scanoss-1.16.0.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-scanoss-1.16.0.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
-scanoss-1.16.0.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
-scanoss-1.16.0.dist-info/RECORD,,
+scanoss/inspection/__init__.py,sha256=z62680zKq4OmBOugSODvgpSwdsloZL7bvcaMbnx3xgU,1139
+scanoss/inspection/copyleft.py,sha256=B150gqqEvXZXq5toYtmNCKY7M0WkooBUWYiIeu48aek,6581
+scanoss/inspection/policy_check.py,sha256=lbbHhdcLGWgRKKahX_ljqZmMgztHStGkFZltSHjPT8Y,14156
+scanoss/inspection/undeclared_component.py,sha256=_c5P7bsOS6X5v4tPeiewHfppHuHKlAEYc6WzvZ1K90o,6732
+scanoss/inspection/utils/license_utils.py,sha256=iln0414t-cfmVktmAd7ANK7oOqpfRUvwRwIgrj-6GJA,5098
+scanoss/inspection/utils/markdown_utils.py,sha256=hCa7rqBvtRoAziz3wj0gbpUOrPJIEi3pTvIUrsZf6qc,808
+scanoss/inspection/utils/result_utils.py,sha256=OJRFznK4WCBMNvgX9kTus5WI5eTKjTXp_kWya7ixCyQ,2938
+scanoss-1.17.1.dist-info/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
+scanoss-1.17.1.dist-info/METADATA,sha256=_xvrlJbpBy5wMqqKIuMnwcHhtuiW5g12sTs4XYDHRWg,5936
+scanoss-1.17.1.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
+scanoss-1.17.1.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
+scanoss-1.17.1.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
+scanoss-1.17.1.dist-info/RECORD,,

{scanoss-1.16.0.dist-info → scanoss-1.17.1.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.1.0)
+Generator: setuptools (75.2.0)
 Root-Is-Purelib: true
 Tag: py3-none-any