scanoss 1.17.0__py3-none-any.whl → 1.17.2__py3-none-any.whl

scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = "1.17.0"
+__version__ = "1.17.2"

scanoss/data/build_date.txt

@@ -1 +1 @@
-date: 20241023122954, utime: 1729686594
+date: 20241104160508, utime: 1730736308

scanoss/inspection/copyleft.py

@@ -69,8 +69,8 @@ class Copyleft(PolicyCheck):
         if len(components) > 0:
             details = { 'components': components }
         return {
-            'details':  json.dumps(details, indent=2),
-            'summary': f'{len(components)} component(s) with copyleft licenses were found.'
+            'details':  f'{json.dumps(details, indent=2)}\n',
+            'summary': f'{len(components)} component(s) with copyleft licenses were found.\n'
         }
 
     def _markdown(self, components: list) -> Dict[str,Any]:
@@ -96,8 +96,8 @@ class Copyleft(PolicyCheck):
             # End license loop
         # End component loop
         return  {
-            'details': f'### Copyleft licenses\n{self.generate_table(headers,rows,centered_columns)}',
-            'summary' : f'{len(components)} component(s) with copyleft licenses were found.'
+            'details': f'### Copyleft licenses\n{self.generate_table(headers,rows,centered_columns)}\n',
+            'summary' : f'{len(components)} component(s) with copyleft licenses were found.\n'
         }
 
     def _filter_components_with_copyleft_licenses(self, components: list) -> list:

scanoss/inspection/policy_check.py

@@ -133,7 +133,8 @@ class PolicyCheck(ScanossBase):
         """
         pass
 
-    def _append_component(self,components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
+    def _append_component(self,components: Dict[str, Any], new_component: Dict[str, Any],
+                           id: str, status: str) -> Dict[str, Any]:
         """
         Append a new component to the component's dictionary.
 
@@ -143,15 +144,25 @@ class PolicyCheck(ScanossBase):
 
         :param components: The existing dictionary of components
         :param new_component: The new component to be added or updated
+        :param id: The new component ID
+        :param status: The new component status
         :return: The updated components dictionary
         """
-        component_key = f"{new_component['purl'][0]}@{new_component['version']}"
+
+        # Determine the component key and purl based on component type
+        if id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
+            purl = new_component['purl'][0]  # Take first purl for these component types
+        else:
+            purl = new_component['purl']
+
+        component_key = f"{purl}@{new_component['version']}"
         components[component_key] = {
-            'purl': new_component['purl'][0],
-            'version': new_component['version'],
-            'licenses': {},
-            'status': new_component['status'],
+                'purl': purl,
+                'version': new_component['version'],
+                'licenses': {},
+                'status': status,
         }
+
         if not new_component.get('licenses'):
             self.print_stderr(f'WARNING: Results missing licenses. Skipping.')
             return components
@@ -187,6 +198,10 @@ class PolicyCheck(ScanossBase):
                 if not component_id:
                     self.print_stderr(f'WARNING: Result missing id. Skipping.')
                     continue
+                status = c.get('status')
+                if not component_id:
+                    self.print_stderr(f'WARNING: Result missing status. Skipping.')
+                    continue
                 if component_id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
                     if not c.get('purl'):
                         self.print_stderr(f'WARNING: Result missing purl. Skipping.')
@@ -200,9 +215,10 @@ class PolicyCheck(ScanossBase):
                     component_key = f"{c['purl'][0]}@{c['version']}"
                     # Initialize or update the component entry
                     if component_key not in components:
-                        components = self._append_component(components, c)
+                        components = self._append_component(components, c, component_id, status)
+
                 if c['id'] == ComponentID.DEPENDENCY.value:
-                    if c.get('dependency') is None:
+                    if c.get('dependencies') is None:
                         continue
                     for d in c['dependencies']:
                         if not d.get('purl'):
@@ -214,9 +230,9 @@ class PolicyCheck(ScanossBase):
                         if not d.get('version'):
                             self.print_stderr(f'WARNING: Result missing version. Skipping.')
                             continue
-                        component_key = f"{d['purl'][0]}@{d['version']}"
+                        component_key = f"{d['purl']}@{d['version']}"
                         if component_key not in components:
-                            components = self._append_component(components, d)
+                            components = self._append_component(components, d, component_id, status)
                     # End of dependencies loop
                 # End if
             # End of component loop

scanoss/inspection/undeclared_component.py

@@ -78,8 +78,8 @@ class UndeclaredComponent(PolicyCheck):
         """
         summary = f'{len(components)} undeclared component(s) were found.\n'
         if len(components) > 0:
-            summary += (f' Add the following snippet into your `sbom.json` file \n'
-                        f' ```json \n {json.dumps(self._generate_sbom_file(components), indent=2)} ``` \n ')
+            summary += (f'Add the following snippet into your `sbom.json` file\n'
+                        f'\n```json\n{json.dumps(self._generate_sbom_file(components), indent=2)}\n```\n')
         return summary
 
     def _json(self, components: list) -> Dict[str, Any]:
@@ -93,7 +93,7 @@ class UndeclaredComponent(PolicyCheck):
         if len(components) > 0:
             details = {'components': components}
         return {
-            'details':  json.dumps(details, indent=2),
+            'details':  f'{json.dumps(details, indent=2)}\n',
             'summary': self._get_summary(components),
         }
 
@@ -111,24 +111,30 @@ class UndeclaredComponent(PolicyCheck):
             licenses = " - ".join(lic.get('spdxid', 'Unknown') for lic in component['licenses'])
             rows.append([component['purl'], component['version'], licenses])
         return  {
-            'details': f'### Undeclared components\n{self.generate_table(headers,rows)}',
+            'details': f'### Undeclared components\n{self.generate_table(headers,rows)}\n',
             'summary': self._get_summary(components),
         }
 
-    def _generate_sbom_file(self, components: list) -> list:
+    def _generate_sbom_file(self, components: list) -> dict[str, list[dict[str, str]]]:
         """
          Generate a list of PURLs for the SBOM file.
 
          :param components: List of undeclared components
-         :return: List of dictionaries containing PURLs
+         :return: SBOM Dictionary with components
          """
-        sbom = {}
+
+        unique_components = {}
         if components is None:
             self.print_stderr(f'WARNING: No components provided!')
         else:
             for component in components:
-                sbom[component['purl']] = { 'purl': component['purl'] }
-        return list(sbom.values())
+                unique_components[component['purl']] = { 'purl': component['purl'] }
+
+        sbom = {
+            'components': list(unique_components.values())
+        }
+
+        return sbom
 
     def run(self):
         """

scanoss/inspection/utils/markdown_utils.py

@@ -0,0 +1,23 @@
+def generate_table(headers, rows, centered_columns=None):
+    """
+     Generate Markdown table
+     :param headers: List of headers
+     :param rows: Rows
+     :param centered_columns: List with centered columns
+     """
+    COL_SEP = ' | '
+    centered_column_set = set(centered_columns or [])
+    def create_separator(header, index):
+        if centered_columns is None:
+            return '-'
+        return ':-:' if index in centered_column_set else '-'
+
+    row_separator = COL_SEP + COL_SEP.join(
+        create_separator(header, index) for index, header in enumerate(headers)
+    ) + COL_SEP
+
+    table_rows = [COL_SEP + COL_SEP.join(headers) + COL_SEP]
+    table_rows.append(row_separator)
+    table_rows.extend(COL_SEP + COL_SEP.join(row) + COL_SEP for row in rows)
+
+    return '\n'.join(table_rows)

scanoss/inspection/utils/result_utils.py

@@ -0,0 +1,79 @@
+from enum import Enum
+from typing import Dict, Any
+
+from scanoss.inspection.utils.license_utils import license_util
+
+
+class ComponentID(Enum):
+    FILE = "file"
+    SNIPPET = "snippet"
+    DEPENDENCY = "dependency"
+
+
+def _append_component(components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
+    """
+    Append a new component to the components dictionary.
+
+    This function creates a new entry in the components dictionary for the given component,
+    or updates an existing entry if the component already exists. It also processes the
+    licenses associated with the component.
+
+    :param components: The existing dictionary of components
+    :param new_component: The new component to be added or updated
+    :return: The updated components dictionary
+    """
+    component_key = f"{new_component['purl'][0]}@{new_component['version']}"
+    components[component_key] = {
+        'purl': new_component['purl'][0],
+        'version': new_component['version'],
+        'licenses': {},
+        'status': new_component['status'],
+    }
+
+    # Process licenses for this component
+    for l in new_component['licenses']:
+        spdxid = l['name']
+        components[component_key]['licenses'][spdxid] = {
+            'spdxid': spdxid,
+            'copyleft': license_util.is_copyleft(spdxid),
+            'url': l.get('url')
+        }
+
+    return components
+
+
+def get_components(results: Dict[str, Any]) -> list:
+    """
+        Process the results dictionary to extract and format component information.
+
+        This function iterates through the results dictionary, identifying components from
+        different sources (files, snippets, and dependencies). It consolidates this information
+        into a list of unique components, each with its associated licenses and other details.
+
+        :param results: A dictionary containing the raw results of a component scan
+        :return: A list of dictionaries, each representing a unique component with its details
+    """
+    components = {}
+    for component in results.values():
+        for c in component:
+            if c['id'] in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
+                component_key = f"{c['purl'][0]}@{c['version']}"
+
+                # Initialize or update the component entry
+                if component_key not in components:
+                    components = _append_component(components, c)
+
+            if c['id'] == ComponentID.DEPENDENCY.value:
+                for d in c['dependencies']:
+                    component_key = f"{d['purl'][0]}@{d['version']}"
+
+                    if component_key not in components:
+                        components = _append_component(components, d)
+                # End of for loop
+            # End if
+        # End if
+    results = list(components.values())
+    for component in results:
+        component['licenses'] = list(component['licenses'].values())
+
+    return results

scanoss/scanoss_settings.py

@@ -1,30 +1,30 @@
 """
- SPDX-License-Identifier: MIT
-
-   Copyright (c) 2024, SCANOSS
-
-   Permission is hereby granted, free of charge, to any person obtaining a copy
-   of this software and associated documentation files (the 'Software'), to deal
-   in the Software without restriction, including without limitation the rights
-   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-   copies of the Software, and to permit persons to whom the Software is
-   furnished to do so, subject to the following conditions:
-
-   The above copyright notice and this permission notice shall be included in
-   all copies or substantial portions of the Software.
-
-   THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-   THE SOFTWARE.
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2024, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the 'Software'), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
 """
 
 import json
 from pathlib import Path
-from typing import Dict, List, TypedDict
+from typing import List, TypedDict
 
 from .scanossbase import ScanossBase
 
@@ -123,7 +123,12 @@ class ScanossSettings(ScanossBase):
             list: If using SBOM.json
         """
         if self.settings_file_type == "legacy":
-            return self.data.get("components", [])
+            if isinstance(self.data, list):
+                return self.data
+            elif isinstance(self.data, dict) and self.data.get("components"):
+                return self.data.get("components")
+            else:
+                return []
         return self.data.get("bom", {})
 
     def get_bom_include(self) -> List[BomEntry]:

scanoss/spdxlite.py

@@ -180,7 +180,7 @@ class SpdxLite:
         data = {
             'spdxVersion': 'SPDX-2.2',
             'dataLicense': 'CC0-1.0',
-            'SPDXID': f'SPDXRef-{md5hex}',
+            'SPDXID': f'SPDXRef-DOCUMENT',
             'name': 'SCANOSS-SBOM',
             'creationInfo': {
                 'created': now.strftime('%Y-%m-%dT%H:%M:%SZ'),
@@ -214,6 +214,8 @@ class SpdxLite:
             comp_name = comp.get('component')
             comp_ver = comp.get('version')
             purl_ver = f'{purl}@{comp_ver}'
+            vendor = comp.get('vendor', 'NOASSERTION')
+            supplier = f"Organization: {vendor}" if vendor != 'NOASSERTION' else vendor
             purl_hash = hashlib.md5(f'{purl_ver}'.encode('utf-8')).hexdigest()
             purl_spdx = f'SPDXRef-{purl_hash}'
             data['documentDescribes'].append(purl_spdx)
@@ -227,6 +229,7 @@ class SpdxLite:
                 'licenseConcluded': 'NOASSERTION',
                 'filesAnalyzed': False,
                 'copyrightText': 'NOASSERTION',
+                'supplier':  supplier,
                 'externalRefs': [{
                     'referenceCategory': 'PACKAGE-MANAGER',
                     'referenceLocator': purl_ver,

{scanoss-1.17.0.dist-info → scanoss-1.17.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: scanoss
-Version: 1.17.0
+Version: 1.17.2
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.17.0.dist-info → scanoss-1.17.2.dist-info}/RECORD

@@ -4,7 +4,7 @@ protoc_gen_swagger/options/annotations_pb2.py,sha256=b25EDD6gssUWnFby9gxgcpLIROT
 protoc_gen_swagger/options/annotations_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
 protoc_gen_swagger/options/openapiv2_pb2.py,sha256=vYElGp8E1vGHszvWqX97zNG9GFJ7u2QcdK9ouq0XdyI,14939
 protoc_gen_swagger/options/openapiv2_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
-scanoss/__init__.py,sha256=a83GwGA7nr4Ahj8O8Dfo2DL11QhPNCHOrmNkzWYHX4c,1163
+scanoss/__init__.py,sha256=aru_CeXo9ujcKEUaT1zaTFbIBCn_pJNsNzmB2T4ewwU,1163
 scanoss/cli.py,sha256=6NlNf1PHlaWNpsDhXFXvrwdLUFiCHbPypj4eFl4rJ5U,50665
 scanoss/components.py,sha256=ZHZ1KA69shxOASZK7USD9yPTITpAc_RXL5q5zpDK23o,12590
 scanoss/csvoutput.py,sha256=hBwr_Fc6mBdOdXgyQcdFrockYH-PJ0jblowlExJ6OPg,9925
@@ -13,13 +13,13 @@ scanoss/filecount.py,sha256=o7xb6m387ucnsU4H1OXGzf_AdWsudhAHe49T8uX4Ieo,6660
 scanoss/results.py,sha256=7G33QAYYI9qI61TCzXjSLYXMmg5CDtZS5e2QhnQfE74,9883
 scanoss/scancodedeps.py,sha256=_9d7MAV20-FrET7mF7gW-BZiz2eHrtwudgrEcSX0oZQ,11321
 scanoss/scanner.py,sha256=Boxk0A-AuS0DMB4UYArU0PWZ0yJlK4v1YgdeVnKmJck,52023
-scanoss/scanoss_settings.py,sha256=NpNZ2aCpRG2EqfJc9_BK6SnODqkOwVBEq3u-9s0KxPI,5986
+scanoss/scanoss_settings.py,sha256=QOpBDfu6vYL-K3WxkujPbXWwut1BHWpN2mJTm7yMD9c,6162
 scanoss/scanossapi.py,sha256=TJxPctr-0DTn_26LfM__OAMfntaXzvheFTbdmU-5pnM,11953
 scanoss/scanossbase.py,sha256=zMDRCLbrcoRvYEKQRuZXnBiVY4_Vsplmg_APbB65oaU,3084
 scanoss/scanossgrpc.py,sha256=ythZkr6F0P0hl_KPYoHkos_IL97TxLKeYfAouX_CUnM,20491
 scanoss/scanpostprocessor.py,sha256=tfQk6GBmW1Yd2rqHHp6QKiYVdmTkBAcpoE4HHN__oKo,5899
 scanoss/scantype.py,sha256=R2-ExLGOrYxaJFtIK2AEo2caD0XrN1zpF5q1qT9Zsyc,1326
-scanoss/spdxlite.py,sha256=ZRcqMHutagRLX1GY7mqrzCsZernTVi5mCp6QZtGoZfY,15646
+scanoss/spdxlite.py,sha256=REChAWV-6qhp16jc4X2lMb1v7VvYiDH5nN9VDV3fDaQ,15828
 scanoss/threadeddependencies.py,sha256=sOIAjiPTmxybKz2yhT4-ixXBeC4K8UQVq6JQj4e8mLc,9906
 scanoss/threadedscanning.py,sha256=T0tL8W1IEX_hLY5ksrAl_iQqtxT_KbyDhTDHo6a7xFE,9387
 scanoss/winnowing.py,sha256=HzMWRYh1XB4so71br-DUPpV6OlmymDfsnU-EOCCObJM,18734
@@ -50,17 +50,19 @@ scanoss/api/vulnerabilities/__init__.py,sha256=FLQtiDiv85Q1Chk-sJ9ky9WOV1mulZhEK
 scanoss/api/vulnerabilities/v2/__init__.py,sha256=FLQtiDiv85Q1Chk-sJ9ky9WOV1mulZhEKjiBihlwiaM,1139
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py,sha256=CFhF80av8tenGvn9AIsGEtRJPuV2dC_syA5JLZb2lDw,5464
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py,sha256=HlS4k4Zmx6RIAqaO9I96jD-eyF5yU6Xx04pVm7pdqOg,6864
-scanoss/data/build_date.txt,sha256=hUuGeBON89UGobFjKWWy0nZ8jWZcTyyZv2hfAXA5eac,40
+scanoss/data/build_date.txt,sha256=oPE2N3MmwjrcnboSRBZJnf0DruUMcoSRdYculyX05aA,40
 scanoss/data/spdx-exceptions.json,sha256=s7UTYxC7jqQXr11YBlIWYCNwN6lRDFTR33Y8rpN_dA4,17953
 scanoss/data/spdx-licenses.json,sha256=A6Z0q82gaTLtnopBfzeIVZjJFxkdRW1g2TuumQc-lII,228794
 scanoss/inspection/__init__.py,sha256=z62680zKq4OmBOugSODvgpSwdsloZL7bvcaMbnx3xgU,1139
-scanoss/inspection/copyleft.py,sha256=K_4qIxdCDJUmV_adyatUPdQyTbXiXbjGYddJJVGYT-s,6568
-scanoss/inspection/policy_check.py,sha256=lbbHhdcLGWgRKKahX_ljqZmMgztHStGkFZltSHjPT8Y,14156
-scanoss/inspection/undeclared_component.py,sha256=vXLEktqPOfG0UKVi25w_EMS33tn3dtBXZUoySgq8OwA,6727
+scanoss/inspection/copyleft.py,sha256=B150gqqEvXZXq5toYtmNCKY7M0WkooBUWYiIeu48aek,6581
+scanoss/inspection/policy_check.py,sha256=r4qvY8j5Vz8FflVL1xZxkd7ufX_wLh5ocna6MoTkPWg,14775
+scanoss/inspection/undeclared_component.py,sha256=XUxNz6iaAoeLPPT4XnfeQlvOv-2thmf1MxP3KRmegQE,6853
 scanoss/inspection/utils/license_utils.py,sha256=iln0414t-cfmVktmAd7ANK7oOqpfRUvwRwIgrj-6GJA,5098
-scanoss-1.17.0.dist-info/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
-scanoss-1.17.0.dist-info/METADATA,sha256=uQrzxUqJUoxojlk4xIhpUdYm89WnxmATnnusmCAeCTE,5936
-scanoss-1.17.0.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
-scanoss-1.17.0.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
-scanoss-1.17.0.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
-scanoss-1.17.0.dist-info/RECORD,,
+scanoss/inspection/utils/markdown_utils.py,sha256=hCa7rqBvtRoAziz3wj0gbpUOrPJIEi3pTvIUrsZf6qc,808
+scanoss/inspection/utils/result_utils.py,sha256=OJRFznK4WCBMNvgX9kTus5WI5eTKjTXp_kWya7ixCyQ,2938
+scanoss-1.17.2.dist-info/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
+scanoss-1.17.2.dist-info/METADATA,sha256=xdt4go57mXTL7fodzNRcOSC7ywmvFHTW-Hs6F5SWoGc,5936
+scanoss-1.17.2.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
+scanoss-1.17.2.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
+scanoss-1.17.2.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
+scanoss-1.17.2.dist-info/RECORD,,

{scanoss-1.17.0.dist-info → scanoss-1.17.2.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.2.0)
+Generator: setuptools (75.3.0)
 Root-Is-Purelib: true
 Tag: py3-none-any