scanoss 1.17.1__py3-none-any.whl → 1.17.3__py3-none-any.whl

scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = "1.17.1"
+__version__ = "1.17.3"

scanoss/cli.py

@@ -26,8 +26,9 @@ import os
 from pathlib import Path
 import sys
 import pypac
-from scanoss.inspection.copyleft import Copyleft
-from scanoss.inspection.undeclared_component import UndeclaredComponent
+
+from .inspection.copyleft import Copyleft
+from .inspection.undeclared_component import UndeclaredComponent
 from .threadeddependencies import SCOPE
 from .scanoss_settings import ScanossSettings
 from .scancodedeps import ScancodeDeps

scanoss/data/build_date.txt

@@ -1 +1 @@
-date: 20241024162611, utime: 1729787171
+date: 20241105131130, utime: 1730812290

scanoss/inspection/copyleft.py

@@ -23,7 +23,7 @@
 """
 import json
 from typing import Dict, Any
-from scanoss.inspection.policy_check import PolicyCheck, PolicyStatus
+from .policy_check import PolicyCheck, PolicyStatus
 
 class Copyleft(PolicyCheck):
     """

scanoss/inspection/policy_check.py

@@ -26,8 +26,9 @@ import os.path
 from abc import abstractmethod
 from enum import Enum
 from typing import Callable, List, Dict, Any
-from scanoss.inspection.utils.license_utils import LicenseUtil
-from scanoss.scanossbase import ScanossBase
+from .utils.license_utils import LicenseUtil
+from ..scanossbase import ScanossBase
+
 
 class PolicyStatus(Enum):
     """
@@ -133,7 +134,8 @@ class PolicyCheck(ScanossBase):
         """
         pass
 
-    def _append_component(self,components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
+    def _append_component(self,components: Dict[str, Any], new_component: Dict[str, Any],
+                           id: str, status: str) -> Dict[str, Any]:
         """
         Append a new component to the component's dictionary.
 
@@ -143,15 +145,25 @@ class PolicyCheck(ScanossBase):
 
         :param components: The existing dictionary of components
         :param new_component: The new component to be added or updated
+        :param id: The new component ID
+        :param status: The new component status
         :return: The updated components dictionary
         """
-        component_key = f"{new_component['purl'][0]}@{new_component['version']}"
+
+        # Determine the component key and purl based on component type
+        if id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
+            purl = new_component['purl'][0]  # Take first purl for these component types
+        else:
+            purl = new_component['purl']
+
+        component_key = f"{purl}@{new_component['version']}"
         components[component_key] = {
-            'purl': new_component['purl'][0],
-            'version': new_component['version'],
-            'licenses': {},
-            'status': new_component['status'],
+                'purl': purl,
+                'version': new_component['version'],
+                'licenses': {},
+                'status': status,
         }
+
         if not new_component.get('licenses'):
             self.print_stderr(f'WARNING: Results missing licenses. Skipping.')
             return components
@@ -187,6 +199,10 @@ class PolicyCheck(ScanossBase):
                 if not component_id:
                     self.print_stderr(f'WARNING: Result missing id. Skipping.')
                     continue
+                status = c.get('status')
+                if not component_id:
+                    self.print_stderr(f'WARNING: Result missing status. Skipping.')
+                    continue
                 if component_id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
                     if not c.get('purl'):
                         self.print_stderr(f'WARNING: Result missing purl. Skipping.')
@@ -200,9 +216,10 @@ class PolicyCheck(ScanossBase):
                     component_key = f"{c['purl'][0]}@{c['version']}"
                     # Initialize or update the component entry
                     if component_key not in components:
-                        components = self._append_component(components, c)
+                        components = self._append_component(components, c, component_id, status)
+
                 if c['id'] == ComponentID.DEPENDENCY.value:
-                    if c.get('dependency') is None:
+                    if c.get('dependencies') is None:
                         continue
                     for d in c['dependencies']:
                         if not d.get('purl'):
@@ -214,9 +231,9 @@ class PolicyCheck(ScanossBase):
                         if not d.get('version'):
                             self.print_stderr(f'WARNING: Result missing version. Skipping.')
                             continue
-                        component_key = f"{d['purl'][0]}@{d['version']}"
+                        component_key = f"{d['purl']}@{d['version']}"
                         if component_key not in components:
-                            components = self._append_component(components, d)
+                            components = self._append_component(components, d, component_id, status)
                     # End of dependencies loop
                 # End if
             # End of component loop

scanoss/inspection/undeclared_component.py

@@ -23,7 +23,7 @@
 """
 import json
 from typing import Dict, Any
-from scanoss.inspection.policy_check import PolicyCheck, PolicyStatus
+from .policy_check import PolicyCheck, PolicyStatus
 
 class UndeclaredComponent(PolicyCheck):
     """
@@ -115,20 +115,26 @@ class UndeclaredComponent(PolicyCheck):
             'summary': self._get_summary(components),
         }
 
-    def _generate_sbom_file(self, components: list) -> list:
+    def _generate_sbom_file(self, components: list) -> dict:
         """
          Generate a list of PURLs for the SBOM file.
 
          :param components: List of undeclared components
-         :return: List of dictionaries containing PURLs
+         :return: SBOM Dictionary with components
          """
-        sbom = {}
+
+        unique_components = {}
         if components is None:
             self.print_stderr(f'WARNING: No components provided!')
         else:
             for component in components:
-                sbom[component['purl']] = { 'purl': component['purl'] }
-        return list(sbom.values())
+                unique_components[component['purl']] = { 'purl': component['purl'] }
+
+        sbom = {
+            'components': list(unique_components.values())
+        }
+
+        return sbom
 
     def run(self):
         """

scanoss/inspection/utils/license_utils.py

@@ -21,7 +21,7 @@
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE.
 """
-from scanoss.scanossbase import ScanossBase
+from ...scanossbase import ScanossBase
 
 DEFAULT_COPYLEFT_LICENSES = {
     'agpl-3.0-only', 'artistic-1.0', 'artistic-2.0', 'cc-by-sa-4.0', 'cddl-1.0', 'cddl-1.1', 'cecill-2.1',

scanoss/scanoss_settings.py

@@ -1,30 +1,30 @@
 """
- SPDX-License-Identifier: MIT
-
-   Copyright (c) 2024, SCANOSS
-
-   Permission is hereby granted, free of charge, to any person obtaining a copy
-   of this software and associated documentation files (the 'Software'), to deal
-   in the Software without restriction, including without limitation the rights
-   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-   copies of the Software, and to permit persons to whom the Software is
-   furnished to do so, subject to the following conditions:
-
-   The above copyright notice and this permission notice shall be included in
-   all copies or substantial portions of the Software.
-
-   THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-   THE SOFTWARE.
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2024, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the 'Software'), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
 """
 
 import json
 from pathlib import Path
-from typing import Dict, List, TypedDict
+from typing import List, TypedDict
 
 from .scanossbase import ScanossBase
 
@@ -123,7 +123,12 @@ class ScanossSettings(ScanossBase):
             list: If using SBOM.json
         """
         if self.settings_file_type == "legacy":
-            return self.data.get("components", [])
+            if isinstance(self.data, list):
+                return self.data
+            elif isinstance(self.data, dict) and self.data.get("components"):
+                return self.data.get("components")
+            else:
+                return []
         return self.data.get("bom", {})
 
     def get_bom_include(self) -> List[BomEntry]:

scanoss/spdxlite.py

@@ -180,7 +180,7 @@ class SpdxLite:
         data = {
             'spdxVersion': 'SPDX-2.2',
             'dataLicense': 'CC0-1.0',
-            'SPDXID': f'SPDXRef-{md5hex}',
+            'SPDXID': f'SPDXRef-DOCUMENT',
             'name': 'SCANOSS-SBOM',
             'creationInfo': {
                 'created': now.strftime('%Y-%m-%dT%H:%M:%SZ'),
@@ -214,6 +214,8 @@ class SpdxLite:
             comp_name = comp.get('component')
             comp_ver = comp.get('version')
             purl_ver = f'{purl}@{comp_ver}'
+            vendor = comp.get('vendor', 'NOASSERTION')
+            supplier = f"Organization: {vendor}" if vendor != 'NOASSERTION' else vendor
             purl_hash = hashlib.md5(f'{purl_ver}'.encode('utf-8')).hexdigest()
             purl_spdx = f'SPDXRef-{purl_hash}'
             data['documentDescribes'].append(purl_spdx)
@@ -227,6 +229,7 @@ class SpdxLite:
                 'licenseConcluded': 'NOASSERTION',
                 'filesAnalyzed': False,
                 'copyrightText': 'NOASSERTION',
+                'supplier':  supplier,
                 'externalRefs': [{
                     'referenceCategory': 'PACKAGE-MANAGER',
                     'referenceLocator': purl_ver,

{scanoss-1.17.1.dist-info → scanoss-1.17.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: scanoss
-Version: 1.17.1
+Version: 1.17.3
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.17.1.dist-info → scanoss-1.17.3.dist-info}/RECORD

@@ -4,8 +4,8 @@ protoc_gen_swagger/options/annotations_pb2.py,sha256=b25EDD6gssUWnFby9gxgcpLIROT
 protoc_gen_swagger/options/annotations_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
 protoc_gen_swagger/options/openapiv2_pb2.py,sha256=vYElGp8E1vGHszvWqX97zNG9GFJ7u2QcdK9ouq0XdyI,14939
 protoc_gen_swagger/options/openapiv2_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
-scanoss/__init__.py,sha256=NqMUgZAgLLsgxOynmMFGMJ8NVk9h-smhQ0yEnPqj-WE,1163
-scanoss/cli.py,sha256=6NlNf1PHlaWNpsDhXFXvrwdLUFiCHbPypj4eFl4rJ5U,50665
+scanoss/__init__.py,sha256=1NiSw2lXM_aNTdlVVTT7y0u5plLKheHEs83ftzzggNc,1163
+scanoss/cli.py,sha256=LSe8D3whEiDXgVyAtw2dsVqBd9BwQyB6POz4cH7kVf8,50652
 scanoss/components.py,sha256=ZHZ1KA69shxOASZK7USD9yPTITpAc_RXL5q5zpDK23o,12590
 scanoss/csvoutput.py,sha256=hBwr_Fc6mBdOdXgyQcdFrockYH-PJ0jblowlExJ6OPg,9925
 scanoss/cyclonedx.py,sha256=JVBYeR3D-i4yP9cVSyWvm0_7Y8Kr2MC5GxMgRGAf8R0,12585
@@ -13,13 +13,13 @@ scanoss/filecount.py,sha256=o7xb6m387ucnsU4H1OXGzf_AdWsudhAHe49T8uX4Ieo,6660
 scanoss/results.py,sha256=7G33QAYYI9qI61TCzXjSLYXMmg5CDtZS5e2QhnQfE74,9883
 scanoss/scancodedeps.py,sha256=_9d7MAV20-FrET7mF7gW-BZiz2eHrtwudgrEcSX0oZQ,11321
 scanoss/scanner.py,sha256=Boxk0A-AuS0DMB4UYArU0PWZ0yJlK4v1YgdeVnKmJck,52023
-scanoss/scanoss_settings.py,sha256=NpNZ2aCpRG2EqfJc9_BK6SnODqkOwVBEq3u-9s0KxPI,5986
+scanoss/scanoss_settings.py,sha256=QOpBDfu6vYL-K3WxkujPbXWwut1BHWpN2mJTm7yMD9c,6162
 scanoss/scanossapi.py,sha256=TJxPctr-0DTn_26LfM__OAMfntaXzvheFTbdmU-5pnM,11953
 scanoss/scanossbase.py,sha256=zMDRCLbrcoRvYEKQRuZXnBiVY4_Vsplmg_APbB65oaU,3084
 scanoss/scanossgrpc.py,sha256=ythZkr6F0P0hl_KPYoHkos_IL97TxLKeYfAouX_CUnM,20491
 scanoss/scanpostprocessor.py,sha256=tfQk6GBmW1Yd2rqHHp6QKiYVdmTkBAcpoE4HHN__oKo,5899
 scanoss/scantype.py,sha256=R2-ExLGOrYxaJFtIK2AEo2caD0XrN1zpF5q1qT9Zsyc,1326
-scanoss/spdxlite.py,sha256=ZRcqMHutagRLX1GY7mqrzCsZernTVi5mCp6QZtGoZfY,15646
+scanoss/spdxlite.py,sha256=REChAWV-6qhp16jc4X2lMb1v7VvYiDH5nN9VDV3fDaQ,15828
 scanoss/threadeddependencies.py,sha256=sOIAjiPTmxybKz2yhT4-ixXBeC4K8UQVq6JQj4e8mLc,9906
 scanoss/threadedscanning.py,sha256=T0tL8W1IEX_hLY5ksrAl_iQqtxT_KbyDhTDHo6a7xFE,9387
 scanoss/winnowing.py,sha256=HzMWRYh1XB4so71br-DUPpV6OlmymDfsnU-EOCCObJM,18734
@@ -50,19 +50,17 @@ scanoss/api/vulnerabilities/__init__.py,sha256=FLQtiDiv85Q1Chk-sJ9ky9WOV1mulZhEK
 scanoss/api/vulnerabilities/v2/__init__.py,sha256=FLQtiDiv85Q1Chk-sJ9ky9WOV1mulZhEKjiBihlwiaM,1139
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py,sha256=CFhF80av8tenGvn9AIsGEtRJPuV2dC_syA5JLZb2lDw,5464
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py,sha256=HlS4k4Zmx6RIAqaO9I96jD-eyF5yU6Xx04pVm7pdqOg,6864
-scanoss/data/build_date.txt,sha256=PiBVnmfpEupnCtyNYoAIaej2BfQh7qbXTnoD-oofinE,40
+scanoss/data/build_date.txt,sha256=iecgeD6VIUUJDqEOmZ76jXpADPg08oJD7N5i8Acxrd8,40
 scanoss/data/spdx-exceptions.json,sha256=s7UTYxC7jqQXr11YBlIWYCNwN6lRDFTR33Y8rpN_dA4,17953
 scanoss/data/spdx-licenses.json,sha256=A6Z0q82gaTLtnopBfzeIVZjJFxkdRW1g2TuumQc-lII,228794
 scanoss/inspection/__init__.py,sha256=z62680zKq4OmBOugSODvgpSwdsloZL7bvcaMbnx3xgU,1139
-scanoss/inspection/copyleft.py,sha256=B150gqqEvXZXq5toYtmNCKY7M0WkooBUWYiIeu48aek,6581
-scanoss/inspection/policy_check.py,sha256=lbbHhdcLGWgRKKahX_ljqZmMgztHStGkFZltSHjPT8Y,14156
-scanoss/inspection/undeclared_component.py,sha256=_c5P7bsOS6X5v4tPeiewHfppHuHKlAEYc6WzvZ1K90o,6732
-scanoss/inspection/utils/license_utils.py,sha256=iln0414t-cfmVktmAd7ANK7oOqpfRUvwRwIgrj-6GJA,5098
-scanoss/inspection/utils/markdown_utils.py,sha256=hCa7rqBvtRoAziz3wj0gbpUOrPJIEi3pTvIUrsZf6qc,808
-scanoss/inspection/utils/result_utils.py,sha256=OJRFznK4WCBMNvgX9kTus5WI5eTKjTXp_kWya7ixCyQ,2938
-scanoss-1.17.1.dist-info/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
-scanoss-1.17.1.dist-info/METADATA,sha256=_xvrlJbpBy5wMqqKIuMnwcHhtuiW5g12sTs4XYDHRWg,5936
-scanoss-1.17.1.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
-scanoss-1.17.1.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
-scanoss-1.17.1.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
-scanoss-1.17.1.dist-info/RECORD,,
+scanoss/inspection/copyleft.py,sha256=dkiLkgNYz7cbIQZCzy6zThiIyHkqrper_xruZ9PQhAI,6563
+scanoss/inspection/policy_check.py,sha256=eo5VfEBwKoDSqIwRi0xwaVLy6EUR29HlH5Bl0Kpvx7I,14752
+scanoss/inspection/undeclared_component.py,sha256=BxFhRrI_b_Ulu7cArm5ySphAXT7DfMmbrrGy121cz14,6808
+scanoss/inspection/utils/license_utils.py,sha256=mIaoVWXMA6shkRQmgmiP2mWchjxX4ex8LWs91Nf6rq4,5093
+scanoss-1.17.3.dist-info/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
+scanoss-1.17.3.dist-info/METADATA,sha256=b62_P5hYfA_3m9WoZg87MXMwvO2KXzYuxeoQ_yxGkTw,5936
+scanoss-1.17.3.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
+scanoss-1.17.3.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
+scanoss-1.17.3.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
+scanoss-1.17.3.dist-info/RECORD,,

{scanoss-1.17.1.dist-info → scanoss-1.17.3.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.2.0)
+Generator: setuptools (75.3.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

scanoss/inspection/utils/markdown_utils.py

@@ -1,23 +0,0 @@
-def generate_table(headers, rows, centered_columns=None):
-    """
-     Generate Markdown table
-     :param headers: List of headers
-     :param rows: Rows
-     :param centered_columns: List with centered columns
-     """
-    COL_SEP = ' | '
-    centered_column_set = set(centered_columns or [])
-    def create_separator(header, index):
-        if centered_columns is None:
-            return '-'
-        return ':-:' if index in centered_column_set else '-'
-
-    row_separator = COL_SEP + COL_SEP.join(
-        create_separator(header, index) for index, header in enumerate(headers)
-    ) + COL_SEP
-
-    table_rows = [COL_SEP + COL_SEP.join(headers) + COL_SEP]
-    table_rows.append(row_separator)
-    table_rows.extend(COL_SEP + COL_SEP.join(row) + COL_SEP for row in rows)
-
-    return '\n'.join(table_rows)

scanoss/inspection/utils/result_utils.py

@@ -1,79 +0,0 @@
-from enum import Enum
-from typing import Dict, Any
-
-from scanoss.inspection.utils.license_utils import license_util
-
-
-class ComponentID(Enum):
-    FILE = "file"
-    SNIPPET = "snippet"
-    DEPENDENCY = "dependency"
-
-
-def _append_component(components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
-    """
-    Append a new component to the components dictionary.
-
-    This function creates a new entry in the components dictionary for the given component,
-    or updates an existing entry if the component already exists. It also processes the
-    licenses associated with the component.
-
-    :param components: The existing dictionary of components
-    :param new_component: The new component to be added or updated
-    :return: The updated components dictionary
-    """
-    component_key = f"{new_component['purl'][0]}@{new_component['version']}"
-    components[component_key] = {
-        'purl': new_component['purl'][0],
-        'version': new_component['version'],
-        'licenses': {},
-        'status': new_component['status'],
-    }
-
-    # Process licenses for this component
-    for l in new_component['licenses']:
-        spdxid = l['name']
-        components[component_key]['licenses'][spdxid] = {
-            'spdxid': spdxid,
-            'copyleft': license_util.is_copyleft(spdxid),
-            'url': l.get('url')
-        }
-
-    return components
-
-
-def get_components(results: Dict[str, Any]) -> list:
-    """
-        Process the results dictionary to extract and format component information.
-
-        This function iterates through the results dictionary, identifying components from
-        different sources (files, snippets, and dependencies). It consolidates this information
-        into a list of unique components, each with its associated licenses and other details.
-
-        :param results: A dictionary containing the raw results of a component scan
-        :return: A list of dictionaries, each representing a unique component with its details
-    """
-    components = {}
-    for component in results.values():
-        for c in component:
-            if c['id'] in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
-                component_key = f"{c['purl'][0]}@{c['version']}"
-
-                # Initialize or update the component entry
-                if component_key not in components:
-                    components = _append_component(components, c)
-
-            if c['id'] == ComponentID.DEPENDENCY.value:
-                for d in c['dependencies']:
-                    component_key = f"{d['purl'][0]}@{d['version']}"
-
-                    if component_key not in components:
-                        components = _append_component(components, d)
-                # End of for loop
-            # End if
-        # End if
-    results = list(components.values())
-    for component in results:
-        component['licenses'] = list(component['licenses'].values())
-
-    return results