scanoss 1.17.1__tar.gz → 1.17.2__tar.gz

{scanoss-1.17.1/src/scanoss.egg-info → scanoss-1.17.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: scanoss
-Version: 1.17.1
+Version: 1.17.2
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.17.1 → scanoss-1.17.2}/src/scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = "1.17.1"
+__version__ = "1.17.2"

scanoss-1.17.2/src/scanoss/data/build_date.txt

@@ -0,0 +1 @@
+date: 20241104160508, utime: 1730736308

{scanoss-1.17.1 → scanoss-1.17.2}/src/scanoss/inspection/policy_check.py

@@ -133,7 +133,8 @@ class PolicyCheck(ScanossBase):
         """
         pass
 
-    def _append_component(self,components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
+    def _append_component(self,components: Dict[str, Any], new_component: Dict[str, Any],
+                           id: str, status: str) -> Dict[str, Any]:
         """
         Append a new component to the component's dictionary.
 
@@ -143,15 +144,25 @@ class PolicyCheck(ScanossBase):
 
         :param components: The existing dictionary of components
         :param new_component: The new component to be added or updated
+        :param id: The new component ID
+        :param status: The new component status
         :return: The updated components dictionary
         """
-        component_key = f"{new_component['purl'][0]}@{new_component['version']}"
+
+        # Determine the component key and purl based on component type
+        if id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
+            purl = new_component['purl'][0]  # Take first purl for these component types
+        else:
+            purl = new_component['purl']
+
+        component_key = f"{purl}@{new_component['version']}"
         components[component_key] = {
-            'purl': new_component['purl'][0],
-            'version': new_component['version'],
-            'licenses': {},
-            'status': new_component['status'],
+                'purl': purl,
+                'version': new_component['version'],
+                'licenses': {},
+                'status': status,
         }
+
         if not new_component.get('licenses'):
             self.print_stderr(f'WARNING: Results missing licenses. Skipping.')
             return components
@@ -187,6 +198,10 @@ class PolicyCheck(ScanossBase):
                 if not component_id:
                     self.print_stderr(f'WARNING: Result missing id. Skipping.')
                     continue
+                status = c.get('status')
+                if not component_id:
+                    self.print_stderr(f'WARNING: Result missing status. Skipping.')
+                    continue
                 if component_id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
                     if not c.get('purl'):
                         self.print_stderr(f'WARNING: Result missing purl. Skipping.')
@@ -200,9 +215,10 @@ class PolicyCheck(ScanossBase):
                     component_key = f"{c['purl'][0]}@{c['version']}"
                     # Initialize or update the component entry
                     if component_key not in components:
-                        components = self._append_component(components, c)
+                        components = self._append_component(components, c, component_id, status)
+
                 if c['id'] == ComponentID.DEPENDENCY.value:
-                    if c.get('dependency') is None:
+                    if c.get('dependencies') is None:
                         continue
                     for d in c['dependencies']:
                         if not d.get('purl'):
@@ -214,9 +230,9 @@ class PolicyCheck(ScanossBase):
                         if not d.get('version'):
                             self.print_stderr(f'WARNING: Result missing version. Skipping.')
                             continue
-                        component_key = f"{d['purl'][0]}@{d['version']}"
+                        component_key = f"{d['purl']}@{d['version']}"
                         if component_key not in components:
-                            components = self._append_component(components, d)
+                            components = self._append_component(components, d, component_id, status)
                     # End of dependencies loop
                 # End if
             # End of component loop

{scanoss-1.17.1 → scanoss-1.17.2}/src/scanoss/inspection/undeclared_component.py

@@ -115,20 +115,26 @@ class UndeclaredComponent(PolicyCheck):
             'summary': self._get_summary(components),
         }
 
-    def _generate_sbom_file(self, components: list) -> list:
+    def _generate_sbom_file(self, components: list) -> dict[str, list[dict[str, str]]]:
         """
          Generate a list of PURLs for the SBOM file.
 
          :param components: List of undeclared components
-         :return: List of dictionaries containing PURLs
+         :return: SBOM Dictionary with components
          """
-        sbom = {}
+
+        unique_components = {}
         if components is None:
             self.print_stderr(f'WARNING: No components provided!')
         else:
             for component in components:
-                sbom[component['purl']] = { 'purl': component['purl'] }
-        return list(sbom.values())
+                unique_components[component['purl']] = { 'purl': component['purl'] }
+
+        sbom = {
+            'components': list(unique_components.values())
+        }
+
+        return sbom
 
     def run(self):
         """

{scanoss-1.17.1 → scanoss-1.17.2}/src/scanoss/scanoss_settings.py

@@ -1,30 +1,30 @@
 """
- SPDX-License-Identifier: MIT
-
-   Copyright (c) 2024, SCANOSS
-
-   Permission is hereby granted, free of charge, to any person obtaining a copy
-   of this software and associated documentation files (the 'Software'), to deal
-   in the Software without restriction, including without limitation the rights
-   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-   copies of the Software, and to permit persons to whom the Software is
-   furnished to do so, subject to the following conditions:
-
-   The above copyright notice and this permission notice shall be included in
-   all copies or substantial portions of the Software.
-
-   THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-   THE SOFTWARE.
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2024, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the 'Software'), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
 """
 
 import json
 from pathlib import Path
-from typing import Dict, List, TypedDict
+from typing import List, TypedDict
 
 from .scanossbase import ScanossBase
 
@@ -123,7 +123,12 @@ class ScanossSettings(ScanossBase):
             list: If using SBOM.json
         """
         if self.settings_file_type == "legacy":
-            return self.data.get("components", [])
+            if isinstance(self.data, list):
+                return self.data
+            elif isinstance(self.data, dict) and self.data.get("components"):
+                return self.data.get("components")
+            else:
+                return []
         return self.data.get("bom", {})
 
     def get_bom_include(self) -> List[BomEntry]:

{scanoss-1.17.1 → scanoss-1.17.2}/src/scanoss/spdxlite.py

@@ -180,7 +180,7 @@ class SpdxLite:
         data = {
             'spdxVersion': 'SPDX-2.2',
             'dataLicense': 'CC0-1.0',
-            'SPDXID': f'SPDXRef-{md5hex}',
+            'SPDXID': f'SPDXRef-DOCUMENT',
             'name': 'SCANOSS-SBOM',
             'creationInfo': {
                 'created': now.strftime('%Y-%m-%dT%H:%M:%SZ'),
@@ -214,6 +214,8 @@ class SpdxLite:
             comp_name = comp.get('component')
             comp_ver = comp.get('version')
             purl_ver = f'{purl}@{comp_ver}'
+            vendor = comp.get('vendor', 'NOASSERTION')
+            supplier = f"Organization: {vendor}" if vendor != 'NOASSERTION' else vendor
             purl_hash = hashlib.md5(f'{purl_ver}'.encode('utf-8')).hexdigest()
             purl_spdx = f'SPDXRef-{purl_hash}'
             data['documentDescribes'].append(purl_spdx)
@@ -227,6 +229,7 @@ class SpdxLite:
                 'licenseConcluded': 'NOASSERTION',
                 'filesAnalyzed': False,
                 'copyrightText': 'NOASSERTION',
+                'supplier':  supplier,
                 'externalRefs': [{
                     'referenceCategory': 'PACKAGE-MANAGER',
                     'referenceLocator': purl_ver,

{scanoss-1.17.1 → scanoss-1.17.2/src/scanoss.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: scanoss
-Version: 1.17.1
+Version: 1.17.2
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

scanoss-1.17.1/src/scanoss/data/build_date.txt

@@ -1 +0,0 @@
-date: 20241024162611, utime: 1729787171