PyPI - scanoss - Versions diffs - 1.17.1__tar.gz → 1.17.3__tar.gz - Mend

scanoss 1.17.1tar.gz → 1.17.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

{scanoss-1.17.1/src/scanoss.egg-info → scanoss-1.17.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: scanoss
-Version: 1.17.1
+Version: 1.17.3
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.17.1 → scanoss-1.17.3}/src/scanoss/__init__.py RENAMED Viewed

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
-__version__ = "1.17.1"
+__version__ = "1.17.3"

{scanoss-1.17.1 → scanoss-1.17.3}/src/scanoss/cli.py RENAMED Viewed

@@ -26,8 +26,9 @@ import os
 from pathlib import Path
 import sys
 import pypac
-from scanoss.inspection.copyleft import Copyleft
-from scanoss.inspection.undeclared_component import UndeclaredComponent
+from .inspection.copyleft import Copyleft
+from .inspection.undeclared_component import UndeclaredComponent
 from .threadeddependencies import SCOPE
 from .scanoss_settings import ScanossSettings
 from .scancodedeps import ScancodeDeps

scanoss-1.17.3/src/scanoss/data/build_date.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ date: 20241105131130, utime: 1730812290

{scanoss-1.17.1 → scanoss-1.17.3}/src/scanoss/inspection/copyleft.py RENAMED Viewed

@@ -23,7 +23,7 @@
 """
 import json
 from typing import Dict, Any
-from scanoss.inspection.policy_check import PolicyCheck, PolicyStatus
+from .policy_check import PolicyCheck, PolicyStatus
 class Copyleft(PolicyCheck):
     """

{scanoss-1.17.1 → scanoss-1.17.3}/src/scanoss/inspection/policy_check.py RENAMED Viewed

@@ -26,8 +26,9 @@ import os.path
 from abc import abstractmethod
 from enum import Enum
 from typing import Callable, List, Dict, Any
-from scanoss.inspection.utils.license_utils import LicenseUtil
-from scanoss.scanossbase import ScanossBase
+from .utils.license_utils import LicenseUtil
+from ..scanossbase import ScanossBase
 class PolicyStatus(Enum):
     """
@@ -133,7 +134,8 @@ class PolicyCheck(ScanossBase):
         """
         pass
-    def _append_component(self,components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
+    def _append_component(self,components: Dict[str, Any], new_component: Dict[str, Any],
+                           id: str, status: str) -> Dict[str, Any]:
         """
         Append a new component to the component's dictionary.
@@ -143,15 +145,25 @@ class PolicyCheck(ScanossBase):
         :param components: The existing dictionary of components
         :param new_component: The new component to be added or updated
+        :param id: The new component ID
+        :param status: The new component status
         :return: The updated components dictionary
         """
-        component_key = f"{new_component['purl'][0]}@{new_component['version']}"
+        # Determine the component key and purl based on component type
+        if id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
+            purl = new_component['purl'][0]  # Take first purl for these component types
+        else:
+            purl = new_component['purl']
+        component_key = f"{purl}@{new_component['version']}"
         components[component_key] = {
-            'purl': new_component['purl'][0],
-            'version': new_component['version'],
-            'licenses': {},
-            'status': new_component['status'],
+                'purl': purl,
+                'version': new_component['version'],
+                'licenses': {},
+                'status': status,
         }
         if not new_component.get('licenses'):
             self.print_stderr(f'WARNING: Results missing licenses. Skipping.')
             return components
@@ -187,6 +199,10 @@ class PolicyCheck(ScanossBase):
                 if not component_id:
                     self.print_stderr(f'WARNING: Result missing id. Skipping.')
                     continue
+                status = c.get('status')
+                if not component_id:
+                    self.print_stderr(f'WARNING: Result missing status. Skipping.')
+                    continue
                 if component_id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
                     if not c.get('purl'):
                         self.print_stderr(f'WARNING: Result missing purl. Skipping.')
@@ -200,9 +216,10 @@ class PolicyCheck(ScanossBase):
                     component_key = f"{c['purl'][0]}@{c['version']}"
                     # Initialize or update the component entry
                     if component_key not in components:
-                        components = self._append_component(components, c)
+                        components = self._append_component(components, c, component_id, status)
                 if c['id'] == ComponentID.DEPENDENCY.value:
-                    if c.get('dependency') is None:
+                    if c.get('dependencies') is None:
                         continue
                     for d in c['dependencies']:
                         if not d.get('purl'):
@@ -214,9 +231,9 @@ class PolicyCheck(ScanossBase):
                         if not d.get('version'):
                             self.print_stderr(f'WARNING: Result missing version. Skipping.')
                             continue
-                        component_key = f"{d['purl'][0]}@{d['version']}"
+                        component_key = f"{d['purl']}@{d['version']}"
                         if component_key not in components:
-                            components = self._append_component(components, d)
+                            components = self._append_component(components, d, component_id, status)
                     # End of dependencies loop
                 # End if
             # End of component loop

{scanoss-1.17.1 → scanoss-1.17.3}/src/scanoss/inspection/undeclared_component.py RENAMED Viewed

@@ -23,7 +23,7 @@
 """
 import json
 from typing import Dict, Any
-from scanoss.inspection.policy_check import PolicyCheck, PolicyStatus
+from .policy_check import PolicyCheck, PolicyStatus
 class UndeclaredComponent(PolicyCheck):
     """
@@ -115,20 +115,26 @@ class UndeclaredComponent(PolicyCheck):
             'summary': self._get_summary(components),
         }
-    def _generate_sbom_file(self, components: list) -> list:
+    def _generate_sbom_file(self, components: list) -> dict:
         """
          Generate a list of PURLs for the SBOM file.
          :param components: List of undeclared components
-         :return: List of dictionaries containing PURLs
+         :return: SBOM Dictionary with components
          """
-        sbom = {}
+        unique_components = {}
         if components is None:
             self.print_stderr(f'WARNING: No components provided!')
         else:
             for component in components:
-                sbom[component['purl']] = { 'purl': component['purl'] }
-        return list(sbom.values())
+                unique_components[component['purl']] = { 'purl': component['purl'] }
+        sbom = {
+            'components': list(unique_components.values())
+        }
+        return sbom
     def run(self):
         """

{scanoss-1.17.1 → scanoss-1.17.3}/src/scanoss/inspection/utils/license_utils.py RENAMED Viewed

@@ -21,7 +21,7 @@
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE.
 """
-from scanoss.scanossbase import ScanossBase
+from ...scanossbase import ScanossBase
 DEFAULT_COPYLEFT_LICENSES = {
     'agpl-3.0-only', 'artistic-1.0', 'artistic-2.0', 'cc-by-sa-4.0', 'cddl-1.0', 'cddl-1.1', 'cecill-2.1',

{scanoss-1.17.1 → scanoss-1.17.3}/src/scanoss/scanoss_settings.py RENAMED Viewed

@@ -1,30 +1,30 @@
 """
- SPDX-License-Identifier: MIT
-   Copyright (c) 2024, SCANOSS
-   Permission is hereby granted, free of charge, to any person obtaining a copy
-   of this software and associated documentation files (the 'Software'), to deal
-   in the Software without restriction, including without limitation the rights
-   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-   copies of the Software, and to permit persons to whom the Software is
-   furnished to do so, subject to the following conditions:
-   The above copyright notice and this permission notice shall be included in
-   all copies or substantial portions of the Software.
-   THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-   THE SOFTWARE.
+SPDX-License-Identifier: MIT
+  Copyright (c) 2024, SCANOSS
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the 'Software'), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+  THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
 """
 import json
 from pathlib import Path
-from typing import Dict, List, TypedDict
+from typing import List, TypedDict
 from .scanossbase import ScanossBase
@@ -123,7 +123,12 @@ class ScanossSettings(ScanossBase):
             list: If using SBOM.json
         """
         if self.settings_file_type == "legacy":
-            return self.data.get("components", [])
+            if isinstance(self.data, list):
+                return self.data
+            elif isinstance(self.data, dict) and self.data.get("components"):
+                return self.data.get("components")
+            else:
+                return []
         return self.data.get("bom", {})
     def get_bom_include(self) -> List[BomEntry]:

{scanoss-1.17.1 → scanoss-1.17.3}/src/scanoss/spdxlite.py RENAMED Viewed

@@ -180,7 +180,7 @@ class SpdxLite:
         data = {
             'spdxVersion': 'SPDX-2.2',
             'dataLicense': 'CC0-1.0',
-            'SPDXID': f'SPDXRef-{md5hex}',
+            'SPDXID': f'SPDXRef-DOCUMENT',
             'name': 'SCANOSS-SBOM',
             'creationInfo': {
                 'created': now.strftime('%Y-%m-%dT%H:%M:%SZ'),
@@ -214,6 +214,8 @@ class SpdxLite:
             comp_name = comp.get('component')
             comp_ver = comp.get('version')
             purl_ver = f'{purl}@{comp_ver}'
+            vendor = comp.get('vendor', 'NOASSERTION')
+            supplier = f"Organization: {vendor}" if vendor != 'NOASSERTION' else vendor
             purl_hash = hashlib.md5(f'{purl_ver}'.encode('utf-8')).hexdigest()
             purl_spdx = f'SPDXRef-{purl_hash}'
             data['documentDescribes'].append(purl_spdx)
@@ -227,6 +229,7 @@ class SpdxLite:
                 'licenseConcluded': 'NOASSERTION',
                 'filesAnalyzed': False,
                 'copyrightText': 'NOASSERTION',
+                'supplier':  supplier,
                 'externalRefs': [{
                     'referenceCategory': 'PACKAGE-MANAGER',
                     'referenceLocator': purl_ver,

{scanoss-1.17.1 → scanoss-1.17.3/src/scanoss.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: scanoss
-Version: 1.17.1
+Version: 1.17.3
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.17.1 → scanoss-1.17.3}/src/scanoss.egg-info/SOURCES.txt RENAMED Viewed

@@ -68,6 +68,4 @@ src/scanoss/inspection/__init__.py
 src/scanoss/inspection/copyleft.py
 src/scanoss/inspection/policy_check.py
 src/scanoss/inspection/undeclared_component.py
-src/scanoss/inspection/utils/license_utils.py
-src/scanoss/inspection/utils/markdown_utils.py
-src/scanoss/inspection/utils/result_utils.py
+src/scanoss/inspection/utils/license_utils.py

scanoss-1.17.1/src/scanoss/data/build_date.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- date: 20241024162611, utime: 1729787171

scanoss-1.17.1/src/scanoss/inspection/utils/markdown_utils.py DELETED Viewed

@@ -1,23 +0,0 @@
-def generate_table(headers, rows, centered_columns=None):
-    """
-     Generate Markdown table
-     :param headers: List of headers
-     :param rows: Rows
-     :param centered_columns: List with centered columns
-     """
-    COL_SEP = ' | '
-    centered_column_set = set(centered_columns or [])
-    def create_separator(header, index):
-        if centered_columns is None:
-            return '-'
-        return ':-:' if index in centered_column_set else '-'
-    row_separator = COL_SEP + COL_SEP.join(
-        create_separator(header, index) for index, header in enumerate(headers)
-    ) + COL_SEP
-    table_rows = [COL_SEP + COL_SEP.join(headers) + COL_SEP]
-    table_rows.append(row_separator)
-    table_rows.extend(COL_SEP + COL_SEP.join(row) + COL_SEP for row in rows)
-    return '\n'.join(table_rows)

scanoss-1.17.1/src/scanoss/inspection/utils/result_utils.py DELETED Viewed

@@ -1,79 +0,0 @@
-from enum import Enum
-from typing import Dict, Any
-from scanoss.inspection.utils.license_utils import license_util
-class ComponentID(Enum):
-    FILE = "file"
-    SNIPPET = "snippet"
-    DEPENDENCY = "dependency"
-def _append_component(components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
-    """
-    Append a new component to the components dictionary.
-    This function creates a new entry in the components dictionary for the given component,
-    or updates an existing entry if the component already exists. It also processes the
-    licenses associated with the component.
-    :param components: The existing dictionary of components
-    :param new_component: The new component to be added or updated
-    :return: The updated components dictionary
-    """
-    component_key = f"{new_component['purl'][0]}@{new_component['version']}"
-    components[component_key] = {
-        'purl': new_component['purl'][0],
-        'version': new_component['version'],
-        'licenses': {},
-        'status': new_component['status'],
-    }
-    # Process licenses for this component
-    for l in new_component['licenses']:
-        spdxid = l['name']
-        components[component_key]['licenses'][spdxid] = {
-            'spdxid': spdxid,
-            'copyleft': license_util.is_copyleft(spdxid),
-            'url': l.get('url')
-        }
-    return components
-def get_components(results: Dict[str, Any]) -> list:
-    """
-        Process the results dictionary to extract and format component information.
-        This function iterates through the results dictionary, identifying components from
-        different sources (files, snippets, and dependencies). It consolidates this information
-        into a list of unique components, each with its associated licenses and other details.
-        :param results: A dictionary containing the raw results of a component scan
-        :return: A list of dictionaries, each representing a unique component with its details
-    """
-    components = {}
-    for component in results.values():
-        for c in component:
-            if c['id'] in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
-                component_key = f"{c['purl'][0]}@{c['version']}"
-                # Initialize or update the component entry
-                if component_key not in components:
-                    components = _append_component(components, c)
-            if c['id'] == ComponentID.DEPENDENCY.value:
-                for d in c['dependencies']:
-                    component_key = f"{d['purl'][0]}@{d['version']}"
-                    if component_key not in components:
-                        components = _append_component(components, d)
-                # End of for loop
-            # End if
-        # End if
-    results = list(components.values())
-    for component in results:
-        component['licenses'] = list(component['licenses'].values())
-    return results