scanoss 1.19.5__tar.gz → 1.20.0__tar.gz

{scanoss-1.19.5/src/scanoss.egg-info → scanoss-1.20.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: scanoss
-Version: 1.19.5
+Version: 1.20.0
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.19.5 → scanoss-1.20.0}/src/scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = "1.19.5"
+__version__ = "1.20.0"

scanoss-1.20.0/src/scanoss/api/provenance/v2/scanoss_provenance_pb2.py

@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: scanoss/api/provenance/v2/scanoss-provenance.proto
+# Protobuf Python Version: 4.25.1
+"""Generated protocol buffer code."""
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import symbol_database as _symbol_database
+from google.protobuf.internal import builder as _builder
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+from scanoss.api.common.v2 import scanoss_common_pb2 as scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2
+from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2
+from protoc_gen_swagger.options import annotations_pb2 as protoc__gen__swagger_dot_options_dot_annotations__pb2
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n2scanoss/api/provenance/v2/scanoss-provenance.proto\x12\x19scanoss.api.provenance.v2\x1a*scanoss/api/common/v2/scanoss-common.proto\x1a\x1cgoogle/api/annotations.proto\x1a,protoc-gen-swagger/options/annotations.proto\"\xd5\x03\n\x12ProvenanceResponse\x12\x42\n\x05purls\x18\x01 \x03(\x0b\x32\x33.scanoss.api.provenance.v2.ProvenanceResponse.Purls\x12\x35\n\x06status\x18\x02 \x01(\x0b\x32%.scanoss.api.common.v2.StatusResponse\x1a\x32\n\x10\x44\x65\x63laredLocation\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x10\n\x08location\x18\x02 \x01(\t\x1a\x31\n\x0f\x43uratedLocation\x12\x0f\n\x07\x63ountry\x18\x01 \x01(\t\x12\r\n\x05\x63ount\x18\x02 \x01(\x05\x1a\xdc\x01\n\x05Purls\x12\x0c\n\x04purl\x18\x01 \x01(\t\x12\x0f\n\x07version\x18\x02 \x01(\t\x12Z\n\x12\x64\x65\x63lared_locations\x18\x03 \x03(\x0b\x32>.scanoss.api.provenance.v2.ProvenanceResponse.DeclaredLocation\x12X\n\x11\x63urated_locations\x18\x04 \x03(\x0b\x32=.scanoss.api.provenance.v2.ProvenanceResponse.CuratedLocation2\x98\x02\n\nProvenance\x12s\n\x04\x45\x63ho\x12\".scanoss.api.common.v2.EchoRequest\x1a#.scanoss.api.common.v2.EchoResponse\"\"\x82\xd3\xe4\x93\x02\x1c\"\x17/api/v2/provenance/echo:\x01*\x12\x94\x01\n\x16GetComponentProvenance\x12\".scanoss.api.common.v2.PurlRequest\x1a-.scanoss.api.provenance.v2.ProvenanceResponse\"\'\x82\xd3\xe4\x93\x02!\"\x1c/api/v2/provenance/countries:\x01*B\x94\x02Z5github.com/scanoss/papi/api/provenancev2;provenancev2\x92\x41\xd9\x01\x12s\n\x1aSCANOSS Provenance Service\"P\n\x12scanoss-provenance\x12%https://github.com/scanoss/provenance\x1a\x13support@scanoss.com2\x03\x32.0*\x01\x01\x32\x10\x61pplication/json:\x10\x61pplication/jsonR;\n\x03\x34\x30\x34\x12\x34\n*Returned when the resource does not exist.\x12\x06\n\x04\x9a\x02\x01\x07\x62\x06proto3')
+
+_globals = globals()
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'scanoss.api.provenance.v2.scanoss_provenance_pb2', _globals)
+if _descriptor._USE_C_DESCRIPTORS == False:
+  _globals['DESCRIPTOR']._options = None
+  _globals['DESCRIPTOR']._serialized_options = b'Z5github.com/scanoss/papi/api/provenancev2;provenancev2\222A\331\001\022s\n\032SCANOSS Provenance Service\"P\n\022scanoss-provenance\022%https://github.com/scanoss/provenance\032\023support@scanoss.com2\0032.0*\001\0012\020application/json:\020application/jsonR;\n\003404\0224\n*Returned when the resource does not exist.\022\006\n\004\232\002\001\007'
+  _globals['_PROVENANCE'].methods_by_name['Echo']._options = None
+  _globals['_PROVENANCE'].methods_by_name['Echo']._serialized_options = b'\202\323\344\223\002\034\"\027/api/v2/provenance/echo:\001*'
+  _globals['_PROVENANCE'].methods_by_name['GetComponentProvenance']._options = None
+  _globals['_PROVENANCE'].methods_by_name['GetComponentProvenance']._serialized_options = b'\202\323\344\223\002!\"\034/api/v2/provenance/countries:\001*'
+  _globals['_PROVENANCERESPONSE']._serialized_start=202
+  _globals['_PROVENANCERESPONSE']._serialized_end=671
+  _globals['_PROVENANCERESPONSE_DECLAREDLOCATION']._serialized_start=347
+  _globals['_PROVENANCERESPONSE_DECLAREDLOCATION']._serialized_end=397
+  _globals['_PROVENANCERESPONSE_CURATEDLOCATION']._serialized_start=399
+  _globals['_PROVENANCERESPONSE_CURATEDLOCATION']._serialized_end=448
+  _globals['_PROVENANCERESPONSE_PURLS']._serialized_start=451
+  _globals['_PROVENANCERESPONSE_PURLS']._serialized_end=671
+  _globals['_PROVENANCE']._serialized_start=674
+  _globals['_PROVENANCE']._serialized_end=954
+# @@protoc_insertion_point(module_scope)

scanoss-1.20.0/src/scanoss/api/provenance/v2/scanoss_provenance_pb2_grpc.py

@@ -0,0 +1,108 @@
+# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
+"""Client and server classes corresponding to protobuf-defined services."""
+import grpc
+
+from scanoss.api.common.v2 import scanoss_common_pb2 as scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2
+from scanoss.api.provenance.v2 import scanoss_provenance_pb2 as scanoss_dot_api_dot_provenance_dot_v2_dot_scanoss__provenance__pb2
+
+
+class ProvenanceStub(object):
+    """*
+    Expose all of the SCANOSS Provenance RPCs here
+    """
+
+    def __init__(self, channel):
+        """Constructor.
+
+        Args:
+            channel: A grpc.Channel.
+        """
+        self.Echo = channel.unary_unary(
+                '/scanoss.api.provenance.v2.Provenance/Echo',
+                request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoRequest.SerializeToString,
+                response_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoResponse.FromString,
+                )
+        self.GetComponentProvenance = channel.unary_unary(
+                '/scanoss.api.provenance.v2.Provenance/GetComponentProvenance',
+                request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.PurlRequest.SerializeToString,
+                response_deserializer=scanoss_dot_api_dot_provenance_dot_v2_dot_scanoss__provenance__pb2.ProvenanceResponse.FromString,
+                )
+
+
+class ProvenanceServicer(object):
+    """*
+    Expose all of the SCANOSS Provenance RPCs here
+    """
+
+    def Echo(self, request, context):
+        """Standard echo
+        """
+        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+        context.set_details('Method not implemented!')
+        raise NotImplementedError('Method not implemented!')
+
+    def GetComponentProvenance(self, request, context):
+        """Get Provenance countrues associated with a list of PURLs
+        """
+        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+        context.set_details('Method not implemented!')
+        raise NotImplementedError('Method not implemented!')
+
+
+def add_ProvenanceServicer_to_server(servicer, server):
+    rpc_method_handlers = {
+            'Echo': grpc.unary_unary_rpc_method_handler(
+                    servicer.Echo,
+                    request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoRequest.FromString,
+                    response_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoResponse.SerializeToString,
+            ),
+            'GetComponentProvenance': grpc.unary_unary_rpc_method_handler(
+                    servicer.GetComponentProvenance,
+                    request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.PurlRequest.FromString,
+                    response_serializer=scanoss_dot_api_dot_provenance_dot_v2_dot_scanoss__provenance__pb2.ProvenanceResponse.SerializeToString,
+            ),
+    }
+    generic_handler = grpc.method_handlers_generic_handler(
+            'scanoss.api.provenance.v2.Provenance', rpc_method_handlers)
+    server.add_generic_rpc_handlers((generic_handler,))
+
+
+ # This class is part of an EXPERIMENTAL API.
+class Provenance(object):
+    """*
+    Expose all of the SCANOSS Provenance RPCs here
+    """
+
+    @staticmethod
+    def Echo(request,
+            target,
+            options=(),
+            channel_credentials=None,
+            call_credentials=None,
+            insecure=False,
+            compression=None,
+            wait_for_ready=None,
+            timeout=None,
+            metadata=None):
+        return grpc.experimental.unary_unary(request, target, '/scanoss.api.provenance.v2.Provenance/Echo',
+            scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoRequest.SerializeToString,
+            scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoResponse.FromString,
+            options, channel_credentials,
+            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+
+    @staticmethod
+    def GetComponentProvenance(request,
+            target,
+            options=(),
+            channel_credentials=None,
+            call_credentials=None,
+            insecure=False,
+            compression=None,
+            wait_for_ready=None,
+            timeout=None,
+            metadata=None):
+        return grpc.experimental.unary_unary(request, target, '/scanoss.api.provenance.v2.Provenance/GetComponentProvenance',
+            scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.PurlRequest.SerializeToString,
+            scanoss_dot_api_dot_provenance_dot_v2_dot_scanoss__provenance__pb2.ProvenanceResponse.FromString,
+            options, channel_credentials,
+            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)

scanoss-1.20.0/src/scanoss/api/scanning/__init__.py

@@ -0,0 +1,23 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2021, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""

scanoss-1.20.0/src/scanoss/api/scanning/v2/__init__.py

@@ -0,0 +1,23 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2021, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""

{scanoss-1.19.5 → scanoss-1.20.0}/src/scanoss/cli.py

@@ -198,6 +198,13 @@ def setup_args() -> None:
                                    help='Retrieve semgrep issues/findings for the given components')
     c_semgrep.set_defaults(func=comp_semgrep)
 
+    # Component Sub-command: component provenance
+    c_provenance = comp_sub.add_parser('provenance', aliases=['prov', 'prv'],
+                                   description=f'Show Provenance findings: {__version__}',
+                                   help='Retrieve provenance for the given components')
+    c_provenance.set_defaults(func=comp_provenance)
+
+
     # Component Sub-command: component search
     c_search = comp_sub.add_parser('search', aliases=['sc'],
                                    description=f'Search component details: {__version__}',
@@ -221,11 +228,11 @@ def setup_args() -> None:
     c_versions.set_defaults(func=comp_versions)
 
     # Common purl Component sub-command options
-    for p in [c_crypto, c_vulns, c_semgrep]:
+    for p in [c_crypto, c_vulns, c_semgrep, c_provenance]:
         p.add_argument('--purl',  '-p', type=str, nargs="*", help='Package URL - PURL to process.')
         p.add_argument('--input', '-i', type=str, help='Input file name')
     # Common Component sub-command options
-    for p in [c_crypto, c_vulns, c_search, c_versions, c_semgrep]:
+    for p in [c_crypto, c_vulns, c_search, c_versions, c_semgrep, c_provenance]:
         p.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
         p.add_argument('--timeout', '-M', type=int, default=600,
                        help='Timeout (in seconds) for API communication (optional - default 600)')
@@ -361,7 +368,7 @@ def setup_args() -> None:
         p.add_argument('--strip-snippet', '-N', type=str, action='append', help='Strip Snippet ID string from WFP.')
 
     # Global Scan/GRPC options
-    for p in [p_scan, c_crypto, c_vulns, c_search, c_versions, c_semgrep]:
+    for p in [p_scan, c_crypto, c_vulns, c_search, c_versions, c_semgrep, c_provenance]:
         p.add_argument('--key', '-k', type=str,
                        help='SCANOSS API Key token (optional - not required for default OSSKB URL)')
         p.add_argument('--proxy', type=str, help='Proxy URL to use for connections (optional). '
@@ -375,7 +382,7 @@ def setup_args() -> None:
                                                    '"GRPC_DEFAULT_SSL_ROOTS_FILE_PATH=/path/to/cacert.pem" for gRPC')
 
     # Global GRPC options
-    for p in [p_scan, c_crypto, c_vulns, c_search, c_versions, c_semgrep]:
+    for p in [p_scan, c_crypto, c_vulns, c_search, c_versions, c_semgrep, c_provenance]:
         p.add_argument('--api2url', type=str,
                        help='SCANOSS gRPC API 2.0 URL (optional - default: https://api.osskb.org)')
         p.add_argument('--grpc-proxy', type=str, help='GRPC Proxy URL to use for connections (optional). '
@@ -383,7 +390,7 @@ def setup_args() -> None:
 
     # Help/Trace command options
     for p in [p_scan, p_wfp, p_dep, p_fc, p_cnv, p_c_loc, p_c_dwnld, p_p_proxy, c_crypto, c_vulns, c_search,
-              c_versions, c_semgrep, p_results, p_undeclared, p_copyleft]:
+              c_versions, c_semgrep, p_results, p_undeclared, p_copyleft, c_provenance]:
         p.add_argument('--debug', '-d', action='store_true', help='Enable debug messages')
         p.add_argument('--trace', '-t', action='store_true', help='Enable trace messages, including API posts')
         p.add_argument('--quiet', '-q', action='store_true', help='Enable quiet mode')
@@ -473,7 +480,7 @@ def wfp(parser, args):
     if args.output:
         scan_output = args.output
         open(scan_output, 'w').close()
-        
+
     # Load scan settings
     scan_settings = None
     if not args.skip_settings_file:
@@ -575,11 +582,11 @@ def scan(parser, args):
         scan_settings = ScanossSettings(debug=args.debug, trace=args.trace, quiet=args.quiet)
         try:
             if args.identify:
-                scan_settings.load_json_file(args.identify).set_file_type('legacy').set_scan_type('identify')
+                scan_settings.load_json_file(args.identify, args.scan_dir).set_file_type('legacy').set_scan_type('identify')
             elif args.ignore:
-                scan_settings.load_json_file(args.ignore).set_file_type('legacy').set_scan_type('blacklist')
+                scan_settings.load_json_file(args.ignore, args.scan_dir).set_file_type('legacy').set_scan_type('blacklist')
             else:
-                scan_settings.load_json_file(args.settings).set_file_type('new').set_scan_type('identify')
+                scan_settings.load_json_file(args.settings, args.scan_dir).set_file_type('new').set_scan_type('identify')
         except ScanossSettingsError as e:
             print_stderr(f'Error: {e}')
             exit(1)
@@ -1022,6 +1029,30 @@ def comp_semgrep(parser, args):
     if not comps.get_semgrep_details(args.input, args.purl, args.output):
         exit(1)
 
+def comp_provenance(parser, args):
+    """
+    Run the "component provenance" sub-command
+    Parameters
+    ----------
+        parser: ArgumentParser
+            command line parser object
+        args: Namespace
+            Parsed arguments
+    """
+    if (not args.purl and not args.input) or (args.purl and args.input):
+        print_stderr('Please specify an input file or purl to decorate (--purl or --input)')
+        parser.parse_args([args.subparser, args.subparsercmd, '-h'])
+        exit(1)
+    if args.ca_cert and not os.path.exists(args.ca_cert):
+        print_stderr(f'Error: Certificate file does not exist: {args.ca_cert}.')
+        exit(1)
+    pac_file = get_pac_file(args.pac)
+    comps = Components(debug=args.debug, trace=args.trace, quiet=args.quiet, grpc_url=args.api2url, api_key=args.key,
+                       ca_cert=args.ca_cert, proxy=args.proxy, grpc_proxy=args.grpc_proxy, pac=pac_file,
+                       timeout=args.timeout)
+    if not comps.get_provenance_details(args.input, args.purl, args.output):
+        exit(1)
+
 def comp_search(parser, args):
     """
     Run the "component search" sub-command

{scanoss-1.19.5 → scanoss-1.20.0}/src/scanoss/components.py

@@ -24,7 +24,7 @@
 import json
 import os
 import sys
-from typing import TextIO
+from typing import TextIO, Optional, List
 
 from pypac.parser import PACFile
 
@@ -62,13 +62,13 @@ class Components(ScanossBase):
                                     ver_details=ver_details, ca_cert=ca_cert, proxy=proxy, pac=pac,
                                     grpc_proxy=grpc_proxy, timeout=timeout)
 
-    def load_purls(self, json_file: str = None, purls: [] = None) -> dict:
+    def load_purls(self, json_file: Optional[str] = None, purls: Optional[List[str]] = None) -> Optional[dict]:
         """
         Load the specified purls and return a dictionary
 
         :param json_file: JSON PURL file (optional)
         :param purls: list of PURLs (optional)
-        :return: PURL Request dictionary
+        :return: PURL Request dictionary or None
         """
         if json_file:
             if not os.path.isfile(json_file) or not os.access(json_file, os.R_OK):
@@ -81,6 +81,9 @@ class Components(ScanossBase):
                     self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
                     return None
         elif purls:
+            if not all(isinstance(purl, str) for purl in purls):
+                self.print_stderr('ERROR: PURLs must be a list of strings.')
+                return None
             parsed_purls = []
             for p in purls:
                 parsed_purls.append({'purl': p})
@@ -302,3 +305,29 @@ class Components(ScanossBase):
                 self.print_msg(f'Results written to: {output_file}')
         self._close_file(output_file, file)
         return success
+
+    def get_provenance_details(self, json_file: str = None, purls: [] = None, output_file: str = None) -> bool:
+        """
+        Retrieve the semgrep details for the supplied PURLs
+
+        :param json_file: PURL JSON request file (optional)
+        :param purls: PURL request array (optional)
+        :param output_file: output filename (optional). Default: STDOUT
+        :return: True on success, False otherwise
+        """
+        success = False
+        purls_request = self.load_purls(json_file, purls)
+        if purls_request is None or len(purls_request) == 0:
+            return False
+        file = self._open_file_or_sdtout(output_file)
+        if file is None:
+            return False
+        self.print_msg('Sending PURLs to Provenance API for decoration...')
+        response = self.grpc_api.get_provenance_json(purls_request)
+        if response:
+            print(json.dumps(response, indent=2, sort_keys=True), file=file)
+            success = True
+            if output_file:
+                self.print_msg(f'Results written to: {output_file}')
+        self._close_file(output_file, file)
+        return success

{scanoss-1.19.5 → scanoss-1.20.0}/src/scanoss/cyclonedx.py

@@ -197,12 +197,12 @@ class CycloneDx(ScanossBase):
                         'name': 'scanoss-py',
                         'version': __version__,
                     }
-                ]
-            },
-            'component': {
-                'type': 'application',
-                'name': 'NOASSERTION',
-                'version': 'NOASSERTION'
+                ],
+                'component': {
+                    'type': 'application',
+                    'name': 'NOASSERTION',
+                    'version': 'NOASSERTION'
+                }
             },
             'components': [],
             'vulnerabilities': []

scanoss-1.20.0/src/scanoss/data/build_date.txt

@@ -0,0 +1 @@
+date: 20250205133848, utime: 1738762728

{scanoss-1.19.5 → scanoss-1.20.0}/src/scanoss/scanoss_settings.py

@@ -30,9 +30,9 @@ import importlib_resources
 from jsonschema import validate
 
 from .scanossbase import ScanossBase
-from .utils.file import validate_json_file
+from .utils.file import JSON_ERROR_FILE_NOT_FOUND, JSON_ERROR_FILE_EMPTY, validate_json_file
 
-DEFAULT_SCANOSS_JSON_FILE = 'scanoss.json'
+DEFAULT_SCANOSS_JSON_FILE = Path('scanoss.json')
 
 
 class BomEntry(TypedDict, total=False):
@@ -96,16 +96,20 @@ class ScanossSettings(ScanossBase):
         if filepath:
             self.load_json_file(filepath)
 
-    def load_json_file(self, filepath: 'str | None' = None) -> 'ScanossSettings':
+    def load_json_file(self, filepath: 'str | None' = None, scan_root: 'str | None' = None) -> 'ScanossSettings':
         """
         Load the scan settings file. If no filepath is provided, scanoss.json will be used as default.
 
         Args:
             filepath (str): Path to the SCANOSS settings file
         """
+
         if not filepath:
             filepath = DEFAULT_SCANOSS_JSON_FILE
-        json_file = Path(filepath).resolve()
+
+        filepath = Path(scan_root) / filepath if scan_root else Path(filepath)
+
+        json_file = filepath.resolve()
 
         if filepath == DEFAULT_SCANOSS_JSON_FILE and not json_file.exists():
             self.print_debug(f'Default settings file "{filepath}" not found. Skipping...')
@@ -114,7 +118,11 @@ class ScanossSettings(ScanossBase):
 
         result = validate_json_file(json_file)
         if not result.is_valid:
-            raise ScanossSettingsError(f'Problem with settings file. {result.error}')
+            if result.error_code == JSON_ERROR_FILE_NOT_FOUND or result.error_code == JSON_ERROR_FILE_EMPTY:
+                self.print_msg(f'WARNING: The supplied settings file "{filepath}" was not found or is empty. Skipping...')
+                return self
+            else:
+                raise ScanossSettingsError(f'Problem with settings file. {result.error}')
         try:
             validate(result.data, self.schema)
         except Exception as e:

{scanoss-1.19.5 → scanoss-1.20.0}/src/scanoss/scanossgrpc.py

@@ -37,6 +37,7 @@ from .api.components.v2.scanoss_components_pb2_grpc import ComponentsStub
 from .api.cryptography.v2.scanoss_cryptography_pb2_grpc import CryptographyStub
 from .api.dependencies.v2.scanoss_dependencies_pb2_grpc import DependenciesStub
 from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2_grpc import VulnerabilitiesStub
+from .api.provenance.v2.scanoss_provenance_pb2_grpc import ProvenanceStub
 from .api.semgrep.v2.scanoss_semgrep_pb2_grpc import SemgrepStub
 from .api.cryptography.v2.scanoss_cryptography_pb2 import AlgorithmResponse
 from .api.dependencies.v2.scanoss_dependencies_pb2 import DependencyRequest, DependencyResponse
@@ -45,6 +46,8 @@ from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2 import VulnerabilityRes
 from .api.semgrep.v2.scanoss_semgrep_pb2 import SemgrepResponse
 from .api.components.v2.scanoss_components_pb2 import (CompSearchRequest, CompSearchResponse,
                                                        CompVersionRequest, CompVersionResponse)
+from .api.provenance.v2.scanoss_provenance_pb2 import ProvenanceResponse
+
 from .scanossbase import ScanossBase
 from . import __version__
 
@@ -113,6 +116,7 @@ class ScanossGrpc(ScanossBase):
             self.dependencies_stub = DependenciesStub(grpc.insecure_channel(self.url))
             self.semgrep_stub = SemgrepStub(grpc.insecure_channel(self.url))
             self.vuln_stub = VulnerabilitiesStub(grpc.insecure_channel(self.url))
+            self.provenance_stub = ProvenanceStub(grpc.insecure_channel(self.url))
         else:
             if ca_cert is not None:
                 credentials = grpc.ssl_channel_credentials(cert_data)  # secure with specified certificate
@@ -123,6 +127,7 @@ class ScanossGrpc(ScanossBase):
             self.dependencies_stub = DependenciesStub(grpc.secure_channel(self.url, credentials))
             self.semgrep_stub = SemgrepStub(grpc.secure_channel(self.url, credentials))
             self.vuln_stub = VulnerabilitiesStub(grpc.secure_channel(self.url, credentials))
+            self.provenance_stub = ProvenanceStub(grpc.secure_channel(self.url, credentials))
 
     @classmethod
     def _load_cert(cls, cert_file: str) -> bytes:
@@ -383,13 +388,15 @@ class ScanossGrpc(ScanossBase):
         self.print_debug(f'Checking response status (rqId: {request_id}): {status_response}')
         status_code: StatusCode = status_response.status
         if status_code > 1:
+            ret_val = False  # default to failed
             msg = "Unsuccessful"
             if status_code == 2:
                 msg = "Succeeded with warnings"
+                ret_val = True  # No need to fail as it succeeded with warnings
             elif status_code == 3:
                 msg = "Failed with warnings"
             self.print_stderr(f'{msg} (rqId: {request_id} - status: {status_code}): {status_response.message}')
-            return False
+            return ret_val
         return True
 
     def _get_proxy_config(self):
@@ -414,6 +421,33 @@ class ScanossGrpc(ScanossBase):
             os.environ["http_proxy"] = proxies.get("http") or ""
             os.environ["https_proxy"] = proxies.get("https") or ""
 
+    def get_provenance_json(self, purls: dict) -> dict:
+        """
+        Client function to call the rpc for GetComponentProvenance
+        :param purls: Message to send to the service
+        :return: Server response or None
+        """
+        if not purls:
+            self.print_stderr(f'ERROR: No message supplied to send to gRPC service.')
+            return None
+        request_id = str(uuid.uuid4())
+        resp: ProvenanceResponse
+        try:
+            request = ParseDict(purls, PurlRequest())  # Parse the JSON/Dict into the purl request object
+            metadata = self.metadata[:]
+            metadata.append(('x-request-id', request_id))  # Set a Request ID
+            self.print_debug(f'Sending data for provenance decoration (rqId: {request_id})...')
+            resp = self.provenance_stub.GetComponentProvenance(request, metadata=metadata, timeout=self.timeout)
+        except Exception as e:
+            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
+                              f'(rqId: {request_id}): {e}')
+        else:
+            if resp:
+                if not self._check_status_response(resp.status, request_id):
+                    return None
+                resp_dict = MessageToDict(resp, preserving_proto_field_name=True)  # Convert gRPC response to a dict
+                return resp_dict
+        return None
 #
 # End of ScanossGrpc Class
 #

{scanoss-1.19.5 → scanoss-1.20.0}/src/scanoss/utils/file.py

@@ -21,18 +21,24 @@ SPDX-License-Identifier: MIT
   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
   THE SOFTWARE.
 """
+
 import json
 import os
-import sys
 from dataclasses import dataclass
 from typing import Optional
 
+JSON_ERROR_PARSE = 1
+JSON_ERROR_FILE_NOT_FOUND = 2
+JSON_ERROR_FILE_EMPTY = 3
+JSON_ERROR_FILE_SIZE = 4
+
 
 @dataclass
 class JsonValidation:
     is_valid: bool
     data: Optional[dict] = None
     error: Optional[str] = None
+    error_code: Optional[int] = None
 
 
 def validate_json_file(json_file_path: str) -> JsonValidation:
@@ -46,12 +52,33 @@ def validate_json_file(json_file_path: str) -> JsonValidation:
         Tuple[bool, str]: A tuple containing a boolean indicating if the file is valid and a message
     """
     if not json_file_path:
-        return JsonValidation(is_valid=False, error='No JSON file specified')
+        return JsonValidation(is_valid=False, error="No JSON file specified")
     if not os.path.isfile(json_file_path):
-        return JsonValidation(is_valid=False, error=f'File not found: {json_file_path}')
+        return JsonValidation(
+            is_valid=False,
+            error=f"File not found: {json_file_path}",
+            error_code=JSON_ERROR_FILE_NOT_FOUND,
+        )
+    try:
+        if os.stat(json_file_path).st_size == 0:
+            return JsonValidation(
+                is_valid=False,
+                error=f"File is empty: {json_file_path}",
+                error_code=JSON_ERROR_FILE_EMPTY,
+            )
+    except OSError as e:
+        return JsonValidation(
+            is_valid=False,
+            error=f"Problem checking file size: {json_file_path}: {e}",
+            error_code=JSON_ERROR_FILE_SIZE,
+        )
     try:
         with open(json_file_path) as f:
             data = json.load(f)
             return JsonValidation(is_valid=True, data=data)
     except json.JSONDecodeError as e:
-        return JsonValidation(is_valid=False, error=f'Problem parsing JSON file: "{json_file_path}": {e}')
+        return JsonValidation(
+            is_valid=False,
+            error=f'Problem parsing JSON file: "{json_file_path}": {e}',
+            error_code=JSON_ERROR_PARSE,
+        )

{scanoss-1.19.5 → scanoss-1.20.0/src/scanoss.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: scanoss
-Version: 1.19.5
+Version: 1.20.0
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.19.5 → scanoss-1.20.0}/src/scanoss.egg-info/SOURCES.txt

@@ -50,6 +50,10 @@ src/scanoss/api/dependencies/__init__.py
 src/scanoss/api/dependencies/v2/__init__.py
 src/scanoss/api/dependencies/v2/scanoss_dependencies_pb2.py
 src/scanoss/api/dependencies/v2/scanoss_dependencies_pb2_grpc.py
+src/scanoss/api/provenance/__init__.py
+src/scanoss/api/provenance/v2/__init__.py
+src/scanoss/api/provenance/v2/scanoss_provenance_pb2.py
+src/scanoss/api/provenance/v2/scanoss_provenance_pb2_grpc.py
 src/scanoss/api/scanning/__init__.py
 src/scanoss/api/scanning/v2/__init__.py
 src/scanoss/api/scanning/v2/scanoss_scanning_pb2.py

scanoss-1.19.5/src/scanoss/data/build_date.txt

@@ -1 +0,0 @@
-date: 20250115100233, utime: 1736935353