scanoss 1.20.6__py3-none-any.whl → 1.22.0__py3-none-any.whl

scanoss/cli.py

@@ -25,13 +25,37 @@ SPDX-License-Identifier: MIT
 import argparse
 import os
 import sys
+from dataclasses import asdict
 from pathlib import Path
+from typing import List
 
 import pypac
-from typing import List
+
+from scanoss.scanners.container_scanner import (
+    DEFAULT_SYFT_COMMAND,
+    DEFAULT_SYFT_TIMEOUT,
+    ContainerScanner,
+    create_container_scanner_config_from_args,
+)
+from scanoss.scanners.folder_hasher import (
+    FolderHasher,
+    create_folder_hasher_config_from_args,
+)
+from scanoss.scanossgrpc import (
+    ScanossGrpc,
+    ScanossGrpcError,
+    create_grpc_config_from_args,
+)
 
 from . import __version__
 from .components import Components
+from .constants import (
+    DEFAULT_POST_SIZE,
+    DEFAULT_RETRY,
+    DEFAULT_TIMEOUT,
+    MIN_TIMEOUT,
+    PYTHON_MAJOR_VERSION,
+)
 from .csvoutput import CsvOutput
 from .cyclonedx import CycloneDx
 from .filecount import FileCount
@@ -40,19 +64,17 @@ from .inspection.undeclared_component import UndeclaredComponent
 from .results import Results
 from .scancodedeps import ScancodeDeps
 from .scanner import FAST_WINNOWING, Scanner
+from .scanners.scanner_config import create_scanner_config_from_args
+from .scanners.scanner_hfh import ScannerHFH
 from .scanoss_settings import ScanossSettings, ScanossSettingsError
 from .scantype import ScanType
 from .spdxlite import SpdxLite
 from .threadeddependencies import SCOPE
 from .utils.file import validate_json_file
 
-DEFAULT_POST_SIZE = 32
-DEFAULT_TIMEOUT = 180
-MIN_TIMEOUT_VALUE = 5
-DEFAULT_RETRY = 5
-PYTHON3_OR_LATER = 3
 HEADER_PARTS_COUNT = 2
 
+
 def print_stderr(*args, **kwargs):
     """
     Print the given message to STDERR
@@ -60,7 +82,7 @@ def print_stderr(*args, **kwargs):
     print(*args, file=sys.stderr, **kwargs)
 
 
-def setup_args() -> None:  # noqa: PLR0915
+def setup_args() -> None:  # noqa: PLR0912, PLR0915
     """
     Setup all the command line arguments for processing
     """
@@ -95,14 +117,6 @@ def setup_args() -> None:  # noqa: PLR0915
     p_scan.add_argument('--files', '-e', type=str, nargs='*', help='List of files to scan.')
     p_scan.add_argument('--identify', '-i', type=str, help='Scan and identify components in SBOM file')
     p_scan.add_argument('--ignore', '-n', type=str, help='Ignore components specified in the SBOM file')
-    p_scan.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
-    p_scan.add_argument(
-        '--format',
-        '-f',
-        type=str,
-        choices=['plain', 'cyclonedx', 'spdxlite', 'csv'],
-        help='Result output format (optional - default: plain)',
-    )
     p_scan.add_argument(
         '--threads', '-T', type=int, default=5, help='Number of threads to use while scanning (optional - default 5)'
     )
@@ -132,15 +146,17 @@ def setup_args() -> None:  # noqa: PLR0915
         help='Timeout (in seconds) for API communication (optional - default 180)',
     )
     p_scan.add_argument(
-        '--retry', '-R', type=int, default=DEFAULT_RETRY,
-        help='Retry limit for API communication (optional - default 5)'
+        '--retry',
+        '-R',
+        type=int,
+        default=DEFAULT_RETRY,
+        help='Retry limit for API communication (optional - default 5)',
     )
     p_scan.add_argument('--no-wfp-output', action='store_true', help='Skip WFP file generation')
     p_scan.add_argument('--dependencies', '-D', action='store_true', help='Add Dependency scanning')
     p_scan.add_argument('--dependencies-only', action='store_true', help='Run Dependency scanning only')
     p_scan.add_argument(
-        '--sc-command', type=str,
-        help='Scancode command and path if required (optional - default scancode).'
+        '--sc-command', type=str, help='Scancode command and path if required (optional - default scancode).'
     )
     p_scan.add_argument(
         '--sc-timeout',
@@ -153,18 +169,6 @@ def setup_args() -> None:  # noqa: PLR0915
     )
     p_scan.add_argument('--dep-scope-inc', '-dsi', type=str, help='Include dependencies with declared scopes')
     p_scan.add_argument('--dep-scope-exc', '-dse', type=str, help='Exclude dependencies with declared scopes')
-    p_scan.add_argument(
-        '--settings',
-        '-st',
-        type=str,
-        help='Settings file to use for scanning (optional - default scanoss.json)',
-    )
-    p_scan.add_argument(
-        '--skip-settings-file',
-        '-stf',
-        action='store_true',
-        help='Skip default settings file (scanoss.json) if it exists',
-    )
 
     # Sub-command: fingerprint
     p_wfp = subparsers.add_parser(
@@ -182,19 +186,6 @@ def setup_args() -> None:  # noqa: PLR0915
         type=str,
         help='Fingerprint the file contents supplied via STDIN (optional)',
     )
-    p_wfp.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
-    p_wfp.add_argument(
-        '--settings',
-        '-st',
-        type=str,
-        help='Settings file to use for fingerprinting (optional - default scanoss.json)',
-    )
-    p_wfp.add_argument(
-        '--skip-settings-file',
-        '-stf',
-        action='store_true',
-        help='Skip default settings file (scanoss.json) if it exists',
-    )
 
     # Sub-command: dependency
     p_dep = subparsers.add_parser(
@@ -203,9 +194,13 @@ def setup_args() -> None:  # noqa: PLR0915
         description=f'Produce dependency file summary: {__version__}',
         help='Scan source code for dependencies, but do not decorate them',
     )
-    p_dep.set_defaults(func=dependency)
-    p_dep.add_argument('scan_dir', metavar='FILE/DIR', type=str, nargs='?', help='A file or folder to scan')
-    p_dep.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
+    p_dep.add_argument('scan_loc', metavar='FILE/DIR', type=str, nargs='?', help='A file or folder to scan')
+    p_dep.add_argument(
+        '--container',
+        type=str,
+        help='Container image to scan. Supports yourrepo/yourimage:tag, Docker tar, '
+        'OCI tar, OCI directory, SIF Container, or generic filesystem directory.',
+    )
     p_dep.add_argument(
         '--sc-command', type=str, help='Scancode command and path if required (optional - default scancode).'
     )
@@ -215,6 +210,40 @@ def setup_args() -> None:  # noqa: PLR0915
         default=600,
         help='Timeout (in seconds) for scancode to complete (optional - default 600)',
     )
+    p_dep.set_defaults(func=dependency)
+
+    # Container scan sub-command
+    p_cs = subparsers.add_parser(
+        'container-scan',
+        aliases=['cs'],
+        description=f'Analyse/scan the given container image: {__version__}',
+        help='Scan container image',
+    )
+    p_cs.add_argument(
+        'scan_loc',
+        metavar='IMAGE',
+        type=str,
+        nargs='?',
+        help=(
+            'Container image to scan. Supports yourrepo/yourimage:tag, Docker tar, '
+            'OCI tar, OCI directory, SIF Container, or generic filesystem directory.'
+        ),
+    )
+    p_cs.add_argument(
+        '--retry',
+        '-R',
+        type=int,
+        default=DEFAULT_RETRY,
+        help='Retry limit for API communication (optional - default 5)',
+    )
+    p_cs.add_argument(
+        '--timeout',
+        '-M',
+        type=int,
+        default=DEFAULT_TIMEOUT,
+        help='Timeout (in seconds) for API communication (optional - default 180)',
+    )
+    p_cs.set_defaults(func=container_scan)
 
     # Sub-command: file_count
     p_fc = subparsers.add_parser(
@@ -225,7 +254,6 @@ def setup_args() -> None:  # noqa: PLR0915
     )
     p_fc.set_defaults(func=file_count)
     p_fc.add_argument('scan_dir', metavar='DIR', type=str, nargs='?', help='A folder to search')
-    p_fc.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
     p_fc.add_argument('--all-hidden', action='store_true', help='Scan all hidden files/folders')
 
     # Sub-command: convert
@@ -237,7 +265,6 @@ def setup_args() -> None:  # noqa: PLR0915
     )
     p_cnv.set_defaults(func=convert)
     p_cnv.add_argument('--input', '-i', type=str, required=True, help='Input file name')
-    p_cnv.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
     p_cnv.add_argument(
         '--format',
         '-f',
@@ -333,9 +360,9 @@ def setup_args() -> None:  # noqa: PLR0915
     for p in [c_crypto, c_vulns, c_semgrep, c_provenance]:
         p.add_argument('--purl', '-p', type=str, nargs='*', help='Package URL - PURL to process.')
         p.add_argument('--input', '-i', type=str, help='Input file name')
+
     # Common Component sub-command options
     for p in [c_crypto, c_vulns, c_search, c_versions, c_semgrep, c_provenance]:
-        p.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
         p.add_argument(
             '--timeout',
             '-M',
@@ -383,7 +410,6 @@ def setup_args() -> None:  # noqa: PLR0915
     p_c_dwnld.add_argument(
         '--port', '-p', required=False, type=int, default=443, help='Server port number (default: 443).'
     )
-    p_c_dwnld.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
 
     # Utils Sub-command: utils pac-proxy
     p_p_proxy = utils_sub.add_parser(
@@ -491,6 +517,114 @@ def setup_args() -> None:  # noqa: PLR0915
     )
     p_undeclared.set_defaults(func=inspect_undeclared)
 
+    # Sub-command: folder-scan
+    p_folder_scan = subparsers.add_parser(
+        'folder-scan',
+        aliases=['fs'],
+        description=f'Scan the given directory using folder hashing: {__version__}',
+        help='Scan the given directory using folder hashing',
+    )
+    p_folder_scan.add_argument('scan_dir', metavar='FILE/DIR', type=str, nargs='?', help='The root directory to scan')
+    p_folder_scan.add_argument(
+        '--timeout',
+        '-M',
+        type=int,
+        default=600,
+        help='Timeout (in seconds) for API communication (optional - default 600)',
+    )
+    p_folder_scan.add_argument(
+        '--format',
+        '-f',
+        type=str,
+        choices=['json'],
+        default='json',
+        help='Result output format (optional - default: json)',
+    )
+    p_folder_scan.add_argument(
+        '--best-match',
+        '-bm',
+        action='store_true',
+        default=False,
+        help='Enable best match mode (optional - default: False)',
+    )
+    p_folder_scan.add_argument(
+        '--threshold',
+        type=int,
+        choices=range(1, 101),
+        metavar='1-100',
+        default=100,
+        help='Threshold for result matching (optional - default: 100)',
+    )
+    p_folder_scan.set_defaults(func=folder_hashing_scan)
+
+    # Sub-command: folder-hash
+    p_folder_hash = subparsers.add_parser(
+        'folder-hash',
+        aliases=['fh'],
+        description=f'Produce a folder hash for the given directory: {__version__}',
+        help='Produce a folder hash for the given directory',
+    )
+    p_folder_hash.add_argument('scan_dir', metavar='FILE/DIR', type=str, nargs='?', help='A file or folder to scan')
+    p_folder_hash.add_argument(
+        '--format',
+        '-f',
+        type=str,
+        choices=['json'],
+        default='json',
+        help='Result output format (optional - default: json)',
+    )
+    p_folder_hash.set_defaults(func=folder_hash)
+
+    # Output options
+    for p in [
+        p_scan,
+        p_cs,
+        p_wfp,
+        p_dep,
+        p_fc,
+        p_cnv,
+        c_crypto,
+        c_vulns,
+        c_search,
+        c_versions,
+        c_semgrep,
+        c_provenance,
+        p_c_dwnld,
+        p_folder_scan,
+        p_folder_hash,
+    ]:
+        p.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
+
+    # Format options
+    for p in [p_scan, p_cs]:
+        choices = ['plain', 'cyclonedx', 'spdxlite', 'csv']
+        if p is p_cs:
+            choices.append('raw')
+
+        p.add_argument(
+            '--format',
+            '-f',
+            type=str,
+            choices=choices,
+            default='plain',
+            help='Result output format (optional - default: plain)',
+        )
+
+    # Scanoss settings options
+    for p in [p_folder_scan, p_scan, p_wfp, p_folder_hash]:
+        p.add_argument(
+            '--settings',
+            '-st',
+            type=str,
+            help='Settings file to use for scanning (optional - default scanoss.json)',
+        )
+        p.add_argument(
+            '--skip-settings-file',
+            '-stf',
+            action='store_true',
+            help='Skip default settings file (scanoss.json) if it exists',
+        )
+
     for p in [p_copyleft, p_undeclared]:
         p.add_argument('-i', '--input', nargs='?', help='Path to results file')
         p.add_argument(
@@ -505,7 +639,7 @@ def setup_args() -> None:  # noqa: PLR0915
         p.add_argument('-s', '--status', type=str, help='Save summary data into Markdown file')
 
     # Global Scan command options
-    for p in [p_scan]:
+    for p in [p_scan, p_cs]:
         p.add_argument(
             '--apiurl', type=str, help='SCANOSS API URL (optional - default: https://api.osskb.org/scan/direct)'
         )
@@ -514,9 +648,9 @@ def setup_args() -> None:  # noqa: PLR0915
     # Global Scan/Fingerprint filter options
     for p in [p_scan, p_wfp]:
         p.add_argument('--obfuscate', action='store_true', help='Obfuscate fingerprints')
-        p.add_argument('--all-extensions', action='store_true', help='Fingerprint all file extensions')
-        p.add_argument('--all-folders', action='store_true', help='Fingerprint all folders')
-        p.add_argument('--all-hidden', action='store_true', help='Fingerprint all hidden files/folders')
+        p.add_argument('--all-extensions', action='store_true', help='Fingerprint all file extensions/types...')
+        p.add_argument('--all-folders', action='store_true', help='Fingerprint all folders...')
+        p.add_argument('--all-hidden', action='store_true', help='Fingerprint all hidden files/folders...')
         p.add_argument('--hpsm', '-H', action='store_true', help='Use High Precision Snippet Matching algorithm.')
         p.add_argument('--skip-snippets', '-S', action='store_true', help='Skip the generation of snippets')
         p.add_argument('--skip-extension', '-E', type=str, action='append', help='File Extension to skip.')
@@ -533,7 +667,17 @@ def setup_args() -> None:  # noqa: PLR0915
         p.add_argument('--strip-snippet', '-N', type=str, action='append', help='Strip Snippet ID string from WFP.')
 
     # Global Scan/GRPC options
-    for p in [p_scan, c_crypto, c_vulns, c_search, c_versions, c_semgrep, c_provenance]:
+    for p in [
+        p_scan,
+        c_crypto,
+        c_vulns,
+        c_search,
+        c_versions,
+        c_semgrep,
+        c_provenance,
+        p_folder_scan,
+        p_cs,
+    ]:
         p.add_argument(
             '--key', '-k', type=str, help='SCANOSS API Key token (optional - not required for default OSSKB URL)'
         )
@@ -559,7 +703,7 @@ def setup_args() -> None:  # noqa: PLR0915
         )
 
     # Global GRPC options
-    for p in [p_scan, c_crypto, c_vulns, c_search, c_versions, c_semgrep, c_provenance]:
+    for p in [p_scan, c_crypto, c_vulns, c_search, c_versions, c_semgrep, c_provenance, p_folder_scan, p_cs]:
         p.add_argument(
             '--api2url', type=str, help='SCANOSS gRPC API 2.0 URL (optional - default: https://api.osskb.org)'
         )
@@ -570,10 +714,26 @@ def setup_args() -> None:  # noqa: PLR0915
             'Can also use the environment variable "grcp_proxy=<ip>:<port>"',
         )
         p.add_argument(
-            '--header','-hdr',
+            '--header',
+            '-hdr',
             action='append',  # This allows multiple -H flags
             type=str,
-            help='Headers to be sent on request (e.g., -hdr "Name: Value") - can be used multiple times'
+            help='Headers to be sent on request (e.g., -hdr "Name: Value") - can be used multiple times',
+        )
+
+    # Syft options
+    for p in [p_cs, p_dep]:
+        p.add_argument(
+            '--syft-command',
+            type=str,
+            help='Syft command and path if required (optional - default syft).',
+            default=DEFAULT_SYFT_COMMAND,
+        )
+        p.add_argument(
+            '--syft-timeout',
+            type=int,
+            default=DEFAULT_SYFT_TIMEOUT,
+            help='Timeout (in seconds) for syft to complete (optional - default 600)',
         )
 
     # Help/Trace command options
@@ -594,7 +754,10 @@ def setup_args() -> None:  # noqa: PLR0915
         p_results,
         p_undeclared,
         p_copyleft,
-        c_provenance
+        c_provenance,
+        p_folder_scan,
+        p_folder_hash,
+        p_cs,
     ]:
         p.add_argument('--debug', '-d', action='store_true', help='Enable debug messages')
         p.add_argument('--trace', '-t', action='store_true', help='Enable trace messages, including API posts')
@@ -607,12 +770,12 @@ def setup_args() -> None:  # noqa: PLR0915
     if not args.subparser:
         parser.print_help()  # No sub command subcommand, print general help
         sys.exit(1)
-    elif (
-        args.subparser in {'utils', 'ut', 'component', 'comp', 'inspect', 'insp', 'ins'} and not args.subparsercmd):
+    elif (args.subparser in ('utils', 'ut', 'component', 'comp', 'inspect', 'insp', 'ins')) and not args.subparsercmd:
         parser.parse_args([args.subparser, '--help'])  # Force utils helps to be displayed
         sys.exit(1)
     args.func(parser, args)  # Execute the function associated with the sub-command
 
+
 def ver(*_):
     """
     Run the "ver" sub-command
@@ -691,7 +854,7 @@ def wfp(parser, args):
     if not args.skip_settings_file:
         scan_settings = ScanossSettings(debug=args.debug, trace=args.trace, quiet=args.quiet)
         try:
-            scan_settings.load_json_file(args.settings)
+            scan_settings.load_json_file(args.settings, args.scan_dir)
         except ScanossSettingsError as e:
             print_stderr(f'Error: {e}')
             sys.exit(1)
@@ -766,7 +929,7 @@ def get_scan_options(args):
     return scan_options
 
 
-def scan(parser, args): # noqa: PLR0912, PLR0915
+def scan(parser, args):  # noqa: PLR0912, PLR0915
     """
     Run the "scan" sub-command
     Parameters
@@ -861,7 +1024,7 @@ def scan(parser, args): # noqa: PLR0912, PLR0915
         if flags:
             print_stderr(f'Using flags {flags}...')
     elif not args.quiet:
-        if args.timeout < MIN_TIMEOUT_VALUE:
+        if args.timeout < MIN_TIMEOUT:
             print_stderr(f'POST timeout (--timeout) too small: {args.timeout}. Reverting to default.')
         if args.retry < 0:
             print_stderr(f'POST retry (--retry) too small: {args.retry}. Reverting to default.')
@@ -910,7 +1073,7 @@ def scan(parser, args): # noqa: PLR0912, PLR0915
         strip_hpsm_ids=args.strip_hpsm,
         strip_snippet_ids=args.strip_snippet,
         scan_settings=scan_settings,
-        req_headers= process_req_headers(args.header),
+        req_headers=process_req_headers(args.header),
     )
     if args.wfp:
         if not scanner.is_file_or_snippet_scan():
@@ -980,12 +1143,18 @@ def dependency(parser, args):
         args: Namespace
             Parsed arguments
     """
-    if not args.scan_dir:
-        print_stderr('Please specify a file/folder')
+    if not args.scan_loc and not args.container:
+        print_stderr('Please specify a file/folder or container image')
         parser.parse_args([args.subparser, '-h'])
         sys.exit(1)
-    if not os.path.exists(args.scan_dir):
-        print_stderr(f'Error: File or folder specified does not exist: {args.scan_dir}.')
+
+    # Workaround to return syft scan results converted to our dependency output format
+    if args.container:
+        args.scan_loc = args.container
+        return container_scan(parser, args, only_interim_results=True)
+
+    if not os.path.exists(args.scan_loc):
+        print_stderr(f'Error: File or folder specified does not exist: {args.scan_loc}.')
         sys.exit(1)
     scan_output: str = None
     if args.output:
@@ -995,7 +1164,7 @@ def dependency(parser, args):
     sc_deps = ScancodeDeps(
         debug=args.debug, quiet=args.quiet, trace=args.trace, sc_command=args.sc_command, timeout=args.sc_timeout
     )
-    if not sc_deps.get_dependencies(what_to_scan=args.scan_dir, result_output=scan_output):
+    if not sc_deps.get_dependencies(what_to_scan=args.scan_loc, result_output=scan_output):
         sys.exit(1)
 
 
@@ -1122,7 +1291,7 @@ def utils_certloc(*_):
     print(f'CA Cert File: {certifi.where()}')
 
 
-def utils_cert_download(_, args): # pylint: disable=PLR0912 # noqa: PLR0912
+def utils_cert_download(_, args):  # pylint: disable=PLR0912 # noqa: PLR0912
     """
     Run the "utils cert-download" sub-command
     :param _: ignore/unused
@@ -1149,13 +1318,14 @@ def utils_cert_download(_, args): # pylint: disable=PLR0912 # noqa: PLR0912
         certs = conn.get_peer_cert_chain()
         for index, cert in enumerate(certs):
             cert_components = dict(cert.get_subject().get_components())
-            if sys.version_info[0] >= PYTHON3_OR_LATER:
+            if sys.version_info[0] >= PYTHON_MAJOR_VERSION:
                 cn = cert_components.get(b'CN')
             else:
+                # Fallback for Python versions less than PYTHON_MAJOR_VERSION
                 cn = cert_components.get('CN')
             if not args.quiet:
                 print_stderr(f'Certificate {index} - CN: {cn}')
-            if sys.version_info[0] >= PYTHON3_OR_LATER:
+            if sys.version_info[0] >= PYTHON_MAJOR_VERSION:
                 print(
                     (crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')).strip(), file=file
                 )  # Print the downloaded PEM certificate
@@ -1204,7 +1374,7 @@ def get_pac_file(pac: str):
         if pac == 'auto':
             pac_file = pypac.get_pac()  # try to determine the PAC file
         elif pac.startswith('file://'):
-            pac_local = pac.strip('file://')
+            pac_local = pac[7:]  # Remove 'file://' prefix (7 characters)
             if not os.path.exists(pac_local):
                 print_stderr(f'Error: PAC file does not exist: {pac_local}.')
                 sys.exit(1)
@@ -1248,7 +1418,7 @@ def comp_crypto(parser, args):
         grpc_proxy=args.grpc_proxy,
         pac=pac_file,
         timeout=args.timeout,
-        req_headers= process_req_headers(args.header),
+        req_headers=process_req_headers(args.header),
     )
     if not comps.get_crypto_details(args.input, args.purl, args.output):
         sys.exit(1)
@@ -1406,6 +1576,7 @@ def comp_versions(parser, args):
     if not comps.get_component_versions(args.output, json_file=args.input, purl=args.purl, limit=args.limit):
         sys.exit(1)
 
+
 def comp_provenance(parser, args):
     """
     Run the "component semgrep" sub-command
@@ -1424,12 +1595,23 @@ def comp_provenance(parser, args):
         print_stderr(f'Error: Certificate file does not exist: {args.ca_cert}.')
         sys.exit(1)
     pac_file = get_pac_file(args.pac)
-    comps = Components(debug=args.debug, trace=args.trace, quiet=args.quiet, grpc_url=args.api2url, api_key=args.key,
-                       ca_cert=args.ca_cert, proxy=args.proxy, grpc_proxy=args.grpc_proxy, pac=pac_file,
-                       timeout=args.timeout, req_headers=process_req_headers(args.header))
+    comps = Components(
+        debug=args.debug,
+        trace=args.trace,
+        quiet=args.quiet,
+        grpc_url=args.api2url,
+        api_key=args.key,
+        ca_cert=args.ca_cert,
+        proxy=args.proxy,
+        grpc_proxy=args.grpc_proxy,
+        pac=pac_file,
+        timeout=args.timeout,
+        req_headers=process_req_headers(args.header),
+    )
     if not comps.get_provenance_details(args.input, args.purl, args.output):
         sys.exit(1)
 
+
 def results(parser, args):
     """
     Run the "results" sub-command
@@ -1488,13 +1670,135 @@ def process_req_headers(headers_array: List[str]) -> dict:
     dict_headers = {}
     for header_str in headers_array:
         # Split each "Name: Value" header
-        parts = header_str.split(":", 1)
+        parts = header_str.split(':', 1)
         if len(parts) == HEADER_PARTS_COUNT:
             name = parts[0].strip()
             value = parts[1].strip()
             dict_headers[name] = value
     return dict_headers
 
+
+def folder_hashing_scan(parser, args):
+    """Run the "folder-scan" sub-command
+
+    Args:
+        parser (ArgumentParser): command line parser object
+        args (Namespace): Parsed arguments
+    """
+    try:
+        if not args.scan_dir:
+            print_stderr('ERROR: Please specify a directory to scan')
+            parser.parse_args([args.subparser, '-h'])
+            sys.exit(1)
+
+        if not os.path.exists(args.scan_dir) or not os.path.isdir(args.scan_dir):
+            print_stderr(f'ERROR: The specified directory {args.scan_dir} does not exist')
+            sys.exit(1)
+
+        scanner_config = create_scanner_config_from_args(args)
+        scanoss_settings = get_scanoss_settings_from_args(args)
+        grpc_config = create_grpc_config_from_args(args)
+
+        client = ScanossGrpc(**asdict(grpc_config))
+
+        scanner = ScannerHFH(
+            scan_dir=args.scan_dir,
+            config=scanner_config,
+            client=client,
+            scanoss_settings=scanoss_settings,
+        )
+
+        scanner.best_match = args.best_match
+        scanner.threshold = args.threshold
+
+        scanner.scan()
+        scanner.present(output_file=args.output, output_format=args.format)
+    except ScanossGrpcError as e:
+        print_stderr(f'ERROR: {e}')
+        sys.exit(1)
+
+
+def folder_hash(parser, args):
+    """Run the "folder-hash" sub-command
+
+    Args:
+        parser (ArgumentParser): command line parser object
+        args (Namespace): Parsed arguments
+    """
+    try:
+        if not args.scan_dir:
+            print_stderr('ERROR: Please specify a directory to scan')
+            parser.parse_args([args.subparser, '-h'])
+            sys.exit(1)
+
+        if not os.path.exists(args.scan_dir) or not os.path.isdir(args.scan_dir):
+            print_stderr(f'ERROR: The specified directory {args.scan_dir} does not exist')
+            sys.exit(1)
+
+        folder_hasher_config = create_folder_hasher_config_from_args(args)
+        scanoss_settings = get_scanoss_settings_from_args(args)
+
+        folder_hasher = FolderHasher(
+            scan_dir=args.scan_dir,
+            config=folder_hasher_config,
+            scanoss_settings=scanoss_settings,
+        )
+
+        folder_hasher.hash_directory(args.scan_dir)
+        folder_hasher.present(output_file=args.output, output_format=args.format)
+    except Exception as e:
+        print_stderr(f'ERROR: {e}')
+        sys.exit(1)
+
+
+def container_scan(parser, args, only_interim_results: bool = False):
+    """
+    Run the "container-scan" sub-command
+    Parameters
+    ----------
+        parser: ArgumentParser
+            command line parser object
+        args: Namespace
+            Parsed arguments
+    """
+    if not args.scan_loc:
+        print_stderr(
+            'Please specify a container image, Docker tar, OCI tar, OCI directory, SIF Container, or directory to scan'
+        )
+        parser.parse_args([args.subparser, '-h'])
+        sys.exit(1)
+
+    try:
+        config = create_container_scanner_config_from_args(args)
+        config.only_interim_results = only_interim_results
+        container_scanner = ContainerScanner(
+            config=config,
+            what_to_scan=args.scan_loc,
+        )
+
+        container_scanner.scan()
+        if only_interim_results:
+            container_scanner.present(output_file=config.output, output_format='raw')
+        else:
+            container_scanner.decorate_scan_results_with_dependencies()
+            container_scanner.present(output_file=config.output, output_format=config.format)
+    except Exception as e:
+        print_stderr(f'ERROR: {e}')
+        sys.exit(1)
+
+
+def get_scanoss_settings_from_args(args):
+    scanoss_settings = None
+    if not args.skip_settings_file:
+        scanoss_settings = ScanossSettings(debug=args.debug, trace=args.trace, quiet=args.quiet)
+        try:
+            scanoss_settings.load_json_file(args.settings, args.scan_dir).set_file_type('new').set_scan_type('identify')
+        except ScanossSettingsError as e:
+            print_stderr(f'Error: {e}')
+            sys.exit(1)
+        return scanoss_settings
+
+
 def main():
     """
     Run the ScanOSS CLI