scanoss 1.25.1__py3-none-any.whl → 1.25.2__py3-none-any.whl

scanoss/__init__.py

@@ -22,4 +22,4 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-__version__ = '1.25.1'
+__version__ = '1.25.2'

scanoss/data/build_date.txt

@@ -1 +1 @@
-date: 20250612124028, utime: 1749732028
+date: 20250618150502, utime: 1750259102

scanoss/inspection/copyleft.py

@@ -177,11 +177,7 @@ class Copyleft(PolicyCheck):
         # Extract component and license data from file and dependency results. Both helpers mutate `components`
         self._get_components_data(self.results, components)
         self._get_dependencies_data(self.results, components)
-        # Convert to list and process licenses
-        results_list = list(components.values())
-        for component in results_list:
-            component['licenses'] = list(component['licenses'].values())
-        return results_list
+        return self._convert_components_to_list(components)
 
     def run(self):
         """

scanoss/inspection/policy_check.py

@@ -212,6 +212,10 @@ class PolicyCheck(ScanossBase):
         else:
             purl = new_component['purl']
 
+        if not purl:
+            self.print_debug(f'WARNING: _append_component: No purl found for new component: {new_component}')
+            return components
+
         component_key = f'{purl}@{new_component["version"]}'
         components[component_key] = {
             'purl': purl,
@@ -222,14 +226,21 @@ class PolicyCheck(ScanossBase):
         if not new_component.get('licenses'):
             self.print_debug(f'WARNING: Results missing licenses. Skipping: {new_component}')
             return components
+
+
+        licenses_order_by_source_priority = self._get_licenses_order_by_source_priority(new_component['licenses'])
         # Process licenses for this component
-        for license_item in new_component['licenses']:
+        for license_item in licenses_order_by_source_priority:
             if license_item.get('name'):
                 spdxid = license_item['name']
+                source = license_item.get('source')
+                if not source:
+                    source = 'unknown'
                 components[component_key]['licenses'][spdxid] = {
                     'spdxid': spdxid,
                     'copyleft': self.license_util.is_copyleft(spdxid),
                     'url': self.license_util.get_spdx_url(spdxid),
+                    'source': source,
                 }
         return components
 
@@ -261,10 +272,12 @@ class PolicyCheck(ScanossBase):
                     if len(c.get('purl')) <= 0:
                         self.print_debug(f'WARNING: Result missing purls. Skipping: {c}')
                         continue
-                    if not c.get('version'):
-                        self.print_msg(f'WARNING: Result missing version. Skipping: {c}')
-                        continue
-                    component_key = f'{c["purl"][0]}@{c["version"]}'
+                    version = c.get('version')
+                    if not version:
+                        self.print_debug(f'WARNING: Result missing version. Setting it to unknown: {c}')
+                        version = 'unknown'
+                        c['version'] = version #If no version exists. Set 'unknown' version to current component
+                    component_key = f'{c["purl"][0]}@{version}'
                     if component_key not in components:
                         components = self._append_component(components, c, component_id, status)
             # End component loop
@@ -296,10 +309,12 @@ class PolicyCheck(ScanossBase):
                         if not dependency.get('purl'):
                             self.print_debug(f'WARNING: Dependency result missing purl. Skipping: {dependency}')
                             continue
-                        if not dependency.get('version'):
-                            self.print_msg(f'WARNING: Dependency result missing version. Skipping: {dependency}')
-                            continue
-                        component_key = f'{dependency["purl"]}@{dependency["version"]}'
+                        version = c.get('version')
+                        if not version:
+                            self.print_debug(f'WARNING: Result missing version. Setting it to unknown: {c}')
+                            version = 'unknown'
+                            c['version'] = version  # If no version exists. Set 'unknown' version to current component
+                        component_key = f'{dependency["purl"]}@{version}'
                         if component_key not in components:
                             components = self._append_component(components, dependency, component_id, status)
                     # End dependency loop
@@ -411,6 +426,61 @@ class PolicyCheck(ScanossBase):
                 self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
         return None
 
+    def _convert_components_to_list(self, components: dict):
+        if components is None:
+            self.print_debug(f'WARNING: Components is empty {self.results}')
+            return None
+        results_list = list(components.values())
+        for component in results_list:
+            licenses = component.get('licenses')
+            if licenses is not None:
+                component['licenses'] = list(licenses.values())
+            else:
+                self.print_debug(f'WARNING: Licenses missing for: {component}')
+                component['licenses'] = []
+        return results_list
+
+    def _get_licenses_order_by_source_priority(self,licenses_data):
+        """
+        Select licenses based on source priority:
+        1. component_declared (highest priority)
+        2. license_file
+        3. file_header
+        4. scancode (lowest priority)
+
+        If any high-priority source is found, return only licenses from that source.
+        If none found, return all licenses.
+
+        Returns: list with ordered licenses by source.
+        """
+        # Define priority order (highest to lowest)
+        priority_sources = ['component_declared', 'license_file', 'file_header', 'scancode']
+
+        # Group licenses by source
+        licenses_by_source = {}
+        for license_item in licenses_data:
+
+            source = license_item.get('source', 'unknown')
+            if source not in licenses_by_source:
+                licenses_by_source[source] = {}
+
+            license_name = license_item.get('name')
+            if license_name:
+                # Use license name as key, store full license object as value
+                # If duplicate license names exist in same source, the last one wins
+                licenses_by_source[source][license_name] = license_item
+
+        # Find the highest priority source that has licenses
+        for priority_source in priority_sources:
+            if priority_source in licenses_by_source:
+                self.print_trace(f'Choosing {priority_source} as source')
+                return list(licenses_by_source[priority_source].values())
+
+        # If no priority sources found, combine all licenses into a single list
+        self.print_debug("No priority sources found, returning all licenses as list")
+        return licenses_data
+
+
 #
 # End of PolicyCheck Class
 #

scanoss/inspection/undeclared_component.py

@@ -254,10 +254,7 @@ class UndeclaredComponent(PolicyCheck):
         # Extract file and snippet components
         components = self._get_components_data(self.results, components)
         # Convert to list and process licenses
-        results_list = list(components.values())
-        for component in results_list:
-            component['licenses'] = list(component['licenses'].values())
-        return results_list
+        return self._convert_components_to_list(components)
 
     def run(self):
         """

{scanoss-1.25.1.dist-info → scanoss-1.25.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scanoss
-Version: 1.25.1
+Version: 1.25.2
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.25.1.dist-info → scanoss-1.25.2.dist-info}/RECORD

@@ -4,7 +4,7 @@ protoc_gen_swagger/options/annotations_pb2.py,sha256=b25EDD6gssUWnFby9gxgcpLIROT
 protoc_gen_swagger/options/annotations_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
 protoc_gen_swagger/options/openapiv2_pb2.py,sha256=vYElGp8E1vGHszvWqX97zNG9GFJ7u2QcdK9ouq0XdyI,14939
 protoc_gen_swagger/options/openapiv2_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
-scanoss/__init__.py,sha256=zoc5i9zIZ6i9BDBRPHBqmnNWz1ctPZAr9pCu2Pamvlg,1146
+scanoss/__init__.py,sha256=9K1SKldg4taEpZ7t4H-Z45hI8SIqMlSmjp6TFz3Km2w,1146
 scanoss/cli.py,sha256=SAB0xuHjEEw20YtYAPSZwrQaVf4JUsm8NRcVArMzd4U,69099
 scanoss/components.py,sha256=b0R9DdKuXqyQiw5nZZwjQ6NJXBr1U9gyx1RI2FP9ozA,14511
 scanoss/constants.py,sha256=FWCZG8gQputKwV7XwvW1GuwDXL4wDLQyVRGdwygg578,320
@@ -57,14 +57,14 @@ scanoss/api/vulnerabilities/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSC
 scanoss/api/vulnerabilities/v2/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSCHhIDMJT4r0,1122
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py,sha256=CFhF80av8tenGvn9AIsGEtRJPuV2dC_syA5JLZb2lDw,5464
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py,sha256=HlS4k4Zmx6RIAqaO9I96jD-eyF5yU6Xx04pVm7pdqOg,6864
-scanoss/data/build_date.txt,sha256=DgM1g6ceMq5HR3AeQ6XArgq0PfNCFKqT1ujuejYzZaI,40
+scanoss/data/build_date.txt,sha256=3-u7TU-KPaW2lJLuHTSTYQJlq8aqKlVQv7MRd_B-xvQ,40
 scanoss/data/scanoss-settings-schema.json,sha256=ClkRYAkjAN0Sk704G8BE_Ok006oQ6YnIGmX84CF8h9w,8798
 scanoss/data/spdx-exceptions.json,sha256=s7UTYxC7jqQXr11YBlIWYCNwN6lRDFTR33Y8rpN_dA4,17953
 scanoss/data/spdx-licenses.json,sha256=A6Z0q82gaTLtnopBfzeIVZjJFxkdRW1g2TuumQc-lII,228794
 scanoss/inspection/__init__.py,sha256=0hjb5ktavp7utJzFhGMPImPaZiHWgilM2HwvTp5lXJE,1122
-scanoss/inspection/copyleft.py,sha256=lOOq3-HwIvYVd0a_A0o2pG-m0rtFBHxXjEBLtHpRJto,8671
-scanoss/inspection/policy_check.py,sha256=ldUcKBXD74P4ldO417GP5PqJHE-BagDPBDOK-e3KZco,16009
-scanoss/inspection/undeclared_component.py,sha256=7WRLdDSf_XWtDMlvKRo3nvBy_041gQ2xR2zXqFCzmz0,11155
+scanoss/inspection/copyleft.py,sha256=MqkixiGnOs7IEfhSmX5zRkJmmouHc76q8LP2Rqdu4AQ,8495
+scanoss/inspection/policy_check.py,sha256=k8v7ei3oZBERt4l8S3AWEVn-qA2TsGkfYJT_i21M0s4,19076
+scanoss/inspection/undeclared_component.py,sha256=my-KPEeFx7P2VG2dsYm5-7y83DDMGzf0MnBQdPExIHk,11026
 scanoss/inspection/utils/license_utils.py,sha256=Zb6QLmVJb86lKCwZyBsmwakyAtY1SXa54kUyyKmWMqA,5093
 scanoss/scanners/__init__.py,sha256=D4C0lWLuNp8k_BjQZEc07WZcUgAvriVwQWOk063b0ZU,1122
 scanoss/scanners/container_scanner.py,sha256=leP4roes6B9B95F49mJ0P_F8WcKCQkvJgk9azWyJrjg,16294
@@ -76,9 +76,9 @@ scanoss/utils/abstract_presenter.py,sha256=teiDTxBj5jBMCk2T8i4l1BJPf_u4zBLWrtCTF
 scanoss/utils/crc64.py,sha256=TMrwQimSdE6imhFOUL7oAG6Kxu-8qMpGWMuMg8QpSVs,3169
 scanoss/utils/file.py,sha256=62cA9a17TU9ZvfA3FY5HY4-QOajJeSrc8S6xLA_f-3M,2980
 scanoss/utils/simhash.py,sha256=6iu8DOcecPAY36SZjCOzrrLMT9oIE7-gI6QuYwUQ7B0,5793
-scanoss-1.25.1.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
-scanoss-1.25.1.dist-info/METADATA,sha256=yIG7_hq018z-_68-M0jwt6hSb3oK5yol9Wku4k3m2V4,6060
-scanoss-1.25.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scanoss-1.25.1.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
-scanoss-1.25.1.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
-scanoss-1.25.1.dist-info/RECORD,,
+scanoss-1.25.2.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
+scanoss-1.25.2.dist-info/METADATA,sha256=tLuNgHCCKBeUfqk0EWRkr5iv35GBIybi0nMBSBi1huw,6060
+scanoss-1.25.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scanoss-1.25.2.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
+scanoss-1.25.2.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
+scanoss-1.25.2.dist-info/RECORD,,