scanoss 1.25.2__py3-none-any.whl → 1.26.1__py3-none-any.whl

scanoss/__init__.py

@@ -22,4 +22,4 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-__version__ = '1.25.2'
+__version__ = '1.26.1'

scanoss/cli.py

@@ -32,6 +32,8 @@ from typing import List
 import pypac
 
 from scanoss.cryptography import Cryptography, create_cryptography_config_from_args
+from scanoss.inspection.component_summary import ComponentSummary
+from scanoss.inspection.license_summary import LicenseSummary
 from scanoss.scanners.container_scanner import (
     DEFAULT_SYFT_COMMAND,
     DEFAULT_SYFT_TIMEOUT,
@@ -531,6 +533,7 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
     )
     p_results.set_defaults(func=results)
 
+    ########################################### INSPECT SUBCOMMAND ###########################################
     # Sub-command: inspect
     p_inspect = subparsers.add_parser(
         'inspect', aliases=['insp', 'ins'], description=f'Inspect results: {__version__}', help='Inspect results'
@@ -539,24 +542,26 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
     p_inspect_sub = p_inspect.add_subparsers(
         title='Inspect Commands', dest='subparsercmd', description='Inspect sub-commands', help='Inspect sub-commands'
     )
+
+    ####### INSPECT: Copyleft ######
     # Inspect Sub-command: inspect copyleft
     p_copyleft = p_inspect_sub.add_parser(
         'copyleft', aliases=['cp'], description='Inspect for copyleft licenses', help='Inspect for copyleft licenses'
     )
-    p_copyleft.add_argument(
-        '--include',
-        help='List of Copyleft licenses to append to the default list. Provide licenses as a comma-separated list.',
-    )
-    p_copyleft.add_argument(
-        '--exclude',
-        help='List of Copyleft licenses to remove from default list. Provide licenses as a comma-separated list.',
+
+    ####### INSPECT: License Summary ######
+    # Inspect Sub-command: inspect license summary
+    p_license_summary = p_inspect_sub.add_parser(
+        'license-summary', aliases=['lic-summary', 'licsum'], description='Get license summary',
+        help='Get detected license summary from scan results'
     )
-    p_copyleft.add_argument(
-        '--explicit',
-        help='Explicit list of Copyleft licenses to consider. Provide licenses as a comma-separated list.s',
+
+    p_component_summary = p_inspect_sub.add_parser(
+        'component-summary', aliases=['comp-summary', 'compsum'], description='Get component summary',
+        help='Get detected component summary from scan results'
     )
-    p_copyleft.set_defaults(func=inspect_copyleft)
 
+    ####### INSPECT: Undeclared components ######
     # Inspect Sub-command: inspect undeclared
     p_undeclared = p_inspect_sub.add_parser(
         'undeclared',
@@ -571,7 +576,33 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         default='settings',
         help='Sbom format for status output',
     )
+
+    # Add common commands for inspect copyleft and license summary
+    for p in [p_copyleft, p_license_summary]:
+        p.add_argument(
+            '--include',
+            help='List of Copyleft licenses to append to the default list. Provide licenses as a comma-separated list.',
+        )
+        p.add_argument(
+            '--exclude',
+            help='List of Copyleft licenses to remove from default list. Provide licenses as a comma-separated list.',
+        )
+        p.add_argument(
+            '--explicit',
+            help='Explicit list of Copyleft licenses to consider. Provide licenses as a comma-separated list.s',
+        )
+
+        # Add common commands for inspect copyleft and license summary
+    for p in [p_license_summary, p_component_summary]:
+        p.add_argument('-i', '--input', nargs='?', help='Path to results file')
+        p.add_argument('-o', '--output', type=str, help='Save summary into a file')
+
     p_undeclared.set_defaults(func=inspect_undeclared)
+    p_copyleft.set_defaults(func=inspect_copyleft)
+    p_license_summary.set_defaults(func=inspect_license_summary)
+    p_component_summary.set_defaults(func=inspect_component_summary)
+
+    ########################################### END INSPECT SUBCOMMAND ###########################################
 
     # Sub-command: folder-scan
     p_folder_scan = subparsers.add_parser(
@@ -825,6 +856,8 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         p_results,
         p_undeclared,
         p_copyleft,
+        p_license_summary,
+        p_component_summary,
         c_provenance,
         p_folder_scan,
         p_folder_hash,
@@ -1279,7 +1312,7 @@ def convert(parser, args):
     if not success:
         sys.exit(1)
 
-
+################################ INSPECT handlers ################################
 def inspect_copyleft(parser, args):
     """
     Run the "inspect" sub-command
@@ -1356,13 +1389,73 @@ def inspect_undeclared(parser, args):
     status, _ = i_undeclared.run()
     sys.exit(status)
 
+def inspect_license_summary(parser, args):
+    """
+       Run the "inspect" sub-command
+       Parameters
+       ----------
+           parser: ArgumentParser
+               command line parser object
+           args: Namespace
+               Parsed arguments
+       """
+    if args.input is None:
+        print_stderr('Please specify an input file to inspect')
+        parser.parse_args([args.subparser, args.subparsercmd, '-h'])
+        sys.exit(1)
+    output: str = None
+    if args.output:
+        output = args.output
+        open(output, 'w').close()
+
+    i_license_summary = LicenseSummary(
+        debug=args.debug,
+        trace=args.trace,
+        quiet=args.quiet,
+        filepath=args.input,
+        output=output,
+        include=args.include,
+        exclude=args.exclude,
+        explicit=args.explicit,
+    )
+    i_license_summary.run()
+
+def inspect_component_summary(parser, args):
+    """
+       Run the "inspect" sub-command
+       Parameters
+       ----------
+           parser: ArgumentParser
+               command line parser object
+           args: Namespace
+               Parsed arguments
+       """
+    if args.input is None:
+        print_stderr('Please specify an input file to inspect')
+        parser.parse_args([args.subparser, args.subparsercmd, '-h'])
+        sys.exit(1)
+    output: str = None
+    if args.output:
+        output = args.output
+        open(output, 'w').close()
+
+    i_component_summary = ComponentSummary(
+        debug=args.debug,
+        trace=args.trace,
+        quiet=args.quiet,
+        filepath=args.input,
+        output=output,
+    )
+    i_component_summary.run()
+
+################################ End inspect handlers ################################
 
 def utils_certloc(*_):
     """
     Run the "utils certloc" sub-command
     :param _: ignored/unused
     """
-    import certifi
+    import certifi # noqa: PLC0415,I001
 
     print(f'CA Cert File: {certifi.where()}')
 
@@ -1373,11 +1466,11 @@ def utils_cert_download(_, args):  # pylint: disable=PLR0912 # noqa: PLR0912
     :param _: ignore/unused
     :param args: Parsed arguments
     """
-    import socket
-    import traceback
-    from urllib.parse import urlparse
+    import socket # noqa: PLC0415,I001
+    import traceback # noqa: PLC0415,I001
+    from urllib.parse import urlparse # noqa: PLC0415,I001
 
-    from OpenSSL import SSL, crypto
+    from OpenSSL import SSL, crypto # noqa: PLC0415,I001
 
     file = sys.stdout
     if args.output:
@@ -1425,7 +1518,7 @@ def utils_pac_proxy(_, args):
     :param _: ignore/unused
     :param args: Parsed arguments
     """
-    from pypac.resolver import ProxyResolver
+    from pypac.resolver import ProxyResolver # noqa: PLC0415,I001
 
     if not args.pac:
         print_stderr('Error: No pac file option specified.')
@@ -1499,7 +1592,7 @@ def crypto_algorithms(parser, args):
         sys.exit(1)
     except Exception as e:
         if args.debug:
-            import traceback
+            import traceback # noqa: PLC0415,I001
 
             traceback.print_exc()
         print_stderr(f'ERROR: {e}')
@@ -1541,7 +1634,7 @@ def crypto_hints(parser, args):
         sys.exit(1)
     except Exception as e:
         if args.debug:
-            import traceback
+            import traceback # noqa: PLC0415,I001
 
             traceback.print_exc()
         print_stderr(f'ERROR: {e}')
@@ -1583,7 +1676,7 @@ def crypto_versions_in_range(parser, args):
         sys.exit(1)
     except Exception as e:
         if args.debug:
-            import traceback
+            import traceback # noqa: PLC0415,I001
 
             traceback.print_exc()
         print_stderr(f'ERROR: {e}')

scanoss/data/build_date.txt

@@ -1 +1 @@
-date: 20250618150502, utime: 1750259102
+date: 20250623123500, utime: 1750682100

scanoss/inspection/__init__.py

@@ -1,7 +1,7 @@
 """
 SPDX-License-Identifier: MIT
 
-  Copyright (c) 2024, SCANOSS
+  Copyright (c) 2025, SCANOSS
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal

scanoss/inspection/component_summary.py

@@ -0,0 +1,94 @@
+"""
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2025, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+"""
+
+import json
+
+from .inspect_base import InspectBase
+
+
+class ComponentSummary(InspectBase):
+    def _get_component_summary_from_components(self, scan_components: list)-> dict:
+        """
+        Get a component summary from detected components.
+
+        :param components: List of all components
+        :return: Dict with license summary information
+        """
+        # A component is considered unique by its combination of PURL (Package URL) and license
+        component_licenses = self._group_components_by_license(scan_components)
+        total_components = len(component_licenses)
+        # Get undeclared components
+        undeclared_components = len([c for c in component_licenses if c['status'] == 'pending'])
+
+        components: list = []
+        total_undeclared_files = 0
+        total_files_detected = 0
+        for component in scan_components:
+            total_files_detected += component['count']
+            total_undeclared_files += component['undeclared']
+            components.append({
+                'purl': component['purl'],
+                'version': component['version'],
+                'count': component['count'],
+                'undeclared': component['undeclared'],
+                'declared': component['count'] - component['undeclared'],
+            })
+        ## End for loop components
+        return {
+            "components": component_licenses,
+            'totalComponents': total_components,
+            'undeclaredComponents': undeclared_components,
+            'declaredComponents': total_components - undeclared_components,
+            'totalFilesDetected': total_files_detected,
+            'totalFilesUndeclared': total_undeclared_files,
+            'totalFilesDeclared': total_files_detected - total_undeclared_files,
+        }
+
+    def _get_components(self):
+        """
+        Extract and process components from results and their dependencies.
+
+        This method performs the following steps:
+        1. Validates that `self.results` is loaded. Returns `None` if not.
+        2. Extracts file, snippet, and dependency components into a dictionary.
+        3. Converts components to a list and processes their licenses.
+
+        :return: A list of processed components with license data, or `None` if `self.results` is not set.
+        """
+        if self.results is None:
+            return None
+
+        components: dict = {}
+        # Extract component and license data from file and dependency results. Both helpers mutate `components`
+        self._get_components_data(self.results, components)
+        return self._convert_components_to_list(components)
+
+    def run(self):
+        components = self._get_components()
+        component_summary = self._get_component_summary_from_components(components)
+        self.print_to_file_or_stdout(json.dumps(component_summary, indent=2), self.output)
+        return component_summary
+#
+# End of ComponentSummary Class
+#

scanoss/inspection/copyleft.py

@@ -1,7 +1,7 @@
 """
 SPDX-License-Identifier: MIT
 
-  Copyright (c) 2024, SCANOSS
+  Copyright (c) 2025, SCANOSS
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
@@ -78,12 +78,14 @@ class Copyleft(PolicyCheck):
         :param components: List of components with copyleft licenses
         :return: Dictionary with formatted JSON details and summary
         """
+        # A component is considered unique by its combination of PURL (Package URL) and license
+        component_licenses = self._group_components_by_license(components)
         details = {}
         if len(components) > 0:
             details = {'components': components}
         return {
             'details': f'{json.dumps(details, indent=2)}\n',
-            'summary': f'{len(components)} component(s) with copyleft licenses were found.\n',
+            'summary': f'{len(component_licenses)} component(s) with copyleft licenses were found.\n',
         }
 
     def _markdown(self, components: list) -> Dict[str, Any]:
@@ -93,24 +95,24 @@ class Copyleft(PolicyCheck):
         :param components: List of components with copyleft licenses
         :return: Dictionary with formatted Markdown details and summary
         """
-        headers = ['Component', 'Version', 'License', 'URL', 'Copyleft']
+        # A component is considered unique by its combination of PURL (Package URL) and license
+        component_licenses = self._group_components_by_license(components)
+        headers = ['Component', 'License', 'URL', 'Copyleft']
         centered_columns = [1, 4]
         rows: [[]] = []
-        for component in components:
-            for lic in component['licenses']:
+        for comp_lic_item in component_licenses:
                 row = [
-                    component['purl'],
-                    component['version'],
-                    lic['spdxid'],
-                    lic['url'],
-                    'YES' if lic['copyleft'] else 'NO',
+                    comp_lic_item['purl'],
+                    comp_lic_item['spdxid'],
+                    comp_lic_item['url'],
+                    'YES' if comp_lic_item['copyleft'] else 'NO',
                 ]
                 rows.append(row)
             # End license loop
         # End component loop
         return {
             'details': f'### Copyleft licenses\n{self.generate_table(headers, rows, centered_columns)}\n',
-            'summary': f'{len(components)} component(s) with copyleft licenses were found.\n',
+            'summary': f'{len(component_licenses)} component(s) with copyleft licenses were found.\n',
         }
 
     def _jira_markdown(self, components: list) -> Dict[str, Any]:
@@ -120,24 +122,24 @@ class Copyleft(PolicyCheck):
         :param components: List of components with copyleft licenses
         :return: Dictionary with formatted Markdown details and summary
         """
-        headers = ['Component', 'Version', 'License', 'URL', 'Copyleft']
+        # A component is considered unique by its combination of PURL (Package URL) and license
+        component_licenses = self._group_components_by_license(components)
+        headers = ['Component', 'License', 'URL', 'Copyleft']
         centered_columns = [1, 4]
         rows: [[]] = []
-        for component in components:
-            for lic in component['licenses']:
+        for comp_lic_item in component_licenses:
                 row = [
-                    component['purl'],
-                    component['version'],
-                    lic['spdxid'],
-                    lic['url'],
-                    'YES' if lic['copyleft'] else 'NO',
+                    comp_lic_item['purl'],
+                    comp_lic_item['spdxid'],
+                    comp_lic_item['url'],
+                    'YES' if comp_lic_item['copyleft'] else 'NO',
                 ]
                 rows.append(row)
             # End license loop
         # End component loop
         return {
             'details': f'{self.generate_jira_table(headers, rows, centered_columns)}',
-            'summary': f'{len(components)} component(s) with copyleft licenses were found.\n',
+            'summary': f'{len(component_licenses)} component(s) with copyleft licenses were found.\n',
         }
 
     def _filter_components_with_copyleft_licenses(self, components: list) -> list:
@@ -151,9 +153,16 @@ class Copyleft(PolicyCheck):
         for component in components:
             copyleft_licenses = [lic for lic in component['licenses'] if lic['copyleft']]
             if copyleft_licenses:
+                # Remove unused keys
+                del component['count']
+                del component['declared']
+                del component['undeclared']
                 filtered_component = component
+                # Remove 'count' from each license using pop
+                for lic in copyleft_licenses:
+                    lic.pop('count', None)  # None is default value if key doesn't exist
+
                 filtered_component['licenses'] = copyleft_licenses
-                del filtered_component['status']
                 filtered_components.append(filtered_component)
         # End component loop
         self.print_debug(f'Copyleft components: {filtered_components}')