scanoss 1.31.2__py3-none-any.whl → 1.31.3__py3-none-any.whl

scanoss/__init__.py

@@ -22,4 +22,4 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-__version__ = '1.31.2'
+__version__ = '1.31.3'

scanoss/csvoutput.py

@@ -21,11 +21,10 @@ SPDX-License-Identifier: MIT
   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
   THE SOFTWARE.
 """
-
+import csv
 import json
 import os.path
 import sys
-import csv
 
 from .scanossbase import ScanossBase
 
@@ -44,16 +43,20 @@ class CsvOutput(ScanossBase):
         self.output_file = output_file
         self.debug = debug
 
-    def parse(self, data: json):
+    # TODO Refactor (fails linter)
+    def parse(self, data: json): #noqa PLR0912, PLR0915
         """
         Parse the given input (raw/plain) JSON string and return CSV summary
         :param data: json - JSON object
         :return: CSV dictionary
         """
-        if not data:
+        if data is None:
             self.print_stderr('ERROR: No JSON data provided to parse.')
             return None
-        self.print_debug(f'Processing raw results into CSV format...')
+        if len(data) == 0:
+            self.print_msg('Warning: Empty scan results provided. Returning empty CSV list.')
+            return []
+        self.print_debug('Processing raw results into CSV format...')
         csv_dict = []
         row_id = 1
         for f in data:
@@ -92,7 +95,8 @@ class CsvOutput(ScanossBase):
                             detected['licenses'] = ''
                         else:
                             detected['licenses'] = ';'.join(dc)
-                        # inventory_id,path,usage,detected_component,detected_license,detected_version,detected_latest,purl
+                        # inventory_id,path,usage,detected_component,detected_license,
+                        # detected_version,detected_latest,purl
                         csv_dict.append(
                             {
                                 'inventory_id': row_id,
@@ -183,9 +187,11 @@ class CsvOutput(ScanossBase):
         :return: True if successful, False otherwise
         """
         csv_data = self.parse(data)
-        if not csv_data:
+        if csv_data is None:
             self.print_stderr('ERROR: No CSV data returned for the JSON string provided.')
             return False
+        if len(csv_data) == 0:
+            self.print_msg('Warning: Empty scan results - generating CSV with headers only.')
         # Header row/column details
         fields = [
             'inventory_id',

scanoss/cyclonedx.py

@@ -57,9 +57,12 @@ class CycloneDx(ScanossBase):
         :param data: dict - JSON object
         :return: CycloneDX dictionary, and vulnerability dictionary
         """
-        if not data:
+        if data is None:
             self.print_stderr('ERROR: No JSON data provided to parse.')
             return None, None
+        if len(data) == 0:
+            self.print_msg('Warning: Empty scan results provided. Returning empty component dictionary.')
+            return {}, {}
         self.print_debug('Processing raw results into CycloneDX format...')
         cdx = {}
         vdx = {}
@@ -186,9 +189,11 @@ class CycloneDx(ScanossBase):
             json: The CycloneDX output
         """
         cdx, vdx = self.parse(data)
-        if not cdx:
+        if cdx is None:
             self.print_stderr('ERROR: No CycloneDX data returned for the JSON string provided.')
-            return False, None
+            return False, {}
+        if len(cdx) == 0:
+            self.print_msg('Warning: Empty scan results - generating minimal CycloneDX SBOM with no components.')
         self._spdx.load_license_data()  # Load SPDX license name data for later reference
         #
         # Using CDX version 1.4: https://cyclonedx.org/docs/1.4/json/

scanoss/data/build_date.txt

@@ -1 +1 @@
-date: 20250812104538, utime: 1754995538
+date: 20250819171726, utime: 1755623846

scanoss/export/dependency_track.py

@@ -118,7 +118,12 @@ class DependencyTrackExporter(ScanossBase):
             Base64 encoded string
         """
         if not sbom_content:
-            self.print_stderr('Warning: Empty SBOM content')
+            self.print_stderr('Warning: Empty SBOM content provided')
+            return ''
+        # Check if SBOM has no components (empty scan results)
+        components = sbom_content.get('components', [])
+        if len(components) == 0:
+            self.print_msg('Notice: SBOM contains no components (empty scan results)')
         json_str = json.dumps(sbom_content, separators=(',', ':'))
         encoded = base64.b64encode(json_str.encode('utf-8')).decode('utf-8')
         return encoded

scanoss/inspection/dependency_track/project_violation.py

@@ -230,16 +230,34 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
         if not dt_project:
             self.print_stderr('Warning: No project details supplied. Returning False.')
             return False
-        last_import = dt_project.get('lastBomImport', 0)
-        last_vulnerability_analysis = dt_project.get('lastVulnerabilityAnalysis', 0)
+        
+        # Safely extract and normalise timestamp values to numeric types
+        def _safe_timestamp(field, value=None, default=0) -> float:
+            """Convert timestamp value to float, handling string/numeric types safely."""
+            if value is None:
+                return float(default)
+            try:
+                return float(value)
+            except (ValueError, TypeError):
+                self.print_stderr(f'Warning: Invalid timestamp for {field}, value: {value}, using default: {default}')
+                return float(default)
+        
+        last_import = _safe_timestamp('lastBomImport', dt_project.get('lastBomImport'), 0)
+        last_vulnerability_analysis = _safe_timestamp('lastVulnerabilityAnalysis',
+                                                      dt_project.get('lastVulnerabilityAnalysis'), 0
+                                                      )
         metrics = dt_project.get('metrics', {})
-        last_occurrence = metrics.get('lastOccurrence', 0) if isinstance(metrics, dict) else 0
+        last_occurrence = _safe_timestamp('lastOccurrence',
+                                          metrics.get('lastOccurrence', 0)
+                                          if isinstance(metrics, dict) else 0, 0
+                                          )
         if self.debug:
             self.print_msg(f'last_import: {last_import}')
             self.print_msg(f'last_vulnerability_analysis: {last_vulnerability_analysis}')
             self.print_msg(f'last_occurrence: {last_occurrence}')
             self.print_msg(f'last_vulnerability_analysis is updated: {last_vulnerability_analysis >= last_import}')
             self.print_msg(f'last_occurrence is updated: {last_occurrence >= last_import}')
+        # If all timestamps are zero, this indicates no processing has occurred
         if last_vulnerability_analysis == 0 or last_occurrence == 0 or last_import == 0:
             self.print_stderr(f'Warning: Some project data appears to be unset. Returning False: {dt_project}')
             return False
@@ -434,12 +452,16 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
             return PolicyStatus.ERROR.value
         # Get project violations from Dependency Track
         dt_project_violations = self.dep_track_service.get_project_violations(self.project_id)
+        # Handle case where service returns None (API error) vs empty list (no violations)
+        if dt_project_violations is None:
+            self.print_stderr('Error: Failed to retrieve project violations from Dependency Track')
+            return PolicyStatus.ERROR.value
         # Sort violations by priority and format output
         formatter = self._get_formatter()
         if formatter is None:
             self.print_stderr('Error: Invalid format specified.')
             return PolicyStatus.ERROR.value
-        # Format and output data
+        # Format and output data - handle empty results gracefully
         data = formatter(self._sort_project_violations(dt_project_violations))
         self.print_to_file_or_stdout(data['details'], self.output)
         self.print_to_file_or_stderr(data['summary'], self.status)

scanoss/services/dependency_track_service.py

@@ -97,6 +97,7 @@ class DependencyTrackService(ScanossBase):
         if not project_id:
             self.print_stderr('Error: Missing project id. Cannot search for project violations.')
             return None
+        # Return the result as-is - None indicates API failure, empty list means no violations
         return self.get_dep_track_data(f'{self.url}/api/v1/violation/project/{project_id}')
 
     def get_project_by_id(self, project_id:str):

scanoss/spdxlite.py

@@ -71,9 +71,12 @@ class SpdxLite:
         :param data: json - JSON object
         :return: summary dictionary
         """
-        if not data:
+        if data is None:
             self.print_stderr('ERROR: No JSON data provided to parse.')
             return None
+        if len(data) == 0:
+            self.print_debug('Warning: Empty scan results provided. Returning empty summary.')
+            return {}
 
         self.print_debug('Processing raw results into summary format...')
         return self._process_files(data)
@@ -277,9 +280,11 @@ class SpdxLite:
         :return: True if successful, False otherwise
         """
         raw_data = self.parse(data)
-        if not raw_data:
+        if raw_data is None:
             self.print_stderr('ERROR: No SPDX data returned for the JSON string provided.')
             return False
+        if len(raw_data) == 0:
+            self.print_debug('Warning: Empty scan results - generating minimal SPDX Lite document with no packages.')
 
         self.load_license_data()
         spdx_document = self._create_base_document(raw_data)

{scanoss-1.31.2.dist-info → scanoss-1.31.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scanoss
-Version: 1.31.2
+Version: 1.31.3
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.31.2.dist-info → scanoss-1.31.3.dist-info}/RECORD

@@ -4,13 +4,13 @@ protoc_gen_swagger/options/annotations_pb2.py,sha256=b25EDD6gssUWnFby9gxgcpLIROT
 protoc_gen_swagger/options/annotations_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
 protoc_gen_swagger/options/openapiv2_pb2.py,sha256=vYElGp8E1vGHszvWqX97zNG9GFJ7u2QcdK9ouq0XdyI,14939
 protoc_gen_swagger/options/openapiv2_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
-scanoss/__init__.py,sha256=cFt9OUu-aKYB4_uvkEER0rRsCyfmvCCF5AM57UVN-5g,1146
+scanoss/__init__.py,sha256=-rDryvJMuAssXozu_AP2VLfNxsIq3GScH_VO60elp-c,1146
 scanoss/cli.py,sha256=Hx8ay24LQJq7H1vIs5kKt8UX7OeFxGADY-3uPgNnzlw,91645
 scanoss/components.py,sha256=b0R9DdKuXqyQiw5nZZwjQ6NJXBr1U9gyx1RI2FP9ozA,14511
 scanoss/constants.py,sha256=On8mQ-8ardVMHSJ7WOJqeTvGXIOWPLCgUanjE7Wk-wE,351
 scanoss/cryptography.py,sha256=oj5HHgJk1e31dzQfB-5sIVmQVcUJMsP5DUPyP9QpPgQ,9806
-scanoss/csvoutput.py,sha256=qNKRwcChSkgIwLm00kZiVX6iHVQUF4Apl-sMbzJ5Taw,10192
-scanoss/cyclonedx.py,sha256=JeAeuj2KYaN72v_08j7b3ZyVOhjXhOHOW7DE3Byp0Wk,16986
+scanoss/csvoutput.py,sha256=3wdXPeIqZG84bCtXFh8fMZO3XodekeSx6RZXoOhZMFc,10551
+scanoss/cyclonedx.py,sha256=JHyFuGCqH3TVsJCOXihKgPplWSFo5xzqoV1q3SeElWE,17291
 scanoss/file_filters.py,sha256=VxfEBylliXReD07YczsHL0coiI3bdNPbfiLJt7GwPWs,20589
 scanoss/filecount.py,sha256=RZjKQ6M5P_RQg0_PMD2tsRe5Z8f98ke0sxYVjPDN8iQ,6538
 scanoss/results.py,sha256=47ZXXuU2sDjYa5vhtbWTmikit9jHhA0rsYKwkvZFI5w,9252
@@ -22,7 +22,7 @@ scanoss/scanossbase.py,sha256=Dkpwxa8NH8XN1iRl03NM_Mkvby0JQ4qfvCiiUrJ5ul0,3163
 scanoss/scanossgrpc.py,sha256=uwAp9CzA_t7oMXYo7o81j8kVgn8qSeTjA4b1Jj8hoL0,30011
 scanoss/scanpostprocessor.py,sha256=-JsThlxrU70r92GHykTMERnicdd-6jmwNsE4PH0MN2o,11063
 scanoss/scantype.py,sha256=gFmyVmKQpHWogN2iCmMj032e_sZo4T92xS3_EH5B3Tc,1310
-scanoss/spdxlite.py,sha256=MQqFgQhIO-yrbRwEAQS77HmRgP5GDxff-2JYLVoceA0,28946
+scanoss/spdxlite.py,sha256=sSEugYbtzgKB_hdFLPG6Q4rJBl01fhEU1QU_nXR0qhA,29247
 scanoss/threadeddependencies.py,sha256=CAeZnoYd3d1ayoRvfm_aVjYbaTDLsk6DMWDxkoBPvq0,9866
 scanoss/threadedscanning.py,sha256=38ryN_kZGpzmrd_hkuiY9Sb3tOG248canGCDQDmGEwI,9317
 scanoss/winnowing.py,sha256=RsR9jRTR3TzS1pEeKQ2RuYlIG8Q7RnUQFfgPLog6B-A,21679
@@ -57,15 +57,15 @@ scanoss/api/vulnerabilities/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSC
 scanoss/api/vulnerabilities/v2/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSCHhIDMJT4r0,1122
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py,sha256=CFhF80av8tenGvn9AIsGEtRJPuV2dC_syA5JLZb2lDw,5464
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py,sha256=HlS4k4Zmx6RIAqaO9I96jD-eyF5yU6Xx04pVm7pdqOg,6864
-scanoss/data/build_date.txt,sha256=3pVDHRaR6Bp2Dl2p7In03mJ7Tn73XmOFlHhDDTOSVaU,40
+scanoss/data/build_date.txt,sha256=2tCxoRbQknMo5kAyoXwYD0J0x61ovZ4bAjZlzX7WBc4,40
 scanoss/data/scanoss-settings-schema.json,sha256=ClkRYAkjAN0Sk704G8BE_Ok006oQ6YnIGmX84CF8h9w,8798
 scanoss/data/spdx-exceptions.json,sha256=s7UTYxC7jqQXr11YBlIWYCNwN6lRDFTR33Y8rpN_dA4,17953
 scanoss/data/spdx-licenses.json,sha256=A6Z0q82gaTLtnopBfzeIVZjJFxkdRW1g2TuumQc-lII,228794
 scanoss/export/__init__.py,sha256=D4C0lWLuNp8k_BjQZEc07WZcUgAvriVwQWOk063b0ZU,1122
-scanoss/export/dependency_track.py,sha256=-jQdwiBGoTYz8r7jljB33XK4tSQrd1jNuDH3V8QHaiQ,9001
+scanoss/export/dependency_track.py,sha256=A_xQH6_r9xL_fth1Wr770GCTRFVyn7XcUPfVUsXp4-w,9271
 scanoss/inspection/__init__.py,sha256=D4C0lWLuNp8k_BjQZEc07WZcUgAvriVwQWOk063b0ZU,1122
 scanoss/inspection/policy_check.py,sha256=JOJko_QVB7_6I8VQiGFJmOmJheN5jlwtpGOS2kBMMCo,9756
-scanoss/inspection/dependency_track/project_violation.py,sha256=OzQSyN_diOCvFHFBk8AGZJBnxMcfediU5al_Wbh9l8E,18778
+scanoss/inspection/dependency_track/project_violation.py,sha256=p_azHUesYuKqEMYjj7JV8lC2BSwS2tRp5hJVg6NrILQ,20094
 scanoss/inspection/raw/component_summary.py,sha256=J4DDGNg9WIxIaTeblk6u4tmtMf4veXDesuC4rmpHNkM,4090
 scanoss/inspection/raw/copyleft.py,sha256=xAKIYROUG-F9SbPs3iIDmTg8yqovh3NVZNni4-byd68,9324
 scanoss/inspection/raw/license_summary.py,sha256=m5JVcqnqViPLrwHI5-XCpIEQzUiKtnhFC3FWhfM0T00,5823
@@ -77,15 +77,15 @@ scanoss/scanners/container_scanner.py,sha256=fOrb64owrstX7LnTuxiIan059YgLeKXeBS6
 scanoss/scanners/folder_hasher.py,sha256=-qvTtMC0iPj7zS8nMSZZJyt9d62MeQIK0LcrNDkt7yc,12267
 scanoss/scanners/scanner_config.py,sha256=egG7cw3S2akU-D9M1aLE5jLrfz_c8e7_DIotMnnpM84,2601
 scanoss/scanners/scanner_hfh.py,sha256=OvayCIq_a5iJwv7H7OCdB9K0vI9oxAz9UvgGfg7xrLU,8392
-scanoss/services/dependency_track_service.py,sha256=K0dUXSiVf8NAUOfZcKORqdJJl7fW-08nbndSimlLq8Y,4967
+scanoss/services/dependency_track_service.py,sha256=L89cwX1uweUfuFFg10kx2eVJbS9e5_OZefkw1h4SRN8,5062
 scanoss/utils/__init__.py,sha256=0hjb5ktavp7utJzFhGMPImPaZiHWgilM2HwvTp5lXJE,1122
 scanoss/utils/abstract_presenter.py,sha256=teiDTxBj5jBMCk2T8i4l1BJPf_u4zBLWrtCTFHSSECM,3148
 scanoss/utils/crc64.py,sha256=TMrwQimSdE6imhFOUL7oAG6Kxu-8qMpGWMuMg8QpSVs,3169
 scanoss/utils/file.py,sha256=62cA9a17TU9ZvfA3FY5HY4-QOajJeSrc8S6xLA_f-3M,2980
 scanoss/utils/simhash.py,sha256=6iu8DOcecPAY36SZjCOzrrLMT9oIE7-gI6QuYwUQ7B0,5793
-scanoss-1.31.2.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
-scanoss-1.31.2.dist-info/METADATA,sha256=QXcsd5657eJirhyXK3vIFTIXjuaLVErjnx4ZuDgomv0,6108
-scanoss-1.31.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scanoss-1.31.2.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
-scanoss-1.31.2.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
-scanoss-1.31.2.dist-info/RECORD,,
+scanoss-1.31.3.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
+scanoss-1.31.3.dist-info/METADATA,sha256=bIPN0AvLiMRacepK5dGbiL-YLoHA5fQF1fmZLcueI0k,6108
+scanoss-1.31.3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scanoss-1.31.3.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
+scanoss-1.31.3.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
+scanoss-1.31.3.dist-info/RECORD,,