scanoss 1.31.3__py3-none-any.whl → 1.31.5__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. scanoss/__init__.py +1 -1
  2. scanoss/api/common/v2/scanoss_common_pb2.py +47 -22
  3. scanoss/api/common/v2/scanoss_common_pb2_grpc.py +20 -0
  4. scanoss/api/components/v2/scanoss_components_pb2.py +54 -43
  5. scanoss/api/components/v2/scanoss_components_pb2_grpc.py +77 -16
  6. scanoss/api/cryptography/v2/scanoss_cryptography_pb2.py +58 -47
  7. scanoss/api/cryptography/v2/scanoss_cryptography_pb2_grpc.py +105 -24
  8. scanoss/api/dependencies/v2/scanoss_dependencies_pb2.py +48 -37
  9. scanoss/api/dependencies/v2/scanoss_dependencies_pb2_grpc.py +63 -12
  10. scanoss/api/geoprovenance/v2/scanoss_geoprovenance_pb2.py +42 -31
  11. scanoss/api/geoprovenance/v2/scanoss_geoprovenance_pb2_grpc.py +63 -12
  12. scanoss/api/licenses/__init__.py +23 -0
  13. scanoss/api/licenses/v2/__init__.py +23 -0
  14. scanoss/api/licenses/v2/scanoss_licenses_pb2.py +84 -0
  15. scanoss/api/licenses/v2/scanoss_licenses_pb2_grpc.py +302 -0
  16. scanoss/api/scanning/v2/scanoss_scanning_pb2.py +30 -19
  17. scanoss/api/scanning/v2/scanoss_scanning_pb2_grpc.py +49 -8
  18. scanoss/api/semgrep/v2/scanoss_semgrep_pb2.py +34 -23
  19. scanoss/api/semgrep/v2/scanoss_semgrep_pb2_grpc.py +49 -8
  20. scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py +78 -31
  21. scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py +282 -18
  22. scanoss/cli.py +4 -3
  23. scanoss/data/build_date.txt +1 -1
  24. scanoss/inspection/dependency_track/project_violation.py +16 -9
  25. scanoss/services/dependency_track_service.py +1 -1
  26. scanoss/threadeddependencies.py +19 -18
  27. {scanoss-1.31.3.dist-info → scanoss-1.31.5.dist-info}/METADATA +2 -1
  28. {scanoss-1.31.3.dist-info → scanoss-1.31.5.dist-info}/RECORD +32 -28
  29. {scanoss-1.31.3.dist-info → scanoss-1.31.5.dist-info}/WHEEL +0 -0
  30. {scanoss-1.31.3.dist-info → scanoss-1.31.5.dist-info}/entry_points.txt +0 -0
  31. {scanoss-1.31.3.dist-info → scanoss-1.31.5.dist-info}/licenses/LICENSE +0 -0
  32. {scanoss-1.31.3.dist-info → scanoss-1.31.5.dist-info}/top_level.txt +0 -0
scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py CHANGED
@@ -1,14 +1,34 @@
1
1
  # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
2
2
  """Client and server classes corresponding to protobuf-defined services."""
3
3
  import grpc
4
+ import warnings
4
5
 
5
6
  from scanoss.api.common.v2 import scanoss_common_pb2 as scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2
6
7
  from scanoss.api.vulnerabilities.v2 import scanoss_vulnerabilities_pb2 as scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2
7
8
 
9
+ GRPC_GENERATED_VERSION = '1.73.1'
10
+ GRPC_VERSION = grpc.__version__
11
+ _version_not_supported = False
12
+
13
+ try:
14
+ from grpc._utilities import first_version_is_lower
15
+ _version_not_supported = first_version_is_lower(GRPC_VERSION, GRPC_GENERATED_VERSION)
16
+ except ImportError:
17
+ _version_not_supported = True
18
+
19
+ if _version_not_supported:
20
+ raise RuntimeError(
21
+ f'The grpc package installed is at version {GRPC_VERSION},'
22
+ + f' but the generated code in scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py depends on'
23
+ + f' grpcio>={GRPC_GENERATED_VERSION}.'
24
+ + f' Please upgrade your grpc module to grpcio>={GRPC_GENERATED_VERSION}'
25
+ + f' or downgrade your generated code using grpcio-tools<={GRPC_VERSION}.'
26
+ )
27
+
8
28
 
9
29
  class VulnerabilitiesStub(object):
10
30
  """
11
- Expose all of the SCANOSS Vulnerability RPCs here
31
+ Vulnerability Service Definition
12
32
  """
13
33
 
14
34
  def __init__(self, channel):
@@ -21,40 +41,125 @@ class VulnerabilitiesStub(object):
21
41
  '/scanoss.api.vulnerabilities.v2.Vulnerabilities/Echo',
22
42
  request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoRequest.SerializeToString,
23
43
  response_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoResponse.FromString,
24
- )
44
+ _registered_method=True)
25
45
  self.GetCpes = channel.unary_unary(
26
46
  '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetCpes',
27
47
  request_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.SerializeToString,
28
48
  response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.CpeResponse.FromString,
29
- )
49
+ _registered_method=True)
50
+ self.GetComponentCpes = channel.unary_unary(
51
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentCpes',
52
+ request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.SerializeToString,
53
+ response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentCpesResponse.FromString,
54
+ _registered_method=True)
55
+ self.GetComponentsCpes = channel.unary_unary(
56
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentsCpes',
57
+ request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.SerializeToString,
58
+ response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsCpesResponse.FromString,
59
+ _registered_method=True)
30
60
  self.GetVulnerabilities = channel.unary_unary(
31
61
  '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetVulnerabilities',
32
62
  request_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.SerializeToString,
33
63
  response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityResponse.FromString,
34
- )
64
+ _registered_method=True)
65
+ self.GetComponentVulnerabilities = channel.unary_unary(
66
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentVulnerabilities',
67
+ request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.SerializeToString,
68
+ response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentVulnerabilityResponse.FromString,
69
+ _registered_method=True)
70
+ self.GetComponentsVulnerabilities = channel.unary_unary(
71
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentsVulnerabilities',
72
+ request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.SerializeToString,
73
+ response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsVulnerabilityResponse.FromString,
74
+ _registered_method=True)
35
75
 
36
76
 
37
77
  class VulnerabilitiesServicer(object):
38
78
  """
39
- Expose all of the SCANOSS Vulnerability RPCs here
79
+ Vulnerability Service Definition
40
80
  """
41
81
 
42
82
  def Echo(self, request, context):
43
- """Standard echo
83
+ """
84
+ Returns the same message that was sent, used for health checks and connectivity testing
44
85
  """
45
86
  context.set_code(grpc.StatusCode.UNIMPLEMENTED)
46
87
  context.set_details('Method not implemented!')
47
88
  raise NotImplementedError('Method not implemented!')
48
89
 
49
90
  def GetCpes(self, request, context):
50
- """Get CPEs associated with a PURL
91
+ """
92
+ Get CPEs (Common Platform Enumeration) associated with a PURL - legacy endpoint.
93
+
94
+ Legacy method for retrieving Common Platform Enumeration identifiers
95
+ associated with software components. Use GetComponentCpes instead.
96
+ """
97
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
98
+ context.set_details('Method not implemented!')
99
+ raise NotImplementedError('Method not implemented!')
100
+
101
+ def GetComponentCpes(self, request, context):
102
+ """
103
+ Get CPEs (Common Platform Enumeration) associated with a single software component.
104
+
105
+ Returns Common Platform Enumeration identifiers that match the specified component.
106
+ CPEs are used to identify IT platforms in vulnerability databases and enable
107
+ vulnerability scanning and assessment.
108
+
109
+ See: https://github.com/scanoss/papi/blob/main/protobuf/scanoss/api/vulnerabilities/v2/README.md?tab=readme-ov-file#getcomponentcpes
110
+ """
111
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
112
+ context.set_details('Method not implemented!')
113
+ raise NotImplementedError('Method not implemented!')
114
+
115
+ def GetComponentsCpes(self, request, context):
116
+ """
117
+ Get CPEs (Common Platform Enumeration) associated with multiple software components.
118
+
119
+ Returns Common Platform Enumeration identifiers for multiple components in a single request.
120
+ CPEs are used to identify IT platforms in vulnerability databases and enable
121
+ vulnerability scanning and assessment.
122
+
123
+ See: https://github.com/scanoss/papi/blob/main/protobuf/scanoss/api/vulnerabilities/v2/README.md?tab=readme-ov-file#getcomponentscpes
51
124
  """
52
125
  context.set_code(grpc.StatusCode.UNIMPLEMENTED)
53
126
  context.set_details('Method not implemented!')
54
127
  raise NotImplementedError('Method not implemented!')
55
128
 
56
129
  def GetVulnerabilities(self, request, context):
57
- """Get vulnerability details
130
+ """
131
+ Get vulnerability details - legacy endpoint.
132
+
133
+ Legacy method for retrieving vulnerability information for software components.
134
+ Use GetComponentVulnerabilities or GetComponentsVulnerabilities instead.
135
+ """
136
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
137
+ context.set_details('Method not implemented!')
138
+ raise NotImplementedError('Method not implemented!')
139
+
140
+ def GetComponentVulnerabilities(self, request, context):
141
+ """
142
+ Get vulnerability information for a single software component.
143
+
144
+ Analyzes the component and returns known vulnerabilities including CVE details,
145
+ severity scores, publication dates, and other security metadata.
146
+ Vulnerability data is sourced from various security databases and feeds.
147
+
148
+ See: https://github.com/scanoss/papi/blob/main/protobuf/scanoss/api/vulnerabilities/v2/README.md?tab=readme-ov-file#getcomponentvulnerabilities
149
+ """
150
+ context.set_code(grpc.StatusCode.UNIMPLEMENTED)
151
+ context.set_details('Method not implemented!')
152
+ raise NotImplementedError('Method not implemented!')
153
+
154
+ def GetComponentsVulnerabilities(self, request, context):
155
+ """
156
+ Get vulnerability information for multiple software components in a single request.
157
+
158
+ Analyzes multiple components and returns known vulnerabilities for each including CVE details,
159
+ severity scores, publication dates, and other security metadata.
160
+ Vulnerability data is sourced from various security databases and feeds.
161
+
162
+ See: https://github.com/scanoss/papi/blob/main/protobuf/scanoss/api/vulnerabilities/v2/README.md?tab=readme-ov-file#getcomponentsvulnerabilities
58
163
  """
59
164
  context.set_code(grpc.StatusCode.UNIMPLEMENTED)
60
165
  context.set_details('Method not implemented!')
@@ -73,21 +178,42 @@ def add_VulnerabilitiesServicer_to_server(servicer, server):
73
178
  request_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.FromString,
74
179
  response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.CpeResponse.SerializeToString,
75
180
  ),
181
+ 'GetComponentCpes': grpc.unary_unary_rpc_method_handler(
182
+ servicer.GetComponentCpes,
183
+ request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.FromString,
184
+ response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentCpesResponse.SerializeToString,
185
+ ),
186
+ 'GetComponentsCpes': grpc.unary_unary_rpc_method_handler(
187
+ servicer.GetComponentsCpes,
188
+ request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.FromString,
189
+ response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsCpesResponse.SerializeToString,
190
+ ),
76
191
  'GetVulnerabilities': grpc.unary_unary_rpc_method_handler(
77
192
  servicer.GetVulnerabilities,
78
193
  request_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.FromString,
79
194
  response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityResponse.SerializeToString,
80
195
  ),
196
+ 'GetComponentVulnerabilities': grpc.unary_unary_rpc_method_handler(
197
+ servicer.GetComponentVulnerabilities,
198
+ request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.FromString,
199
+ response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentVulnerabilityResponse.SerializeToString,
200
+ ),
201
+ 'GetComponentsVulnerabilities': grpc.unary_unary_rpc_method_handler(
202
+ servicer.GetComponentsVulnerabilities,
203
+ request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.FromString,
204
+ response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsVulnerabilityResponse.SerializeToString,
205
+ ),
81
206
  }
82
207
  generic_handler = grpc.method_handlers_generic_handler(
83
208
  'scanoss.api.vulnerabilities.v2.Vulnerabilities', rpc_method_handlers)
84
209
  server.add_generic_rpc_handlers((generic_handler,))
210
+ server.add_registered_method_handlers('scanoss.api.vulnerabilities.v2.Vulnerabilities', rpc_method_handlers)
85
211
 
86
212
 
87
213
  # This class is part of an EXPERIMENTAL API.
88
214
  class Vulnerabilities(object):
89
215
  """
90
- Expose all of the SCANOSS Vulnerability RPCs here
216
+ Vulnerability Service Definition
91
217
  """
92
218
 
93
219
  @staticmethod
@@ -101,11 +227,21 @@ class Vulnerabilities(object):
101
227
  wait_for_ready=None,
102
228
  timeout=None,
103
229
  metadata=None):
104
- return grpc.experimental.unary_unary(request, target, '/scanoss.api.vulnerabilities.v2.Vulnerabilities/Echo',
230
+ return grpc.experimental.unary_unary(
231
+ request,
232
+ target,
233
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/Echo',
105
234
  scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoRequest.SerializeToString,
106
235
  scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoResponse.FromString,
107
- options, channel_credentials,
108
- insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
236
+ options,
237
+ channel_credentials,
238
+ insecure,
239
+ call_credentials,
240
+ compression,
241
+ wait_for_ready,
242
+ timeout,
243
+ metadata,
244
+ _registered_method=True)
109
245
 
110
246
  @staticmethod
111
247
  def GetCpes(request,
@@ -118,11 +254,75 @@ class Vulnerabilities(object):
118
254
  wait_for_ready=None,
119
255
  timeout=None,
120
256
  metadata=None):
121
- return grpc.experimental.unary_unary(request, target, '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetCpes',
257
+ return grpc.experimental.unary_unary(
258
+ request,
259
+ target,
260
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetCpes',
122
261
  scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.SerializeToString,
123
262
  scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.CpeResponse.FromString,
124
- options, channel_credentials,
125
- insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
263
+ options,
264
+ channel_credentials,
265
+ insecure,
266
+ call_credentials,
267
+ compression,
268
+ wait_for_ready,
269
+ timeout,
270
+ metadata,
271
+ _registered_method=True)
272
+
273
+ @staticmethod
274
+ def GetComponentCpes(request,
275
+ target,
276
+ options=(),
277
+ channel_credentials=None,
278
+ call_credentials=None,
279
+ insecure=False,
280
+ compression=None,
281
+ wait_for_ready=None,
282
+ timeout=None,
283
+ metadata=None):
284
+ return grpc.experimental.unary_unary(
285
+ request,
286
+ target,
287
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentCpes',
288
+ scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.SerializeToString,
289
+ scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentCpesResponse.FromString,
290
+ options,
291
+ channel_credentials,
292
+ insecure,
293
+ call_credentials,
294
+ compression,
295
+ wait_for_ready,
296
+ timeout,
297
+ metadata,
298
+ _registered_method=True)
299
+
300
+ @staticmethod
301
+ def GetComponentsCpes(request,
302
+ target,
303
+ options=(),
304
+ channel_credentials=None,
305
+ call_credentials=None,
306
+ insecure=False,
307
+ compression=None,
308
+ wait_for_ready=None,
309
+ timeout=None,
310
+ metadata=None):
311
+ return grpc.experimental.unary_unary(
312
+ request,
313
+ target,
314
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentsCpes',
315
+ scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.SerializeToString,
316
+ scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsCpesResponse.FromString,
317
+ options,
318
+ channel_credentials,
319
+ insecure,
320
+ call_credentials,
321
+ compression,
322
+ wait_for_ready,
323
+ timeout,
324
+ metadata,
325
+ _registered_method=True)
126
326
 
127
327
  @staticmethod
128
328
  def GetVulnerabilities(request,
@@ -135,8 +335,72 @@ class Vulnerabilities(object):
135
335
  wait_for_ready=None,
136
336
  timeout=None,
137
337
  metadata=None):
138
- return grpc.experimental.unary_unary(request, target, '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetVulnerabilities',
338
+ return grpc.experimental.unary_unary(
339
+ request,
340
+ target,
341
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetVulnerabilities',
139
342
  scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.SerializeToString,
140
343
  scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityResponse.FromString,
141
- options, channel_credentials,
142
- insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
344
+ options,
345
+ channel_credentials,
346
+ insecure,
347
+ call_credentials,
348
+ compression,
349
+ wait_for_ready,
350
+ timeout,
351
+ metadata,
352
+ _registered_method=True)
353
+
354
+ @staticmethod
355
+ def GetComponentVulnerabilities(request,
356
+ target,
357
+ options=(),
358
+ channel_credentials=None,
359
+ call_credentials=None,
360
+ insecure=False,
361
+ compression=None,
362
+ wait_for_ready=None,
363
+ timeout=None,
364
+ metadata=None):
365
+ return grpc.experimental.unary_unary(
366
+ request,
367
+ target,
368
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentVulnerabilities',
369
+ scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.SerializeToString,
370
+ scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentVulnerabilityResponse.FromString,
371
+ options,
372
+ channel_credentials,
373
+ insecure,
374
+ call_credentials,
375
+ compression,
376
+ wait_for_ready,
377
+ timeout,
378
+ metadata,
379
+ _registered_method=True)
380
+
381
+ @staticmethod
382
+ def GetComponentsVulnerabilities(request,
383
+ target,
384
+ options=(),
385
+ channel_credentials=None,
386
+ call_credentials=None,
387
+ insecure=False,
388
+ compression=None,
389
+ wait_for_ready=None,
390
+ timeout=None,
391
+ metadata=None):
392
+ return grpc.experimental.unary_unary(
393
+ request,
394
+ target,
395
+ '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentsVulnerabilities',
396
+ scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.SerializeToString,
397
+ scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsVulnerabilityResponse.FromString,
398
+ options,
399
+ channel_credentials,
400
+ insecure,
401
+ call_credentials,
402
+ compression,
403
+ wait_for_ready,
404
+ timeout,
405
+ metadata,
406
+ _registered_method=True)
scanoss/cli.py CHANGED
@@ -796,14 +796,15 @@ def setup_args() -> None: # noqa: PLR0912, PLR0915
796
796
  p_inspect_dt_project_violation.add_argument(
797
797
  '--format', '-f',
798
798
  required=False,
799
- choices=['json', 'md'],
799
+ choices=['json', 'md', 'jira_md'],
800
800
  default='json',
801
- help='Output format: json (default) or md (Markdown)'
801
+ help='Output format: json (default), md (Markdown) or jira_md (JIRA Markdown)'
802
802
  )
803
803
  p_inspect_dt_project_violation.add_argument(
804
804
  '--timeout', '-M',
805
805
  required=False,
806
- default='300',
806
+ default=300,
807
+ type=float,
807
808
  help='Timeout (in seconds) for API communication (optional - default 300 sec)'
808
809
  )
809
810
 
scanoss/data/build_date.txt CHANGED
@@ -1 +1 @@
1
- date: 20250819171726, utime: 1755623846
1
+ date: 20250827093647, utime: 1756287407
scanoss/inspection/dependency_track/project_violation.py CHANGED
@@ -31,10 +31,9 @@ from ..policy_check import PolicyCheck, PolicyStatus
31
31
 
32
32
  # Constants
33
33
  PROCESSING_RETRY_DELAY = 5 # seconds
34
- DEFAULT_TIME_OUT = 300
34
+ DEFAULT_TIME_OUT = 300.0
35
35
  MILLISECONDS_TO_SECONDS = 1000
36
36
 
37
-
38
37
  """
39
38
  Dependency Track project violation policy check implementation.
40
39
 
@@ -43,6 +42,7 @@ It retrieves, processes, and formats policy violations from a Dependency Track i
43
42
  for a specific project.
44
43
  """
45
44
 
45
+
46
46
  class ResolvedLicenseDict(TypedDict):
47
47
  """TypedDict for resolved license information from Dependency Track."""
48
48
  uuid: str
@@ -125,7 +125,7 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
125
125
  This class handles retrieving, processing, and formatting policy violations
126
126
  from a Dependency Track instance for a specific project.
127
127
  """
128
-
128
+
129
129
  def __init__( # noqa: PLR0913
130
130
  self,
131
131
  debug: bool = False,
@@ -161,13 +161,13 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
161
161
  timeout: Timeout for processing in seconds (default: 300)
162
162
  """
163
163
  super().__init__(debug, trace, quiet, format_type, status, 'dependency-track', output)
164
- self.url = url
165
164
  self.api_key = api_key
166
165
  self.project_id = project_id
167
166
  self.project_name = project_name
168
167
  self.project_version = project_version
169
168
  self.upload_token = upload_token
170
169
  self.timeout = timeout
170
+ self.url = url.strip().rstrip('/') if url else None
171
171
  self.dep_track_service = DependencyTrackService(self.api_key, self.url, debug=debug, trace=trace, quiet=quiet)
172
172
 
173
173
  def _json(self, project_violations: list[PolicyViolationDict]) -> Dict[str, Any]:
@@ -230,7 +230,7 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
230
230
  if not dt_project:
231
231
  self.print_stderr('Warning: No project details supplied. Returning False.')
232
232
  return False
233
-
233
+
234
234
  # Safely extract and normalise timestamp values to numeric types
235
235
  def _safe_timestamp(field, value=None, default=0) -> float:
236
236
  """Convert timestamp value to float, handling string/numeric types safely."""
@@ -241,7 +241,7 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
241
241
  except (ValueError, TypeError):
242
242
  self.print_stderr(f'Warning: Invalid timestamp for {field}, value: {value}, using default: {default}')
243
243
  return float(default)
244
-
244
+
245
245
  last_import = _safe_timestamp('lastBomImport', dt_project.get('lastBomImport'), 0)
246
246
  last_vulnerability_analysis = _safe_timestamp('lastVulnerabilityAnalysis',
247
247
  dt_project.get('lastVulnerabilityAnalysis'), 0
@@ -257,6 +257,12 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
257
257
  self.print_msg(f'last_occurrence: {last_occurrence}')
258
258
  self.print_msg(f'last_vulnerability_analysis is updated: {last_vulnerability_analysis >= last_import}')
259
259
  self.print_msg(f'last_occurrence is updated: {last_occurrence >= last_import}')
260
+ # Catches case where vulnerability analysis is skipped for empty SBOMs
261
+ if 0 < last_import <= last_occurrence:
262
+ component_count = metrics.get('components', 0) if isinstance(metrics, dict) else 0
263
+ if component_count < 1:
264
+ self.print_msg('Notice: Empty SBOM detected. Assuming no violations.')
265
+ return True
260
266
  # If all timestamps are zero, this indicates no processing has occurred
261
267
  if last_vulnerability_analysis == 0 or last_occurrence == 0 or last_import == 0:
262
268
  self.print_stderr(f'Warning: Some project data appears to be unset. Returning False: {dt_project}')
@@ -366,7 +372,7 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
366
372
  """
367
373
  type_priority = {'SECURITY': 3, 'LICENSE': 2, 'OTHER': 1}
368
374
  return sorted(
369
- violations,
375
+ violations,
370
376
  key=lambda x: -type_priority.get(x.get('type', 'OTHER'), 1)
371
377
  )
372
378
 
@@ -418,8 +424,9 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
418
424
  rows.append(row)
419
425
  # End for loop
420
426
  return {
421
- "details": f'### Dependency Track Project Violations\n{table_generator(headers, rows, c_cols)}\n',
422
- "summary": f'{len(project_violations)} policy violations were found.\n',
427
+ "details": f'### Dependency Track Project Violations\n{table_generator(headers, rows, c_cols)}\n\n'
428
+ f'View project in Dependency Track [here]({self.url}/projects/{self.project_id}).\n',
429
+ "summary": f'{len(project_violations)} policy violations were found.\n'
423
430
  }
424
431
 
425
432
  def run(self) -> int:
scanoss/services/dependency_track_service.py CHANGED
@@ -41,7 +41,7 @@ class DependencyTrackService(ScanossBase):
41
41
  super().__init__(debug=debug, trace=trace, quiet=quiet)
42
42
  if not url:
43
43
  raise ValueError("Error: Dependency Track URL is required")
44
- self.url = url.rstrip('/')
44
+ self.url = url.strip().rstrip('/')
45
45
  if not api_key:
46
46
  raise ValueError("Error: Dependency Track API key is required")
47
47
  self.api_key = api_key
scanoss/threadeddependencies.py CHANGED
@@ -22,12 +22,12 @@ SPDX-License-Identifier: MIT
22
22
  THE SOFTWARE.
23
23
  """
24
24
 
25
- import threading
26
- import queue
27
25
  import json
28
- from enum import Enum
29
- from typing import Dict, Optional, Set
26
+ import queue
27
+ import threading
30
28
  from dataclasses import dataclass
29
+ from enum import Enum
30
+ from typing import Dict
31
31
 
32
32
  from .scancodedeps import ScancodeDeps
33
33
  from .scanossbase import ScanossBase
@@ -63,7 +63,7 @@ class ThreadedDependencies(ScanossBase):
63
63
  inputs: queue.Queue = queue.Queue()
64
64
  output: queue.Queue = queue.Queue()
65
65
 
66
- def __init__(
66
+ def __init__( # noqa: PLR0913
67
67
  self,
68
68
  sc_deps: ScancodeDeps,
69
69
  grpc_api: ScanossGrpc,
@@ -180,13 +180,15 @@ class ThreadedDependencies(ScanossBase):
180
180
  return self.filter_dependencies(
181
181
  deps, lambda purl: (exclude and purl not in exclude) or (not exclude and purl in include)
182
182
  )
183
+ return None
183
184
 
184
- def scan_dependencies(
185
+ def scan_dependencies( # noqa: PLR0912
185
186
  self, dep_scope: SCOPE = None, dep_scope_include: str = None, dep_scope_exclude: str = None
186
187
  ) -> None:
187
188
  """
188
189
  Scan for dependencies from the given file/dir or from an input file (from the input queue).
189
190
  """
191
+ # TODO refactor to simplify branches based on PLR0912
190
192
  current_thread = threading.get_ident()
191
193
  self.print_trace(f'Starting dependency worker {current_thread}...')
192
194
  try:
@@ -194,18 +196,17 @@ class ThreadedDependencies(ScanossBase):
194
196
  deps = None
195
197
  if what_to_scan.startswith(DEP_FILE_PREFIX): # We have a pre-parsed dependency file, load it
196
198
  deps = self.sc_deps.load_from_file(what_to_scan.strip(DEP_FILE_PREFIX))
197
- else: # Search the file/folder for dependency files to parse
198
- if not self.sc_deps.run_scan(what_to_scan=what_to_scan):
199
- self._errors = True
200
- else:
201
- deps = self.sc_deps.produce_from_file()
202
- if dep_scope is not None:
203
- self.print_debug(f'Filtering {dep_scope.name} dependencies')
204
- if dep_scope_include is not None:
205
- self.print_debug(f"Including dependencies with '{dep_scope_include.split(',')}' scopes")
206
- if dep_scope_exclude is not None:
207
- self.print_debug(f"Excluding dependencies with '{dep_scope_exclude.split(',')}' scopes")
208
- deps = self.filter_dependencies_by_scopes(deps, dep_scope, dep_scope_include, dep_scope_exclude)
199
+ elif not self.sc_deps.run_scan(what_to_scan=what_to_scan):
200
+ self._errors = True
201
+ else:
202
+ deps = self.sc_deps.produce_from_file()
203
+ if dep_scope is not None:
204
+ self.print_debug(f'Filtering {dep_scope.name} dependencies')
205
+ if dep_scope_include is not None:
206
+ self.print_debug(f"Including dependencies with '{dep_scope_include.split(',')}' scopes")
207
+ if dep_scope_exclude is not None:
208
+ self.print_debug(f"Excluding dependencies with '{dep_scope_exclude.split(',')}' scopes")
209
+ deps = self.filter_dependencies_by_scopes(deps, dep_scope, dep_scope_include, dep_scope_exclude)
209
210
 
210
211
  if not self._errors:
211
212
  if deps is None:
{scanoss-1.31.3.dist-info → scanoss-1.31.5.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: scanoss
3
- Version: 1.31.3
3
+ Version: 1.31.5
4
4
  Summary: Simple Python library to leverage the SCANOSS APIs
5
5
  Home-page: https://scanoss.com
6
6
  Author: SCANOSS
@@ -30,6 +30,7 @@ Requires-Dist: packageurl-python
30
30
  Requires-Dist: pathspec
31
31
  Requires-Dist: jsonschema
32
32
  Requires-Dist: crc
33
+ Requires-Dist: protoc-gen-openapiv2
33
34
  Requires-Dist: cyclonedx-python-lib[validation]
34
35
  Provides-Extra: fast-winnowing
35
36
  Requires-Dist: scanoss_winnowing>=0.5.0; extra == "fast-winnowing"