scanoss 1.31.4__py3-none-any.whl → 1.32.0__py3-none-any.whl

scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py

@@ -1,14 +1,34 @@
 # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
 """Client and server classes corresponding to protobuf-defined services."""
 import grpc
+import warnings
 
 from scanoss.api.common.v2 import scanoss_common_pb2 as scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2
 from scanoss.api.vulnerabilities.v2 import scanoss_vulnerabilities_pb2 as scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2
 
+GRPC_GENERATED_VERSION = '1.73.1'
+GRPC_VERSION = grpc.__version__
+_version_not_supported = False
+
+try:
+    from grpc._utilities import first_version_is_lower
+    _version_not_supported = first_version_is_lower(GRPC_VERSION, GRPC_GENERATED_VERSION)
+except ImportError:
+    _version_not_supported = True
+
+if _version_not_supported:
+    raise RuntimeError(
+        f'The grpc package installed is at version {GRPC_VERSION},'
+        + f' but the generated code in scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py depends on'
+        + f' grpcio>={GRPC_GENERATED_VERSION}.'
+        + f' Please upgrade your grpc module to grpcio>={GRPC_GENERATED_VERSION}'
+        + f' or downgrade your generated code using grpcio-tools<={GRPC_VERSION}.'
+    )
+
 
 class VulnerabilitiesStub(object):
     """
-    Expose all of the SCANOSS Vulnerability RPCs here
+    Vulnerability Service Definition
     """
 
     def __init__(self, channel):
@@ -21,40 +41,125 @@ class VulnerabilitiesStub(object):
                 '/scanoss.api.vulnerabilities.v2.Vulnerabilities/Echo',
                 request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoRequest.SerializeToString,
                 response_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoResponse.FromString,
-                )
+                _registered_method=True)
         self.GetCpes = channel.unary_unary(
                 '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetCpes',
                 request_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.SerializeToString,
                 response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.CpeResponse.FromString,
-                )
+                _registered_method=True)
+        self.GetComponentCpes = channel.unary_unary(
+                '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentCpes',
+                request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.SerializeToString,
+                response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentCpesResponse.FromString,
+                _registered_method=True)
+        self.GetComponentsCpes = channel.unary_unary(
+                '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentsCpes',
+                request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.SerializeToString,
+                response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsCpesResponse.FromString,
+                _registered_method=True)
         self.GetVulnerabilities = channel.unary_unary(
                 '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetVulnerabilities',
                 request_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.SerializeToString,
                 response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityResponse.FromString,
-                )
+                _registered_method=True)
+        self.GetComponentVulnerabilities = channel.unary_unary(
+                '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentVulnerabilities',
+                request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.SerializeToString,
+                response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentVulnerabilityResponse.FromString,
+                _registered_method=True)
+        self.GetComponentsVulnerabilities = channel.unary_unary(
+                '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentsVulnerabilities',
+                request_serializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.SerializeToString,
+                response_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsVulnerabilityResponse.FromString,
+                _registered_method=True)
 
 
 class VulnerabilitiesServicer(object):
     """
-    Expose all of the SCANOSS Vulnerability RPCs here
+    Vulnerability Service Definition
     """
 
     def Echo(self, request, context):
-        """Standard echo
+        """
+        Returns the same message that was sent, used for health checks and connectivity testing
         """
         context.set_code(grpc.StatusCode.UNIMPLEMENTED)
         context.set_details('Method not implemented!')
         raise NotImplementedError('Method not implemented!')
 
     def GetCpes(self, request, context):
-        """Get CPEs associated with a PURL
+        """
+        Get CPEs (Common Platform Enumeration) associated with a PURL - legacy endpoint.
+
+        Legacy method for retrieving Common Platform Enumeration identifiers
+        associated with software components. Use GetComponentCpes instead.
+        """
+        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+        context.set_details('Method not implemented!')
+        raise NotImplementedError('Method not implemented!')
+
+    def GetComponentCpes(self, request, context):
+        """
+        Get CPEs (Common Platform Enumeration) associated with a single software component.
+
+        Returns Common Platform Enumeration identifiers that match the specified component.
+        CPEs are used to identify IT platforms in vulnerability databases and enable
+        vulnerability scanning and assessment.
+
+        See: https://github.com/scanoss/papi/blob/main/protobuf/scanoss/api/vulnerabilities/v2/README.md?tab=readme-ov-file#getcomponentcpes
+        """
+        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+        context.set_details('Method not implemented!')
+        raise NotImplementedError('Method not implemented!')
+
+    def GetComponentsCpes(self, request, context):
+        """
+        Get CPEs (Common Platform Enumeration) associated with multiple software components.
+
+        Returns Common Platform Enumeration identifiers for multiple components in a single request.
+        CPEs are used to identify IT platforms in vulnerability databases and enable
+        vulnerability scanning and assessment.
+
+        See: https://github.com/scanoss/papi/blob/main/protobuf/scanoss/api/vulnerabilities/v2/README.md?tab=readme-ov-file#getcomponentscpes
         """
         context.set_code(grpc.StatusCode.UNIMPLEMENTED)
         context.set_details('Method not implemented!')
         raise NotImplementedError('Method not implemented!')
 
     def GetVulnerabilities(self, request, context):
-        """Get vulnerability details
+        """
+        Get vulnerability details - legacy endpoint.
+
+        Legacy method for retrieving vulnerability information for software components.
+        Use GetComponentVulnerabilities or GetComponentsVulnerabilities instead.
+        """
+        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+        context.set_details('Method not implemented!')
+        raise NotImplementedError('Method not implemented!')
+
+    def GetComponentVulnerabilities(self, request, context):
+        """
+        Get vulnerability information for a single software component.
+
+        Analyzes the component and returns known vulnerabilities including CVE details,
+        severity scores, publication dates, and other security metadata.
+        Vulnerability data is sourced from various security databases and feeds.
+
+        See: https://github.com/scanoss/papi/blob/main/protobuf/scanoss/api/vulnerabilities/v2/README.md?tab=readme-ov-file#getcomponentvulnerabilities
+        """
+        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+        context.set_details('Method not implemented!')
+        raise NotImplementedError('Method not implemented!')
+
+    def GetComponentsVulnerabilities(self, request, context):
+        """
+        Get vulnerability information for multiple software components in a single request.
+
+        Analyzes multiple components and returns known vulnerabilities for each including CVE details,
+        severity scores, publication dates, and other security metadata.
+        Vulnerability data is sourced from various security databases and feeds.
+
+        See: https://github.com/scanoss/papi/blob/main/protobuf/scanoss/api/vulnerabilities/v2/README.md?tab=readme-ov-file#getcomponentsvulnerabilities
         """
         context.set_code(grpc.StatusCode.UNIMPLEMENTED)
         context.set_details('Method not implemented!')
@@ -73,21 +178,42 @@ def add_VulnerabilitiesServicer_to_server(servicer, server):
                     request_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.FromString,
                     response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.CpeResponse.SerializeToString,
             ),
+            'GetComponentCpes': grpc.unary_unary_rpc_method_handler(
+                    servicer.GetComponentCpes,
+                    request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.FromString,
+                    response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentCpesResponse.SerializeToString,
+            ),
+            'GetComponentsCpes': grpc.unary_unary_rpc_method_handler(
+                    servicer.GetComponentsCpes,
+                    request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.FromString,
+                    response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsCpesResponse.SerializeToString,
+            ),
             'GetVulnerabilities': grpc.unary_unary_rpc_method_handler(
                     servicer.GetVulnerabilities,
                     request_deserializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.FromString,
                     response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityResponse.SerializeToString,
             ),
+            'GetComponentVulnerabilities': grpc.unary_unary_rpc_method_handler(
+                    servicer.GetComponentVulnerabilities,
+                    request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.FromString,
+                    response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentVulnerabilityResponse.SerializeToString,
+            ),
+            'GetComponentsVulnerabilities': grpc.unary_unary_rpc_method_handler(
+                    servicer.GetComponentsVulnerabilities,
+                    request_deserializer=scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.FromString,
+                    response_serializer=scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsVulnerabilityResponse.SerializeToString,
+            ),
     }
     generic_handler = grpc.method_handlers_generic_handler(
             'scanoss.api.vulnerabilities.v2.Vulnerabilities', rpc_method_handlers)
     server.add_generic_rpc_handlers((generic_handler,))
+    server.add_registered_method_handlers('scanoss.api.vulnerabilities.v2.Vulnerabilities', rpc_method_handlers)
 
 
  # This class is part of an EXPERIMENTAL API.
 class Vulnerabilities(object):
     """
-    Expose all of the SCANOSS Vulnerability RPCs here
+    Vulnerability Service Definition
     """
 
     @staticmethod
@@ -101,11 +227,21 @@ class Vulnerabilities(object):
             wait_for_ready=None,
             timeout=None,
             metadata=None):
-        return grpc.experimental.unary_unary(request, target, '/scanoss.api.vulnerabilities.v2.Vulnerabilities/Echo',
+        return grpc.experimental.unary_unary(
+            request,
+            target,
+            '/scanoss.api.vulnerabilities.v2.Vulnerabilities/Echo',
             scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoRequest.SerializeToString,
             scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.EchoResponse.FromString,
-            options, channel_credentials,
-            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+            options,
+            channel_credentials,
+            insecure,
+            call_credentials,
+            compression,
+            wait_for_ready,
+            timeout,
+            metadata,
+            _registered_method=True)
 
     @staticmethod
     def GetCpes(request,
@@ -118,11 +254,75 @@ class Vulnerabilities(object):
             wait_for_ready=None,
             timeout=None,
             metadata=None):
-        return grpc.experimental.unary_unary(request, target, '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetCpes',
+        return grpc.experimental.unary_unary(
+            request,
+            target,
+            '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetCpes',
             scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.SerializeToString,
             scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.CpeResponse.FromString,
-            options, channel_credentials,
-            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+            options,
+            channel_credentials,
+            insecure,
+            call_credentials,
+            compression,
+            wait_for_ready,
+            timeout,
+            metadata,
+            _registered_method=True)
+
+    @staticmethod
+    def GetComponentCpes(request,
+            target,
+            options=(),
+            channel_credentials=None,
+            call_credentials=None,
+            insecure=False,
+            compression=None,
+            wait_for_ready=None,
+            timeout=None,
+            metadata=None):
+        return grpc.experimental.unary_unary(
+            request,
+            target,
+            '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentCpes',
+            scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.SerializeToString,
+            scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentCpesResponse.FromString,
+            options,
+            channel_credentials,
+            insecure,
+            call_credentials,
+            compression,
+            wait_for_ready,
+            timeout,
+            metadata,
+            _registered_method=True)
+
+    @staticmethod
+    def GetComponentsCpes(request,
+            target,
+            options=(),
+            channel_credentials=None,
+            call_credentials=None,
+            insecure=False,
+            compression=None,
+            wait_for_ready=None,
+            timeout=None,
+            metadata=None):
+        return grpc.experimental.unary_unary(
+            request,
+            target,
+            '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentsCpes',
+            scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.SerializeToString,
+            scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsCpesResponse.FromString,
+            options,
+            channel_credentials,
+            insecure,
+            call_credentials,
+            compression,
+            wait_for_ready,
+            timeout,
+            metadata,
+            _registered_method=True)
 
     @staticmethod
     def GetVulnerabilities(request,
@@ -135,8 +335,72 @@ class Vulnerabilities(object):
             wait_for_ready=None,
             timeout=None,
             metadata=None):
-        return grpc.experimental.unary_unary(request, target, '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetVulnerabilities',
+        return grpc.experimental.unary_unary(
+            request,
+            target,
+            '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetVulnerabilities',
             scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityRequest.SerializeToString,
             scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.VulnerabilityResponse.FromString,
-            options, channel_credentials,
-            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+            options,
+            channel_credentials,
+            insecure,
+            call_credentials,
+            compression,
+            wait_for_ready,
+            timeout,
+            metadata,
+            _registered_method=True)
+
+    @staticmethod
+    def GetComponentVulnerabilities(request,
+            target,
+            options=(),
+            channel_credentials=None,
+            call_credentials=None,
+            insecure=False,
+            compression=None,
+            wait_for_ready=None,
+            timeout=None,
+            metadata=None):
+        return grpc.experimental.unary_unary(
+            request,
+            target,
+            '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentVulnerabilities',
+            scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentRequest.SerializeToString,
+            scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentVulnerabilityResponse.FromString,
+            options,
+            channel_credentials,
+            insecure,
+            call_credentials,
+            compression,
+            wait_for_ready,
+            timeout,
+            metadata,
+            _registered_method=True)
+
+    @staticmethod
+    def GetComponentsVulnerabilities(request,
+            target,
+            options=(),
+            channel_credentials=None,
+            call_credentials=None,
+            insecure=False,
+            compression=None,
+            wait_for_ready=None,
+            timeout=None,
+            metadata=None):
+        return grpc.experimental.unary_unary(
+            request,
+            target,
+            '/scanoss.api.vulnerabilities.v2.Vulnerabilities/GetComponentsVulnerabilities',
+            scanoss_dot_api_dot_common_dot_v2_dot_scanoss__common__pb2.ComponentsRequest.SerializeToString,
+            scanoss_dot_api_dot_vulnerabilities_dot_v2_dot_scanoss__vulnerabilities__pb2.ComponentsVulnerabilityResponse.FromString,
+            options,
+            channel_credentials,
+            insecure,
+            call_credentials,
+            compression,
+            wait_for_ready,
+            timeout,
+            metadata,
+            _registered_method=True)

scanoss/cli.py

@@ -308,6 +308,7 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         help='Retrieve vulnerabilities for the given components',
     )
     c_vulns.set_defaults(func=comp_vulns)
+    c_vulns.add_argument('--grpc', action='store_true', help='Enable gRPC support')
 
     # Component Sub-command: component semgrep
     c_semgrep = comp_sub.add_parser(
@@ -796,9 +797,9 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
     p_inspect_dt_project_violation.add_argument(
         '--format', '-f',
         required=False,
-        choices=['json', 'md'],
+        choices=['json', 'md', 'jira_md'],
         default='json',
-        help='Output format: json (default) or md (Markdown)'
+        help='Output format: json (default), md (Markdown) or jira_md (JIRA Markdown)'
     )
     p_inspect_dt_project_violation.add_argument(
         '--timeout', '-M',
@@ -964,7 +965,7 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         p.add_argument(
             '--apiurl', type=str, help='SCANOSS API URL (optional - default: https://api.osskb.org/scan/direct)'
         )
-        p.add_argument('--ignore-cert-errors', action='store_true', help='Ignore certificate errors')
+        p.add_argument('--grpc', action='store_true', help='Enable gRPC support')
 
     # Global Scan/Fingerprint filter options
     for p in [p_scan, p_wfp]:
@@ -1055,6 +1056,7 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
             type=str,
             help='Headers to be sent on request (e.g., -hdr "Name: Value") - can be used multiple times',
         )
+        p.add_argument('--ignore-cert-errors', action='store_true', help='Ignore certificate errors')
 
     # Syft options
     for p in [p_cs, p_dep]:
@@ -1418,6 +1420,7 @@ def scan(parser, args):  # noqa: PLR0912, PLR0915
         strip_snippet_ids=args.strip_snippet,
         scan_settings=scan_settings,
         req_headers=process_req_headers(args.header),
+        use_grpc=args.grpc
     )
     if args.wfp:
         if not scanner.is_file_or_snippet_scan():
@@ -2144,6 +2147,8 @@ def comp_vulns(parser, args):
         pac=pac_file,
         timeout=args.timeout,
         req_headers=process_req_headers(args.header),
+        ignore_cert_errors=args.ignore_cert_errors,
+        use_grpc=args.grpc,
     )
     if not comps.get_vulnerabilities(args.input, args.purl, args.output):
         sys.exit(1)

scanoss/components.py

@@ -52,6 +52,8 @@ class Components(ScanossBase):
         ca_cert: str = None,
         pac: PACFile = None,
         req_headers: dict = None,
+        ignore_cert_errors: bool = False,
+        use_grpc: bool = False,
     ):
         """
         Handle all component style requests
@@ -66,6 +68,9 @@ class Components(ScanossBase):
         :param grpc_proxy: Specific gRPC proxy (optional)
         :param ca_cert: TLS client certificate (optional)
         :param pac: Proxy Auto-Config file (optional)
+        :param req_headers: Additional headers to send with requests (optional)
+        :param ignore_cert_errors: Ignore TLS certificate errors (optional)
+        :param use_grpc: Use gRPC instead of HTTP (optional)
         """
         super().__init__(debug, trace, quiet)
         ver_details = Scanner.version_details()
@@ -82,14 +87,28 @@ class Components(ScanossBase):
             grpc_proxy=grpc_proxy,
             timeout=timeout,
             req_headers=req_headers,
+            ignore_cert_errors=ignore_cert_errors,
+            use_grpc=use_grpc,
         )
 
-    def load_purls(self, json_file: Optional[str] = None, purls: Optional[List[str]] = None) -> Optional[dict]:
+    def load_comps(self, json_file: Optional[str] = None, purls: Optional[List[str]] = None)-> Optional[dict]:
+        """
+        Load the specified components and return a dictionary
+
+        :param json_file: JSON Components file (optional)
+        :param purls: list pf PURLs (optional)
+        :return: Components Request dictionary or None
+        """
+        return self.load_purls(json_file, purls, 'components')
+
+    def load_purls(self, json_file: Optional[str] = None, purls: Optional[List[str]] = None, field:str = 'purls'
+                   ) -> Optional[dict]:
         """
         Load the specified purls and return a dictionary
 
         :param json_file: JSON PURL file (optional)
         :param purls: list of PURLs (optional)
+        :param field: Name of the dictionary field to store the purls in (default: 'purls')
         :return: PURL Request dictionary or None
         """
         if json_file:
@@ -109,14 +128,14 @@ class Components(ScanossBase):
             parsed_purls = []
             for p in purls:
                 parsed_purls.append({'purl': p})
-            purl_request = {'purls': parsed_purls}
+            purl_request = {field: parsed_purls}
         else:
             self.print_stderr('ERROR: No purls specified to process.')
             return None
-        purl_count = len(purl_request.get('purls', []))
-        self.print_debug(f'Parsed Purls ({purl_count}): {purl_request}')
+        purl_count = len(purl_request.get(field, []))
+        self.print_debug(f'Parsed {field} ({purl_count}): {purl_request}')
         if purl_count == 0:
-            self.print_stderr('ERROR: No PURLs parsed from request.')
+            self.print_stderr(f'ERROR: No {field} parsed from request.')
             return None
         return purl_request
 
@@ -142,8 +161,8 @@ class Components(ScanossBase):
         """
         Open the given filename if requested, otherwise return STDOUT
 
-        :param filename:
-        :return:
+        :param filename: filename to open or None to return STDOUT
+        :return: file descriptor or None
         """
         file = sys.stdout
         if filename:
@@ -202,7 +221,7 @@ class Components(ScanossBase):
         :return: True on success, False otherwise
         """
         success = False
-        purls_request = self.load_purls(json_file, purls)
+        purls_request = self.load_comps(json_file, purls)
         if purls_request is None or len(purls_request) == 0:
             return False
         file = self._open_file_or_sdtout(output_file)

scanoss/data/build_date.txt

@@ -1 +1 @@
-date: 20250820161348, utime: 1755706428
+date: 20250901122016, utime: 1756729216

scanoss/inspection/dependency_track/project_violation.py

@@ -34,7 +34,6 @@ PROCESSING_RETRY_DELAY = 5  # seconds
 DEFAULT_TIME_OUT = 300.0
 MILLISECONDS_TO_SECONDS = 1000
 
-
 """
 Dependency Track project violation policy check implementation.
 
@@ -43,6 +42,7 @@ It retrieves, processes, and formats policy violations from a Dependency Track i
 for a specific project.
 """
 
+
 class ResolvedLicenseDict(TypedDict):
     """TypedDict for resolved license information from Dependency Track."""
     uuid: str
@@ -125,7 +125,7 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
     This class handles retrieving, processing, and formatting policy violations
     from a Dependency Track instance for a specific project.
     """
-    
+
     def __init__(  # noqa: PLR0913
             self,
             debug: bool = False,
@@ -161,13 +161,13 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
             timeout: Timeout for processing in seconds (default: 300)
         """
         super().__init__(debug, trace, quiet, format_type, status, 'dependency-track', output)
-        self.url = url
         self.api_key = api_key
         self.project_id = project_id
         self.project_name = project_name
         self.project_version = project_version
         self.upload_token = upload_token
         self.timeout = timeout
+        self.url = url.strip().rstrip('/') if url else None
         self.dep_track_service = DependencyTrackService(self.api_key, self.url, debug=debug, trace=trace, quiet=quiet)
 
     def _json(self, project_violations: list[PolicyViolationDict]) -> Dict[str, Any]:
@@ -230,7 +230,7 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
         if not dt_project:
             self.print_stderr('Warning: No project details supplied. Returning False.')
             return False
-        
+
         # Safely extract and normalise timestamp values to numeric types
         def _safe_timestamp(field, value=None, default=0) -> float:
             """Convert timestamp value to float, handling string/numeric types safely."""
@@ -241,7 +241,7 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
             except (ValueError, TypeError):
                 self.print_stderr(f'Warning: Invalid timestamp for {field}, value: {value}, using default: {default}')
                 return float(default)
-        
+
         last_import = _safe_timestamp('lastBomImport', dt_project.get('lastBomImport'), 0)
         last_vulnerability_analysis = _safe_timestamp('lastVulnerabilityAnalysis',
                                                       dt_project.get('lastVulnerabilityAnalysis'), 0
@@ -372,7 +372,7 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
         """
         type_priority = {'SECURITY': 3, 'LICENSE': 2, 'OTHER': 1}
         return sorted(
-            violations, 
+            violations,
             key=lambda x: -type_priority.get(x.get('type', 'OTHER'), 1)
         )
 
@@ -424,8 +424,9 @@ class DependencyTrackProjectViolationPolicyCheck(PolicyCheck[PolicyViolationDict
             rows.append(row)
         # End for loop
         return {
-            "details": f'### Dependency Track Project Violations\n{table_generator(headers, rows, c_cols)}\n',
-            "summary": f'{len(project_violations)} policy violations were found.\n',
+            "details": f'### Dependency Track Project Violations\n{table_generator(headers, rows, c_cols)}\n\n'
+                       f'View project in Dependency Track [here]({self.url}/projects/{self.project_id}).\n',
+            "summary": f'{len(project_violations)} policy violations were found.\n'
         }
 
     def run(self) -> int:

scanoss/scanner.py

@@ -107,6 +107,7 @@ class Scanner(ScanossBase):
         skip_md5_ids=None,
         scan_settings: 'ScanossSettings | None' = None,
         req_headers: dict = None,
+        use_grpc: bool = False,
     ):
         """
         Initialise scanning class, including Winnowing, ScanossApi, ThreadedScanning
@@ -173,6 +174,8 @@ class Scanner(ScanossBase):
             pac=pac,
             grpc_proxy=grpc_proxy,
             req_headers=self.req_headers,
+            ignore_cert_errors=ignore_cert_errors,
+            use_grpc=use_grpc
         )
         self.threaded_deps = ThreadedDependencies(sc_deps, grpc_api, debug=debug, quiet=quiet, trace=trace)
         self.nb_threads = nb_threads