PyPI - secureapp-python-agent - Versions diffs - 26.5.0rc4__tar.gz → 26.5.0rc6__tar.gz - Mend

secureapp-python-agent 26.5.0rc4tar.gz → 26.5.0rc6tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

{secureapp_python_agent-26.5.0rc4 → secureapp_python_agent-26.5.0rc6}/.gitlab-ci.yml RENAMED Viewed

@@ -77,14 +77,6 @@ build:wheel:
         - test:unit    # Ensures tests pass with 85% coverage
     <<: *base_setup
     script:
-        - |
-            if [ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]; then
-                gitversion --prefix v bump auto
-                eval $(ssh-agent -s)
-                go-go tag --skip-ci
-            else
-                echo "Not on main branch. Skipping main-only steps."
-            fi
         - make build
     artifacts:
         paths:
@@ -103,7 +95,7 @@ build:wheel:
     script:
         - venv/bin/python -m twine check dist/*
         - venv/bin/python -m twine upload --verbose --non-interactive ${TWINE_REPOSITORY_URL:+--skip-existing} dist/*
-# testPypi - using variable set TEST_TWINE_PASSWORD to API TOKEN
+# testPypi - using variable set TEST_TWINE_PASSWORD to API TOKEN - Tag PyPITest
 publish:test:
     <<: *publish_template
     needs:
@@ -114,11 +106,8 @@ publish:test:
         TWINE_PASSWORD: $TEST_TWINE_PASSWORD
         TWINE_REPOSITORY_URL: https://test.pypi.org/legacy/
     rules:
-        - if: $CI_PIPELINE_SOURCE == "schedule"
-          when: never
-        - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+        - if: '$CI_COMMIT_TAG == "PyPITest"'
 # pypi - using o11y-gdi set API TOKEN
-# change back      - if: $CI_COMMIT_TAG  - this is test - to launch
 publish:production:
     <<: *publish_template
     needs:
@@ -130,7 +119,7 @@ publish:production:
     rules:
         - if: $CI_PIPELINE_SOURCE == "schedule"
           when: never
-        - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+        - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
 # Python version compatibility matrix testing
 test:python-matrix:
@@ -241,7 +230,22 @@ sonarqube:
               SONAR_ARGS="${SONAR_ARGS} -Dsonar.branch.name=${CI_DEFAULT_BRANCH}"
               echo "Default branch: reporting analysis to branch ${CI_DEFAULT_BRANCH}"
             fi
-            sonar-scanner -Dsonar.token="$SONAR_LOGIN_TOKEN" ${SONAR_ARGS}
+            SONAR_AUTH_TOKEN="${SONAR_TOKEN:-$SONAR_LOGIN_TOKEN}"
+            if [ -z "$SONAR_AUTH_TOKEN" ]; then
+              if [ "$CI_PIPELINE_SOURCE" = "merge_request_event" ] && [ "$CI_COMMIT_REF_PROTECTED" != "true" ]; then
+                echo "Skipping SonarQube analysis: SONAR_TOKEN or SONAR_LOGIN_TOKEN is unavailable for this unprotected merge request ref."
+                exit 0
+              fi
+              echo "SONAR_TOKEN or SONAR_LOGIN_TOKEN must be configured for SonarQube analysis."
+              exit 1
+            fi
+            sonar-scanner -Dsonar.token="$SONAR_AUTH_TOKEN" ${SONAR_ARGS}
+    after_script:
+        - |
+            if [ "$CI_JOB_STATUS" = "failed" ]; then
+              mkdir -p .scannerwork
+              touch .scannerwork/.keep
+            fi
     artifacts:
         paths:
             - .scannerwork/

{secureapp_python_agent-26.5.0rc4 → secureapp_python_agent-26.5.0rc6}/Makefile RENAMED Viewed

@@ -169,11 +169,6 @@ debug-performance:
 	@echo "⚡ Running performance analysis..."
 	$(PYTHON) dev/debug/debug_analyzer.py --performance
-# CI/CD Publishing target - called from gitlab - do we still need this?  Check this -check this3 -checkthis5
-publish:
-	@echo "📦 Publishing package to repository: $(if $(REPOSITORY),$(REPOSITORY),local)..."
-	$(PYTHON) -m twine upload dist/* $(if $(REPOSITORY),--repository $(REPOSITORY),--repository local)
 # CI/CD Publishing target - added to go to real test pypi - config set in .pypirc - called by buildPublish.sh testpypi
 publish_testpypi:
 	@echo "📦 Publishing package to repository: testpypi..."

{secureapp_python_agent-26.5.0rc4 → secureapp_python_agent-26.5.0rc6}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: secureapp-python-agent
-Version: 26.5.0rc4
+Version: 26.5.0rc6
 Summary: Splunk SecureApp OpenTelemetry Extension for Python applications
 Author-email: Splunk <support@splunk.com>
 License-Expression: LicenseRef-Proprietary
@@ -49,23 +49,6 @@ Dynamic: license-file
 OpenTelemetry Python extension for integrating Splunk SecureApp with OpenTelemetry.
 This extension monitors runtime dependencies and reports them via OpenTelemetry logs.
-For more information, please refer to this wiki page: https://confluence.corp.appdynamics.com/spaces/APMJAVA/pages/7999681/SecureApp+For+Python
-## Quick Start
-```bash
-# Development setup
-make venv-install
-# Run tests (single Python version)
-make test
-# Run tests across all Python versions
-make tox
-# Run all quality checks
-make all
-```
 ## Installation
@@ -73,38 +56,11 @@ make all
 # Install from PyPI
 pip install secureapp-python-agent
-# Install in development mode with dev dependencies
-pip install -e .[dev]
-```
-## Usage
-The extension can be used in two ways: zero-configuration instrumentation or
-manual integration.
-### Zero-Configuration with OpenTelemetry Instrumentation
-```bash
 # Install with OpenTelemetry instrumentation
-pip install secureapp-python-agent opentelemetry-distro[otlp]
+pip install secureapp-python-agent splunk-opentelemetry
 # Run your application with automatic instrumentation
 opentelemetry-instrument python your_app.py
-```
-### Manual Integration
-```python
-from splunk_secureapp_opentelemetry_extension import start_monitoring, stop_monitoring
-# Start monitoring at application initialization
-start_monitoring()
-# ... your application code ...
-# Optional: Stop monitoring during application shutdown
-stop_monitoring()
-```
 ## Configuration
@@ -116,15 +72,7 @@ The extension can be configured using environment variables:
 | `OTEL_LOGS_EXPORTER`                        | `otlp`  | Log exporter type: `otlp`, `console`, or `none`           |
 | `SPLUNK_SECUREAPP_DEPENDENCY_INITIAL_DELAY` | `60.0`  | Initial delay (seconds) before dependency tracking starts |
 | `SPLUNK_SECUREAPP_DEPENDENCY_SCAN_INTERVAL` | `86400` | Interval (seconds) between dependency scans (24 hours)    |
-Example configuration:
-```bash
-# Configure with environment variables
-export OTEL_LOGS_EXPORTER=console
-export SPLUNK_SECUREAPP_DEPENDENCY_SCAN_INTERVAL=600.0
-opentelemetry-instrument python your_app.py
-```
+| `SPLUNK_SECUREAPP_LOG_LEVEL_INFO            |  NOTSET | Standard Python Log Levels                                |
 ## Features
@@ -147,17 +95,7 @@ them through OpenTelemetry logs with:
 ### OpenTelemetry Versions
-The extension is compatible with OpenTelemetry versions 1.27.0 through 1.39.x.
-**Supported and tested range**: `1.27.0` - `<1.40` (tested: 1.27.0, 1.30.0, 1.35.0, 1.38.0, 1.39.0, 1.39.1)
-The agent automatically adapts to both legacy (pre-1.39) and modern (1.39+) Logs APIs, providing:
-- Seamless compatibility across the tested version range
-- Backward compatibility with OpenTelemetry 1.27.0+
-- No version conflicts with other OpenTelemetry packages requiring 1.39.x
-- Independent upgrade paths for OpenTelemetry and SecureApp agent
-**Note**: OpenTelemetry 1.39.0 introduced breaking changes to the Logs API. This agent handles both API versions transparently using version-adaptive code.
+The extension is compatible with OpenTelemetry versions 1.39.x plus
 ### Python Versions
@@ -179,81 +117,3 @@ The SecureApp agent is designed with minimal performance impact:
   - Configurable scan intervals
   - Efficient batch processing for telemetry data
-## Development
-```bash
-make help                 # Show all available commands
-make venv-install         # Setup development environment
-make test                 # Run tests (current Python)
-make test-cov             # Run tests with coverage
-make tox                  # Run tests across all Python versions
-make lint                 # Run linting with auto-fix
-make format               # Format code
-make typecheck            # Type checking
-make build                # Build package
-make clean                # Clean build artifacts
-make license-check        # Check and add license headers
-make update-deps          # Update dependencies to latest versions
-make all                  # Run lint, typecheck, and test
-```
-## Testing
-- Supports Python 3.10+
-- All tests must mock expensive operations (e.g., sys.modules scanning, OpenTelemetry exporters)
-- Minimum 85% test coverage required
-```bash
-# Quick testing (current Python)
-make test                 # Basic tests
-make test-cov             # With coverage report
-# Comprehensive testing (all Python versions)
-make tox                  # Uses tox for multi-version testing
-# OpenTelemetry compatibility testing
-make test-otel-versions   # Test with different OTel versions
-```
-## Dependency Management
-```bash
-# Update all dependencies to latest versions
-make update-deps
-# After updating, verify compatibility
-make test
-make tox
-```
-## Workflow
-```bash
-# 1. Daily development (fast feedback)
-make all
-# 2. Before committing (comprehensive)
-make tox
-# 3. Dependency updates (monthly)
-make update-deps && make tox
-# 4. Clean build
-make clean build
-```
-## Project Structure
-```
-├── scripts/
-│   ├── check_license.py    # License header automation
-│   └── update_deps.py      # Dependency update automation
-├── src/splunk_secureapp_opentelemetry_extension/
-│   ├── __init__.py        # Package entry point (exposes only public APIs)
-│   ├── agent.py           # SecureApp agent implementation
-│   ├── dependency_analyzer.py # Runtime dependency analysis
-│   └── environment_variables.py # Environment variable constants
-├── tests/                 # Test suite (all expensive operations mocked)
-├── pyproject.toml         # Project configuration
-├── Makefile               # Development commands
-└── README.md              # This file

secureapp_python_agent-26.5.0rc4/README.md → secureapp_python_agent-26.5.0rc6/README-Developers.md RENAMED Viewed

@@ -40,7 +40,7 @@ manual integration.
 ```bash
 # Install with OpenTelemetry instrumentation
-pip install secureapp-python-agent opentelemetry-distro[otlp]
+pip install secureapp-python-agent splunk-opentelemetry
 # Run your application with automatic instrumentation
 opentelemetry-instrument python your_app.py

secureapp_python_agent-26.5.0rc6/README.md ADDED Viewed

@@ -0,0 +1,73 @@
+# Splunk SecureApp OpenTelemetry Extension
+OpenTelemetry Python extension for integrating Splunk SecureApp with OpenTelemetry.
+This extension monitors runtime dependencies and reports them via OpenTelemetry logs.
+## Installation
+```bash
+# Install from PyPI
+pip install secureapp-python-agent
+# Install with OpenTelemetry instrumentation
+pip install secureapp-python-agent splunk-opentelemetry
+# Run your application with automatic instrumentation
+opentelemetry-instrument python your_app.py
+## Configuration
+The extension can be configured using environment variables:
+| Environment Variable                        | Default | Description                                               |
+|---------------------------------------------|---------|-----------------------------------------------------------|
+| `SPLUNK_SECUREAPP_AGENT_ENABLED`            | `true`  | Enable or disable the agent completely                    |
+| `OTEL_LOGS_EXPORTER`                        | `otlp`  | Log exporter type: `otlp`, `console`, or `none`           |
+| `SPLUNK_SECUREAPP_DEPENDENCY_INITIAL_DELAY` | `60.0`  | Initial delay (seconds) before dependency tracking starts |
+| `SPLUNK_SECUREAPP_DEPENDENCY_SCAN_INTERVAL` | `86400` | Interval (seconds) between dependency scans (24 hours)    |
+| `SPLUNK_SECUREAPP_LOG_LEVEL_INFO            |  NOTSET | Standard Python Log Levels                                |
+## Features
+### Runtime Dependency Monitoring
+The extension monitors third-party Python packages loaded at runtime and reports
+them through OpenTelemetry logs with:
+- Package name and version
+- Import timestamp
+- Standard library exclusion for performance optimization
+- Low overhead (<10MB memory, <100ms startup impact)
+### OpenTelemetry Integration
+- Sends dependency data as structured logs via configurable exporters
+- Compatible with the OpenTelemetry Collector and Splunk Observability backends
+- Lightweight implementation with optimized performance
+## Compatibility
+### OpenTelemetry Versions
+The extension is compatible with OpenTelemetry versions 1.39.x plus
+### Python Versions
+Supported Python versions:
+- Python 3.10
+- Python 3.11
+- Python 3.12
+- Python 3.13
+- Python 3.14
+## Performance Considerations
+The SecureApp agent is designed with minimal performance impact:
+- Startup overhead: <100ms
+- Memory overhead: <10MB
+- Optimizations:
+  - Lazy imports for better startup performance
+  - Standard library detection to avoid unnecessary scanning
+  - Configurable scan intervals
+  - Efficient batch processing for telemetry data

{secureapp_python_agent-26.5.0rc4 → secureapp_python_agent-26.5.0rc6}/examples/requirements.txt RENAMED Viewed

@@ -3,8 +3,8 @@ opentelemetry-api==1.39.1
 opentelemetry-sdk==1.39.1
 opentelemetry-exporter-otlp==1.39.1
-# Zero-code instrumentation distribution with OTLP extra - compatible with 1.39.1 core
-opentelemetry-distro[otlp]==0.60b1
+# Zero-code instrumentation distribution
+Splunk-opentelemetry==2.10.1
 # Automatic instrumentation packages for zero-code Flask setup
 opentelemetry-instrumentation-flask==0.60b1

{secureapp_python_agent-26.5.0rc4 → secureapp_python_agent-26.5.0rc6}/o11y_test_application/runit.sh RENAMED Viewed

@@ -9,7 +9,7 @@ source ../venv/bin/activate
 #
 pip3 install --upgrade pip
 pip3 install secureapp-python-agent splunk-opentelemetry
-pip3 install -r requirements.txt
+pip3 install -r packages-with-cves.txt
 #
 # The opentelemetry-bootstrap tool scans your current Python environment, detects which libraries you have installed,
 #     and automatically installs the necessary OpenTelemetry instrumentation packages for them

{secureapp_python_agent-26.5.0rc4 → secureapp_python_agent-26.5.0rc6}/pyproject.toml RENAMED Viewed

@@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta"
 # Changed dynamic = ["version"] to version = 26.4.0-Dev
 [project]
 name = "secureapp-python-agent"
-version = "26.5.0-RC4"
+version = "26.5.0-RC6"
 description = "Splunk SecureApp OpenTelemetry Extension for Python applications"
 readme = "README.md"
 requires-python = ">=3.10"

{secureapp_python_agent-26.5.0rc4 → secureapp_python_agent-26.5.0rc6}/src/secureapp_python_agent.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: secureapp-python-agent
-Version: 26.5.0rc4
+Version: 26.5.0rc6
 Summary: Splunk SecureApp OpenTelemetry Extension for Python applications
 Author-email: Splunk <support@splunk.com>
 License-Expression: LicenseRef-Proprietary
@@ -49,23 +49,6 @@ Dynamic: license-file
 OpenTelemetry Python extension for integrating Splunk SecureApp with OpenTelemetry.
 This extension monitors runtime dependencies and reports them via OpenTelemetry logs.
-For more information, please refer to this wiki page: https://confluence.corp.appdynamics.com/spaces/APMJAVA/pages/7999681/SecureApp+For+Python
-## Quick Start
-```bash
-# Development setup
-make venv-install
-# Run tests (single Python version)
-make test
-# Run tests across all Python versions
-make tox
-# Run all quality checks
-make all
-```
 ## Installation
@@ -73,38 +56,11 @@ make all
 # Install from PyPI
 pip install secureapp-python-agent
-# Install in development mode with dev dependencies
-pip install -e .[dev]
-```
-## Usage
-The extension can be used in two ways: zero-configuration instrumentation or
-manual integration.
-### Zero-Configuration with OpenTelemetry Instrumentation
-```bash
 # Install with OpenTelemetry instrumentation
-pip install secureapp-python-agent opentelemetry-distro[otlp]
+pip install secureapp-python-agent splunk-opentelemetry
 # Run your application with automatic instrumentation
 opentelemetry-instrument python your_app.py
-```
-### Manual Integration
-```python
-from splunk_secureapp_opentelemetry_extension import start_monitoring, stop_monitoring
-# Start monitoring at application initialization
-start_monitoring()
-# ... your application code ...
-# Optional: Stop monitoring during application shutdown
-stop_monitoring()
-```
 ## Configuration
@@ -116,15 +72,7 @@ The extension can be configured using environment variables:
 | `OTEL_LOGS_EXPORTER`                        | `otlp`  | Log exporter type: `otlp`, `console`, or `none`           |
 | `SPLUNK_SECUREAPP_DEPENDENCY_INITIAL_DELAY` | `60.0`  | Initial delay (seconds) before dependency tracking starts |
 | `SPLUNK_SECUREAPP_DEPENDENCY_SCAN_INTERVAL` | `86400` | Interval (seconds) between dependency scans (24 hours)    |
-Example configuration:
-```bash
-# Configure with environment variables
-export OTEL_LOGS_EXPORTER=console
-export SPLUNK_SECUREAPP_DEPENDENCY_SCAN_INTERVAL=600.0
-opentelemetry-instrument python your_app.py
-```
+| `SPLUNK_SECUREAPP_LOG_LEVEL_INFO            |  NOTSET | Standard Python Log Levels                                |
 ## Features
@@ -147,17 +95,7 @@ them through OpenTelemetry logs with:
 ### OpenTelemetry Versions
-The extension is compatible with OpenTelemetry versions 1.27.0 through 1.39.x.
-**Supported and tested range**: `1.27.0` - `<1.40` (tested: 1.27.0, 1.30.0, 1.35.0, 1.38.0, 1.39.0, 1.39.1)
-The agent automatically adapts to both legacy (pre-1.39) and modern (1.39+) Logs APIs, providing:
-- Seamless compatibility across the tested version range
-- Backward compatibility with OpenTelemetry 1.27.0+
-- No version conflicts with other OpenTelemetry packages requiring 1.39.x
-- Independent upgrade paths for OpenTelemetry and SecureApp agent
-**Note**: OpenTelemetry 1.39.0 introduced breaking changes to the Logs API. This agent handles both API versions transparently using version-adaptive code.
+The extension is compatible with OpenTelemetry versions 1.39.x plus
 ### Python Versions
@@ -179,81 +117,3 @@ The SecureApp agent is designed with minimal performance impact:
   - Configurable scan intervals
   - Efficient batch processing for telemetry data
-## Development
-```bash
-make help                 # Show all available commands
-make venv-install         # Setup development environment
-make test                 # Run tests (current Python)
-make test-cov             # Run tests with coverage
-make tox                  # Run tests across all Python versions
-make lint                 # Run linting with auto-fix
-make format               # Format code
-make typecheck            # Type checking
-make build                # Build package
-make clean                # Clean build artifacts
-make license-check        # Check and add license headers
-make update-deps          # Update dependencies to latest versions
-make all                  # Run lint, typecheck, and test
-```
-## Testing
-- Supports Python 3.10+
-- All tests must mock expensive operations (e.g., sys.modules scanning, OpenTelemetry exporters)
-- Minimum 85% test coverage required
-```bash
-# Quick testing (current Python)
-make test                 # Basic tests
-make test-cov             # With coverage report
-# Comprehensive testing (all Python versions)
-make tox                  # Uses tox for multi-version testing
-# OpenTelemetry compatibility testing
-make test-otel-versions   # Test with different OTel versions
-```
-## Dependency Management
-```bash
-# Update all dependencies to latest versions
-make update-deps
-# After updating, verify compatibility
-make test
-make tox
-```
-## Workflow
-```bash
-# 1. Daily development (fast feedback)
-make all
-# 2. Before committing (comprehensive)
-make tox
-# 3. Dependency updates (monthly)
-make update-deps && make tox
-# 4. Clean build
-make clean build
-```
-## Project Structure
-```
-├── scripts/
-│   ├── check_license.py    # License header automation
-│   └── update_deps.py      # Dependency update automation
-├── src/splunk_secureapp_opentelemetry_extension/
-│   ├── __init__.py        # Package entry point (exposes only public APIs)
-│   ├── agent.py           # SecureApp agent implementation
-│   ├── dependency_analyzer.py # Runtime dependency analysis
-│   └── environment_variables.py # Environment variable constants
-├── tests/                 # Test suite (all expensive operations mocked)
-├── pyproject.toml         # Project configuration
-├── Makefile               # Development commands
-└── README.md              # This file

{secureapp_python_agent-26.5.0rc4 → secureapp_python_agent-26.5.0rc6}/src/secureapp_python_agent.egg-info/SOURCES.txt RENAMED Viewed

@@ -5,6 +5,7 @@
 CODEOWNERS
 LICENSE
 Makefile
+README-Developers.md
 README.md
 buildAll.sh
 buildO11y.sh
@@ -36,7 +37,7 @@ examples/manual_flask_app.py
 examples/requirements.txt
 examples/zero_code_agentic_ai_app.py
 examples/zero_code_flask_app.py
-o11y_test_application/requirements.txt
+o11y_test_application/packages-with-cves.txt
 o11y_test_application/runit.sh
 o11y_test_application/test_application.py
 o11y_test_application/otel-collector/splunk-otel-config.yaml