"""

SPDX-License-Identifier: MIT

Copyright (c) 2021, SCANOSS

Permission is hereby granted, free of charge, to any person obtaining a copy

of this software and associated documentation files (the "Software"), to deal

in the Software without restriction, including without limitation the rights

to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

copies of the Software, and to permit persons to whom the Software is

furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in

all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

THE SOFTWARE.

"""

import argparse

import os

import sys

import traceback

from dataclasses import asdict

from pathlib import Path

from typing import List

import pypac

from scanoss.cryptography import Cryptography, create_cryptography_config_from_args

from scanoss.delta import Delta

from scanoss.export.dependency_track import DependencyTrackExporter

from scanoss.scanners.container_scanner import (

DEFAULT_SYFT_COMMAND,

DEFAULT_SYFT_TIMEOUT,

ContainerScanner,

create_container_scanner_config_from_args,

)

from scanoss.scanners.folder_hasher import (

FolderHasher,

create_folder_hasher_config_from_args,

)

from scanoss.scanossgrpc import (

ScanossGrpc,

ScanossGrpcError,

create_grpc_config_from_args,

)

from . import __version__

from .components import Components

from .constants import (

DEFAULT_API_TIMEOUT,

DEFAULT_COPYLEFT_LICENSE_SOURCES,

DEFAULT_HFH_DEPTH,

DEFAULT_HFH_MIN_ACCEPTED_SCORE,

DEFAULT_HFH_RANK_THRESHOLD,

DEFAULT_HFH_RECURSIVE_THRESHOLD,

DEFAULT_POST_SIZE,

DEFAULT_RETRY,

DEFAULT_TIMEOUT,

MIN_TIMEOUT,

PYTHON_MAJOR_VERSION,

VALID_LICENSE_SOURCES,

)

from .csvoutput import CsvOutput

from .cyclonedx import CycloneDx

from .filecount import FileCount

from .gitlabqualityreport import GitLabQualityReport

from .inspection.policy_check.dependency_track.project_violation import (

DependencyTrackProjectViolationPolicyCheck,

)

from .inspection.policy_check.scanoss.copyleft import Copyleft

from .inspection.policy_check.scanoss.undeclared_component import UndeclaredComponent

from .inspection.summary.component_summary import ComponentSummary

from .inspection.summary.license_summary import LicenseSummary

from .inspection.summary.match_summary import MatchSummary

from .results import Results

from .scancodedeps import ScancodeDeps

from .scanner import FAST_WINNOWING, Scanner

from .scanners.scanner_config import create_scanner_config_from_args

from .scanners.scanner_hfh import ScannerHFH

from .scanoss_settings import ScanossSettings, ScanossSettingsError

from .scantype import ScanType

from .spdxlite import SpdxLite

from .threadeddependencies import SCOPE

from .utils.file import validate_json_file

HEADER_PARTS_COUNT = 2

def print_stderr(*args, **kwargs):

"""

Print the given message to STDERR

"""

print(*args, file=sys.stderr, **kwargs)

def setup_args() -> None: # noqa: PLR0912, PLR0915

"""

Setup all the command line arguments for processing

"""

parser = argparse.ArgumentParser(

description=f'SCANOSS Python CLI. Ver: {__version__}, License: MIT, Fast Winnowing: {FAST_WINNOWING}'

)

parser.add_argument('--version', '-v', action='store_true', help='Display version details')

subparsers = parser.add_subparsers(

title='Sub Commands', dest='subparser', description='valid subcommands', help='sub-command help'

)

# Sub-command: version

p_ver = subparsers.add_parser(

'version', aliases=['ver'], description=f'Version of SCANOSS CLI: {__version__}', help='SCANOSS version'

)

p_ver.set_defaults(func=ver)

# Sub-command: scan

p_scan = subparsers.add_parser(

'scan',

aliases=['sc'],

description=f'Analyse/scan the given source base: {__version__}',

help='Scan source code',

)

p_scan.set_defaults(func=scan)

p_scan.add_argument('scan_dir', metavar='FILE/DIR', type=str, nargs='?', help='A file or folder to scan')

p_scan.add_argument('--wfp', '-w', type=str, help='Scan a WFP File instead of a folder (optional)')

p_scan.add_argument('--dep', '-p', type=str, help='Use a dependency file instead of a folder (optional)')

p_scan.add_argument(

'--stdin', '-s', metavar='STDIN-FILENAME', type=str, help='Scan the file contents supplied via STDIN (optional)'

)

p_scan.add_argument('--files', '-e', type=str, nargs='*', help='List of files to scan.')

p_scan.add_argument('--identify', '-i', type=str, help='Scan and identify components in SBOM file')

p_scan.add_argument('--ignore', '-n', type=str, help='Ignore components specified in the SBOM file')

p_scan.add_argument(

'--threads', '-T', type=int, default=5, help='Number of threads to use while scanning (optional - default 5)'

)

p_scan.add_argument(

'--flags',

'-F',

type=int,

help='Scanning engine flags (1: disable snippet matching, 2 enable snippet ids, '

'4: disable dependencies, 8: disable licenses, 16: disable copyrights,'

'32: disable vulnerabilities, 64: disable quality, 128: disable cryptography,'

'256: disable best match only, 512: hide identified files, '

'1024: enable download_url, 2048: enable GitHub full path, '

'4096: disable extended server stats)',

)

p_scan.add_argument(

'--post-size',

'-P',

type=int,

default=DEFAULT_POST_SIZE,

help='Number of kilobytes to limit the post to while scanning (optional - default 32)',

)

p_scan.add_argument(

'--timeout',

'-M',

type=int,

default=DEFAULT_TIMEOUT,

help='Timeout (in seconds) for API communication (optional - default 180)',

)

p_scan.add_argument(

'--retry',

'-R',

type=int,

default=DEFAULT_RETRY,

help='Retry limit for API communication (optional - default 5)',

)

p_scan.add_argument('--dependencies', '-D', action='store_true', help='Add Dependency scanning')

p_scan.add_argument('--dependencies-only', action='store_true', help='Run Dependency scanning only')

p_scan.add_argument(

'--sc-command', type=str, help='Scancode command and path if required (optional - default scancode).'

)

p_scan.add_argument(

'--sc-timeout',

type=int,

default=600,

help='Timeout (in seconds) for scancode to complete (optional - default 600)',

)

p_scan.add_argument(

'--dep-scope', '-ds', type=SCOPE, help='Filter dependencies by scope - default all (options: dev/prod)'

)

p_scan.add_argument('--dep-scope-inc', '-dsi', type=str, help='Include dependencies with declared scopes')

p_scan.add_argument('--dep-scope-exc', '-dse', type=str, help='Exclude dependencies with declared scopes')

p_scan.add_argument(

'--no-wfp-output', action='store_true',

help='DEPRECATED: Scans no longer generate scanner_output.wfp. Use "fingerprint -o" to create WFP files.'

)

p_scan.add_argument(

'--wfp-output', type=str, metavar='FILE',

help='Save fingerprints to specified file during scan'

)

# Snippet tuning options

p_scan.add_argument(

'--min-snippet-hits',

type=int,

default=None,

help='Minimum snippet hits required. A value of 0 defers to server configuration (optional)',

)

p_scan.add_argument(

'--min-snippet-lines',

type=int,

default=None,

help='Minimum snippet lines required. A value of 0 defers to server configuration (optional)',

)

p_scan.add_argument(

'--ranking',

type=str,

choices=['unset' ,'true', 'false'],

default='unset',

help='Enable or disable ranking (optional - default: server configuration)',

)

p_scan.add_argument(

'--ranking-threshold',

type=int,

default=-1,

help='Ranking threshold value. Valid range: -1 to 10. A value of -1 defers to server configuration (optional)',

)

p_scan.add_argument(

'--honour-file-exts',

type=str,

choices=['unset','true', 'false'],

default='unset',

help='Honour file extensions during scanning. When not set, defers to server configuration (optional)',

)

# Sub-command: fingerprint

p_wfp = subparsers.add_parser(

'fingerprint',

aliases=['fp', 'wfp'],

description=f'Fingerprint the given source base: {__version__}',

help='Fingerprint source code',

)

p_wfp.set_defaults(func=wfp)

p_wfp.add_argument('scan_dir', metavar='FILE/DIR', type=str, nargs='?', help='A file or folder to scan')

p_wfp.add_argument(

'--stdin',

'-s',

metavar='STDIN-FILENAME',

type=str,

help='Fingerprint the file contents supplied via STDIN (optional)',

)

# Sub-command: dependency

p_dep = subparsers.add_parser(

'dependencies',

aliases=['dp', 'dep'],

description=f'Produce dependency file summary: {__version__}',

help='Scan source code for dependencies, but do not decorate them',

)

p_dep.add_argument('scan_loc', metavar='FILE/DIR', type=str, nargs='?', help='A file or folder to scan')

p_dep.add_argument(

'--container',

type=str,

help='Container image to scan. Supports yourrepo/yourimage:tag, Docker tar, '

'OCI tar, OCI directory, SIF Container, or generic filesystem directory.',

)

p_dep.add_argument(

'--sc-command', type=str, help='Scancode command and path if required (optional - default scancode).'

)

p_dep.add_argument(

'--sc-timeout',

type=int,

default=600,

help='Timeout (in seconds) for scancode to complete (optional - default 600)',

)

p_dep.set_defaults(func=dependency)

# Container scan sub-command

p_cs = subparsers.add_parser(

'container-scan',

aliases=['cs'],

description=f'Analyse/scan the given container image: {__version__}',

help='Scan container image',

)

p_cs.add_argument(

'scan_loc',

metavar='IMAGE',

type=str,

nargs='?',

help=(

'Container image to scan. Supports yourrepo/yourimage:tag, Docker tar, '

'OCI tar, OCI directory, SIF Container, or generic filesystem directory.'

),

)

p_cs.add_argument(

'--retry',

'-R',

type=int,

default=DEFAULT_RETRY,

help='Retry limit for API communication (optional - default 5)',

)

p_cs.add_argument(

'--timeout',

'-M',

type=int,

default=DEFAULT_TIMEOUT,

help='Timeout (in seconds) for API communication (optional - default 180)',

)

p_cs.set_defaults(func=container_scan)

# Sub-command: file_count

p_fc = subparsers.add_parser(

'file_count',

aliases=['fc'],

description=f'Produce a file type count summary: {__version__}',

help='Search the source tree and produce a file type summary',

)

p_fc.set_defaults(func=file_count)

p_fc.add_argument('scan_dir', metavar='DIR', type=str, nargs='?', help='A folder to search')

p_fc.add_argument('--all-hidden', action='store_true', help='Scan all hidden files/folders')

# Sub-command: convert

p_cnv = subparsers.add_parser(

'convert',

aliases=['cv', 'cnv', 'cvrt'],

description=f'Convert results files between formats: {__version__}',

help='Convert file format',

)

p_cnv.set_defaults(func=convert)

p_cnv.add_argument('--input', '-i', type=str, required=True, help='Input file name')

p_cnv.add_argument(

'--format',

'-f',

type=str,

choices=['cyclonedx', 'spdxlite', 'csv', 'glc-codequality'],

default='spdxlite',

help='Output format (optional - default: spdxlite)',

)

p_cnv.add_argument(

'--input-format', type=str, choices=['plain'], default='plain', help='Input format (optional - default: plain)'

)

# Sub-command: component

p_comp = subparsers.add_parser(

'component',

aliases=['comp'],

description=f'SCANOSS Component commands: {__version__}',

help='Component support commands',

)

comp_sub = p_comp.add_subparsers(

title='Component Commands',

dest='subparsercmd',

description='component sub-commands',

help='component sub-commands',

)

# Component Sub-command: component vulns

c_vulns = comp_sub.add_parser(

'vulns',

aliases=['vulnerabilities', 'vu'],

description=f'Show Vulnerability details: {__version__}',

help='Retrieve vulnerabilities for the given components',

)

c_vulns.set_defaults(func=comp_vulns)

# Component Sub-command: component licenses

c_licenses = comp_sub.add_parser(

'licenses',

aliases=['lics'],

description=f'Show License details: {__version__}',

help='Retrieve licenses for the given components',

)

c_licenses.set_defaults(func=comp_licenses)

# Component Sub-command: component semgrep

c_semgrep = comp_sub.add_parser(

'semgrep',

aliases=['sp'],

description=f'Show Semgrep findings: {__version__}',

help='Retrieve semgrep issues/findings for the given components',

)

c_semgrep.set_defaults(func=comp_semgrep)

# Component Sub-command: component provenance

c_provenance = comp_sub.add_parser(

'provenance',

aliases=['prov', 'prv'],

description=f'Show GEO Provenance findings: {__version__}',

help='Retrieve geoprovenance for the given components',

)

c_provenance.add_argument(

'--origin',

action='store_true',

help='Retrieve geoprovenance using contributors origin (default: declared origin)',

)

c_provenance.set_defaults(func=comp_provenance)

# Component Sub-command: component search

c_search = comp_sub.add_parser(

'search',

aliases=['sc'],

description=f'Search component details: {__version__}',

help='Search for a KB component',

)

c_search.add_argument('--input', '-i', type=str, help='Input file name')

c_search.add_argument('--search', '-s', type=str, help='Generic component search')

c_search.add_argument('--vendor', '-v', type=str, help='Generic component search')

c_search.add_argument('--comp', '-c', type=str, help='Generic component search')

c_search.add_argument('--package', '-p', type=str, help='Generic component search')

c_search.add_argument('--limit', '-l', type=int, help='Generic component search')

c_search.add_argument('--offset', '-f', type=int, help='Generic component search')

c_search.set_defaults(func=comp_search)

# Component Sub-command: component versions

c_versions = comp_sub.add_parser(

'versions',

aliases=['vs'],

description=f'Get component version details: {__version__}',

help='Search for component versions',

)

c_versions.add_argument('--input', '-i', type=str, help='Input file name')

c_versions.add_argument('--purl', '-p', type=str, help='Generic component search')

c_versions.add_argument('--limit', '-l', type=int, help='Generic component search')

c_versions.set_defaults(func=comp_versions)

# Sub-command: crypto

p_crypto = subparsers.add_parser(

'crypto',

aliases=['cr'],

description=f'SCANOSS Crypto commands: {__version__}',

help='Crypto support commands',

)

crypto_sub = p_crypto.add_subparsers(

title='Crypto Commands',

dest='subparsercmd',

description='crypto sub-commands',

help='crypto sub-commands',

)

# GetAlgorithms and GetAlgorithmsInRange gRPC APIs

p_crypto_algorithms = crypto_sub.add_parser(

'algorithms',

aliases=['alg'],

description=f'Show Cryptographic algorithms: {__version__}',

help='Retrieve cryptographic algorithms for the given components',

)

p_crypto_algorithms.add_argument(

'--with-range',

action='store_true',

help='Returns the list of versions in the specified range that contains cryptographic algorithms',

)

p_crypto_algorithms.set_defaults(func=crypto_algorithms)

# GetEncryptionHints and GetHintsInRange gRPC APIs

p_crypto_hints = crypto_sub.add_parser(

'hints',

description=f'Show Encryption hints: {__version__}',

help='Retrieve encryption hints for the given components',

)

p_crypto_hints.add_argument(

'--with-range',

action='store_true',

help='Returns the list of versions in the specified range that contains encryption hints',

)

p_crypto_hints.set_defaults(func=crypto_hints)

p_crypto_versions_in_range = crypto_sub.add_parser(

'versions-in-range',

aliases=['vr'],

description=f'Show versions in range: {__version__}',

help="Given a list of PURLS and version ranges, get a list of versions that do/don't contain crypto algorithms",

)

p_crypto_versions_in_range.set_defaults(func=crypto_versions_in_range)

# Common purl Component sub-command options

for p in [

c_vulns,

c_semgrep,

c_provenance,

p_crypto_algorithms,

p_crypto_hints,

p_crypto_versions_in_range,

c_licenses,

]:

p.add_argument('--purl', '-p', type=str, nargs='*', help='Package URL - PURL to process.')

p.add_argument('--input', '-i', type=str, help='Input file name')

# Common Component sub-command options

for p in [

c_vulns,

c_search,

c_versions,

c_semgrep,

c_provenance,

p_crypto_algorithms,

p_crypto_hints,

p_crypto_versions_in_range,

c_licenses,

]:

p.add_argument(

'--timeout',

'-M',

type=int,

default=DEFAULT_API_TIMEOUT,

help='Timeout (in seconds) for API communication (optional - default 600)',

)

# Common Component sub-command API URL option

for p in [

c_vulns,

c_search,

c_versions,

c_semgrep,

c_provenance,

c_licenses,

]:

p.add_argument(

'--apiurl', type=str, help='SCANOSS API base URL (optional - default: https://api.osskb.org)'

)

# Sub-command: utils

p_util = subparsers.add_parser(

'utils',

aliases=['ut'],

description=f'SCANOSS Utility commands: {__version__}',

help='General utility support commands',

)

utils_sub = p_util.add_subparsers(

title='Utils Commands', dest='subparsercmd', description='utils sub-commands', help='utils sub-commands'

)

# Utils Sub-command: utils fast

p_f_f = utils_sub.add_parser(

'fast', description=f'Is fast winnowing enabled: {__version__}', help='SCANOSS fast winnowing'

)

p_f_f.set_defaults(func=fast)

# Utils Sub-command: utils certloc

p_c_loc = utils_sub.add_parser(

'certloc',

aliases=['cl'],

description=f'Show location of Python CA Certs: {__version__}',

help='Display the location of Python CA Certs',

)

p_c_loc.set_defaults(func=utils_certloc)

# Utils Sub-command: utils cert-download

p_c_dwnld = utils_sub.add_parser(

'cert-download',

aliases=['cdl', 'cert-dl'],

description=f'Download Server SSL Cert: {__version__}',

help="Download the specified server's SSL PEM certificate",

)

p_c_dwnld.set_defaults(func=utils_cert_download)

p_c_dwnld.add_argument('--hostname', '-n', required=True, type=str, help='Server hostname to download cert from.')

p_c_dwnld.add_argument(

'--port', '-p', required=False, type=int, default=443, help='Server port number (default: 443).'

)

# Utils Sub-command: utils pac-proxy

p_p_proxy = utils_sub.add_parser(

'pac-proxy',

aliases=['pac'],

description=f'Determine Proxy from PAC: {__version__}',

help='Use Proxy Auto-Config to determine proxy configuration',

)

p_p_proxy.set_defaults(func=utils_pac_proxy)

p_p_proxy.add_argument(

'--pac',

required=False,

type=str,

default='auto',

help='Proxy auto configuration. Specify a file, http url or "auto" to try to discover it.',

)

p_p_proxy.add_argument(

'--url',

required=False,

type=str,

default='https://api.osskb.org',

help='URL to test (default: https://api.osskb.org).',

)

p_results = subparsers.add_parser(

'results',

aliases=['res'],

description=f'SCANOSS Results commands: {__version__}',

help='Process scan results',

)

p_results.add_argument(

'filepath',

metavar='FILEPATH',

type=str,

nargs='?',

help='Path to the file containing the results',

)

p_results.add_argument(

'--match-type',

'-mt',

help='Filter results by match type (comma-separated, e.g., file,snippet)',

)

p_results.add_argument(

'--status',

'-s',

help='Filter results by file status (comma-separated, e.g., pending, identified)',

)

p_results.add_argument(

'--has-pending',

action='store_true',

help='Filter results to only include files with pending status',

)

p_results.add_argument(

'--output',

'-o',

help='Output result file',

)

p_results.add_argument(

'--format',

'-f',

choices=['json', 'plain'],

help='Output format (default: plain)',

)

p_results.set_defaults(func=results)

# =========================================================================

# INSPECT SUBCOMMAND - Analysis and validation of scan results

# =========================================================================

# Main inspect parser - provides tools for analyzing scan results

p_inspect = subparsers.add_parser(

'inspect',

aliases=['insp', 'ins'],

description=f'Inspect and analyse scan results: {__version__}',

help='Inspect and analyse scan results',

)

# Inspect sub-commands parser

p_inspect_sub = p_inspect.add_subparsers(

title='Inspect Commands',

dest='subparsercmd',

description='Available inspection sub-commands',

help='Choose an inspection type',

)

# -------------------------------------------------------------------------

# RAW RESULTS INSPECTION - Analyse raw scan output

# -------------------------------------------------------------------------

# Raw results parser - handles inspection of unprocessed scan results

p_inspect_raw = p_inspect_sub.add_parser(

'raw',

description='Inspect and analyse SCANOSS raw scan results',

help='Analyse raw scan results for various compliance issues',

)

# Raw results sub-commands parser

p_inspect_raw_sub = p_inspect_raw.add_subparsers(

title='Raw Results Inspection Commands',

dest='subparser_subcmd',

description='Tools for analyzing raw scan results',

help='Choose a raw results analysis type',

)

# Copyleft license inspection - identifies copyleft license violations

p_inspect_raw_copyleft = p_inspect_raw_sub.add_parser(

'copyleft',

aliases=['cp'],

description='Identify components with copyleft licenses that may require compliance action',

help='Find copyleft license violations',

)

# License summary inspection - provides overview of all detected licenses

p_inspect_raw_license_summary = p_inspect_raw_sub.add_parser(

'license-summary',

aliases=['lic-summary', 'licsum'],

description='Generate comprehensive summary of all licenses found in scan results',

help='Generate license summary report',

)

# Component summary inspection - provides overview of all detected components

p_inspect_raw_component_summary = p_inspect_raw_sub.add_parser(

'component-summary',

aliases=['comp-summary', 'compsum'],

description='Generate comprehensive summary of all components found in scan results',

help='Generate component summary report',

)

# Undeclared components inspection - finds components not declared in SBOM

p_inspect_raw_undeclared = p_inspect_raw_sub.add_parser(

'undeclared',

aliases=['un'],

description='Identify components present in code but not declared in SBOM files',

help='Find undeclared components',

)

# SBOM format option for undeclared components inspection

p_inspect_raw_undeclared.add_argument(

'--sbom-format',

required=False,

choices=['legacy', 'settings'],

default='settings',

help='SBOM format type for comparison: legacy or settings (default)',

)

# -------------------------------------------------------------------------

# BACKWARD COMPATIBILITY - Support old inspect command format

# -------------------------------------------------------------------------

# Legacy copyleft inspection - backward compatibility for 'scanoss-py inspect copyleft'

p_inspect_legacy_copyleft = p_inspect_sub.add_parser(

'copyleft',

aliases=['cp'],

description='Identify components with copyleft licenses that may require compliance action',

help='Find copyleft license violations (legacy format)',

)

# Legacy undeclared components inspection - backward compatibility for 'scanoss-py inspect undeclared'

p_inspect_legacy_undeclared = p_inspect_sub.add_parser(

'undeclared',

aliases=['un'],

description='Identify components present in code but not declared in SBOM files',

help='Find undeclared components (legacy format)',

)

# SBOM format option for legacy undeclared components inspection

p_inspect_legacy_undeclared.add_argument(

'--sbom-format',

required=False,

choices=['legacy', 'settings'],

default='settings',

help='SBOM format type for comparison: legacy or settings (default)',

)

# Legacy license summary inspection - backward compatibility for 'scanoss-py inspect license-summary'

p_inspect_legacy_license_summary = p_inspect_sub.add_parser(

'license-summary',

aliases=['lic-summary', 'licsum'],

description='Generate comprehensive summary of all licenses found in scan results',

help='Generate license summary report (legacy format)',

)

# Legacy component summary inspection - backward compatibility for 'scanoss-py inspect component-summary'

p_inspect_legacy_component_summary = p_inspect_sub.add_parser(

'component-summary',

aliases=['comp-summary', 'compsum'],

description='Generate comprehensive summary of all components found in scan results',

help='Generate component summary report (legacy format)',

)

# Applies the same configuration to both legacy and raw versions

# License filtering options - common to (legacy) copyleft and license summary commands

for p in [

p_inspect_raw_copyleft,

p_inspect_raw_license_summary,

p_inspect_legacy_copyleft,

p_inspect_legacy_license_summary,

]:

p.add_argument('--include', help='Additional licenses to include in analysis (comma-separated list)')

p.add_argument('--exclude', help='Licenses to exclude from analysis (comma-separated list)')

p.add_argument('--explicit', help='Use only these specific licenses for analysis (comma-separated list)')

# License source filtering

for p in [p_inspect_raw_copyleft, p_inspect_legacy_copyleft]:

p.add_argument(

'-ls', '--license-sources',

action='extend',

nargs='+',

choices=VALID_LICENSE_SOURCES,

help=f'Specify which license sources to check for copyleft violations. Each license object in scan results '

f'has a source field indicating its origin. Default: {", ".join(DEFAULT_COPYLEFT_LICENSE_SOURCES)}',

)

# Common options for (legacy) copyleft and undeclared component inspection

for p in [p_inspect_raw_copyleft, p_inspect_raw_undeclared, p_inspect_legacy_copyleft, p_inspect_legacy_undeclared]:

p.add_argument('-i', '--input', required=True, help='Path to scan results file to analyse')

p.add_argument(

'-f',

'--format',

required=False,

choices=['json', 'md', 'jira_md'],

default='json',

help='Output format: json (default), md (Markdown), or jira_md (JIRA Markdown)',

)

p.add_argument('-o', '--output', type=str, help='Save detailed results to specified file')

p.add_argument('-s', '--status', type=str, help='Save summary status report to Markdown file')

# Common options for (legacy) license and component summary commands

for p in [

p_inspect_raw_license_summary,

p_inspect_raw_component_summary,

p_inspect_legacy_license_summary,

p_inspect_legacy_component_summary,

]:

p.add_argument('-i', '--input', required=True, help='Path to scan results file to analyse')

p.add_argument('-o', '--output', type=str, help='Save summary report to specified file')

# -------------------------------------------------------------------------

# DEPENDENCY TRACK INSPECTION - Analyse Dependency Track project data

# -------------------------------------------------------------------------

# Dependency Track parser - handles inspection of DT project status and violations

p_dep_track_sub = p_inspect_sub.add_parser(

'dependency-track',

aliases=['dt'],

description='Inspect and analyse Dependency Track project status and policy violations',

help='Analyse Dependency Track projects',

)

# Dependency Track sub-commands parser

p_inspect_dep_track_sub = p_dep_track_sub.add_subparsers(

title='Dependency Track Inspection Commands',

dest='subparser_subcmd',

description='Tools for analysing Dependency Track project data',

help='Choose a Dependency Track analysis type',

)

# Project violations inspection - analyses policy violations in DT projects

p_inspect_dt_project_violation = p_inspect_dep_track_sub.add_parser(

'project-violations',

aliases=['pv'],

description='Analyse policy violations and compliance issues in Dependency Track projects',

help='Inspect project policy violations',

)

# Dependency Track connection and authentication options

p_inspect_dt_project_violation.add_argument(

'--url', required=True, type=str, help='Dependency Track server base URL (e.g., https://dtrack.example.com)'

)

p_inspect_dt_project_violation.add_argument(

'--upload-token',

'-ut',

required=False,

type=str,

help='Project-specific upload token for accessing DT project data',

)

p_inspect_dt_project_violation.add_argument(

'--project-id', '-pid', required=False, type=str, help='Dependency Track project UUID to inspect'

)

p_inspect_dt_project_violation.add_argument(

'--apikey', '-k', required=True, type=str, help='Dependency Track API key for authentication'

)

p_inspect_dt_project_violation.add_argument(

'--project-name', '-pn', required=False, type=str, help='Dependency Track project name'

)

p_inspect_dt_project_violation.add_argument(

'--project-version', '-pv', required=False, type=str, help='Dependency Track project version'

)

p_inspect_dt_project_violation.add_argument(

'--output', '-o', required=False, type=str, help='Save inspection results to specified file'

)

p_inspect_dt_project_violation.add_argument(

'--status', required=False, type=str, help='Save summary status report to specified file'

)

p_inspect_dt_project_violation.add_argument(

'--format',

'-f',

required=False,

choices=['json', 'md', 'jira_md'],

default='json',

help='Output format: json (default), md (Markdown) or jira_md (JIRA Markdown)',

)

p_inspect_dt_project_violation.add_argument(

'--timeout',

'-M',

required=False,

default=300,

type=float,

help='Timeout (in seconds) for API communication (optional - default 300 sec)',

)

# ==============================================================================

# GitLab Integration Parser

# ==============================================================================

# Main parser for GitLab-specific inspection commands and report generation

p_gitlab_sub = p_inspect_sub.add_parser(

'gitlab',

aliases=['glc'],

description='Generate GitLab-compatible reports from SCANOSS scan results (Markdown summaries)',

help='Generate GitLab integration reports',

)

# GitLab sub-commands parser

# Provides access to different GitLab report formats and inspection tools

p_gitlab_sub_parser = p_gitlab_sub.add_subparsers(

title='GitLab Report Types',

dest='subparser_subcmd',

description='Available GitLab report formats for scan result analysis',

help='Select the type of GitLab report to generate',

)

# ==============================================================================

# GitLab Matches Summary Command

# ==============================================================================

# Analyzes scan results and generates a GitLab-compatible Markdown summary

p_gl_inspect_matches = p_gitlab_sub_parser.add_parser(

'matches',

aliases=['ms'],

description='Generate a Markdown summary report of scan matches for GitLab integration',

help='Generate Markdown summary report of scan matches',

)

# Input file argument - SCANOSS scan results in JSON format

p_gl_inspect_matches.add_argument(

'-i', '--input', required=True, type=str, help='Path to SCANOSS scan results file (JSON format) to analyze'

)

# Line range prefix for GitLab file navigation

# Enables clickable file references in the generated report that link to specific lines in GitLab

p_gl_inspect_matches.add_argument(

'-lpr',

'--line-range-prefix',

required=True,

type=str,

help='Base URL prefix for GitLab file links with line ranges (e.g., https://gitlab.com/org/project/-/blob/main)',

)

# Output file argument - where to save the generated Markdown report

p_gl_inspect_matches.add_argument(

'--output',

'-o',

required=False,

type=str,

help='Output file path for the generated Markdown report (default: stdout)',

)

# TODO Move to the command call def location

# RAW results

p_inspect_raw_undeclared.set_defaults(func=inspect_undeclared)

p_inspect_raw_copyleft.set_defaults(func=inspect_copyleft)

p_inspect_raw_license_summary.set_defaults(func=inspect_license_summary)

p_inspect_raw_component_summary.set_defaults(func=inspect_component_summary)

# Legacy backward compatibility commands

p_inspect_legacy_copyleft.set_defaults(func=inspect_copyleft)

p_inspect_legacy_undeclared.set_defaults(func=inspect_undeclared)

p_inspect_legacy_license_summary.set_defaults(func=inspect_license_summary)

p_inspect_legacy_component_summary.set_defaults(func=inspect_component_summary)

# Dependency Track

p_inspect_dt_project_violation.set_defaults(func=inspect_dep_track_project_violations)

# GitLab

p_gl_inspect_matches.set_defaults(func=inspect_gitlab_matches)

# =========================================================================

# END INSPECT SUBCOMMAND CONFIGURATION

# =========================================================================

# Sub-command: export

p_export = subparsers.add_parser(

'export',

aliases=['exp'],

description=f'Export SBOM files to external platforms: {__version__}',

help='Export SBOM files to external platforms',

)

export_sub = p_export.add_subparsers(

title='Export Commands',

dest='subparsercmd',

description='export sub-commands',

help='export sub-commands',

)

# Export Sub-command: export dt (Dependency Track)

e_dt = export_sub.add_parser(

'dt',

aliases=['dependency-track'],

description='Export SBOM to Dependency Track',

help='Upload SBOM files to Dependency Track',

)

e_dt.add_argument('-i', '--input', type=str, required=True, help='Input SBOM file (CycloneDX JSON format)')

e_dt.add_argument('--url', type=str, required=True, help='Dependency Track base URL')

e_dt.add_argument('--apikey', '-k', type=str, required=True, help='Dependency Track API key')

e_dt.add_argument('--output', '-o', type=str, help='File to save export token and uuid into')

e_dt.add_argument('--project-id', '-pid', type=str, help='Dependency Track project UUID')

e_dt.add_argument('--project-name', '-pn', type=str, help='Dependency Track project name')

e_dt.add_argument('--project-version', '-pv', type=str, help='Dependency Track project version')

e_dt.set_defaults(func=export_dt)

# Sub-command: folder-scan

p_folder_scan = subparsers.add_parser(

'folder-scan',

aliases=['fs'],

description=f'Scan the given directory using folder hashing: {__version__}',

help='Scan the given directory using folder hashing',

)

p_folder_scan.add_argument('scan_dir', metavar='FILE/DIR', type=str, nargs='?', help='The root directory to scan')

p_folder_scan.add_argument(

'--timeout',

'-M',

type=int,

default=600,

help='Timeout (in seconds) for API communication (optional - default 600)',

)

p_folder_scan.add_argument(

'--format',

'-f',

type=str,

choices=['json', 'cyclonedx', 'raw'],

default='json',

help='Result output format (optional - default: json)',

)

p_folder_scan.add_argument(

'--rank-threshold',

type=int,

default=DEFAULT_HFH_RANK_THRESHOLD,

help='Filter results to only show those with rank value at or below this threshold (e.g., --rank-threshold 3 '

'returns results with rank 1, 2, or 3). Lower rank values indicate higher quality matches.',