bug: Fix inspection of undeclared components with empty licenses

* bug:SP-2804 Fix inspection of undeclared components with empty licenses

* chore:Upgrades version to v1.26.2

* chore:Updates CHANGELOG.md file

Author: agustingroh

CHANGELOG.md

@@ -9,8 +9,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
-## [1.26.1] - 2025-06-23
+## [1.26.2] - 2025-06-24
+### Fixed
+- Fixed inspection of undeclared components with empty licenses
 
+## [1.26.1] - 2025-06-23
 ### Added
 - Added component count to inspect license summary
 ### Changed
@@ -560,4 +563,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.25.1]: https://github.com/scanoss/scanoss.py/compare/v1.25.0...v1.25.1
 [1.25.2]: https://github.com/scanoss/scanoss.py/compare/v1.25.1...v1.25.2
 [1.26.0]: https://github.com/scanoss/scanoss.py/compare/v1.25.2...v1.26.0
-[1.26.1]: https://github.com/scanoss/scanoss.py/compare/v1.26.0...v1.26.1
+[1.26.1]: https://github.com/scanoss/scanoss.py/compare/v1.26.0...v1.26.1
+[1.26.2]: https://github.com/scanoss/scanoss.py/compare/v1.26.1...v1.26.2

src/scanoss/__init__.py

@@ -22,4 +22,4 @@
   THE SOFTWARE.
 """
 
-__version__ = '1.26.1'
+__version__ = '1.26.2'

src/scanoss/inspection/inspect_base.py

@@ -393,14 +393,31 @@ def _group_components_by_license(self,components):
         """
         component_licenses: dict = {}
         for component in components:
-            for lic in component['licenses']:
-                spdxid = lic.get('spdxid', 'Unknown')
+            purl = component.get('purl', '')
+            status = component.get('status', '')
+            licenses = component.get('licenses', [])
+
+            # Component without license
+            if not licenses:
+                key = f'{purl}-unknown'
+                component_licenses[key] = {
+                    'purl': purl,
+                    'spdxid': 'unknown',
+                    'status': status,
+                    'copyleft': False,
+                    'url': '-',
+                }
+                continue
+
+            # Iterate over licenses component licenses
+            for lic in licenses:
+                spdxid = lic.get('spdxid', 'unknown')
                 if spdxid not in component_licenses:
-                    key = f'{component["purl"]}-{spdxid}'
+                    key = f'{purl}-{spdxid}'
                     component_licenses[key] = {
-                        'purl': component['purl'],
+                        'purl': purl,
                         'spdxid': spdxid,
-                        'status': component['status'],
+                        'status': status,
                         'copyleft': lic['copyleft'],
                         'url': lic['url'],
                     }

tests/data/result.json

@@ -11,6 +11,38 @@
       }
     }
   ],
+  "inc/log.c": [
+    {
+      "component": "scanner.c",
+      "file": "scanner.c-1.3.3/external/inc/json.h",
+      "file_hash": "e91a03b850651dd56dd979ba92668a19",
+      "file_url": "https://api.osskb.org/file_contents/e91a03b850651dd56dd979ba92668a19",
+      "id": "file",
+      "latest": "1.3.4",
+      "licenses": [],
+      "lines": "all",
+      "matched": "100%",
+      "oss_lines": "all",
+      "purl": [
+        "pkg:github/scanoss/jenkins-pipeline-example"
+      ],
+      "release_date": "2021-05-26",
+      "server": {
+        "kb_version": {
+          "daily": "24.08.16",
+          "monthly": "24.07"
+        },
+        "version": "5.4.8"
+      },
+      "source_hash": "e91a03b850651dd56dd979ba92668a19",
+      "status": "pending",
+      "url": "https://github.com/scanoss/scanner.c",
+      "url_hash": "2d1700ba496453d779d4987255feb5f2",
+      "url_stats": {},
+      "vendor": "scanoss",
+      "version": "1.3.3"
+    }
+  ],
   "inc/json.h": [
     {
       "component": "scanner.c",

tests/test_policy_inspect.py

@@ -181,11 +181,14 @@ def test_undeclared_policy(self):
         status, results = undeclared.run()
         details = json.loads(results['details'])
         summary = results['summary']
-        expected_summary_output = """2 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
         Add the following snippet into your `sbom.json` file 
         ```json 
         {
             "components":[
+                  {
+                    "purl": "pkg:github/scanoss/jenkins-pipeline-example"
+                  },
                   {
                     "purl": "pkg:github/scanoss/scanner.c"
                   },
@@ -195,7 +198,7 @@ def test_undeclared_policy(self):
             ]
         }```
         """
-        self.assertEqual(len(details['components']), 3)
+        self.assertEqual(len(details['components']), 4)
         self.assertEqual(
             re.sub(r'\s|\\(?!`)|\\(?=`)', '', summary), re.sub(r'\s|\\(?!`)|\\(?=`)', '', expected_summary_output)
         )
@@ -216,14 +219,18 @@ def test_undeclared_policy_markdown(self):
         expected_details_output = """ ### Undeclared components
              | Component | License | 
              | - | - | 
+             | pkg:github/scanoss/jenkins-pipeline-example | unknown | 
              | pkg:github/scanoss/scanner.c | GPL-2.0-only | 
              | pkg:github/scanoss/wfp | GPL-2.0-only |  """
 
-        expected_summary_output = """2 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
            Add the following snippet into your `sbom.json` file 
            ```json 
                {
                 "components":[
+                 {
+                    "purl": "pkg:github/scanoss/jenkins-pipeline-example"
+                 },
                  {
                     "purl": "pkg:github/scanoss/scanner.c"
                   },
@@ -256,16 +263,20 @@ def test_undeclared_policy_markdown_scanoss_summary(self):
         expected_details_output = """ ### Undeclared components
                | Component | License | 
                | - | - | 
+               | pkg:github/scanoss/jenkins-pipeline-example | unknown |
                | pkg:github/scanoss/scanner.c | GPL-2.0-only | 
                | pkg:github/scanoss/wfp | GPL-2.0-only | """
 
-        expected_summary_output = """2 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
             Add the following snippet into your `scanoss.json` file
             
             ```json
             {
               "bom": {
                 "include": [
+                  {
+                    "purl": "pkg:github/scanoss/jenkins-pipeline-example"
+                  },
                   {
                     "purl": "pkg:github/scanoss/scanner.c"
                   },
@@ -296,13 +307,16 @@ def test_undeclared_policy_scanoss_summary(self):
         status, results = undeclared.run()
         details = json.loads(results['details'])
         summary = results['summary']
-        expected_summary_output = """2 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
                 Add the following snippet into your `scanoss.json` file
 
                 ```json
                 {
                   "bom": {
                     "include": [
+                      {
+                        "purl": "pkg:github/scanoss/jenkins-pipeline-example"
+                      },
                       {
                         "purl": "pkg:github/scanoss/scanner.c"
                       },
@@ -314,7 +328,7 @@ def test_undeclared_policy_scanoss_summary(self):
                 }
                 ```"""
         self.assertEqual(status, 0)
-        self.assertEqual(len(details['components']), 3)
+        self.assertEqual(len(details['components']), 4)
         self.assertEqual(
             re.sub(r'\s|\\(?!`)|\\(?=`)', '', summary), re.sub(r'\s|\\(?!`)|\\(?=`)', '', expected_summary_output)
         )
@@ -328,15 +342,19 @@ def test_undeclared_policy_jira_markdown_output(self):
         details = results['details']
         summary = results['summary']
         expected_details_output = """|*Component*|*License*|
+|pkg:github/scanoss/jenkins-pipeline-example|unknown|
 |pkg:github/scanoss/scanner.c|GPL-2.0-only|
 |pkg:github/scanoss/wfp|GPL-2.0-only|
 """
-        expected_summary_output = """2 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
 Add the following snippet into your `scanoss.json` file
 {code:json}
 {
   "bom": {
     "include": [
+      {
+        "purl": "pkg:github/scanoss/jenkins-pipeline-example"
+      },
       {
         "purl": "pkg:github/scanoss/scanner.c"
       },
@@ -373,7 +391,7 @@ def test_inspect_license_summary(self):
         input_file_name = os.path.join(script_dir, 'data', file_name)
         i_license_summary = LicenseSummary(filepath=input_file_name)
         license_summary = i_license_summary.run()
-        self.assertEqual(license_summary['detectedLicenses'], 2)
+        self.assertEqual(license_summary['detectedLicenses'], 3)
         self.assertEqual(license_summary['detectedLicensesWithCopyleft'], 1)
 
     def test_inspect_license_summary_with_empty_result(self):
@@ -393,11 +411,11 @@ def test_inspect_component_summary(self):
         i_component_summary = ComponentSummary(filepath=input_file_name)
         component_summary = i_component_summary.run()
         print(component_summary)
-        self.assertEqual(component_summary['totalComponents'], 3)
-        self.assertEqual(component_summary['undeclaredComponents'], 2)
+        self.assertEqual(component_summary['totalComponents'], 4)
+        self.assertEqual(component_summary['undeclaredComponents'], 3)
         self.assertEqual(component_summary['declaredComponents'], 1)
-        self.assertEqual(component_summary['totalFilesDetected'], 7)
-        self.assertEqual(component_summary['totalFilesUndeclared'], 5)
+        self.assertEqual(component_summary['totalFilesDetected'], 8)
+        self.assertEqual(component_summary['totalFilesUndeclared'], 6)
         self.assertEqual(component_summary['totalFilesDeclared'], 2)
 
     def test_inspect_component_summary_empty_result(self):

tests/test_spdxlite.py

@@ -58,8 +58,8 @@ def testSpdxLite(self):
             self.assertEqual(name, "SCANOSS-SBOM")
             self.assertEqual(organization, "Organization: SCANOSS")
             self.assertEqual(creation_info_comment, "SBOM Build information - SBOM Type: Build")
-            self.assertEqual(len(document_describes), 5)
-            self.assertEqual(len(packages), 5)
+            self.assertEqual(len(document_describes), 6)
+            self.assertEqual(len(packages), 6)
 
             for package in packages:
                 for checksum in package.get("checksums", []):