Feat/dep track inspection (#140)

* chore:SP-2960 Refactor inspect module
* feat:SP-2961 Implements dependency track inspect task
* chore:SP-2967 Adds source(raw, dependency-track) to inspect subcommand
* chore:SP-2969 Adds backward compatibility for the legacy inspect command
* Fixed bug SP-2985
---------
Co-authored-by: Alex Egan <[email protected]>
Co-authored-by: eeisegn <[email protected]>

Author: 3 people

CHANGELOG.md

@@ -9,6 +9,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.31.0] - 2025-08-08
+### Added
+- Add `inspect dependency-track project-violations` subcommand to retrieve Dependency Track project violations in Markdown and JSON formats
+### Changed
+- Renamed `inspect copyleft` to `inspect raw copyleft`
+- Renamed `inspect undeclared` to `inspect raw undeclared`
+- Renamed `inspect component-summary` to `inspect raw component-summary`
+- Renamed `inspect license-summary` to `inspect raw license-summary`
+- Updated Policy return codes. 0 → Success, 2 → Fail, 1 → Error
+### Fixed
+- Fixed incorrect folder filtering configurations for fingerprinting and scanning
+
 ## [1.30.0] - 2025-07-22
 ### Added
 - Add `export dt` subcommand to export SBOM files to Dependency Track
@@ -615,5 +627,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.28.2]: https://github.com/scanoss/scanoss.py/compare/v1.28.1...v1.28.2
 [1.29.0]: https://github.com/scanoss/scanoss.py/compare/v1.28.2...v1.29.0
 [1.30.0]: https://github.com/scanoss/scanoss.py/compare/v1.29.0...v1.30.0
-
+[1.31.0]: https://github.com/scanoss/scanoss.py/compare/v1.30.0...v1.31.0
 

CLIENT_HELP.md

@@ -367,10 +367,11 @@ The `inspect` command has a suite of sub-commands designed to inspect the result
 Details, such as license compliance or component declarations, can be examined.
 
 For example:
-* Copyleft (`copylefet`)
+* Copyleft (`copyleft`)
 * Undeclared Components (`undeclared`)
 * License Summary (`license-summary`)
 * Component Summary (`component-summary`)
+* Dependency Track project violations (`dependency-track project-violations`)
 
 For the latest list of sub-commands, please run:
 ```bash
@@ -476,6 +477,21 @@ Example with an output file:
 scanoss-py insp component-summary -i scan-results.json --output component-summary.json
 ```
 
+#### Inspect Dependency Track project violations Markdown output
+The following command can be used to retrieve project violations from Dependency Track in Markdown format.
+
+**Note:** The upload token is optional. It is used to check the project processing status. If no token is provided, the latest project violations will be retrieved without waiting for project processing to complete.
+
+Example with project id:
+```bash
+scanoss-py inspect dt project-violations  --dt-upload-token <dt-upload-token> --dt-url <dependency-track-url>  --dt-projectid <dependency-track-project-id>  --dt-apikey <dependency-track-api-key> --format md --output project-violations.md
+```
+Example with project name and version:
+```bash
+scanoss-py inspect dt project-violations  --dt-upload-token <dt-upload-token> --dt-url <dependency-track-url>  --dt-projectname <dependency-track-project-name>  --dt-projectversion <dependency-track-project-version> --dt-apikey <dependency-track-api-key> --format md --output project-violations.md
+```
+
+
 ### Folder-Scan a Project Folder
 
 The new `folder-scan` subcommand performs a comprehensive scan on an entire directory by recursively processing files to generate folder-level fingerprints. It computes CRC64 hashes and simhash values to detect directory-level similarities, which is especially useful for comparing large code bases or detecting duplicate folder structures.

Dockerfile

@@ -10,7 +10,7 @@ FROM base AS builder
 
 # Setup the required build tooling
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends build-essential gcc \
+    && apt-get install -y --no-install-recommends build-essential gcc libicu-dev pkg-config \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
@@ -54,9 +54,9 @@ COPY --from=builder /opt/venv /opt/venv
 ENV PATH=/opt/venv/bin:$PATH
 ENV GRPC_POLL_STRATEGY=poll
 
-# Install jq and curl commands
+# Install jq and curl commands and ICU runtime library
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends jq curl \
+    && apt-get install -y --no-install-recommends jq curl libicu72 \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 

docs/source/index.rst

@@ -156,7 +156,7 @@ Calculates hashes for a directory or file and shows them on the STDOUT.
      - Fingerprint all hidden files/folders
 
 -----------------------------------------
-Detect dependecies: dependencies, dp, dep
+Detect dependencies: dependencies, dp, dep
 -----------------------------------------
 
 Scan source code for dependencies, but do not decorate them.

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [tool.ruff]
 # Enable pycodestyle (E), pyflakes (F), isort (I), pylint (PL)
-select = ["E", "F", "I", "PL"]
+lint.select = ["E", "F", "I", "PL"]
 line-length = 120
 # Assume Python 3.9+
 target-version = "py39"
@@ -22,3 +22,6 @@ line-ending = "auto"
 
 [tool.ruff.lint.isort]
 known-first-party = ["scanoss"]
+
+[tool.ruff.lint.pylint]
+max-args = 5

src/__init__.py

@@ -22,4 +22,4 @@
   THE SOFTWARE.
 """
 
-__version__ = '1.30.0'
+__version__ = '1.31.0'