Commit 6c020abb authored by Stein Welberg's avatar Stein Welberg Committed by Clement Bois
Browse files

chore: extract constant user boolean input check 



Signed-off-by: default avatarStein Welberg <mail@steinwelberg.nl>
parent 10ea9225

sbom_scanner/scan.py

+6 −5
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ INSECURE_SSL_CTX.verify_mode = ssl.CERT_NONE 


MIME_APPLICATION_JSON = "application/json"



IS_STR_TRUE = ["true", "yes", "1"]



@dataclass

class DtSeverity:
@@ -741,7 +742,7 @@ class Scanner: 
                print(

                    f"{AnsiColors.BOLD}📄 SBOM: {AnsiColors.BLUE}{file}{AnsiColors.RESET}"

                )

                # load the SBOM content

                # load the SBOM and VEX content

                sbom_file_path = Path(file)

                sbom_file_prefix = sbom_file_path.name.split(".")[0]

                vex_file_path = sbom_file_path.with_name(f"{sbom_file_prefix}.vex.json")
@@ -831,7 +832,7 @@ def run() -> None: 
        "-i",

        "--insecure",

        action="store_true",

        default=os.getenv("DEPTRACK_INSECURE") in ["true", "yes", "1"],

        default=os.getenv("DEPTRACK_INSECURE") in IS_STR_TRUE,

        help="Skip SSL verification",

    )
@@ -877,7 +878,7 @@ def run() -> None: 
        "-m",

        "--merge",

        action="store_true",

        default=os.getenv("DEPTRACK_MERGE") in ["true", "yes", "1"],

        default=os.getenv("DEPTRACK_MERGE") in IS_STR_TRUE,

        help="Merge all SBOM files into one",

    )

    sbom_management_group.add_argument(
@@ -900,7 +901,7 @@ def run() -> None: 
        "-U",

        "--upload-vex",

        action="store_true",

        default=os.getenv("DEPTRACK_UPLOAD_VEX") in ["true", "yes", "1"],

        default=os.getenv("DEPTRACK_UPLOAD_VEX") in IS_STR_TRUE,

        help="Upload VEX file after SBOM analysis (requires VULNERABILITY_ANALYSIS permission). The VEX file(s) are resolved based on the sbom pattern(s). The first part of the SBOM file name is used to match it with a VEX file (e.g. if there is an SBOM file 'example.cyclonedx.json', the corresponding VEX file name must be 'example.vex.json')",

    )

    vex_group.add_argument(
@@ -916,7 +917,7 @@ def run() -> None: 
        "-S",

        "--show-findings",

        action="store_true",

        default=os.getenv("DEPTRACK_SHOW_FINDINGS") in ["true", "yes", "1"],

        default=os.getenv("DEPTRACK_SHOW_FINDINGS") in IS_STR_TRUE,

        help="Wait for analysis and display found vulnerabilities",

    )

    misc_group.add_argument(