Merge branch '5-allow-properties-tag-on-creation' into 'main'

| `-m` / `--merge`                | `$DEPTRACK_MERGE`                 | Merge all SBOM files into one (default `false`)                                 |

| `-o` / `--merge-output`         | `$DEPTRACK_MERGE_OUTPUT`          | Output merged SBOM file (only used with merge enabled) - for debugging purpose  |

| `-l` / `--purl-max-len`         | `$DEPTRACK_PURL_MAX_LEN`          | PURLs max length (`-1`: auto, `0`: no trim, `>0`: trim to size - default: `-1`) |

| `-t` / `--tags`                 | `$DEPTRACK_TAGS`                  | Comma seperated list of tags to put in the project in autoCreate mode |

| `-S` / `--show-findings`        | `$DEPTRACK_SHOW_FINDINGS`         | Wait for analysis and display found vulnerabilities                             |

| `-R` / `--risk-score-threshold` | `$DEPTRACK_RISK_SCORE_THRESHOLD`  | Risk score threshold to fail the scan (`<0`: disabled - default: `-1`)          |

| `-i` / `--insecure`             | `$DEPTRACK_INSECURE`              | Skip SSL verification                                                           |

    def component_patched(self, **kwargs):

        if "bom_ref" not in kwargs:

            print(f"{AnsiColors.YELLOW}⚠{AnsiColors.RESET} missing 'bom_ref' in component {AnsiColors.HGRAY}{kwargs.get('name')}@{kwargs.get('version')}{AnsiColors.RESET} ({kwargs['type'].value}): fix")

            print(

                f"{AnsiColors.YELLOW}⚠{AnsiColors.RESET} missing 'bom_ref' in component {AnsiColors.HGRAY}{kwargs.get('name')}@{kwargs.get('version')}{AnsiColors.RESET} ({kwargs['type'].value}): fix"

            )

            kwargs["bom_ref"] = kwargs["name"]

        component_init(self, **kwargs)

        if warnings:

            for w in warnings:

                print(f"{AnsiColors.YELLOW}⚠{AnsiColors.RESET} l#{w.lineno}: {w.message}")

                print(

                    f"{AnsiColors.YELLOW}⚠{AnsiColors.RESET} l#{w.lineno}: {w.message}"

                )

    except Exception as e:

        raise ValueError(f"Error while loading SBOM: {file.name}") from e

            continue

        while purl.qualifiers and len(purl_trunc) >= limit:

            longest_key = max(purl.qualifiers, key=lambda key: len(purl.qualifiers[key]))

            longest_key = max(

                purl.qualifiers, key=lambda key: len(purl.qualifiers[key])

            )

            purl.qualifiers.pop(longest_key)

            purl_trunc = str(purl)

        if len(str(purl)) >= limit:

            print(f"{AnsiColors.YELLOW}⚠{AnsiColors.RESET} trimmed {purl_orig} -> {AnsiColors.HGRAY}{purl_trunc}{AnsiColors.RESET} but still exceeds limit ({limit})")

            print(

                f"{AnsiColors.YELLOW}⚠{AnsiColors.RESET} trimmed {purl_orig} -> {AnsiColors.HGRAY}{purl_trunc}{AnsiColors.RESET} but still exceeds limit ({limit})"

            )

        else:

            print(f"{AnsiColors.GREEN}✓{AnsiColors.RESET} successfully trimmed {purl_orig} -> {AnsiColors.HGRAY}{purl_trunc}{AnsiColors.RESET}")

            print(

                f"{AnsiColors.GREEN}✓{AnsiColors.RESET} successfully trimmed {purl_orig} -> {AnsiColors.HGRAY}{purl_trunc}{AnsiColors.RESET}"

            )

def serialize(bom: Bom, format=OutputFormat.JSON, schema_version=SchemaVersion.V1_5) -> str:

def serialize(

    bom: Bom, format=OutputFormat.JSON, schema_version=SchemaVersion.V1_5

) -> str:

    return make_outputter(bom, format, schema_version).output_as_string()

            if all(c.bom_ref != component.bom_ref for c in merged.components):

                if component in merged.components:

                    # allow duplicated component by adding an unique metadata

                    component.properties.add(Property(name="dt:merge-deduplicate", value=component.bom_ref.value))

                    component.properties.add(

                        Property(

                            name="dt:merge-deduplicate", value=component.bom_ref.value

                        )

                    )

                merged.components.add(component)

            if parent and component.bom_ref not in depended:

                merged.register_dependency(parent, [component])

    DtSeverity("Medium", 3, AnsiColors.YELLOW),

    DtSeverity("Low", 1, AnsiColors.GREEN),

    DtSeverity("Informational", 0, AnsiColors.RESET),

    DtSeverity("Unassigned", 5, AnsiColors.PURPLE)

    DtSeverity("Unassigned", 5, AnsiColors.PURPLE),

]

        verify_ssl: bool = True,

        show_findings: bool = False,

        risk_score_threshold: int = -1,

        tags: str = "",

        **_: None,

    ):

        self.base_api_url = base_api_url

        self.verify_ssl = verify_ssl

        self.show_findings = show_findings

        self.risk_score_threshold = risk_score_threshold

        self.tags = list(filter(None, map(str.strip, tags.split(",")))) if tags else []

        self.sbom_count = 0

        self.sbom_scan_failed = 0

            # add parent UUID to params

            data["parent"] = {"uuid": parent_def.uuid}

        if self.tags:

            data["tags"] = self.tags

        print(

            f"- {AnsiColors.YELLOW}{project_path}{AnsiColors.RESET} not found: create with params {AnsiColors.HGRAY}{json.dumps(data)}{AnsiColors.RESET}..."

        )

                    else:

                        params["parentName"] = parent_def.name

                        params["parentVersion"] = parent_def.version

                if self.tags:

                    params["projectTags"] = self.tags

        # publish SBOM

        print(

        resp = requests.post(

            f"{self.base_api_url}/v1/bom",

            headers={"X-API-Key": self.api_key, "accept": MIME_APPLICATION_JSON},

            files={"bom": sbom_json, **params},

            files={"bom": sbom_json},

            data=params,

            verify=self.verify_ssl,

        )

        try:

                print(

                    f'  - {vuln["vulnId"]} {severity.color}{severity.name}{AnsiColors.RESET}: {component.get("group","")}:{component.get("name")}:{component.get("version","")} - {" ".join(cwes)}'

                )

                print(re.sub('\n+', '\n', vuln.get("description", "").strip()))

                print(re.sub("\n+", "\n", vuln.get("description", "").strip()))

                print()

        if self.risk_score_threshold < 0 or risk_score < self.risk_score_threshold:

            print(

        default=int(os.getenv("DEPTRACK_PURL_MAX_LEN", "-1")),

        help="PURLs max length (-1: auto, 0: no trim, >0: trim to size - default: -1)",

    )

    parser.add_argument(

        "-t",

        "--tags",

        type=str,

        default=os.getenv("DEPTRACK_TAGS", ""),

        help="Comma separated list of tags to attach to the project",

    )

    parser.add_argument(

        "sbom_patterns",

        nargs="*",

    print(

        f"- project path     (--project-path): {AnsiColors.CYAN}{args.project_path}{AnsiColors.RESET}"

    )

    print(

        f"- project tags     (--tags): {AnsiColors.CYAN}{args.tags}{AnsiColors.RESET}"

    )

    print(

        f"- path separator   (--path-separator): {AnsiColors.CYAN}{args.path_separator}{AnsiColors.RESET}"

    )

    )

    print(f"Summary: {scanner.sbom_count} SBOM published")

    if scanner.sbom_count and scanner.sbom_scan_failed:

        fail(f"{scanner.sbom_scan_failed} SBOM scan failed. Check the logs for details.")

        fail(

            f"{scanner.sbom_scan_failed} SBOM scan failed. Check the logs for details."

        )