diff --git a/.github/workflows/publish-pypi-release-aboutcode-pipeline.yml b/.github/workflows/publish-pypi-release-aboutcode-pipeline.yml index cdadc18dc9..cef72ed191 100644 --- a/.github/workflows/publish-pypi-release-aboutcode-pipeline.yml +++ b/.github/workflows/publish-pypi-release-aboutcode-pipeline.yml @@ -17,7 +17,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: 3.13 + python-version: 3.14 - name: Install flot run: python -m pip install flot --user diff --git a/.github/workflows/publish-pypi-release.yml b/.github/workflows/publish-pypi-release.yml index f5a217d736..7d13564a9c 100644 --- a/.github/workflows/publish-pypi-release.yml +++ b/.github/workflows/publish-pypi-release.yml @@ -17,7 +17,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: 3.13 + python-version: 3.14 - name: Install pypa/build run: python -m pip install build --user diff --git a/.github/workflows/run-unit-tests-macos.yml b/.github/workflows/run-unit-tests-macos.yml index b55ddd3ef3..59e2ccbf27 100644 --- a/.github/workflows/run-unit-tests-macos.yml +++ b/.github/workflows/run-unit-tests-macos.yml @@ -21,7 +21,7 @@ jobs: strategy: matrix: - python-version: ["3.10", "3.11", "3.12", "3.13"] + python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"] steps: - name: Checkout code diff --git a/.github/workflows/run-unit-tests.yml b/.github/workflows/run-unit-tests.yml index 59d30d1152..96b191eaa9 100644 --- a/.github/workflows/run-unit-tests.yml +++ b/.github/workflows/run-unit-tests.yml @@ -39,7 +39,7 @@ jobs: strategy: max-parallel: 4 matrix: - python-version: ["3.10", "3.11", "3.12", "3.13"] + python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"] steps: - name: Checkout code diff --git a/pyproject.toml b/pyproject.toml index 6867225c91..bd71bd77c4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,7 +7,7 @@ name = "scancodeio" version = "36.0.1" description = "Automate software composition analysis pipelines" readme = "README.rst" -requires-python = ">=3.10,<3.14" +requires-python = ">=3.10" license = "Apache-2.0" license-files = ["LICENSE", "NOTICE", "scan.NOTICE"] authors = [ @@ -30,6 +30,7 @@ classifiers = [ "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", + "Programming Language :: Python :: 3.14", "Topic :: Utilities" ] @@ -58,24 +59,21 @@ dependencies = [ # Docker "container-inspector==33.0.0", # ScanCode-toolkit - "scancode-toolkit[packages]==32.4.1", + "scancode-toolkit[packages]==32.5.0", "extractcode[full]==31.0.0", - "commoncode==32.3.0", + "commoncode==32.4.2", "Beautifulsoup4[chardet]==4.13.4", "packageurl-python==0.17.6", - # Workaround issue https://github.com/aboutcode-org/scancode.io/issues/1795 - "fingerprints==1.2.3", - "normality==2.6.1", # FetchCode "fetchcode==0.8.0", "fetchcode-container==1.2.3.210512; sys_platform == 'linux'", # Inspectors "elf-inspector==0.0.3", "go-inspector==0.5.0", - "rust-inspector==0.1.0", - "binary-inspector==0.1.2", + "rust-inspector==0.2.1", + "binary-inspector==0.2.0", "python-inspector==0.15.0", - "source-inspector==0.7.0; sys_platform != 'darwin' and platform_machine != 'arm64'", + "source-inspector==0.7.1; sys_platform != 'darwin' and platform_machine != 'arm64'", "aboutcode-toolkit==11.1.1", # Utilities "XlsxWriter==3.2.9", @@ -101,9 +99,7 @@ dependencies = [ # AboutCode pipeline "aboutcode.pipeline==0.2.1", # ScoreCode - "scorecode==0.0.4", - # Workaround issue https://github.com/aboutcode-org/scancode.io/issues/1885 - "click==8.2.1" + "scorecode==0.0.4" ] [project.optional-dependencies] diff --git a/scanpipe/pipelines/analyze_root_filesystem.py b/scanpipe/pipelines/analyze_root_filesystem.py index 558b28c8df..69f2a21d8e 100644 --- a/scanpipe/pipelines/analyze_root_filesystem.py +++ b/scanpipe/pipelines/analyze_root_filesystem.py @@ -94,7 +94,11 @@ def flag_uninteresting_codebase_resources(self): def scan_for_application_packages(self): """Scan unknown resources for packages information.""" - scancode.scan_for_application_packages(self.project, progress_logger=self.log) + scancode.scan_for_application_packages( + project=self.project, + compiled=True, + progress_logger=self.log, + ) def match_not_analyzed_to_system_packages(self): """ diff --git a/scanpipe/pipelines/inspect_packages.py b/scanpipe/pipelines/inspect_packages.py index 7674f7f25f..b853f3a711 100644 --- a/scanpipe/pipelines/inspect_packages.py +++ b/scanpipe/pipelines/inspect_packages.py @@ -49,10 +49,19 @@ def steps(cls): cls.collect_and_create_codebase_resources, cls.flag_empty_files, cls.flag_ignored_resources, + cls.scan_binaries, cls.scan_for_application_packages, cls.resolve_dependencies, ) + @optional_step("Compiled") + def scan_binaries(self): + """ + Scan compiled binaries for package and dependency related data' + Currently supported compiled binaries: Go, Rust. + """ + self.scan_binaries = True + def scan_for_application_packages(self): """ Scan resources for package information to add DiscoveredPackage @@ -61,6 +70,7 @@ def scan_for_application_packages(self): scancode.scan_for_application_packages( project=self.project, assemble=True, + compiled=self.scan_binaries or False, package_only=True, progress_logger=self.log, ) diff --git a/scanpipe/pipes/scancode.py b/scanpipe/pipes/scancode.py index 609e86b69c..fcbb70e37e 100644 --- a/scanpipe/pipes/scancode.py +++ b/scanpipe/pipes/scancode.py @@ -250,7 +250,13 @@ def scan_file(location, with_threading=True, min_license_score=0, **kwargs): return _scan_resource(location, scanners, with_threading=with_threading) -def scan_for_package_data(location, with_threading=True, package_only=False, **kwargs): +def scan_for_package_data( + location, + with_threading=True, + package_only=False, + compiled=False, + **kwargs, +): """ Run a package scan on provided `location` using the scancode-toolkit direct API. @@ -259,6 +265,7 @@ def scan_for_package_data(location, with_threading=True, package_only=False, **k scancode_get_packages = partial( scancode_api.get_package_data, package_only=package_only, + compiled=compiled, ) scanners = [ Scanner("package_data", scancode_get_packages), @@ -409,6 +416,7 @@ def scan_for_files(project, resource_qs=None, progress_logger=None): def scan_for_application_packages( project, assemble=True, + compiled=False, package_only=False, resource_qs=None, progress_logger=logger.info, @@ -431,6 +439,7 @@ def scan_for_application_packages( scan_func_kwargs = { "package_only": package_only, + "compiled": compiled, } # Collect detected Package data and save it to the CodebaseResource it was diff --git a/scanpipe/tests/data/asgiref/asgiref-3.3.0.spdx.json b/scanpipe/tests/data/asgiref/asgiref-3.3.0.spdx.json index b8382a8891..565e2f4506 100644 --- a/scanpipe/tests/data/asgiref/asgiref-3.3.0.spdx.json +++ b/scanpipe/tests/data/asgiref/asgiref-3.3.0.spdx.json @@ -1,11 +1,11 @@ { "spdxVersion": "SPDX-2.3", "dataLicense": "CC0-1.0", - "SPDXID": "SPDXRef-DOCUMENT-3282ba3d-f525-4b74-9008-919108846d33", + "SPDXID": "SPDXRef-DOCUMENT-92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "name": "scancodeio_asgiref", - "documentNamespace": "https://scancode.io/spdxdocs/3282ba3d-f525-4b74-9008-919108846d33", + "documentNamespace": "https://scancode.io/spdxdocs/92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "documentDescribes": [ - "SPDXRef-scancodeio-project-3282ba3d-f525-4b74-9008-919108846d33" + "SPDXRef-scancodeio-project-92fe63d9-1d53-4b63-b19a-85022fb7a3f3" ], "creationInfo": { "created": "2000-01-01T01:02:03Z", @@ -17,7 +17,7 @@ "packages": [ { "name": "asgiref", - "SPDXID": "SPDXRef-scancodeio-project-3282ba3d-f525-4b74-9008-919108846d33", + "SPDXID": "SPDXRef-scancodeio-project-92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", "licenseConcluded": "NOASSERTION", @@ -26,7 +26,7 @@ }, { "name": "asgiref", - "SPDXID": "SPDXRef-scancodeio-discoveredpackage-b0467b22-5e83-4b0d-91e2-15121a8cf075", + "SPDXID": "SPDXRef-scancodeio-discoveredpackage-543a3583-3a13-4b5d-a039-c6bc4072de35", "downloadLocation": "NOASSERTION", "licenseDeclared": "BSD-3-Clause", "licenseConcluded": "BSD-3-Clause", @@ -46,7 +46,7 @@ }, { "name": "asgiref", - "SPDXID": "SPDXRef-scancodeio-discoveredpackage-856001ca-aabf-4c6a-8ac2-cc1317f3e05d", + "SPDXID": "SPDXRef-scancodeio-discoveredpackage-b2913908-3a31-4460-b330-a74d14b5ee24", "downloadLocation": "NOASSERTION", "licenseDeclared": "BSD-3-Clause", "licenseConcluded": "BSD-3-Clause", @@ -66,7 +66,7 @@ }, { "name": "pytest", - "SPDXID": "SPDXRef-scancodeio-discovereddependency-ef046d41-ae47-42c3-838c-def8bc956723", + "SPDXID": "SPDXRef-scancodeio-discovereddependency-19138025-32e9-4060-ab38-622b27493b6c", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", "licenseConcluded": "NOASSERTION", @@ -82,7 +82,7 @@ }, { "name": "pytest", - "SPDXID": "SPDXRef-scancodeio-discovereddependency-31fbc19e-c309-4463-8312-390ef734bf78", + "SPDXID": "SPDXRef-scancodeio-discovereddependency-c6282019-1112-43f8-a27a-658cc0c5dcf4", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", "licenseConcluded": "NOASSERTION", @@ -98,7 +98,7 @@ }, { "name": "pytest-asyncio", - "SPDXID": "SPDXRef-scancodeio-discovereddependency-3f928a8b-4505-4a7b-ad3a-a589dec836db", + "SPDXID": "SPDXRef-scancodeio-discovereddependency-52135390-385f-4fc0-8b0a-38f28c1040dd", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", "licenseConcluded": "NOASSERTION", @@ -114,7 +114,7 @@ }, { "name": "pytest-asyncio", - "SPDXID": "SPDXRef-scancodeio-discovereddependency-892b2af3-a9f0-4544-9874-583307d2d387", + "SPDXID": "SPDXRef-scancodeio-discovereddependency-01b33ae9-cb5f-442b-bfac-af8e40a1bf8c", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", "licenseConcluded": "NOASSERTION", @@ -132,33 +132,33 @@ "files": [], "relationships": [ { - "spdxElementId": "SPDXRef-scancodeio-project-3282ba3d-f525-4b74-9008-919108846d33", - "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-b0467b22-5e83-4b0d-91e2-15121a8cf075", + "spdxElementId": "SPDXRef-scancodeio-project-92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-543a3583-3a13-4b5d-a039-c6bc4072de35", "relationshipType": "DEPENDS_ON" }, { - "spdxElementId": "SPDXRef-scancodeio-project-3282ba3d-f525-4b74-9008-919108846d33", - "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-856001ca-aabf-4c6a-8ac2-cc1317f3e05d", + "spdxElementId": "SPDXRef-scancodeio-project-92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-b2913908-3a31-4460-b330-a74d14b5ee24", "relationshipType": "DEPENDS_ON" }, { - "spdxElementId": "SPDXRef-scancodeio-discovereddependency-ef046d41-ae47-42c3-838c-def8bc956723", - "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-b0467b22-5e83-4b0d-91e2-15121a8cf075", + "spdxElementId": "SPDXRef-scancodeio-discovereddependency-19138025-32e9-4060-ab38-622b27493b6c", + "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-543a3583-3a13-4b5d-a039-c6bc4072de35", "relationshipType": "DEPENDENCY_OF" }, { - "spdxElementId": "SPDXRef-scancodeio-discovereddependency-31fbc19e-c309-4463-8312-390ef734bf78", - "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-856001ca-aabf-4c6a-8ac2-cc1317f3e05d", + "spdxElementId": "SPDXRef-scancodeio-discovereddependency-c6282019-1112-43f8-a27a-658cc0c5dcf4", + "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-b2913908-3a31-4460-b330-a74d14b5ee24", "relationshipType": "DEPENDENCY_OF" }, { - "spdxElementId": "SPDXRef-scancodeio-discovereddependency-3f928a8b-4505-4a7b-ad3a-a589dec836db", - "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-b0467b22-5e83-4b0d-91e2-15121a8cf075", + "spdxElementId": "SPDXRef-scancodeio-discovereddependency-52135390-385f-4fc0-8b0a-38f28c1040dd", + "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-543a3583-3a13-4b5d-a039-c6bc4072de35", "relationshipType": "DEPENDENCY_OF" }, { - "spdxElementId": "SPDXRef-scancodeio-discovereddependency-892b2af3-a9f0-4544-9874-583307d2d387", - "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-856001ca-aabf-4c6a-8ac2-cc1317f3e05d", + "spdxElementId": "SPDXRef-scancodeio-discovereddependency-01b33ae9-cb5f-442b-bfac-af8e40a1bf8c", + "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-b2913908-3a31-4460-b330-a74d14b5ee24", "relationshipType": "DEPENDENCY_OF" } ], diff --git a/scanpipe/tests/data/asgiref/asgiref-3.3.0_fixtures.json b/scanpipe/tests/data/asgiref/asgiref-3.3.0_fixtures.json index 86c4a1e609..39213c9281 100644 --- a/scanpipe/tests/data/asgiref/asgiref-3.3.0_fixtures.json +++ b/scanpipe/tests/data/asgiref/asgiref-3.3.0_fixtures.json @@ -1,13 +1,13 @@ [ { "model": "scanpipe.project", - "pk": "3282ba3d-f525-4b74-9008-919108846d33", + "pk": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "fields": { "extra_data": {}, - "created_date": "2025-12-12T08:16:20.590Z", + "created_date": "2026-01-16T12:40:25.319Z", "name": "asgiref", - "slug": "asgiref-3282ba3d", - "work_directory": "/tmp/tmp5qi2cv31/projects/asgiref-3282ba3d", + "slug": "asgiref-92fe63d9", + "work_directory": "/tmp/tmp7o1wn11c/projects/asgiref-92fe63d9", "is_archived": false, "notes": "", "settings": {}, @@ -16,17 +16,17 @@ }, { "model": "scanpipe.run", - "pk": "88cca71e-436d-42ec-804b-ab1af5727413", + "pk": "87e422a3-3ebf-4fbf-99cb-e2f2bbb1ba7a", "fields": { "task_id": null, "task_start_date": null, "task_end_date": null, "task_exitcode": null, "task_output": "", - "log": "2025-12-12 08:16:20.593 Pipeline [scan_codebase] starting\n2025-12-12 08:16:20.594 Step [download_missing_inputs] starting\n2025-12-12 08:16:20.595 Step [download_missing_inputs] completed in 0 seconds\n2025-12-12 08:16:20.596 Step [copy_inputs_to_codebase_directory] starting\n2025-12-12 08:16:20.596 Step [copy_inputs_to_codebase_directory] completed in 0 seconds\n2025-12-12 08:16:20.597 Step [extract_archives] starting\n2025-12-12 08:16:20.661 Step [extract_archives] completed in 0 seconds\n2025-12-12 08:16:20.662 Step [collect_and_create_codebase_resources] starting\n2025-12-12 08:16:20.831 Step [collect_and_create_codebase_resources] completed in 0 seconds\n2025-12-12 08:16:20.832 Step [flag_empty_files] starting\n2025-12-12 08:16:20.834 Step [flag_empty_files] completed in 0 seconds\n2025-12-12 08:16:20.835 Step [flag_ignored_resources] starting\n2025-12-12 08:16:20.838 Step [flag_ignored_resources] completed in 0 seconds\n2025-12-12 08:16:20.839 Step [scan_for_application_packages] starting\n2025-12-12 08:16:20.840 Collecting package data from resources:\n2025-12-12 08:16:20.893 Progress: 11% (2/18)\n2025-12-12 08:16:20.932 Progress: 22% (4/18)\n2025-12-12 08:16:20.936 Progress: 33% (6/18)\n2025-12-12 08:16:20.937 Progress: 44% (8/18)\n2025-12-12 08:16:20.939 Progress: 55% (10/18)\n2025-12-12 08:16:20.940 Progress: 66% (12/18)\n2025-12-12 08:16:20.943 Progress: 77% (14/18)\n2025-12-12 08:16:20.945 Progress: 88% (16/18)\n2025-12-12 08:16:24.518 Progress: 100% (18/18)\n2025-12-12 08:16:24.602 Assembling collected package data:\n2025-12-12 08:16:24.603 Progress: 0%\n2025-12-12 08:16:24.722 Step [scan_for_application_packages] completed in 4 seconds\n2025-12-12 08:16:24.723 Step [scan_for_files] starting\n2025-12-12 08:16:43.753 Progress: 12% (2/16) ETA: 140 seconds (2.3 minutes)\n2025-12-12 08:16:43.947 Progress: 25% (4/16) ETA: 58 seconds\n2025-12-12 08:16:44.080 Progress: 37% (6/16) ETA: 33 seconds\n2025-12-12 08:16:44.379 Progress: 50% (8/16) ETA: 20 seconds\n2025-12-12 08:16:44.551 Progress: 62% (10/16) ETA: 12 seconds\n2025-12-12 08:16:44.666 Progress: 75% (12/16) ETA: 7 seconds\n2025-12-12 08:16:44.708 Progress: 87% (14/16) ETA: 3 seconds\n2025-12-12 08:16:44.998 Progress: 100% (16/16)\n2025-12-12 08:16:45.464 Step [scan_for_files] completed in 21 seconds\n2025-12-12 08:16:45.467 Step [collect_and_create_license_detections] starting\n2025-12-12 08:16:49.430 Step [collect_and_create_license_detections] completed in 4 seconds\n2025-12-12 08:16:49.432 Pipeline completed in 29 seconds\n", - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "log": "2026-01-16 12:40:25.323 Pipeline [scan_codebase] starting\n2026-01-16 12:40:25.324 Step [download_missing_inputs] starting\n2026-01-16 12:40:25.325 Step [download_missing_inputs] completed in 0 seconds\n2026-01-16 12:40:25.325 Step [copy_inputs_to_codebase_directory] starting\n2026-01-16 12:40:25.326 Step [copy_inputs_to_codebase_directory] completed in 0 seconds\n2026-01-16 12:40:25.327 Step [extract_archives] starting\n2026-01-16 12:40:25.378 Step [extract_archives] completed in 0 seconds\n2026-01-16 12:40:25.379 Step [collect_and_create_codebase_resources] starting\n2026-01-16 12:40:25.557 Step [collect_and_create_codebase_resources] completed in 0 seconds\n2026-01-16 12:40:25.559 Step [flag_empty_files] starting\n2026-01-16 12:40:25.560 Step [flag_empty_files] completed in 0 seconds\n2026-01-16 12:40:25.561 Step [flag_ignored_resources] starting\n2026-01-16 12:40:25.563 Step [flag_ignored_resources] completed in 0 seconds\n2026-01-16 12:40:25.564 Step [scan_for_application_packages] starting\n2026-01-16 12:40:25.564 Collecting package data from resources:\n2026-01-16 12:40:28.178 Progress: 11% (2/18) ETA: 21 seconds\n2026-01-16 12:40:28.179 Progress: 22% (4/18) ETA: 9 seconds\n2026-01-16 12:40:28.180 Progress: 33% (6/18) ETA: 5 seconds\n2026-01-16 12:40:28.187 Progress: 44% (8/18) ETA: 3 seconds\n2026-01-16 12:40:28.188 Progress: 55% (10/18) ETA: 2 seconds\n2026-01-16 12:40:28.188 Progress: 66% (12/18) ETA: 1 seconds\n2026-01-16 12:40:28.189 Progress: 77% (14/18) ETA: 1 seconds\n2026-01-16 12:40:28.189 Progress: 88% (16/18)\n2026-01-16 12:40:28.190 Progress: 100% (18/18)\n2026-01-16 12:40:28.191 Assembling collected package data:\n2026-01-16 12:40:28.191 Progress: 0%\n2026-01-16 12:40:28.257 Step [scan_for_application_packages] completed in 3 seconds\n2026-01-16 12:40:28.258 Step [scan_for_files] starting\n2026-01-16 12:40:28.297 Progress: 12% (2/16)\n2026-01-16 12:40:28.300 Progress: 25% (4/16)\n2026-01-16 12:40:28.578 Progress: 37% (6/16) ETA: 1 seconds\n2026-01-16 12:40:28.581 Progress: 50% (8/16)\n2026-01-16 12:40:28.966 Progress: 62% (10/16)\n2026-01-16 12:40:29.237 Progress: 75% (12/16)\n2026-01-16 12:40:30.070 Progress: 87% (14/16)\n2026-01-16 12:40:30.590 Progress: 100% (16/16)\n2026-01-16 12:40:30.855 Step [scan_for_files] completed in 3 seconds\n2026-01-16 12:40:30.857 Step [collect_and_create_license_detections] starting\n2026-01-16 12:40:30.869 Step [collect_and_create_license_detections] completed in 0 seconds\n2026-01-16 12:40:30.870 Pipeline completed in 6 seconds\n", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "pipeline_name": "scan_codebase", - "created_date": "2025-12-12T08:16:20.592Z", + "created_date": "2026-01-16T12:40:25.322Z", "scancodeio_version": "", "description": "Scan a codebase for application packages, licenses, and copyrights.", "current_step": "", @@ -43,7 +43,7 @@ "sha256": "a5098bc870b80e7b872bff60bb363c7f2c2c89078759f6c47b53ff8c525a152e", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -354,7 +354,7 @@ "sha256": "", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -400,7 +400,7 @@ "sha256": "", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -446,7 +446,7 @@ "sha256": "", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -492,7 +492,7 @@ "sha256": "6e89108c2cf0c0446174188f76f60465ae1c1f14f83427807df40d52a27cb2c8", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -538,7 +538,7 @@ "sha256": "b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "bsd-new", "detected_license_expression_spdx": "BSD-3-Clause", "license_detections": [ @@ -619,7 +619,7 @@ "sha256": "70f98f4eb9f6068b192b5464fcdf69e29a8ff09962bfce84bbb052baeee44f33", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -930,7 +930,7 @@ "sha256": "11546323af45e6a5639bf620a9c4d73e74c0bf705f494af4595007b923f75e8a", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -976,7 +976,7 @@ "sha256": "2c1983592aa38f0bfb0afacc73ddc5b46ce10e8e89ceaa9fed1e5fc6361b608d", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1022,7 +1022,7 @@ "sha256": "30f49b9094bff904a42caeec32515715fe625a56dc48bd7c0e3d9988c0ad4bd7", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1068,7 +1068,7 @@ "sha256": "fa4651a3b79201a4dc44a4096cd49ec8f427e912ea0ee05c666357b413a8afe7", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1114,7 +1114,7 @@ "sha256": "ee0fcf4a8e6fa9df8a4643bb48e82892d496afce44b6c8b8aea2721755545e1c", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1160,7 +1160,7 @@ "sha256": "3151f66c476208c3154cb6c4fb557a2a253bab82f0ab33fb3c8b9f7976be9e33", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1206,7 +1206,7 @@ "sha256": "ddd445b778c097fc75c2bf69ad964cbadd3bd6999d1dd2306d39d401855e8e3e", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1252,7 +1252,7 @@ "sha256": "ddbc8d455eceb68fc583c67e7c4ad0277c867fb39095c51ec5b37f70342e8334", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1298,7 +1298,7 @@ "sha256": "126c3e3a8a75a517d2739612304607804cf5f34da63fa25d03a6f11f7edb6f2f", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "apache-2.0", "detected_license_expression_spdx": "Apache-2.0", "license_detections": [ @@ -1383,7 +1383,7 @@ "sha256": "f8bd1ea3fb8afddabb10f8efd66796d41446cad51168ef4d3c44b19c973d0ad0", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1429,7 +1429,7 @@ "sha256": "885267fee0fea687875a02ceb929ca095312d47aaa57e20e4ce382f397caaf4d", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1476,7 +1476,7 @@ "version": "3.3.0", "qualifiers": "", "subpath": "", - "uuid": "b0467b22-5e83-4b0d-91e2-15121a8cf075", + "uuid": "543a3583-3a13-4b5d-a039-c6bc4072de35", "md5": "", "sha1": "", "sha256": "", @@ -1486,7 +1486,7 @@ "Documentation": "https://asgi.readthedocs.io/", "Further Documentation": "https://docs.djangoproject.com/en/stable/topics/async/#async-adapter-functions" }, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "compliance_alert": "", "affected_by_vulnerabilities": [], "filename": "", @@ -1577,7 +1577,7 @@ ], "missing_resources": [], "modified_resources": [], - "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a", + "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002", "keywords": [ "Development Status :: 5 - Production/Stable", "Environment :: Web Environment", @@ -1610,7 +1610,7 @@ "version": "3.3.0", "qualifiers": "", "subpath": "", - "uuid": "856001ca-aabf-4c6a-8ac2-cc1317f3e05d", + "uuid": "b2913908-3a31-4460-b330-a74d14b5ee24", "md5": "", "sha1": "", "sha256": "", @@ -1620,7 +1620,7 @@ "Documentation": "https://asgi.readthedocs.io/", "Further Documentation": "https://docs.djangoproject.com/en/stable/topics/async/#async-adapter-functions" }, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "compliance_alert": "", "affected_by_vulnerabilities": [], "filename": "", @@ -1711,7 +1711,7 @@ ], "missing_resources": [], "modified_resources": [], - "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6", + "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb", "keywords": [ "Development Status :: 5 - Production/Stable", "Environment :: Web Environment", @@ -1757,10 +1757,10 @@ "version": "", "qualifiers": "", "subpath": "", - "uuid": "ef046d41-ae47-42c3-838c-def8bc956723", + "uuid": "19138025-32e9-4060-ab38-622b27493b6c", "affected_by_vulnerabilities": [], - "project": "3282ba3d-f525-4b74-9008-919108846d33", - "dependency_uid": "pkg:pypi/pytest?uuid=a1855203-fd9a-441d-98f6-e1e10de689c2", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "dependency_uid": "pkg:pypi/pytest?uuid=43b6aa1d-7036-47c8-a40e-7b14bb14171b", "for_package": 1, "resolved_to_package": null, "datafile_resource": 1, @@ -1783,10 +1783,10 @@ "version": "", "qualifiers": "", "subpath": "", - "uuid": "3f928a8b-4505-4a7b-ad3a-a589dec836db", + "uuid": "52135390-385f-4fc0-8b0a-38f28c1040dd", "affected_by_vulnerabilities": [], - "project": "3282ba3d-f525-4b74-9008-919108846d33", - "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=8cfeaa4e-a8db-4004-a416-3230ee0d3aae", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=b2d0632b-d881-4d8a-ad04-d3d780e7c6e2", "for_package": 1, "resolved_to_package": null, "datafile_resource": 1, @@ -1809,10 +1809,10 @@ "version": "", "qualifiers": "", "subpath": "", - "uuid": "31fbc19e-c309-4463-8312-390ef734bf78", + "uuid": "c6282019-1112-43f8-a27a-658cc0c5dcf4", "affected_by_vulnerabilities": [], - "project": "3282ba3d-f525-4b74-9008-919108846d33", - "dependency_uid": "pkg:pypi/pytest?uuid=3fa1cdcc-c729-4e57-94f3-95212cd8f7d4", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "dependency_uid": "pkg:pypi/pytest?uuid=a1481753-660d-4cf0-b0b8-a929ede30720", "for_package": 2, "resolved_to_package": null, "datafile_resource": 7, @@ -1835,10 +1835,10 @@ "version": "", "qualifiers": "", "subpath": "", - "uuid": "892b2af3-a9f0-4544-9874-583307d2d387", + "uuid": "01b33ae9-cb5f-442b-bfac-af8e40a1bf8c", "affected_by_vulnerabilities": [], - "project": "3282ba3d-f525-4b74-9008-919108846d33", - "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=040715c9-6806-402c-b027-141a05b6fd05", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=66c37d13-079b-412b-a610-1dabf9d7e6aa", "for_package": 2, "resolved_to_package": null, "datafile_resource": 7, diff --git a/scanpipe/tests/data/asgiref/asgiref-3.3.0_scanpipe_output.json b/scanpipe/tests/data/asgiref/asgiref-3.3.0_scanpipe_output.json index a2b303500d..83c5aed912 100644 --- a/scanpipe/tests/data/asgiref/asgiref-3.3.0_scanpipe_output.json +++ b/scanpipe/tests/data/asgiref/asgiref-3.3.0_scanpipe_output.json @@ -2,18 +2,18 @@ "headers": [ { "tool_name": "scanpipe", - "tool_version": "v36.0.0-2-gd030eab3", + "tool_version": "v36.0.1-14-g5999496e", "other_tools": [ - "pkg:pypi/scancode-toolkit@32.4.1" + "pkg:pypi/scancode-toolkit@32.5.0" ], "notice": "Generated with ScanCode.io and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied.\nNo content created from ScanCode.io should be considered or used as legal advice.\nConsult an Attorney for any legal advice.\nScanCode.io is a free software code scanning tool from nexB Inc. and others\nlicensed under the Apache License version 2.0.\nScanCode is a trademark of nexB Inc.\nVisit https://github.com/nexB/scancode.io for support and download.\n", - "uuid": "3282ba3d-f525-4b74-9008-919108846d33", - "created_date": "2025-12-12T08:16:20.590Z", + "uuid": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "created_date": "2026-01-16T12:40:25.319Z", "notes": "", "settings": {}, "input_sources": [ { - "uuid": "477b8b4c-4a5d-4481-8ec7-6b499ea069eb", + "uuid": "6619f69c-3ee7-454a-947c-879b289f001f", "filename": "asgiref-3.3.0-py3-none-any.whl", "download_url": "", "is_uploaded": true, @@ -30,15 +30,15 @@ "description": "Scan a codebase for application packages, licenses, and copyrights.", "selected_groups": null, "selected_steps": null, - "uuid": "88cca71e-436d-42ec-804b-ab1af5727413", - "created_date": "2025-12-12T08:16:20.592627Z", + "uuid": "87e422a3-3ebf-4fbf-99cb-e2f2bbb1ba7a", + "created_date": "2026-01-16T12:40:25.322706Z", "scancodeio_version": "", "task_id": null, "task_start_date": null, "task_end_date": null, "task_exitcode": null, "task_output": "", - "log": "2025-12-12 08:16:20.593 Pipeline [scan_codebase] starting\n2025-12-12 08:16:20.594 Step [download_missing_inputs] starting\n2025-12-12 08:16:20.595 Step [download_missing_inputs] completed in 0 seconds\n2025-12-12 08:16:20.596 Step [copy_inputs_to_codebase_directory] starting\n2025-12-12 08:16:20.596 Step [copy_inputs_to_codebase_directory] completed in 0 seconds\n2025-12-12 08:16:20.597 Step [extract_archives] starting\n2025-12-12 08:16:20.661 Step [extract_archives] completed in 0 seconds\n2025-12-12 08:16:20.662 Step [collect_and_create_codebase_resources] starting\n2025-12-12 08:16:20.831 Step [collect_and_create_codebase_resources] completed in 0 seconds\n2025-12-12 08:16:20.832 Step [flag_empty_files] starting\n2025-12-12 08:16:20.834 Step [flag_empty_files] completed in 0 seconds\n2025-12-12 08:16:20.835 Step [flag_ignored_resources] starting\n2025-12-12 08:16:20.838 Step [flag_ignored_resources] completed in 0 seconds\n2025-12-12 08:16:20.839 Step [scan_for_application_packages] starting\n2025-12-12 08:16:20.840 Collecting package data from resources:\n2025-12-12 08:16:20.893 Progress: 11% (2/18)\n2025-12-12 08:16:20.932 Progress: 22% (4/18)\n2025-12-12 08:16:20.936 Progress: 33% (6/18)\n2025-12-12 08:16:20.937 Progress: 44% (8/18)\n2025-12-12 08:16:20.939 Progress: 55% (10/18)\n2025-12-12 08:16:20.940 Progress: 66% (12/18)\n2025-12-12 08:16:20.943 Progress: 77% (14/18)\n2025-12-12 08:16:20.945 Progress: 88% (16/18)\n2025-12-12 08:16:24.518 Progress: 100% (18/18)\n2025-12-12 08:16:24.602 Assembling collected package data:\n2025-12-12 08:16:24.603 Progress: 0%\n2025-12-12 08:16:24.722 Step [scan_for_application_packages] completed in 4 seconds\n2025-12-12 08:16:24.723 Step [scan_for_files] starting\n2025-12-12 08:16:43.753 Progress: 12% (2/16) ETA: 140 seconds (2.3 minutes)\n2025-12-12 08:16:43.947 Progress: 25% (4/16) ETA: 58 seconds\n2025-12-12 08:16:44.080 Progress: 37% (6/16) ETA: 33 seconds\n2025-12-12 08:16:44.379 Progress: 50% (8/16) ETA: 20 seconds\n2025-12-12 08:16:44.551 Progress: 62% (10/16) ETA: 12 seconds\n2025-12-12 08:16:44.666 Progress: 75% (12/16) ETA: 7 seconds\n2025-12-12 08:16:44.708 Progress: 87% (14/16) ETA: 3 seconds\n2025-12-12 08:16:44.998 Progress: 100% (16/16)\n2025-12-12 08:16:45.464 Step [scan_for_files] completed in 21 seconds\n2025-12-12 08:16:45.467 Step [collect_and_create_license_detections] starting\n2025-12-12 08:16:49.430 Step [collect_and_create_license_detections] completed in 4 seconds\n2025-12-12 08:16:49.432 Pipeline completed in 29 seconds\n", + "log": "2026-01-16 12:40:25.323 Pipeline [scan_codebase] starting\n2026-01-16 12:40:25.324 Step [download_missing_inputs] starting\n2026-01-16 12:40:25.325 Step [download_missing_inputs] completed in 0 seconds\n2026-01-16 12:40:25.325 Step [copy_inputs_to_codebase_directory] starting\n2026-01-16 12:40:25.326 Step [copy_inputs_to_codebase_directory] completed in 0 seconds\n2026-01-16 12:40:25.327 Step [extract_archives] starting\n2026-01-16 12:40:25.378 Step [extract_archives] completed in 0 seconds\n2026-01-16 12:40:25.379 Step [collect_and_create_codebase_resources] starting\n2026-01-16 12:40:25.557 Step [collect_and_create_codebase_resources] completed in 0 seconds\n2026-01-16 12:40:25.559 Step [flag_empty_files] starting\n2026-01-16 12:40:25.560 Step [flag_empty_files] completed in 0 seconds\n2026-01-16 12:40:25.561 Step [flag_ignored_resources] starting\n2026-01-16 12:40:25.563 Step [flag_ignored_resources] completed in 0 seconds\n2026-01-16 12:40:25.564 Step [scan_for_application_packages] starting\n2026-01-16 12:40:25.564 Collecting package data from resources:\n2026-01-16 12:40:28.178 Progress: 11% (2/18) ETA: 21 seconds\n2026-01-16 12:40:28.179 Progress: 22% (4/18) ETA: 9 seconds\n2026-01-16 12:40:28.180 Progress: 33% (6/18) ETA: 5 seconds\n2026-01-16 12:40:28.187 Progress: 44% (8/18) ETA: 3 seconds\n2026-01-16 12:40:28.188 Progress: 55% (10/18) ETA: 2 seconds\n2026-01-16 12:40:28.188 Progress: 66% (12/18) ETA: 1 seconds\n2026-01-16 12:40:28.189 Progress: 77% (14/18) ETA: 1 seconds\n2026-01-16 12:40:28.189 Progress: 88% (16/18)\n2026-01-16 12:40:28.190 Progress: 100% (18/18)\n2026-01-16 12:40:28.191 Assembling collected package data:\n2026-01-16 12:40:28.191 Progress: 0%\n2026-01-16 12:40:28.257 Step [scan_for_application_packages] completed in 3 seconds\n2026-01-16 12:40:28.258 Step [scan_for_files] starting\n2026-01-16 12:40:28.297 Progress: 12% (2/16)\n2026-01-16 12:40:28.300 Progress: 25% (4/16)\n2026-01-16 12:40:28.578 Progress: 37% (6/16) ETA: 1 seconds\n2026-01-16 12:40:28.581 Progress: 50% (8/16)\n2026-01-16 12:40:28.966 Progress: 62% (10/16)\n2026-01-16 12:40:29.237 Progress: 75% (12/16)\n2026-01-16 12:40:30.070 Progress: 87% (14/16)\n2026-01-16 12:40:30.590 Progress: 100% (16/16)\n2026-01-16 12:40:30.855 Step [scan_for_files] completed in 3 seconds\n2026-01-16 12:40:30.857 Step [collect_and_create_license_detections] starting\n2026-01-16 12:40:30.869 Step [collect_and_create_license_detections] completed in 0 seconds\n2026-01-16 12:40:30.870 Pipeline completed in 6 seconds\n", "execution_time": null } ], @@ -158,7 +158,7 @@ "Documentation": "https://asgi.readthedocs.io/", "Further Documentation": "https://docs.djangoproject.com/en/stable/topics/async/#async-adapter-functions" }, - "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a", + "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002", "is_private": false, "is_virtual": false, "datasource_ids": [ @@ -283,7 +283,7 @@ "Documentation": "https://asgi.readthedocs.io/", "Further Documentation": "https://docs.djangoproject.com/en/stable/topics/async/#async-adapter-functions" }, - "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6", + "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb", "is_private": false, "is_virtual": false, "datasource_ids": [ @@ -307,8 +307,8 @@ "is_optional": true, "is_pinned": false, "is_direct": true, - "dependency_uid": "pkg:pypi/pytest?uuid=a1855203-fd9a-441d-98f6-e1e10de689c2", - "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a", + "dependency_uid": "pkg:pypi/pytest?uuid=43b6aa1d-7036-47c8-a40e-7b14bb14171b", + "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002", "resolved_to_package_uid": null, "datafile_path": "asgiref-3.3.0-py3-none-any.whl", "datasource_id": "pypi_wheel", @@ -323,8 +323,8 @@ "is_optional": true, "is_pinned": false, "is_direct": true, - "dependency_uid": "pkg:pypi/pytest?uuid=3fa1cdcc-c729-4e57-94f3-95212cd8f7d4", - "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6", + "dependency_uid": "pkg:pypi/pytest?uuid=a1481753-660d-4cf0-b0b8-a929ede30720", + "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb", "resolved_to_package_uid": null, "datafile_path": "asgiref-3.3.0-py3-none-any.whl-extract/asgiref-3.3.0.dist-info/METADATA", "datasource_id": "pypi_wheel_metadata", @@ -339,8 +339,8 @@ "is_optional": true, "is_pinned": false, "is_direct": true, - "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=8cfeaa4e-a8db-4004-a416-3230ee0d3aae", - "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a", + "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=b2d0632b-d881-4d8a-ad04-d3d780e7c6e2", + "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002", "resolved_to_package_uid": null, "datafile_path": "asgiref-3.3.0-py3-none-any.whl", "datasource_id": "pypi_wheel", @@ -355,8 +355,8 @@ "is_optional": true, "is_pinned": false, "is_direct": true, - "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=040715c9-6806-402c-b027-141a05b6fd05", - "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6", + "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=66c37d13-079b-412b-a610-1dabf9d7e6aa", + "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb", "resolved_to_package_uid": null, "datafile_path": "asgiref-3.3.0-py3-none-any.whl-extract/asgiref-3.3.0.dist-info/METADATA", "datasource_id": "pypi_wheel_metadata", @@ -371,7 +371,7 @@ "name": "asgiref-3.3.0-py3-none-any.whl", "status": "application-package", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a" + "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002" ], "tag": "", "extension": ".whl", @@ -798,7 +798,7 @@ "name": "LICENSE", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": "", @@ -875,7 +875,7 @@ "name": "METADATA", "status": "application-package", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": "", @@ -1182,7 +1182,7 @@ "name": "RECORD", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": "", @@ -1224,7 +1224,7 @@ "name": "top_level.txt", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".txt", @@ -1266,7 +1266,7 @@ "name": "WHEEL", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": "", @@ -1308,7 +1308,7 @@ "name": "compatibility.py", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".py", @@ -1350,7 +1350,7 @@ "name": "current_thread_executor.py", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".py", @@ -1392,7 +1392,7 @@ "name": "__init__.py", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".py", @@ -1434,7 +1434,7 @@ "name": "local.py", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".py", @@ -1476,7 +1476,7 @@ "name": "server.py", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".py", @@ -1518,7 +1518,7 @@ "name": "sync.py", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".py", @@ -1560,7 +1560,7 @@ "name": "testing.py", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".py", @@ -1602,7 +1602,7 @@ "name": "timeout.py", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".py", @@ -1683,7 +1683,7 @@ "name": "wsgi.py", "status": "scanned", "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" ], "tag": "", "extension": ".py", diff --git a/scanpipe/tests/data/asgiref/asgiref-3.3.0_toolkit_scan.json b/scanpipe/tests/data/asgiref/asgiref-3.3.0_toolkit_scan.json index 1cacfac87f..319d1ec39e 100644 --- a/scanpipe/tests/data/asgiref/asgiref-3.3.0_toolkit_scan.json +++ b/scanpipe/tests/data/asgiref/asgiref-3.3.0_toolkit_scan.json @@ -2,7 +2,7 @@ "headers": [ { "tool_name": "scancode-toolkit", - "tool_version": "32.4.1", + "tool_version": "32.5.0", "options": { "--copyright": true, "--info": true, @@ -10,10 +10,10 @@ "--package": true }, "notice": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.", - "start_timestamp": "2025-12-12T081649.433146", - "end_timestamp": "2025-12-12T081655.140123", + "start_timestamp": "2026-01-16T124030.871108", + "end_timestamp": "2026-01-16T124033.754071", "output_format_version": "4.1.0", - "duration": 5.707000255584717, + "duration": 2.88297438621521, "message": null, "errors": [], "warnings": [], @@ -21,9 +21,9 @@ "system_environment": { "operating_system": "linux", "cpu_architecture": "64", - "platform": "Linux-5.15.0-163-generic-x86_64-with-glibc2.35", - "platform_version": "#173-Ubuntu SMP Tue Oct 14 17:51:00 UTC 2025", - "python_version": "3.10.12 (main, Nov 4 2025, 08:48:33) [GCC 11.4.0]" + "platform": "Linux-5.15.0-164-generic-x86_64-with-glibc2.35", + "platform_version": "#174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025", + "python_version": "3.10.12 (main, Jan 8 2026, 06:52:19) [GCC 11.4.0]" }, "spdx_license_list_version": "3.27", "files_count": 15 @@ -140,7 +140,7 @@ "repository_homepage_url": "https://pypi.org/project/asgiref", "repository_download_url": "https://pypi.org/packages/source/a/asgiref/asgiref-3.3.0.tar.gz", "api_data_url": "https://pypi.org/pypi/asgiref/3.3.0/json", - "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=8d961513-130b-422b-8fa7-3cbfdd6646e4", + "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=9d756414-29cf-4cec-871f-bced786b3f82", "datafile_paths": [ "codebase/asgiref-3.3.0-py3-none-any.whl" ], @@ -258,7 +258,7 @@ "repository_homepage_url": "https://pypi.org/project/asgiref", "repository_download_url": "https://pypi.org/packages/source/a/asgiref/asgiref-3.3.0.tar.gz", "api_data_url": "https://pypi.org/pypi/asgiref/3.3.0/json", - "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb", + "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b", "datafile_paths": [ "codebase/asgiref-3.3.0-py3-none-any.whl-extract/asgiref-3.3.0.dist-info/METADATA" ], @@ -279,8 +279,8 @@ "is_direct": true, "resolved_package": {}, "extra_data": {}, - "dependency_uid": "pkg:pypi/pytest?uuid=a5625e52-9223-44ca-aa7a-f0f00c75ef4d", - "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=8d961513-130b-422b-8fa7-3cbfdd6646e4", + "dependency_uid": "pkg:pypi/pytest?uuid=9a208fed-5bd8-42d2-a995-1162e26fb9fe", + "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=9d756414-29cf-4cec-871f-bced786b3f82", "datafile_path": "codebase/asgiref-3.3.0-py3-none-any.whl", "datasource_id": "pypi_wheel" }, @@ -294,8 +294,8 @@ "is_direct": true, "resolved_package": {}, "extra_data": {}, - "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=91a0c4c7-f419-48b5-b22d-00f10b69e69a", - "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=8d961513-130b-422b-8fa7-3cbfdd6646e4", + "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=c14ff398-c25c-4729-9112-265761b1de6c", + "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=9d756414-29cf-4cec-871f-bced786b3f82", "datafile_path": "codebase/asgiref-3.3.0-py3-none-any.whl", "datasource_id": "pypi_wheel" }, @@ -309,8 +309,8 @@ "is_direct": true, "resolved_package": {}, "extra_data": {}, - "dependency_uid": "pkg:pypi/pytest?uuid=25041a97-3bee-4b75-926a-f303ebb81d99", - "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb", + "dependency_uid": "pkg:pypi/pytest?uuid=e2301b96-0c70-442d-9366-62a8c12a7489", + "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b", "datafile_path": "codebase/asgiref-3.3.0-py3-none-any.whl-extract/asgiref-3.3.0.dist-info/METADATA", "datasource_id": "pypi_wheel_metadata" }, @@ -324,8 +324,8 @@ "is_direct": true, "resolved_package": {}, "extra_data": {}, - "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=05572afa-6f15-4b60-94bb-1d9a43d5aba6", - "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb", + "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=bdc3a89f-9c24-4e36-b41d-daf87efc6ccc", + "for_package_uid": "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b", "datafile_path": "codebase/asgiref-3.3.0-py3-none-any.whl-extract/asgiref-3.3.0.dist-info/METADATA", "datasource_id": "pypi_wheel_metadata" } @@ -464,7 +464,7 @@ "base_name": "asgiref-3.3.0-py3-none-any", "extension": ".whl", "size": 19948, - "date": "2025-12-12", + "date": "2026-01-16", "sha1": "c03f67211a311b13d1294ac8af7cb139ee34c4f9", "md5": "5bce1df6dedc53a41a9a6b40d7b1699e", "sha256": "a5098bc870b80e7b872bff60bb363c7f2c2c89078759f6c47b53ff8c525a152e", @@ -745,7 +745,7 @@ } ], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=8d961513-130b-422b-8fa7-3cbfdd6646e4" + "pkg:pypi/asgiref@3.3.0?uuid=9d756414-29cf-4cec-871f-bced786b3f82" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -855,7 +855,7 @@ "is_script": false, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -893,7 +893,7 @@ "is_script": true, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -931,7 +931,7 @@ "is_script": true, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -969,7 +969,7 @@ "is_script": true, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -1007,7 +1007,7 @@ "is_script": true, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -1045,7 +1045,7 @@ "is_script": true, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -1083,7 +1083,7 @@ "is_script": true, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -1121,7 +1121,7 @@ "is_script": true, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": "apache-2.0", "detected_license_expression_spdx": "Apache-2.0", @@ -1181,7 +1181,7 @@ "is_script": true, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -1255,7 +1255,7 @@ "is_script": false, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": "bsd-new", "detected_license_expression_spdx": "BSD-3-Clause", @@ -1592,7 +1592,7 @@ } ], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": "bsd-new", "detected_license_expression_spdx": "BSD-3-Clause", @@ -1679,7 +1679,7 @@ "is_script": false, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -1717,7 +1717,7 @@ "is_script": false, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, @@ -1755,7 +1755,7 @@ "is_script": false, "package_data": [], "for_packages": [ - "pkg:pypi/asgiref@3.3.0?uuid=c7159857-d80e-40e5-8665-3347b8d35ffb" + "pkg:pypi/asgiref@3.3.0?uuid=4fbdf9c2-d73b-4d3d-a342-4ee38977b41b" ], "detected_license_expression": null, "detected_license_expression_spdx": null, diff --git a/scanpipe/tests/data/asgiref/asgiref-3.3.0_walk_test_fixtures.json b/scanpipe/tests/data/asgiref/asgiref-3.3.0_walk_test_fixtures.json index 055b9c7c29..1f49a9438f 100644 --- a/scanpipe/tests/data/asgiref/asgiref-3.3.0_walk_test_fixtures.json +++ b/scanpipe/tests/data/asgiref/asgiref-3.3.0_walk_test_fixtures.json @@ -1,13 +1,13 @@ [ { "model": "scanpipe.project", - "pk": "3282ba3d-f525-4b74-9008-919108846d33", + "pk": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "fields": { "extra_data": {}, - "created_date": "2025-12-12T08:16:20.590Z", + "created_date": "2026-01-16T12:40:25.319Z", "name": "asgiref", - "slug": "asgiref-3282ba3d", - "work_directory": "/tmp/tmp5qi2cv31/projects/asgiref-3282ba3d", + "slug": "asgiref-92fe63d9", + "work_directory": "/tmp/tmp7o1wn11c/projects/asgiref-92fe63d9", "is_archived": false, "notes": "", "settings": {}, @@ -16,17 +16,17 @@ }, { "model": "scanpipe.run", - "pk": "88cca71e-436d-42ec-804b-ab1af5727413", + "pk": "87e422a3-3ebf-4fbf-99cb-e2f2bbb1ba7a", "fields": { "task_id": null, "task_start_date": null, "task_end_date": null, "task_exitcode": null, "task_output": "", - "log": "2025-12-12 08:16:20.593 Pipeline [scan_codebase] starting\n2025-12-12 08:16:20.594 Step [download_missing_inputs] starting\n2025-12-12 08:16:20.595 Step [download_missing_inputs] completed in 0 seconds\n2025-12-12 08:16:20.596 Step [copy_inputs_to_codebase_directory] starting\n2025-12-12 08:16:20.596 Step [copy_inputs_to_codebase_directory] completed in 0 seconds\n2025-12-12 08:16:20.597 Step [extract_archives] starting\n2025-12-12 08:16:20.661 Step [extract_archives] completed in 0 seconds\n2025-12-12 08:16:20.662 Step [collect_and_create_codebase_resources] starting\n2025-12-12 08:16:20.831 Step [collect_and_create_codebase_resources] completed in 0 seconds\n2025-12-12 08:16:20.832 Step [flag_empty_files] starting\n2025-12-12 08:16:20.834 Step [flag_empty_files] completed in 0 seconds\n2025-12-12 08:16:20.835 Step [flag_ignored_resources] starting\n2025-12-12 08:16:20.838 Step [flag_ignored_resources] completed in 0 seconds\n2025-12-12 08:16:20.839 Step [scan_for_application_packages] starting\n2025-12-12 08:16:20.840 Collecting package data from resources:\n2025-12-12 08:16:20.893 Progress: 11% (2/18)\n2025-12-12 08:16:20.932 Progress: 22% (4/18)\n2025-12-12 08:16:20.936 Progress: 33% (6/18)\n2025-12-12 08:16:20.937 Progress: 44% (8/18)\n2025-12-12 08:16:20.939 Progress: 55% (10/18)\n2025-12-12 08:16:20.940 Progress: 66% (12/18)\n2025-12-12 08:16:20.943 Progress: 77% (14/18)\n2025-12-12 08:16:20.945 Progress: 88% (16/18)\n2025-12-12 08:16:24.518 Progress: 100% (18/18)\n2025-12-12 08:16:24.602 Assembling collected package data:\n2025-12-12 08:16:24.603 Progress: 0%\n2025-12-12 08:16:24.722 Step [scan_for_application_packages] completed in 4 seconds\n2025-12-12 08:16:24.723 Step [scan_for_files] starting\n2025-12-12 08:16:43.753 Progress: 12% (2/16) ETA: 140 seconds (2.3 minutes)\n2025-12-12 08:16:43.947 Progress: 25% (4/16) ETA: 58 seconds\n2025-12-12 08:16:44.080 Progress: 37% (6/16) ETA: 33 seconds\n2025-12-12 08:16:44.379 Progress: 50% (8/16) ETA: 20 seconds\n2025-12-12 08:16:44.551 Progress: 62% (10/16) ETA: 12 seconds\n2025-12-12 08:16:44.666 Progress: 75% (12/16) ETA: 7 seconds\n2025-12-12 08:16:44.708 Progress: 87% (14/16) ETA: 3 seconds\n2025-12-12 08:16:44.998 Progress: 100% (16/16)\n2025-12-12 08:16:45.464 Step [scan_for_files] completed in 21 seconds\n2025-12-12 08:16:45.467 Step [collect_and_create_license_detections] starting\n2025-12-12 08:16:49.430 Step [collect_and_create_license_detections] completed in 4 seconds\n2025-12-12 08:16:49.432 Pipeline completed in 29 seconds\n", - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "log": "2026-01-16 12:40:25.323 Pipeline [scan_codebase] starting\n2026-01-16 12:40:25.324 Step [download_missing_inputs] starting\n2026-01-16 12:40:25.325 Step [download_missing_inputs] completed in 0 seconds\n2026-01-16 12:40:25.325 Step [copy_inputs_to_codebase_directory] starting\n2026-01-16 12:40:25.326 Step [copy_inputs_to_codebase_directory] completed in 0 seconds\n2026-01-16 12:40:25.327 Step [extract_archives] starting\n2026-01-16 12:40:25.378 Step [extract_archives] completed in 0 seconds\n2026-01-16 12:40:25.379 Step [collect_and_create_codebase_resources] starting\n2026-01-16 12:40:25.557 Step [collect_and_create_codebase_resources] completed in 0 seconds\n2026-01-16 12:40:25.559 Step [flag_empty_files] starting\n2026-01-16 12:40:25.560 Step [flag_empty_files] completed in 0 seconds\n2026-01-16 12:40:25.561 Step [flag_ignored_resources] starting\n2026-01-16 12:40:25.563 Step [flag_ignored_resources] completed in 0 seconds\n2026-01-16 12:40:25.564 Step [scan_for_application_packages] starting\n2026-01-16 12:40:25.564 Collecting package data from resources:\n2026-01-16 12:40:28.178 Progress: 11% (2/18) ETA: 21 seconds\n2026-01-16 12:40:28.179 Progress: 22% (4/18) ETA: 9 seconds\n2026-01-16 12:40:28.180 Progress: 33% (6/18) ETA: 5 seconds\n2026-01-16 12:40:28.187 Progress: 44% (8/18) ETA: 3 seconds\n2026-01-16 12:40:28.188 Progress: 55% (10/18) ETA: 2 seconds\n2026-01-16 12:40:28.188 Progress: 66% (12/18) ETA: 1 seconds\n2026-01-16 12:40:28.189 Progress: 77% (14/18) ETA: 1 seconds\n2026-01-16 12:40:28.189 Progress: 88% (16/18)\n2026-01-16 12:40:28.190 Progress: 100% (18/18)\n2026-01-16 12:40:28.191 Assembling collected package data:\n2026-01-16 12:40:28.191 Progress: 0%\n2026-01-16 12:40:28.257 Step [scan_for_application_packages] completed in 3 seconds\n2026-01-16 12:40:28.258 Step [scan_for_files] starting\n2026-01-16 12:40:28.297 Progress: 12% (2/16)\n2026-01-16 12:40:28.300 Progress: 25% (4/16)\n2026-01-16 12:40:28.578 Progress: 37% (6/16) ETA: 1 seconds\n2026-01-16 12:40:28.581 Progress: 50% (8/16)\n2026-01-16 12:40:28.966 Progress: 62% (10/16)\n2026-01-16 12:40:29.237 Progress: 75% (12/16)\n2026-01-16 12:40:30.070 Progress: 87% (14/16)\n2026-01-16 12:40:30.590 Progress: 100% (16/16)\n2026-01-16 12:40:30.855 Step [scan_for_files] completed in 3 seconds\n2026-01-16 12:40:30.857 Step [collect_and_create_license_detections] starting\n2026-01-16 12:40:30.869 Step [collect_and_create_license_detections] completed in 0 seconds\n2026-01-16 12:40:30.870 Pipeline completed in 6 seconds\n", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "pipeline_name": "scan_codebase", - "created_date": "2025-12-12T08:16:20.592Z", + "created_date": "2026-01-16T12:40:25.322Z", "scancodeio_version": "", "description": "Scan a codebase for application packages, licenses, and copyrights.", "current_step": "", @@ -43,7 +43,7 @@ "sha256": "a5098bc870b80e7b872bff60bb363c7f2c2c89078759f6c47b53ff8c525a152e", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -354,7 +354,7 @@ "sha256": "", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -400,7 +400,7 @@ "sha256": "", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -446,7 +446,7 @@ "sha256": "", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -492,7 +492,7 @@ "sha256": "6e89108c2cf0c0446174188f76f60465ae1c1f14f83427807df40d52a27cb2c8", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -538,7 +538,7 @@ "sha256": "b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "bsd-new", "detected_license_expression_spdx": "BSD-3-Clause", "license_detections": [ @@ -619,7 +619,7 @@ "sha256": "70f98f4eb9f6068b192b5464fcdf69e29a8ff09962bfce84bbb052baeee44f33", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -930,7 +930,7 @@ "sha256": "11546323af45e6a5639bf620a9c4d73e74c0bf705f494af4595007b923f75e8a", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -976,7 +976,7 @@ "sha256": "2c1983592aa38f0bfb0afacc73ddc5b46ce10e8e89ceaa9fed1e5fc6361b608d", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1022,7 +1022,7 @@ "sha256": "30f49b9094bff904a42caeec32515715fe625a56dc48bd7c0e3d9988c0ad4bd7", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1068,7 +1068,7 @@ "sha256": "fa4651a3b79201a4dc44a4096cd49ec8f427e912ea0ee05c666357b413a8afe7", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1114,7 +1114,7 @@ "sha256": "ee0fcf4a8e6fa9df8a4643bb48e82892d496afce44b6c8b8aea2721755545e1c", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1160,7 +1160,7 @@ "sha256": "3151f66c476208c3154cb6c4fb557a2a253bab82f0ab33fb3c8b9f7976be9e33", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1206,7 +1206,7 @@ "sha256": "ddd445b778c097fc75c2bf69ad964cbadd3bd6999d1dd2306d39d401855e8e3e", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1252,7 +1252,7 @@ "sha256": "ddbc8d455eceb68fc583c67e7c4ad0277c867fb39095c51ec5b37f70342e8334", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1298,7 +1298,7 @@ "sha256": "126c3e3a8a75a517d2739612304607804cf5f34da63fa25d03a6f11f7edb6f2f", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "apache-2.0", "detected_license_expression_spdx": "Apache-2.0", "license_detections": [ @@ -1383,7 +1383,7 @@ "sha256": "f8bd1ea3fb8afddabb10f8efd66796d41446cad51168ef4d3c44b19c973d0ad0", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1429,7 +1429,7 @@ "sha256": "885267fee0fea687875a02ceb929ca095312d47aaa57e20e4ce382f397caaf4d", "sha512": "", "extra_data": {}, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "detected_license_expression": "", "detected_license_expression_spdx": "", "license_detections": [], @@ -1476,7 +1476,7 @@ "version": "3.3.0", "qualifiers": "", "subpath": "", - "uuid": "b0467b22-5e83-4b0d-91e2-15121a8cf075", + "uuid": "543a3583-3a13-4b5d-a039-c6bc4072de35", "md5": "", "sha1": "", "sha256": "", @@ -1486,7 +1486,7 @@ "Documentation": "https://asgi.readthedocs.io/", "Further Documentation": "https://docs.djangoproject.com/en/stable/topics/async/#async-adapter-functions" }, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "compliance_alert": "", "affected_by_vulnerabilities": [], "filename": "", @@ -1577,7 +1577,7 @@ ], "missing_resources": [], "modified_resources": [], - "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a", + "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002", "keywords": [ "Development Status :: 5 - Production/Stable", "Environment :: Web Environment", @@ -1610,7 +1610,7 @@ "version": "3.3.0", "qualifiers": "", "subpath": "", - "uuid": "856001ca-aabf-4c6a-8ac2-cc1317f3e05d", + "uuid": "b2913908-3a31-4460-b330-a74d14b5ee24", "md5": "", "sha1": "", "sha256": "", @@ -1620,7 +1620,7 @@ "Documentation": "https://asgi.readthedocs.io/", "Further Documentation": "https://docs.djangoproject.com/en/stable/topics/async/#async-adapter-functions" }, - "project": "3282ba3d-f525-4b74-9008-919108846d33", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "compliance_alert": "", "affected_by_vulnerabilities": [], "filename": "", @@ -1711,7 +1711,7 @@ ], "missing_resources": [], "modified_resources": [], - "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6", + "package_uid": "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb", "keywords": [ "Development Status :: 5 - Production/Stable", "Environment :: Web Environment", @@ -1757,10 +1757,10 @@ "version": "", "qualifiers": "", "subpath": "", - "uuid": "ef046d41-ae47-42c3-838c-def8bc956723", + "uuid": "19138025-32e9-4060-ab38-622b27493b6c", "affected_by_vulnerabilities": [], - "project": "3282ba3d-f525-4b74-9008-919108846d33", - "dependency_uid": "pkg:pypi/pytest?uuid=a1855203-fd9a-441d-98f6-e1e10de689c2", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "dependency_uid": "pkg:pypi/pytest?uuid=43b6aa1d-7036-47c8-a40e-7b14bb14171b", "for_package": 1, "resolved_to_package": null, "datafile_resource": 1, @@ -1783,10 +1783,10 @@ "version": "", "qualifiers": "", "subpath": "", - "uuid": "3f928a8b-4505-4a7b-ad3a-a589dec836db", + "uuid": "52135390-385f-4fc0-8b0a-38f28c1040dd", "affected_by_vulnerabilities": [], - "project": "3282ba3d-f525-4b74-9008-919108846d33", - "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=8cfeaa4e-a8db-4004-a416-3230ee0d3aae", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=b2d0632b-d881-4d8a-ad04-d3d780e7c6e2", "for_package": 1, "resolved_to_package": null, "datafile_resource": 1, @@ -1809,10 +1809,10 @@ "version": "", "qualifiers": "", "subpath": "", - "uuid": "31fbc19e-c309-4463-8312-390ef734bf78", + "uuid": "c6282019-1112-43f8-a27a-658cc0c5dcf4", "affected_by_vulnerabilities": [], - "project": "3282ba3d-f525-4b74-9008-919108846d33", - "dependency_uid": "pkg:pypi/pytest?uuid=3fa1cdcc-c729-4e57-94f3-95212cd8f7d4", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "dependency_uid": "pkg:pypi/pytest?uuid=a1481753-660d-4cf0-b0b8-a929ede30720", "for_package": 2, "resolved_to_package": null, "datafile_resource": 7, @@ -1835,10 +1835,10 @@ "version": "", "qualifiers": "", "subpath": "", - "uuid": "892b2af3-a9f0-4544-9874-583307d2d387", + "uuid": "01b33ae9-cb5f-442b-bfac-af8e40a1bf8c", "affected_by_vulnerabilities": [], - "project": "3282ba3d-f525-4b74-9008-919108846d33", - "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=040715c9-6806-402c-b027-141a05b6fd05", + "project": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", + "dependency_uid": "pkg:pypi/pytest-asyncio?uuid=66c37d13-079b-412b-a610-1dabf9d7e6aa", "for_package": 2, "resolved_to_package": null, "datafile_resource": 7, diff --git a/scanpipe/tests/data/cyclonedx/asgiref-3.3.0.cdx.json b/scanpipe/tests/data/cyclonedx/asgiref-3.3.0.cdx.json index d14b14ce71..e587c0f2e8 100644 --- a/scanpipe/tests/data/cyclonedx/asgiref-3.3.0.cdx.json +++ b/scanpipe/tests/data/cyclonedx/asgiref-3.3.0.cdx.json @@ -6,7 +6,7 @@ "version": 1, "metadata": { "component": { - "bom-ref": "3282ba3d-f525-4b74-9008-919108846d33", + "bom-ref": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3", "name": "asgiref", "type": "library" }, @@ -32,9 +32,16 @@ "name": "Django Software Foundation" } ], - "bom-ref": "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a", + "bom-ref": "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb", "copyright": "", "description": "ASGI specs, helper code, and adapters\nasgiref\n=======\n\n.. image:: https://api.travis-ci.org/django/asgiref.svg\n :target: https://travis-ci.org/django/asgiref\n\n.. image:: https://img.shields.io/pypi/v/asgiref.svg\n :target: https://pypi.python.org/pypi/asgiref\n\nASGI is a standard for Python asynchronous web apps and servers to communicate\nwith each other, and positioned as an asynchronous successor to WSGI. You can\nread more at https://asgi.readthedocs.io/en/latest/\n\nThis package includes ASGI base libraries, such as:\n\n* Sync-to-async and async-to-sync function wrappers, ``asgiref.sync``\n* Server base classes, ``asgiref.server``\n* A WSGI-to-ASGI adapter, in ``asgiref.wsgi``\n\n\nFunction wrappers\n-----------------\n\nThese allow you to wrap or decorate async or sync functions to call them from\nthe other style (so you can call async functions from a synchronous thread,\nor vice-versa).\n\nIn particular:\n\n* AsyncToSync lets a synchronous subthread stop and wait while the async\n function is called on the main thread's event loop, and then control is\n returned to the thread when the async function is finished.\n\n* SyncToAsync lets async code call a synchronous function, which is run in\n a threadpool and control returned to the async coroutine when the synchronous\n function completes.\n\nThe idea is to make it easier to call synchronous APIs from async code and\nasynchronous APIs from synchronous code so it's easier to transition code from\none style to the other. In the case of Channels, we wrap the (synchronous)\nDjango view system with SyncToAsync to allow it to run inside the (asynchronous)\nASGI server.\n\nNote that exactly what threads things run in is very specific, and aimed to\nkeep maximum compatibility with old synchronous code. See\n\"Synchronous code & Threads\" below for a full explanation. By default,\n``sync_to_async`` will run all synchronous code in the program in the same\nthread for safety reasons; you can disable this for more performance with\n``@sync_to_async(thread_sensitive=False)``, but make sure that your code does\nnot rely on anything bound to threads (like database connections) when you do.\n\n\nThreadlocal replacement\n-----------------------\n\nThis is a drop-in replacement for ``threading.local`` that works with both\nthreads and asyncio Tasks. Even better, it will proxy values through from a\ntask-local context to a thread-local context when you use ``sync_to_async``\nto run things in a threadpool, and vice-versa for ``async_to_sync``.\n\nIf you instead want true thread- and task-safety, you can set\n``thread_critical`` on the Local object to ensure this instead.\n\n\nServer base classes\n-------------------\n\nIncludes a ``StatelessServer`` class which provides all the hard work of\nwriting a stateless server (as in, does not handle direct incoming sockets\nbut instead consumes external streams or sockets to work out what is happening).\n\nAn example of such a server would be a chatbot server that connects out to\na central chat server and provides a \"connection scope\" per user chatting to\nit. There's only one actual connection, but the server has to separate things\ninto several scopes for easier writing of the code.\n\nYou can see an example of this being used in `frequensgi `_.\n\n\nWSGI-to-ASGI adapter\n--------------------\n\nAllows you to wrap a WSGI application so it appears as a valid ASGI application.\n\nSimply wrap it around your WSGI application like so::\n\n asgi_application = WsgiToAsgi(wsgi_application)\n\nThe WSGI application will be run in a synchronous threadpool, and the wrapped\nASGI application will be one that accepts ``http`` class messages.\n\nPlease note that not all extended features of WSGI may be supported (such as\nfile handles for incoming POST bodies).\n\n\nDependencies\n------------\n\n``asgiref`` requires Python 3.5 or higher.\n\n\nContributing\n------------\n\nPlease refer to the\n`main Channels contributing docs `_.\n\n\nTesting\n'''''''\n\nTo run tests, make sure you have installed the ``tests`` extra with the package::\n\n cd asgiref/\n pip install -e .[tests]\n pytest\n\n\nBuilding the documentation\n''''''''''''''''''''''''''\n\nThe documentation uses `Sphinx `_::\n\n cd asgiref/docs/\n pip install sphinx\n\nTo build the docs, you can use the default tools::\n\n sphinx-build -b html . _build/html # or `make html`, if you've got make set up\n cd _build/html\n python -m http.server\n\n...or you can use ``sphinx-autobuild`` to run a server and rebuild/reload\nyour documentation changes automatically::\n\n pip install sphinx-autobuild\n sphinx-autobuild . _build/html\n\n\nImplementation Details\n----------------------\n\nSynchronous code & threads\n''''''''''''''''''''''''''\n\nThe ``asgiref.sync`` module provides two wrappers that let you go between\nasynchronous and synchronous code at will, while taking care of the rough edges\nfor you.\n\nUnfortunately, the rough edges are numerous, and the code has to work especially\nhard to keep things in the same thread as much as possible. Notably, the\nrestrictions we are working with are:\n\n* All synchronous code called through ``SyncToAsync`` and marked with\n ``thread_sensitive`` should run in the same thread as each other (and if the\n outer layer of the program is synchronous, the main thread)\n\n* If a thread already has a running async loop, ``AsyncToSync`` can't run things\n on that loop if it's blocked on synchronous code that is above you in the\n call stack.\n\nThe first compromise you get to might be that ``thread_sensitive`` code should\njust run in the same thread and not spawn in a sub-thread, fulfilling the first\nrestriction, but that immediately runs you into the second restriction.\n\nThe only real solution is to essentially have a variant of ThreadPoolExecutor\nthat executes any ``thread_sensitive`` code on the outermost synchronous\nthread - either the main thread, or a single spawned subthread.\n\nThis means you now have two basic states:\n\n* If the outermost layer of your program is synchronous, then all async code\n run through ``AsyncToSync`` will run in a per-call event loop in arbitary\n sub-threads, while all ``thread_sensitive`` code will run in the main thread.\n\n* If the outermost layer of your program is asynchronous, then all async code\n runs on the main thread's event loop, and all ``thread_sensitive`` synchronous\n code will run in a single shared sub-thread.\n\nCruicially, this means that in both cases there is a thread which is a shared\nresource that all ``thread_sensitive`` code must run on, and there is a chance\nthat this thread is currently blocked on its own ``AsyncToSync`` call. Thus,\n``AsyncToSync`` needs to act as an executor for thread code while it's blocking.\n\nThe ``CurrentThreadExecutor`` class provides this functionality; rather than\nsimply waiting on a Future, you can call its ``run_until_future`` method and\nit will run submitted code until that Future is done. This means that code\ninside the call can then run code on your thread.\n\n\nMaintenance and Security\n------------------------\n\nTo report security issues, please contact security@djangoproject.com. For GPG\nsignatures and more security process information, see\nhttps://docs.djangoproject.com/en/dev/internals/security/.\n\nTo report bugs or request new features, please open a new GitHub issue.\n\nThis repository is part of the Channels project. For the shepherd and maintenance team, please see the\n`main Channels readme `_.", + "evidence": { + "licenses": [ + { + "expression": "Apache-2.0 AND LicenseRef-test" + } + ] + }, "externalReferences": [ { "type": "bom", @@ -62,7 +69,7 @@ }, { "name": "aboutcode:package_uid", - "value": "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a" + "value": "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" }, { "name": "aboutcode:primary_language", @@ -80,16 +87,9 @@ "name": "Django Software Foundation" } ], - "bom-ref": "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6", + "bom-ref": "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002", "copyright": "", "description": "ASGI specs, helper code, and adapters\nasgiref\n=======\n\n.. image:: https://api.travis-ci.org/django/asgiref.svg\n :target: https://travis-ci.org/django/asgiref\n\n.. image:: https://img.shields.io/pypi/v/asgiref.svg\n :target: https://pypi.python.org/pypi/asgiref\n\nASGI is a standard for Python asynchronous web apps and servers to communicate\nwith each other, and positioned as an asynchronous successor to WSGI. You can\nread more at https://asgi.readthedocs.io/en/latest/\n\nThis package includes ASGI base libraries, such as:\n\n* Sync-to-async and async-to-sync function wrappers, ``asgiref.sync``\n* Server base classes, ``asgiref.server``\n* A WSGI-to-ASGI adapter, in ``asgiref.wsgi``\n\n\nFunction wrappers\n-----------------\n\nThese allow you to wrap or decorate async or sync functions to call them from\nthe other style (so you can call async functions from a synchronous thread,\nor vice-versa).\n\nIn particular:\n\n* AsyncToSync lets a synchronous subthread stop and wait while the async\n function is called on the main thread's event loop, and then control is\n returned to the thread when the async function is finished.\n\n* SyncToAsync lets async code call a synchronous function, which is run in\n a threadpool and control returned to the async coroutine when the synchronous\n function completes.\n\nThe idea is to make it easier to call synchronous APIs from async code and\nasynchronous APIs from synchronous code so it's easier to transition code from\none style to the other. In the case of Channels, we wrap the (synchronous)\nDjango view system with SyncToAsync to allow it to run inside the (asynchronous)\nASGI server.\n\nNote that exactly what threads things run in is very specific, and aimed to\nkeep maximum compatibility with old synchronous code. See\n\"Synchronous code & Threads\" below for a full explanation. By default,\n``sync_to_async`` will run all synchronous code in the program in the same\nthread for safety reasons; you can disable this for more performance with\n``@sync_to_async(thread_sensitive=False)``, but make sure that your code does\nnot rely on anything bound to threads (like database connections) when you do.\n\n\nThreadlocal replacement\n-----------------------\n\nThis is a drop-in replacement for ``threading.local`` that works with both\nthreads and asyncio Tasks. Even better, it will proxy values through from a\ntask-local context to a thread-local context when you use ``sync_to_async``\nto run things in a threadpool, and vice-versa for ``async_to_sync``.\n\nIf you instead want true thread- and task-safety, you can set\n``thread_critical`` on the Local object to ensure this instead.\n\n\nServer base classes\n-------------------\n\nIncludes a ``StatelessServer`` class which provides all the hard work of\nwriting a stateless server (as in, does not handle direct incoming sockets\nbut instead consumes external streams or sockets to work out what is happening).\n\nAn example of such a server would be a chatbot server that connects out to\na central chat server and provides a \"connection scope\" per user chatting to\nit. There's only one actual connection, but the server has to separate things\ninto several scopes for easier writing of the code.\n\nYou can see an example of this being used in `frequensgi `_.\n\n\nWSGI-to-ASGI adapter\n--------------------\n\nAllows you to wrap a WSGI application so it appears as a valid ASGI application.\n\nSimply wrap it around your WSGI application like so::\n\n asgi_application = WsgiToAsgi(wsgi_application)\n\nThe WSGI application will be run in a synchronous threadpool, and the wrapped\nASGI application will be one that accepts ``http`` class messages.\n\nPlease note that not all extended features of WSGI may be supported (such as\nfile handles for incoming POST bodies).\n\n\nDependencies\n------------\n\n``asgiref`` requires Python 3.5 or higher.\n\n\nContributing\n------------\n\nPlease refer to the\n`main Channels contributing docs `_.\n\n\nTesting\n'''''''\n\nTo run tests, make sure you have installed the ``tests`` extra with the package::\n\n cd asgiref/\n pip install -e .[tests]\n pytest\n\n\nBuilding the documentation\n''''''''''''''''''''''''''\n\nThe documentation uses `Sphinx `_::\n\n cd asgiref/docs/\n pip install sphinx\n\nTo build the docs, you can use the default tools::\n\n sphinx-build -b html . _build/html # or `make html`, if you've got make set up\n cd _build/html\n python -m http.server\n\n...or you can use ``sphinx-autobuild`` to run a server and rebuild/reload\nyour documentation changes automatically::\n\n pip install sphinx-autobuild\n sphinx-autobuild . _build/html\n\n\nImplementation Details\n----------------------\n\nSynchronous code & threads\n''''''''''''''''''''''''''\n\nThe ``asgiref.sync`` module provides two wrappers that let you go between\nasynchronous and synchronous code at will, while taking care of the rough edges\nfor you.\n\nUnfortunately, the rough edges are numerous, and the code has to work especially\nhard to keep things in the same thread as much as possible. Notably, the\nrestrictions we are working with are:\n\n* All synchronous code called through ``SyncToAsync`` and marked with\n ``thread_sensitive`` should run in the same thread as each other (and if the\n outer layer of the program is synchronous, the main thread)\n\n* If a thread already has a running async loop, ``AsyncToSync`` can't run things\n on that loop if it's blocked on synchronous code that is above you in the\n call stack.\n\nThe first compromise you get to might be that ``thread_sensitive`` code should\njust run in the same thread and not spawn in a sub-thread, fulfilling the first\nrestriction, but that immediately runs you into the second restriction.\n\nThe only real solution is to essentially have a variant of ThreadPoolExecutor\nthat executes any ``thread_sensitive`` code on the outermost synchronous\nthread - either the main thread, or a single spawned subthread.\n\nThis means you now have two basic states:\n\n* If the outermost layer of your program is synchronous, then all async code\n run through ``AsyncToSync`` will run in a per-call event loop in arbitary\n sub-threads, while all ``thread_sensitive`` code will run in the main thread.\n\n* If the outermost layer of your program is asynchronous, then all async code\n runs on the main thread's event loop, and all ``thread_sensitive`` synchronous\n code will run in a single shared sub-thread.\n\nCruicially, this means that in both cases there is a thread which is a shared\nresource that all ``thread_sensitive`` code must run on, and there is a chance\nthat this thread is currently blocked on its own ``AsyncToSync`` call. Thus,\n``AsyncToSync`` needs to act as an executor for thread code while it's blocking.\n\nThe ``CurrentThreadExecutor`` class provides this functionality; rather than\nsimply waiting on a Future, you can call its ``run_until_future`` method and\nit will run submitted code until that Future is done. This means that code\ninside the call can then run code on your thread.\n\n\nMaintenance and Security\n------------------------\n\nTo report security issues, please contact security@djangoproject.com. For GPG\nsignatures and more security process information, see\nhttps://docs.djangoproject.com/en/dev/internals/security/.\n\nTo report bugs or request new features, please open a new GitHub issue.\n\nThis repository is part of the Channels project. For the shepherd and maintenance team, please see the\n`main Channels readme `_.", - "evidence": { - "licenses": [ - { - "expression": "Apache-2.0 AND LicenseRef-test" - } - ] - }, "externalReferences": [ { "type": "bom", @@ -117,7 +117,7 @@ }, { "name": "aboutcode:package_uid", - "value": "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "value": "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002" }, { "name": "aboutcode:primary_language", @@ -132,23 +132,23 @@ "dependencies": [ { "dependsOn": [ - "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a", - "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb", + "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002" ], - "ref": "3282ba3d-f525-4b74-9008-919108846d33" + "ref": "92fe63d9-1d53-4b63-b19a-85022fb7a3f3" }, { - "ref": "pkg:pypi/asgiref@3.3.0?uuid=549d974e-a424-4fe4-9351-edb3b03b391a" + "ref": "pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" }, { - "ref": "pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "ref": "pkg:pypi/asgiref@3.3.0?uuid=e66230c6-0a0c-4b55-b339-03afd0550002" } ], "vulnerabilities": [ { "affects": [ { - "ref": "urn:cdx:pkg:pypi/asgiref@3.3.0?uuid=5e52877b-c669-414e-bdf9-5d2bcb2443b6" + "ref": "urn:cdx:pkg:pypi/asgiref@3.3.0?uuid=e522e5ca-fd0c-4566-8632-bb3e82c5f7eb" } ], "bom-ref": "BomRef", diff --git a/scanpipe/tests/data/scancode/package_assembly_codebase.json b/scanpipe/tests/data/scancode/package_assembly_codebase.json index 39d0483821..b8dda71390 100644 --- a/scanpipe/tests/data/scancode/package_assembly_codebase.json +++ b/scanpipe/tests/data/scancode/package_assembly_codebase.json @@ -2,16 +2,16 @@ "headers": [ { "tool_name": "scancode-toolkit", - "tool_version": "32.4.1", + "tool_version": "32.5.0", "options": { "--info": true, "--package": true }, "notice": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.", - "start_timestamp": "2025-12-12T081655.345103", - "end_timestamp": "2025-12-12T081655.456071", + "start_timestamp": "2026-01-16T124033.902159", + "end_timestamp": "2026-01-16T124034.007409", "output_format_version": "4.1.0", - "duration": 0.11098170280456543, + "duration": 0.10526299476623535, "message": null, "errors": [], "warnings": [], @@ -19,9 +19,9 @@ "system_environment": { "operating_system": "linux", "cpu_architecture": "64", - "platform": "Linux-5.15.0-163-generic-x86_64-with-glibc2.35", - "platform_version": "#173-Ubuntu SMP Tue Oct 14 17:51:00 UTC 2025", - "python_version": "3.10.12 (main, Nov 4 2025, 08:48:33) [GCC 11.4.0]" + "platform": "Linux-5.15.0-164-generic-x86_64-with-glibc2.35", + "platform_version": "#174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025", + "python_version": "3.10.12 (main, Jan 8 2026, 06:52:19) [GCC 11.4.0]" }, "spdx_license_list_version": "3.27", "files_count": 3 @@ -91,7 +91,7 @@ "repository_homepage_url": "https://www.npmjs.com/package/test", "repository_download_url": "https://registry.npmjs.org/test/-/test-0.1.0.tgz", "api_data_url": "https://registry.npmjs.org/test/0.1.0", - "package_uid": "pkg:npm/test@0.1.0?uuid=966ed823-6627-4192-9608-1d1170ea4528", + "package_uid": "pkg:npm/test@0.1.0?uuid=bc515e36-4d09-4c13-b689-533065ae7d09", "datafile_paths": [ "package_assembly_codebase.tar.gz-extract/test/get_package_resources/package.json" ], @@ -278,7 +278,7 @@ } ], "for_packages": [ - "pkg:npm/test@0.1.0?uuid=966ed823-6627-4192-9608-1d1170ea4528" + "pkg:npm/test@0.1.0?uuid=bc515e36-4d09-4c13-b689-533065ae7d09" ], "files_count": 0, "dirs_count": 0, @@ -308,7 +308,7 @@ "is_script": false, "package_data": [], "for_packages": [ - "pkg:npm/test@0.1.0?uuid=966ed823-6627-4192-9608-1d1170ea4528" + "pkg:npm/test@0.1.0?uuid=bc515e36-4d09-4c13-b689-533065ae7d09" ], "files_count": 0, "dirs_count": 0, diff --git a/scanpipe/tests/pipes/test_scancode.py b/scanpipe/tests/pipes/test_scancode.py index 147086bc4a..e82eb81e01 100644 --- a/scanpipe/tests/pipes/test_scancode.py +++ b/scanpipe/tests/pipes/test_scancode.py @@ -502,7 +502,7 @@ def test_scanpipe_pipes_scancode_assemble_package_function(self): resource = project.codebaseresources.get(name="package.json") # This assembly should not trigger that many queries. - with self.assertNumQueries(17): + with self.assertNumQueries(16): scancode.assemble_package(resource, project, processed_paths) self.assertEqual(1, project.discoveredpackages.count())