Changed Dependency Overview to new template

Author: dacoburn

pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.0.52"
+version = "2.0.53"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [

socketsecurity/__init__.py

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '2.0.52'
+__version__ = '2.0.53'

socketsecurity/core/__init__.py

@@ -21,7 +21,7 @@
     FullScan,
     Issue,
     Package,
-    Purl,
+    Purl
 )
 from socketsecurity.core.exceptions import APIResourceNotFound
 from socketsecurity.core.licenses import Licenses
@@ -644,7 +644,7 @@ def create_diff_report(
         seen_removed_packages = set()
 
         for package_id, package in added_packages.items():
-            purl = Core.create_purl(package_id, added_packages)
+            purl = self.create_purl(package_id, added_packages)
             base_purl = f"{purl.ecosystem}/{purl.name}@{purl.version}"
 
             if (not direct_only or package.direct) and base_purl not in seen_new_packages:
@@ -658,7 +658,7 @@ def create_diff_report(
             )
 
         for package_id, package in removed_packages.items():
-            purl = Core.create_purl(package_id, removed_packages)
+            purl = self.create_purl(package_id, removed_packages)
             base_purl = f"{purl.ecosystem}/{purl.name}@{purl.version}"
 
             if (not direct_only or package.direct) and base_purl not in seen_removed_packages:
@@ -682,8 +682,13 @@ def create_diff_report(
 
         return diff
 
-    @staticmethod
-    def create_purl(package_id: str, packages: dict[str, Package]) -> Purl:
+    def get_all_scores(self, packages: dict[str, Package]) -> dict[str, Package]:
+        components = []
+        for package_id in packages:
+            package = packages[package_id]
+        return packages
+
+    def create_purl(self, package_id: str, packages: dict[str, Package]) -> Purl:
         """
         Creates the extended PURL data for package identification and tracking.
 
@@ -707,7 +712,8 @@ def create_purl(package_id: str, packages: dict[str, Package]) -> Purl:
             size=package.size,
             transitives=package.transitives,
             url=package.url,
-            purl=package.purl
+            purl=package.purl,
+            scores=package.score
         )
         return purl
 

socketsecurity/core/classes.py

@@ -370,7 +370,6 @@ def __init__(self, **kwargs):
     def __str__(self):
         return json.dumps(self.__dict__)
 
-
 class Purl:
     """
     Represents a Package URL (PURL) with extended metadata.
@@ -392,6 +391,7 @@ class Purl:
     author_url: str
     url: str
     purl: str
+    scores: dict[str, int]
 
     def __init__(self, **kwargs):
         if kwargs:

socketsecurity/core/messages.py

@@ -456,11 +456,9 @@ def dependency_overview_template(diff: Diff) -> str:
         md = MdUtils(file_name="markdown_overview_temp.md")
         md.new_line("<!-- socket-overview-comment-actions -->")
         md.new_header(level=1, title="Socket Security: Dependency Overview")
-        md.new_line("New and removed dependencies detected. Learn more about [socket.dev](https://socket.dev)")
+        md.new_line("Review the following changes in direct dependencies. Learn more about [socket.dev](https://socket.dev)")
         md.new_line()
         md = Messages.create_added_table(diff, md)
-        if len(diff.removed_packages) > 0:
-            md = Messages.create_remove_line(diff, md)
         md.create_md_file()
         if len(md.file_data_text.lstrip()) >= 65500:
             md = Messages.short_dependency_overview_comment(diff)
@@ -471,7 +469,7 @@ def short_dependency_overview_comment(diff: Diff) -> MdUtils:
         md = MdUtils(file_name="markdown_overview_temp.md")
         md.new_line("<!-- socket-overview-comment-actions -->")
         md.new_header(level=1, title="Socket Security: Dependency Overview")
-        md.new_line("New and removed dependencies detected. Learn more about [socket.dev](https://socket.dev)")
+        md.new_line("Review the following changes in direct dependencies. Learn more about [socket.dev](https://socket.dev)")
         md.new_line()
         md.new_line("The amount of dependency changes were to long for this comment. Please check out the full report")
         md.new_line(f"To view more information about this report checkout the [Full Report]({diff.diff_url})")
@@ -498,40 +496,63 @@ def create_remove_line(diff: Diff, md: MdUtils) -> MdUtils:
     def create_added_table(diff: Diff, md: MdUtils) -> MdUtils:
         """
         Create the Added packages table for the Dependency Overview template
-        :param diff: Diff - Diff report with the Added packages information
+        :param diff: Diff - Diff report with the Added package information
         :param md: MdUtils - Main markdown variable
         :return:
         """
+        # Table column headers
         overview_table = [
+            "Diff",
             "Package",
-            "Direct",
-            "Capabilities",
-            "Transitives",
-            "Size",
-            "Author"
+            "Supply Chain<br/>Security",
+            "Vulnerability",
+            "Quality",
+            "Maintenance",
+            "License"
         ]
         num_of_overview_columns = len(overview_table)
+
         count = 0
         for added in diff.new_packages:
-            added: Purl
-            package_url = Messages.create_purl_link(added)
-            capabilities = ", ".join(added.capabilities)
+            added: Purl  # Ensure `added` has scores and relevant attributes.
+
+            package_url = f"[{added.purl}]({added.url})"
+            diff_badge = f"[![+](https://github-app-statics.socket.dev/diff-added.svg)]({added.url})"
+
+            # Scores dynamically converted to badge URLs and linked
+            def score_to_badge(score):
+                score_percent = int(score * 100)  # Convert to integer percentage
+                return f"[![{score_percent}](https://github-app-statics.socket.dev/score-{score_percent}.svg)]({added.url})"
+
+            # Generate badges for each score type
+            supply_chain_risk_badge = score_to_badge(added.scores.get("supplyChain", 100))
+            vulnerability_badge = score_to_badge(added.scores.get("vulnerability", 100))
+            quality_badge = score_to_badge(added.scores.get("quality", 100))
+            maintenance_badge = score_to_badge(added.scores.get("maintenance", 100))
+            license_badge = score_to_badge(added.scores.get("license", 100))
+
+            # Add the row for this package
             row = [
+                diff_badge,
                 package_url,
-                added.direct,
-                capabilities,
-                added.transitives,
-                f"{added.size} KB",
-                added.author_url
+                supply_chain_risk_badge,
+                vulnerability_badge,
+                quality_badge,
+                maintenance_badge,
+                license_badge
             ]
             overview_table.extend(row)
-            count += 1
-        num_of_overview_rows = count + 1
+            count += 1  # Count total packages
+
+        # Calculate total rows for table
+        num_of_overview_rows = count + 1  # Include header row
+
+        # Generate Markdown table
         md.new_table(
             columns=num_of_overview_columns,
             rows=num_of_overview_rows,
             text=overview_table,
-            text_align="left"
+            text_align="center"
         )
         return md