Merge remote-tracking branch 'origin/main' into track-current-url

Author: aayushkdev

.github/workflows/sca-integration-ort.yml

@@ -0,0 +1,50 @@
+name: Generate SBOM with ORT and load into ScanCode.io
+
+# This workflow:
+#  1. Generates a CycloneDX SBOM for a requirement.txt file using ORT.
+#  2. Uploads the SBOM as a GitHub artifact for future inspection.
+#  3. Loads the SBOM into ScanCode.io for further analysis.
+#  4. Runs assertions to verify that the SBOM was properly processed in ScanCode.io.
+#
+# It runs on demand, and once a week (scheduled).
+
+on:
+  workflow_dispatch:
+  schedule:
+    # Run once a week (every 7 days) at 00:00 UTC on Sunday
+    - cron: "0 0 * * 0"
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  generate-and-load-sbom:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Create a Python requirements.txt
+        run: |
+          cat << 'EOF' > requirements.txt
+          amqp==5.1.1
+          appdirs==1.4.4
+          asgiref==3.5.2
+          urllib3==1.26.0
+          EOF
+
+      - name: Run GitHub Action for ORT
+        uses: oss-review-toolkit/ort-ci-github-action@v1
+
+      - name: Import SBOM into ScanCode.io
+        uses: aboutcode-org/scancode-action@main
+        with:
+          pipelines: "load_sbom"
+          inputs-path: "${{ env.ORT_RESULTS_PATH }}/bom.cyclonedx.json"
+          scancodeio-repo-branch: "main"
+
+      - name: Verify SBOM Analysis Results in ScanCode.io
+        shell: bash
+        run: |
+          scanpipe shell --command "from scanpipe.models import DiscoveredPackage, DiscoveredDependency; package_manager = DiscoveredPackage.objects; assert package_manager.count() >= 5; assert package_manager.vulnerable().count() >= 1; assert DiscoveredDependency.objects.count() >= 1"

docs/faq.rst

@@ -376,9 +376,10 @@ are actively supported and tested::
   - Anchore: https://anchore.com/sbom/
   - CycloneDX cdxgen: https://cyclonedx.github.io/cdxgen/
   - OWASP dep-scan: https://owasp.org/www-project-dep-scan/
+  - OSS Review Toolkit (ORT): https://oss-review-toolkit.org/ort/
+  - OSV-Scanner: https://osv.dev/
   - SBOM tool: https://github.com/microsoft/sbom-tool/
   - Trivy: https://trivy.dev/
-  - OSV-Scanner: https://osv.dev/
 
 .. note:: Imported SBOMs must follow the SPDX or CycloneDX standards, in JSON format.
    You can use the ``load_sbom`` pipeline to process and enhance these SBOMs in your

scanpipe/pipes/benchmark.py

@@ -70,8 +70,6 @@ def compare_purls(project, expected_purls):
     - Lines starting with '+' are unexpected in the project.
     """
     sorted_project_purls = get_unique_project_purls(project)
-    print(sorted_project_purls)
-
     diff_result = difflib.ndiff(sorted_project_purls, expected_purls)
 
     # Keep only lines that are diffs (- or +)

scanpipe/templates/scanpipe/panels/resource_table_panel.html

@@ -1,81 +1,110 @@
 {% load humanize %}
 
-{% if resources %}
-  <table class="table is-bordered is-striped is-narrow is-fullwidth">
-    <thead class="is-sticky">
-        <tr>
-          <th>Name</th>
-          <th>Status</th>
-          <th>Language</th>
-          <th>License</th>
-          <th>Alert</th>
-        </tr>
-      </thead>
-      <tbody>
-        {% for resource in resources %}
+<div class="mb-4">
+  <div class="has-text-weight-semibold is-flex is-align-items-center is-family-monospace">
+    {% if path_segments %}
+      <span id="resource-path" class="has-text-weight-medium">
+        {% spaceless %}
+        {% for subpath, segment in path_segments %}
+          {% if not forloop.first %}<span class="mx-1">/</span>{% endif %}
+          {% if not forloop.last %}
+            <a href="#" class="expand-in-tree has-text-link" data-path="{{ subpath }}" hx-get="{% url 'codebase_resource_table' project.slug %}?path={{ subpath }}" hx-target="#right-pane" hx-push-url="{% url 'codebase_resource_tree' project.slug %}?path={{ subpath }}">{{ segment }}</a>
+          {% else %}
+            <span>{{ segment }}</span>
+          {% endif %}
+        {% endfor %}
+        {% endspaceless %}
+      </span>
+      <button class="copy-to-clipboard ml-2 is-size-6 is-shadowless is-white" aria-label="Copy path" data-copy="{{ path }}" data-copy-feedback="Path copied!">
+        <i class="fa-regular fa-copy"></i>
+      </button>
+    {% else %}
+      <span id="resource-path" class="has-text-weight-medium">/</span>
+      <button class="copy-to-clipboard ml-2 is-size-6 is-shadowless is-white" aria-label="Copy path" data-copy="/" data-copy-feedback="Path copied!">
+        <i class="fa-regular fa-copy"></i>
+      </button>
+    {% endif %}
+  </div>
+</div>
+
+<div class="table-scroll-area">
+  {% if resources %}
+    <table class="table is-bordered is-striped is-narrow is-fullwidth">
+      <thead class="is-sticky">
           <tr>
-            <td class="is-flex is-align-items-center break-all" style="min-width: 100px;">
-                <span class="icon is-small mr-2">
+            <th>Name</th>
+            <th>Status</th>
+            <th>Language</th>
+            <th>License</th>
+            <th>Alert</th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for resource in resources %}
+            <tr>
+              <td class="is-flex is-align-items-center break-all" style="min-width: 100px;">
+                  <span class="icon is-small mr-2">
+                    {% if resource.is_dir %}
+                      <i class="fas fa-folder"></i>
+                    {% else %}
+                      <i class="far fa-file"></i>
+                    {% endif %}
+                  </span>
                   {% if resource.is_dir %}
-                    <i class="fas fa-folder"></i>
+                    <a href="#" class="expand-in-tree" data-path="{{ resource.path }}" hx-get="{% url 'codebase_resource_table' project.slug %}?path={{ resource.path }}" hx-target="#right-pane" hx-push-url="{% url 'codebase_resource_tree' project.slug %}?path={{ resource.path }}">{{ resource.name }}</a>
                   {% else %}
-                    <i class="far fa-file"></i>
+                    <a href="{% url 'resource_detail' project.slug resource.path %}">{{ resource.name }}</a>
                   {% endif %}
-                </span>
-                {% if resource.is_dir %}
-                  <a href="#" class="expand-in-tree" data-path="{{ resource.path }}" hx-get="{% url 'codebase_resource_table' project.slug %}?path={{ resource.path }}" hx-target="#right-pane" hx-push-url="{% url 'codebase_resource_tree' project.slug %}?path={{ resource.path }}">{{ resource.name }}</a>
-                {% else %}
-                  <a href="{% url 'resource_detail' project.slug resource.path %}">{{ resource.name }}</a>
-                {% endif %}
-                {% if resource.tag %}
-                  <span class="tag is-rounded ml-2">{{ resource.tag }}</span>
-                {% endif %}
-            </td>
-            <td>
-              {{ resource.status }}
-            </td>
-            <td class="break-all">
-              {{ resource.programming_language }}
-            </td>
-            <td>
-              {{ resource.detected_license_expression }}
-            </td>
-            <td>
-              {{ resource.compliance_alert }}
-            </td>
-          </tr>
-        {% endfor %}
-      </tbody>
-  </table>
+                  {% if resource.tag %}
+                    <span class="tag is-rounded ml-2">{{ resource.tag }}</span>
+                  {% endif %}
+              </td>
+              <td>
+                {{ resource.status }}
+              </td>
+              <td class="break-all">
+                {{ resource.programming_language }}
+              </td>
+              <td>
+                {{ resource.detected_license_expression }}
+              </td>
+              <td>
+                {{ resource.compliance_alert }}
+              </td>
+            </tr>
+          {% endfor %}
+        </tbody>
+    </table>
 
-  {% if is_paginated %}
-    <nav class="pagination is-centered mt-4" role="navigation">
-      {% if page_obj.has_previous %}
-        <a class="pagination-previous" hx-get="{% url 'codebase_resource_table' project.slug %}?path={{ path }}&page={{ page_obj.previous_page_number }}" hx-target="#right-pane">Previous</a>
-      {% endif %}
-      {% if page_obj.has_next %}
-        <a class="pagination-next" hx-get="{% url 'codebase_resource_table' project.slug %}?path={{ path }}&page={{ page_obj.next_page_number }}" hx-target="#right-pane">Next page</a>
-      {% endif %}
-      <ul class="pagination-list">
-        <li>
-          <span class="pagination-ellipsis">
-            Page {{ page_obj.number }} of {{ page_obj.paginator.num_pages }}
-          </span>
-        </li>
-      </ul>
-    </nav>
-  {% endif %}
-{% else %}
-  <div class="has-text-centered p-6">
-    <div class="icon is-large has-text-grey-light mb-3">
-      <i class="fas fa-folder-open fa-3x"></i>
+    {% if is_paginated %}
+      <nav class="pagination is-centered mt-4" role="navigation">
+        {% if page_obj.has_previous %}
+          <a class="pagination-previous" hx-get="{% url 'codebase_resource_table' project.slug %}?path={{ path }}&page={{ page_obj.previous_page_number }}" hx-target="#right-pane" hx-push-url="{% url 'codebase_resource_tree' project.slug %}?path={{ path }}&page={{ page_obj.previous_page_number }}">Previous</a>
+        {% endif %}
+        {% if page_obj.has_next %}
+          <a class="pagination-next" hx-get="{% url 'codebase_resource_table' project.slug %}?path={{ path }}&page={{ page_obj.next_page_number }}" hx-target="#right-pane" hx-push-url="{% url 'codebase_resource_tree' project.slug %}?path={{ path }}&page={{ page_obj.next_page_number }}">Next page</a>
+        {% endif %}
+        <ul class="pagination-list">
+          <li>
+            <span class="pagination-ellipsis">
+              Page {{ page_obj.number }} of {{ page_obj.paginator.num_pages }}
+            </span>
+          </li>
+        </ul>
+      </nav>
+    {% endif %}
+  {% else %}
+    <div class="has-text-centered p-6">
+      <div class="icon is-large has-text-grey-light mb-3">
+        <i class="fas fa-folder-open fa-3x"></i>
+      </div>
+      <p class="has-text-grey">
+        {% if path %}
+          No resources found in this directory.
+        {% else %}
+          Select a file or folder from the tree to view its contents.
+        {% endif %}
+      </p>
     </div>
-    <p class="has-text-grey">
-      {% if path %}
-        No resources found in this directory.
-      {% else %}
-        Select a file or folder from the tree to view its contents.
-      {% endif %}
-    </p>
-  </div>
-{% endif %}
+  {% endif %}
+</div>

scanpipe/templates/scanpipe/resource_tree.html

@@ -54,10 +54,16 @@
     }
     .right-pane {
       flex: 1;
-      overflow-y: auto;
-      overflow-x: hidden;
       min-width: 0;
       transition: opacity 0.2s ease;
+      display: flex;
+      flex-direction: column;
+      height: 100%;
+    }
+    .right-pane .table-scroll-area {
+      flex: 1;
+      overflow-y: auto;
+      overflow-x: hidden;
     }
     .right-pane.collapsed {
       opacity: 0;
@@ -109,6 +115,14 @@
 
 {% block scripts %}
   <script>
+    document.body.addEventListener('htmx:afterSwap', function(evt) {
+      if (evt.target && evt.target.id === 'right-pane') {
+        if (typeof enableCopyToClipboard === 'function') {
+          enableCopyToClipboard('.copy-to-clipboard');
+        }
+      }
+    });
+
     async function toggleFolderNode(folderNode, forceExpand = false) {
       const targetId = folderNode.dataset.target;
       const url = folderNode.dataset.url;