Merge branch 'main' into 1727-sca-integration-ort

Author: tdruez

CHANGELOG.rst

@@ -20,6 +20,15 @@ v35.4.0 (unreleased)
 - Add new ``benchmark_purls`` pipeline.
   https://github.com/aboutcode-org/scancode.io/issues/1804
 
+- Add a Resources tree view.
+  https://github.com/aboutcode-org/scancode.io/issues/1682
+
+- Improve CycloneDX SBOM support.
+  * Upgrade the cyclonedx-python-lib to 11.0.0
+  * Fix the validate_document following library upgrade.
+  * Add support when the "components" entry is missing.
+  https://github.com/aboutcode-org/scancode.io/issues/1727
+
 v35.3.0 (2025-08-20)
 --------------------
 

pyproject.toml

@@ -82,8 +82,8 @@ dependencies = [
   # Profiling
   "pyinstrument==5.1.1",
   # CycloneDX
-  "cyclonedx-python-lib==10.2.0",
-  "jsonschema==4.24.0",
+  "cyclonedx-python-lib==11.0.0",
+  "jsonschema==4.25.1",
   # MatchCode-toolkit
   "matchcode-toolkit==7.2.2",
   # Univers

scanpipe/models.py

@@ -46,6 +46,7 @@
 from django.db import transaction
 from django.db.models import Case
 from django.db.models import Count
+from django.db.models import Exists
 from django.db.models import IntegerField
 from django.db.models import OuterRef
 from django.db.models import Prefetch
@@ -2432,6 +2433,17 @@ def macho_binaries(self):
     def executable_binaries(self):
         return self.union(self.win_exes(), self.macho_binaries(), self.elfs())
 
+    def with_has_children(self):
+        """
+        Annotate the QuerySet with has_children field based on whether
+        each resource has any children (subdirectories/files).
+        """
+        children_qs = CodebaseResource.objects.filter(
+            parent_path=OuterRef("path"),
+        )
+
+        return self.annotate(has_children=Exists(children_qs))
+
 
 class ScanFieldsModelMixin(models.Model):
     """Fields returned by the ScanCode-toolkit scans."""

scanpipe/pipes/benchmark.py

@@ -49,6 +49,18 @@ def get_expected_purls(project):
     return sorted(set(expected_purls))
 
 
+def get_unique_project_purls(project):
+    """
+    Return the sorted list of unique Package URLs (PURLs) discovered in the project.
+
+    Extracts the ``purl`` field from all discovered packages, removes duplicates,
+    and sorts the result to provide a deterministic list of project PURLs.
+    """
+    project_packages = project.discoveredpackages.only_package_url_fields()
+    sorted_unique_purls = sorted({package.purl for package in project_packages})
+    return sorted_unique_purls
+
+
 def compare_purls(project, expected_purls):
     """
     Compare discovered project PURLs against the expected PURLs.
@@ -57,10 +69,10 @@ def compare_purls(project, expected_purls):
     - Lines starting with '-' are missing from the project.
     - Lines starting with '+' are unexpected in the project.
     """
-    project_packages = project.discoveredpackages.only_package_url_fields()
-    sorted_unique_purls = sorted({package.purl for package in project_packages})
+    sorted_project_purls = get_unique_project_purls(project)
+    print(sorted_project_purls)
 
-    diff_result = difflib.ndiff(sorted_unique_purls, expected_purls)
+    diff_result = difflib.ndiff(sorted_project_purls, expected_purls)
 
     # Keep only lines that are diffs (- or +)
     filtered_diff = [line for line in diff_result if line.startswith(("-", "+"))]

scanpipe/pipes/cyclonedx.py

@@ -123,7 +123,10 @@ def validate_document(document):
     The validator is loaded from the document specVersion property.
     """
     if isinstance(document, str):
+        document_str = document
         document = json.loads(document)
+    else:
+        document_str = json.dumps(document)
 
     spec_version = document.get("specVersion")
     if not spec_version:
@@ -132,7 +135,8 @@ def validate_document(document):
     schema_version = SchemaVersion.from_version(spec_version)
 
     json_validator = JsonStrictValidator(schema_version)
-    return json_validator._validata_data(document)
+    json_validation_errors = json_validator.validate_str(document_str)
+    return json_validation_errors
 
 
 def is_cyclonedx_bom(input_location):
@@ -281,7 +285,7 @@ def is_empty(value):
         elif isinstance(value, list) and not any(value):
             return True
 
-    for component in cyclonedx_document_json["components"]:
+    for component in cyclonedx_document_json.get("components", []):
         for property_name, property_value in component.items():
             if is_empty(property_value) or property_name in ignored_properties:
                 entries_to_delete.append((component, property_name))

scanpipe/templates/scanpipe/includes/project_summary_level.html

@@ -69,6 +69,13 @@
           <a href="{{ project_resources_url }}">
             {{ project.resource_count|intcomma }}
           </a>
+          {% if project.resource_count > 1 %}
+            <a href="{% url 'codebase_resource_tree' project.slug %}" class="ml-2">
+              <span class="icon">
+                <i class="fa-solid fa-folder-tree is-size-6"></i>
+              </span>
+            </a>
+          {% endif %}
           {% if project.resource_compliance_alert_count %}
             <a href="{% url 'project_resources' project.slug %}?compliance_alert=error" class="has-text-danger is-size-5 ml-2">
               {{ project.resource_compliance_alert_count|intcomma }}

scanpipe/templates/scanpipe/panels/codebase_tree_panel.html

@@ -0,0 +1,29 @@
+<ul>
+  {% for node in children %}
+    <li>
+      {% if node.is_dir %}
+        <div class="tree-node is-flex is-align-items-center has-text-weight-semibold px-1" data-folder data-path="{{ node.path }}"{% if node.has_children %} data-target="{{ node.path|slugify }}" data-url="{% url 'codebase_resource_tree' slug=project.slug %}?path={{ node.path }}"{% endif %}>
+          <span class="icon is-small chevron mr-1{% if not node.has_children %} is-invisible{% endif %} is-clickable is-flex is-align-items-center" data-chevron>
+            <i class="fas fa-chevron-right"></i>
+          </span>
+          <span class="is-flex is-align-items-center folder-meta is-clickable" data-folder-click hx-get="{% url 'codebase_resource_table' project.slug %}?path={{ node.path }}" hx-target="#right-pane">
+            <span class="icon is-small mr-2">
+              <i class="fas fa-folder"></i>
+            </span>
+            <span>{{ node.name }}</span>
+          </span>
+        </div>
+        {% if node.has_children %}
+          <div id="dir-{{ node.path|slugify }}" class="ml-4 is-hidden" data-loaded="false"></div>
+        {% endif %}
+      {% else %}
+        <div class="tree-node-file is-flex is-align-items-center pl-5 is-clickable is-file" data-file data-path="{{ node.path }}" hx-get="{% url 'codebase_resource_table' project.slug %}?path={{ node.path }}" hx-target="#right-pane">
+          <span class="icon is-small mr-2">
+            <i class="far fa-file"></i>
+          </span>
+          <span>{{ node.name }}</span>
+        </div>
+      {% endif %}
+    </li>
+  {% endfor %}
+</ul>

scanpipe/templates/scanpipe/panels/license_clarity_panel.html

@@ -1,4 +1,4 @@
-<article id="license-clarity-panel" class="panel is-info">
+<article id="license-clarity-panel" class="panel is-dark">
   <div class="panel-heading is-flex is-justify-content-space-between">
     License clarity
     {% include "scanpipe/dropdowns/help_dropdown_tooltip.html" with content="License clarity is a set of metrics that indicate how clearly, comprehensively and accurately a software project has defined and communicated the licensing that applies to the software." only %}

scanpipe/templates/scanpipe/panels/license_detections_summary.html

@@ -1,13 +1,13 @@
 {% load humanize %}
 {% if license_detection_summary %}
 <div class="column is-half">
-<article id="license-detection-summary-panel" class="panel is-info">
+<article id="license-detection-summary-panel" class="panel is-dark">
   <div class="panel-heading is-flex is-justify-content-space-between">
     Unique license detections
     {% include "scanpipe/dropdowns/help_dropdown_tooltip.html" with content="All unique license detections in the codebase identified by matched license text and other license match characteristics. Also contains other license clues." only %}
   </div>
-  <div class="panel is-info">
-    <nav class="panel is-info">
+  <div class="panel is-dark">
+    <nav class="panel is-dark">
       {% for license_expression, count in license_detection_summary.items %}
         <a class="panel-block is-align-items-flex-start break-word is-flex is-align-items-center" href="{{ project_licenses_url }}?license_expression={{ license_expression|default:'_EMPTY_' }}" target="_blank">
           {{ license_expression|default:'<i>No licenses</i>' }}

scanpipe/templates/scanpipe/panels/project_codebase.html

@@ -1,21 +1,26 @@
 <nav id="codebase-navigation" class="panel is-dark">
-  <p class="panel-heading">
-    Codebase
-    {% if current_dir and current_dir != "." %}
-      <span class="tag ml-2">
-        {% for dir_name, full_path in codebase_breadcrumbs.items %}
-          {% if not forloop.last %}
-            <a href="#" hx-target="#codebase-navigation" hx-swap="outerHTML" hx-get="{{ project_details_url }}codebase/?current_dir={{ full_path }}">
-              {{ dir_name }}
-            </a>
-            <span class="mr-1">/</span>
-          {% else %}
-            {{ dir_name }}/
-          {% endif %}
-        {% endfor %}
-      </span>
-    {% endif %}
-  </p>
+  <div class="panel-heading is-flex is-justify-content-space-between is-align-items-center">
+    <div>
+      <span>Codebase</span>
+      {% if current_dir and current_dir != "." %}
+        <span class="tag ml-2">
+          {% for dir_name, full_path in codebase_breadcrumbs.items %}
+            {% if not forloop.last %}
+              <a href="#" hx-target="#codebase-navigation" hx-swap="outerHTML" hx-get="{{ project_details_url }}codebase/?current_dir={{ full_path }}">
+                {{ dir_name }}
+              </a>
+              <span class="mr-1">/</span>
+            {% else %}
+              {{ dir_name }}/
+            {% endif %}
+          {% endfor %}
+        </span>
+      {% endif %}
+    </div>
+    <a href="{% url 'codebase_resource_tree' project.slug %}" class="ml-2 has-text-white has-text-decoration-none">
+      <i class="fa-solid fa-folder-tree mr-1"></i>Tree view
+    </a>
+  </div>
   {% for node in codebase_tree %}
     {% if node.is_dir %}
        <a class="panel-block" href="#" hx-target="#codebase-navigation" hx-swap="outerHTML" hx-get="{{ project_details_url }}codebase/?current_dir={{ node.location }}">