cosmetic changes to pipeline

Signed-off-by: 404-geek <[email protected]>

Author: 404-geek

scanpipe/models.py

@@ -4408,7 +4408,7 @@ class DiscoveredPackageScore(UUIDPKModel, PackageScoreMixin):
 
     discovered_package = models.ForeignKey(
         DiscoveredPackage,
-        related_name="discovered_packages_score",
+        related_name="scores",
         help_text=_("The package for which the score is given"),
         on_delete=models.CASCADE,
         editable=False,
@@ -4449,7 +4449,6 @@ def parse_score_date(cls, date_str, formats=None):
         return None
 
     @classmethod
-    @transaction.atomic()
     def create_from_scorecard_data(
         cls, discovered_package, scorecard_data, scoring_tool=None
     ):
@@ -4490,9 +4489,9 @@ class ScorecardCheck(UUIDPKModel, ScorecardChecksMixin):
     DiscoveredPackageScore.
     """
 
-    for_package_score = models.ForeignKey(
+    package_score = models.ForeignKey(
         DiscoveredPackageScore,
-        related_name="discovered_packages_score_checks",
+        related_name="checks",
         help_text=_("The checks for which the score is given"),
         on_delete=models.CASCADE,
         editable=False,

scanpipe/pipelines/fetch_scorecode_info.py

@@ -29,7 +29,7 @@
 
 class FetchScoreCodeInfo(Pipeline):
     """
-    Fetch ScoreCode information for packages and dependencies.
+    Fetch ScoreCode information for packages.
 
     This pipeline retrieves ScoreCode data for each package in the project
     and stores it in the corresponding package instances.
@@ -41,21 +41,19 @@ class FetchScoreCodeInfo(Pipeline):
     @classmethod
     def steps(cls):
         return (
-            cls.check_ScoreCode_service_availability,
-            cls.fetch_packages_ScoreCode_info,
+            cls.check_scoreCode_service_availability,
+            cls.fetch_packages_scoreCode_info,
         )
 
-    def check_ScoreCode_service_availability(self):
+    def check_scoreCode_service_availability(self):
         """Check if the ScoreCode service is configured and available."""
         if not ossf_scorecard.is_available():
             raise Exception("ScoreCode service is not available.")
 
-    def fetch_packages_ScoreCode_info(self):
+    def fetch_packages_scoreCode_info(self):
         """Fetch ScoreCode information for each of the project's discovered packages."""
         for package in self.project.discoveredpackages.all():
-            scorecard_data = ossf_scorecard.fetch_scorecard_info(
-                package=package, logger=None
-            )
+            scorecard_data = ossf_scorecard.fetch_scorecard_info(package=package)
 
             if scorecard_data:
                 DiscoveredPackageScore.create_from_package_and_scorecard(

scanpipe/tests/regen_test_data.py

@@ -33,6 +33,7 @@
 from scanpipe.pipes import input
 from scanpipe.pipes import output
 from scanpipe.pipes import scancode
+from scorecode.ossf_scorecard import fetch_scorecard
 
 
 class RegenTestData(TestCase):
@@ -154,29 +155,22 @@ def test_regen_asgiref_test_files(self):
 
     def test_regenerate_scorecard_data(self):
         """
-        Regenerate and save scorecard data by directly calling the OSSF Scorecard
-        API
+        Regenerate and save scorecard data by calling the OSSF Scorecard API.
         """
         scorecard_data_file = self.data / "scorecode" / "scorecard_response.json"
         platform, org, repo = "github.com", "nexB", "scancode-toolkit"
 
-        OSSF_SCORECARD_API_URL = "https://api.securityscorecards.dev"
-
-        url = f"{OSSF_SCORECARD_API_URL}/projects/{platform}/{org}/{repo}"
-
         try:
-            # Fetch the scorecard data from the API
-            response = requests.get(url, timeout=10)
-            response.raise_for_status()
-            scorecard_data = response.json()
-
-            scorecard_data_file.parent.mkdir(parents=True, exist_ok=True)
-
-            scorecard_data_file.write_text(json.dumps(scorecard_data, indent=2))
-
-            print(f"Scorecard data successfully saved to {scorecard_data_file}")
-
+            scorecard_data = fetch_scorecard(platform, org, repo)
         except requests.exceptions.Timeout:
-            print("The request timed out.")
+            print("The request to the OSSF Scorecard API timed out.")
+            return
         except requests.exceptions.RequestException as e:
             print(f"Error fetching scorecard data: {e}")
+            return
+
+        scorecard_data_file.parent.mkdir(parents=True, exist_ok=True)
+        scorecard_data_file.write_text(
+            json.dumps(scorecard_data.to_dict(), indent=2)
+        )
+        print(f"Scorecard data successfully saved to {scorecard_data_file}")