fosslight
diff --git a/‎requirements.txt‎
Lines changed: 0 additions & 1 deletion b/‎requirements.txt‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎setup.py‎
Lines changed: 21 additions & 0 deletions b/‎setup.py‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎src/fosslight_binary/__init__.py‎
Lines changed: 27 additions & 0 deletions b/‎src/fosslight_binary/__init__.py‎
Lines changed: 27 additions & 0 deletions
@@ -9,4 +9,3 @@ pytz
 XlsxWriter
 PyYAML
 fosslight_util>=2.1.13
-dependency-check
@@ -6,6 +6,24 @@
 import os
 import shutil
 from setuptools import setup, find_packages
+from setuptools.command.install import install
+
+
+class PostInstallCommand(install):
+    """Post-installation for installation mode."""
+    def run(self):
+        install.run(self)
+        # Install syft and grype after package installation
+        try:
+            print("Installing syft and grype...")
+            # Import here to avoid circular dependency during setup
+            from src.fosslight_binary._jar_analysis import ensure_syft_grype
+            ensure_syft_grype()
+            print("Syft and grype installation completed.")
+        except Exception as e:
+            print(f"Warning: Failed to auto-install syft/grype: {e}")
+            print("You can install them manually or they will be installed on first use.")
+
 
 with open('README.md', 'r', 'utf-8') as f:
     readme = f.read()
@@ -63,6 +81,9 @@
         },
         package_data={_PACKAEG_NAME: [os.path.join(_LICENSE_DIR, '*')]},
         include_package_data=True,
+        cmdclass={
+            'install': PostInstallCommand,
+        },
         entry_points={
             "console_scripts": [
                 "binary_analysis = fosslight_binary.cli:main",
 
@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2025 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+# Auto-install syft and grype on first import
+import logging
+import os
+
+logger = logging.getLogger(__name__)
+
+
+def _auto_install_dependencies():
+    """Auto-install syft and grype if not available"""
+    try:
+        # Only try to install if we're not in a restricted environment
+        if not os.environ.get('FOSSLIGHT_SKIP_AUTO_INSTALL'):
+            # Use lazy import to avoid circular dependency during package installation
+            from ._jar_analysis import ensure_syft_grype
+            ensure_syft_grype()
+    except Exception as ex:
+        # Don't fail package import if auto-install fails
+        logger.debug(f"Auto-install failed (this is not critical): {ex}")
+
+
+# Run auto-install on import
+_auto_install_dependencies()