Bug fix: Exclude dependency components from undeclared components list

* bug:SP-2714 Removes dependency components from undeclared components list

* chore:Updates CHANGELOG.md file

* chore:Updates version to v1.25.1

Author: agustingroh

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.25.1] - 2025-06-12
+### Fixed
+- Removed dependency components from the undeclared component list in the `inspect` subcommand.
+
 ## [1.25.0] - 2025-06-10
 ### Added
 - Add `fh2` hash while fingerprinting mixed line ending files
@@ -530,3 +534,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.23.0]: https://github.com/scanoss/scanoss.py/compare/v1.22.0...v1.23.0
 [1.24.0]: https://github.com/scanoss/scanoss.py/compare/v1.23.0...v1.24.0
 [1.25.0]: https://github.com/scanoss/scanoss.py/compare/v1.24.0...v1.25.0
+[1.25.1]: https://github.com/scanoss/scanoss.py/compare/v1.25.0...v1.25.1

src/scanoss/__init__.py

@@ -22,4 +22,4 @@
   THE SOFTWARE.
 """
 
-__version__ = '1.25.0'
+__version__ = '1.25.1'

src/scanoss/inspection/copyleft.py

@@ -23,7 +23,8 @@
 """
 
 import json
-from typing import Dict, Any
+from typing import Any, Dict
+
 from .policy_check import PolicyCheck, PolicyStatus
 
 
@@ -33,7 +34,7 @@ class Copyleft(PolicyCheck):
     Inspects components for copyleft licenses
     """
 
-    def __init__(
+    def __init__( # noqa: PLR0913
         self,
         debug: bool = False,
         trace: bool = True,
@@ -158,6 +159,30 @@ def _filter_components_with_copyleft_licenses(self, components: list) -> list:
         self.print_debug(f'Copyleft components: {filtered_components}')
         return filtered_components
 
+    def _get_components(self):
+        """
+        Extract and process components from results and their dependencies.
+
+        This method performs the following steps:
+        1. Validates that `self.results` is loaded. Returns `None` if not.
+        2. Extracts file, snippet, and dependency components into a dictionary.
+        3. Converts components to a list and processes their licenses.
+
+        :return: A list of processed components with license data, or `None` if `self.results` is not set.
+        """
+        if self.results is None:
+            return None
+
+        components: dict = {}
+        # Extract component and license data from file and dependency results. Both helpers mutate `components`
+        self._get_components_data(self.results, components)
+        self._get_dependencies_data(self.results, components)
+        # Convert to list and process licenses
+        results_list = list(components.values())
+        for component in results_list:
+            component['licenses'] = list(component['licenses'].values())
+        return results_list
+
     def run(self):
         """
         Run the copyleft license inspection process.

src/scanoss/inspection/policy_check.py

@@ -166,6 +166,30 @@ def _jira_markdown(self, components: list) -> Dict[str, Any]:
         """
         pass
 
+    @abstractmethod
+    def _get_components(self):
+        """
+        Retrieve and process components from the preloaded results.
+
+        This method performs the following steps:
+        1. Checks if the results have been previously loaded (self.results).
+        2. Extracts and processes components from the loaded results.
+
+        :return: A list of processed components, or None if an error occurred during any step.
+
+        Possible reasons for returning None include:
+        - Results not loaded (self.results is None)
+        - Failure to extract components from the results
+
+        Note:
+        - This method assumes that the results have been previously loaded and stored in self.results.
+        - Implementations must extract components (e.g. via `_get_components_data`,
+          `_get_dependencies_data`, or other helpers).
+        - If `self.results` is `None`, simply return `None`.
+        """
+    pass
+
+
     def _append_component(
         self, components: Dict[str, Any], new_component: Dict[str, Any], id: str, status: str
     ) -> Dict[str, Any]:
@@ -223,6 +247,9 @@ def _get_components_data(self, results: Dict[str, Any], components: Dict[str, An
                 if not component_id:
                     self.print_debug(f'WARNING: Result missing id. Skipping: {c}')
                     continue
+                ## Skip dependency
+                if component_id == ComponentID.DEPENDENCY.value:
+                    continue
                 status = c.get('status')
                 if not status:
                     self.print_debug(f'WARNING: Result missing status. Skipping: {c}')
@@ -280,33 +307,6 @@ def _get_dependencies_data(self, results: Dict[str, Any], components: Dict[str,
         # End of result loop
         return components
 
-    def _get_components_from_results(self, results: Dict[str, Any]) -> list or None:
-        """
-        Process the results dictionary to extract and format component information.
-
-        This function iterates through the results dictionary, identifying components from
-        different sources (files, snippets, and dependencies). It consolidates this information
-        into a list of unique components, each with its associated licenses and other details.
-
-        :param results: A dictionary containing the raw results of a component scan
-        :return: A list of dictionaries, each representing a unique component with its details
-        """
-        if results is None:
-            self.print_stderr('ERROR: Results cannot be empty')
-            return None
-        
-        components = {}
-        # Extract file and snippet components
-        components = self._get_components_data(results, components)
-        # Extract dependency components
-        components = self._get_dependencies_data(results, components)
-        # Convert to list and process licenses
-        results_list = list(components.values())
-        for component in results_list:
-            component['licenses'] = list(component['licenses'].values())
-
-        return results_list
-
     def generate_table(self, headers, rows, centered_columns=None):
         """
         Generate a Markdown table.
@@ -411,29 +411,6 @@ def _load_input_file(self):
                 self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
         return None
 
-    def _get_components(self):
-        """
-        Retrieve and process components from the preloaded results.
-
-        This method performs the following steps:
-        1. Checks if the results have been previously loaded (self.results).
-        2. Extracts and processes components from the loaded results.
-
-        :return: A list of processed components, or None if an error occurred during any step.
-                 Possible reasons for returning None include:
-                 - Results not loaded (self.results is None)
-                 - Failure to extract components from the results
-
-        Note:
-        - This method assumes that the results have been previously loaded and stored in self.results.
-        - If results is None, the method returns None without performing any further operations.
-        - The actual processing of components is delegated to the _get_components_from_results method.
-        """
-        if self.results is None:
-            return None
-        components = self._get_components_from_results(self.results)
-        return components
-
 #
 # End of PolicyCheck Class
 #

src/scanoss/inspection/undeclared_component.py

@@ -23,7 +23,8 @@
 """
 
 import json
-from typing import Dict, Any
+from typing import Any, Dict
+
 from .policy_check import PolicyCheck, PolicyStatus
 
 
@@ -33,7 +34,7 @@ class UndeclaredComponent(PolicyCheck):
     Inspects for undeclared components
     """
 
-    def __init__(
+    def __init__( # noqa: PLR0913
         self,
         debug: bool = False,
         trace: bool = True,
@@ -73,7 +74,7 @@ def _get_undeclared_component(self, components: list) -> list or None:
         :return: List of undeclared components
         """
         if components is None:
-            self.print_debug(f'WARNING: No components provided!')
+            self.print_debug('WARNING: No components provided!')
             return None
         undeclared_components = []
         for component in components:
@@ -87,25 +88,35 @@ def _get_jira_summary(self, components: list) -> str:
         """
         Get a summary of the undeclared components.
 
+        :param components: List of all components
+        :return: Component summary markdown
+        """
+
+        """
+        Get a summary of the undeclared components.
+
         :param components: List of all components
         :return: Component summary markdown
         """
         if len(components) > 0:
+            json_content = json.dumps(self._generate_scanoss_file(components), indent=2)
+
             if self.sbom_format == 'settings':
-                json_str = (
-                    json.dumps(self._generate_scanoss_file(components), indent=2)
-                    .replace('\n', '\\n')
-                    .replace('"', '\\"')
+                return (
+                    f'{len(components)} undeclared component(s) were found.\n'
+                    f'Add the following snippet into your `scanoss.json` file\n'
+                    f'{{code:json}}\n'
+                    f'{json_content}\n'
+                    f'{{code}}\n'
                 )
-                return f'{len(components)} undeclared component(s) were found.\nAdd the following snippet into your `scanoss.json` file\n{{code:json}}\n{json.dumps(self._generate_scanoss_file(components), indent=2)}\n{{code}}\n'
             else:
-                json_str = (
-                    json.dumps(self._generate_scanoss_file(components), indent=2)
-                    .replace('\n', '\\n')
-                    .replace('"', '\\"')
+                return (
+                    f'{len(components)} undeclared component(s) were found.\n'
+                    f'Add the following snippet into your `sbom.json` file\n'
+                    f'{{code:json}}\n'
+                    f'{json_content}\n'
+                    f'{{code}}\n'
                 )
-                return f'{len(components)} undeclared component(s) were found.\nAdd the following snippet into your `sbom.json` file\n{{code:json}}\n{json.dumps(self._generate_scanoss_file(components), indent=2)}\n{{code}}\n'
-
         return f'{len(components)} undeclared component(s) were found.\\n'
 
     def _get_summary(self, components: list) -> str:
@@ -190,7 +201,7 @@ def _get_unique_components(self, components: list) -> list:
         """
         unique_components = {}
         if components is None:
-            self.print_stderr(f'WARNING: No components provided!')
+            self.print_stderr('WARNING: No components provided!')
             return []
 
         for component in components:
@@ -225,6 +236,29 @@ def _generate_sbom_file(self, components: list) -> dict:
 
         return sbom
 
+    def _get_components(self):
+        """
+        Extract and process components from file results only.
+
+        This method performs the following steps:
+        1. Validates if `self.results` is loaded. Returns `None` if not loaded.
+        2. Extracts file and snippet components into a dictionary.
+        3. Converts the components dictionary into a list of components.
+        4. Processes the licenses for each component by converting them into a list.
+
+        :return: A list of processed components with their licenses, or `None` if `self.results` is not set.
+        """
+        if self.results is None:
+            return None
+        components: dict = {}
+        # Extract file and snippet components
+        components = self._get_components_data(self.results, components)
+        # Convert to list and process licenses
+        results_list = list(components.values())
+        for component in results_list:
+            component['licenses'] = list(component['licenses'].values())
+        return results_list
+
     def run(self):
         """
         Run the undeclared component inspection process.