From 3655c0347f65cbe15bd0090726ebc11f4c4eb37b Mon Sep 17 00:00:00 2001 From: matthewbrady Date: Fri, 10 Jan 2025 09:52:00 +0000 Subject: [PATCH] v.1.0.8 Changes - support Detect10 --- README.md | 20 ++++++++-------- detect_advisor/global_values.py | 41 ++++++++++++++++++++++++++------- detect_advisor/main.py | 6 ++--- detect_advisor/messages.py | 4 ++-- pyproject.toml | 8 +++---- 5 files changed, 52 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index e6f9ba2..c85bdc8 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,23 @@ -# Synopsys Detect Advisor Script - detect_advisor.py +# Detect Advisor Script - detect_advisor.py # OVERVIEW -This script is provided under an OSS license (specified in the LICENSE file) to assist users when scanning projects using the Synopsys Detect program to scan projects. +This script is provided under an OSS license (specified in the LICENSE file) to assist users when scanning projects using the Black Duck Detect program to scan projects. -It does not represent any extension of licensed functionality of Synopsys software itself and is provided as-is, without warranty or liability. +It does not represent any extension of licensed functionality of Black Duck software itself and is provided as-is, without warranty or liability. # DESCRIPTION -This `detect_advisor` script is designed to pre-scan a project folder to determine whether the Synopsys Detect program (see https://detect.synopsys.com/doc) used for Synopsys Black Duck SCA (and Synopsys Polaris) scans can be executed (the prerequisites are met) and also to provide recommendations and advice on how to perform and optimize scanning. +This `detect_advisor` script is designed to pre-scan a project folder to determine whether the Black Duck Detect program (see https://detect.blackduck.com/doc) used for Black Duck Black Duck SCA (and Black Duck Polaris) scans can be executed (the prerequisites are met) and also to provide recommendations and advice on how to perform and optimize scanning. It is available as a python package which can be installed using Pip, or alteratively downloaded as a repository and run locally using Python3. The script will check the prerequisites to run Detect (including the correct version of Java) and scan the project location for files and archives, calculate the total scan size, check for project (package manager) files and package managers themselves and will also detect large files, binaries and singleton JS files. -It will expand .zip and .jar files automatically, processing recursive files (zips within zips etc.). Other archive types (.gz, .tar, .Z etc.) are not currently expanded by detect_advisor (although they will be expanded by Synopsys Detect). +It will expand .zip and .jar files automatically, processing recursive files (zips within zips etc.). Other archive types (.gz, .tar, .Z etc.) are not currently expanded by detect_advisor (although they will be expanded by Black Duck Detect). It will produce a set of categorized recommendations and Detect command line options to support different types of scans and other operations. -It can optionally write a report file including the console output and other information. It can also create a .yml project config file containing relevant, commented-out Detect options which can be uncommented, and the .yml can be referenced using the Synopsys Detect option `--spring.profiles.active=project`. +It can optionally write a report file including the console output and other information. It can also create a .yml project config file containing relevant, commented-out Detect options which can be uncommented, and the .yml can be referenced using the Black Duck Detect option `--spring.profiles.active=project`. Optionally, only critical issues (which will stop Detect from scanning at all) can be reported to the console. @@ -49,7 +49,7 @@ The package can be invoked as follows: Usage: detect-advisor [-h] [-r REPORT] [-d] [-s] [-c] [-o] [-b] [-i] [--full] [scanfolder] - Examine files/folders to determine Synopsys Detect scan recommendations + Examine files/folders to determine Black Duck Detect scan recommendations optional arguments: scanfolder Top level folder to analyse @@ -122,7 +122,7 @@ This section includes counts and size analysis for the files and folders beneath The `Size Outside Archives` value in the `ALL FILES (Scan Size)` row represents the total scan size as calculated by Detect (used for capacity license). -Note that the `Archives(exc. Jars)` row covers all archive file types but that only .zip files are extracted by `detect_advisor` (whereas Synopsys Detect extracts other types of archives automatically). The final 3 `Inside Archives` columns indicate items found within .zip archives for the different types (except for the Jar row which references .jar/.ear/.war files). The `Inside Archives` columns for the Archives row itself reports archive files within .zips (or nested deeper - zips within zips within zips etc.). +Note that the `Archives(exc. Jars)` row covers all archive file types but that only .zip files are extracted by `detect_advisor` (whereas Black Duck Detect extracts other types of archives automatically). The final 3 `Inside Archives` columns indicate items found within .zip archives for the different types (except for the Jar row which references .jar/.ear/.war files). The `Inside Archives` columns for the Archives row itself reports archive files within .zips (or nested deeper - zips within zips within zips etc.). SUMMARY INFO: Total Scan Size = 5,856 MB @@ -214,12 +214,12 @@ This section includes a list of findings categorised into CRITICAL (will cause D # DETECT CLI -This section includes recommended CLI options for Synopsys Detect. If connectivity to the download locations is not verified by detect_advisor, then proxy options will also be added in case a proxy connection is required. +This section includes recommended CLI options for Black Duck Detect. If connectivity to the download locations is not verified by detect_advisor, then proxy options will also be added in case a proxy connection is required. DETECT CLI: DETECT COMMAND: - bash <(curl -s -L https://detect.synopsys.com/detect9.sh) + bash <(curl -s -L https://detect.blackduck.com/detect10.sh) MINIMUM REQUIRED OPTIONS: --blackduck.url=https://YOURSERVER diff --git a/detect_advisor/global_values.py b/detect_advisor/global_values.py index 08d89b9..8b7b51f 100644 --- a/detect_advisor/global_values.py +++ b/detect_advisor/global_values.py @@ -1,7 +1,7 @@ # # Constants -advisor_version = "1.0.7" -detect_version = "9.X.0" +advisor_version = "1.0.8" +detect_version = "10.X.0" ext_list = { 'src': ['.4th', '.actionscript', '.ada', '.adb', '.ads', '.aidl', '.as', '.as8', '.asm', '.asp', '.aspx', '.aug', @@ -27,7 +27,7 @@ 'COPYRIGHTS', 'COPYRIGHTS.txt'] } -sig_excludes = ['.git', '.gradle', 'gradle', 'node_modules', '.synopsys'] +sig_excludes = ['.git', '.gradle', 'gradle', 'node_modules', '.blackduck', '.synopsys'] det_excludes = ['__MACOX', 'bin', 'build', '.yarn', 'out', 'packages', 'target'] # Added to sig_excludes @@ -539,7 +539,7 @@ 'POETRY': { - 'files': ['pyproject.toml', 'Poetry.lock'], + 'files': ['Poetry.lock'], 'exts': [], 'execs': [], 'exec_reqd': False, @@ -617,6 +617,31 @@ "--detect.yarn.prod.only=true\n" + \ " (OPTIONAL Include Yarn Production Dependencies Only: Set this to true to only scan production dependencies.)\n" }, + + 'OPAM': + { + 'files': [], + 'exts': ['.opam'], + 'execs': ['opam'], + 'exec_reqd': True, + 'lock_files': [], + 'lockfile_reqd': False, + 'accuracy': 'HIGH', + 'cli_options': + "--detect.opam.path=PATH\n" + \ + " (OPTIONAL path to the opam executable.)\n" + }, + + 'OPAM_LOCK': + { + 'files': [], + 'exts': ['.opam.lock'], + 'execs': [], + 'exec_reqd': False, + 'lock_files': [], + 'lockfile_reqd': False, + 'accuracy': 'LOW', + }, } cli_msgs_dict = { @@ -625,21 +650,21 @@ "--detect.project.version.name=VERSION_NAME\n" + \ " (OPTIONAL Specify project and version names)\n", 'scan': '', 'size': '', 'dep': '', 'lic': '', 'rep': "", - 'detect_linux': " bash <(curl -s -L https://detect.synopsys.com/detect9.sh)\n", + 'detect_linux': " bash <(curl -s -L https://detect.blackduck.com/detect10.sh)\n", 'detect_linux_proxy': " (You may need to configure a proxy to download and run the Detect script as follows)\n" + \ " export DETECT_CURL_OPTS='--proxy http://USER:PASSWORD@PROXYHOST:PROXYPORT'\n" + \ - " bash <(curl -s -L ${DETECT_CURL_OPTS} https://detect.synopsys.com/detect9.sh)\n" + \ + " bash <(curl -s -L ${DETECT_CURL_OPTS} https://detect.blackduck.com/detect10.sh)\n" + \ "--blackduck.proxy.host=PROXYHOST\n" + \ "--blackduck.proxy.port=PROXYPORT\n" + \ "--blackduck.proxy.username=USERNAME\n" + \ "--blackduck.proxy.password=PASSWORD\n", - 'detect_win': " powershell \"[Net.ServicePointManager]::SecurityProtocol = 'tls12'; irm https://detect.synopsys.com/detect9.ps1?$(Get-Random) | iex; detect\"\n", + 'detect_win': " powershell \"[Net.ServicePointManager]::SecurityProtocol = 'tls12'; irm https://detect.blackduck.com/detect10.ps1?$(Get-Random) | iex; detect\"\n", 'detect_win_proxy': " (You may need to configure a proxy to download and run the Detect script as follows)\n" + \ " ${Env:blackduck.proxy.host} = PROXYHOST\n" + \ " ${Env:blackduck.proxy.port} = PROXYPORT\n" + \ " ${Env:blackduck.proxy.password} = PROXYUSER\n" + \ " ${Env:blackduck.proxy.username} = PROXYPASSWORD\n" + \ - " powershell \"[Net.ServicePointManager]::SecurityProtocol = 'tls12'; irm https://detect.synopsys.com/detect9.ps1?$(Get-Random) | iex; detect\"\n", + " powershell \"[Net.ServicePointManager]::SecurityProtocol = 'tls12'; irm https://detect.blackduck.com/detect10.ps1?$(Get-Random) | iex; detect\"\n", 'detect': '', 'files': '' } diff --git a/detect_advisor/main.py b/detect_advisor/main.py index 7035982..2b968f0 100644 --- a/detect_advisor/main.py +++ b/detect_advisor/main.py @@ -43,12 +43,12 @@ def check_prereqs(): if shutil.which("curl") is None: messages.message('PLATFORM2') else: - if not check_connection("https://detect.synopsys.com"): + if not check_connection("https://detect.blackduck.com"): messages.message('NETWORK1') global_values.cli_msgs_dict['detect'] = global_values.cli_msgs_dict["detect_" + os_platform + "_proxy"] else: global_values.cli_msgs_dict['detect'] = global_values.cli_msgs_dict["detect_" + os_platform] - if not check_connection("https://sig-repo.synopsys.com"): + if not check_connection("https://sig-repo.blackduck.com"): messages.message('NETWORK2') except shutil.Error: pass @@ -68,7 +68,7 @@ def main(): config.check_config(args) print( - "\nDETECT ADVISOR v{} - for use with Synopsys Detect versions up to v{}\n".format( + "\nDETECT ADVISOR v{} - for use with Black Duck Detect versions up to v{}\n".format( global_values.advisor_version, global_values.detect_version)) print("PROCESSING:") diff --git a/detect_advisor/messages.py b/detect_advisor/messages.py index 550a2cf..c69539f 100644 --- a/detect_advisor/messages.py +++ b/detect_advisor/messages.py @@ -58,14 +58,14 @@ 'NETWORK1': { 'level': 'crit', - 'desc': 'No connection to https://detect.synopsys.com', + 'desc': 'No connection to https://detect.blackduck.com', 'impact': 'Detect wrapper script cannot be downloaded, Detect cannot be started', 'action': 'Either configure proxy (See CLI section) or download Detect manually and run offline (see docs)' }, 'NETWORK2': { 'level': 'crit', - 'desc': 'No connection to https://sig-repo.synopsys.com', + 'desc': 'No connection to https://sig-repo.blackduck.com', 'impact': 'Detect jar cannot be downloaded; Detect cannot run', 'action': 'Either configure proxy (See CLI section) or download Detect manually and run offline (see docs)' }, diff --git a/pyproject.toml b/pyproject.toml index 4385976..b4fe1b5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,9 +4,9 @@ build-backend = "setuptools.build_meta" [project] name = "detect_advisor" -version = "1.0.7" +version = "1.0.8" authors = [ - { name="Matthew Brady", email="mbrad@synopsys.com" }, + { name="Matthew Brady", email="mbrad@blackduck.com" }, ] description = "Detect Advisor - prescan project folders to determine how to scan with Detect" readme = "README.md" @@ -18,8 +18,8 @@ classifiers = [ ] [project.urls] -Homepage = "https://github.com/matthewb66/detect_advisor" -Issues = "https://github.com/matthewb66/detect_advisor/issues" +Homepage = "https://github.com/blackducksoftware/detect_advisor" +Issues = "https://github.com/blackducksoftware/detect_advisor/issues" [project.scripts] detect-advisor = "detect_advisor:main.main" \ No newline at end of file