%global _empty_manifest_terminate_build 0 Name: python-ossindex-lib Version: 1.1.1 Release: 1 Summary: A library for querying the OSS Index free catalogue of open source components to help developers identify vulnerabilities, understand risk, and keep their software safe. License: Apache-2.0 URL: https://github.com/sonatype-nexus-community/ossindex-python Source0: https://mirrors.nju.edu.cn/pypi/web/packages/44/5c/ed269f7104c6330c4b56e27e1177066901da8f5c4010f7ccc7995a51be67/ossindex-lib-1.1.1.tar.gz BuildArch: noarch Requires: python3-importlib-metadata Requires: python3-packageurl-python Requires: python3-PyYAML Requires: python3-requests Requires: python3-tinydb Requires: python3-types-PyYAML Requires: python3-types-requests Requires: python3-types-setuptools %description This OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/). This module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies and assess them for vulnerabilities against the OSS Index, perhaps you should check out [Jake](https://github.com/sonatype-nexus-community/jake). You can of course use this library in your own applications. ## Installation Install from pypi.org as you would any other Python module: ``` pip install ossindex-lib ``` ## Usage First create an instance of `OssIndex`, optionally enabling local caching ``` o = OssIndex() ``` Then supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask OSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake) (which uses this library) and will do all the hard work for you! As a quick test, you could run: ``` o = OssIndex() results: List[OssIndexComponent] = o.get_component_report(packages=[ PackageURL.from_string(purl='pkg:pypi/pip@19.2.0') ]) for r in results: print("{}: {} known vulnerabilities".format(r.get_coordinates(), len(r.get_vulnerabilities()))) v: Vulnerability for v in r.get_vulnerabilities(): print(' - {}'.format(str(v))) ``` ``` pkg:pypi/pip@19.2.0: 1 known vulnerabilities - ``` ## Logging This library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as required through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html). ## Todos 1. Support authentication against OSS Index ## Python Support We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/). However, some features may not be possible/present in older Python versions due to their lack of support. ## Changelog See our [CHANGELOG](./CHANGELOG.md). ## The Fine Print Remember: It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source community (read: you!) * Use this contribution at the risk tolerance that you have * Do NOT file Sonatype support tickets related to `ossindex-lib` * DO file issues here on GitHub, so that the community can pitch in Phew, that was easier than I thought. Last but not least of all - have fun! %package -n python3-ossindex-lib Summary: A library for querying the OSS Index free catalogue of open source components to help developers identify vulnerabilities, understand risk, and keep their software safe. Provides: python-ossindex-lib BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-ossindex-lib This OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/). This module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies and assess them for vulnerabilities against the OSS Index, perhaps you should check out [Jake](https://github.com/sonatype-nexus-community/jake). You can of course use this library in your own applications. ## Installation Install from pypi.org as you would any other Python module: ``` pip install ossindex-lib ``` ## Usage First create an instance of `OssIndex`, optionally enabling local caching ``` o = OssIndex() ``` Then supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask OSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake) (which uses this library) and will do all the hard work for you! As a quick test, you could run: ``` o = OssIndex() results: List[OssIndexComponent] = o.get_component_report(packages=[ PackageURL.from_string(purl='pkg:pypi/pip@19.2.0') ]) for r in results: print("{}: {} known vulnerabilities".format(r.get_coordinates(), len(r.get_vulnerabilities()))) v: Vulnerability for v in r.get_vulnerabilities(): print(' - {}'.format(str(v))) ``` ``` pkg:pypi/pip@19.2.0: 1 known vulnerabilities - ``` ## Logging This library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as required through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html). ## Todos 1. Support authentication against OSS Index ## Python Support We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/). However, some features may not be possible/present in older Python versions due to their lack of support. ## Changelog See our [CHANGELOG](./CHANGELOG.md). ## The Fine Print Remember: It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source community (read: you!) * Use this contribution at the risk tolerance that you have * Do NOT file Sonatype support tickets related to `ossindex-lib` * DO file issues here on GitHub, so that the community can pitch in Phew, that was easier than I thought. Last but not least of all - have fun! %package help Summary: Development documents and examples for ossindex-lib Provides: python3-ossindex-lib-doc %description help This OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/). This module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies and assess them for vulnerabilities against the OSS Index, perhaps you should check out [Jake](https://github.com/sonatype-nexus-community/jake). You can of course use this library in your own applications. ## Installation Install from pypi.org as you would any other Python module: ``` pip install ossindex-lib ``` ## Usage First create an instance of `OssIndex`, optionally enabling local caching ``` o = OssIndex() ``` Then supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask OSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake) (which uses this library) and will do all the hard work for you! As a quick test, you could run: ``` o = OssIndex() results: List[OssIndexComponent] = o.get_component_report(packages=[ PackageURL.from_string(purl='pkg:pypi/pip@19.2.0') ]) for r in results: print("{}: {} known vulnerabilities".format(r.get_coordinates(), len(r.get_vulnerabilities()))) v: Vulnerability for v in r.get_vulnerabilities(): print(' - {}'.format(str(v))) ``` ``` pkg:pypi/pip@19.2.0: 1 known vulnerabilities - ``` ## Logging This library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as required through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html). ## Todos 1. Support authentication against OSS Index ## Python Support We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/). However, some features may not be possible/present in older Python versions due to their lack of support. ## Changelog See our [CHANGELOG](./CHANGELOG.md). ## The Fine Print Remember: It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source community (read: you!) * Use this contribution at the risk tolerance that you have * Do NOT file Sonatype support tickets related to `ossindex-lib` * DO file issues here on GitHub, so that the community can pitch in Phew, that was easier than I thought. Last but not least of all - have fun! %prep %autosetup -n ossindex-lib-1.1.1 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-ossindex-lib -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Mon May 29 2023 Python_Bot - 1.1.1-1 - Package Spec generated