dep-scan: bump, fix error when scanning projects (#429238)

{

  lib,

  fetchFromGitHub,

  python3,

  python3Packages,

  writableTmpDirAsHomeHook,

  makeWrapper,

  cdxgen,

}:

let

  appthreat-vulnerability-db = (

    python3.pkgs.appthreat-vulnerability-db.overrideAttrs (oldAttrs: rec {

      version = "5.8.1";

      src = oldAttrs.src.override {

        tag = "v${version}";

        hash = "sha256-/Yo0yyDp2vd9KJhy3LGRml55eqTiaHSSuSoe2h2bSw0=";

      };

    })

  );

in

python3.pkgs.buildPythonApplication rec {

python3Packages.buildPythonApplication rec {

  pname = "dep-scan";

  version = "5.5.0";

  version = "6.0.0b3";

  pyproject = true;

  src = fetchFromGitHub {

    owner = "owasp-dep-scan";

    repo = "dep-scan";

    tag = "v${version}";

    hash = "sha256-lgqS8GY5JuHL3strNcb0B3mGieFkQTzGuRyV4dBp5e4=";

    hash = "sha256-GdrFsECcBZ2J47ojM33flqOtrY3avchGpsZk6pt8Aks=";

  };

  pythonRelaxDeps = [ "oras" ];

  build-system = with python3.pkgs; [ setuptools ];

  build-system = with python3Packages; [ setuptools ];

  dependencies = with python3.pkgs; [

  dependencies = with python3Packages; [

    appthreat-vulnerability-db

    custom-json-diff

    cvss

    defusedxml

    ds-analysis-lib

    ds-reporting-lib

    ds-xbom-lib

    jinja2

    oras

    packageurl-python

    toml

  ];

  nativeCheckInputs = with python3.pkgs; [

  nativeCheckInputs = with python3Packages; [

    httpretty

    pytest-cov-stub

    pytestCheckHook

    writableTmpDirAsHomeHook

  ];

  pythonImportsCheck = [ "depscan" ];

  preCheck = ''

    export HOME=$(mktemp -d)

  '';

  disabledTests = [

    # Test is not present

    "test_query_metadata2"

  ];

  # depscan --src shiftleft/scan-slim -o containertests -t docker

  #

  # WARNING [2025-07-28 20:17:35,654] cdxgen command not found. Please install using npm install @cyclonedx/cdxgen or set PATH variable

  # WARNING [2025-07-28 20:17:35,654] /nix/store/56bxjw4rgdqa82f61w70z92qq6b14ass-dep-scan-5.5.0/lib/python3.13/site-packages/depscan/lib/local_bin/cdxgen command not found. Please install using npm install @cyclonedx/cdxgen or set PATH variable

  # INFO [2025-07-28 20:17:35,654] Generating Software Bill-of-Materials for container image shiftleft/scan-slim. This might take a few mins ...

  # WARNING [2025-07-28 20:17:35,654] Unable to locate cdxgen command.

  makeWrapperArgs = [

    "--prefix PATH : ${

      lib.makeBinPath [

        cdxgen

      ]

    }"

  ];

  meta = {

    description = "Security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies";

    homepage = "https://github.com/owasp-dep-scan/dep-scan";

    changelog = "https://github.com/owasp-dep-scan/dep-scan/releases/tag/v${version}";

    license = lib.licenses.mit;

    maintainers = with lib.maintainers; [ fab ];

    teams = [ lib.teams.ngi ];

    mainProgram = "dep-scan";

  };

}

{

  lib,

  buildPythonPackage,

  fetchPypi,

  setuptools,

  appthreat-vulnerability-db,

  custom-json-diff,

  cvss,

  rich,

  toml,

  writableTmpDirAsHomeHook,

  pytestCheckHook,

  pytest-cov-stub,

}:

buildPythonPackage rec {

  pname = "ds-analysis-lib";

  version = "6.0.0b3";

  pyproject = true;

  # pypi because library is embedded into another project's repo

  src = fetchPypi {

    inherit version;

    pname = "ds_analysis_lib";

    hash = "sha256-XZZzAxQJk65Xoq6z2OadlHUN0REYTjKmSvwz17tvVqc=";

  };

  build-system = [ setuptools ];

  dependencies = [

    appthreat-vulnerability-db

    custom-json-diff

    cvss

    rich

    toml

  ];

  pythonImportsCheck = [ "analysis_lib" ];

  # relies on data files that pypi doesn't include

  disabledTestPaths = [

    "tests/test_analysis.py"

    "tests/test_csaf.py"

  ];

  nativeCheckInputs = [

    writableTmpDirAsHomeHook

    pytestCheckHook

    pytest-cov-stub

  ];

  meta = {

    description = "Analysis library for owasp depscan";

    homepage = "https://pypi.org/project/ds-analysis-lib/";

    maintainers = with lib.maintainers; [ ethancedwards8 ];

    teams = [ lib.teams.ngi ];

    license = with lib.licenses; [ mit ];

  };

}

{

  lib,

  buildPythonPackage,

  fetchPypi,

  setuptools,

}:

buildPythonPackage rec {

  pname = "ds-reporting-lib";

  version = "6.0.0b3";

  pyproject = true;

  # pypi because library is embedded into another project's repo

  src = fetchPypi {

    inherit version;

    pname = "ds_reporting_lib";

    hash = "sha256-0C/UgAM7VIWEjuRq1ZCTL5CjJ6OK+0/Yw+AN4j7jj6E=";

  };

  build-system = [ setuptools ];

  pythonImportsCheck = [ "reporting_lib" ];

  # no tests

  doCheck = false;

  meta = {

    description = "Reporting library for owasp depscan";

    homepage = "https://pypi.org/project/ds-reporting-lib/";

    maintainers = with lib.maintainers; [ ethancedwards8 ];

    teams = [ lib.teams.ngi ];

    license = with lib.licenses; [ mit ];

  };

}

{

  lib,

  buildPythonPackage,

  fetchPypi,

  setuptools,

}:

buildPythonPackage rec {

  pname = "ds-xbom-lib";

  version = "6.0.0b3";

  pyproject = true;

  # pypi because library is embedded into another project's repo

  src = fetchPypi {

    inherit version;

    pname = "ds_xbom_lib";

    hash = "sha256-/L0AFAuIDzbyXwpg0bigy2AR4GT0RSdXrjPAEbEO7cI=";

  };

  build-system = [ setuptools ];

  pythonImportsCheck = [ "xbom_lib" ];

  # no tests

  doCheck = false;

  meta = {

    description = "xBOM library for owasp depscan";

    homepage = "https://pypi.org/project/ds-xbom-lib/";

    maintainers = with lib.maintainers; [ ethancedwards8 ];

    teams = [ lib.teams.ngi ];

    license = with lib.licenses; [ mit ];

  };

}

  dropmqttapi = callPackage ../development/python-modules/dropmqttapi { };

  ds-analysis-lib = callPackage ../development/python-modules/ds-analysis-lib { };

  ds-reporting-lib = callPackage ../development/python-modules/ds-reporting-lib { };

  ds-store = callPackage ../development/python-modules/ds-store { };

  ds-xbom-lib = callPackage ../development/python-modules/ds-xbom-lib { };

  ds4drv = callPackage ../development/python-modules/ds4drv { };

  dscribe = callPackage ../development/python-modules/dscribe { };