### Local Development Setup for ScanOSS Pre-commit Hooks Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Provides Makefile commands for installing the package in editable mode, setting up pre-commit hooks, testing against local projects, and uninstalling the development setup. ```bash # Clone the repo git clone https://github.com/scanoss/pre-commit-hooks.git cd pre-commit-hooks # Install dev dependencies pip install -r requirements-dev.txt # Install the package in editable mode make dev_setup # runs: pip3 install -e . # Install the pre-commit hooks for this repo itself pre-commit install # Test the hook against staged files in an adjacent project git add src/my_new_file.py pre-commit try-repo ../pre-commit-hooks scanoss-check-undeclared-code --verbose # Uninstall dev setup when done make dev_uninstall ``` -------------------------------- ### Install pre-commit using PIP Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Installs the pre-commit package manager using pip. Ensure you have Python and pip installed. ```bash pip install pre-commit ``` -------------------------------- ### Set up development environment Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Uses the Makefile to set up the development environment, installing the package in development mode with all dependencies. ```bash make dev_setup ``` -------------------------------- ### Install SCANOSS Pre-commit Hook Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Steps to install the SCANOSS pre-commit hook in a project. This involves installing `pre-commit`, configuring `.pre-commit-config.yaml`, and installing the Git hooks. ```bash # Step 1 — install pre-commit pip install pre-commit # or brew install pre-commit # Step 2 — create .pre-commit-config.yaml in your project root cat > .pre-commit-config.yaml << 'EOF' repos: - repo: https://github.com/scanoss/pre-commit-hooks rev: v0 # or pin to v0.4.0 for a specific release hooks: - id: scanoss-check-undeclared-code EOF # Step 3 — validate the config pre-commit validate-config # Step 4 — install the hooks into .git/hooks/ pre-commit install # Step 5 (optional) — run against all files immediately pre-commit run --all-files ``` -------------------------------- ### Install pre-commit using Homebrew Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Installs the pre-commit package manager using Homebrew. This is an alternative installation method for macOS users. ```bash brew install pre-commit ``` -------------------------------- ### Install pre-commit hooks Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Installs the git pre-commit hooks defined in your .pre-commit-config.yaml file into your local git repository. ```bash pre-commit install ``` -------------------------------- ### Install development requirements Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Installs the necessary development dependencies for the SCANOSS pre-commit hooks project. ```bash pip install -r requirements-dev.txt ``` -------------------------------- ### Configure Pre-commit Hooks Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Example configuration for using the scanoss pre-commit hooks in a project's .pre-commit-config.yaml. Users can pin to a major version (e.g., 'v0') or a specific version (e.g., 'v0.3.0'). ```yaml repos: - repo: https://github.com/scanoss/pre-commit-hooks rev: v0 # Pin to major version, or use v0.3.0 for specific version hooks: - id: scanoss-check-undeclared-code ``` -------------------------------- ### Configure hook with .env file Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Example of a .env file to configure SCANOSS API key, scan URL, proxy, and debug mode for the pre-commit hook. The hook automatically loads these variables if the file exists. ```dotenv # .env SCANOSS_API_KEY=your_api_key_here SCANOSS_SCAN_URL=https://api.scanoss.com/scan/direct HTTPS_PROXY=http://proxy.example.com:8080 SCANOSS_DEBUG=true ``` -------------------------------- ### Run all pre-commit hooks Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Runs all configured pre-commit hooks against all files in the repository. Useful for a full check before committing. ```bash pre-commit run --all-files ``` -------------------------------- ### CLI Options for `scanoss-check-undeclared-code` Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Demonstrates various command-line options for the `scanoss-check-undeclared-code` hook, including authentication, API URL, protocol selection, output path, proxy settings, and debug logging. ```bash # Show full help scanoss-check-undeclared-code --help # Basic run against staged files (no API key — uses anonymous tier) scanoss-check-undeclared-code # Authenticated scan with a custom API URL scanoss-check-undeclared-code \ --api-key "YOUR_KEY" \ --api-url "https://api.scanoss.com/scan/direct" # Use REST instead of gRPC scanoss-check-undeclared-code --rest # Specify a custom output path for results JSON scanoss-check-undeclared-code --output /tmp/my-scan-results.json # Use a proxy with PAC auto-discovery scanoss-check-undeclared-code --proxy "http://proxy.corp.com:8080" --pac auto # Provide a custom CA certificate (useful in corporate environments) scanoss-check-undeclared-code --ca-cert /etc/ssl/certs/corporate-ca.pem # Ignore TLS certificate errors (not recommended for production) scanoss-check-undeclared-code --ignore-cert-errors # Enable verbose debug logging scanoss-check-undeclared-code --debug ``` -------------------------------- ### Configure .pre-commit-config.yaml Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Configuration file for pre-commit hooks. This specifies the repository and the hook to be used. ```yaml repos: - repo: https://github.com/scanoss/pre-commit-hooks rev: v0 hooks: - id: scanoss-check-undeclared-code ``` -------------------------------- ### configure_logging Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Initializes the Python logging module and the scanoss logger. Sets the log level to DEBUG when `debug=True` or the SCANOSS_DEBUG environment variable is set, otherwise defaults to INFO. ```APIDOC ## `configure_logging()` — Set Global Log Level Initializes Python's `logging` module and the `scanoss` library's logger. When `debug=True` the level is set to `DEBUG`; otherwise `INFO`. Should be called once at startup. ```python from hooks.check_undeclared_software import configure_logging # Normal mode configure_logging(debug=False) # Debug mode — also respect SCANOSS_DEBUG env variable import os debug_mode = os.environ.get("SCANOSS_DEBUG", "").lower() == "true" configure_logging(debug=debug_mode) ``` ``` -------------------------------- ### Configure SCANOSS Hook with Environment Variables or .env File Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Configuration parameters for the SCANOSS hook can be set using environment variables or a `.env` file in the project root. The hook automatically loads these at startup. ```bash # .env (place in your project root; add .scanoss/ to .gitignore) SCANOSS_API_KEY=your_api_key_here SCANOSS_SCAN_URL=https://api.scanoss.com/scan/direct HTTPS_PROXY=http://proxy.example.com:8080 SCANOSS_DEBUG=true ``` ```bash # Equivalent inline environment variable usage SCANOSS_API_KEY=abc123 SCANOSS_DEBUG=true git commit -m "feat: new feature" ``` -------------------------------- ### Uninstall development environment Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Uses the Makefile to uninstall the development environment and associated dependencies. ```bash make dev_uninstall ``` -------------------------------- ### Validate pre-commit configuration Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Validates the syntax and correctness of your .pre-commit-config.yaml file. ```bash pre-commit validate-config ``` -------------------------------- ### Test pre-commit hook in development Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Tests the 'scanoss-check-undeclared-code' hook against the local pre-commit-hooks repository in verbose mode. Requires files to be staged. ```bash pre-commit try-repo ../pre-commit-hooks scanoss-check-undeclared-code --verbose ``` -------------------------------- ### Clone SCANOSS Pre-commit Hooks repository Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Clones the SCANOSS pre-commit hooks repository to your local machine for development. ```bash git clone https://github.com/scanoss/pre-commit-hooks.git cd pre-commit-hooks ``` -------------------------------- ### Configure Global Logging Level Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Initializes Python's logging module and the ScanOSS logger. Sets the log level to DEBUG when debug=True, otherwise INFO. This function should be called once at the application's startup. ```python from hooks.check_undeclared_software import configure_logging # Normal mode configure_logging(debug=False) # Debug mode — also respect SCANOSS_DEBUG env variable import os debug_mode = os.environ.get("SCANOSS_DEBUG", "").lower() == "true" configure_logging(debug=debug_mode) ``` -------------------------------- ### Stage a file for commit Source: https://github.com/scanoss/pre-commit-hooks/blob/main/README.md Stages a specific file to be included in the next commit. This is a prerequisite for the pre-commit hook to process the file. ```bash git add ``` -------------------------------- ### present_results_table Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Renders a formatted, color-coded table in the terminal displaying details of potential undeclared OSS found in files. It also suggests a command to view results in more detail. ```APIDOC ## `present_results_table()` — Rich Terminal Results Display Renders a color-coded table in the terminal listing all files that contain potential undeclared OSS, including file path, identification status, match type, matched component percentage, PURL, and license. Also prints a follow-up command to inspect results in detail with `scanoss-cc`. ```python from pathlib import Path from hooks.check_undeclared_software import present_results_table # Simulated payload returned by `scanoss-py results --has-pending --format json` payload = { "total": 2, "results": [ { "file": "src/vendor/lodash.min.js", "status": "pending", "match_type": "snippet", "matched": "87%", "purl": "pkg:npm/lodash@4.17.21", "license": "MIT", }, { "file": "lib/crypto_utils.py", "status": "pending", "match_type": "file", "matched": "100%", "purl": "pkg:pypi/cryptography@41.0.0", "license": "Apache-2.0", }, ], } output_path = Path(".scanoss/results.json") present_results_table(payload, output_path) # Prints a rich table to terminal and suggests: # Run 'scanoss-cc' in the terminal to view the results in more detail. ``` ``` -------------------------------- ### run_subcommand Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Safely executes external commands using subprocess.run, capturing stdout and stderr. It can optionally raise an error for non-zero exit codes and log debug information. ```APIDOC ## `run_subcommand()` — Safe Subprocess Execution Wraps `subprocess.run` to execute external commands (e.g., `scanoss-py`) with captured stdout/stderr and optional debug logging. Raises `subprocess.CalledProcessError` on non-zero exit when `check=True`. ```python import subprocess from hooks.check_undeclared_software import run_subcommand # Run a scan command, capturing output try: result = run_subcommand( ["scanoss-py", "scan", "--no-wfp-output", "--files", "src/main.py"], check=True, debug=True, # logs stderr via logging.debug ) print(result.stdout) except subprocess.CalledProcessError as e: print(f"Scan failed (exit {e.returncode}): {e.stderr}") ``` ``` -------------------------------- ### Redact Sensitive Arguments from Scan Commands Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Creates a copy of a command list, replacing sensitive arguments like API keys and proxy credentials with '*****' for secure logging. Use this before logging commands that might contain secrets. ```python from hooks.check_undeclared_software import sanitize_scan_command raw_cmd = [ "scanoss-py", "scan", "--key", "super-secret-api-key", "--proxy", "http://user:pass@proxy.corp.com:8080", "--files", "src/main.py", ] safe_cmd = sanitize_scan_command(raw_cmd) print(safe_cmd) # ['scanoss-py', 'scan', '--key', '*****', '--proxy', '*****', '--files', 'src/main.py'] ``` -------------------------------- ### Retrieve Staged Files using `get_staged_files()` Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Python function to fetch staged files from Git using `git diff --staged`. It returns a list of files with 'Added', 'Copied', 'Modified', or 'Renamed' status. Returns an empty list if no files are staged or the command fails. ```python from hooks.check_undeclared_software import get_staged_files staged = get_staged_files() if not staged: print("Nothing staged — skipping scan.") else: print(f"Staged files: {staged}") # Example output: # Staged files: ['src/main.py', 'lib/utils.js', 'README.md'] ``` -------------------------------- ### Run Subcommand Safely with Captured Output Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Executes external commands using subprocess.run with captured stdout/stderr. Raises CalledProcessError on non-zero exit codes when check=True. Debug logging is enabled via the debug parameter. ```python import subprocess from hooks.check_undeclared_software import run_subcommand # Run a scan command, capturing output try: result = run_subcommand( ["scanoss-py", "scan", "--no-wfp-output", "--files", "src/main.py"], check=True, debug=True, # logs stderr via logging.debug ) print(result.stdout) except subprocess.CalledProcessError as e: print(f"Scan failed (exit {e.returncode}): {e.stderr}") ``` -------------------------------- ### Display Scan Results in a Rich Terminal Table Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Renders a color-coded table in the terminal showing files with potential undeclared OSS, including details like file path, status, match type, PURL, and license. It also suggests a command to inspect results further. ```python from pathlib import Path from hooks.check_undeclared_software import present_results_table # Simulated payload returned by `scanoss-py results --has-pending --format json` payload = { "total": 2, "results": [ { "file": "src/vendor/lodash.min.js", "status": "pending", "match_type": "snippet", "matched": "87%", "purl": "pkg:npm/lodash@4.17.21", "license": "MIT", }, { "file": "lib/crypto_utils.py", "status": "pending", "match_type": "file", "matched": "100%", "purl": "pkg:pypi/cryptography@41.0.0", "license": "Apache-2.0", }, ], } output_path = Path(".scanoss/results.json") present_results_table(payload, output_path) # Prints a rich table to terminal and suggests: # Run 'scanoss-cc' in the terminal to view the results in more detail. ``` -------------------------------- ### SCANOSS Undeclared Check Hook Definition Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt This YAML defines the `scanoss-check-undeclared-code` hook for pre-commit. It specifies the entry point, language, and supported Git stages. ```yaml # .pre-commit-hooks.yaml (from the hooks repository — for reference) - id: scanoss-check-undeclared-code name: SCANOSS Undeclared Check description: Check for potential undeclared open source software in the files being committed entry: scanoss-check-undeclared-code language: python stages: [pre-commit, pre-push, manual] pass_filenames: false require_serial: true verbose: true ``` -------------------------------- ### sanitize_scan_command Source: https://context7.com/scanoss/pre-commit-hooks/llms.txt Redacts sensitive arguments like API keys and proxy credentials from a command list by replacing their values with '*****'. This is useful for logging commands securely. ```APIDOC ## `sanitize_scan_command()` — Redact Sensitive CLI Arguments Returns a copy of the command list with values for `--key` and `--proxy` replaced by `*****`. Used before logging the constructed scan command to prevent API keys or proxy credentials from appearing in debug output. ```python from hooks.check_undeclared_software import sanitize_scan_command raw_cmd = [ "scanoss-py", "scan", "--key", "super-secret-api-key", "--proxy", "http://user:pass@proxy.corp.com:8080", "--files", "src/main.py", ] safe_cmd = sanitize_scan_command(raw_cmd) print(safe_cmd) # ['scanoss-py', 'scan', '--key', '*****', '--proxy', '*****', '--files', 'src/main.py'] ``` ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.