Merge pull request #192 from sw360/190-determine-rust-dependencies

Determine rust dependencies

Author: tngraf

ChangeLog.md

@@ -5,10 +5,12 @@
 
 # CaPyCli - Clearing Automation Python Command Line Tool for SW360
 
-## 2.10.0.dev2
+## 2.10.0
 
 * Have `bom bompackage` as a separate command and have the advanced folder structure
   based on SHA1 hashes.
+* CaPyCLI now supports SBOM generation for Rust projects with the `getdependencies rust`
+  command.
 
 ## 2.10.0.dev1
 

capycli/dependencies/handle_dependencies.py

@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-23 Siemens
+# Copyright (c) 2019-2025 Siemens
 # All Rights Reserved.
 # Author: [email protected]
 #
@@ -14,6 +14,7 @@
 import capycli.dependencies.maven_pom
 import capycli.dependencies.nuget
 import capycli.dependencies.python
+import capycli.dependencies.rust
 from capycli.common.print import print_red
 from capycli.main.result_codes import ResultCode
 
@@ -34,6 +35,7 @@ def run_dependency_command(args: Any) -> None:
         print("    Javascript        determine dependencies for a JavaScript project")
         print("    MavenPom          determine dependencies for a Java/Maven project using the pom.xml file")
         print("    MavenList         determine dependencies for a Java/Maven project using a Maven command")
+        print("    Rust              determine dependencies for a Rust project")
         return
 
     subcommand = args.command[1].lower()
@@ -67,5 +69,11 @@ def run_dependency_command(args: Any) -> None:
         app5.run(args)
         return
 
+    if subcommand == "rust":
+        """Determine Rust components/dependencies for a given project"""
+        app6 = capycli.dependencies.rust.GetRustDependencies()
+        app6.run(args)
+        return
+
     print_red("Unknown sub-command: " + subcommand)
     sys.exit(ResultCode.RESULT_COMMAND_ERROR)

capycli/dependencies/python.py

@@ -779,7 +779,8 @@ def sbom_from_uv_lock_file(self, filename: str, search_meta_data: bool, package_
 
         return sbom
 
-    def check_meta_data(self, sbom: Bom) -> bool:
+    @staticmethod
+    def check_meta_data(sbom: Bom, verbose: bool) -> bool:
         """
         Check whether all required meta-data is available.
 
@@ -790,37 +791,37 @@ def check_meta_data(self, sbom: Bom) -> bool:
             bool: True if all required meta-data is available; otherwise False.
         """
 
-        if self.verbose:
+        if verbose:
             print_text("\nChecking meta-data:")
 
         result = True
         cxcomp: Component
         for cxcomp in sbom.components:
-            if self.verbose:
+            if verbose:
                 print_text(f"  {cxcomp.name}, {cxcomp.version}")
 
             if not cxcomp.purl:
                 result = False
-                if self.verbose:
+                if verbose:
                     print_yellow("    package-url missing")
 
             homepage = CycloneDxSupport.get_ext_ref_website(cxcomp)
             if not homepage:
                 result = False
-                if self.verbose:
+                if verbose:
                     print_yellow("    Homepage missing")
 
             if not cxcomp.licenses:
-                if self.verbose:
+                if verbose:
                     LOG.debug("    License missing")
             elif len(cxcomp.licenses) == 0:
-                if self.verbose:
+                if verbose:
                     LOG.debug("    License missing")
 
             src_url = CycloneDxSupport.get_ext_ref_source_url(cxcomp)
             if not src_url:
                 result = False
-                if self.verbose:
+                if verbose:
                     print_yellow("    Source code URL missing")
 
         return result
@@ -884,7 +885,7 @@ def run(self, args: Any) -> None:
             print_text("Formatting package list...")
             sbom = self.convert_package_list(package_list, args.search_meta_data, args.package_source)
 
-        self.check_meta_data(sbom)
+        GetPythonDependencies.check_meta_data(sbom, self.verbose)
 
         if self.verbose:
             print()