diff --git a/api/attributionnoticesv2/scanoss-attribution-notices.pb.go b/api/attributionnoticesv2/scanoss-attribution-notices.pb.go new file mode 100644 index 0000000..29d5249 --- /dev/null +++ b/api/attributionnoticesv2/scanoss-attribution-notices.pb.go @@ -0,0 +1,366 @@ +// +//SPDX-License-Identifier: MIT +// +//Copyright (c) 2026, SCANOSS +// +//Permission is hereby granted, free of charge, to any person obtaining a copy +//of this software and associated documentation files (the "Software"), to deal +//in the Software without restriction, including without limitation the rights +//to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +//copies of the Software, and to permit persons to whom the Software is +//furnished to do so, subject to the following conditions: +// +//The above copyright notice and this permission notice shall be included in +//all copies or substantial portions of the Software. +// +//THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +//IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +//FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +//AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +//LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +//OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +//THE SOFTWARE. + +//* +// Attribution Notices definition details + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.6 +// protoc v6.31.1 +// source: scanoss/api/attributionnotices/v2/scanoss-attribution-notices.proto + +package attributionnoticesv2 + +import ( + reflect "reflect" + sync "sync" + unsafe "unsafe" + + _ "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options" + commonv2 "github.com/scanoss/papi/api/commonv2" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// A single attribution notice associated with a component +type AttributionNotice struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Full text of the attribution/license notice + NoticeText string `protobuf:"bytes,1,opt,name=notice_text,proto3" json:"notice_text,omitempty"` + // MD5 hash of the notice text + NoticeMd5 string `protobuf:"bytes,2,opt,name=notice_md5,proto3" json:"notice_md5,omitempty"` + // Source describing where the notice was mined from (e.g., file path or mining details) + Source string `protobuf:"bytes,3,opt,name=source,proto3" json:"source,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *AttributionNotice) Reset() { + *x = AttributionNotice{} + mi := &file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AttributionNotice) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AttributionNotice) ProtoMessage() {} + +func (x *AttributionNotice) ProtoReflect() protoreflect.Message { + mi := &file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AttributionNotice.ProtoReflect.Descriptor instead. +func (*AttributionNotice) Descriptor() ([]byte, []int) { + return file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDescGZIP(), []int{0} +} + +func (x *AttributionNotice) GetNoticeText() string { + if x != nil { + return x.NoticeText + } + return "" +} + +func (x *AttributionNotice) GetNoticeMd5() string { + if x != nil { + return x.NoticeMd5 + } + return "" +} + +func (x *AttributionNotice) GetSource() string { + if x != nil { + return x.Source + } + return "" +} + +// Attribution notices information for a single component +type ComponentAttributionNotices struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The Package URL string identifying the component + Purl string `protobuf:"bytes,1,opt,name=purl,proto3" json:"purl,omitempty"` + // Echoes the client's version constraint from the request. See Common API Types documentation for resolution logic + Requirement string `protobuf:"bytes,2,opt,name=requirement,proto3" json:"requirement,omitempty"` + // Specific version of the component that was analyzed + Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"` + // SPDX expression when licensing terms are clearly determinable from source analysis + // List of attribution notices associated with the component + Notices []*AttributionNotice `protobuf:"bytes,4,rep,name=notices,proto3" json:"notices,omitempty"` + // Status message describing the outcome of processing this component. + InfoMessage *string `protobuf:"bytes,5,opt,name=info_message,proto3,oneof" json:"info_message,omitempty"` + // Status code identifying the outcome of processing this component. + // + // Possible values: + // - "INVALID_PURL": The provided Package URL (PURL) is invalid or malformed. + // - "COMPONENT_NOT_FOUND": The requested component could not be found in the database. + // - "NO_INFO": No attribution notices are available for the requested component. + InfoCode *string `protobuf:"bytes,6,opt,name=info_code,proto3,oneof" json:"info_code,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComponentAttributionNotices) Reset() { + *x = ComponentAttributionNotices{} + mi := &file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComponentAttributionNotices) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComponentAttributionNotices) ProtoMessage() {} + +func (x *ComponentAttributionNotices) ProtoReflect() protoreflect.Message { + mi := &file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComponentAttributionNotices.ProtoReflect.Descriptor instead. +func (*ComponentAttributionNotices) Descriptor() ([]byte, []int) { + return file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDescGZIP(), []int{1} +} + +func (x *ComponentAttributionNotices) GetPurl() string { + if x != nil { + return x.Purl + } + return "" +} + +func (x *ComponentAttributionNotices) GetRequirement() string { + if x != nil { + return x.Requirement + } + return "" +} + +func (x *ComponentAttributionNotices) GetVersion() string { + if x != nil { + return x.Version + } + return "" +} + +func (x *ComponentAttributionNotices) GetNotices() []*AttributionNotice { + if x != nil { + return x.Notices + } + return nil +} + +func (x *ComponentAttributionNotices) GetInfoMessage() string { + if x != nil && x.InfoMessage != nil { + return *x.InfoMessage + } + return "" +} + +func (x *ComponentAttributionNotices) GetInfoCode() string { + if x != nil && x.InfoCode != nil { + return *x.InfoCode + } + return "" +} + +// * +// Components level Attribution Notices Response data (JSON payload) +// Contains attribution notices information for each requested component. +type ComponentsAttributionNoticesResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Attribution notices details for each requested component + Attributions []*ComponentAttributionNotices `protobuf:"bytes,1,rep,name=attributions,proto3" json:"attributions,omitempty"` + // Response status indicating success or failure of the request + Status *commonv2.StatusResponse `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComponentsAttributionNoticesResponse) Reset() { + *x = ComponentsAttributionNoticesResponse{} + mi := &file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComponentsAttributionNoticesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComponentsAttributionNoticesResponse) ProtoMessage() {} + +func (x *ComponentsAttributionNoticesResponse) ProtoReflect() protoreflect.Message { + mi := &file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComponentsAttributionNoticesResponse.ProtoReflect.Descriptor instead. +func (*ComponentsAttributionNoticesResponse) Descriptor() ([]byte, []int) { + return file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDescGZIP(), []int{2} +} + +func (x *ComponentsAttributionNoticesResponse) GetAttributions() []*ComponentAttributionNotices { + if x != nil { + return x.Attributions + } + return nil +} + +func (x *ComponentsAttributionNoticesResponse) GetStatus() *commonv2.StatusResponse { + if x != nil { + return x.Status + } + return nil +} + +var File_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto protoreflect.FileDescriptor + +const file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDesc = "" + + "\n" + + "Cscanoss/api/attributionnotices/v2/scanoss-attribution-notices.proto\x12!scanoss.api.attributionnotices.v2\x1a*scanoss/api/common/v2/scanoss-common.proto\x1a\x1cgoogle/api/annotations.proto\x1a.protoc-gen-openapiv2/options/annotations.proto\"m\n" + + "\x11AttributionNotice\x12 \n" + + "\vnotice_text\x18\x01 \x01(\tR\vnotice_text\x12\x1e\n" + + "\n" + + "notice_md5\x18\x02 \x01(\tR\n" + + "notice_md5\x12\x16\n" + + "\x06source\x18\x03 \x01(\tR\x06source\"\xa8\x02\n" + + "\x1bComponentAttributionNotices\x12\x12\n" + + "\x04purl\x18\x01 \x01(\tR\x04purl\x12 \n" + + "\vrequirement\x18\x02 \x01(\tR\vrequirement\x12\x18\n" + + "\aversion\x18\x03 \x01(\tR\aversion\x12N\n" + + "\anotices\x18\x04 \x03(\v24.scanoss.api.attributionnotices.v2.AttributionNoticeR\anotices\x12'\n" + + "\finfo_message\x18\x05 \x01(\tH\x00R\finfo_message\x88\x01\x01\x12!\n" + + "\tinfo_code\x18\x06 \x01(\tH\x01R\tinfo_code\x88\x01\x01B\x0f\n" + + "\r_info_messageB\f\n" + + "\n" + + "_info_code\"\x92\x04\n" + + "$ComponentsAttributionNoticesResponse\x12b\n" + + "\fattributions\x18\x01 \x03(\v2>.scanoss.api.attributionnotices.v2.ComponentAttributionNoticesR\fattributions\x12=\n" + + "\x06status\x18\x02 \x01(\v2%.scanoss.api.common.v2.StatusResponseR\x06status:\xc6\x02\x92A\xc2\x02\n" + + "\xbf\x02J\xbc\x02{\"attributions\":[{\"purl\":\"pkg:npm/express@4.18.2\",\"notices\":[{\"notice_text\":\"MIT License\\nPermission is hereby granted, free of charge...\",\"notice_md5\":\"a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\",\"source\":\"package.json dependency scan\"}]}],\"status\":{\"status\":\"SUCCESS\",\"message\":\"Attribution notices successfully retrieved\"}}2\xd4\x02\n" + + "\x12AttributionNotices\x12x\n" + + "\x04Echo\x12\".scanoss.api.common.v2.EchoRequest\x1a#.scanoss.api.common.v2.EchoResponse\"'\x82\xd3\xe4\x93\x02!:\x01*\"\x1c/v2/attribution-notices/echo\x12\xc3\x01\n" + + "\x1fGetComponentsAttributionNotices\x12(.scanoss.api.common.v2.ComponentsRequest\x1aG.scanoss.api.attributionnotices.v2.ComponentsAttributionNoticesResponse\"-\x82\xd3\xe4\x93\x02':\x01*\"\"/v2/attribution-notices/componentsB\xc0\x02\x92A\xf5\x01\x12\x8e\x01\n" + + "#SCANOSS Attribution Notices Service\"b\n" + + "\x1bscanoss-attribution-notices\x12.https://github.com/scanoss/attribution-notices\x1a\x13support@scanoss.com2\x032.0*\x01\x012\x10application/json:\x10application/jsonR;\n" + + "\x03404\x124\n" + + "*Returned when the resource does not exist.\x12\x06\n" + + "\x04\x9a\x02\x01\aZEgithub.com/scanoss/papi/api/attributionnoticesv2;attributionnoticesv2b\x06proto3" + +var ( + file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDescOnce sync.Once + file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDescData []byte +) + +func file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDescGZIP() []byte { + file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDescOnce.Do(func() { + file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDesc), len(file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDesc))) + }) + return file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDescData +} + +var file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_goTypes = []any{ + (*AttributionNotice)(nil), // 0: scanoss.api.attributionnotices.v2.AttributionNotice + (*ComponentAttributionNotices)(nil), // 1: scanoss.api.attributionnotices.v2.ComponentAttributionNotices + (*ComponentsAttributionNoticesResponse)(nil), // 2: scanoss.api.attributionnotices.v2.ComponentsAttributionNoticesResponse + (*commonv2.StatusResponse)(nil), // 3: scanoss.api.common.v2.StatusResponse + (*commonv2.EchoRequest)(nil), // 4: scanoss.api.common.v2.EchoRequest + (*commonv2.ComponentsRequest)(nil), // 5: scanoss.api.common.v2.ComponentsRequest + (*commonv2.EchoResponse)(nil), // 6: scanoss.api.common.v2.EchoResponse +} +var file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_depIdxs = []int32{ + 0, // 0: scanoss.api.attributionnotices.v2.ComponentAttributionNotices.notices:type_name -> scanoss.api.attributionnotices.v2.AttributionNotice + 1, // 1: scanoss.api.attributionnotices.v2.ComponentsAttributionNoticesResponse.attributions:type_name -> scanoss.api.attributionnotices.v2.ComponentAttributionNotices + 3, // 2: scanoss.api.attributionnotices.v2.ComponentsAttributionNoticesResponse.status:type_name -> scanoss.api.common.v2.StatusResponse + 4, // 3: scanoss.api.attributionnotices.v2.AttributionNotices.Echo:input_type -> scanoss.api.common.v2.EchoRequest + 5, // 4: scanoss.api.attributionnotices.v2.AttributionNotices.GetComponentsAttributionNotices:input_type -> scanoss.api.common.v2.ComponentsRequest + 6, // 5: scanoss.api.attributionnotices.v2.AttributionNotices.Echo:output_type -> scanoss.api.common.v2.EchoResponse + 2, // 6: scanoss.api.attributionnotices.v2.AttributionNotices.GetComponentsAttributionNotices:output_type -> scanoss.api.attributionnotices.v2.ComponentsAttributionNoticesResponse + 5, // [5:7] is the sub-list for method output_type + 3, // [3:5] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name +} + +func init() { file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_init() } +func file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_init() { + if File_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto != nil { + return + } + file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_msgTypes[1].OneofWrappers = []any{} + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDesc), len(file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_rawDesc)), + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_goTypes, + DependencyIndexes: file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_depIdxs, + MessageInfos: file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_msgTypes, + }.Build() + File_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto = out.File + file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_goTypes = nil + file_scanoss_api_attributionnotices_v2_scanoss_attribution_notices_proto_depIdxs = nil +} diff --git a/api/attributionnoticesv2/scanoss-attribution-notices.pb.gw.go b/api/attributionnoticesv2/scanoss-attribution-notices.pb.gw.go new file mode 100644 index 0000000..30f1e8e --- /dev/null +++ b/api/attributionnoticesv2/scanoss-attribution-notices.pb.gw.go @@ -0,0 +1,224 @@ +// Code generated by protoc-gen-grpc-gateway. DO NOT EDIT. +// source: scanoss/api/attributionnotices/v2/scanoss-attribution-notices.proto + +/* +Package attributionnoticesv2 is a reverse proxy. + +It translates gRPC into RESTful JSON APIs. +*/ +package attributionnoticesv2 + +import ( + "context" + "errors" + "io" + "net/http" + + "github.com/grpc-ecosystem/grpc-gateway/v2/runtime" + "github.com/grpc-ecosystem/grpc-gateway/v2/utilities" + "github.com/scanoss/papi/api/commonv2" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" +) + +// Suppress "imported and not used" errors +var ( + _ codes.Code + _ io.Reader + _ status.Status + _ = errors.New + _ = runtime.String + _ = utilities.NewDoubleArray + _ = metadata.Join +) + +func request_AttributionNotices_Echo_0(ctx context.Context, marshaler runtime.Marshaler, client AttributionNoticesClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var ( + protoReq commonv2.EchoRequest + metadata runtime.ServerMetadata + ) + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && !errors.Is(err, io.EOF) { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if req.Body != nil { + _, _ = io.Copy(io.Discard, req.Body) + } + msg, err := client.Echo(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err +} + +func local_request_AttributionNotices_Echo_0(ctx context.Context, marshaler runtime.Marshaler, server AttributionNoticesServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var ( + protoReq commonv2.EchoRequest + metadata runtime.ServerMetadata + ) + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && !errors.Is(err, io.EOF) { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + msg, err := server.Echo(ctx, &protoReq) + return msg, metadata, err +} + +func request_AttributionNotices_GetComponentsAttributionNotices_0(ctx context.Context, marshaler runtime.Marshaler, client AttributionNoticesClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var ( + protoReq commonv2.ComponentsRequest + metadata runtime.ServerMetadata + ) + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && !errors.Is(err, io.EOF) { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if req.Body != nil { + _, _ = io.Copy(io.Discard, req.Body) + } + msg, err := client.GetComponentsAttributionNotices(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err +} + +func local_request_AttributionNotices_GetComponentsAttributionNotices_0(ctx context.Context, marshaler runtime.Marshaler, server AttributionNoticesServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var ( + protoReq commonv2.ComponentsRequest + metadata runtime.ServerMetadata + ) + if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && !errors.Is(err, io.EOF) { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + msg, err := server.GetComponentsAttributionNotices(ctx, &protoReq) + return msg, metadata, err +} + +// RegisterAttributionNoticesHandlerServer registers the http handlers for service AttributionNotices to "mux". +// UnaryRPC :call AttributionNoticesServer directly. +// StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. +// Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterAttributionNoticesHandlerFromEndpoint instead. +// GRPC interceptors will not work for this type of registration. To use interceptors, you must use the "runtime.WithMiddlewares" option in the "runtime.NewServeMux" call. +func RegisterAttributionNoticesHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AttributionNoticesServer) error { + mux.Handle(http.MethodPost, pattern_AttributionNotices_Echo_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/scanoss.api.attributionnotices.v2.AttributionNotices/Echo", runtime.WithHTTPPathPattern("/v2/attribution-notices/echo")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_AttributionNotices_Echo_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + forward_AttributionNotices_Echo_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + }) + mux.Handle(http.MethodPost, pattern_AttributionNotices_GetComponentsAttributionNotices_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/scanoss.api.attributionnotices.v2.AttributionNotices/GetComponentsAttributionNotices", runtime.WithHTTPPathPattern("/v2/attribution-notices/components")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_AttributionNotices_GetComponentsAttributionNotices_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + forward_AttributionNotices_GetComponentsAttributionNotices_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + }) + + return nil +} + +// RegisterAttributionNoticesHandlerFromEndpoint is same as RegisterAttributionNoticesHandler but +// automatically dials to "endpoint" and closes the connection when "ctx" gets done. +func RegisterAttributionNoticesHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) { + conn, err := grpc.NewClient(endpoint, opts...) + if err != nil { + return err + } + defer func() { + if err != nil { + if cerr := conn.Close(); cerr != nil { + grpclog.Errorf("Failed to close conn to %s: %v", endpoint, cerr) + } + return + } + go func() { + <-ctx.Done() + if cerr := conn.Close(); cerr != nil { + grpclog.Errorf("Failed to close conn to %s: %v", endpoint, cerr) + } + }() + }() + return RegisterAttributionNoticesHandler(ctx, mux, conn) +} + +// RegisterAttributionNoticesHandler registers the http handlers for service AttributionNotices to "mux". +// The handlers forward requests to the grpc endpoint over "conn". +func RegisterAttributionNoticesHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error { + return RegisterAttributionNoticesHandlerClient(ctx, mux, NewAttributionNoticesClient(conn)) +} + +// RegisterAttributionNoticesHandlerClient registers the http handlers for service AttributionNotices +// to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "AttributionNoticesClient". +// Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "AttributionNoticesClient" +// doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in +// "AttributionNoticesClient" to call the correct interceptors. This client ignores the HTTP middlewares. +func RegisterAttributionNoticesHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AttributionNoticesClient) error { + mux.Handle(http.MethodPost, pattern_AttributionNotices_Echo_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/scanoss.api.attributionnotices.v2.AttributionNotices/Echo", runtime.WithHTTPPathPattern("/v2/attribution-notices/echo")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_AttributionNotices_Echo_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + forward_AttributionNotices_Echo_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + }) + mux.Handle(http.MethodPost, pattern_AttributionNotices_GetComponentsAttributionNotices_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/scanoss.api.attributionnotices.v2.AttributionNotices/GetComponentsAttributionNotices", runtime.WithHTTPPathPattern("/v2/attribution-notices/components")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_AttributionNotices_GetComponentsAttributionNotices_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + forward_AttributionNotices_GetComponentsAttributionNotices_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + }) + return nil +} + +var ( + pattern_AttributionNotices_Echo_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v2", "attribution-notices", "echo"}, "")) + pattern_AttributionNotices_GetComponentsAttributionNotices_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v2", "attribution-notices", "components"}, "")) +) + +var ( + forward_AttributionNotices_Echo_0 = runtime.ForwardResponseMessage + forward_AttributionNotices_GetComponentsAttributionNotices_0 = runtime.ForwardResponseMessage +) diff --git a/api/attributionnoticesv2/scanoss-attribution-notices_grpc.pb.go b/api/attributionnoticesv2/scanoss-attribution-notices_grpc.pb.go new file mode 100644 index 0000000..c40e0fd --- /dev/null +++ b/api/attributionnoticesv2/scanoss-attribution-notices_grpc.pb.go @@ -0,0 +1,200 @@ +// +//SPDX-License-Identifier: MIT +// +//Copyright (c) 2026, SCANOSS +// +//Permission is hereby granted, free of charge, to any person obtaining a copy +//of this software and associated documentation files (the "Software"), to deal +//in the Software without restriction, including without limitation the rights +//to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +//copies of the Software, and to permit persons to whom the Software is +//furnished to do so, subject to the following conditions: +// +//The above copyright notice and this permission notice shall be included in +//all copies or substantial portions of the Software. +// +//THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +//IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +//FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +//AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +//LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +//OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +//THE SOFTWARE. + +//* +// Attribution Notices definition details + +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.31.1 +// source: scanoss/api/attributionnotices/v2/scanoss-attribution-notices.proto + +package attributionnoticesv2 + +import ( + context "context" + commonv2 "github.com/scanoss/papi/api/commonv2" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + AttributionNotices_Echo_FullMethodName = "/scanoss.api.attributionnotices.v2.AttributionNotices/Echo" + AttributionNotices_GetComponentsAttributionNotices_FullMethodName = "/scanoss.api.attributionnotices.v2.AttributionNotices/GetComponentsAttributionNotices" +) + +// AttributionNoticesClient is the client API for AttributionNotices service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// * +// Expose all of the SCANOSS Attribution Notices RPCs here +type AttributionNoticesClient interface { + // Standard health check endpoint to verify service availability and connectivity + Echo(ctx context.Context, in *commonv2.EchoRequest, opts ...grpc.CallOption) (*commonv2.EchoResponse, error) + // Get attribution notices for a list of components + // Accepts a ComponentsRequest (list of PURLs with optional version requirements) + // and returns the attribution notices associated with each component. + GetComponentsAttributionNotices(ctx context.Context, in *commonv2.ComponentsRequest, opts ...grpc.CallOption) (*ComponentsAttributionNoticesResponse, error) +} + +type attributionNoticesClient struct { + cc grpc.ClientConnInterface +} + +func NewAttributionNoticesClient(cc grpc.ClientConnInterface) AttributionNoticesClient { + return &attributionNoticesClient{cc} +} + +func (c *attributionNoticesClient) Echo(ctx context.Context, in *commonv2.EchoRequest, opts ...grpc.CallOption) (*commonv2.EchoResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(commonv2.EchoResponse) + err := c.cc.Invoke(ctx, AttributionNotices_Echo_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *attributionNoticesClient) GetComponentsAttributionNotices(ctx context.Context, in *commonv2.ComponentsRequest, opts ...grpc.CallOption) (*ComponentsAttributionNoticesResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(ComponentsAttributionNoticesResponse) + err := c.cc.Invoke(ctx, AttributionNotices_GetComponentsAttributionNotices_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// AttributionNoticesServer is the server API for AttributionNotices service. +// All implementations must embed UnimplementedAttributionNoticesServer +// for forward compatibility. +// +// * +// Expose all of the SCANOSS Attribution Notices RPCs here +type AttributionNoticesServer interface { + // Standard health check endpoint to verify service availability and connectivity + Echo(context.Context, *commonv2.EchoRequest) (*commonv2.EchoResponse, error) + // Get attribution notices for a list of components + // Accepts a ComponentsRequest (list of PURLs with optional version requirements) + // and returns the attribution notices associated with each component. + GetComponentsAttributionNotices(context.Context, *commonv2.ComponentsRequest) (*ComponentsAttributionNoticesResponse, error) + mustEmbedUnimplementedAttributionNoticesServer() +} + +// UnimplementedAttributionNoticesServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedAttributionNoticesServer struct{} + +func (UnimplementedAttributionNoticesServer) Echo(context.Context, *commonv2.EchoRequest) (*commonv2.EchoResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Echo not implemented") +} +func (UnimplementedAttributionNoticesServer) GetComponentsAttributionNotices(context.Context, *commonv2.ComponentsRequest) (*ComponentsAttributionNoticesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetComponentsAttributionNotices not implemented") +} +func (UnimplementedAttributionNoticesServer) mustEmbedUnimplementedAttributionNoticesServer() {} +func (UnimplementedAttributionNoticesServer) testEmbeddedByValue() {} + +// UnsafeAttributionNoticesServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to AttributionNoticesServer will +// result in compilation errors. +type UnsafeAttributionNoticesServer interface { + mustEmbedUnimplementedAttributionNoticesServer() +} + +func RegisterAttributionNoticesServer(s grpc.ServiceRegistrar, srv AttributionNoticesServer) { + // If the following call pancis, it indicates UnimplementedAttributionNoticesServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&AttributionNotices_ServiceDesc, srv) +} + +func _AttributionNotices_Echo_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(commonv2.EchoRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AttributionNoticesServer).Echo(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: AttributionNotices_Echo_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AttributionNoticesServer).Echo(ctx, req.(*commonv2.EchoRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AttributionNotices_GetComponentsAttributionNotices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(commonv2.ComponentsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AttributionNoticesServer).GetComponentsAttributionNotices(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: AttributionNotices_GetComponentsAttributionNotices_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AttributionNoticesServer).GetComponentsAttributionNotices(ctx, req.(*commonv2.ComponentsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// AttributionNotices_ServiceDesc is the grpc.ServiceDesc for AttributionNotices service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var AttributionNotices_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "scanoss.api.attributionnotices.v2.AttributionNotices", + HandlerType: (*AttributionNoticesServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Echo", + Handler: _AttributionNotices_Echo_Handler, + }, + { + MethodName: "GetComponentsAttributionNotices", + Handler: _AttributionNotices_GetComponentsAttributionNotices_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "scanoss/api/attributionnotices/v2/scanoss-attribution-notices.proto", +} diff --git a/protobuf/scanoss/api/attributionnotices/v2/README.md b/protobuf/scanoss/api/attributionnotices/v2/README.md new file mode 100644 index 0000000..ecbbfac --- /dev/null +++ b/protobuf/scanoss/api/attributionnotices/v2/README.md @@ -0,0 +1,107 @@ +# SCANOSS Attribution Notices Service API v2 + +Provides attribution/license notices mined for software components. Given a list of PURLs with optional version requirements, the service returns the attribution notices associated with each component. + +## GetComponentsAttributionNotices + +Retrieves attribution notices for a list of software components. + +### Request Format +See [Common API Types](../common/v2/README.md) for `ComponentsRequest` documentation. + +### HTTP Request Example +```bash +curl -X POST 'https://api.scanoss.com/v2/attribution-notices/components' \ + -H 'Content-Type: application/json' \ + -H "X-Api-Key: $SC_API_KEY" \ + -d '{ + "components": [ + {"purl": "pkg:npm/express@4.18.2"}, + {"purl": "pkg:example/example"} + ] + }' +``` + +### Response Format + +The method returns attribution notices information including: + +- `attributions` array: Contains attribution notices data for each requested component +- `status` field: Response status indicating success or failure of the request + +Each element in `attributions` contains: +- `purl`: Package URL identifying the component +- `notices`: List of attribution notices mined for the component + - `notice_text`: Full text of the attribution/license notice + - `notice_md5`: MD5 hash of the notice text + - `source`: Where the notice was mined from + +### Response Examples + +#### Component with Attribution Notices +```json +{ + "attributions": [ + { + "purl": "pkg:example/example", + "notices": [ + { + "notice_text": "license text1", + "notice_md5": "MD51", + "source": "new file with more mining details" + }, + { + "notice_text": "license text2", + "notice_md5": "MD52", + "source": "new file with more mining details" + } + ] + }, + { + "purl": "pkg:npm/express@4.18.2", + "notices": [ + { + "notice_text": "MIT License\nPermission is hereby granted, free of charge...", + "notice_md5": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "source": "package.json dependency scan" + } + ] + } + ], + "status": { + "status": "SUCCESS", + "message": "Attribution notices successfully retrieved" + } +} +``` + +#### Status in component +The response reports the processing status of each component via `info_code` and `info_message`. When a component cannot be processed, the remaining fields will be empty since the component could not be resolved: +```json +{ + "attributions": [ + { + "purl": "pkg:npm/unknown-component@1.0.0", + "notices": [], + "info_message": "Component not found", + "info_code": "COMPONENT_NOT_FOUND" + } + ], + "status": { + "status": "SUCCESS", + "message": "Attribution notices successfully retrieved" + } +} +``` + +## Echo + +Standard service health check endpoint for testing connectivity and API key validation. + +### HTTP Request Example +```bash +curl -X POST 'https://api.scanoss.com/v2/attribution-notices/echo' \ + -H 'Content-Type: application/json' \ + -H "X-Api-Key: $SC_API_KEY" \ + -d '{"message": "test"}' +``` diff --git a/protobuf/scanoss/api/attributionnotices/v2/scanoss-attribution-notices.proto b/protobuf/scanoss/api/attributionnotices/v2/scanoss-attribution-notices.proto new file mode 100644 index 0000000..1d0498a --- /dev/null +++ b/protobuf/scanoss/api/attributionnotices/v2/scanoss-attribution-notices.proto @@ -0,0 +1,133 @@ +/* + SPDX-License-Identifier: MIT + + Copyright (c) 2026, SCANOSS + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + */ + +/** + * Attribution Notices definition details +*/ +syntax = "proto3"; +package scanoss.api.attributionnotices.v2; + +option go_package = "github.com/scanoss/papi/api/attributionnoticesv2;attributionnoticesv2"; + +import "scanoss/api/common/v2/scanoss-common.proto"; +import "google/api/annotations.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; + +option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { + info: { + title: "SCANOSS Attribution Notices Service"; + version: "2.0"; + contact: { + name: "scanoss-attribution-notices"; + url: "https://github.com/scanoss/attribution-notices"; + email: "support@scanoss.com"; + }; + }; + schemes: HTTP; + consumes: "application/json"; + produces: "application/json"; + responses: { + key: "404"; + value: { + description: "Returned when the resource does not exist."; + schema: { + json_schema: { + type: STRING; + } + } + } + } +}; + +/** + * Expose all of the SCANOSS Attribution Notices RPCs here + */ +service AttributionNotices { + // Standard health check endpoint to verify service availability and connectivity + rpc Echo(scanoss.api.common.v2.EchoRequest) returns(scanoss.api.common.v2.EchoResponse) { + option (google.api.http) = { + post: "/v2/attribution-notices/echo" + body: "*" + }; + }; + + // Get attribution notices for a list of components + // Accepts a ComponentsRequest (list of PURLs with optional version requirements) + // and returns the attribution notices associated with each component. + rpc GetComponentsAttributionNotices(scanoss.api.common.v2.ComponentsRequest) returns(ComponentsAttributionNoticesResponse) { + option (google.api.http) = { + post: "/v2/attribution-notices/components" + body: "*" + }; + }; +} + +// A single attribution notice associated with a component +message AttributionNotice { + // Full text of the attribution/license notice + string notice_text = 1 [json_name = "notice_text"]; + // MD5 hash of the notice text used for deduplication and integrity checks + string notice_md5 = 2 [json_name = "notice_md5"]; + // Source describing where the notice was mined from (e.g., file path or mining details) + string source = 3; +} + +// Attribution notices information for a single component +message ComponentAttributionNotices { + // The Package URL string identifying the component + string purl = 1; + // Echoes the client's version constraint from the request. See Common API Types documentation for resolution logic + string requirement = 2; + // Specific version of the component that was analyzed + string version = 3; + // SPDX expression when licensing terms are clearly determinable from source analysis + // List of attribution notices associated with the component + repeated AttributionNotice notices = 4; + + // Status message describing the outcome of processing this component. + optional string info_message = 5 [json_name = "info_message"]; + // Status code identifying the outcome of processing this component. + // + // Possible values: + // - "INVALID_PURL": The provided Package URL (PURL) is invalid or malformed. + // - "COMPONENT_NOT_FOUND": The requested component could not be found in the database. + // - "NO_INFO": No attribution notices are available for the requested component. + optional string info_code = 6 [json_name = "info_code"]; +} + +/** + * Components level Attribution Notices Response data (JSON payload) + * Contains attribution notices information for each requested component. + */ +message ComponentsAttributionNoticesResponse { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + example: "{\"attributions\":[{\"purl\":\"pkg:npm/express@4.18.2\",\"notices\":[{\"notice_text\":\"MIT License\\nPermission is hereby granted, free of charge...\",\"notice_md5\":\"a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\",\"source\":\"package.json dependency scan\"}]}],\"status\":{\"status\":\"SUCCESS\",\"message\":\"Attribution notices successfully retrieved\"}}"; + } + }; + // Attribution notices details for each requested component + repeated ComponentAttributionNotices attributions = 1; + // Response status indicating success or failure of the request + scanoss.api.common.v2.StatusResponse status = 2; +} diff --git a/protobuf/scanoss/api/attributionnotices/v2/scanoss-attribution-notices.swagger.json b/protobuf/scanoss/api/attributionnotices/v2/scanoss-attribution-notices.swagger.json new file mode 100644 index 0000000..a032513 --- /dev/null +++ b/protobuf/scanoss/api/attributionnotices/v2/scanoss-attribution-notices.swagger.json @@ -0,0 +1,351 @@ +{ + "swagger": "2.0", + "info": { + "title": "SCANOSS Attribution Notices Service", + "version": "2.0", + "contact": { + "name": "scanoss-attribution-notices", + "url": "https://github.com/scanoss/attribution-notices", + "email": "support@scanoss.com" + } + }, + "tags": [ + { + "name": "AttributionNotices" + } + ], + "schemes": [ + "http" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/v2/attribution-notices/components": { + "post": { + "summary": "Get attribution notices for a list of components\nAccepts a ComponentsRequest (list of PURLs with optional version requirements)\nand returns the attribution notices associated with each component.", + "operationId": "AttributionNotices_GetComponentsAttributionNotices", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v2ComponentsAttributionNoticesResponse" + } + }, + "404": { + "description": "Returned when the resource does not exist.", + "schema": { + "type": "string", + "format": "string" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "body", + "description": "Represents a list of software component to be analyzed by SCANOSS API services.\nAllows analysis of multiple software components in a single API call, improving performance over individual requests.", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v2ComponentsRequest" + } + } + ], + "tags": [ + "AttributionNotices" + ] + } + }, + "/v2/attribution-notices/echo": { + "post": { + "summary": "Standard health check endpoint to verify service availability and connectivity", + "operationId": "AttributionNotices_Echo", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v2EchoResponse" + } + }, + "404": { + "description": "Returned when the resource does not exist.", + "schema": { + "type": "string", + "format": "string" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "body", + "description": "Echo Message Request.", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v2EchoRequest" + } + } + ], + "tags": [ + "AttributionNotices" + ] + } + } + }, + "definitions": { + "StatusResponseDB": { + "type": "object", + "properties": { + "schema_version": { + "type": "string", + "title": "Semantic schema version (e.g., 'v1.0.0')" + }, + "created_at": { + "type": "string", + "title": "When this DB was built (ISO 8601 format)" + } + }, + "description": "Database version information." + }, + "StatusResponseServer": { + "type": "object", + "properties": { + "version": { + "type": "string", + "title": "Semantic version (e.g., 'v1.0.0')" + } + }, + "description": "Server information." + }, + "protobufAny": { + "type": "object", + "properties": { + "@type": { + "type": "string" + } + }, + "additionalProperties": {} + }, + "rpcStatus": { + "type": "object", + "properties": { + "code": { + "type": "integer", + "format": "int32" + }, + "message": { + "type": "string" + }, + "details": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/protobufAny" + } + } + } + }, + "v2AttributionNotice": { + "type": "object", + "properties": { + "notice_text": { + "type": "string", + "title": "Full text of the attribution/license notice" + }, + "notice_md5": { + "type": "string", + "title": "MD5 hash of the notice text used for deduplication and integrity checks" + }, + "source": { + "type": "string", + "title": "Source describing where the notice was mined from (e.g., file path or mining details)" + } + }, + "title": "A single attribution notice associated with a component" + }, + "v2ComponentAttributionNotices": { + "type": "object", + "properties": { + "purl": { + "type": "string", + "title": "The Package URL string identifying the component" + }, + "requirement": { + "type": "string", + "title": "Echoes the client's version constraint from the request. See Common API Types documentation for resolution logic" + }, + "version": { + "type": "string", + "title": "Specific version of the component that was analyzed" + }, + "notices": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v2AttributionNotice" + }, + "title": "SPDX expression when licensing terms are clearly determinable from source analysis\nList of attribution notices associated with the component" + }, + "info_message": { + "type": "string", + "description": "Status message describing the outcome of processing this component." + }, + "info_code": { + "type": "string", + "description": "Status code identifying the outcome of processing this component.\n\nPossible values:\n - \"INVALID_PURL\": The provided Package URL (PURL) is invalid or malformed.\n - \"COMPONENT_NOT_FOUND\": The requested component could not be found in the database.\n - \"NO_INFO\": No attribution notices are available for the requested component." + } + }, + "title": "Attribution notices information for a single component" + }, + "v2ComponentRequest": { + "type": "object", + "example": { + "purl": "pkg:github/scanoss/engine@1.0.0" + }, + "properties": { + "purl": { + "type": "string", + "description": "Package URL identifying the component to analyze." + }, + "requirement": { + "type": "string", + "description": "Version constraint for component resolution when PURL lacks explicit version." + } + }, + "description": "Represents a software component to be analyzed by SCANOSS API services.\nCombines a Package URL for component identification with optional version constraints for resolution.", + "required": [ + "purl" + ] + }, + "v2ComponentsAttributionNoticesResponse": { + "type": "object", + "example": { + "attributions": [ + { + "purl": "pkg:npm/express@4.18.2", + "notices": [ + { + "notice_text": "MIT License\nPermission is hereby granted, free of charge...", + "notice_md5": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "source": "package.json dependency scan" + } + ] + } + ], + "status": { + "status": "SUCCESS", + "message": "Attribution notices successfully retrieved" + } + }, + "properties": { + "attributions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v2ComponentAttributionNotices" + }, + "title": "Attribution notices details for each requested component" + }, + "status": { + "$ref": "#/definitions/v2StatusResponse", + "title": "Response status indicating success or failure of the request" + } + }, + "description": "*\nComponents level Attribution Notices Response data (JSON payload)\nContains attribution notices information for each requested component." + }, + "v2ComponentsRequest": { + "type": "object", + "example": { + "components": [ + { + "purl": "pkg:github/scanoss/engine@1.0.0" + }, + { + "purl": "pkg:github/scanoss/scanoss.py@v1.30.0" + } + ] + }, + "properties": { + "components": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/v2ComponentRequest" + }, + "title": "Array of component requests to analyze" + } + }, + "description": "Represents a list of software component to be analyzed by SCANOSS API services.\nAllows analysis of multiple software components in a single API call, improving performance over individual requests.", + "required": [ + "components" + ] + }, + "v2EchoRequest": { + "type": "object", + "properties": { + "message": { + "type": "string" + } + }, + "description": "Echo Message Request." + }, + "v2EchoResponse": { + "type": "object", + "properties": { + "message": { + "type": "string" + } + }, + "description": "Echo Message Response." + }, + "v2StatusCode": { + "type": "string", + "enum": [ + "UNSPECIFIED", + "SUCCESS", + "SUCCEEDED_WITH_WARNINGS", + "WARNING", + "FAILED" + ], + "default": "UNSPECIFIED", + "description": "Status code Enum." + }, + "v2StatusResponse": { + "type": "object", + "properties": { + "status": { + "$ref": "#/definitions/v2StatusCode", + "title": "response status" + }, + "message": { + "type": "string", + "title": "Status message" + }, + "db": { + "$ref": "#/definitions/StatusResponseDB", + "title": "Database version information (optional)" + }, + "server": { + "$ref": "#/definitions/StatusResponseServer", + "title": "Server information" + } + }, + "description": "Detailed response details." + } + } +}