Fix tests

prabhu · prabhu · commit 66df1ff8f60e · 2025-03-23T14:17:18.000Z
Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;
diff --git a/depscan/lib/bom.py b/depscan/lib/bom.py
@@ -196,11 +196,13 @@ def create_bom(bom_file, src_dir=".", options=None):
     # For binaries, generate an sbom with blint directly
     techniques = options.get("techniques") or []
     lifecycles = options.get("lifecycles") or []
+    project_type = options.get("project_type") or []
     bom_engine = options.get("bom_engine", "")
     # Detect if blint needs to be used for the given project type, technique, and lifecycle.
     if bom_engine == "BlintGenerator" or "binary-analysis" in techniques or "post-build" in lifecycles:
         return create_blint_bom(bom_file, src_dir, options=options)
     cdxgen_server = options.get("cdxgen_server")
+    cdxgen_lib = CdxgenGenerator
     # Generate SBOM by calling cdxgen server
     if cdxgen_server or bom_engine == "CdxgenServerGenerator":
         if not cdxgen_server:
@@ -210,9 +212,15 @@ def create_bom(bom_file, src_dir=".", options=None):
         cdxgen_lib = CdxgenServerGenerator
     else:
         # Prefer the new image based generators if docker command is available in auto mode
-        cdxgen_lib = CdxgenImageBasedGenerator if bom_engine == "CdxgenImageBasedGenerator" or (
-            bom_engine == "auto" and shutil.which(os.getenv("DOCKER_CMD", "docker"))) else CdxgenGenerator
-    with console.status(f"Generating BOM for the directory {src_dir} with cdxgen.", spinner=SPINNER):
+        if bom_engine == "CdxgenImageBasedGenerator":
+            cdxgen_lib = CdxgenImageBasedGenerator
+        elif bom_engine == "auto":
+            # Prefer local CLI while scanning container images
+            if any([t in ("docker", "podman", "oci") for t in project_type]):
+                cdxgen_lib = CdxgenGenerator
+            elif shutil.which(os.getenv("DOCKER_CMD", "docker")):
+                cdxgen_lib = CdxgenImageBasedGenerator
+    with console.status(f"Generating BOM for the source {src_dir} with cdxgen.", spinner=SPINNER):
         bom_result = cdxgen_lib(src_dir, bom_file, logger=LOG, options=options).generate()
         if not bom_result.success:
             LOG.info("The cdxgen invocation was unsuccessful. Try generating the BOM separately.")
@@ -232,7 +240,7 @@ def create_blint_bom(bom_file, src_dir=".", options=None):
     if options is None:
         options = {}
     blint_lib = BlintGenerator(src_dir, bom_file, logger=LOG, options=options)
-    with console.status(f"Generating BOM for the directory {src_dir} with blint.", spinner=SPINNER):
+    with console.status(f"Generating BOM for the source {src_dir} with blint.", spinner=SPINNER):
         bom_result = blint_lib.generate()
         if not bom_result.success:
             LOG.info("The blint invocation was unsuccessful. Try generating the BOM separately.")
diff --git a/depscan/lib/config.py b/depscan/lib/config.py
@@ -332,8 +332,8 @@ def get_int_from_env(name, default):
     vdb_database_url = vdb_10y_database_url
     vdb_rafs_database_url = vdb_10y_rafs_database_url
 
-# How old vdb can be before it gets re-downloaded
-VDB_AGE_HOURS = get_int_from_env("VDB_AGE_HOURS", 24)
+# How old vdb can be before it gets re-downloaded. 48 hours.
+VDB_AGE_HOURS = get_int_from_env("VDB_AGE_HOURS", 48)
 
 # Package risk scoring using a simple weighted formula with no backing
 # research All parameters and their max value and weight can be overridden
diff --git a/depscan/lib/logger.py b/depscan/lib/logger.py
@@ -31,13 +31,15 @@ class CustomHighlighter(RegexHighlighter):
     }
 )
 
+IS_CI = os.getenv("CI") or os.getenv("CONTINUOUS_INTEGRATION")
+
 console = Console(
     log_time=False,
     log_path=False,
     theme=custom_theme,
     color_system="256",
-    force_terminal=True,
-    highlight=True,
+    force_terminal=not IS_CI,
+    highlight=not IS_CI,
     highlighter=CustomHighlighter(),
     record=True,
 )
diff --git a/packages/xbom-lib/src/xbom_lib/cdxgen.py b/packages/xbom-lib/src/xbom_lib/cdxgen.py
@@ -271,7 +271,11 @@ def _container_run_cmd(self) -> Tuple[str, List[str]]:
         if os.getenv("DEPSCAN_DOCKER_ARGS"):
             run_command_args += os.getenv("DEPSCAN_DOCKER_ARGS", "").split(" ")
         # Setup volume mounts
-        run_command_args += ["-v", f"{self.source_dir}:{app_input_dir}:rw"]
+        # Mount source directory as /app
+        if os.path.isdir(self.source_dir):
+            run_command_args += ["-v", f"{self.source_dir}:{app_input_dir}:rw"]
+        else:
+            run_command_args.append(self.source_dir)
         run_command_args += ["-v", f"{self.cdxgen_temp_dir}:/tmp:rw"]
         run_command_args += ["-v", f"{output_dir}:{image_output_dir}:rw"]
         # Mount the home directory as /root. Can be used for performance reasons.

Original file line number	Diff line number	Diff line change
`@@ -31,13 +31,15 @@ class CustomHighlighter(RegexHighlighter):`
`31`	`31`	`}`
`32`	`32`	`)`
`33`	`33`
	`34`	`+IS_CI = os.getenv("CI") or os.getenv("CONTINUOUS_INTEGRATION")`
	`35`	`+`
`34`	`36`	`console = Console(`
`35`	`37`	`log_time=False,`
`36`	`38`	`log_path=False,`
`37`	`39`	`theme=custom_theme,`
`38`	`40`	`color_system="256",`
`39`		`- force_terminal=True,`
`40`		`- highlight=True,`
	`41`	`+ force_terminal=not IS_CI,`
	`42`	`+ highlight=not IS_CI,`
`41`	`43`	`highlighter=CustomHighlighter(),`
`42`	`44`	`record=True,`
`43`	`45`	`)`