Enhance log for promoting risk audit

depscan/cli.py

@@ -5,6 +5,7 @@
 import os
 import sys
 
+from rich.panel import Panel
 from vdb.lib import config as config
 from vdb.lib import db as dbLib
 from vdb.lib.gha import GitHubSource
@@ -23,7 +24,7 @@
 from depscan.lib.bom import create_bom, get_pkg_list
 from depscan.lib.config import license_data_dir
 from depscan.lib.license import build_license_data, bulk_lookup
-from depscan.lib.logger import LOG
+from depscan.lib.logger import LOG, console
 
 at_logo = """
  ___ _____ _ _
@@ -266,18 +267,30 @@ def main():
  reports_dir, "license-" + project_type + ".json"
  )
  analyse_licenses(project_type, licenses_results, license_report_file)
- if args.risk_audit and project_type in risk_audit_map.keys():
- LOG.info(
- f"Performing package risk audit for {src_dir} of type {project_type}"
- )
- LOG.debug(f"No of packages {len(pkg_list)}. This will take a while ...")
- try:
- risk_results = risk_audit(project_type, pkg_list, risk_report_file)
- analyse_pkg_risks(project_type, risk_results, risk_report_file)
- except Exception as e:
- LOG.error("Risk audit was not successful")
- LOG.error(e)
- risk_results = None
+ if project_type in risk_audit_map.keys():
+ if args.risk_audit:
+ console.print(
+ Panel(
+ f"Performing OSS Risk Audit for packages from {src_dir}\nNo of packages [bold]{len(pkg_list)}[/bold]. This will take a while ...",
+ title="OSS Risk Audit",
+ expand=False,
+ )
+ )
+ try:
+ risk_results = risk_audit(project_type, pkg_list, risk_report_file)
+ analyse_pkg_risks(project_type, risk_results, risk_report_file)
+ except Exception as e:
+ LOG.error("Risk audit was not successful")
+ LOG.error(e)
+ risk_results = None
+ else:
+ console.print(
+ Panel(
+ "Depscan supports OSS Risk audit for this project.\nTo enable set the environment variable [bold]ENABLE_OSS_RISK=true[/bold]",
+ title="New Feature",
+ expand=False,
+ )
+ )
  if project_type in type_audit_map.keys():
  LOG.info(
  "Performing remote audit for {} of type {}".format(

depscan/lib/analysis.py

@@ -1,36 +1,15 @@
 # -*- coding: utf-8 -*-
 
 import json
-import logging
 
 from rich import box
-from rich.console import Console
-from rich.logging import RichHandler
 from rich.panel import Panel
 from rich.table import Table
-from rich.theme import Theme
 
 from depscan.lib import config as config
+from depscan.lib.logger import LOG, console
 from depscan.lib.utils import max_version
 
-custom_theme = Theme({"info": "cyan", "warning": "purple4", "danger": "bold red"})
-console = Console(
- log_time=False,
- log_path=False,
- theme=custom_theme,
- width=200,
- color_system="256",
- force_terminal=True,
-)
-
-logging.basicConfig(
- level=logging.INFO,
- format="%(message)s",
- datefmt="[%X]",
- handlers=[RichHandler(console=console, show_path=False, enable_link_path=False)],
-)
-LOG = logging.getLogger(__name__)
-
 
 def print_results(project_type, results, pkg_aliases, sug_version_dict, scoped_pkgs):
  """Pretty print report summary"""

depscan/lib/logger.py

@@ -22,7 +22,12 @@
 
 custom_theme = Theme({"info": "cyan", "warning": "purple4", "danger": "bold red"})
 console = Console(
- log_time=False, log_path=False, theme=custom_theme, width=140, color_system="256"
+ log_time=False,
+ log_path=False,
+ theme=custom_theme,
+ width=200,
+ color_system="256",
+ force_terminal=True,
 )
 
 logging.basicConfig(

setup.py

@@ -5,7 +5,7 @@
 
 setuptools.setup(
  name="appthreat-depscan",
- version="1.11.1",
+ version="1.11.2",
  author="Team AppThreat",
  author_email="cloud@appthreat.com",
  description="Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.",