initial

added tests and ran ruff

ran ruff format

ruff fixes

ruff format

changed file path parameter to positional parameter

ran ruff format

updated test related to file positional parameter

updated test per ruff check

updated README

Squashed commits for import sbom

Author: omerr-cycode

README.md

@@ -56,8 +56,9 @@ This guide walks you through both installation and usage.
         6. [Ignoring via a config file](#ignoring-via-a-config-file)
 6. [Report command](#report-command)
     1. [Generating SBOM Report](#generating-sbom-report)
-7. [Scan logs](#scan-logs)
-8. [Syntax Help](#syntax-help)
+7. [Import command](#import-command)
+8. [Scan logs](#scan-logs)
+9. [Syntax Help](#syntax-help)
 
 # Prerequisites
 
@@ -1295,6 +1296,26 @@ To create an SBOM report for a path:\
 For example:\
 `cycode report sbom --format spdx-2.3 --include-vulnerabilities --include-dev-dependencies path /path/to/local/project`
 
+# Import Command
+
+## Importing SBOM
+
+A software bill of materials (SBOM) is an inventory of all constituent components and software dependencies involved in the development and delivery of an application.
+Using this command, you can import an SBOM file from your file system into Cycode.
+
+The following options are available for use with this command:
+
+| Option                                             | Description                                | Required | Default                                               |
+|----------------------------------------------------|--------------------------------------------|----------|-------------------------------------------------------|
+| `-n, --name TEXT`                                  | Display name of the SBOM                   | Yes      |                                                       |
+| `-v, --vendor TEXT`                                | Name of the entity that provided the SBOM  | Yes      |                                                       |
+| `-l, --label TEXT`                                 | Attach label to the SBOM                   | No       |                                                       |
+| `-o, --owner TEXT`                                 | Email address of the Cycode user that serves as point of contact for this SBOM | No |                         |
+| `-b, --business-impact [High \| Medium \| Low]`    | Business Impact                            | No       | Medium                                                |
+
+For example:\
+`cycode import sbom --name example-sbom --vendor cycode -label tag1 -label tag2 --owner [email protected] /path/to/local/project`
+
 # Scan Logs
 
 All CLI scans are logged in Cycode. The logs can be found under Settings > CLI Logs.

cycode/cli/app.py

@@ -9,7 +9,7 @@
 from typer.completion import install_callback, show_callback
 
 from cycode import __version__
-from cycode.cli.apps import ai_remediation, auth, configure, ignore, report, scan, status
+from cycode.cli.apps import ai_remediation, auth, configure, ignore, report, report_import, scan, status
 
 if sys.version_info >= (3, 10):
     from cycode.cli.apps import mcp
@@ -50,6 +50,7 @@
 app.add_typer(configure.app)
 app.add_typer(ignore.app)
 app.add_typer(report.app)
+app.add_typer(report_import.app)
 app.add_typer(scan.app)
 app.add_typer(status.app)
 if sys.version_info >= (3, 10):

cycode/cli/apps/report_import/__init__.py

@@ -0,0 +1,8 @@
+import typer
+
+from cycode.cli.apps.report_import.report_import_command import report_import_command
+from cycode.cli.apps.report_import.sbom import sbom_command
+
+app = typer.Typer(name='import', no_args_is_help=True)
+app.callback(short_help='Import report. You`ll need to specify which report type to import.')(report_import_command)
+app.command(name='sbom', short_help='Import SBOM report from a local path.')(sbom_command)

cycode/cli/apps/report_import/report_import_command.py

@@ -0,0 +1,13 @@
+import typer
+
+from cycode.cli.utils.sentry import add_breadcrumb
+
+
+def report_import_command(ctx: typer.Context) -> int:
+    """:bar_chart: [bold cyan]Import security reports.[/]
+
+    Example usage:
+    * `cycode import sbom`: Import SBOM report
+    """
+    add_breadcrumb('import')
+    return 1

cycode/cli/apps/report_import/sbom/__init__.py

@@ -0,0 +1,6 @@
+import typer
+
+from cycode.cli.apps.report_import.sbom.sbom_command import sbom_command
+
+app = typer.Typer(name='sbom')
+app.command(name='path', short_help='Import SBOM report from a local path.')(sbom_command)

cycode/cli/apps/report_import/sbom/sbom_command.py

@@ -0,0 +1,76 @@
+from pathlib import Path
+from typing import Annotated, Optional
+
+import typer
+
+from cycode.cli.cli_types import BusinessImpactOption
+from cycode.cli.exceptions.handle_report_sbom_errors import handle_report_exception
+from cycode.cli.utils.get_api_client import get_import_sbom_cycode_client
+from cycode.cli.utils.sentry import add_breadcrumb
+from cycode.cyclient.import_sbom_client import ImportSbomParameters
+
+
+def sbom_command(
+    ctx: typer.Context,
+    path: Annotated[
+        Path,
+        typer.Argument(
+            exists=True, resolve_path=True, dir_okay=False, readable=True, help='Path to SBOM file.', show_default=False
+        ),
+    ],
+    sbom_name: Annotated[
+        str, typer.Option('--name', '-n', help='SBOM Name.', case_sensitive=False, show_default=False)
+    ],
+    vendor: Annotated[
+        str, typer.Option('--vendor', '-v', help='Vendor Name.', case_sensitive=False, show_default=False)
+    ],
+    labels: Annotated[
+        Optional[list[str]],
+        typer.Option(
+            '--label', '-l', help='Label, can be specified multiple times.', case_sensitive=False, show_default=False
+        ),
+    ] = None,
+    owners: Annotated[
+        Optional[list[str]],
+        typer.Option(
+            '--owner',
+            '-o',
+            help='Email address of a user in Cycode platform, can be specified multiple times.',
+            case_sensitive=True,
+            show_default=False,
+        ),
+    ] = None,
+    business_impact: Annotated[
+        BusinessImpactOption,
+        typer.Option(
+            '--business-impact',
+            '-b',
+            help='Business Impact.',
+            case_sensitive=True,
+            show_default=True,
+        ),
+    ] = BusinessImpactOption.MEDIUM,
+) -> None:
+    """Import SBOM."""
+    add_breadcrumb('sbom')
+
+    client = get_import_sbom_cycode_client(ctx)
+
+    import_parameters = ImportSbomParameters(
+        Name=sbom_name,
+        Vendor=vendor,
+        BusinessImpact=business_impact,
+        Labels=labels,
+        Owners=owners,
+    )
+
+    try:
+        if not path.exists():
+            from errno import ENOENT
+            from os import strerror
+
+            raise FileNotFoundError(ENOENT, strerror(ENOENT), path.absolute())
+
+        client.request_sbom_import_execution(import_parameters, path)
+    except Exception as e:
+        handle_report_exception(ctx, e)

cycode/cli/cli_types.py

@@ -52,6 +52,12 @@ class SbomOutputFormatOption(StrEnum):
     JSON = 'json'
 
 
+class BusinessImpactOption(StrEnum):
+    HIGH = 'High'
+    MEDIUM = 'Medium'
+    LOW = 'Low'
+
+
 class SeverityOption(StrEnum):
     INFO = 'info'
     LOW = 'low'

cycode/cli/utils/get_api_client.py

@@ -3,11 +3,12 @@
 import click
 
 from cycode.cli.user_settings.credentials_manager import CredentialsManager
-from cycode.cyclient.client_creator import create_report_client, create_scan_client
+from cycode.cyclient.client_creator import create_import_sbom_client, create_report_client, create_scan_client
 
 if TYPE_CHECKING:
     import typer
 
+    from cycode.cyclient.import_sbom_client import ImportSbomClient
     from cycode.cyclient.report_client import ReportClient
     from cycode.cyclient.scan_client import ScanClient
 
@@ -38,6 +39,12 @@ def get_report_cycode_client(ctx: 'typer.Context', hide_response_log: bool = Tru
     return _get_cycode_client(create_report_client, client_id, client_secret, hide_response_log)
 
 
+def get_import_sbom_cycode_client(ctx: 'typer.Context', hide_response_log: bool = True) -> 'ImportSbomClient':
+    client_id = ctx.obj.get('client_id')
+    client_secret = ctx.obj.get('client_secret')
+    return _get_cycode_client(create_import_sbom_client, client_id, client_secret, hide_response_log)
+
+
 def _get_configured_credentials() -> tuple[str, str]:
     credentials_manager = CredentialsManager()
     return credentials_manager.get_credentials()

cycode/cyclient/client_creator.py

@@ -2,6 +2,7 @@
 from cycode.cyclient.config_dev import DEV_CYCODE_API_URL
 from cycode.cyclient.cycode_dev_based_client import CycodeDevBasedClient
 from cycode.cyclient.cycode_token_based_client import CycodeTokenBasedClient
+from cycode.cyclient.import_sbom_client import ImportSbomClient
 from cycode.cyclient.report_client import ReportClient
 from cycode.cyclient.scan_client import ScanClient
 from cycode.cyclient.scan_config_base import DefaultScanConfig, DevScanConfig
@@ -21,3 +22,8 @@ def create_scan_client(client_id: str, client_secret: str, hide_response_log: bo
 def create_report_client(client_id: str, client_secret: str, _: bool) -> ReportClient:
     client = CycodeDevBasedClient(DEV_CYCODE_API_URL) if dev_mode else CycodeTokenBasedClient(client_id, client_secret)
     return ReportClient(client)
+
+
+def create_import_sbom_client(client_id: str, client_secret: str, _: bool) -> ImportSbomClient:
+    client = CycodeDevBasedClient(DEV_CYCODE_API_URL) if dev_mode else CycodeTokenBasedClient(client_id, client_secret)
+    return ImportSbomClient(client)

cycode/cyclient/import_sbom_client.py

@@ -0,0 +1,81 @@
+import dataclasses
+from pathlib import Path
+from typing import Optional
+
+from requests import Response
+
+from cycode.cli.cli_types import BusinessImpactOption
+from cycode.cli.exceptions.custom_exceptions import RequestHttpError
+from cycode.cyclient import models
+from cycode.cyclient.cycode_client_base import CycodeClientBase
+
+
+@dataclasses.dataclass
+class ImportSbomParameters:
+    Name: str
+    Vendor: str
+    BusinessImpact: BusinessImpactOption
+    Labels: Optional[list[str]]
+    Owners: Optional[list[str]]
+
+    def _owners_to_ids(self) -> list[str]:
+        return []
+
+    def to_request_form(self) -> dict:
+        form_data = {}
+        for field in dataclasses.fields(self):
+            key = field.name
+            val = getattr(self, key)
+            if val is None or len(val) == 0:
+                continue
+            if isinstance(val, list):
+                form_data[f'{key}[]'] = val
+            else:
+                form_data[key] = val
+        return form_data
+
+
+class ImportSbomClient:
+    IMPORT_SBOM_REQUEST_PATH: str = 'v4/sbom/import'
+    GET_USER_ID_REQUEST_PATH: str = 'v4/members'
+
+    def __init__(self, client: CycodeClientBase) -> None:
+        self.client = client
+
+    def request_sbom_import_execution(self, params: ImportSbomParameters, file_path: Path) -> None:
+        if params.Owners:
+            owners_ids = self.get_owners_user_ids(params.Owners)
+            params.Owners = owners_ids
+
+        form_data = params.to_request_form()
+
+        with open(file_path.absolute(), 'rb') as f:
+            request_args = {
+                'url_path': self.IMPORT_SBOM_REQUEST_PATH,
+                'data': form_data,
+                'files': {'File': f},
+            }
+
+            response = self.client.post(**request_args)
+
+        if response.status_code != 201:
+            raise RequestHttpError(response.status_code, response.text, response)
+
+    def get_owners_user_ids(self, owners: list[str]) -> list[str]:
+        return [self._get_user_id_by_email(owner) for owner in owners]
+
+    def _get_user_id_by_email(self, email: str) -> str:
+        request_args = {'url_path': self.GET_USER_ID_REQUEST_PATH, 'params': {'email': email}}
+
+        response = self.client.get(**request_args)
+        member_details = self.parse_requested_member_details_response(response)
+
+        if not member_details.items:
+            raise Exception(
+                f"Failed to find user with email '{email}'. Verify this email is registered to Cycode platform"
+            )
+        return member_details.items.pop(0).external_id
+
+    @staticmethod
+    def parse_requested_member_details_response(response: Response) -> models.MemberDetails:
+        return models.RequestedMemberDetailsResultSchema().load(response.json())