Skip to content

Commit b996ae8

Browse files
authored
Add API Key env support
- Added support for SCANOSS_API_KEY env - Change unit test flag value to keep standard format - Updated some dependency versions
2 parents 1c63728 + 530ed41 commit b996ae8

File tree

8 files changed

+47
-9
lines changed

8 files changed

+47
-9
lines changed

.github/workflows/java-ci.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,8 @@ on:
1111
jobs:
1212
build_and_test:
1313
runs-on: ubuntu-latest
14+
env:
15+
SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
1416
steps:
1517
- uses: actions/checkout@v4
1618

.github/workflows/java-native-build.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ on:
1414
jobs:
1515
build_and_test:
1616
runs-on: ubuntu-latest
17+
env:
18+
SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
1719
steps:
1820
- uses: actions/checkout@v4
1921

@@ -33,6 +35,8 @@ jobs:
3335
needs: [ build_and_test ]
3436
name: Build native on ${{ github.event.inputs.build_env }}
3537
runs-on: ${{ github.event.inputs.build_env }}
38+
env:
39+
SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
3640
steps:
3741
- uses: actions/checkout@v4
3842
- uses: graalvm/setup-graalvm@v1

.github/workflows/publish.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,8 @@ jobs:
1111
build_and_test:
1212
name: Build and test java code
1313
runs-on: ubuntu-latest
14+
env:
15+
SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
1416
steps:
1517
- uses: actions/checkout@v4
1618

@@ -34,7 +36,8 @@ jobs:
3436
MAVEN_USERNAME: ${{ secrets.OSSRH_USER_TOKEN }}
3537
MAVEN_PASSWORD: ${{ secrets.OSSRH_PWD_TOKEN }}
3638
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PWD }}
37-
39+
SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
40+
3841
steps:
3942
- uses: actions/checkout@v4
4043

@@ -73,6 +76,8 @@ jobs:
7376
strategy:
7477
matrix:
7578
os: [ubuntu-latest, macos-latest, windows-latest]
79+
env:
80+
SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
7681
steps:
7782
- uses: actions/checkout@v4
7883

CHANGELOG.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
77

88
## [Unreleased]
99

10+
## [0.13.1] - 2026-03-25
11+
### Added
12+
- Added support to load a SCANOSS API key from an environment variable (`SCANOSS_API_KEY`) if available.
13+
1014
## [0.13.0] - 2026-02-04
1115
### Added
1216
- Added `file_snippet` scan configuration support in `scanoss.json` for engine tuning parameters (`min_snippet_hits`, `min_snippet_lines`, `honour_file_exts`, `ranking_enabled`, `ranking_threshold`, `skip_headers`, `skip_headers_limit`)
@@ -149,4 +153,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
149153
[0.11.0]: https://github.com/scanoss/scanoss.java/compare/v0.10.1...v0.11.0
150154
[0.12.0]: https://github.com/scanoss/scanoss.java/compare/v0.11.0...v0.12.0
151155
[0.12.1]: https://github.com/scanoss/scanoss.java/compare/v0.12.0...v0.12.1
152-
[0.13.0]: https://github.com/scanoss/scanoss.java/compare/v0.12.1...v0.13.0
156+
[0.13.0]: https://github.com/scanoss/scanoss.java/compare/v0.12.1...v0.13.0
157+
[0.13.1]: https://github.com/scanoss/scanoss.java/compare/v0.13.0...v0.13.1

pom.xml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
<groupId>com.scanoss</groupId>
88
<artifactId>scanoss</artifactId>
9-
<version>0.13.0</version>
9+
<version>0.13.1</version>
1010
<packaging>jar</packaging>
1111
<name>scanoss.java</name>
1212
<url>https://github.com/scanoss/scanoss.java</url>
@@ -60,7 +60,7 @@
6060
<dependency>
6161
<groupId>commons-codec</groupId>
6262
<artifactId>commons-codec</artifactId>
63-
<version>1.20.0</version>
63+
<version>1.21.0</version>
6464
<scope>compile</scope>
6565
</dependency>
6666
<dependency>
@@ -72,7 +72,7 @@
7272
<dependency>
7373
<groupId>org.apache.tika</groupId>
7474
<artifactId>tika-core</artifactId>
75-
<version>3.2.2</version>
75+
<version>3.3.0</version>
7676
<scope>compile</scope>
7777
</dependency>
7878
<dependency>
@@ -97,7 +97,7 @@
9797
<dependency>
9898
<groupId>org.projectlombok</groupId>
9999
<artifactId>lombok</artifactId>
100-
<version>1.18.42</version>
100+
<version>1.18.44</version>
101101
<optional>true</optional>
102102
<scope>compile</scope>
103103
</dependency>

src/main/java/com/scanoss/Scanner.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -149,7 +149,7 @@ private Scanner(Boolean skipSnippets, Boolean allExtensions, Boolean obfuscate,
149149
.skipHeadersLimit(fileSnippetConfig != null && fileSnippetConfig.getSkipHeadersLimit() != null ? fileSnippetConfig.getSkipHeadersLimit() : 0)
150150
.build());
151151
this.scanApi = Objects.requireNonNullElseGet(scanApi, () ->
152-
ScanApi.builder().url(url).apiKey(apiKey).timeout(timeout).retryLimit(retryLimit).flags(scanFlags)
152+
ScanApi.builder().url(url).apiKey(this.apiKey).timeout(timeout).retryLimit(retryLimit).flags(scanFlags)
153153
.sbomType(sbomType).sbom(sbom).customCert(customCert).proxy(proxy).settings(this.settings)
154154
.build());
155155
this.scanFileProcessor = Objects.requireNonNullElseGet(scanFileProcessor, () ->

src/main/java/com/scanoss/rest/ScanApi.java

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ private ScanApi(String scanType, Duration timeout, Integer retryLimit, String ur
8484
this.timeout = timeout;
8585
this.retryLimit = retryLimit;
8686
this.url = url;
87-
this.apiKey = apiKey;
87+
this.apiKey = resolveApiKey(apiKey);
8888
this.flags = flags;
8989
this.sbomType = sbomType;
9090
this.sbom = sbom;
@@ -130,6 +130,28 @@ private ScanApi(String scanType, Duration timeout, Integer retryLimit, String ur
130130
}
131131
}
132132

133+
/**
134+
* Resolve the API key for Scanoss API
135+
*
136+
* @param apiKey The API key provided by the user
137+
* @return The resolved API key, either from the user-provided value or environment variable
138+
*/
139+
private static String resolveApiKey(String apiKey) {
140+
if (apiKey != null && !apiKey.isBlank()) {
141+
return apiKey;
142+
}
143+
try {
144+
String envApiKey = System.getenv("SCANOSS_API_KEY");
145+
if (envApiKey != null && !envApiKey.isBlank()) {
146+
log.debug( "Using SCANOSS_API_KEY env value");
147+
return envApiKey;
148+
}
149+
} catch (RuntimeException e) {
150+
log.warn("Unable to read SCANOSS_API_KEY from environment: {}", e.getMessage());
151+
}
152+
return apiKey;
153+
}
154+
133155
/**
134156
* Scan the given WFP
135157
*

src/test/java/com/scanoss/TestCli.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ public void TestScanCommandPositive() {
133133
assertEquals("command should not fail", 0, exitCode);
134134

135135
String[] args2 = new String[]{"-d", "scan", "src/test/java/com", "-T", "2", "--all-hidden",
136-
"--skip-snippets", "--all-extensions", "-F", "256"
136+
"--skip-snippets", "--all-extensions", "-F", "2048"
137137
};
138138
exitCode = new picocli.CommandLine(new CommandLine()).execute(args2);
139139
assertEquals("command should not fail", 0, exitCode);

0 commit comments

Comments
 (0)