From ad094f675d7177471a19c6742eceb68d106eaed3 Mon Sep 17 00:00:00 2001
From: eeisegn <eeisegn@gmail.com>
Date: Wed, 25 Mar 2026 11:01:53 +0000
Subject: [PATCH 1/6] update test to use a flag that does not alter the
 response json structure

---
 src/test/java/com/scanoss/TestCli.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/com/scanoss/TestCli.java b/src/test/java/com/scanoss/TestCli.java
index 94b32b73..ce787a4d 100644
--- a/src/test/java/com/scanoss/TestCli.java
+++ b/src/test/java/com/scanoss/TestCli.java
@@ -133,7 +133,7 @@ public void TestScanCommandPositive() {
         assertEquals("command should not fail", 0, exitCode);
 
         String[] args2 = new String[]{"-d", "scan", "src/test/java/com", "-T", "2", "--all-hidden",
-                "--skip-snippets", "--all-extensions", "-F", "256"
+                "--skip-snippets", "--all-extensions", "-F", "2048"
         };
         exitCode = new picocli.CommandLine(new CommandLine()).execute(args2);
         assertEquals("command should not fail", 0, exitCode);

From fd024c6b6ff266226ad0262a5007a1aa92845478 Mon Sep 17 00:00:00 2001
From: eeisegn <eeisegn@gmail.com>
Date: Wed, 25 Mar 2026 11:18:16 +0000
Subject: [PATCH 2/6] add premium key for testing

---
 .github/workflows/java-ci.yml           | 2 ++
 .github/workflows/java-native-build.yml | 4 ++++
 .github/workflows/publish.yml           | 7 ++++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/java-ci.yml b/.github/workflows/java-ci.yml
index 4699ad4a..7b294459 100644
--- a/.github/workflows/java-ci.yml
+++ b/.github/workflows/java-ci.yml
@@ -11,6 +11,8 @@ on:
 jobs:
   build_and_test:
     runs-on: ubuntu-latest
+    env:
+      SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
     steps:
       - uses: actions/checkout@v4
 
diff --git a/.github/workflows/java-native-build.yml b/.github/workflows/java-native-build.yml
index 9ef85a5e..1ccd0337 100644
--- a/.github/workflows/java-native-build.yml
+++ b/.github/workflows/java-native-build.yml
@@ -14,6 +14,8 @@ on:
 jobs:
   build_and_test:
     runs-on: ubuntu-latest
+    env:
+      SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
     steps:
       - uses: actions/checkout@v4
 
@@ -33,6 +35,8 @@ jobs:
     needs: [ build_and_test ]
     name: Build native on ${{ github.event.inputs.build_env }}
     runs-on: ${{ github.event.inputs.build_env }}
+    env:
+      SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
     steps:
       - uses: actions/checkout@v4
       - uses: graalvm/setup-graalvm@v1
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 77b65df7..340cd06f 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -11,6 +11,8 @@ jobs:
   build_and_test:
     name: Build and test java code
     runs-on: ubuntu-latest
+    env:
+      SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
     steps:
       - uses: actions/checkout@v4
 
@@ -34,7 +36,8 @@ jobs:
           MAVEN_USERNAME: ${{ secrets.OSSRH_USER_TOKEN }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_PWD_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PWD }}
-          
+          SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
+
     steps:
       - uses: actions/checkout@v4
 
@@ -73,6 +76,8 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
+    env:
+      SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}
     steps:
       - uses: actions/checkout@v4
 

From 7e8d5050a228a20910b1da2081ff73bdfafde14f Mon Sep 17 00:00:00 2001
From: eeisegn <eeisegn@gmail.com>
Date: Wed, 25 Mar 2026 11:49:38 +0000
Subject: [PATCH 3/6] bump version and dependencies

---
 pom.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index d6b6a264..ed3a1a17 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.scanoss</groupId>
     <artifactId>scanoss</artifactId>
-    <version>0.13.0</version>
+    <version>0.13.1</version>
     <packaging>jar</packaging>
     <name>scanoss.java</name>
     <url>https://github.com/scanoss/scanoss.java</url>
@@ -60,7 +60,7 @@
         <dependency>
             <groupId>commons-codec</groupId>
             <artifactId>commons-codec</artifactId>
-            <version>1.20.0</version>
+            <version>1.21.0</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
@@ -72,7 +72,7 @@
         <dependency>
             <groupId>org.apache.tika</groupId>
             <artifactId>tika-core</artifactId>
-            <version>3.2.2</version>
+            <version>3.3.0</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
@@ -97,7 +97,7 @@
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
-            <version>1.18.42</version>
+            <version>1.18.44</version>
             <optional>true</optional>
             <scope>compile</scope>
         </dependency>

From 84a793b9c8f96cf22e9ea49c4a077cc3c31aeb1d Mon Sep 17 00:00:00 2001
From: eeisegn <eeisegn@gmail.com>
Date: Wed, 25 Mar 2026 11:50:21 +0000
Subject: [PATCH 4/6] resolve API key from env if not provided

---
 CHANGELOG.md                           |  7 ++++++-
 src/main/java/com/scanoss/Scanner.java | 26 ++++++++++++++++++++++++--
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2fa2cf51..8a4418cf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.13.1] - 2026-03-25
+### Added
+- Added support to load a SCANOSS API key from an environment variable (`SCANOSS_API_KEY`) if available.
+
 ## [0.13.0] - 2026-02-04
 ### Added
 - Added `file_snippet` scan configuration support in `scanoss.json` for engine tuning parameters (`min_snippet_hits`, `min_snippet_lines`, `honour_file_exts`, `ranking_enabled`, `ranking_threshold`, `skip_headers`, `skip_headers_limit`)
@@ -149,4 +153,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [0.11.0]: https://github.com/scanoss/scanoss.java/compare/v0.10.1...v0.11.0
 [0.12.0]: https://github.com/scanoss/scanoss.java/compare/v0.11.0...v0.12.0
 [0.12.1]: https://github.com/scanoss/scanoss.java/compare/v0.12.0...v0.12.1
-[0.13.0]: https://github.com/scanoss/scanoss.java/compare/v0.12.1...v0.13.0
\ No newline at end of file
+[0.13.0]: https://github.com/scanoss/scanoss.java/compare/v0.12.1...v0.13.0
+[0.13.0]: https://github.com/scanoss/scanoss.java/compare/v0.13.0...v0.13.1
\ No newline at end of file
diff --git a/src/main/java/com/scanoss/Scanner.java b/src/main/java/com/scanoss/Scanner.java
index d8482c18..4960aa24 100644
--- a/src/main/java/com/scanoss/Scanner.java
+++ b/src/main/java/com/scanoss/Scanner.java
@@ -132,7 +132,7 @@ private Scanner(Boolean skipSnippets, Boolean allExtensions, Boolean obfuscate,
         this.timeout = timeout;
         this.retryLimit = retryLimit;
         this.url = url;
-        this.apiKey = apiKey;
+        this.apiKey = resolveApiKey(apiKey);
         this.scanFlags = scanFlags;
         this.sbomType = sbomType;
         this.sbom = sbom;
@@ -149,7 +149,7 @@ private Scanner(Boolean skipSnippets, Boolean allExtensions, Boolean obfuscate,
                         .skipHeadersLimit(fileSnippetConfig != null && fileSnippetConfig.getSkipHeadersLimit() != null ? fileSnippetConfig.getSkipHeadersLimit() : 0)
                         .build());
         this.scanApi = Objects.requireNonNullElseGet(scanApi, () ->
-                ScanApi.builder().url(url).apiKey(apiKey).timeout(timeout).retryLimit(retryLimit).flags(scanFlags)
+                ScanApi.builder().url(url).apiKey(this.apiKey).timeout(timeout).retryLimit(retryLimit).flags(scanFlags)
                         .sbomType(sbomType).sbom(sbom).customCert(customCert).proxy(proxy).settings(this.settings)
                         .build());
         this.scanFileProcessor = Objects.requireNonNullElseGet(scanFileProcessor, () ->
@@ -171,6 +171,28 @@ private Scanner(Boolean skipSnippets, Boolean allExtensions, Boolean obfuscate,
         this.folderFilter = Objects.requireNonNullElseGet(folderFilter, () -> FolderFilterFactory.build(this.filterConfig));
     }
 
+    /**
+     * Resolve the API key for Scanoss API
+     *
+     * @param apiKey The API key provided by the user
+     * @return The resolved API key, either from the user-provided value or environment variable
+     */
+    private static String resolveApiKey(String apiKey) {
+        if (apiKey != null && !apiKey.isBlank()) {
+            return apiKey;
+        }
+        try {
+            String envApiKey = System.getenv("SCANOSS_API_KEY");
+            if (envApiKey != null && !envApiKey.isBlank()) {
+                log.debug( "Using SCANOSS_API_KEY env value");
+                return envApiKey;
+            }
+        } catch (RuntimeException e) {
+            log.warn("Unable to read SCANOSS_API_KEY from environment: {}", e.getMessage());
+        }
+        return apiKey;
+    }
+
     /**
      * Generate a WFP/Fingerprint for the given file
      *

From 57436f313af344c888d74d1309fd9b91d009aaeb Mon Sep 17 00:00:00 2001
From: eeisegn <eeisegn@gmail.com>
Date: Wed, 25 Mar 2026 12:00:37 +0000
Subject: [PATCH 5/6] moved api key resolution to the ScanApi class

---
 src/main/java/com/scanoss/Scanner.java      | 24 +--------------------
 src/main/java/com/scanoss/rest/ScanApi.java | 24 ++++++++++++++++++++-
 2 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/src/main/java/com/scanoss/Scanner.java b/src/main/java/com/scanoss/Scanner.java
index 4960aa24..f2defb52 100644
--- a/src/main/java/com/scanoss/Scanner.java
+++ b/src/main/java/com/scanoss/Scanner.java
@@ -132,7 +132,7 @@ private Scanner(Boolean skipSnippets, Boolean allExtensions, Boolean obfuscate,
         this.timeout = timeout;
         this.retryLimit = retryLimit;
         this.url = url;
-        this.apiKey = resolveApiKey(apiKey);
+        this.apiKey = apiKey;
         this.scanFlags = scanFlags;
         this.sbomType = sbomType;
         this.sbom = sbom;
@@ -171,28 +171,6 @@ private Scanner(Boolean skipSnippets, Boolean allExtensions, Boolean obfuscate,
         this.folderFilter = Objects.requireNonNullElseGet(folderFilter, () -> FolderFilterFactory.build(this.filterConfig));
     }
 
-    /**
-     * Resolve the API key for Scanoss API
-     *
-     * @param apiKey The API key provided by the user
-     * @return The resolved API key, either from the user-provided value or environment variable
-     */
-    private static String resolveApiKey(String apiKey) {
-        if (apiKey != null && !apiKey.isBlank()) {
-            return apiKey;
-        }
-        try {
-            String envApiKey = System.getenv("SCANOSS_API_KEY");
-            if (envApiKey != null && !envApiKey.isBlank()) {
-                log.debug( "Using SCANOSS_API_KEY env value");
-                return envApiKey;
-            }
-        } catch (RuntimeException e) {
-            log.warn("Unable to read SCANOSS_API_KEY from environment: {}", e.getMessage());
-        }
-        return apiKey;
-    }
-
     /**
      * Generate a WFP/Fingerprint for the given file
      *
diff --git a/src/main/java/com/scanoss/rest/ScanApi.java b/src/main/java/com/scanoss/rest/ScanApi.java
index 85361a27..41318c2c 100644
--- a/src/main/java/com/scanoss/rest/ScanApi.java
+++ b/src/main/java/com/scanoss/rest/ScanApi.java
@@ -84,7 +84,7 @@ private ScanApi(String scanType, Duration timeout, Integer retryLimit, String ur
         this.timeout = timeout;
         this.retryLimit = retryLimit;
         this.url = url;
-        this.apiKey = apiKey;
+        this.apiKey = resolveApiKey(apiKey);
         this.flags = flags;
         this.sbomType = sbomType;
         this.sbom = sbom;
@@ -130,6 +130,28 @@ private ScanApi(String scanType, Duration timeout, Integer retryLimit, String ur
         }
     }
 
+    /**
+     * Resolve the API key for Scanoss API
+     *
+     * @param apiKey The API key provided by the user
+     * @return The resolved API key, either from the user-provided value or environment variable
+     */
+    private static String resolveApiKey(String apiKey) {
+        if (apiKey != null && !apiKey.isBlank()) {
+            return apiKey;
+        }
+        try {
+            String envApiKey = System.getenv("SCANOSS_API_KEY");
+            if (envApiKey != null && !envApiKey.isBlank()) {
+                log.debug( "Using SCANOSS_API_KEY env value");
+                return envApiKey;
+            }
+        } catch (RuntimeException e) {
+            log.warn("Unable to read SCANOSS_API_KEY from environment: {}", e.getMessage());
+        }
+        return apiKey;
+    }
+
     /**
      * Scan the given WFP
      *

From 530ed416b9bfab328b892b92645b02103f0abb34 Mon Sep 17 00:00:00 2001
From: eeisegn <eeisegn@gmail.com>
Date: Wed, 25 Mar 2026 12:03:03 +0000
Subject: [PATCH 6/6] fix diff lookup id

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8a4418cf..bfe30a45 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -154,4 +154,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [0.12.0]: https://github.com/scanoss/scanoss.java/compare/v0.11.0...v0.12.0
 [0.12.1]: https://github.com/scanoss/scanoss.java/compare/v0.12.0...v0.12.1
 [0.13.0]: https://github.com/scanoss/scanoss.java/compare/v0.12.1...v0.13.0
-[0.13.0]: https://github.com/scanoss/scanoss.java/compare/v0.13.0...v0.13.1
\ No newline at end of file
+[0.13.1]: https://github.com/scanoss/scanoss.java/compare/v0.13.0...v0.13.1
\ No newline at end of file