Merge pull request #69 from sw360/fix_typos

docs: fix typos with codespell

ChangeLog.md

@@ -68,7 +68,7 @@
 ## 2.0.0.dev (2023-05-19)
 
 * breaking changes
-  * new command `bom convert` to import and export SBOM in mutiple formats.
+  * new command `bom convert` to import and export SBOM in multiple formats.
     This new command replaces `bom fromCSV`, `bom FromFlatFist`, `bom FromSbom`,
     `bom ToHtml` and `bom ToSbom`.
   * `bom sort` is discontinued, CycloneDX SBOMs are always sorted by component name.
@@ -209,7 +209,7 @@ endpoint to get all releases with one call it now takes only 1.3 minutes.
 ## 1.5.0 (2021-12-20)
 
 * New parameter `-package-source` to specify a custom package manager.
-  The parameter is very helpfull if your are in an environment where you cannot access
+  The parameter is very helpful if your are in an environment where you cannot access
   the internet, for example when running CI/CD on code.siemens.com.
   Package metadata can get retrieved for example from BT-Artifactory:
   * NPM: https://devops.bt.siemens.com/artifactory/api/npm/npm-all/
@@ -223,7 +223,7 @@ endpoint to get all releases with one call it now takes only 1.3 minutes.
 * `getdependencies javascript` has an improved method to determine source files.
 * `getdependencies MavenList` has improved parsing of Maven output.
 * `project create` can now use all data in projectinfo.json that conforms with the REST API
-  specification. It is now for example also possible to add attachemnt during project creation.
+  specification. It is now for example also possible to add attachment during project creation.
 * New option ```-cx``` to support the CycloneDX SBOM format for the commands
   * `bom diff`
 * Unit tests for `bom diff` added.
@@ -267,7 +267,7 @@ endpoint to get all releases with one call it now takes only 1.3 minutes.
 
 ## 1.3 (2021-11-15)
 
-* `bom create` with `--dbx` option will re-use existing SW360 releases with
+* `bom create` with `--dbx` option will reuse existing SW360 releases with
   "similar" Debian versions. It will ignore epoch prefix ("2:") and ".debian"
   suffix, so BOM entry "2:5.2.1-1.debian" will match SW360 release "5.2.1-1".
 * `bom create` only downloads missing sources if ```--download``` is specified
@@ -351,7 +351,7 @@ endpoint to get all releases with one call it now takes only 1.3 minutes.
 * all errors result in exit code = 1.
 * new option `-source` for command `bom createcomponents` to specify
   a folder where to find/store source code files.
-* `bom createcomponents`: source code files will onl get downloaded if they
+* `bom createcomponents`: source code files will only get downloaded if they
   do not yet exist locally.
 * fix: correct handling of components without releases.
 

Contributing.md

@@ -1,5 +1,5 @@
 <!--
-# SPDX-FileCopyrightText: (c) 2018-2023 Siemens
+# SPDX-FileCopyrightText: (c) 2018-2024 Siemens
 # SPDX-License-Identifier: MIT
 -->
 
@@ -92,7 +92,7 @@ can then be uploaded or installed locally using ```pip```.
 
 To display console output for ordinary usage of a command line script or program
 use `print()` or our own variants `print_red()` for errors, `print_yellow()` for
-warnings and `print_green()` for (highlighted) positive mesages.
+warnings and `print_green()` for (highlighted) positive messages.
 
 Events that occur during normal operation of a program (e.g. for status monitoring
 or fault investigation) can use `logging.info()`. Problems in nested classes shall

Dependency Detection.md

@@ -5,8 +5,8 @@
 
 # Dependency Detection
 
-This is a collection of information about determing the dependencies of a projects,
-or determing the SBOM, the bill of material for a project.
+This is a collection of information about determining the dependencies of a projects,
+or determining the SBOM, the bill of material for a project.
 
 ## Nuget/C#/.Net
 
@@ -30,7 +30,7 @@ Examples:
 * License (`license` or `licenseUrl` (deprecated), optional)
 * Copyright (`copyright`, optional)
 * Release Notes (`releaseNotes`, optional)
-* Titel = user  friendly name of the package (`title`, optional)
+* Title = user  friendly name of the package (`title`, optional)
 * Dependencies (optional)
 
 There is no reliable information about the source code. A heuristic would be to look
@@ -46,7 +46,7 @@ There is no support to download the source code.
 
 ### CycloneDX
 
-CycloneDX (https://github.com/CycloneDX/cyclonedx-dotnet) searches recursivly all Visual Studio
+CycloneDX (https://github.com/CycloneDX/cyclonedx-dotnet) searches recursively all Visual Studio
 solution or project files for package references. The meta data of the packages is retrieved from
 the nuspec file on the NuGet packages. The NuGet packages are found in the global NuGet cache
 folder.
@@ -59,7 +59,7 @@ a list of packages that should get ignored.
 
 (some magic)
 
-CC Automation uses the NuGet API to retrive meta data about the packages.
+CC Automation uses the NuGet API to retrieve meta data about the packages.
 This meta information also can contain repository meta data like the
 repository URL and the commit id. Only if this information is available,
 the source code URL can then be created like this:
@@ -190,7 +190,7 @@ If the URL exists, then the following properties may get extracted:
 
 ## Other Languages / Software Eco Systems
 
-People are wokring on support for Debian packages and Ruby, but it may still take some time...
+People are working on support for Debian packages and Ruby, but it may still take some time...
 
 ---
 
@@ -211,7 +211,7 @@ If the URL exists, then we are fine; otherwise a human have to look up the sourc
 
 ## FAQ
 
-* **Q:** Why does CaPyCLI provided ony limited support for dependency detection?  
+* **Q:** Why does CaPyCLI provided only limited support for dependency detection?  
   **A:** At beginning most people where happy with a very simple automation that
   just created components and releases on SW360. All other meta has been entered manually.
   At the end all is inner source - if you need something, fell free to implement it ;-)

Readme.md

@@ -87,7 +87,7 @@ Commands and Sub-Commands
 
     project
         Find              find a project by name
-        Prerequisites     checks whether all prerequisites for a successfull
+        Prerequisites     checks whether all prerequisites for a successful
                           software clearing are fulfilled
         Show              show project details
         Licenses          show licenses of all cleared compponents
@@ -232,7 +232,7 @@ on SW360. It is a simple JSON format. CaPyCli reads or writes exactly the
 information that is needed.
 Conversion support from or to our SBOM format is available.
 For converting CycloneDX (XML) to JSON or for converting SPDX SBOMs, we like
-to refer you to the oepn source tools from [CycloneDX](https://cyclonedx.org/).
+to refer you to the open source tools from [CycloneDX](https://cyclonedx.org/).
 
 ## Mapping a SBOM to SW360
 

Readme_Mapping.md

@@ -1,5 +1,5 @@
 <!--
-# SPDX-FileCopyrightText: (c) 2018-2023 Siemens
+# SPDX-FileCopyrightText: (c) 2018-2024 Siemens
 # SPDX-License-Identifier: MIT
 -->
 
@@ -17,9 +17,9 @@ The current approach is checking the following properties in this order:
 5. check for name and **any** version
 6. look for similar names
 
-CaPyCLI creates as result of the SOM mapping an extended SBOM file. This SBOM file
+CaPyCLI creates as result of the SBOM mapping an extended SBOM file. This SBOM file
 contains the original entries and **all** matching entries. The `Result` value
-informs about the mappping result:
+informs about the mapping result:
 
 * **`INVALID` (0)** => Invalid SBOM entry, could not get processed
 * **`FULL_MATCH_BY_ID` (1)** => Full match by identifier
@@ -246,7 +246,7 @@ that have been found on SW360.
   * sw360id = 95a05a6fff469a1aebe03c0233002fb0
 
 => The output SBOM of `bom map` contains exactly **six** entries.  
-   These are the component that could not get matched and potential candiates.  
+   These are the component that could not get matched and potential candidates.  
    **Manual intervention is needed: the user needs to decide whether to use one of the existing  
    releases of Tethys.Logging or to force CaPyCLI to create release 1.4.3 which does not
    yet exist.**  

Readme_Workflow.md

@@ -1,5 +1,5 @@
 <!--
-# SPDX-FileCopyrightText: (c) 2018-2023 Siemens
+# SPDX-FileCopyrightText: (c) 2018-2024 Siemens
 # SPDX-License-Identifier: MIT
 -->
 
@@ -10,7 +10,7 @@ to use for which purpose and what is the right order of commands.
 
 ## General Idea
 
-The general idea of the clearing support worflow looks like this:
+The general idea of the clearing support workflow looks like this:
 
 ![workflow](images/workflow.svg)
 
@@ -64,7 +64,7 @@ the SBOM find too many components, for example when they also list development d
 test frameworks, components for mocking, etc.  
 The command `CaPyCLI bom granularity` may help you to find out where a tool provides too many details
 in a SBOM. As OSS software license compliance focuses on the source code, we should list component on
-thei granularity level.
+the granularity level.
 
 ![step_granularity](images/step_granularity.svg)
 

RunChecks.ps1

@@ -5,6 +5,8 @@
 # SPDX-License-Identifier: MIT
 # ------------------------------------------------
 
+# 2024-05-11, T. Graf
+
 Write-Host "flake8 ..."
 poetry run flake8
 
@@ -18,6 +20,9 @@ poetry run isort .
 Write-Host "mypy ..."
 poetry run mypy .
 
+Write-Host "codespell ..."
+poetry run codespell .
+
 Write-Host "Done."
 
 # -----------------------------------

SoftwareClearingApproachOverview.md

@@ -1,5 +1,5 @@
 <!--
-# SPDX-FileCopyrightText: (c) 2018-2023 Siemens
+# SPDX-FileCopyrightText: (c) 2018-2024 Siemens
 # SPDX-License-Identifier: MIT
 -->
 
@@ -178,7 +178,7 @@ to a licensing infringement!**
 
 Example: checker-qual-2.8.1
 
-This is an example to show why source code from maven is not really useable for Siemens license scanning.
+This is an example to show why source code from maven is not really usable for Siemens license scanning.
 
 * The source file checker-qual-2.8.1-sources.jar is from maven
   (https://mvnrepository.com/artifact/org.checkerframework/checker-qual/2.8.1).

capycli/__init__.py

@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-23 Siemens
+# Copyright (c) 2019-24 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -105,7 +105,7 @@ def emit(self, record: logging.LogRecord) -> None:
 
 class ColorFormatter(logging.Formatter):
     """
-    A logging formatter for color cosole output.
+    A logging formatter for color console output.
     Critical messages and errors are displayed in red.
     Warnings are displayed in yellow.
     Infos are displayed in white.

capycli/bom/check_bom_item_status.py

@@ -147,7 +147,7 @@ def show_bom_item_status(self, bom: Bom, all: bool = False) -> None:
                     if not rel:
                         print_red("Error accessing release " + href)
                         continue
-                    cs = rel.get("clearingState", "(unkown clearing state)")
+                    cs = rel.get("clearingState", "(unknown clearing state)")
                     if cs == "APPROVED":
                         print(Fore.LIGHTGREEN_EX, end="", flush=True)
                     print(

capycli/bom/check_granularity.py

@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2021-2023 Siemens
+# Copyright (c) 2021-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -51,7 +51,7 @@ def __init__(self) -> None:
     @staticmethod
     def get_granularity_list(download_url: str) -> None:
         '''This will only download granularity file from a public repository.
-        Make sure to give the raw version of the granularity file seperated by ;'''
+        Make sure to give the raw version of the granularity file separated by ;'''
         response = requests.get(download_url)
         response.raise_for_status()
         with open('granularity_list.csv', 'wb') as f1:
@@ -229,7 +229,7 @@ def run(self, args: Any) -> None:
             print("optional arguments:")
             print("    -h, --help            show this help message and exit")
             print("    -i INPUTFILE          SBOM file to read from (JSON)")
-            print("    -o OUTPUTFILE         write updated to this file (optinal)")
+            print("    -o OUTPUTFILE         write updated to this file (optional)")
             print("    -v                    be verbose")
             print("    -rg                   read the granularity list file from the URL specified")
             print("    -lg                   read the granularity list file from local")

capycli/bom/create_components.py

@@ -366,7 +366,7 @@ def upload_file(
             filename = str(CycloneDxSupport.get_ext_ref_binary_file(cx_comp))
             filehash = str(CycloneDxSupport.get_binary_file_hash(cx_comp))
 
-        # Note that we retreive the SHA1 has from the CycloneDX data.
+        # Note that we retrieve the SHA1 has from the CycloneDX data.
         # But there is no guarantee that this *IS* really a SHA1 hash!
 
         if (filename is None or filename == "") and url:
@@ -638,7 +638,7 @@ def create_items(self, sbom: Bom) -> None:
             CycloneDxSupport.remove_property(cx_comp, CycloneDxSupport.CDX_PROP_MAPRESULT)
 
         if not ok:
-            print_red("An error occured during component/release creation!")
+            print_red("An error occurred during component/release creation!")
             sys.exit(ResultCode.RESULT_ERROR_CREATING_ITEM)
 
     def run(self, args: Any) -> None:

capycli/bom/diff_bom.py

@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2021-2023 Siemens
+# Copyright (c) 2021-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com, manuel.schaffer@siemens.com
 #
@@ -37,7 +37,7 @@ class DiffType(str, Enum):
     # New component.
     NEW = "NEW"
 
-    # Obolete component.
+    # Obsolete component.
     OBSOLETE = "OBSOLETE"
 
     # A minor update, i.e. x.y.z => x.y.z+1 or x.y.z => x.y+1.zz

capycli/bom/findsources.py

@@ -94,7 +94,7 @@ def github_request(url: str, username: str = "", token: str = "") -> Any:
         except Exception as ex:
             print(
                 Fore.LIGHTYELLOW_EX +
-                "      Error acccessing GitHub: " + repr(ex) +
+                "      Error accessing GitHub: " + repr(ex) +
                 Style.RESET_ALL)
 
             return {}

capycli/bom/map_bom.py

@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-23 Siemens
+# Copyright (c) 2019-24 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -84,7 +84,7 @@ def filter_exceptions(self, partsBomItem: List[str]) -> List[str]:
         return partsBomItem
 
     def similar_name_match(self, component: Component, release: Dict[str, Any]) -> bool:
-        """Determine whether there is a relase with a similar name. Similar means
+        """Determine whether there is a release with a similar name. Similar means
         a combination of name words..."""
         SIMILARITY_THRESHOLD = 2
         separators = {"-", "@", "_"}
@@ -893,7 +893,7 @@ def setup_cache(self, args: Any) -> None:
             capycli.common.file_support.create_backup(ComponentCacheManagement.CACHE_ALL_RELEASES)
 
             if args.refresh_cache:
-                print_text("  Running forced component cache refesh...")
+                print_text("  Running forced component cache refresh...")
                 self.releases = self.refresh_component_cache(
                     cachefile, True, args.sw360_token, oauth2=args.oauth2, sw360_url=args.sw360_url)
 

capycli/common/comparable_version.py

@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2022-2023 Siemens
+# Copyright (c) 2022-2024 Siemens
 # All Rights Reserved.
 # Author: rayk.bajohr@siemens.com
 #
@@ -137,7 +137,7 @@ def __ne__(self, other: ComparableVersion | object) -> bool:
             return self.version.__ne__(other.version)
 
     def __le__(self, other: ComparableVersion) -> bool:
-        """descries less than or equal to (<=)"""
+        """describes less than or equal to (<=)"""
         try:
             return self.compare(other) <= 0
         except IncompatibleVersionError:

capycli/common/script_base.py

@@ -97,7 +97,7 @@ def analyze_token(self, token: str) -> None:
             print_yellow("  Unable to analyze token:" + repr(ex))
 
     def get_error_message(self, swex: SW360Error) -> str:
-        """Display a usefull error message for a SW360Error exception"""
+        """Display a useful error message for a SW360Error exception"""
         if swex.response is None:
             return repr(swex)
         elif swex.response.status_code == requests.codes["forbidden"]:

capycli/dependencies/maven_list.py

@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2020-2023 Siemens
+# Copyright (c) 2020-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com, manuel.schaffer@siemens.com
 #
@@ -223,7 +223,7 @@ def create_full_dependency_list_from_maven_list_file(self, maven_list_file: str,
           mvn dependency:list
 
         :return a list of the local Python packages
-        :rtype list of package item dictionaries, as retuned by pip
+        :rtype list of package item dictionaries, as returned by pip
         """
         if raw_file:
             parsed_sources = self.extract_urls(raw_file, self.SOURCES_REGEX)