Migrate license enrichment to org-scoped endpoint

lelia · lelia · commit f4f0a9972497 · 2026-04-08T17:12:15.000-04:00
Signed-off-by: lelia &lt;2418071+lelia@users.noreply.github.com&gt;
diff --git a/.gitignore b/.gitignore
@@ -24,6 +24,8 @@ test.py
 *.cpython-312.pyc`
 file_generator.py
 .coverage
+.coverage.*
+htmlcov/
 .env.local
 Pipfile
 test/
diff --git a/socketsecurity/core/__init__.py b/socketsecurity/core/__init__.py
@@ -835,6 +835,7 @@ def get_license_text_via_purl(self, packages: dict[str, Package], batch_size: in
             results = self.sdk.purl.post(
                 license=True,
                 components=batch_components,
+                org_slug=self.config.org_slug,
                 licenseattrib=True,
                 licensedetails=True
             )
diff --git a/tests/core/test_package_and_alerts.py b/tests/core/test_package_and_alerts.py
@@ -228,4 +228,41 @@ def test_get_new_alerts_with_readded(self):
         
         # With ignore_readded=False
         new_alerts = Core.get_new_alerts(added_alerts, removed_alerts, ignore_readded=False)
-        assert len(new_alerts) == 1 
+        assert len(new_alerts) == 1
+
+    def test_get_license_text_via_purl_uses_org_scoped_endpoint(self, core, mock_sdk):
+        """Test license enrichment calls the org-scoped PURL SDK method."""
+        core.sdk.purl = Mock()
+        core.sdk.purl.post.return_value = [
+            {
+                "type": "npm",
+                "name": "lodash",
+                "version": "4.18.1",
+                "licenseAttrib": [{"name": "MIT"}],
+                "licenseDetails": [{"license": "MIT"}],
+            }
+        ]
+
+        packages = {
+            "npm/lodash@4.18.1": Package(
+                id="pkg:npm/lodash@4.18.1",
+                type="npm",
+                name="lodash",
+                version="4.18.1",
+                score={},
+                alerts=[],
+                topLevelAncestors=[],
+            )
+        }
+
+        result = core.get_license_text_via_purl(packages)
+
+        core.sdk.purl.post.assert_called_once_with(
+            license=True,
+            components=[{"purl": "pkg:/npm/lodash@4.18.1"}],
+            org_slug="test-org",
+            licenseattrib=True,
+            licensedetails=True,
+        )
+        assert result["npm/lodash@4.18.1"].licenseAttrib == [{"name": "MIT"}]
+        assert result["npm/lodash@4.18.1"].licenseDetails == [{"license": "MIT"}]
diff --git a/tests/e2e/fixtures/simple-npm/package.json b/tests/e2e/fixtures/simple-npm/package.json
@@ -4,7 +4,7 @@
   "description": "Test fixture for reachability analysis",
   "main": "index.js",
   "dependencies": {
-    "lodash": "4.17.23",
+    "lodash": "4.18.1",
     "express": "4.22.0",
     "axios": "1.13.5"
   },

Original file line number	Diff line number	Diff line change
`@@ -835,6 +835,7 @@ def get_license_text_via_purl(self, packages: dict[str, Package], batch_size: in`
`835`	`835`	`results = self.sdk.purl.post(`
`836`	`836`	`license=True,`
`837`	`837`	`components=batch_components,`
	`838`	`+ org_slug=self.config.org_slug,`
`838`	`839`	`licenseattrib=True,`
`839`	`840`	`licensedetails=True`
`840`	`841`	`)`