aryan-rajoria
diff --git a/‎.github/workflows/dockertests.yml‎
Lines changed: 12 additions & 4 deletions b/‎.github/workflows/dockertests.yml‎
Lines changed: 12 additions & 4 deletions
diff --git a/‎.github/workflows/pythonapp.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/pythonapp.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/repotests.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/repotests.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎depscan/cli.py‎
Lines changed: 4 additions & 5 deletions b/‎depscan/cli.py‎
Lines changed: 4 additions & 5 deletions
diff --git a/‎depscan/lib/explainer.py‎
Lines changed: 9 additions & 1 deletion b/‎depscan/lib/explainer.py‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎devenv.lock‎
Lines changed: 8 additions & 8 deletions b/‎devenv.lock‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎documentation/docs/adv-usage.mdx‎
Lines changed: 0 additions & 4 deletions b/‎documentation/docs/adv-usage.mdx‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎documentation/docs/migrate-v5-to-v6.mdx‎
Lines changed: 1 addition & 0 deletions b/‎documentation/docs/migrate-v5-to-v6.mdx‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎documentation/docs/reachability-analysis.mdx‎
Lines changed: 0 additions & 4 deletions b/‎documentation/docs/reachability-analysis.mdx‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎packages/reporting-lib/README.md‎ b/‎packages/reporting-lib/README.md‎
@@ -70,7 +70,7 @@ jobs:
         path: 'repotests/java-sec-code'
     - name: Reachables tests
       run: |
-        mkdir -p ${GITHUB_WORKSPACE}/rtests_ubuntu
+        mkdir -p ${GITHUB_WORKSPACE}/rtests_ubuntu ${RUNNER_TEMP}/cdxgen-temp
         cd ${GITHUB_WORKSPACE}/repotests/java-sec-code
         mvn clean compile -DskipTests
         cd ${GITHUB_WORKSPACE}
@@ -99,6 +99,10 @@ jobs:
       run: |
         chmod +x contrib/free_disk_space.sh
         ./contrib/free_disk_space.sh
+    - name: Use Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '24.x'
     - name: Install dependencies
       run: |
         uv sync --all-extras --all-packages --dev
@@ -114,17 +118,19 @@ jobs:
         path: 'repotests/NodeGoat'
     - name: Test container images
       run: |
-        mkdir -p containertests_${{ matrix.os }}
+        mkdir -p containertests_${{ matrix.os }} /tmp/cdxgen-temp
         uv pip install -r contrib/requirements.txt
         cp contrib/csaf.toml repotests/microservices-demo/csaf.toml
         cp contrib/csaf.toml repotests/NodeGoat/csaf.toml
         uv run depscan --no-banner  --bom ./test/data/bom-yaml-manifest.json -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }} --no-vuln-table
         uv run depscan --no-banner  -t docker --src ubuntu:latest -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }} --no-vuln-table
-        uv run depscan --csaf --no-banner  -t go --src ${GITHUB_WORKSPACE}/repotests/microservices-demo -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }} --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/msd
-        uv run depscan --csaf --no-banner  -t js --src ${GITHUB_WORKSPACE}/repotests/NodeGoat --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
+        uv run depscan --csaf --no-banner  -t go --bom-engine CdxgenGenerator --src ${GITHUB_WORKSPACE}/repotests/microservices-demo -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }} --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/msd
+        uv run depscan --csaf --no-banner  -t js --bom-engine CdxgenGenerator --src ${GITHUB_WORKSPACE}/repotests/NodeGoat --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         PYTHONUTF8: 1
+        SCAN_DEBUG_MODE: debug
+        CDXGEN_TEMP_DIR: /tmp/cdxgen-temp
     - uses: actions/upload-artifact@v4
       with:
         name: containertests_${{ matrix.os }}
@@ -166,6 +172,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PYTHONUTF8: 1
           SCAN_DEBUG_MODE: "debug"
+          CDXGEN_TEMP_DIR: ${{ runner.temp }}/cdxgen-temp
       - uses: actions/upload-artifact@v4
         with:
           name: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
@@ -215,6 +222,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PYTHONUTF8: 1
           SCAN_DEBUG_MODE: "debug"
+          CDXGEN_TEMP_DIR: ${{ runner.temp }}/cdxgen-temp
       - uses: actions/upload-artifact@v4
         with:
           name: containertests_${{ matrix.os }}
 
@@ -22,7 +22,7 @@ jobs:
     - name: Use Node.js
       uses: actions/setup-node@v4
       with:
-        node-version: '22.x'
+        node-version: '24.x'
     - name: Set up JDK
       uses: actions/setup-java@v4
       with:
 
@@ -233,7 +233,7 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        python-version: ['3.12']
+        python-version: ['3.13']
     runs-on: ['self-hosted', 'ubuntu', 'amd64']
     steps:
       - uses: actions/checkout@v4
 
@@ -54,6 +54,7 @@
 from depscan.lib.license import build_license_data, bulk_lookup
 from depscan.lib.logger import DEBUG, LOG, SPINNER, console, IS_CI
 
+from reporting_lib.htmlgen import ReportGenerator
 if sys.platform == "win32" and os.environ.get("PYTHONIOENCODING") is None:
     sys.stdin.reconfigure(encoding="utf-8")
     sys.stdout.reconfigure(encoding="utf-8")
@@ -617,15 +618,11 @@ def run_depscan(args):
     html_report_file = depscan_options.get(
         "html_report_file", os.path.join(reports_dir, "depscan.html")
     )
-    pdf_report_file = depscan_options.get(
-        "pdf_report_file", os.path.join(reports_dir, "depscan.pdf")
-    )
     txt_report_file = depscan_options.get(
         "txt_report_file", os.path.join(reports_dir, "depscan.txt")
     )
     run_config_file = os.path.join(reports_dir, "depscan.toml.sample")
     depscan_options["html_report_file"] = html_report_file
-    depscan_options["pdf_report_file"] = pdf_report_file
     depscan_options["txt_report_file"] = txt_report_file
     # Create reports directory
     if reports_dir and not os.path.exists(reports_dir):
@@ -975,7 +972,9 @@ def run_depscan(args):
         theme=(MONOKAI if os.getenv("USE_DARK_THEME") else DEFAULT_TERMINAL_THEME),
     )
     console.save_text(txt_report_file, clear=False)
-    utils.export_pdf(html_report_file, pdf_report_file)
+    # Prettify the rich html report
+    html_report_generator = ReportGenerator(input_rich_html_path=html_report_file, report_output_path=html_report_file, raw_content=False)
+    html_report_generator.parse_and_generate_report()
     # This logic needs refactoring
     # render report into template if wished
     if args.report_template and os.path.isfile(args.report_template):
 
@@ -464,8 +464,16 @@ def flow_to_str(explanation_mode, flow, project_type):
         and flow.get("lineNumber")
         and not flow.get("parentFileName").startswith("unknown")
     ):
-        file_loc = f"{flow.get('parentFileName').replace('src/main/java/', '').replace('src/main/scala/', '')}#{flow.get('lineNumber')}    "
+        # strip common prefixes
+        name = flow.get('parentFileName', '')
+        for p in ('src/main/java/', 'src/main/scala/'):
+            name = name.removeprefix(p)
+        file_loc = f"{name}#{flow.get('lineNumber')}    "
     node_desc = flow.get("code").split("\n")[0]
+    if (len(node_desc) < 3 or node_desc.endswith("{")) and len(flow.get("code")) > 3:
+        node_desc = " ".join(flow.get("code", "").split())
+        if "(" in node_desc:
+            node_desc = node_desc.split("(")[0] + "() ..."
     if node_desc.endswith("("):
         node_desc = f":diamond_suit: {node_desc})"
     elif node_desc.startswith("return "):
 
@@ -3,10 +3,10 @@
     "devenv": {
       "locked": {
         "dir": "src/modules",
-        "lastModified": 1749824181,
+        "lastModified": 1751909516,
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "d6928b1805a6bfd29f2eaa04c36b27506ebb1e94",
+        "rev": "36e4cf7d6cb89862e69efce4e5c147ac2e4d38f9",
         "type": "github"
       },
       "original": {
@@ -87,10 +87,10 @@
         ]
       },
       "locked": {
-        "lastModified": 1749636823,
+        "lastModified": 1750779888,
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "623c56286de5a3193aa38891a6991b28f9bab056",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
         "type": "github"
       },
       "original": {
@@ -121,10 +121,10 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1746807397,
+        "lastModified": 1750441195,
         "owner": "cachix",
         "repo": "devenv-nixpkgs",
-        "rev": "c5208b594838ea8e6cca5997fbf784b7cca1ca90",
+        "rev": "0ceffe312871b443929ff3006960d29b120dc627",
         "type": "github"
       },
       "original": {
@@ -177,10 +177,10 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1749871736,
+        "lastModified": 1751852175,
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6afe187897bef7933475e6af374c893f4c84a293",
+        "rev": "2defa37146df235ef62f566cde69930a86f14df1",
         "type": "github"
       },
       "original": {
 
@@ -97,10 +97,6 @@ The license data is sourced from choosealicense.com and is quite limited. If the
 
 dep-scan could auto-detect most cloud applications and Kubernetes manifest files. Pass the argument `-t yaml-manifest` to manually specify the type.
 
-## PDF reports
-
-Ensure [wkhtmltopdf](https://wkhtmltopdf.org/downloads.html) is installed or use the official container image to generate pdf reports. Use with `--explain` for more detailed reports.
-
 ## Custom reports
 
 dep-scan can be provided with a [Jinja](https://jinja.palletsprojects.com/en/3.1.x/) template using the `--report-template` parameter.
 
@@ -28,6 +28,7 @@ Use this document as a reference to migrate your depscan v5 workflows to v6.
 - BOMs created by depscan now use the new `.cdx.json` extension with the sbom-project_type prefix. Example: sbom-java.cdx.json, sbom-docker.cdx.json.
 - When invoked with the --bom-dir argument containing multiple BOM files or when using the new lifecycle analyzer, a single VDR file named `depscan-universal.vdr.json` is created under the reports directory.
 - The JSON Lines file `depscan.json` is no longer created.
+- PDF reports based on Rich HTML reports are no longer available. Use the browser print functionality in the HTML report to export to PDF.
 
 ## Remote audit
 
 
@@ -130,10 +130,6 @@ For simple container scans, pass the image name via the `--src` argument. For li
 
 Ensure the application is first built, since depscan cannot automatically build arbitrary projects and container images. To customize the build directory, use the environment variable `DEPSCAN_BUILD_DIR`.
 
-### PDF reports were not generated
-
-Install the `wkhtmltopdf` [package](https://wkhtmltopdf.org) based on your operating system. Ensure depscan was installed including the group "ext" or "all"
-
 ```shell
 pip install owasp-depscan[all]
 ```