diff --git a/.gitignore b/.gitignore
index 8aa50e1..b3ff707 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,10 +28,7 @@ htmlcov/
 coverage.xml
 
 # preliminary
-sw360/
 cli/
-xxsw360/
-xxcli/
 Releases/
 
 # internal stuff
diff --git a/ChangeLog.md b/ChangeLog.md
index b0dc93d..4a8ea92 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -5,6 +5,13 @@
 
 # CaPyCli - Clearing Automation Python Command Line Tool for SW360
 
+## 2.2.0 (2024-01-28)
+
+* `getdependencies javascript` can now handle package-lock.json files of version 3.
+* `bom findsources` can do source URL discovery using sw360 lookup, perform extensive
+  GitLab deep search, and adapt search strategy based on diverse programming languages.
+* Have type support.
+
 ## 2.1.0 (2023-12-16)
 
 * Be more resilient about missing metadata in CycloneDX SBOMs.
diff --git a/RunChecks.ps1 b/RunChecks.ps1
index 7832219..e28e2d1 100644
--- a/RunChecks.ps1
+++ b/RunChecks.ps1
@@ -13,7 +13,12 @@ Write-Host "markdownlint ..."
 npx -q markdownlint-cli *.md --disable MD041
 
 Write-Host "isort ..."
-isort .
+poetry run isort .
+
+Write-Host "mypy ..."
+poetry run mypy .
+
+Write-Host "Done."
 
 # -----------------------------------
 # -----------------------------------
diff --git a/capycli/bom/bom_convert.py b/capycli/bom/bom_convert.py
index 8938e4e..fdc4452 100644
--- a/capycli/bom/bom_convert.py
+++ b/capycli/bom/bom_convert.py
@@ -13,6 +13,8 @@
 from enum import Enum
 from typing import Any
 
+from sortedcontainers import SortedSet
+
 import capycli.common.json_support
 import capycli.common.script_base
 from capycli import get_logger
@@ -58,15 +60,15 @@ def convert(self,
             # default is CaPyCLI
             outputformat = BomFormat.CAPYCLI
 
-        cdx_components = []
+        cdx_components: SortedSet
         project = None
         sbom = None
         try:
             if inputformat == BomFormat.TEXT:
-                cdx_components = PlainTextSupport.flatlist_to_cdx_components(inputfile)
+                cdx_components = SortedSet(PlainTextSupport.flatlist_to_cdx_components(inputfile))
                 print_text(f"  {len(cdx_components)} components read from file {inputfile}")
             elif inputformat == BomFormat.CSV:
-                cdx_components = CsvSupport.csv_to_cdx_components(inputfile)
+                cdx_components = SortedSet(CsvSupport.csv_to_cdx_components(inputfile))
                 print_text(f"  {len(cdx_components)} components read from file {inputfile}")
             elif (inputformat == BomFormat.CAPYCLI) or (inputformat == BomFormat.SBOM):
                 sbom = CaPyCliBom.read_sbom(inputfile)
@@ -74,7 +76,7 @@ def convert(self,
                 project = sbom.metadata.component
                 print_text(f"  {len(cdx_components)} components read from file {inputfile}")
             elif inputformat == BomFormat.LEGACY:
-                cdx_components = LegacySupport.legacy_to_cdx_components(inputfile)
+                cdx_components = SortedSet(LegacySupport.legacy_to_cdx_components(inputfile))
                 print_text(f"  {len(cdx_components)} components read from file {inputfile}")
             elif inputformat == BomFormat.LEGACY_CX:
                 sbom = LegacyCx.read_sbom(inputfile)
@@ -89,7 +91,7 @@ def convert(self,
 
         try:
             if outputformat == BomFormat.TEXT:
-                PlainTextSupport.write_cdx_components_as_flatlist(cdx_components, outputfile)
+                PlainTextSupport.write_cdx_components_as_flatlist2(cdx_components, outputfile)
                 print_text(f"  {len(cdx_components)} components written to file {outputfile}")
             elif outputformat == BomFormat.CSV:
                 CsvSupport.write_cdx_components_as_csv(cdx_components, outputfile)
@@ -147,7 +149,7 @@ def display_help(self) -> None:
         print("    -if INPUTFORMAT       Specify input file format: capycli|sbom|text|csv|legacy|legacy-cx")
         print("    -of OUTPUTFORMAT      Specify output file format: capycli|text|csv|legacy|html")
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         print("\n" + capycli.APP_NAME + ", " + capycli.get_app_version() + " - Convert SBOM formats\n")
 
diff --git a/capycli/bom/check_bom.py b/capycli/bom/check_bom.py
index c3e4344..bd2fa8f 100644
--- a/capycli/bom/check_bom.py
+++ b/capycli/bom/check_bom.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-23 Siemens
+# Copyright (c) 2019-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -9,12 +9,13 @@
 import logging
 import os
 import sys
+from typing import Any, Dict, Optional
 
 import requests
-import sw360.sw360_api
 from colorama import Fore, Style
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
+from sw360 import SW360Error
 
 import capycli.common.script_base
 from capycli.common.capycli_bom_support import CaPyCliBom, CycloneDxSupport
@@ -39,33 +40,46 @@ def _bom_has_items_without_id(self, bom: Bom) -> bool:
 
         return False
 
-    def _find_by_id(self, component: Component) -> dict:
+    def _find_by_id(self, component: Component) -> Optional[Dict[str, Any]]:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         sw360id = CycloneDxSupport.get_property_value(component, CycloneDxSupport.CDX_PROP_SW360ID)
+        version = component.version or ""
         for step in range(3):
             try:
                 release_details = self.client.get_release(sw360id)
                 return release_details
-            except sw360.sw360_api.SW360Error as swex:
-                if swex.response.status_code == requests.codes['not_found']:
+            except SW360Error as swex:
+                if swex.response is None:
+                    print_red("  Unknown error: " + swex.message)
+                elif swex.response.status_code == requests.codes['not_found']:
                     print_yellow(
                         "  Not found " + component.name +
-                        ", " + component.version + ", " + sw360id)
+                        ", " + version + ", " + sw360id)
                     break
 
                 # only report other errors if this is the third attempt
                 if step >= 2:
                     print(Fore.LIGHTRED_EX + "  Error retrieving release data: ")
                     print(
-                        "  " + component.name + ", " + component.version +
+                        "  " + component.name + ", " + version +
                         ", " + sw360id)
-                    print("  Status Code: " + str(swex.response.status_code))
+                    if swex.response:
+                        print("  Status Code: " + str(swex.response.status_code))
                     if swex.message:
                         print("    Message: " + swex.message)
                     print(Style.RESET_ALL)
 
         return None
 
-    def _find_by_name(self, component: Component) -> dict:
+    def _find_by_name(self, component: Component) -> Optional[Dict[str, Any]]:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
+        version = component.version or ""
         for step in range(3):
             try:
                 releases = self.client.get_releases_by_name(component.name)
@@ -73,23 +87,26 @@ def _find_by_name(self, component: Component) -> dict:
                     return None
 
                 for r in releases:
-                    if r.get("version", "") == component.version:
+                    if r.get("version", "") == version:
                         return r
 
                 return None
-            except sw360.sw360_api.SW360Error as swex:
-                if swex.response.status_code == requests.codes['not_found']:
+            except SW360Error as swex:
+                if swex.response is None:
+                    print_red("  Unknown error: " + swex.message)
+                elif swex.response.status_code == requests.codes['not_found']:
                     print_yellow(
                         "  Not found " + component.name +
-                        ", " + component.version)
+                        ", " + version)
                     break
 
                 # only report other errors if this is the third attempt
                 if step >= 2:
                     print(Fore.LIGHTRED_EX + "  Error retrieving release data: ")
                     print(
-                        "  " + component.name + ", " + component.version)
-                    print("  Status Code: " + str(swex.response.status_code))
+                        "  " + component.name + ", " + version)
+                    if swex.response:
+                        print("  Status Code: " + str(swex.response.status_code))
                     if swex.message:
                         print("    Message: " + swex.message)
                     print(Style.RESET_ALL)
@@ -99,6 +116,10 @@ def _find_by_name(self, component: Component) -> dict:
     def check_releases(self, bom: Bom) -> int:
         """Checks for each release in the list whether it can be found on the specified
         SW360 instance."""
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         found_count = 0
         for component in bom.components:
             release_details = None
@@ -116,7 +137,7 @@ def check_releases(self, bom: Bom) -> int:
                 found_count += 1
                 continue
 
-            if not id:
+            if not sw360id:
                 print_yellow(
                     "  " + component.name +
                     ", " + component.version +
@@ -125,7 +146,7 @@ def check_releases(self, bom: Bom) -> int:
 
         return found_count
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/bom/check_bom_item_status.py b/capycli/bom/check_bom_item_status.py
index ecf9c14..44ae9f1 100644
--- a/capycli/bom/check_bom_item_status.py
+++ b/capycli/bom/check_bom_item_status.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-23 Siemens
+# Copyright (c) 2019-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -12,10 +12,10 @@
 from typing import Any, Dict, Optional
 
 import requests
-import sw360.sw360_api
 from colorama import Fore, Style
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
+from sw360 import SW360Error
 
 import capycli.common.script_base
 from capycli.common.capycli_bom_support import CaPyCliBom, CycloneDxSupport
@@ -39,20 +39,26 @@ def _bom_has_items_without_id(self, bom: Bom) -> bool:
         return False
 
     def _find_by_id(self, component: Component) -> Optional[Dict[str, Any]]:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         sw360id = CycloneDxSupport.get_property_value(component, CycloneDxSupport.CDX_PROP_SW360ID)
+        version = component.version or ""
         try:
             release_details = self.client.get_release(sw360id)
             return release_details
-        except sw360.sw360_api.SW360Error as swex:
-            if swex.response.status_code == requests.codes['not_found']:
+        except SW360Error as swex:
+            if swex.response is None:
+                print_red("  Unknown error: " + swex.message)
+            elif swex.response.status_code == requests.codes['not_found']:
                 print(
                     Fore.LIGHTYELLOW_EX + "  Not found " + component.name +
-                    ", " + component.version + ", " +
-                    sw360id + Style.RESET_ALL)
+                    ", " + version + ", " + sw360id + Style.RESET_ALL)
             else:
                 print(Fore.LIGHTRED_EX + "  Error retrieving release data: ")
                 print(
-                    "  " + str(component.name) + ", " + str(component.version) +
+                    "  " + component.name + ", " + version +
                     ", " + sw360id)
                 print("  Status Code: " + str(swex.response.status_code))
                 if swex.message:
@@ -62,25 +68,32 @@ def _find_by_id(self, component: Component) -> Optional[Dict[str, Any]]:
         return None
 
     def _find_by_name(self, component: Component) -> Optional[Dict[str, Any]]:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
+        version = component.version or ""
         try:
             releases = self.client.get_releases_by_name(component.name)
             if not releases:
                 return None
 
             for r in releases:
-                if r.get("version", "") == component.version:
+                if r.get("version", "") == version:
                     return self.client.get_release_by_url(r["_links"]["self"]["href"])
 
             return None
-        except sw360.sw360_api.SW360Error as swex:
-            if swex.response.status_code == requests.codes['not_found']:
+        except SW360Error as swex:
+            if swex.response is None:
+                print_red("  Unknown error: " + swex.message)
+            elif swex.response.status_code == requests.codes['not_found']:
                 print(
                     Fore.LIGHTYELLOW_EX + "  Not found " + component.name +
-                    ", " + component.version + ", " +
+                    ", " + version + ", " +
                     Style.RESET_ALL)
             else:
                 print(Fore.LIGHTRED_EX + "  Error retrieving release data: ")
-                print("  " + str(component.name) + ", " + str(component.version))
+                print("  " + str(component.name) + ", " + str(version))
                 print("  Status Code: " + str(swex.response.status_code))
                 if swex.message:
                     print("    Message: " + swex.message)
@@ -89,6 +102,10 @@ def _find_by_name(self, component: Component) -> Optional[Dict[str, Any]]:
             return None
 
     def show_bom_item_status(self, bom: Bom, all: bool = False) -> None:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         for component in bom.components:
             release = None
             id = CycloneDxSupport.get_property_value(component, CycloneDxSupport.CDX_PROP_SW360ID)
@@ -117,6 +134,9 @@ def show_bom_item_status(self, bom: Bom, all: bool = False) -> None:
                         release["_links"]["sw360:component"]["href"]
                     )
                 )
+                if not comp_sw360:
+                    print_red("Error accessing component")
+                    continue
 
                 rel_list = comp_sw360["_embedded"]["sw360:releases"]
                 print("  " + component.name + ", " + component.version + " => ", end="", flush=True)
@@ -124,6 +144,9 @@ def show_bom_item_status(self, bom: Bom, all: bool = False) -> None:
                 for orel in rel_list:
                     href = orel["_links"]["self"]["href"]
                     rel = self.client.get_release_by_url(href)
+                    if not rel:
+                        print_red("Error accessing release " + href)
+                        continue
                     cs = rel.get("clearingState", "(unkown clearing state)")
                     if cs == "APPROVED":
                         print(Fore.LIGHTGREEN_EX, end="", flush=True)
@@ -141,7 +164,7 @@ def show_bom_item_status(self, bom: Bom, all: bool = False) -> None:
                     " => --- no id ---")
                 continue
 
-    def run(self, args) -> None:
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/bom/check_granularity.py b/capycli/bom/check_granularity.py
index 4a13092..a12de20 100644
--- a/capycli/bom/check_granularity.py
+++ b/capycli/bom/check_granularity.py
@@ -10,11 +10,10 @@
     import importlib.resources as pkg_resources
 except ImportError:
     # Try backported to PY<37 `importlib_resources`.
-    import importlib_resources as pkg_resources
-
+    import importlib_resources as pkg_resources  # type: ignore
 import os
 import sys
-from typing import List
+from typing import Any, List, Optional
 
 import requests
 from cyclonedx.model import ExternalReferenceType
@@ -35,22 +34,22 @@
 
 class PotentialGranularityIssue:
     """Class to hold potential granularity issues."""
-    def __init__(self, component, replacement, comment="", source_url=""):
-        self.component = component
-        self.replacement = replacement
-        self.comment = comment
-        self.source_url = source_url
+    def __init__(self, component: str, replacement: str, comment: str = "", source_url: str = "") -> None:
+        self.component: str = component
+        self.replacement: str = replacement
+        self.comment: str = comment
+        self.source_url: str = source_url
 
 
 class CheckGranularity(capycli.common.script_base.ScriptBase):
     """
     Check the granularity of all releases in the SBOM.
     """
-    def __init__(self):
-        self.granularity_list = []
+    def __init__(self) -> None:
+        self.granularity_list: List[PotentialGranularityIssue] = []
 
     @staticmethod
-    def get_granularity_list(download_url):
+    def get_granularity_list(download_url: str) -> None:
         '''This will only download granularity file from a public repository.
         Make sure to give the raw version of the granularity file seperated by ;'''
         response = requests.get(download_url)
@@ -58,7 +57,7 @@ def get_granularity_list(download_url):
         with open('granularity_list.csv', 'wb') as f1:
             f1.write(response.content)
 
-    def read_granularity_list(self, download_url=None, local_read_granularity=None) -> None:
+    def read_granularity_list(self, download_url: str = "", local_read_granularity: bool = False) -> None:
         """Reads the granularity list from file."""
         self.granularity_list = []
         text_list = ""
@@ -117,7 +116,7 @@ def read_granularity_list(self, download_url=None, local_read_granularity=None)
             issue = PotentialGranularityIssue(component, replacement, comment, source_url)
             self.granularity_list.append(issue)
 
-    def find_match(self, name: str) -> PotentialGranularityIssue or None:
+    def find_match(self, name: str) -> Optional[PotentialGranularityIssue]:
         """Finds a match by component name."""
         for match in self.granularity_list:
             if match.component.lower() == name.lower():
@@ -133,24 +132,24 @@ def get_new_fixed_component(self, component: Component, new_name: str, new_src_u
         language_bak = CycloneDxSupport.get_property(component, CycloneDxSupport.CDX_PROP_LANGUAGE)
 
         # build new package-url
-        purl = ""
+        purl: PackageURL
         if component.purl:
-            old_purl = PackageURL.from_string(component.purl)
-            purl = PackageURL(old_purl.type, old_purl.namespace, new_name, component.version).to_string()
+            old_purl = component.purl
+            purl = PackageURL(old_purl.type, old_purl.namespace, new_name, component.version)
 
             if self.search_meta_data:
                 if str(component.purl).startswith("pkg:npm"):
                     GetJavascriptDependencies().try_find_component_metadata(component, "")
         else:
             LOG.warning("  No package-url available - creating default purl")
-            purl = PackageURL("generic", "", new_name, component.version).to_string()
+            purl = PackageURL("generic", "", new_name, component.version)
 
         # create new component (this is the only way to set a new bom_ref)
         component_new = Component(
             name=new_name,
             version=component.version,
             purl=purl,
-            bom_ref=purl
+            bom_ref=purl.to_string()
         )
 
         # restore properties we can keep
@@ -173,7 +172,7 @@ def get_new_fixed_component(self, component: Component, new_name: str, new_src_u
 
     def merge_duplicates(self, clist: List[Component]) -> List[Component]:
         """Checks for each release if there are duplicates after granularity check."""
-        new_list = []
+        new_list: List[Component] = []
         for release in clist:
             count = len([item for item in new_list if item.name == release.name
                          and item.version == release.version])
@@ -187,7 +186,7 @@ def merge_duplicates(self, clist: List[Component]) -> List[Component]:
 
         return new_list
 
-    def check_bom_items(self, sbom: Bom):
+    def check_bom_items(self, sbom: Bom) -> Bom:
         """Checks for each release in the list whether it can be found on the specified
         SW360 instance."""
 
@@ -214,7 +213,7 @@ def check_bom_items(self, sbom: Bom):
         sbom.components = SortedSet(reduced)
         return sbom
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
@@ -255,6 +254,8 @@ def run(self, args):
         print_text("\nLoading SBOM file", args.inputfile)
         try:
             sbom = CaPyCliBom.read_sbom(args.inputfile)
+            for c in sbom.components:
+                print(c)
         except Exception as ex:
             print_red("Error reading SBOM: " + repr(ex))
             sys.exit(ResultCode.RESULT_ERROR_READING_BOM)
diff --git a/capycli/bom/create_components.py b/capycli/bom/create_components.py
index 8df4ac9..8d74f8a 100644
--- a/capycli/bom/create_components.py
+++ b/capycli/bom/create_components.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-23 Siemens
+# Copyright (c) 2019-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -11,15 +11,15 @@
 import re
 import sys
 import tempfile
-from typing import Any, Dict
+from typing import Any, Dict, List, Optional
 from urllib.parse import urlparse
 
 import packageurl
 import requests
-import sw360.sw360_api
 from colorama import Fore, Style
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
+from sw360 import SW360Error
 
 import capycli.common.json_support
 import capycli.common.script_base
@@ -54,13 +54,14 @@ class BomCreateComponents(capycli.common.script_base.ScriptBase):
         "                          ignore prefixes like \"2:\" (epoch) and suffixes like \".debian\"",
     ]
 
-    def __init__(self, onlyCreateReleases=False):
-        self.source_folder = None
-        self.download = False
-        self.relaxed_debian_parsing = False
-        self.onlyCreateReleases = onlyCreateReleases
+    def __init__(self, onlyCreateReleases: bool = False) -> None:
+        self.source_folder: str = ""
+        self.download: bool = False
+        self.relaxed_debian_parsing: bool = False
+        self.onlyCreateReleases: bool = onlyCreateReleases
 
-    def upload_source_file(self, release_id, sourcefile, filetype="SOURCE", comment=""):
+    def upload_source_file(self, release_id: str, sourcefile: str,
+                           filetype: str = "SOURCE", comment: str = "") -> None:
         """Upload source code attachment
 
         @params:
@@ -70,14 +71,20 @@ def upload_source_file(self, release_id, sourcefile, filetype="SOURCE", comment=
             comment    - upload comment for SW360 attachment
         """
         print_text("    Uploading source file: " + sourcefile)
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         try:
             self.client.upload_release_attachment(
                 release_id, sourcefile, upload_type=filetype, upload_comment=comment)
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
             errortext = "    Error uploading source file: " + self.get_error_message(swex)
             print(Fore.LIGHTRED_EX + errortext + Style.RESET_ALL)
 
-    def upload_file_from_url(self, release_id, url, filename, filetype="SOURCE", comment="", attached_filenames=[]):
+    def upload_file_from_url(self, release_id: str, url: Optional[str], filename: str,
+                             filetype: str = "SOURCE", comment: str = "",
+                             attached_filenames: List[str] = []) -> None:
         """Download a file from a URL if it's not available locally
         and upload the file as attachment to SW360.
 
@@ -111,6 +118,10 @@ def upload_file_from_url(self, release_id, url, filename, filetype="SOURCE", com
             fullpath = os.path.join(tmpfolder.name, filename)
 
         try:
+            if not url:
+                print_red("    No url specified!")
+                return
+
             response = requests.get(url, allow_redirects=True)
             if (response.status_code == requests.codes["ok"]):
                 print_text("      Writing file", fullpath)
@@ -118,7 +129,7 @@ def upload_file_from_url(self, release_id, url, filename, filetype="SOURCE", com
                     open(fullpath, "wb").write(response.content)
                     if response.headers.__contains__("content-disposition"):
                         header = response.headers.get("content-disposition")
-                        if header.__contains__("filename="):
+                        if header and header.__contains__("filename="):
                             print_text("      Found header:", header)
                             newfilename = header.split("=")[-1]
                             newfilename = newfilename.strip('"')
@@ -152,7 +163,7 @@ def upload_file_from_url(self, release_id, url, filename, filetype="SOURCE", com
         if tmpfolder:
             tmpfolder.cleanup()
 
-    def prepare_release_data(self, cx_comp: Component) -> dict:
+    def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]:
         """Create release data structure as expected by SW360 REST API
 
         :param item: a single bill of materials item - a release
@@ -160,16 +171,16 @@ def prepare_release_data(self, cx_comp: Component) -> dict:
         :return: the release
         :rtype: release (dictionary)
         """
-        data = {}
+        data: Dict[str, Any] = {}
         data["name"] = cx_comp.name
-        data["version"] = cx_comp.version
+        data["version"] = cx_comp.version or ""
 
         # mandatory properties
-        src_url = CycloneDxSupport.get_ext_ref_source_url(cx_comp)
+        src_url = str(CycloneDxSupport.get_ext_ref_source_url(cx_comp))
         if src_url:
             data["sourceCodeDownloadurl"] = src_url
 
-        bin_url = CycloneDxSupport.get_ext_ref_binary_url(cx_comp)
+        bin_url = str(CycloneDxSupport.get_ext_ref_binary_url(cx_comp))
         if bin_url:
             data["binaryDownloadurl"] = bin_url
 
@@ -177,7 +188,7 @@ def prepare_release_data(self, cx_comp: Component) -> dict:
         if cx_comp.purl:
             data["externalIds"] = {}
             # ensure that we have the only correct external-id name: package-url
-            data["externalIds"]["package-url"] = cx_comp.purl
+            data["externalIds"]["package-url"] = cx_comp.purl.to_string()
 
         # use project site as fallback for source code download url
         website = CycloneDxSupport.get_ext_ref_website(cx_comp)
@@ -185,10 +196,10 @@ def prepare_release_data(self, cx_comp: Component) -> dict:
         if not src_url:
             if repo:
                 print("    Using repository for source code download URL...")
-                data["sourceCodeDownloadurl"] = repo
+                data["sourceCodeDownloadurl"] = str(repo)
             elif website:
                 print("    Using website for source code download URL...")
-                data["sourceCodeDownloadurl"] = website
+                data["sourceCodeDownloadurl"] = str(website)
 
         language = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_LANGUAGE)
         if language:
@@ -197,7 +208,7 @@ def prepare_release_data(self, cx_comp: Component) -> dict:
 
         return data
 
-    def prepare_component_data(self, cx_comp: Component) -> dict:
+    def prepare_component_data(self, cx_comp: Component) -> Dict[str, Any]:
         """Create component data structure as expected by SW360 REST API
 
         :param item: single bill of materials item - a release
@@ -205,7 +216,7 @@ def prepare_component_data(self, cx_comp: Component) -> dict:
         :return: the release structure
         :rtype: release (dictionary)
         """
-        data = {}
+        data: Dict[str, Any] = {}
         data["description"] = "n/a"
         if cx_comp.description:
             data["description"] = cx_comp.description
@@ -213,11 +224,12 @@ def prepare_component_data(self, cx_comp: Component) -> dict:
 
         language = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_LANGUAGE)
         if language:
-            data["languages"] = []
-            data["languages"].append(language)
+            languages: List[str] = []
+            languages.append(language)
+            data["languages"] = languages
 
         # optional properties
-        categories = []
+        categories: List[str] = []
         cat = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_CATEGORIES)
         if cat:
             categories.append(cat)
@@ -230,14 +242,14 @@ def prepare_component_data(self, cx_comp: Component) -> dict:
         data["homepage"] = "n/a"
         website = CycloneDxSupport.get_ext_ref_website(cx_comp)
         if website:
-            data["homepage"] = website
+            data["homepage"] = str(website)
 
         if cx_comp.purl:
             purl = PurlUtils.component_purl_from_release_purl(cx_comp.purl)
             data["externalIds"] = {"package-url": purl}
         return data
 
-    def create_release(self, cx_comp: Component, component_id) -> dict:
+    def create_release(self, cx_comp: Component, component_id: str) -> Optional[Dict[str, Any]]:
         """Create a new release on SW360
 
         :param item: a single bill of materials item - a release
@@ -247,20 +259,24 @@ def create_release(self, cx_comp: Component, component_id) -> dict:
         :return: the release
         :rtype: release (dictionary)
         """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         data = self.prepare_release_data(cx_comp)
         # ensure that the release mainline state is properly set
         data["mainlineState"] = "OPEN"
         try:
             release_new = self.client.create_new_release(
-                cx_comp.name, cx_comp.version,
+                cx_comp.name, cx_comp.version or "",
                 component_id, release_details=data)
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
             errortext = "    Error creating component: " + self.get_error_message(swex)
             print_red(errortext)
             sys.exit(ResultCode.RESULT_ERROR_CREATING_COMPONENT)
         return release_new
 
-    def update_release(self, cx_comp: Component, release_data: Dict[str, Any]):
+    def update_release(self, cx_comp: Component, release_data: Dict[str, Any]) -> None:
         """Update an existing release on SW360
 
         :param item: a single bill of materials item - a release
@@ -268,6 +284,10 @@ def update_release(self, cx_comp: Component, release_data: Dict[str, Any]):
         :param release_data: SW360 release data
         :type release_data: release (dictionary)
         """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         release_id = self.get_sw360_id(release_data)
         data = self.prepare_release_data(cx_comp)
 
@@ -327,29 +347,32 @@ def update_release(self, cx_comp: Component, release_data: Dict[str, Any]):
         self.upload_file(cx_comp, release_data, release_id, filetype, file_comment)
 
     def upload_file(
-            self, cx_comp: Component, release_data: dict,
-            release_id: str, filetype: str, comment: str):
+            self, cx_comp: Component, release_data: Dict[str, Any],
+            release_id: str, filetype: str, comment: str) -> None:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         url = None
         filename = None
         filehash = None
         if filetype in ["SOURCE", "SOURCE_SELF"]:
-            url = CycloneDxSupport.get_ext_ref_source_url(cx_comp)
-            filename = CycloneDxSupport.get_ext_ref_source_file(cx_comp)
-            filehash = CycloneDxSupport.get_source_file_hash(cx_comp)
+            url = str(CycloneDxSupport.get_ext_ref_source_url(cx_comp))
+            filename = str(CycloneDxSupport.get_ext_ref_source_file(cx_comp))
+            filehash = str(CycloneDxSupport.get_source_file_hash(cx_comp))
 
         if filetype in ["BINARY", "BINARY_SELF"]:
-            url = CycloneDxSupport.get_ext_ref_binary_url(cx_comp)
-            filename = CycloneDxSupport.get_ext_ref_binary_file(cx_comp)
-            filehash = CycloneDxSupport.get_binary_file_hash(cx_comp)
+            url = str(CycloneDxSupport.get_ext_ref_binary_url(cx_comp))
+            filename = str(CycloneDxSupport.get_ext_ref_binary_file(cx_comp))
+            filehash = str(CycloneDxSupport.get_binary_file_hash(cx_comp))
 
         # Note that we retreive the SHA1 has from the CycloneDX data.
         # But there is no guarantee that this *IS* really a SHA1 hash!
 
-        if (filename is None or filename == '') and url:
-            filename = urlparse(url)
-            if filename:
-                filename = os.path.basename(filename.path)
+        if (filename is None or filename == "") and url:
+            filename_parsed = urlparse(url)
+            if filename_parsed:
+                filename = os.path.basename(filename_parsed.path)
 
         if not filename:
             print_red("    Unable to identify filename from url!")
@@ -365,7 +388,7 @@ def upload_file(
         for attachment in release_data.get("_embedded", {}).get("sw360:attachments", []):
             if attachment["attachmentType"].startswith(filetype_pattern):
                 at_info = self.client.get_attachment_by_url(attachment['_links']['self']['href'])
-                if at_info.get("checkStatus", "") == "REJECTED":
+                if at_info and at_info.get("checkStatus", "") == "REJECTED":
                     continue
                 source_attachment_exists = True
                 attached_filenames.append(attachment["filename"])
@@ -383,7 +406,7 @@ def upload_file(
         if not source_attachment_exists:
             self.upload_file_from_url(release_id, url, filename, filetype, comment, attached_filenames)
 
-    def search_for_release(self, component, cx_comp: Component):
+    def search_for_release(self, component: Dict[str, Any], cx_comp: Component) -> Optional[Dict[str, Any]]:
         """Checks whether the given component already contains
         the requested release
 
@@ -400,6 +423,10 @@ def search_for_release(self, component, cx_comp: Component):
         if "sw360:releases" not in component["_embedded"]:
             return None
 
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         for comprel in component["_embedded"]["sw360:releases"]:
             if comprel.get("version", None) == cx_comp.version:
                 return self.client.get_release_by_url(comprel["_links"]["self"]["href"])
@@ -408,6 +435,8 @@ def search_for_release(self, component, cx_comp: Component):
             # if there's no exact match, try relaxed search
             for comprel in component["_embedded"]["sw360:releases"]:
                 # "2:5.2.1-1.debian" -> "5.2.1-1"
+                if not cx_comp.version:
+                    continue
                 bom_pattern = re.sub("^[0-9]+:", "", cx_comp.version)
                 bom_pattern = re.sub(r"[\. \(]*[dD]ebian[ \)]*$", "", bom_pattern)
                 sw360_pattern = re.sub("^[0-9]+:", "", comprel.get("version", ""))
@@ -430,25 +459,34 @@ def get_component(self, cx_comp: Component) -> str:
         :param item: BOM item
         :return: id or None
         """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         component = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_COMPONENT_ID)
         if not component:
             if self.onlyCreateReleases:
                 print_yellow("    No component id in bom, skipping due to createreleases mode!")
 
-                return None
+                return ""
 
             components = self.client.get_component_by_name(cx_comp.name)
-            if not component and components["_embedded"]["sw360:components"]:
-                for compref in components["_embedded"]["sw360:components"]:
-                    if compref["name"].lower() != cx_comp.name.lower():
-                        continue
-                    else:
-                        component = self.get_sw360_id(compref)
-                        break
+            if components:
+                if not component and components["_embedded"]["sw360:components"]:
+                    for compref in components["_embedded"]["sw360:components"]:
+                        if compref["name"].lower() != cx_comp.name.lower():
+                            continue
+                        else:
+                            component = self.get_sw360_id(compref)
+                            break
 
         return component
 
-    def create_component(self, cx_comp: Component) -> dict:
+    def create_component(self, cx_comp: Component) -> Optional[Dict[str, Any]]:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         data = self.prepare_component_data(cx_comp)
         try:
             component_new = self.client.create_new_component(
@@ -459,13 +497,12 @@ def create_component(self, cx_comp: Component) -> dict:
                 component_details=data)
             print_yellow("    Component created")
             return component_new
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
             errortext = "    Error creating component: " + self.get_error_message(swex)
             print_red(errortext)
             sys.exit(ResultCode.RESULT_ERROR_CREATING_COMPONENT)
-        return None
 
-    def update_component(self, cx_comp: Component, component_id, component_data):
+    def update_component(self, cx_comp: Component, component_id: str, component_data: Dict[str, Any]) -> None:
         """Update an existing component on SW360
 
         :param item: a single bill of materials item - a component
@@ -475,6 +512,10 @@ def update_component(self, cx_comp: Component, component_id, component_data):
         :param component_data: SW360 component data
         :type component_data: component (dictionary)
         """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         purl = ""
         if cx_comp.purl:
             purl = PurlUtils.component_purl_from_release_purl(cx_comp.purl)
@@ -498,15 +539,22 @@ def update_component(self, cx_comp: Component, component_id, component_data):
                         component_data["externalIds"]["package-url"],
                         "differs from BOM id", purl)
 
-    def get_sw360_id(self, sw360_object: dict):
+    def get_sw360_id(self, sw360_object: Dict[str, Any]) -> str:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         return self.client.get_id_from_href(sw360_object["_links"]["self"]["href"])
 
-    def create_component_and_release(self, cx_comp: Component):
+    def create_component_and_release(self, cx_comp: Component) -> None:
         """Create new releases and if necessary also new components
 
         :param item: a single bill of materials item - a release
         :type item: dictionary
         """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         release = None
 
@@ -517,8 +565,9 @@ def create_component_and_release(self, cx_comp: Component):
 
             # get full component info
             component = self.client.get_component(component_id)
-            self.update_component(cx_comp, component_id, component)
-            release = self.search_for_release(component, cx_comp)
+            if component:
+                self.update_component(cx_comp, component_id, component)
+                release = self.search_for_release(component, cx_comp)
         else:
             if self.onlyCreateReleases:
                 print_red("    Component doesn't exist!")
@@ -526,6 +575,10 @@ def create_component_and_release(self, cx_comp: Component):
 
             # create component
             component = self.create_component(cx_comp)
+            if not component:
+                print_red("Component creation failed!")
+                return
+
             component_id = self.get_sw360_id(component)
 
         try:
@@ -533,12 +586,16 @@ def create_component_and_release(self, cx_comp: Component):
                 item_name = ScriptSupport.get_full_name_from_component(cx_comp)
                 print_red("      " + item_name + " already exists")
             else:
+                if not component:
+                    return
+
                 release = self.create_release(
                     cx_comp, self.get_sw360_id(component))
                 print_text("    Release created")
 
-            self.update_release(cx_comp, release)
-        except sw360.sw360_api.SW360Error as swex:
+            if release:
+                self.update_release(cx_comp, release)
+        except SW360Error as swex:
             errortext = "    Error creating release: " + self.get_error_message(swex)
             print_red(errortext)
             sys.exit(ResultCode.RESULT_ERROR_CREATING_RELEASE)
@@ -554,6 +611,10 @@ def create_items(self, sbom: Bom) -> None:
         :param bom: the bill of materials
         :type bom: list of components
         """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         ok = True
 
         for cx_comp in sbom.components:
@@ -561,7 +622,9 @@ def create_items(self, sbom: Bom) -> None:
             id = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_SW360ID)
             if id:
                 print_text("  " + item_name + " already exists")
-                self.update_release(cx_comp, self.client.get_release(id))
+                rel = self.client.get_release(id)
+                if rel:
+                    self.update_release(cx_comp, rel)
             else:
                 print_text("  " + item_name)
                 self.create_component_and_release(cx_comp)
@@ -578,7 +641,7 @@ def create_items(self, sbom: Bom) -> None:
             print_red("An error occured during component/release creation!")
             sys.exit(ResultCode.RESULT_ERROR_CREATING_ITEM)
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/bom/csv.py b/capycli/bom/csv.py
index 6ca0855..baee478 100644
--- a/capycli/bom/csv.py
+++ b/capycli/bom/csv.py
@@ -9,6 +9,7 @@
 from typing import List
 
 from cyclonedx.model.component import Component
+from sortedcontainers import SortedSet
 
 from capycli import LOG
 
@@ -56,7 +57,7 @@ def csv_to_cdx_components(cls, inputfile: str) -> List[Component]:
         return bom
 
     @classmethod
-    def write_cdx_components_as_csv(cls, bom: List[Component], outputfile: str) -> None:
+    def write_cdx_components_as_csv(cls, bom: SortedSet, outputfile: str) -> None:
         LOG.debug(f"Writing to file {outputfile}")
         with open(outputfile, "w", encoding="utf-8") as fout:
             for cx_comp in bom:
diff --git a/capycli/bom/diff_bom.py b/capycli/bom/diff_bom.py
index bfd4764..a5bba51 100644
--- a/capycli/bom/diff_bom.py
+++ b/capycli/bom/diff_bom.py
@@ -9,7 +9,7 @@
 import os
 import sys
 from enum import Enum
-from typing import Tuple
+from typing import Any, Dict, List, Optional, Tuple
 
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
@@ -49,11 +49,11 @@ class DiffType(str, Enum):
 
 class DiffBom(capycli.common.script_base.ScriptBase):
     """Compare two SBOM files    """
-    def __init__(self):
-        self.equal_bom = None
-        self.diff_bom = None
+    def __init__(self) -> None:
+        self.equal_bom: Bom
+        self.diff_bom: Bom
 
-    def find_in_bom(self, bom: Bom, component: Component) -> Component or None:
+    def find_in_bom(self, bom: Bom, component: Component) -> Optional[Component]:
         """Searches for an item with the given name and version in the given SBOM."""
         for c in bom.components:
             if MergeBom.are_same(c, component):
@@ -88,9 +88,9 @@ def compare_boms(self, bom_old: Bom, bom_new: Bom) -> Tuple[Bom, Bom]:
 
         return equal_bom, diff_bom
 
-    def compare_boms_with_updates(self, bom_old: Bom, bom_new: Bom) -> list:
+    def compare_boms_with_updates(self, bom_old: Bom, bom_new: Bom) -> List[Dict[str, Any]]:
         """Determine differences in the bills or materials."""
-        result = []
+        result: List[Dict[str, Any]] = []
 
         for comp_old in bom_old.components:
             ritem = {}
@@ -116,7 +116,7 @@ def compare_boms_with_updates(self, bom_old: Bom, bom_new: Bom) -> list:
 
         return self.check_for_updates(result)
 
-    def check_for_updates(self, result: list) -> list:
+    def check_for_updates(self, result: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
         """Try to determine if the differences are updates of existing components."""
         removeList = []
 
@@ -151,7 +151,7 @@ def check_for_updates(self, result: list) -> list:
 
         return result
 
-    def display_result(self, result: list, show_identical: bool):
+    def display_result(self, result: List[Dict[str, Any]], show_identical: bool) -> None:
         for item in result:
             if item["Result"] == DiffType.IDENTICAL:
                 if show_identical:
@@ -191,11 +191,11 @@ def display_result(self, result: list, show_identical: bool):
                 str(item["Result"]) + ": " +
                 item["Name"] + ", " + item["Version"])
 
-    def write_result_to_json(self, filename: str, result: list):
+    def write_result_to_json(self, filename: str, result: List[Dict[str, Any]]) -> None:
         """Write comparison result to a JSON file."""
         capycli.common.json_support.write_json_to_file(result, filename)
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/bom/download_sources.py b/capycli/bom/download_sources.py
index 6a9bbd2..7a00258 100644
--- a/capycli/bom/download_sources.py
+++ b/capycli/bom/download_sources.py
@@ -12,11 +12,11 @@
 import pathlib
 import re
 import sys
-from typing import Optional, Tuple
+from typing import Any, Optional, Tuple
 from urllib.parse import urlparse
 
 import requests
-from cyclonedx.model import ExternalReference, ExternalReferenceType, HashAlgorithm, HashType
+from cyclonedx.model import ExternalReference, ExternalReferenceType, HashAlgorithm, HashType, XsUri
 from cyclonedx.model.bom import Bom
 
 import capycli.common.json_support
@@ -34,18 +34,18 @@ class BomDownloadSources(capycli.common.script_base.ScriptBase):
     Download source files from the URL specified in the SBOM.
     """
 
-    def get_filename_from_cd(self, cd: str):
+    def get_filename_from_cd(self, cd: str) -> str:
         """
         Get filename from content-disposition.
         """
         if not cd:
-            return None
+            return ""
         fname = re.findall('filename=(.+)', cd)
         if len(fname) == 0:
-            return None
+            return ""
         return fname[0].rstrip('"').lstrip('"')
 
-    def download_source_file(self, url: str, source_folder: str) -> Optional[Tuple]:
+    def download_source_file(self, url: str, source_folder: str) -> Optional[Tuple[str, str]]:
         """Download a file from a URL.
 
         @params:
@@ -56,11 +56,11 @@ def download_source_file(self, url: str, source_folder: str) -> Optional[Tuple]:
 
         try:
             response = requests.get(url, allow_redirects=True)
-            filename = self.get_filename_from_cd(response.headers.get('content-disposition'))
+            filename = self.get_filename_from_cd(response.headers.get("content-disposition", ""))
             if not filename:
-                filename = urlparse(url)
-                if filename:
-                    filename = os.path.basename(filename.path)
+                filename_ps = urlparse(url)
+                if filename_ps:
+                    filename = os.path.basename(filename_ps.path)
 
             elif not filename:
                 print_red("    Unable to identify filename from url!")
@@ -95,7 +95,7 @@ def download_sources(self, sbom: Bom, source_folder: str) -> None:
 
             source_url = CycloneDxSupport.get_ext_ref_source_url(component)
             if source_url:
-                result = self.download_source_file(source_url, source_folder)
+                result = self.download_source_file(source_url._uri, source_folder)
             else:
                 result = None
                 print_red("    No URL specified!")
@@ -114,32 +114,35 @@ def download_sources(self, sbom: Bom, source_folder: str) -> None:
                     ext_ref = ExternalReference(
                         reference_type=ExternalReferenceType.DISTRIBUTION,
                         comment=CaPyCliBom.SOURCE_FILE_COMMENT,
-                        url=path)
+                        url=XsUri(path))
                     new = True
                 else:
-                    ext_ref.url = path
+                    ext_ref.url = XsUri(path)
                 ext_ref.hashes.add(HashType(
                     algorithm=HashAlgorithm.SHA_1,
                     hash_value=sha1))
                 if new:
                     component.external_references.add(ext_ref)
 
-    def update_local_path(self, sbom: Bom, bomfile: str):
+    def update_local_path(self, sbom: Bom, bomfile: str) -> None:
         bompath = pathlib.Path(bomfile).parent
         for component in sbom.components:
             ext_ref = CycloneDxSupport.get_ext_ref(
                 component, ExternalReferenceType.DISTRIBUTION, CaPyCliBom.SOURCE_FILE_COMMENT)
             if ext_ref:
                 try:
-                    name = CycloneDxSupport.have_relative_ext_ref_path(ext_ref, bompath)
+                    name = CycloneDxSupport.have_relative_ext_ref_path(ext_ref, bompath.as_posix())
                     CycloneDxSupport.update_or_set_property(
                         component,
                         CycloneDxSupport.CDX_PROP_FILENAME,
                         name)
                 except ValueError:
-                    print_yellow("  SBOM file is not relative to source file " + ext_ref.url)
+                    if type(ext_ref.url) is XsUri:
+                        print_yellow("  SBOM file is not relative to source file " + ext_ref.url._uri)
+                    else:
+                        print_yellow("  SBOM file is not relative to source file " + str(ext_ref.url))
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method
 
         @params:
diff --git a/capycli/bom/filter_bom.py b/capycli/bom/filter_bom.py
index 5fd6c25..bc705ad 100644
--- a/capycli/bom/filter_bom.py
+++ b/capycli/bom/filter_bom.py
@@ -9,7 +9,7 @@
 import json
 import os
 import sys
-from typing import Optional
+from typing import Any, Dict, List, Optional
 
 from cyclonedx.model import ExternalReferenceType
 from cyclonedx.model.bom import Bom
@@ -53,27 +53,27 @@ class FilterBom(capycli.common.script_base.ScriptBase):
         ]
     }
     """
-    def __init__(self):
+    def __init__(self) -> None:
         self.verbose = False
 
-    def load_filter_file(self, filter_file: str) -> dict:
+    def load_filter_file(self, filter_file: str) -> Dict[str, Any]:
         """Load a single filter file - without any further processing"""
         f = open(filter_file, "r")
         filter = json.load(f)
         return filter
 
-    def append_components(self, clist: list, to_add_list: list):
+    def append_components(self, clist: List[Dict[str, Any]], to_add_list: List[Dict[str, Any]]) -> None:
         for to_add in to_add_list:
             clist.append(to_add)
 
-    def show_filter(self, filter: dict) -> None:
+    def show_filter(self, filter: Dict[str, Any]) -> None:
         for entry in filter["Components"]:
             comp = entry["component"]
             print_text(
                 "  ", comp.get("Name", ""), comp.get("Version", ""),
                 comp.get("RepositoryId", ""), entry["Mode"])
 
-    def find_bom_item(self, bom: Bom, filterentry: dict) -> Optional[Component]:
+    def find_bom_item(self, bom: Bom, filterentry: Dict[str, Any]) -> Optional[Component]:
         """Find an entry in list of bom items."""
         for component in bom.components:
             if component.purl:
@@ -92,11 +92,11 @@ def find_bom_item(self, bom: Bom, filterentry: dict) -> Optional[Component]:
 
         return None
 
-    def create_bom_item_from_filter_entry(self, filterentry: dict) -> Component:
+    def create_bom_item_from_filter_entry(self, filterentry: Dict[str, Any]) -> Component:
         comp = LegacySupport.legacy_component_to_cdx(filterentry)
         return comp
 
-    def update_bom_item_from_filter_entry(self, component: Component, filterentry: dict):
+    def update_bom_item_from_filter_entry(self, component: Component, filterentry: Dict[str, Any]) -> None:
         if filterentry["Name"]:
             component.name = filterentry["Name"]
 
@@ -210,9 +210,9 @@ def filter_bom(self, bom: Bom, filter_file: str) -> Bom:
 
                     if component.purl:
                         if prefix:
-                            match = component.purl.startswith(prefix)
+                            match = component.purl.to_string().startswith(prefix)
                         else:
-                            match = component.purl == filterentry["component"]["RepositoryId"]
+                            match = component.purl.to_string() == filterentry["component"]["RepositoryId"]
 
                 if match:
                     if filterentry["Mode"] == "remove":
@@ -231,7 +231,7 @@ def filter_bom(self, bom: Bom, filter_file: str) -> Bom:
                 if existing_entry:
                     self.update_bom_item_from_filter_entry(existing_entry, filterentry["component"])
                     if self.verbose:
-                        print_text("  Updated " + existing_entry.name + ", " + existing_entry.version)
+                        print_text("  Updated " + existing_entry.name + ", " + (existing_entry.version or ""))
                 else:
                     if filterentry["component"].get("Name") is None:
                         print_red("To be added dependency missing Name attribute in Filter file.")
@@ -240,7 +240,7 @@ def filter_bom(self, bom: Bom, filter_file: str) -> Bom:
                     bomitem = self.create_bom_item_from_filter_entry(filterentry["component"])
                     list_temp.append(bomitem)
                     if self.verbose:
-                        print_text("  Added " + bomitem.name + ", " + bomitem.version)
+                        print_text("  Added " + bomitem.name + ", " + (bomitem.version or ""))
 
                 filterentry["Processed"] = True
 
@@ -260,7 +260,7 @@ def filter_bom(self, bom: Bom, filter_file: str) -> Bom:
 
         return bom
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/bom/findsources.py b/capycli/bom/findsources.py
index b498337..10ec65c 100644
--- a/capycli/bom/findsources.py
+++ b/capycli/bom/findsources.py
@@ -11,7 +11,7 @@
 import re
 import sys
 import time
-from typing import Any
+from typing import Any, Dict, List, Tuple
 
 import requests
 import semver
@@ -36,13 +36,13 @@
 class FindSources(capycli.common.script_base.ScriptBase):
     """Go through the list of SBOM items and try to determine the source code."""
 
-    def __init__(self):
-        self.verbose = False
+    def __init__(self) -> None:
+        self.verbose: bool = False
         self.version_regex = re.compile(r"[\d+\.|_]+[\d+]")
         self.github_project_name_regex = re.compile(r"^[a-zA-Z0-9-]+(/[a-zA-Z0-9-]+)*$")
-        self.github_name = None
-        self.github_token = None
-        self.sw360_url = os.environ.get("SW360ServerUrl", None)
+        self.github_name: str = ""
+        self.github_token: str = ""
+        self.sw360_url: str = os.environ.get("SW360ServerUrl", "")
 
     def is_sourcefile_accessible(self, sourcefile_url: str) -> bool:
         """Check if the URL is accessible."""
@@ -70,7 +70,7 @@ def is_sourcefile_accessible(self, sourcefile_url: str) -> bool:
         return False
 
     @staticmethod
-    def github_request(url: str, username="", token=""):
+    def github_request(url: str, username: str = "", token: str = "") -> Any:
         try:
             headers = {}
             if token:
@@ -96,10 +96,11 @@ def github_request(url: str, username="", token=""):
                 Fore.LIGHTYELLOW_EX +
                 "      Error acccessing GitHub: " + repr(ex) +
                 Style.RESET_ALL)
-            return None
+
+            return {}
 
     @staticmethod
-    def get_repositories(name: str, language: str, username="", token=""):
+    def get_repositories(name: str, language: str, username: str = "", token: str = "") -> Any:
         """Query for GitHub repositories"""
         query = name + " language:" + language.lower()
         search_url = "https://api.github.com/search/repositories?q=" + query
@@ -122,16 +123,27 @@ def get_repo_name(github_url: str) -> str:
                 Fore.LIGHTYELLOW_EX +
                 "      Error getting repo name from: " + github_url +
                 Style.RESET_ALL)
-            return None
+            return ""
 
         return repo_name
 
+    if not sys.version_info < (3, 10):
+        get_github_info_type = List[Dict[str, Any]] | Dict[str, Any]
+    else:
+        get_github_info_type = Any
+
     @staticmethod
-    def get_github_info(repository_url: str, username="", token="") -> Any:
-        """Query tag infos from GitHub."""
+    def get_github_info(repository_url: str, username: str = "",
+                        token: str = "") -> get_github_info_type:
+        """
+        Query tag infos from GitHub.
+
+        In the good case a list of tags entries (= dictionaries) is returned.
+        In the bad case a JSON error message is returned.
+        """
         length_per_page = 100
         page = 1
-        tags = []
+        tags: List[Dict[str, Any]] = []
         tag_url = "https://api.github.com/repos/" + repository_url + "/tags"
         query = "?per_page=%s&page=%s" % (length_per_page, page)
         tmp = FindSources.github_request(tag_url + query, username, token)
@@ -160,7 +172,7 @@ def to_semver_string(self, version: str) -> str:
             return str(ver + ".0")
         return ver
 
-    def find_github_url(self, component: Component, use_language=True) -> str:
+    def find_github_url(self, component: Component, use_language: bool = True) -> str:
         """ Find github url for component"""
         if not component:
             return ""
@@ -182,7 +194,7 @@ def find_github_url(self, component: Component, use_language=True) -> str:
         if len(name_match):
             for match in name_match:
                 tag_info = self.github_request(match["tags_url"], self.github_name, self.github_token)
-                source_url = self.get_matching_tag(tag_info, component.version, match["html_url"])
+                source_url = self.get_matching_tag(tag_info, component.version or "", match["html_url"])
                 if len(name_match) == 1:
                     return source_url
                 elif source_url:
@@ -195,21 +207,26 @@ def get_pkg_go_repo_url(self, name: str) -> str:
         link_repo = repo_request_url
         try:
             pkg_go_page = requests.get(repo_request_url)
+            if not pkg_go_page:
+                return ""
+
             soup = BeautifulSoup(pkg_go_page.text, 'html.parser')
-            link_repo = soup.find('div', class_='UnitMeta-repo').find('a').get("href")
+            link_repo = soup.find('div', class_='UnitMeta-repo').find('a').get("href")  # type: ignore
         except Exception as ex:
             print(
                 Fore.LIGHTYELLOW_EX +
                 "      Error trying to get repository url: " + repr(ex) +
                 Style.RESET_ALL)
+
         return link_repo
 
     def find_golang_url(self, component: Component) -> str:
         """ Find github url for component"""
         if not component:
             return ""
-        component_name = component.name
-        component_version = component.version
+
+        component_name = component.name or ""
+        component_version = component.version or ""
         suffix = "+incompatible"
         if component_version.endswith(suffix):
             component_version = component_version[:-len(suffix)]
@@ -244,9 +261,10 @@ def find_golang_url(self, component: Component) -> str:
 
                 if repository_name.startswith("https://github.com/"):
                     repository_name = repository_name[len("https://github.com/"):]
-                tag_info = self.get_github_info(repository_name, self.github_name,
-                                                self.github_token)
-                source_url = self.get_matching_tag(tag_info, component_version, repository_name, version_prefix)
+                tag_info = self.get_github_info(repository_name, self.github_name, self.github_token)
+                tag_info_checked = self.check_for_github_error(tag_info)
+                source_url = self.get_matching_tag(tag_info_checked, component_version,
+                                                   repository_name, version_prefix or "")
 
         # component["RepositoryUrl"] = repository_name
         return source_url
@@ -268,15 +286,13 @@ def get_github_source_url(self, github_url: str, version: str) -> str:
             print_text("      repo_name:", repo_name)
 
         tag_info = self.get_github_info(repo_name, self.github_name, self.github_token)
-        return self.get_matching_tag(tag_info, version, github_url)
+        tag_info_checked = self.check_for_github_error(tag_info)
+        return self.get_matching_tag(tag_info_checked, version, github_url)
 
-    def get_matching_tag(self, tag_info: list, version: str, github_url: str, version_prefix=None):
-        if not tag_info or (len(tag_info) == 0):
-            print(
-                Fore.LIGHTRED_EX +
-                "      No tags info reply from GitHub! " + github_url +
-                Style.RESET_ALL)
-            return None
+    def check_for_github_error(self, tag_info: get_github_info_type) -> List[Dict[str, Any]]:
+        if isinstance(tag_info, list):
+            # assume valid answer
+            return tag_info
 
         # check for 'rate limit exceeded' message
         if "message" in tag_info:
@@ -287,17 +303,26 @@ def get_matching_tag(self, tag_info: list, version: str, github_url: str, versio
                 print_red("Invalid GitHub credential provided - aborting!")
                 sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SERVICE)
 
+        return []
+
+    def get_matching_tag(self, tag_info: List[Dict[str, Any]], version: str, github_url: str,
+                         version_prefix: str = "") -> str:
+        if not tag_info or (len(tag_info) == 0):
+            print(
+                Fore.LIGHTRED_EX +
+                "      No tags info reply from GitHub! " + github_url +
+                Style.RESET_ALL)
+            return ""
+
         # search for a tag matching our given version information
         matching_tag = None
 
         for tag in tag_info:
-            if isinstance(tag, str):
-                # this should be dictionary, if it is a string then
-                # something went wrong!
-                continue
             try:
-                if version_prefix and tag.get("name").rpartition("/")[0] != version_prefix:
-                    continue
+                if version_prefix:
+                    name = tag.get("name")
+                    if name and name.rpartition("/")[0] != version_prefix:
+                        continue
 
                 version_diff = semver.VersionInfo.parse(
                     self.to_semver_string(tag.get("name", None))).compare(
@@ -323,7 +348,7 @@ def get_matching_tag(self, tag_info: list, version: str, github_url: str, versio
         # print("matching_tag", matching_tag)
         source_url = matching_tag.get("zipball_url", "")
         if source_url == "":
-            return None
+            return ""
         source_url = source_url.replace(
             "https://api.github.com/repos", "https://github.com").replace(
                 "zipball/refs/tags", "archive/refs/tags")
@@ -333,35 +358,52 @@ def get_matching_tag(self, tag_info: list, version: str, github_url: str, versio
 
     def get_source_url_from_release(self, release_id: str) -> str:
         """ get source code url from release """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         for x in range(5):
             try:
                 # print(self.client)
                 release_details = self.client.get_release(release_id)
-                source_url = release_details.get("sourceCodeDownloadurl", "")
-                if self.verbose:
-                    print("getting source url from get from sw360 for release_id " + release_id)
-                if source_url != "":
-                    return source_url
-                break
+                if release_details:
+                    source_url = release_details.get("sourceCodeDownloadurl", "")
+                    if self.verbose:
+                        print("getting source url from get from sw360 for release_id " + release_id)
+                    if source_url != "":
+                        return source_url
+                    break
             except SW360Error as ex:
-                if x < 4 and ex.response.status_code == requests.codes["bad_gateway"]:
+                if x < 4 and ex.response and ex.response.status_code == requests.codes["bad_gateway"]:
                     time.sleep(5)
                 else:
                     raise ex
 
-        return None
+        return ""
 
     def get_release_component_id(self, release_id: str) -> str:
         """ get the component id of a release """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         release_details = self.client.get_release(release_id)
+        if not release_details:
+            return ""
+
         return str(release_details["_links"]["sw360:component"]["href"]).split('/')[-1]
 
     def find_source_url_from_component(self, component_id: str) -> str:
         """ find source code url from component releases """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         component_details = self.client.get_component(component_id)
-        source_url = None
+        if not component_details:
+            return ""
+
+        source_url = ""
         github = "github.com"
         if component_details.get("_embedded") and \
                 component_details["_embedded"].get("sw360:releases"):
@@ -375,7 +417,7 @@ def find_source_url_from_component(self, component_id: str) -> str:
             print(f'{source_url} found over component_id {component_id}')
 
         if not source_url and "github.com" in component_details.get("homepage", ""):
-            source_url = component_details.get("homepage")
+            source_url = component_details.get("homepage") or ""
             if source_url and self.verbose:
                 print(f'{source_url} found on github over component homepage')
 
@@ -383,7 +425,7 @@ def find_source_url_from_component(self, component_id: str) -> str:
 
     def find_source_url_on_release(self, component: Component) -> str:
         """find the url from sourceCodeDownloadurl from the Id or Sw360Id"""
-        url = None
+        url = ""
         release_id = ""
         for val in component.properties:
             if val.name == "siemens:sw360Id":
@@ -391,13 +433,14 @@ def find_source_url_on_release(self, component: Component) -> str:
         if release_id:
             # get the existing source_url for any kind of release.
             url = self.get_source_url_from_release(release_id)
+
         return url
 
     def find_source_url_recursive_by_sw360(self, component: Component) -> str:
         """find the url via an other release of the parent component"""
-        url = None
+        url = ""
         found_by_component = False
-        version = component.version
+        version = component.version or ""
         release_id = ""
         component_id = ""
         for val in component.properties:
@@ -428,7 +471,7 @@ def find_source_url_by_language(component: Component) -> str:
         capycli.dependencies.javascript.GetJavascriptDependencies().try_find_component_metadata(component, "")
         return CycloneDxSupport.get_ext_ref_source_url(component)
 
-    def find_sources(self, bom: Bom):
+    def find_sources(self, bom: Bom) -> Tuple[int, int]:
         """Go through the list of SBOM items and try to determine the source code."""
 
         print_text("\nLooping through SBOM:")
@@ -471,7 +514,7 @@ def find_sources(self, bom: Bom):
                 if self.verbose:
                     print_text("    Repository URL available:", repository_url)
                 source_url = self.get_github_source_url(
-                    repository_url,
+                    str(repository_url),
                     component.version)
             binary_url = CycloneDxSupport.get_ext_ref_binary_url(component)
             if binary_url and not source_url:
@@ -485,14 +528,14 @@ def find_sources(self, bom: Bom):
                 if self.verbose:
                     print_text("    Project site URL available:", website)
                 source_url = self.get_github_source_url(
-                    website,
+                    str(website),
                     component.version)
             source_code_url = CycloneDxSupport.get_ext_ref_source_code_url(component)
             if source_code_url and not source_url:
                 if self.verbose:
                     print_text("    Repository URL available:", source_code_url)
                 source_url = self.get_github_source_url(
-                    source_code_url,
+                    str(source_code_url),
                     component.version)
 
             # look via the component
@@ -529,7 +572,7 @@ def find_sources(self, bom: Bom):
 
         return (found_count, exist_count)
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/bom/handle_bom.py b/capycli/bom/handle_bom.py
index c7ffc2e..6f7fb92 100644
--- a/capycli/bom/handle_bom.py
+++ b/capycli/bom/handle_bom.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import sys
+from typing import Any
 
 import capycli.bom.bom_convert
 import capycli.bom.check_bom
@@ -24,7 +25,7 @@
 from capycli.main.result_codes import ResultCode
 
 
-def run_bom_command(args) -> None:
+def run_bom_command(args: Any) -> None:
     command = args.command[0].lower()
     if command != "bom":
         return
@@ -53,81 +54,81 @@ def run_bom_command(args) -> None:
     subcommand = args.command[1].lower()
     if subcommand == "show":
         """Print SBOM contents to stdout."""
-        app = capycli.bom.show_bom.ShowBom()
-        app.run(args)
+        app1 = capycli.bom.show_bom.ShowBom()
+        app1.run(args)
         return
 
     if subcommand == "filter":
         """Apply a filter file to a SBOM."""
-        app = capycli.bom.filter_bom.FilterBom()
-        app.run(args)
+        app2 = capycli.bom.filter_bom.FilterBom()
+        app2.run(args)
         return
 
     if subcommand == "check":
         """Check that all releases listed in the SBOM really exist
         on the given target SW360 instance."""
-        app = capycli.bom.check_bom.CheckBom()
-        app.run(args)
+        app3 = capycli.bom.check_bom.CheckBom()
+        app3.run(args)
         return
 
     if subcommand == "checkitemstatus":
         """Show additional information about SBOM items on SW360."""
-        app = capycli.bom.check_bom_item_status.CheckBomItemStatus()
-        app.run(args)
+        app4 = capycli.bom.check_bom_item_status.CheckBomItemStatus()
+        app4.run(args)
         return
 
     if subcommand == "map":
         """Map a given SBOM to data on SW360."""
-        app = capycli.bom.map_bom.MapBom()
-        app.run(args)
+        app5 = capycli.bom.map_bom.MapBom()
+        app5.run(args)
         return
 
     if subcommand == "createreleases":
         """Create new releases on SW360 for existing components."""
-        app = capycli.bom.create_components.BomCreateComponents(onlyCreateReleases=True)
-        app.run(args)
+        app6 = capycli.bom.create_components.BomCreateComponents(onlyCreateReleases=True)
+        app6.run(args)
         return
 
     if subcommand == "createcomponents":
         """Create new components and releases on SW360."""
-        app = capycli.bom.create_components.BomCreateComponents()
-        app.run(args)
+        app7 = capycli.bom.create_components.BomCreateComponents()
+        app7.run(args)
         return
 
     if subcommand == "downloadsources":
         """Download source files from the URL specified in the SBOM."""
-        app = capycli.bom.download_sources.BomDownloadSources()
-        app.run(args)
+        app8 = capycli.bom.download_sources.BomDownloadSources()
+        app8.run(args)
         return
 
     if subcommand == "granularity":
         """Check the granularity of the releases in the SBOM."""
-        app = capycli.bom.check_granularity.CheckGranularity()
-        app.run(args)
+        app9 = capycli.bom.check_granularity.CheckGranularity()
+        app9.run(args)
         return
 
     if subcommand == "diff":
         """Compare two SBOM files."""
-        app = capycli.bom.diff_bom.DiffBom()
-        app.run(args)
+        app10 = capycli.bom.diff_bom.DiffBom()
+        app10.run(args)
         return
 
     if subcommand == "merge":
         """Merge two SBOM files."""
-        app = capycli.bom.merge_bom.MergeBom()
-        app.run(args)
+        app11 = capycli.bom.merge_bom.MergeBom()
+        app11.run(args)
         return
 
     if subcommand == "findsources":
         """Determine the source code for SBOM items."""
-        app = capycli.bom.findsources.FindSources()
-        app.run(args)
+        app12 = capycli.bom.findsources.FindSources()
+        app12.run(args)
         return
 
     if subcommand == "convert":
         """Convert SBOM formats."""
-        app = capycli.bom.bom_convert.BomConvert()
-        app.run(args)
+        app13 = capycli.bom.bom_convert.BomConvert()
+        app13.run(args)
         return
 
     print_red("Unknown sub-command: ")
diff --git a/capycli/bom/html.py b/capycli/bom/html.py
index c304675..4855a28 100644
--- a/capycli/bom/html.py
+++ b/capycli/bom/html.py
@@ -6,9 +6,10 @@
 # SPDX-License-Identifier: MIT
 # -------------------------------------------------------------------------------
 
-from typing import List, Optional
+from typing import Optional
 
 from cyclonedx.model.component import Component
+from sortedcontainers import SortedSet
 
 from capycli import LOG
 from capycli.common.html_support import HtmlSupport
@@ -19,7 +20,8 @@ class HtmlConversionSupport():
     @classmethod
     def write_cdx_components_as_html(
             cls,
-            bom: List[Component],
+            # bom: List[Component],
+            bom: SortedSet,
             outputfile: str,
             project: Optional[Component]) -> None:
         myhtml = HtmlSupport()
diff --git a/capycli/bom/legacy.py b/capycli/bom/legacy.py
index 16cc0a7..fec8b81 100644
--- a/capycli/bom/legacy.py
+++ b/capycli/bom/legacy.py
@@ -8,9 +8,10 @@
 
 from typing import Any, Dict, List
 
-from cyclonedx.model import ExternalReference, ExternalReferenceType, HashAlgorithm, HashType, Property
+from cyclonedx.model import ExternalReference, ExternalReferenceType, HashAlgorithm, HashType, Property, XsUri
 from cyclonedx.model.component import Component
-from packageurl import PackageURL  # type: ignore
+from packageurl import PackageURL
+from sortedcontainers import SortedSet
 
 from capycli import LOG
 from capycli.common import json_support
@@ -49,7 +50,7 @@
 
 class LegacySupport():
     @staticmethod
-    def get_purl_from_name(item: Dict[str, Any]) -> Any:
+    def get_purl_from_name(item: Dict[str, Any]) -> PackageURL:
         """Builds/guesses a package-url from name, version
         and provided language information."""
         lang = "generic"
@@ -63,16 +64,16 @@ def get_purl_from_name(item: Dict[str, Any]) -> Any:
             if item["Language"].lower() == "javascript":
                 lang = "npm"
 
-        purl = PackageURL(type=lang, name=item.get("Name", ""), version=item.get("Version", "")).to_string()
+        purl = PackageURL(type=lang, name=item.get("Name", ""), version=item.get("Version", ""))
         return purl
 
     @staticmethod
-    def get_purl_from_legacy(item: Dict[str, Any]) -> Any:
+    def get_purl_from_legacy(item: Dict[str, Any]) -> PackageURL:
         if "RepositoryType" in item:
             if (item["RepositoryType"] == "package-url") or (item["RepositoryType"] == "purl"):
                 id = item.get("RepositoryId", "")
                 if id:
-                    return id
+                    return PackageURL.from_string(id)
 
         return LegacySupport.get_purl_from_name(item)
 
@@ -85,12 +86,7 @@ def legacy_component_to_cdx(item: Dict[str, Any]) -> Component:
                 name=item.get("Name", "").strip(),
                 version=item.get("Version", "").strip(),
                 purl=purl,
-                bom_ref=purl,
-                description=item.get("Description", "").strip())
-        else:
-            cxcomp = Component(
-                name=item.get("Name", "").strip(),
-                version=item.get("Version", "").strip(),
+                bom_ref=purl.to_string(),
                 description=item.get("Description", "").strip())
 
         website = item.get("ProjectSite", "")
@@ -99,7 +95,7 @@ def legacy_component_to_cdx(item: Dict[str, Any]) -> Component:
         if website:
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.WEBSITE,
-                url=website)
+                url=XsUri(website))
             cxcomp.external_references.add(ext_ref)
 
         projectClearingState = item.get("ProjectClearingState", "")
@@ -152,7 +148,7 @@ def legacy_component_to_cdx(item: Dict[str, Any]) -> Component:
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.DISTRIBUTION,
                 comment=CaPyCliBom.SOURCE_URL_COMMENT,
-                url=sourceFileUrl)
+                url=XsUri(sourceFileUrl))
             hash = item.get("SourceFileHash", "")
             if hash:
                 ext_ref.hashes.add(HashType(
@@ -165,7 +161,7 @@ def legacy_component_to_cdx(item: Dict[str, Any]) -> Component:
                 ext_ref = ExternalReference(
                     reference_type=ExternalReferenceType.DISTRIBUTION,
                     comment=CaPyCliBom.SOURCE_FILE_COMMENT,
-                    url=sourceUrl)
+                    url=XsUri(sourceUrl))
                 hash = item.get("SourceFileHash", "")
                 if hash:
                     ext_ref.hashes.add(HashType(
@@ -178,7 +174,7 @@ def legacy_component_to_cdx(item: Dict[str, Any]) -> Component:
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.DISTRIBUTION,
                 comment="source archive (local copy)",
-                url=sourceFile)
+                url=XsUri(sourceFile))
             hash = item.get("SourceFileHash", "")
             if hash:
                 ext_ref.hashes.add(HashType(
@@ -207,7 +203,7 @@ def legacy_component_to_cdx(item: Dict[str, Any]) -> Component:
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.DISTRIBUTION,
                 comment=CaPyCliBom.BINARY_FILE_COMMENT,
-                url=binaryFile)
+                url=XsUri(binaryFile))
             hash = item.get("BinaryFileHash", "")
             if hash:
                 ext_ref.hashes.add(HashType(
@@ -222,7 +218,7 @@ def legacy_component_to_cdx(item: Dict[str, Any]) -> Component:
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.DISTRIBUTION,
                 comment=CaPyCliBom.BINARY_URL_COMMENT,
-                url=binaryFileUrl)
+                url=XsUri(binaryFileUrl))
             hash = item.get("BinaryFileHash", "")
             if hash:
                 ext_ref.hashes.add(HashType(
@@ -234,7 +230,7 @@ def legacy_component_to_cdx(item: Dict[str, Any]) -> Component:
         if repositoryUrl:
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.VCS,
-                url=repositoryUrl)
+                url=XsUri(repositoryUrl))
             cxcomp.external_references.add(ext_ref)
 
         language = item.get("Language", "")
@@ -263,23 +259,23 @@ def legacy_to_cdx_components(cls, inputfile: str) -> List[Component]:
 
     @classmethod
     def cdx_component_to_legacy(cls, cx_comp: Component) -> Dict[str, Any]:
-        lcomp = {}
+        lcomp: Dict[str, Any] = {}
         lcomp["Name"] = cx_comp.name
         lcomp["Version"] = cx_comp.version or ""
         lcomp["Description"] = cx_comp.description or ""
         lcomp["Language"] = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_LANGUAGE)
         lcomp["SourceUrl"] = str(CycloneDxSupport.get_ext_ref_source_url(cx_comp))
-        lcomp["RepositoryUrl"] = CycloneDxSupport.get_ext_ref_repository(cx_comp)
+        lcomp["RepositoryUrl"] = str(CycloneDxSupport.get_ext_ref_repository(cx_comp))
         lcomp["SourceFile"] = str(CycloneDxSupport.get_ext_ref_source_file(cx_comp))
         lcomp["SourceFileHash"] = CycloneDxSupport.get_source_file_hash(cx_comp)
         lcomp["BinaryFile"] = str(CycloneDxSupport.get_ext_ref_binary_file(cx_comp))
         lcomp["BinaryFileHash"] = CycloneDxSupport.get_binary_file_hash(cx_comp)
         lcomp["BinaryFileUrl"] = str(CycloneDxSupport.get_ext_ref_binary_url(cx_comp))
-        lcomp["Homepage"] = CycloneDxSupport.get_ext_ref_website(cx_comp)
-        lcomp["ProjectSite"] = CycloneDxSupport.get_ext_ref_website(cx_comp)  # same!
+        lcomp["Homepage"] = str(CycloneDxSupport.get_ext_ref_website(cx_comp))
+        lcomp["ProjectSite"] = str(CycloneDxSupport.get_ext_ref_website(cx_comp))  # same!
         if cx_comp.purl:
             lcomp["RepositoryType"] = "package-url"
-            lcomp["RepositoryId"] = cx_comp.purl or ""
+            lcomp["RepositoryId"] = cx_comp.purl.to_string() or ""
         lcomp["Sw360Id"] = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_SW360ID)
 
         lcomp["SourceFileType"] = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_SRC_FILE_TYPE)
@@ -299,7 +295,7 @@ def cdx_component_to_legacy(cls, cx_comp: Component) -> Dict[str, Any]:
         return lcomp
 
     @classmethod
-    def write_cdx_components_as_legacy(cls, bom: List[Component], outputfile: str) -> None:
+    def write_cdx_components_as_legacy(cls, bom: SortedSet, outputfile: str) -> None:
         LOG.debug(f"Writing to file {outputfile}")
 
         legacy_bom = []
diff --git a/capycli/bom/map_bom.py b/capycli/bom/map_bom.py
index 8c0f4ed..8ebb84d 100644
--- a/capycli/bom/map_bom.py
+++ b/capycli/bom/map_bom.py
@@ -13,11 +13,13 @@
 import re
 import sys
 from enum import Enum
-from typing import Any, Dict, List
+from typing import Any, Dict, List, Optional, Tuple
 
-from cyclonedx.model import ExternalReference, ExternalReferenceType
+from cyclonedx.model import ExternalReference, ExternalReferenceType, XsUri
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
+from packageurl import PackageURL
+from sw360 import SW360
 
 import capycli.common.file_support
 import capycli.common.script_base
@@ -48,20 +50,20 @@ class MapBom(capycli.common.script_base.ScriptBase):
     Map a given SBOM to data on SW360
     """
     def __init__(self) -> None:
-        self.releases = None
+        self.releases: List[Dict[str, Any]] = []
         self.old_releases = None
         self.verbosity = 1
         self.relaxed_debian_parsing = False
         self.mode = MapMode.ALL
-        self.purl_service: PurlService = None
+        self.purl_service: Optional[PurlService] = None
         self.no_match_by_name_only = True
 
-    def is_id_match(self, release, component: Component) -> bool:
+    def is_id_match(self, release: Dict[str, Any], component: Component) -> bool:
         """Determines whether this release is a match via identifier for the specified SBOM item"""
         if not component.purl:
             return False
 
-        cmp = component.purl.lower()
+        cmp = component.purl.to_string().lower()
         if "ExternalIds" in release:
             extid_list = release["ExternalIds"]
         else:
@@ -73,7 +75,7 @@ def is_id_match(self, release, component: Component) -> bool:
 
         return False
 
-    def filter_exceptions(self, partsBomItem: list) -> None:
+    def filter_exceptions(self, partsBomItem: List[str]) -> List[str]:
         """Filter some parts that appear too often in too many component names"""
         if ("cordova" in partsBomItem) and ("plugin" in partsBomItem):
             partsBomItem.remove("cordova")
@@ -81,7 +83,7 @@ def filter_exceptions(self, partsBomItem: list) -> None:
 
         return partsBomItem
 
-    def similar_name_match(self, component: Component, release: dict) -> bool:
+    def similar_name_match(self, component: Component, release: Dict[str, Any]) -> bool:
         """Determine whether there is a relase with a similar name. Similar means
         a combination of name words..."""
         SIMILARITY_THRESHOLD = 2
@@ -122,7 +124,7 @@ def similar_name_match(self, component: Component, release: dict) -> bool:
 
         return False
 
-    def is_better_match(self, releases_found: List[dict], proposed_match_code) -> bool:
+    def is_better_match(self, releases_found: List[Dict[str, Any]], proposed_match_code: str) -> bool:
         if not releases_found:
             return True
 
@@ -137,7 +139,7 @@ def is_better_match(self, releases_found: List[dict], proposed_match_code) -> bo
             return False
 
     @staticmethod
-    def is_good_match(match_code) -> bool:
+    def is_good_match(match_code: str) -> bool:
         """
         Returns True of this is a good match, i.e.
         """
@@ -162,14 +164,11 @@ def is_good_match(match_code) -> bool:
 
         return False
 
-    def map_bom_item(self, component: Component, check_similar: bool, result_required: bool):
+    def map_bom_item(self, component: Component, check_similar: bool, result_required: bool) -> MapResult:
         """Maps a single SBOM item to the list of SW360 releases"""
 
         result, _, _ = self.map_bom_commons(component)
 
-        if not self.releases:
-            return None
-
         for release in self.releases:
             if ("Id" in release) and ("Sw360Id" not in release):
                 release["Sw360Id"] = release["Id"]
@@ -200,7 +199,7 @@ def map_bom_item(self, component: Component, check_similar: bool, result_require
                     name_match = component.name.lower() == release["Name"].lower()
                 version_exists = "Version" in release
                 if (name_match
-                    and version_exists
+                    and version_exists and component.version
                         and (component.version.lower() == release["Version"].lower())):
                     if self.is_better_match(
                         result.releases,
@@ -262,7 +261,7 @@ def map_bom_item(self, component: Component, check_similar: bool, result_require
                     break
 
             # fourth check: source filename
-            cmp_src_file = CycloneDxSupport.get_ext_ref_source_file(component)
+            cmp_src_file = str(CycloneDxSupport.get_ext_ref_source_file(component))
             if (("SourceFile" in release)
                 and cmp_src_file
                     and release["SourceFile"]):
@@ -342,8 +341,11 @@ def cut_off_debian_extras(self, version: str) -> str:
         new_version = parts[0]
         return new_version
 
-    def map_bom_item_no_cache(self, component: Component):
+    def map_bom_item_no_cache(self, component: Component) -> MapResult:
         """Maps a single SBOM item to SW360 via online checks (no cache!)"""
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         result, release_url, component_url = self.map_bom_commons(component)
         components = []
@@ -352,12 +354,12 @@ def map_bom_item_no_cache(self, component: Component):
 
         # if there's no purl match, search for component names
         if len(components) == 0:
-            components = self.client.get_component_by_name(component.name)
-            if not components:
+            components2 = self.client.get_component_by_name(component.name)
+            if not components2:
                 return result
             components = [
                 compref["_links"]["self"]["href"]
-                for compref in components["_embedded"]["sw360:components"]
+                for compref in components2.get("_embedded", {}).get("sw360:components", [])
                 if compref["name"].lower() == component.name.lower()
             ]
 
@@ -365,15 +367,22 @@ def map_bom_item_no_cache(self, component: Component):
             if release_url is not None:
                 rel_list = [{"_links": {"self": {"href": release_url}}}]
             else:
-                comp = self.client.get_component_by_url(compref)
+                comp = self.client.get_component_by_url(compref)  # type: ignore
+                if not comp:
+                    continue
                 rel_list = comp["_embedded"].get("sw360:releases", [])
 
             # Sorted alternatives in descending version order
             # Please note: the release list sometimes contain just the href but no version
-            rel_list = sorted(rel_list, key=lambda x: "version" in x and ComparableVersion(x['version']), reverse=True)
+            rel_list = sorted(rel_list,
+                              key=lambda x: "version" in x and ComparableVersion(
+                                  x.get("version", "")), reverse=True)  # type: ignore
             for relref in rel_list:
                 href = relref["_links"]["self"]["href"]
                 real_release = self.client.get_release_by_url(href)
+                if not real_release:
+                    print_red("Error accessign release " + href)
+                    continue
 
                 # generate proper release for result
                 release = {}
@@ -409,7 +418,7 @@ def map_bom_item_no_cache(self, component: Component):
                 # again as we checked it when compiling component list)
                 version_exists = "Version" in release
                 if (version_exists
-                        and (component.version.lower() == release["Version"].lower())):
+                        and ((component.version or "").lower() == release.get("Version", "").lower())):
                     if self.is_better_match(
                         result.releases,
                             MapResult.FULL_MATCH_BY_NAME_AND_VERSION):
@@ -489,8 +498,11 @@ def map_bom_item_no_cache(self, component: Component):
                     print_text("    ADDED (MATCH_BY_NAME) " + release["Sw360Id"])
         return result
 
-    def has_release_clearing_result(self, client, result_item) -> bool:
+    def has_release_clearing_result(self, client: Optional[SW360], result_item: Dict[str, Any]) -> bool:
         """Checks whether this given result item has a clearing result"""
+        if not client:
+            return False
+
         print_text(
             "Checking clearing result for " + result_item["Name"] +
             ", " + result_item["Version"])
@@ -519,8 +531,11 @@ def map_bom_to_releases(
         # retrieve missing types later
         purl_types = set()
         for component in sbom.components:
-            if component.purl and len(component.purl) > 8 and component.purl.startswith("pkg:"):
-                purl_types.add(component.purl[4:7])
+
+            if component.purl:
+                p = component.purl.to_string()
+                if len(p) > 8 and p.startswith("pkg:"):
+                    purl_types.add(p[4:7])
         self.external_id_svc.build_purl_cache(purl_types, self.verbosity <= 1)
 
         mapresult: list[MapResult] = []
@@ -538,25 +553,29 @@ def map_bom_to_releases(
 
         return mapresult
 
-    def search_source_hash_match(self, hashvalue):
+    def search_source_hash_match(self, hashvalue: str) -> None:
         """Searches SW360 for a release with an attachment with
         the specified source file hash"""
         pass
 
-    def search_binary_hash_match(self, hashvalue):
+    def search_binary_hash_match(self, hashvalue: str) -> None:
         """Searches SW360 for a release with an attachment with
         the specified binary file hash"""
         pass
 
     def create_overview(self, result: List[MapResult]) -> Dict[str, Any]:
         """Create JSON data with an mapping result overview"""
-        data = {}
-        dataitems = []
+        data: Dict[str, Any] = {}
+        dataitems: List[Dict[str, Any]] = []
         overall_result = "COMPLETE"
         count = 0
         for item in result:
-            dataitem = {}
-            dataitem["BomItem"] = item.component.name + ", " + item.component.version
+            if not item:
+                continue
+
+            dataitem: Dict[str, Any] = {}
+            if item.component:
+                dataitem["BomItem"] = item.component.name + ", " + (item.component.version or "")
             dataitem["ResultCode"] = item.result
             dataitem["ResultText"] = item.map_code_to_string(item.result)
             dataitems.append(dataitem)
@@ -571,12 +590,12 @@ def create_overview(self, result: List[MapResult]) -> Dict[str, Any]:
 
         return data
 
-    def write_overview(self, overview: dict, filename: str) -> None:
+    def write_overview(self, overview: Dict[str, Any], filename: str) -> None:
         """Writes a JSON file with an mapping result overview"""
         with open(filename, "w") as outfile:
             json.dump(overview, outfile, indent=2)
 
-    def get_purl_from_match(self, match: dict) -> str:
+    def get_purl_from_match(self, match: Dict[str, Any]) -> str:
         """
         Return the package-url for the given SW360 entry.
         """
@@ -592,7 +611,7 @@ def get_purl_from_match(self, match: dict) -> str:
 
         return purl
 
-    def update_bom_item(self, component: Component, match: dict) -> Component:
+    def update_bom_item(self, component: Optional[Component], match: Dict[str, Any]) -> Component:
         """Update the (current) SBOM item with values from the match"""
 
         # print(match.get("Name", "???"), match.get("Version", "???"), "purl =", match.get("RepositoryId", "XXX"))
@@ -604,7 +623,7 @@ def update_bom_item(self, component: Component, match: dict) -> Component:
                 component = Component(
                     name=match.get("Name", ""),
                     version=match.get("Version", ""),
-                    purl=purl,
+                    purl=PackageURL.from_string(purl),
                     bom_ref=match.get("RepositoryId", ""))
             else:
                 component = Component(
@@ -625,7 +644,7 @@ def update_bom_item(self, component: Component, match: dict) -> Component:
                 value_match = None
 
             if value_match:
-                component.purl = value_match
+                component.purl = PackageURL.from_string(value_match)
 
         # update if current is empty
         value_match = match.get("Language", "")
@@ -658,8 +677,8 @@ def update_bom_item(self, component: Component, match: dict) -> Component:
                     ExternalReferenceType.DISTRIBUTION,
                     CaPyCliBom.SOURCE_URL_COMMENT,
                     value_match)
-            elif not ext_ref.url:
-                ext_ref.url = value_match
+            elif str(ext_ref.url) == "":
+                ext_ref.url = XsUri(value_match)
 
         value_match = match.get("SourceFile", "")
         if value_match:
@@ -673,8 +692,8 @@ def update_bom_item(self, component: Component, match: dict) -> Component:
                     ExternalReferenceType.DISTRIBUTION,
                     CaPyCliBom.SOURCE_FILE_COMMENT,
                     value_match)
-            elif not ext_ref_src_file.url:
-                ext_ref_src_file.url = value_match
+            elif str(ext_ref_src_file.url) == "":
+                ext_ref_src_file.url = XsUri(value_match)
 
         value_match = match.get("BinaryFile", "")
         if value_match:
@@ -688,8 +707,8 @@ def update_bom_item(self, component: Component, match: dict) -> Component:
                     ExternalReferenceType.DISTRIBUTION,
                     CaPyCliBom.BINARY_FILE_COMMENT,
                     value_match)
-            elif not ext_ref_bin_file.url:
-                ext_ref_bin_file.url = value_match
+            elif str(ext_ref_bin_file.url) == "":
+                ext_ref_bin_file.url = XsUri(value_match)
 
         value_match = match.get("ProjectSite", "")
         if value_match:
@@ -698,10 +717,10 @@ def update_bom_item(self, component: Component, match: dict) -> Component:
             if not ext_ref:
                 ext_ref = ExternalReference(
                     reference_type=ExternalReferenceType.WEBSITE,
-                    url=value_match)
+                    url=XsUri(value_match))
                 component.external_references.add(ext_ref)
-            elif not ext_ref.url:
-                ext_ref.url = value_match
+            elif str(ext_ref.url) == "":
+                ext_ref.url = XsUri(value_match)
 
         # no updates for
         #  * SourceFileHash
@@ -741,15 +760,16 @@ def create_updated_bom(self, old_bom: Bom, result: List[MapResult]) -> Bom:
                     continue
 
                 newitem = item.component
-                CycloneDxSupport.update_or_set_property(
-                    newitem,
-                    CycloneDxSupport.CDX_PROP_MAPRESULT,
-                    MapResult.NO_MATCH)
-                if item.component_id is not None:
+                if newitem:
                     CycloneDxSupport.update_or_set_property(
                         newitem,
-                        CycloneDxSupport.CDX_PROP_COMPONENT_ID,
-                        item.component_id)
+                        CycloneDxSupport.CDX_PROP_MAPRESULT,
+                        MapResult.NO_MATCH)
+                    if item.component_id is not None:
+                        CycloneDxSupport.update_or_set_property(
+                            newitem,
+                            CycloneDxSupport.CDX_PROP_COMPONENT_ID,
+                            item.component_id)
                 newbom.components.add(newitem)
 
             # Sorted alternatives in descending version order
@@ -773,12 +793,15 @@ def create_updated_bom(self, old_bom: Bom, result: List[MapResult]) -> Bom:
 
         return newbom
 
-    def write_mapping_result(self, result: dict, filename: str) -> None:
+    def write_mapping_result(self, result: List[MapResult], filename: str) -> None:
         """Create a JSON file with the mapping details"""
         data = []
 
         for item in result:
-            single_result = {}
+            single_result: Dict[str, Any] = {}
+            if not item.component:
+                continue
+
             for prop in item.component.properties:
                 if prop.name == CycloneDxSupport.CDX_PROP_MAPRESULT:
                     item.component.properties.remove(prop)
@@ -797,7 +820,7 @@ def write_mapping_result(self, result: dict, filename: str) -> None:
 
     def refresh_component_cache(
             self, cachefile: str, use_existing_data: bool, token: str, oauth2: bool,
-            sw360_url: str):
+            sw360_url: str) -> List[Dict[str, Any]]:
         """Refreshes the component cache."""
         cache_mgr = ComponentCacheManagement()
 
@@ -812,25 +835,34 @@ def refresh_component_cache(
             cachefile, True, token, oauth2=oauth2, url=sw360_url)
         return rel_data
 
-    def map_bom_commons(self, component: Component):
+    def map_bom_commons(self, component: Component) -> Tuple[MapResult, str, str]:
         """
         Common parts to map from a SBOM component to the SW360 component/release.
         :param bomitem: SBOM component
         :return: MapResult instance, (Optional) release url, (Optional) component url
         """
-        if self.relaxed_debian_parsing:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
+        if self.relaxed_debian_parsing and component.version:
             component.version = self.cut_off_debian_extras(component.version)
 
         result = capycli.common.map_result.MapResult(component)
 
         # search release and component by purl which is independent of the component cache.
-        component, release = self.external_id_svc.search_component_and_release(component.purl)
-        if component:
-            result.component_id = self.client.get_id_from_href(component)
-        if release:
-            result.release_id = self.client.get_id_from_href(release)
+        if type(component.purl) is PackageURL:
+            component_href, release_href = self.external_id_svc.search_component_and_release(
+                component.purl.to_string())
+        else:
+            component_href, release_href = self.external_id_svc.search_component_and_release(
+                component.purl)  # type: ignore
+        if component_href:
+            result.component_id = self.client.get_id_from_href(component_href)
+        if release_href:
+            result.release_id = self.client.get_id_from_href(release_href)
 
-        return result, release, component
+        return result, release_href, component_href
 
     @property
     def external_id_svc(self) -> PurlService:
@@ -838,12 +870,16 @@ def external_id_svc(self) -> PurlService:
         Lazy external id service getter
         :return: Purl service
         """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         if not self.purl_service:
             # Initialize external id service
             self.purl_service = PurlService(self.client)
         return self.purl_service
 
-    def setup_cache(self, args: Any):
+    def setup_cache(self, args: Any) -> None:
         if not args.nocache:
             if args.cachefile:
                 cachefile = args.cachefile
@@ -876,7 +912,7 @@ def setup_cache(self, args: Any):
                 print_red("No cached releases available!")
                 sys.exit(ResultCode.RESULT_NO_CACHED_RELEASES)
 
-    def show_help(self):
+    def show_help(self) -> None:
         """Show help text."""
         print("usage: CaPyCLI bom map [-h] [-cf CACHEFILE] [-rc] [-sc] [--nocache]")
         print("                            [-ov CREATE_OVERVIEW] [-mr WRITE_MAPRESULT] [-rr]")
@@ -913,7 +949,7 @@ def show_help(self):
         print("                          so SBOM version 3.1 will match SW360 version 3.1-3.debian")
         print("    -all                  also report matches for name, but different version")
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/bom/merge_bom.py b/capycli/bom/merge_bom.py
index 8f6fe15..2dbd7fe 100644
--- a/capycli/bom/merge_bom.py
+++ b/capycli/bom/merge_bom.py
@@ -8,6 +8,7 @@
 
 import os
 import sys
+from typing import Any, Optional
 
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
@@ -72,7 +73,7 @@ def are_same(c1: Component, c2: Component, deep: bool = False) -> bool:
 
         return True
 
-    def find_in_bom(self, bom: Bom, component: Component) -> Component or None:
+    def find_in_bom(self, bom: Bom, component: Component) -> Optional[Component]:
         """Searches for an item with the given name and version in the given SBOM."""
         for c in bom.components:
             if self.are_same(c, component):
@@ -88,7 +89,7 @@ def merge_boms(self, bom_old: Bom, bom_new: Bom) -> Bom:
 
         return bom_old
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/bom/plaintext.py b/capycli/bom/plaintext.py
index c6960c4..8e3f86d 100644
--- a/capycli/bom/plaintext.py
+++ b/capycli/bom/plaintext.py
@@ -9,6 +9,7 @@
 from typing import List
 
 from cyclonedx.model.component import Component
+from sortedcontainers import SortedSet
 
 from capycli import LOG
 from capycli.main.exceptions import CaPyCliException
@@ -69,3 +70,17 @@ def write_cdx_components_as_flatlist(cls, bom: List[Component], outputfile: str)
             raise CaPyCliException("Error writing text file: " + str(exp))
 
         LOG.debug("done")
+
+    @classmethod
+    def write_cdx_components_as_flatlist2(cls, bom: SortedSet, outputfile: str) -> None:
+        LOG.debug(f"Writing to file {outputfile}")
+        try:
+            with open(outputfile, "w", encoding="utf-8") as fout:
+                for cx_comp in bom:
+                    name = cx_comp.name
+                    version = cx_comp.version
+                    fout.write(f"{name}, {version}\n")
+        except Exception as exp:
+            raise CaPyCliException("Error writing text file: " + str(exp))
+
+        LOG.debug("done")
diff --git a/capycli/bom/show_bom.py b/capycli/bom/show_bom.py
index 9375846..96c711b 100644
--- a/capycli/bom/show_bom.py
+++ b/capycli/bom/show_bom.py
@@ -12,6 +12,7 @@
 
 import os
 import sys
+from typing import Any
 
 from cyclonedx.model.bom import Bom
 
@@ -35,7 +36,7 @@ def display_bom(self, bom: Bom, verbose: bool) -> None:
 
             if verbose:
                 if bomitem.purl:
-                    print_text("    package-url:" + bomitem.purl)
+                    print_text("    package-url:" + bomitem.purl.to_string())
 
                 sw360id = CycloneDxSupport.get_property_value(bomitem, CycloneDxSupport.CDX_PROP_SW360ID)
                 if sw360id:
@@ -49,7 +50,7 @@ def display_bom(self, bom: Bom, verbose: bool) -> None:
 
         print_text("\n" + str(len(bom.components)) + " items in bill of material\n")
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/common/capycli_bom_support.py b/capycli/common/capycli_bom_support.py
index bc693a5..a4ca32a 100644
--- a/capycli/common/capycli_bom_support.py
+++ b/capycli/common/capycli_bom_support.py
@@ -12,7 +12,7 @@
 import uuid
 from datetime import datetime
 from enum import Enum
-from typing import Any, Dict, Iterable, List, Optional
+from typing import Any, Dict, Iterable, List, Optional, Union
 
 from cyclonedx.model import (
     AttachedText,
@@ -31,7 +31,8 @@
 from cyclonedx.output.json import JsonV1Dot4
 from cyclonedx.parser import BaseParser
 from dateutil import parser as dateparser
-from sortedcontainers import SortedSet  # type: ignore
+from packageurl import PackageURL
+from sortedcontainers import SortedSet
 
 import capycli.common.script_base
 from capycli import LOG
@@ -56,20 +57,20 @@ class SbomJsonParser(BaseParser):
     def __init__(self, json_content: Dict[str, Any], mode: ParserMode = ParserMode.SBOM):
         super().__init__()
         LOG.debug("Processing CycloneDX data...")
-        self.parser_mode = mode
-        self.metadata = self.read_metadata(json_content.get("metadata"))
-        serial_number = json_content.get("serialNumber", None)
-        self.serial_number = uuid.UUID(serial_number) \
+        self.parser_mode: ParserMode = mode
+        self.metadata: Optional[BomMetaData] = self.read_metadata(json_content.get("metadata"))
+        serial_number: str = json_content.get("serialNumber", "")
+        self.serial_number: Optional[uuid.UUID] = uuid.UUID(serial_number) \
             if self.is_valid_serial_number(serial_number) \
             else None
-        components = json_content.get("components", None)
+        components = json_content.get("components", [])
         if components:
             for component_entry in components:
                 component = self.read_component(component_entry)
                 if component:
                     self._components.append(component)
         self.external_references = self.read_external_references(
-            json_content.get("externalReferences", None))
+            json_content.get("externalReferences", []))
 
         LOG.debug("...done.")
 
@@ -79,36 +80,39 @@ def get_project(self) -> Optional[Component]:
         if not self.metadata:
             return None
 
-        return self.metadata.component  # type: ignore
+        return self.metadata.component
 
     def link_dependencies_to_project(self, bom: Bom) -> None:
-        if not self.metadata:
+        if not bom.metadata:
             return
 
-        if not self.metadata.component:
+        if not bom.metadata.component:
             return
 
         for component in self._components:
+            if not component:
+                continue
+
             bom.metadata.component.dependencies.add(component.bom_ref)
 
-    def get_tools(self) -> Optional[List[Tool]]:
+    def get_tools(self) -> SortedSet:
         """Get the list of tools read by the parser."""
         if not self.metadata:
-            return
+            return SortedSet()
 
         return self.metadata.tools
 
-    def get_metadata_licenses(self) -> Optional[SortedSet]:
+    def get_metadata_licenses(self) -> SortedSet:
         """Get the metadata licenses read by the parser."""
         if not self.metadata:
-            return
+            return SortedSet()
 
         return self.metadata.licenses
 
-    def get_metadata_properties(self) -> Optional[SortedSet]:
+    def get_metadata_properties(self) -> SortedSet:
         """Get the list of metadata properties read by the parser."""
         if not self.metadata:
-            return
+            return SortedSet()
 
         return self.metadata.properties
 
@@ -118,14 +122,15 @@ def is_valid_serial_number(self, serial_number: str) -> bool:
 
         return not (serial_number is None or "urn:uuid:None" == serial_number)
 
-    def read_tools(self, param: Iterable[Dict[str, Any]]) -> Optional[Iterable[Tool]]:
+    def read_tools(self, param: Iterable[Dict[str, Any]]) -> SortedSet:
+        tools = SortedSet()
+
         if not param:
-            return None
+            return tools
 
         LOG.debug("CycloneDX: reading tools")
-        tools = []
         for tool in param:
-            tools.append(Tool(
+            tools.add(Tool(
                 vendor=tool.get("vendor"),
                 name=tool.get("name"),
                 version=tool.get("version"),
@@ -238,7 +243,7 @@ def read_external_references(self, values: Iterable[Dict[str, Any]]) -> Optional
             if entry.get("type"):
                 ex_refs.append(ExternalReference(
                     reference_type=self.read_external_reference_type(entry.get("type")),
-                    url=entry.get("url", None),
+                    url=XsUri(entry.get("url", "")),
                     comment=entry.get("comment"),
                     hashes=self.read_hashes(entry.get("hashes", []))
                 ))
@@ -251,6 +256,12 @@ def read_component(self, entry: Dict[str, Any]) -> Optional[Component]:
         name = entry.get("name", None)
         version = entry.get("version")
         LOG.debug(f"CycloneDX: reading component {name}, {version}")
+        purl_str = entry.get("purl", "")
+        # purl: PackageURL
+        if purl_str:
+            purl = PackageURL.from_string(purl_str)
+        else:
+            purl = None
         return Component(
             name=name,
             version=version,
@@ -258,7 +269,7 @@ def read_component(self, entry: Dict[str, Any]) -> Optional[Component]:
             author=entry.get("author"),
             description=entry.get("description"),
             copyright_=entry.get("copyright"),
-            purl=entry.get("purl"),
+            purl=purl,
             bom_ref=entry.get("bom-ref"),
             component_type=self.read_component_type(entry.get("type", None)),
             hashes=self.read_hashes(entry.get("hashes", None)),
@@ -343,10 +354,10 @@ def get_ext_ref(comp: Component, type: ExternalReferenceType, comment: str) -> O
 
     @staticmethod
     def set_ext_ref(comp: Component, type: ExternalReferenceType, comment: str, value: str,
-                    hash_algo: str = None, hash: str = None) -> None:
+                    hash_algo: str = "", hash: str = "") -> None:
         ext_ref = ExternalReference(
             reference_type=type,
-            url=value,
+            url=XsUri(value),
             comment=comment)
 
         if hash_algo and hash:
@@ -370,11 +381,14 @@ def update_or_set_ext_ref(comp: Component, type: ExternalReferenceType, comment:
             CycloneDxSupport.set_ext_ref(comp, type, comment, value)
 
     @staticmethod
-    def have_relative_ext_ref_path(ext_ref: ExternalReference, rel_to: str):
-        bip = pathlib.PurePath(ext_ref.url)
+    def have_relative_ext_ref_path(ext_ref: ExternalReference, rel_to: str) -> str:
+        if isinstance(ext_ref.url, str):
+            bip = pathlib.PurePath(ext_ref.url)
+        else:
+            bip = pathlib.PurePath(ext_ref.url._uri)
         file = bip.as_posix()
         if os.path.isfile(file):
-            ext_ref.url = "file://" + bip.relative_to(rel_to).as_posix()
+            ext_ref.url = XsUri("file://" + bip.relative_to(rel_to).as_posix())
         return bip.name
 
     @staticmethod
@@ -523,7 +537,7 @@ def add_profile(sbom: Bom, profile: str) -> None:
         sbom.metadata.properties.add(prop)
 
     @staticmethod
-    def create(bom: List[Component], **kwargs: bool) -> Bom:
+    def create(bom: Union[List[Component], SortedSet], **kwargs: bool) -> Bom:
         sbom = Bom()
 
         if not sbom.metadata.properties:
@@ -543,20 +557,20 @@ def create(bom: List[Component], **kwargs: bool) -> Bom:
             SbomCreator.add_profile(sbom, "capycli")
 
         if not sbom.metadata.tools:
-            sbom.metadata.tools = []
+            sbom.metadata.tools = SortedSet()
 
         if "addtools" in kwargs and kwargs["addtools"]:
             SbomCreator.add_tools(sbom.metadata.tools)
 
         if "name" in kwargs or "version" in kwargs or "description" in kwargs:
-            sbom.metadata.component = Component(
-                name=kwargs.get("name"),
-                version=kwargs.get("version"),
-                description=kwargs.get("description")
-            )
+            _name = str(kwargs.get("name", ""))
+            _version = str(kwargs.get("version", ""))
+            _description = str(kwargs.get("description", ""))
+            if _name and _version and _description:
+                sbom.metadata.component = Component(name=_name, version=_version, description=_description)
 
         if bom:
-            sbom.components = bom
+            sbom.components = SortedSet(bom)
             if kwargs.get("addprojectdependencies") and sbom.metadata.component:
                 for component in sbom.components:
                     sbom.metadata.component.dependencies.add(component.bom_ref)
@@ -672,7 +686,7 @@ def write_sbom(cls, sbom: Bom, outputfile: str) -> None:
         LOG.debug("done")
 
     @classmethod
-    def write_simple_sbom(cls, bom: List[Component], outputfile: str) -> None:
+    def write_simple_sbom(cls, bom: SortedSet, outputfile: str) -> None:
         LOG.debug(f"Writing to file {outputfile}")
         try:
             creator = SbomCreator()
diff --git a/capycli/common/comparable_version.py b/capycli/common/comparable_version.py
index ac688fe..ed9b28e 100644
--- a/capycli/common/comparable_version.py
+++ b/capycli/common/comparable_version.py
@@ -6,6 +6,10 @@
 # SPDX-License-Identifier: MIT
 # -------------------------------------------------------------------------------
 
+from __future__ import annotations
+
+from typing import Any, List, Tuple
+
 from capycli import get_logger
 
 LOG = get_logger(__name__)
@@ -18,10 +22,10 @@ class IncompatibleVersionError(Exception):
 
 class ComparableVersion:
     """Version string comparison."""
-    parts: list
+    parts: List[Tuple[Any, Any]]
     version: str
 
-    def __init__(self, version: str):
+    def __init__(self, version: str) -> None:
         self.version = version
         try:
             self.parts = self.parse(version)
@@ -29,11 +33,11 @@ def __init__(self, version: str):
             LOG.warning("Unable to parse version %s", version)
 
     @staticmethod
-    def parse(version: str):
+    def parse(version: str) -> List[Tuple[bool, int | str]]:
         version = version.lower()
 
         isdigit = False
-        parts = []
+        parts: List[Tuple[bool, int | str]] = []
         start = 0
         for i, c in enumerate(version):
             if c in [".", "-", "_"]:
@@ -55,11 +59,11 @@ def parse(version: str):
 
         for i, part in enumerate(parts):
             if part[0]:
-                parts[i] = (part[0], int(part[1]))
+                parts[i] = (True, int(part[1]))
 
         return parts
 
-    def compare(self, other):
+    def compare(self, other: ComparableVersion) -> int:
         """
         Compare versions
         :param other: other version
@@ -71,7 +75,8 @@ def compare(self, other):
             raise IncompatibleVersionError(e)
 
     @staticmethod
-    def get_part_or_default(part_list: list, pos: int, other: list):
+    def get_part_or_default(part_list: List[Tuple[bool, int | str]], pos: int,
+                            other: List[Tuple[bool, int | str]]) -> str | int:
         if pos < len(part_list):
             return part_list[pos][1]
         elif pos < len(other):
@@ -80,7 +85,8 @@ def get_part_or_default(part_list: list, pos: int, other: list):
         else:
             return ""
 
-    def compare_recursive(self, me, i, other, j):
+    def compare_recursive(self, me: List[Tuple[bool, int | str]], i: int,
+                          other: List[Tuple[bool, int | str]], j: int) -> int:
         """
         Recursive go through version parts and compare them.
         Rules:
@@ -103,58 +109,66 @@ def compare_recursive(self, me, i, other, j):
 
         if left == right:
             return self.compare_recursive(me, i + 1, other, j + 1)
-        if left > right:
+        # if str(left) > str(right): => test fails
+        # if int(left) > int(right): => test fails
+        if left > right:  # type: ignore
             return 1
         else:
             return -1
 
-    def __eq__(self, other):
+    def __eq__(self, other: ComparableVersion | object) -> bool:
         """describes equality operator(==)"""
+        if not isinstance(other, self.__class__):
+            return False
+
         try:
             return self.compare(other) == 0
         except IncompatibleVersionError:
             return self.version.__eq__(other.version)
 
-    def __ne__(self, other):
+    def __ne__(self, other: ComparableVersion | object) -> bool:
         """describes not equal to operator(!=)"""
+        if not isinstance(other, self.__class__):
+            return False
+
         try:
             return self.compare(other) != 0
         except IncompatibleVersionError:
             return self.version.__ne__(other.version)
 
-    def __le__(self, other):
+    def __le__(self, other: ComparableVersion) -> bool:
         """descries less than or equal to (<=)"""
         try:
             return self.compare(other) <= 0
         except IncompatibleVersionError:
             return self.version.__le__(other.version)
 
-    def __ge__(self, other):
+    def __ge__(self, other: ComparableVersion) -> bool:
         """describes greater than or equal to (>=)"""
         try:
             return self.compare(other) >= 0
         except IncompatibleVersionError:
             return self.version.__ge__(other.version)
 
-    def __gt__(self, other):
+    def __gt__(self, other: ComparableVersion) -> bool:
         """describes greater than (>)"""
         try:
             return self.compare(other) > 0
         except IncompatibleVersionError:
             return self.version.__gt__(other.version)
 
-    def __lt__(self, other):
+    def __lt__(self, other: ComparableVersion) -> bool:
         """describes less than operator(<)"""
         try:
             return self.compare(other) < 0
         except IncompatibleVersionError:
             return self.version.__lt__(other.version)
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return self.version
 
     @property
-    def major(self):
+    def major(self) -> str:
         if self.parts:
             return self.parts[0][1]
         else:
diff --git a/capycli/common/component_cache.py b/capycli/common/component_cache.py
index 7f97192..365cd77 100644
--- a/capycli/common/component_cache.py
+++ b/capycli/common/component_cache.py
@@ -9,6 +9,7 @@
 import json
 import os
 import sys
+from typing import Any, Dict, List, Optional
 
 import sw360
 
@@ -26,15 +27,18 @@ class ComponentCacheManagement():
     CACHE_FILENAME = "ComponentCache.json"
     CACHE_ALL_RELEASES = "AllReleases.json"
 
-    def __init__(self, token=None, oauth2=False, url=None) -> None:
-        self.token = token
-        self.oauth2 = oauth2
-        self.releases = None
+    def __init__(self, token: Optional[str] = None, oauth2: bool = False, url: Optional[str] = None) -> None:
+        if token:
+            self.token: str = token
+        self.oauth2: bool = oauth2
+        self.releases: List[Dict[str, Any]] = []
         self.old_releases = None
-        self.sw360_url = None
+
+        if url:
+            self.sw360_url: str = url
 
     @classmethod
-    def read_component_cache(cls, cachefile: str) -> dict:
+    def read_component_cache(cls, cachefile: str) -> List[Dict[str, Any]]:
         """Read the cached list of SW360 releases"""
 
         """
@@ -70,7 +74,7 @@ def read_component_cache(cls, cachefile: str) -> dict:
         return release_cache
 
     @classmethod
-    def get_attachment(cls, release: dict, att_type: str):
+    def get_attachment(cls, release: Dict[str, Any], att_type: str) -> Optional[Dict[str, Any]]:
         """Return the first attachment that matches the specified type"""
         if "_embedded" not in release:
             return None
@@ -96,7 +100,7 @@ def get_attachment(cls, release: dict, att_type: str):
         return None
 
     @staticmethod
-    def get_value_or_default(release, key):
+    def get_value_or_default(release: Dict[str, Any], key: str) -> str:
         """Return a dictionary value if it exists, otherwise an empty string"""
         if key not in release:
             return ""
@@ -112,14 +116,15 @@ def read_existing_component_cache(self, cachefile: str) -> int:
             self.old_releases = None
 
         if self.old_releases:
-            return len(self.old_releases)
+            return len(self.old_releases)  # type: ignore  # code is used!
         else:
             return 0
 
-    def get_rest_client(self, token: str = None, oauth2: bool = False, url: str = None):
+    def get_rest_client(self, token: Optional[str] = None, oauth2: bool = False,
+                        url: Optional[str] = None) -> sw360.SW360:
         """Get an instance of the REST API client"""
-        self.sw360_url = os.environ.get("SW360ServerUrl", None)
-        sw360_api_token = os.environ.get("SW360ProductionToken", None)
+        self.sw360_url = os.environ.get("SW360ServerUrl", "")
+        sw360_api_token = os.environ.get("SW360ProductionToken", "")
 
         if token:
             sw360_api_token = token
@@ -138,7 +143,7 @@ def get_rest_client(self, token: str = None, oauth2: bool = False, url: str = No
             print_red("  No SW360 API token specified!")
             sys.exit(ResultCode.RESULT_AUTH_ERROR)
 
-        client = sw360.sw360_api.SW360(self.sw360_url, sw360_api_token, oauth2)
+        client = sw360.SW360(self.sw360_url, sw360_api_token, oauth2)
         if not client.login_api(sw360_api_token):
             print_red("ERROR: login failed")
             sys.exit(ResultCode.RESULT_AUTH_ERROR)
@@ -146,15 +151,15 @@ def get_rest_client(self, token: str = None, oauth2: bool = False, url: str = No
         return client
 
     @classmethod
-    def convert_release_details(cls, client, details) -> dict:
+    def convert_release_details(cls, client: sw360.SW360, details: Dict[str, Any]) -> Dict[str, Any]:
         """
         Convert the SW360 release data into our own data.
         """
         if not details:
-            return
+            return {}
 
         try:
-            release = {}
+            release: Dict[str, Any] = {}
             release["Id"] = client.get_id_from_href(
                 details["_links"]["self"]["href"]
             )
@@ -209,9 +214,11 @@ def convert_release_details(cls, client, details) -> dict:
                 "  Error getting details on " + details["_links"]["self"]["href"] + " " +
                 repr(ex))
 
+            return {}
+
     def refresh_component_cache(
-            self, cachefile: str, fast: bool, token: str = None,
-            oauth2: bool = False, url: str = None):
+            self, cachefile: str, fast: bool, token: Optional[str] = None,
+            oauth2: bool = False, url: Optional[str] = None) -> List[Dict[str, Any]]:
         """
         Read all releases from SW360. May take 90 minutes!
         The new multi-threaded approach takes about one hour for 25.000
@@ -225,6 +232,9 @@ def refresh_component_cache(
         # reset global list
         self.releases = []
 
+        if not allnew:
+            return []
+
         for newdata in allnew:
             internal = self.convert_release_details(client, newdata)
             if internal:
diff --git a/capycli/common/file_support.py b/capycli/common/file_support.py
index b7a5db6..698a112 100644
--- a/capycli/common/file_support.py
+++ b/capycli/common/file_support.py
@@ -16,7 +16,7 @@
 from colorama import Fore, Style
 
 
-def create_backup(filename):
+def create_backup(filename: str) -> None:
     """Create backup file"""
     try:
         if os.path.isfile(filename):
diff --git a/capycli/common/html_support.py b/capycli/common/html_support.py
index 9baac47..b30ebb8 100644
--- a/capycli/common/html_support.py
+++ b/capycli/common/html_support.py
@@ -99,7 +99,7 @@ def open_html_in_browser(cls) -> None:
         """show resulting html file"""
         os.system("output.html")
 
-    def create_style(self):
+    def create_style(self) -> str:
         """Create the HTML style information"""
         lineend = self.get_lineend()
         style = '<style type="text/css">' + lineend
diff --git a/capycli/common/json_support.py b/capycli/common/json_support.py
index 0468fa9..9fd5f1b 100644
--- a/capycli/common/json_support.py
+++ b/capycli/common/json_support.py
@@ -7,11 +7,12 @@
 # -------------------------------------------------------------------------------
 
 import json
+from typing import Any
 
 from capycli.main.exceptions import CaPyCliException
 
 
-def load_json_file(filename):
+def load_json_file(filename: str) -> Any:
     """Load a JSON file"""
     try:
         with open(filename, encoding="utf-8") as fin:
@@ -22,7 +23,7 @@ def load_json_file(filename):
     return data
 
 
-def write_json_to_file(data, filename):
+def write_json_to_file(data: Any, filename: str) -> None:
     """Write the data a JSON file"""
     try:
         with open(filename, "w", encoding="utf-8") as outfile:
@@ -31,6 +32,6 @@ def write_json_to_file(data, filename):
         raise CaPyCliException("Error writing JSON file: " + str(exp))
 
 
-def print_json(data, sort_keys=False):
+def print_json(data: Any, sort_keys: bool = False) -> None:
     """Dump a JSON object to screen"""
     print(json.dumps(data, indent=2, sort_keys=sort_keys))
diff --git a/capycli/common/map_result.py b/capycli/common/map_result.py
index d6ff819..ff38361 100644
--- a/capycli/common/map_result.py
+++ b/capycli/common/map_result.py
@@ -6,6 +6,8 @@
 # SPDX-License-Identifier: MIT
 # -------------------------------------------------------------------------------
 
+from typing import Any, List, Optional
+
 from cyclonedx.model.component import Component
 
 from capycli.common.capycli_bom_support import CycloneDxSupport
@@ -43,33 +45,35 @@ class MapResult:
     # Component was not found
     NO_MATCH = "9-no-match"
 
-    def __init__(self, component: Component = None):
-        self.component = component
-        self.result = MapResult.NO_MATCH
-        self._component_id = None
-        self._release_id = None
-        self.releases = []
+    def __init__(self, component: Optional[Component] = None) -> None:
+        self.component: Optional[Component] = component
+        self.result: str = MapResult.NO_MATCH
+        self._component_id: str = ""
+        self._release_id: str = ""
+        self.releases: List[Any] = []
 
     @property
-    def component_id(self):
+    def component_id(self) -> str:
         return self._component_id
 
     @component_id.setter
-    def component_id(self, value):
+    def component_id(self, value: str) -> None:
         self._component_id = value
-        CycloneDxSupport.update_or_set_property(self.component, CycloneDxSupport.CDX_PROP_COMPONENT_ID, value)
+        if self.component:
+            CycloneDxSupport.update_or_set_property(self.component, CycloneDxSupport.CDX_PROP_COMPONENT_ID, value)
 
     @property
-    def release_id(self):
+    def release_id(self) -> str:
         return self._release_id
 
     @release_id.setter
-    def release_id(self, value):
+    def release_id(self, value: str) -> None:
         self._release_id = value
-        CycloneDxSupport.update_or_set_property(self.component, CycloneDxSupport.CDX_PROP_SW360ID, value)
+        if self.component:
+            CycloneDxSupport.update_or_set_property(self.component, CycloneDxSupport.CDX_PROP_SW360ID, value)
 
     @classmethod
-    def map_code_to_string(cls, map_code):
+    def map_code_to_string(cls, map_code: str) -> str:
         """"Converts a map code to a string"""
         if map_code == MapResult.NO_MATCH:
             return "No match"
@@ -88,7 +92,7 @@ def map_code_to_string(cls, map_code):
 
         return ""
 
-    def __str__(self):
+    def __str__(self) -> str:
         rel = ""
         if self.releases:
             more = ""
@@ -105,12 +109,19 @@ def __str__(self):
                 + more
             )
 
-        return (
-            self.map_code_to_string(self.result)
-            + ", "
-            + self.component.name
-            + ", "
-            + self.component.version
-            + " "
-            + rel
-        )
+        if not self.component:
+            return (
+                self.map_code_to_string(self.result)
+                + ", (no component), "
+                + rel
+            )
+        else:
+            return (
+                self.map_code_to_string(self.result)
+                + ", "
+                + str(self.component.name)
+                + ", "
+                + str(self.component.version or "")
+                + " "
+                + str(rel)
+            )
diff --git a/capycli/common/print.py b/capycli/common/print.py
index cc20fa8..6b062ee 100644
--- a/capycli/common/print.py
+++ b/capycli/common/print.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import datetime
+from typing import Any
 
 from colorama import Fore, Style
 
@@ -21,7 +22,7 @@ def _get_debug_prefix() -> str:
     return prefix
 
 
-def print_red(*args, **kwargs) -> None:
+def print_red(*args: Any, **kwargs: Any) -> None:
     """Print the given text in red color."""
     if capycli.is_debug_logging_enabled():
         print(_get_debug_prefix(), end="")
@@ -30,7 +31,7 @@ def print_red(*args, **kwargs) -> None:
     print(Style.RESET_ALL)
 
 
-def print_yellow(*args, **kwargs) -> None:
+def print_yellow(*args: Any, **kwargs: Any) -> None:
     """Print the given text in red color."""
     if capycli.is_debug_logging_enabled():
         print(_get_debug_prefix(), end="")
@@ -39,7 +40,7 @@ def print_yellow(*args, **kwargs) -> None:
     print(Style.RESET_ALL)
 
 
-def print_green(*args, **kwargs) -> None:
+def print_green(*args: Any, **kwargs: Any) -> None:
     """Print the given text in red color."""
     if capycli.is_debug_logging_enabled():
         print(_get_debug_prefix(), end="")
@@ -48,7 +49,7 @@ def print_green(*args, **kwargs) -> None:
     print(Style.RESET_ALL)
 
 
-def print_text(*args, **kwargs) -> None:
+def print_text(*args: Any, **kwargs: Any) -> None:
     """Print the given text."""
     if capycli.is_debug_logging_enabled():
         print(_get_debug_prefix(), end="")
diff --git a/capycli/common/purl_service.py b/capycli/common/purl_service.py
index cbe84da..382311e 100644
--- a/capycli/common/purl_service.py
+++ b/capycli/common/purl_service.py
@@ -4,7 +4,9 @@
 # Author: rayk.bajohr@siemens.com, thomas.graf@siemens.com
 #
 # SPDX-License-Identifier: MIT
-# ----------
+# -------------------------------------------------------------------------------
+
+from typing import Any, Dict, Optional, Tuple
 
 import packageurl
 from sw360 import SW360
@@ -15,11 +17,11 @@
 
 
 class PurlService:
-    def __init__(self, client: SW360, cache: dict = None) -> None:
-        self.client = client
-        self.purl_cache = PurlStore(cache)
+    def __init__(self, client: SW360, cache: Optional[Dict] = None) -> None:  # type: ignore
+        self.client: SW360 = client
+        self.purl_cache: PurlStore = PurlStore(cache)
 
-    def build_purl_cache(self, purl_types=tuple(), no_warnings: bool = True) -> None:
+    def build_purl_cache(self, purl_types: Any = tuple(), no_warnings: bool = True) -> None:
         """
         Retrieve all package-url external ids for components and releases
         and cache them in self.purl_cache as a chain of dictionaries. As the
@@ -43,10 +45,12 @@ def build_purl_cache(self, purl_types=tuple(), no_warnings: bool = True) -> None
 
         print_text("Retrieving package-url ids, filter:", purl_types)
         all_ids = self.client.get_components_by_external_id("package-url")
-        if len(all_ids) == 0:
+        if all_ids and len(all_ids) == 0:
             all_ids = self.client.get_releases_by_external_id("package-url")
         else:
-            all_ids = all_ids + self.client.get_releases_by_external_id("package-url")
+            all_rids = self.client.get_releases_by_external_id("package-url")
+            if all_rids:
+                all_ids = all_ids + all_rids
         print_text(" Found", len(all_ids), "total purls")
 
         duplicates = []
@@ -77,7 +81,7 @@ def build_purl_cache(self, purl_types=tuple(), no_warnings: bool = True) -> None
 
         self.purl_cache.remove_duplicates(duplicates)
 
-    def search_release_by_external_id(self, ext_id_name: str, ext_id_value: str):
+    def search_release_by_external_id(self, ext_id_name: str, ext_id_value: str) -> Any:
         """Get SW360 release by external id
 
         For now, this only supports searching for package urls.
@@ -98,7 +102,7 @@ def search_release_by_external_id(self, ext_id_name: str, ext_id_value: str):
 
         return self.purl_cache.get_by_version(purl)
 
-    def search_component_by_external_id(self, ext_id_name: str, ext_id_value: str):
+    def search_component_by_external_id(self, ext_id_name: str, ext_id_value: str) -> str:
         """
         Get SW360 component by external id
 
@@ -115,10 +119,10 @@ def search_component_by_external_id(self, ext_id_name: str, ext_id_value: str):
         """
 
         if ext_id_name != "package-url":
-            return None
+            return ""
 
         if not ext_id_value:
-            return None
+            return ""
 
         purl = packageurl.PackageURL.from_string(ext_id_value)
         self.build_purl_cache((purl.type,))
@@ -135,6 +139,9 @@ def search_component_by_external_id(self, ext_id_name: str, ext_id_value: str):
                 component_candidates = {}
                 for version, purl_entry in purl_entries.items():
                     release = self.client.get_release_by_url(purl_entry)
+                    if not release:
+                        continue
+
                     c1 = release["_links"].get("sw360:component", None)
                     if not c1:
                         continue
@@ -146,7 +153,7 @@ def search_component_by_external_id(self, ext_id_name: str, ext_id_value: str):
                     component_candidates[component] = version
                 if len(component_candidates) > 1:
                     print_yellow("    Releases purls point to different components:", component_candidates)
-                    return None
+                    return ""
                 elif len(component_candidates) == 1:
                     component = list(component_candidates.keys())[0]
                     print_green(
@@ -154,10 +161,11 @@ def search_component_by_external_id(self, ext_id_name: str, ext_id_value: str):
                         "via purl for release",
                         component_candidates[component])
                     return list(component_candidates.keys())[0]
+
         # no match in purl cache
-        return None
+        return ""
 
-    def search_component_and_release(self, ext_id_value: str):
+    def search_component_and_release(self, ext_id_value: str) -> Tuple[str, str]:
         """
         Get SW360 component and release at once by external id
         :param ext_id_value: external id
diff --git a/capycli/common/purl_store.py b/capycli/common/purl_store.py
index 286f210..b921977 100644
--- a/capycli/common/purl_store.py
+++ b/capycli/common/purl_store.py
@@ -4,7 +4,9 @@
 # Author: rayk.bajohr@siemens.com
 #
 # SPDX-License-Identifier: MIT
-# ----------
+# -------------------------------------------------------------------------------
+
+from typing import Any, Dict, Optional, Tuple
 
 from packageurl import PackageURL
 
@@ -26,23 +28,23 @@ class PurlStore:
         }
     }
     """
-    def __init__(self, cache: dict = None):
+    def __init__(self, cache: Optional[Dict] = None):  # type: ignore
         if cache:
             self.purl_cache = cache
         else:
             self.purl_cache = {}
 
-    def __getitem__(self, key):
+    def __getitem__(self, key: str) -> Any:
         return self.purl_cache[key]
 
-    def __contains__(self, key):
+    def __contains__(self, key: str) -> bool:
         return key in self.purl_cache
 
-    def __bool__(self, *args, **kwargs):
+    def __bool__(self, *args: Any, **kwargs: Any) -> bool:
         """ True if self else False """
         return bool(self.purl_cache)
 
-    def add(self, purl: PackageURL, entry: any):
+    def add(self, purl: PackageURL, entry: Any) -> Tuple[bool, Any]:
         # Prepare cache for purl
         pc = self.purl_cache
         for key in (purl.type, purl.namespace, purl.name):
@@ -56,28 +58,28 @@ def add(self, purl: PackageURL, entry: any):
         pc[purl.version] = entry
         return True, entry
 
-    def get_by_namespace(self, purl: PackageURL) -> dict:
+    def get_by_namespace(self, purl: PackageURL) -> Optional[Dict]:  # type: ignore
         if (purl.type in self.purl_cache
                 and purl.namespace in self.purl_cache[purl.type]):
             return self.purl_cache[purl.type][purl.namespace]
 
         return None
 
-    def get_by_name(self, purl: PackageURL) -> dict:
+    def get_by_name(self, purl: PackageURL) -> Optional[Dict]:  # type: ignore
         entries = self.get_by_namespace(purl)
         if entries and purl.name in entries:
             return entries[purl.name]
 
         return None
 
-    def get_by_version(self, purl: PackageURL):
+    def get_by_version(self, purl: PackageURL) -> Optional[Dict]:  # type: ignore
         entries = self.get_by_name(purl)
         if entries and purl.version in entries:
             return entries[purl.version]
 
         return None
 
-    def remove_duplicates(self, duplicates: list):
+    def remove_duplicates(self, duplicates: list) -> None:  # type: ignore
         for d in duplicates:
             if d[0] not in self.purl_cache:
                 continue
diff --git a/capycli/common/purl_utils.py b/capycli/common/purl_utils.py
index 3633ba0..baac5c5 100644
--- a/capycli/common/purl_utils.py
+++ b/capycli/common/purl_utils.py
@@ -5,7 +5,9 @@
 #
 # SPDX-License-Identifier: MIT
 # -------------------------------------------------------------------------------
+
 import json
+from typing import Any, Dict
 
 import packageurl
 from colorama import Fore, Style
@@ -16,7 +18,7 @@ class PurlUtils:
     Package URL utilities
     """
     @staticmethod
-    def get_purl_list_from_sw360_object(sw360_object: dict) -> list:
+    def get_purl_list_from_sw360_object(sw360_object: Dict) -> list:  # type: ignore
         """
         Parse SW360 object to get the list of package URL's
         :param sw360_object: sw360 object component/release
@@ -39,7 +41,7 @@ def get_purl_list_from_sw360_object(sw360_object: dict) -> list:
         return purls
 
     @staticmethod
-    def parse_purls_from_external_id(purl_entries: any) -> list:
+    def parse_purls_from_external_id(purl_entries: Any) -> list:  # type: ignore
         """Parse package-url list as strings from SW360 external id"""
         if isinstance(purl_entries, list):
             return purl_entries
@@ -54,7 +56,7 @@ def parse_purls_from_external_id(purl_entries: any) -> list:
         return []
 
     @staticmethod
-    def contains(purls: list, search_purl: packageurl.PackageURL) -> bool:
+    def contains(purls: list, search_purl: packageurl.PackageURL) -> bool:  # type: ignore
         """
         Search the given PackageURL in the provided list
         Important: The matching is only based on type, namespace, name and version.
@@ -69,7 +71,7 @@ def contains(purls: list, search_purl: packageurl.PackageURL) -> bool:
         return False
 
     @staticmethod
-    def convert_purls_to_external_id(purl_entries: list) -> str:
+    def convert_purls_to_external_id(purl_entries: list) -> str:  # type: ignore
         """Convert list of package-url to SW360 external id format"""
         if len(purl_entries) == 1:
             return purl_entries[0]
@@ -77,9 +79,8 @@ def convert_purls_to_external_id(purl_entries: list) -> str:
             return "[\"" + "\",\"".join(purl_entries) + "\"]"
 
     @staticmethod
-    def component_purl_from_release_purl(component_purl):
-        purl = packageurl.PackageURL.from_string(component_purl)
-        purl = packageurl.PackageURL(type=purl.type, namespace=purl.namespace,
-                                     name=purl.name, version=None,
-                                     qualifiers=purl.qualifiers)
+    def component_purl_from_release_purl(component_purl: packageurl.PackageURL) -> str:
+        purl = packageurl.PackageURL(type=component_purl.type, namespace=component_purl.namespace,
+                                     name=component_purl.name, version=None,
+                                     qualifiers=component_purl.qualifiers)
         return purl.to_string()
diff --git a/capycli/common/script_base.py b/capycli/common/script_base.py
index ab09ec7..efd3a66 100644
--- a/capycli/common/script_base.py
+++ b/capycli/common/script_base.py
@@ -14,12 +14,12 @@
 import os
 import sys
 from datetime import datetime
-from typing import List, Tuple
+from typing import Any, Dict, List, Optional, Tuple
 
 import jwt
 import requests
-import sw360.sw360_api
 from cyclonedx.model.bom import Bom
+from sw360 import SW360, SW360Error
 
 from capycli.common.print import print_red, print_text, print_yellow
 from capycli.main.result_codes import ResultCode
@@ -28,16 +28,16 @@
 class ScriptBase:
     """Base class for python scripts."""
 
-    def __init__(self):
-        self.client = None
-        self.project_id = ""
-        self.project = None
-        self.sw360_url = os.environ.get("SW360ServerUrl", None)
+    def __init__(self) -> None:
+        self.client: Optional[SW360] = None
+        self.project_id: str = ""
+        self.project: Optional[dict[str, Any]] = None
+        self.sw360_url: str = os.environ.get("SW360ServerUrl", "")
 
     def login(self, token: str = "", url: str = "", oauth2: bool = False) -> bool:
         """Login to SW360"""
-        self.sw360_url = os.environ.get("SW360ServerUrl", None)
-        sw360_api_token = os.environ.get("SW360ProductionToken", None)
+        self.sw360_url = os.environ.get("SW360ServerUrl", "")
+        sw360_api_token = os.environ.get("SW360ProductionToken", "")
 
         if token:
             sw360_api_token = token
@@ -56,11 +56,11 @@ def login(self, token: str = "", url: str = "", oauth2: bool = False) -> bool:
             print_red("  No SW360 API token specified!")
             sys.exit(ResultCode.RESULT_AUTH_ERROR)
 
-        self.client = sw360.sw360_api.SW360(self.sw360_url, sw360_api_token, oauth2)
+        self.client = SW360(self.sw360_url, sw360_api_token, oauth2)
 
         try:
             result = self.client.login_api(sw360_api_token)
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
             if (swex.response is not None) and (swex.response.status_code == requests.codes["unauthorized"]):
                 print_red("  You are not authorized!")
                 sys.exit(ResultCode.RESULT_AUTH_ERROR)
@@ -77,7 +77,7 @@ def analyze_token(self, token: str) -> None:
         print_text("  Analyzing token...")
         try:
             # alg = RS256
-            decoded = jwt.decode(token, verify=False)
+            decoded = jwt.decode(token, verify=False)  # type: ignore
             if "exp" in decoded:
                 exp_seconds = int(decoded["exp"])
                 exp = datetime.fromtimestamp(exp_seconds)
@@ -96,31 +96,29 @@ def analyze_token(self, token: str) -> None:
         except Exception as ex:
             print_yellow("  Unable to analyze token:" + repr(ex))
 
-    def get_error_message(self, swex: sw360.sw360_api.SW360Error) -> str:
+    def get_error_message(self, swex: SW360Error) -> str:
         """Display a usefull error message for a SW360Error exception"""
         if swex.response is None:
             return repr(swex)
         elif swex.response.status_code == requests.codes["forbidden"]:
             return "You are not authorized!"
         else:
-            if swex.response.content is None:
-                return repr(swex)
-            else:
-                content = swex.response.content.decode("UTF8")
-                jcontent = json.loads(content)
-                text = "Error=" + jcontent["error"] + "(" +\
-                    str(jcontent["status"]) + "): " + jcontent["message"]
-                return text
+            content = swex.response.content.decode("UTF8")
+            jcontent = json.loads(content)
+            text = "Error=" + jcontent["error"] + "(" +\
+                str(jcontent["status"]) + "): " + jcontent["message"]
+            return text
 
     @staticmethod
-    def get_release_attachments(release_details: dict, att_types: Tuple[str] = None) -> List[dict]:
+    def get_release_attachments(release_details: Dict[str, Any],
+                                att_types: Optional[Tuple[str]] = None) -> List[Dict[str, Any]]:
         """Returns the attachments with the given types from a release. Use empty att_types
         to get all attachments."""
         if "_embedded" not in release_details:
-            return None
+            return []
 
         if "sw360:attachments" not in release_details["_embedded"]:
-            return None
+            return []
 
         found = []
         attachments = release_details["_embedded"]["sw360:attachments"]
@@ -133,23 +131,27 @@ def get_release_attachments(release_details: dict, att_types: Tuple[str] = None)
 
         return found
 
-    def release_web_url(self, release_id) -> str:
+    def release_web_url(self, release_id: str) -> str:
         """Returns the HTML URL for a given release_id."""
         return (self.sw360_url + "group/guest/components/-/component/release/detailRelease/"
                 + release_id)
 
     def find_project(self, name: str, version: str, show_results: bool = False) -> str:
         """Find the project with the matching name and version on SW360"""
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         print_text("  Searching for project...")
         try:
             projects = self.client.get_projects_by_name(name)
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
             print_red("  Error searching for project: " + repr(swex))
             sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         if not projects:
             print_yellow("  No matching project found!")
-            return None
+            return ""
 
         for project in projects:
             href = project["_links"]["self"]["href"]
@@ -175,7 +177,7 @@ def find_project(self, name: str, version: str, show_results: bool = False) -> s
                 if project["version"].lower() == version.lower():
                     return pid
 
-        return None
+        return ""
 
     @staticmethod
     def get_comp_count_text(bom: Bom) -> str:
@@ -186,7 +188,7 @@ def get_comp_count_text(bom: Bom) -> str:
             return f"{count} components"
 
     @staticmethod
-    def list_to_string(list: list) -> str:
+    def list_to_string(list: List[str]) -> str:
         """Convert a list of values to a comma separated string"""
         result = ", ".join(str(x) for x in list)
         return result
diff --git a/capycli/common/script_support.py b/capycli/common/script_support.py
index e734544..bc87964 100644
--- a/capycli/common/script_support.py
+++ b/capycli/common/script_support.py
@@ -11,13 +11,14 @@
 """
 
 import time
+from typing import Any, Dict
 
 from cyclonedx.model.component import Component
 
 
 def printProgressBar(
-    iteration, total, prefix='', suffix='', decimals=1,
-        length=100, fill='█', printEnd="\r"):
+    iteration: int, total: int, prefix: str = '', suffix: str = '', decimals: int = 1,
+        length: int = 100, fill: str = '█', printEnd: str = "\r") -> None:
     """
     Call in a loop to create terminal progress bar
     @params:
@@ -44,7 +45,7 @@ class ScriptSupport:
     """Support methods for python scripts."""
 
     @staticmethod
-    def show_progress(total, current):
+    def show_progress(total: int, current: int) -> None:
         """Show progress for the user"""
         pos0 = "\x1b[0G"
         out = "[" + str(total) + "/" + str(current) + "]"
@@ -52,7 +53,7 @@ def show_progress(total, current):
         print(out + pos0, end="", flush=True)
 
     @staticmethod
-    def get_time():
+    def get_time() -> str:
         """Show current (local) time"""
         now = time.localtime()
         t = str(now.tm_year) + "-" + str(now.tm_mon) + "-" \
@@ -61,7 +62,7 @@ def get_time():
         return t
 
     @staticmethod
-    def get_full_name_from_dict(dictionary, name_key, version_key):
+    def get_full_name_from_dict(dictionary: Dict[Any, Any], name_key: str, version_key: str) -> str:
         """Returns the full name of a project or release"""
         fullname = dictionary[name_key]
         if (version_key in dictionary) and (dictionary[version_key]):
@@ -69,7 +70,8 @@ def get_full_name_from_dict(dictionary, name_key, version_key):
 
         return fullname
 
-    def get_full_name_from_component(component: Component):
+    @staticmethod
+    def get_full_name_from_component(component: Component) -> str:
         """Returns the full name of a CycloneDX component"""
         fullname = component.name
         if component.version:
diff --git a/capycli/dependencies/handle_dependencies.py b/capycli/dependencies/handle_dependencies.py
index 8832b35..c59bd76 100644
--- a/capycli/dependencies/handle_dependencies.py
+++ b/capycli/dependencies/handle_dependencies.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import sys
+from typing import Any
 
 import capycli.dependencies.javascript
 import capycli.dependencies.maven_list
@@ -17,7 +18,7 @@
 from capycli.main.result_codes import ResultCode
 
 
-def run_dependency_command(args):
+def run_dependency_command(args: Any) -> None:
     command = args.command[0].lower()
     if command != "getdependencies":
         return
@@ -44,26 +45,26 @@ def run_dependency_command(args):
 
     if subcommand == "python":
         """Determine Python components/dependencies for a given project"""
-        app = capycli.dependencies.python.GetPythonDependencies()
-        app.run(args)
+        app2 = capycli.dependencies.python.GetPythonDependencies()
+        app2.run(args)
         return
 
     if subcommand == "javascript":
         """Determine Javascript components/dependencies for a given project"""
-        app = capycli.dependencies.javascript.GetJavascriptDependencies()
-        app.run(args)
+        app3 = capycli.dependencies.javascript.GetJavascriptDependencies()
+        app3.run(args)
         return
 
     if subcommand == "mavenpom":
         """Determine Java components/dependencies for a given project"""
-        app = capycli.dependencies.maven_pom.GetJavaMavenPomDependencies()
-        app.run(args)
+        app4 = capycli.dependencies.maven_pom.GetJavaMavenPomDependencies()
+        app4.run(args)
         return
 
     if subcommand == "mavenlist":
         """Determine Java components/dependencies for a given project"""
-        app = capycli.dependencies.maven_list.GetJavaMavenTreeDependencies()
-        app.run(args)
+        app5 = capycli.dependencies.maven_list.GetJavaMavenTreeDependencies()
+        app5.run(args)
         return
 
     print_red("Unknown sub-command: " + subcommand)
diff --git a/capycli/dependencies/javascript.py b/capycli/dependencies/javascript.py
index b4c6143..fda8951 100644
--- a/capycli/dependencies/javascript.py
+++ b/capycli/dependencies/javascript.py
@@ -10,9 +10,10 @@
 import logging
 import os
 import sys
+from typing import Any, Dict, Optional
 
 import requests
-from cyclonedx.model import ExternalReference, ExternalReferenceType, HashAlgorithm, HashType, Property
+from cyclonedx.model import ExternalReference, ExternalReferenceType, HashAlgorithm, HashType, Property, XsUri
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
 from packageurl import PackageURL
@@ -31,7 +32,7 @@ class GetJavascriptDependencies(capycli.common.dependencies_base.DependenciesBas
     """
     Determine Javascript components/dependencies for a given project.
     """
-    def get_dependency(self, data: dict, sbom: Bom) -> Bom:
+    def get_dependency(self, data: Dict[str, Any], sbom: Bom) -> Bom:
         dependencies = data.get("dependencies", {})
         for key in dependencies:
             dep = dependencies[key]
@@ -44,19 +45,19 @@ def get_dependency(self, data: dict, sbom: Bom) -> Bom:
                 continue
 
             LOG.debug("Checking dependency: " + key + "," + dep["version"])
-            purl = PackageURL("npm", "", key, dep["version"], "", "").to_string()
+            purl = PackageURL("npm", "", key, dep["version"], "", "")
             cxcomp = Component(
                 name=key.strip(),
                 version=dep["version"].strip(),
                 purl=purl,
-                bom_ref=purl)
+                bom_ref=purl.to_string())
 
             url = dep.get("resolved", "")
             if url:
                 ext_ref = ExternalReference(
                     reference_type=ExternalReferenceType.DISTRIBUTION,
                     comment=CaPyCliBom.BINARY_URL_COMMENT,
-                    url=url)
+                    url=XsUri(url))
                 cxcomp.external_references.add(ext_ref)
 
             url = dep.get("resolved", "").split('/')[-1]
@@ -64,7 +65,7 @@ def get_dependency(self, data: dict, sbom: Bom) -> Bom:
                 ext_ref = ExternalReference(
                     reference_type=ExternalReferenceType.DISTRIBUTION,
                     comment=CaPyCliBom.BINARY_FILE_COMMENT,
-                    url=url)
+                    url=XsUri(url))
                 # the encoding of the hashes in package-lock.json is incompatible to
                 # the encoding in CyloneDX.
                 # hash = dep.get("integrity", "")
@@ -93,7 +94,7 @@ def get_dependency(self, data: dict, sbom: Bom) -> Bom:
 
         return sbom
 
-    def get_dependency_lockversion3(self, data: dict, sbom: Bom) -> Bom:
+    def get_dependency_lockversion3(self, data: Dict[str, Any], sbom: Bom) -> Bom:
         dependencies = data.get("packages", {})
         for key in dependencies:
             if key:
@@ -113,19 +114,19 @@ def get_dependency_lockversion3(self, data: dict, sbom: Bom) -> Bom:
                     modified_key = key
 
                 LOG.debug("Checking dependency: " + modified_key + "," + dep["version"])
-                purl = PackageURL("npm", "", modified_key, dep["version"], "", "").to_string()
+                purl = PackageURL("npm", "", modified_key, dep["version"], "", "")
                 cxcomp = Component(
                     name=modified_key.strip(),
                     version=dep["version"].strip(),
                     purl=purl,
-                    bom_ref=purl)
+                    bom_ref=purl.to_string())
 
                 url = dep.get("resolved", "")
                 if url:
                     ext_ref = ExternalReference(
                         reference_type=ExternalReferenceType.DISTRIBUTION,
                         comment=CaPyCliBom.BINARY_URL_COMMENT,
-                        url=url)
+                        url=XsUri(url))
                     cxcomp.external_references.add(ext_ref)
 
                 url = dep.get("resolved", "").split('/')[-1]
@@ -133,7 +134,7 @@ def get_dependency_lockversion3(self, data: dict, sbom: Bom) -> Bom:
                     ext_ref = ExternalReference(
                         reference_type=ExternalReferenceType.DISTRIBUTION,
                         comment=CaPyCliBom.BINARY_FILE_COMMENT,
-                        url=url)
+                        url=XsUri(url))
 
                     cxcomp.external_references.add(ext_ref)
 
@@ -150,9 +151,9 @@ def get_dependency_lockversion3(self, data: dict, sbom: Bom) -> Bom:
 
         return sbom
 
-    def convert_package_lock(self, package_lock_file: str):
+    def convert_package_lock(self, package_lock_file: str) -> Bom:
         """Read package-lock.json and convert to bill of material"""
-        bom = SbomCreator.create(None, addlicense=True, addprofile=True, addtools=True)
+        bom = SbomCreator.create([], addlicense=True, addprofile=True, addtools=True)
         with open(package_lock_file) as fin:
             data = json.load(fin)
             if data.get("lockfileVersion") > 2:
@@ -162,7 +163,8 @@ def convert_package_lock(self, package_lock_file: str):
 
         return sbom
 
-    def find_package_info(self, pckgName: str, pckgVrsn: str = "", package_source: str = "") -> dict or None:
+    def find_package_info(self, pckgName: str, pckgVrsn: str = "",
+                          package_source: str = "") -> Optional[Dict[str, Any]]:
         hdr = {}
         if not pckgName:
             return None
@@ -197,28 +199,31 @@ def try_find_component_metadata(self, bomitem: Component, package_source: str) -
         """
         Find metadata for a single component.
         """
+        version = ""
+        if bomitem.version:
+            version = bomitem.version
         info = self.find_package_info(
             pckgName=bomitem.name,
-            pckgVrsn=bomitem.version,
+            pckgVrsn=version,
             package_source=package_source)
         if not info:
             print_yellow(
                 "  No info found for component " +
                 bomitem.name +
                 ", " +
-                bomitem.version)
+                version)
             return bomitem
 
         val = info.get("homepage", "")
         if val:
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.WEBSITE,
-                url=val)
+                url=XsUri(val))
             bomitem.external_references.add(ext_ref)
 
         repository = info.get("repository")
         url = ""
-        if repository is not None and type(repository) == dict:
+        if repository is not None and type(repository) is dict:
             url = repository.get("url", "")
             url = url.replace('git+', '')
             url = url.replace('git://', '')
@@ -227,12 +232,12 @@ def try_find_component_metadata(self, bomitem: Component, package_source: str) -
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.DISTRIBUTION,
                 comment=CaPyCliBom.SOURCE_URL_COMMENT,
-                url=url)
+                url=XsUri(url))
             bomitem.external_references.add(ext_ref)
         if "github.com" in url:
             if not str(url).startswith("http"):
                 url = "https://" + url
-            url = self.find_source_file(url, bomitem.name, bomitem.version)
+            url = self.find_source_file(url, bomitem.name, version)
             CycloneDxSupport.update_or_set_ext_ref(
                 bomitem,
                 ExternalReferenceType.DISTRIBUTION,
@@ -240,15 +245,16 @@ def try_find_component_metadata(self, bomitem: Component, package_source: str) -
                 url)
         bomitem.description = info.get("description", "")
         if not CycloneDxSupport.get_binary_file_hash(bomitem):
-            ext_ref = CycloneDxSupport.get_ext_ref(
+            ext_ref2 = CycloneDxSupport.get_ext_ref(
                 bomitem,
                 ExternalReferenceType.DISTRIBUTION,
                 CaPyCliBom.BINARY_FILE_COMMENT)
-            hash = info.get("dist", "").get("integrity", "")
-            if ext_ref and hash:
-                ext_ref.hashes.add(HashType(
-                    algorithm=HashAlgorithm.SHA_1,
-                    hash_value=hash))
+            if ext_ref2:
+                hash = info.get("dist", "").get("integrity", "")
+                if ext_ref and hash:
+                    ext_ref.hashes.add(HashType(
+                        algorithm=HashAlgorithm.SHA_1,
+                        hash_value=hash))
 
         return bomitem
 
@@ -261,7 +267,7 @@ def try_find_metadata(self, bom: Bom, package_source: str) -> Bom:
 
         return bom
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/dependencies/maven_list.py b/capycli/dependencies/maven_list.py
index 808a5d9..c2162dc 100644
--- a/capycli/dependencies/maven_list.py
+++ b/capycli/dependencies/maven_list.py
@@ -11,10 +11,10 @@
 import subprocess
 import sys
 import xml.etree.ElementTree as ET
-from typing import List, Tuple
+from typing import Any, List, Optional, Tuple
 
 import requests
-from cyclonedx.model import ExternalReference, ExternalReferenceType, Property
+from cyclonedx.model import ExternalReference, ExternalReferenceType, Property, XsUri
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
 from packageurl import PackageURL
@@ -34,8 +34,8 @@ class GetJavaMavenTreeDependencies(capycli.common.dependencies_base.Dependencies
 
     def add_urls(
             self, cx_comp: Component,
-            parsed_sources: List, parsed_binaries: List,
-            source_files: List[str], binary_files: List[str], files_directory: str):
+            parsed_sources: List[str], parsed_binaries: List[str],
+            source_files: List[str], binary_files: List[str], files_directory: str) -> None:
         """
         Adds URLs to corresponding bom item. This is done by checking if a dependency
         with the corresponding naming exists inside the list of parsed URLs and also
@@ -48,12 +48,15 @@ def add_urls(
         :param binary_files: a list of binary files from the binaries download folder
         """
         src_url = None
+        version = ""
+        if cx_comp.version:
+            version = cx_comp.version
         for source in parsed_sources:
-            if cx_comp.name + "-" + cx_comp.version + "-source.jar" in source \
-                    or cx_comp.name + "-" + cx_comp.version + "-sources.jar" in source:
+            if cx_comp.name + "-" + version + "-source.jar" in source \
+                    or cx_comp.name + "-" + version + "-sources.jar" in source:
                 src_url = source
                 for source_file in source_files:
-                    if cx_comp.name + "-" + cx_comp.version in source_file:
+                    if cx_comp.name + "-" + version in source_file:
                         src_url = source
                         break
                 else:
@@ -64,15 +67,15 @@ def add_urls(
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.DISTRIBUTION,
                 comment=CaPyCliBom.SOURCE_URL_COMMENT,
-                url=src_url)
+                url=XsUri(src_url))
             cx_comp.external_references.add(ext_ref)
 
         bin_url = None
         for binary in parsed_binaries:
-            if cx_comp.name + "-" + cx_comp.version + ".jar" in binary:
+            if cx_comp.name + "-" + version + ".jar" in binary:
                 bin_url = binary
                 for binary_file in binary_files:
-                    if cx_comp.name + "-" + cx_comp.version in binary_file:
+                    if cx_comp.name + "-" + version in binary_file:
                         bin_url = os.path.join(files_directory, binary_file)
                         break
                 else:
@@ -83,30 +86,31 @@ def add_urls(
             ext_ref = ExternalReference(
                 reference_type=ExternalReferenceType.DISTRIBUTION,
                 comment=CaPyCliBom.BINARY_URL_COMMENT,
-                url=bin_url)
+                url=XsUri(bin_url))
             cx_comp.external_references.add(ext_ref)
 
-    def extract_urls(self, download_output_file: str, regex: str) -> list:
+    def extract_urls(self, download_output_file: str, regex: str) -> List[str]:
         """
         Parses the output of mvn command using provided regex
         :param download_output_file: the mvn command output to be parsed
         :param regex: the regex string that will be used for parsing
         """
-        parsed_urls = []
+        parsed_urls: List[str] = []
 
         lines = open(download_output_file).read().split("\n")
         for line in lines:
             parts = re.findall(regex, line)
             if parts and len(parts) > 0:
                 url = parts[0]
-                if isinstance(url, Tuple):
+                # if isinstance(url, Tuple):
+                if type(url) is Tuple:
                     url = url[0]
                 if url not in parsed_urls:
                     parsed_urls.append(url)
 
         return parsed_urls
 
-    def find_package_info(self, binary_file_url):
+    def find_package_info(self, binary_file_url: str) -> Optional[ET.Element]:
         """
         Downloads a pom file and returns the parsed content
         :param  binary_file_url: a binary file url
@@ -126,40 +130,45 @@ def find_package_info(self, binary_file_url):
 
         return None
 
-    def try_find_metadata(self, cx_comp: Component):
+    def try_find_metadata(self, cx_comp: Component) -> None:
         """
         Extract information from pom file and add it to bom
         :param bomitem: item of a bom which represents a single package
         """
+        version = ""
+        if cx_comp.version:
+            version = cx_comp.version
+
         bin_file_url = CycloneDxSupport.get_ext_ref_binary_url(cx_comp)
         if bin_file_url:
-            info = self.find_package_info(bin_file_url)
+            info = self.find_package_info(str(bin_file_url))
             if not info:
                 print_yellow(
                     "  No info found for component " +
                     cx_comp.name +
                     ", " +
-                    cx_comp.version)
+                    version)
                 return
 
             namespaces = {"pom": "http://maven.apache.org/POM/4.0.0"}
             project_url = info.find("./pom:url", namespaces)
-            if project_url is not None:
+            if project_url is not None and project_url.text:
                 CycloneDxSupport.update_or_set_ext_ref(
                     cx_comp, ExternalReferenceType.WEBSITE, "", project_url.text)
             scm_url = info.find("./pom:scm/pom:url", namespaces)
             if scm_url is not None:
                 url = scm_url.text
-                CycloneDxSupport.update_or_set_ext_ref(
-                    cx_comp, ExternalReferenceType.VCS, "", url)
-                if "github.com" in url:
-                    if not str(url).startswith("http"):
-                        url = "https://" + url
-                    # bomitem["SourceUrl"] = url
-                    src_file_url = self.find_source_file(url, cx_comp.name, cx_comp.version)
+                if url:
                     CycloneDxSupport.update_or_set_ext_ref(
-                        cx_comp, ExternalReferenceType.DISTRIBUTION,
-                        CaPyCliBom.SOURCE_URL_COMMENT, src_file_url)
+                        cx_comp, ExternalReferenceType.VCS, "", url)
+                    if "github.com" in url:
+                        if not str(url).startswith("http"):
+                            url = "https://" + url
+                        # bomitem["SourceUrl"] = url
+                        src_file_url = self.find_source_file(url, cx_comp.name, version)
+                        CycloneDxSupport.update_or_set_ext_ref(
+                            cx_comp, ExternalReferenceType.DISTRIBUTION,
+                            CaPyCliBom.SOURCE_URL_COMMENT, src_file_url)
 
                     print(src_file_url)
             description = info.find("./pom:description", namespaces)
@@ -188,10 +197,13 @@ def create_full_dependency_list_from_maven_command(self) -> Bom:
             stdout=subprocess.PIPE,
             stderr=subprocess.PIPE,
             shell=True)
+
+        sbom = SbomCreator.create([], addlicense=True, addprofile=True, addtools=True)
+        if not proc.stdout:
+            return sbom
+
         raw_bin_data = proc.stdout.read()
         raw_data = raw_bin_data.decode("utf-8")
-
-        sbom = SbomCreator.create(None, addlicense=True, addprofile=True, addtools=True)
         lines = raw_data.split("\n")
         p = re.compile(r"\[INFO\]\s*(\S*):compile(?!:)\s*", re.IGNORECASE | re.MULTILINE)
         for line in lines:
@@ -234,7 +246,7 @@ def create_full_dependency_list_from_maven_list_file(self, maven_list_file: str,
             lines = file.readlines()
             lines = [line.rstrip() for line in lines]
 
-        sbom = SbomCreator.create(None, addlicense=True, addprofile=True, addtools=True)
+        sbom = SbomCreator.create([], addlicense=True, addprofile=True, addtools=True)
         list_p = [
             re.compile(r"\s*(\S*):compile(?!:)\s*", re.IGNORECASE | re.MULTILINE),
             re.compile(r"\s*(\S*):runtime(?!:)\s*", re.IGNORECASE | re.MULTILINE),
@@ -262,7 +274,7 @@ def create_full_dependency_list_from_maven_list_file(self, maven_list_file: str,
 
         return sbom
 
-    def create_bom_item(self, x) -> Component:
+    def create_bom_item(self, x: List[str]) -> Component:
         """
         Create a CycloneDX BOM item.
         """
@@ -276,12 +288,12 @@ def create_bom_item(self, x) -> Component:
         if len(parts) < 4:
             parts = parts
 
-        purl = PackageURL("maven", parts[0], parts[1], parts[3], "", "").to_string()
+        purl = PackageURL("maven", parts[0], parts[1], parts[3], "", "")
         cx_comp = Component(
             name=parts[1],
             version=parts[3],
             purl=purl,
-            bom_ref=purl
+            bom_ref=purl.to_string()
         )
 
         prop = Property(
@@ -291,7 +303,7 @@ def create_bom_item(self, x) -> Component:
 
         return cx_comp
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/dependencies/maven_pom.py b/capycli/dependencies/maven_pom.py
index 3b66969..aa0ca7f 100644
--- a/capycli/dependencies/maven_pom.py
+++ b/capycli/dependencies/maven_pom.py
@@ -9,6 +9,7 @@
 import os
 import sys
 import xml.etree.ElementTree as ET
+from typing import Any
 
 from cyclonedx.model import Property
 from cyclonedx.model.bom import Bom
@@ -31,7 +32,7 @@ class GetJavaMavenPomDependencies(capycli.common.script_base.ScriptBase):
     Read a pom.xml file, extracts the  dependencies
     and create a bill of material JSON file.
     """
-    def parse_xmlns(self, file):
+    def parse_xmlns(self, file: str) -> ET.ElementTree:
         events = "start", "start-ns"
 
         root = None
@@ -78,26 +79,26 @@ def process_pom_file(self, pom_file: str) -> Bom:
                     if dep.tag == ns + "dependency":
                         artifact = {}
                         for item in dep:
-                            if item.tag == ns + "groupId":
+                            if item.text and item.tag == ns + "groupId":
                                 artifact["groupId"] = item.text.strip()
-                            if item.tag == ns + "artifactId":
+                            if item.text and item.tag == ns + "artifactId":
                                 artifact["artifactId"] = item.text.strip()
-                            if item.tag == ns + "version":
+                            if item.text and item.tag == ns + "version":
                                 artifact["version"] = item.text.strip()
 
                         artifacts.append(artifact)
 
-        sbom = SbomCreator.create(None, addlicense=True, addprofile=True, addtools=True)
+        sbom = SbomCreator.create([], addlicense=True, addprofile=True, addtools=True)
         for artifact in artifacts:
             purl = PackageURL(
                 "maven", artifact.get("groupId", ""),
                 artifact.get("artifactId", ""), artifact.get("version", ""),
-                "", "").to_string()
+                "", "")
             cx_comp = Component(
                 name=artifact.get("artifactId", ""),
                 version=artifact.get("version", ""),
                 purl=purl,
-                bom_ref=purl
+                bom_ref=purl.to_string()
             )
 
             prop = Property(
@@ -109,7 +110,7 @@ def process_pom_file(self, pom_file: str) -> Bom:
 
         return sbom
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/dependencies/nuget.py b/capycli/dependencies/nuget.py
index 3e59831..027a211 100644
--- a/capycli/dependencies/nuget.py
+++ b/capycli/dependencies/nuget.py
@@ -9,6 +9,7 @@
 import os
 import re
 import sys
+from typing import Any
 from xml.dom import minidom
 
 from cyclonedx.model import Property
@@ -44,12 +45,12 @@ def convert_project_file(self, csproj_file: str) -> Bom:
 
             name = s.attributes["id"].value.strip()
             version = s.attributes["version"].value.strip()
-            purl = PackageURL("nuget", "", name, version, "", "").to_string()
+            purl = PackageURL("nuget", "", name, version, "", "")
             cxcomp = Component(
                 name=name,
                 version=version,
                 purl=purl,
-                bom_ref=purl)
+                bom_ref=purl.to_string())
 
             prop = Property(
                 name=CycloneDxSupport.CDX_PROP_LANGUAGE,
@@ -75,12 +76,12 @@ def convert_project_file(self, csproj_file: str) -> Bom:
                     else:
                         version = version.item(0).childNodes.item(0).nodeValue
 
-                purl = PackageURL("nuget", "", name, version, "", "").to_string()
+                purl = PackageURL("nuget", "", name, version, "", "")
                 cxcomp = Component(
                     name=name,
                     version=version,
                     purl=purl,
-                    bom_ref=purl)
+                    bom_ref=purl.to_string())
 
                 prop = Property(
                     name=CycloneDxSupport.CDX_PROP_LANGUAGE,
@@ -137,7 +138,7 @@ def merge_bom(self, bom: Bom, bom_to_add: Bom) -> Bom:
 
         return bom
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/dependencies/python.py b/capycli/dependencies/python.py
index 3bdc51a..8296fb7 100644
--- a/capycli/dependencies/python.py
+++ b/capycli/dependencies/python.py
@@ -6,14 +6,12 @@
 # SPDX-License-Identifier: MIT
 # -------------------------------------------------------------------------------
 
-import json
 import logging
 import os
-import subprocess
 import sys
 from enum import Enum
 from io import TextIOWrapper
-from typing import Any, Dict, List
+from typing import Any, Dict, List, Optional
 
 import chardet
 import requests
@@ -46,27 +44,9 @@ class GetPythonDependencies(capycli.common.script_base.ScriptBase):
     Determine Python components/dependencies for a given project
     """
 
-    def __init__(self):
+    def __init__(self) -> None:
         self.verbose = False
 
-    # NOT USED AT THE MOMENT
-    def create_local_package_list(self) -> dict:
-        """
-        Create a list of all packages in the local environment.
-
-        :return a list of the local Python packages
-        :rtype list of package item dictionaries, as returned by pip
-        """
-        args = ["pip3", "list", "--format", "json"]
-        proc = subprocess.Popen(
-            args,
-            stdout=subprocess.PIPE,
-            stderr=subprocess.PIPE,
-            shell=False)
-        raw_data = proc.communicate()[0]
-        package_list = json.loads(raw_data)
-        return package_list
-
     def requirements_to_package_list(self, input_file: str) -> List[Dict[str, str]]:
         """
         Converts the requirements file to a package list.
@@ -91,18 +71,18 @@ def read_requirements_bom(self, requirements_file: TextIOWrapper) -> List[Dict[s
         :return a list of the local Python packages.
         :rtype list of package item dictionaries, as retuned by pip.
         """
-        package_list = []
+        package_list: List[Dict[str, str]] = []
         for req in requirements.parse(requirements_file):
             name = req.name
             if req.local_file:
                 print_yellow(
-                    "WARNING: Local file " + req.path +
+                    "WARNING: Local file " + str(req.path) +
                     " does not have versions. Skipping.")
                 continue
 
             if not req.specs:
                 print_yellow(
-                    "WARNING: " + name +
+                    "WARNING: " + str(name) +
                     " does not have a version specified. Skipping.")
                 continue
 
@@ -110,17 +90,17 @@ def read_requirements_bom(self, requirements_file: TextIOWrapper) -> List[Dict[s
                 version = req.specs[0][1]
                 if req.specs[0][0] != "==":
                     print_yellow(
-                        "WARNING: " + name +
+                        "WARNING: " + str(name) +
                         " is not pinned to a specific version. Using: " + version)
 
-                package = {}
+                package: Dict[str, Any] = {}
                 package["name"] = name
                 package["version"] = version
                 package_list.append(package)
 
         return package_list
 
-    def get_package_meta_info(self, name: str, version: str, package_source: str = "") -> dict or None:
+    def get_package_meta_info(self, name: str, version: str, package_source: str = "") -> Optional[Dict[str, Any]]:
         """
         Retrieves meta data of the given package from PyPi.
 
@@ -171,14 +151,17 @@ def generate_purl(self, name: str, version: str) -> str:
         """
         return PackageURL("pypi", '', name, version, '', '').to_string()
 
-    def add_meta_data_to_bomitem(self, cxcomp: Component, package_source: str = ""):
+    def add_meta_data_to_bomitem(self, cxcomp: Component, package_source: str = "") -> None:
         """
         Try to lookup meta data for the given item.
 
         :param bomitem: a single bill of material item (a single component)
         :type bomitem: dictionary
         """
-        meta = self.get_package_meta_info(cxcomp.name, cxcomp.version, package_source)
+        version = ""
+        if cxcomp.version:
+            version = cxcomp.version
+        meta = self.get_package_meta_info(cxcomp.name, version, package_source)
         if not meta:
             LOG.debug(f"No meta data found for {cxcomp.name}, {cxcomp.version}")
             return
@@ -247,7 +230,8 @@ def add_meta_data_to_bomitem(self, cxcomp: Component, package_source: str = ""):
                             cxcomp.external_references.add(ext_ref)
                             LOG.debug("  got source file url")
 
-    def convert_package_list(self, package_list: list, search_meta_data: bool, package_source: str = "") -> Bom:
+    def convert_package_list(self, package_list: List[Dict[str, Any]], search_meta_data: bool,
+                             package_source: str = "") -> Bom:
         """
         Convert package list to SBOM.
 
@@ -257,13 +241,13 @@ def convert_package_list(self, package_list: list, search_meta_data: bool, packa
         :rtype list of bom item dictionaries
         """
         creator = SbomCreator()
-        sbom = creator.create(None, addlicense=True, addprofile=True, addtools=True)
+        sbom = creator.create([], addlicense=True, addprofile=True, addtools=True)
         for package in package_list:
             purl = self.generate_purl(package["name"], package["version"])
             cxcomp = Component(
                 name=package.get("name", "").strip(),
                 version=package.get("version", "").strip(),
-                purl=purl,
+                purl=PackageURL.from_string(purl),
                 bom_ref=purl,
                 description=package.get("Description", "").strip())
 
@@ -279,7 +263,7 @@ def convert_package_list(self, package_list: list, search_meta_data: bool, packa
 
         return sbom
 
-    def print_package_list(self, package_list: list) -> None:
+    def print_package_list(self, package_list: List[Dict[str, Any]]) -> None:
         """
         Print the package list.
 
@@ -348,7 +332,7 @@ def sbom_from_poetry_lock_file(self, filename: str, search_meta_data: bool, pack
         LOG.debug(f"poetry_lock_version: {poetry_lock_version}")
 
         creator = SbomCreator()
-        sbom = creator.create(None, addlicense=True, addprofile=True, addtools=True)
+        sbom = creator.create([], addlicense=True, addprofile=True, addtools=True)
         for package in poetry_lock["package"]:
             name = package.get("name", "").strip()
             version = package.get("version", "").strip()
@@ -359,12 +343,12 @@ def sbom_from_poetry_lock_file(self, filename: str, search_meta_data: bool, pack
                 LOG.debug("  Ignoring development dependency")
                 continue
 
-            purl = PackageURL(type="pypi", name=name, version=version).to_string()
+            purl = PackageURL(type="pypi", name=name, version=version)
             cxcomp = Component(
                 name=name,
                 version=version,
                 purl=purl,
-                bom_ref=purl,
+                bom_ref=purl.to_string(),
                 description=package.get("description", "").strip())
 
             prop = Property(
@@ -436,7 +420,7 @@ def check_meta_data(self, sbom: Bom) -> bool:
 
         return result
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/main/application.py b/capycli/main/application.py
index 81b6182..acc2359 100644
--- a/capycli/main/application.py
+++ b/capycli/main/application.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-23 Siemens
+# Copyright (c) 2019-2023 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -10,6 +10,7 @@
 
 import sys
 import time
+from typing import Any, List, Optional
 
 import capycli
 from capycli.bom import handle_bom
@@ -27,13 +28,13 @@
 
 
 class Application(object):
-    def __init__(self, program="CaPyCli", version=capycli.get_app_version()):
+    def __init__(self, program: str = "CaPyCli", version: str = capycli.get_app_version()) -> None:
         """Initialize our application."""
 
         #: The timestamp when the Application instance was instantiated.
         self.start_time = time.time()
         #: The timestamp when the Application finished reported errors.
-        self.end_time = None  # type: float
+        self.end_time = 0  # type: float
         #: The name of the program being run
         self.program = program
         #: The version of the program being run
@@ -46,7 +47,7 @@ def __init__(self, program="CaPyCli", version=capycli.get_app_version()):
         #: :attr:`option_manager`
         self.args = None
 
-    def check_for_version_display(self, argv) -> bool:
+    def check_for_version_display(self, argv: Any) -> bool:
         """Check for --version option"""
         for arg in argv:
             if arg == "--version":
@@ -58,7 +59,7 @@ def check_for_version_display(self, argv) -> bool:
 
         return False
 
-    def check_for_global_help(self, argv) -> bool:
+    def check_for_global_help(self, argv: Any) -> bool:
         """Check for -h option without any command"""
         global_help = False
         if len(argv) > 1:
@@ -71,19 +72,18 @@ def check_for_global_help(self, argv) -> bool:
 
         return global_help
 
-    def exit(self):
-        # type: () -> None
+    def exit(self) -> None:
         """Handle finalization and exiting the program."""
         pass
 
-    def has_debug_switch(self, argv) -> bool:
+    def has_debug_switch(self, argv: Any) -> bool:
         for arg in argv:
             if arg.lower() == "-x":
                 return True
 
         return False
 
-    def initialize(self, argv):
+    def initialize(self, argv: Any) -> None:
         if self.has_debug_switch(argv):
             capycli.configure_logging(2)
             global DEBUG_LOGGING
@@ -91,12 +91,12 @@ def initialize(self, argv):
         else:
             capycli.configure_logging(1)
 
-    def emit_exit_code(self, system_exit_exception):
+    def emit_exit_code(self, system_exit_exception: Optional[SystemExit]) -> None:
         if system_exit_exception is None:
             # successfull
-            if self.options and self.options.ex:
-                print("Exit code = 0")
-            # no need to do sys.exit(0) here - 0 is terh default exit code
+            if self.options and self.options.ex:  # type: ignore  # code is used!
+                print("Exit code = 0")  # type: ignore  # code is used!
+            # no need to do sys.exit(0) here - 0 is the default exit code
             # sys.exit(ResultCode.RESULT_OPERATION_SUCCEEDED)
         else:
             if isinstance(system_exit_exception.code, str):
@@ -105,11 +105,11 @@ def emit_exit_code(self, system_exit_exception):
             if isinstance(system_exit_exception.code, int):
                 sys.exit(system_exit_exception.code)
 
-            if self.options and self.options.ex:
-                print("Exit code = 1")
+            if self.options and self.options.ex:  # type: ignore  # code is used!
+                print("Exit code = 1")  # type: ignore  # code is used!
             sys.exit(ResultCode.RESULT_GENERAL_ERROR)
 
-    def _run(self, argv: list):
+    def _run(self, argv: List[str]) -> None:
         self.initialize(argv)
 
         cmdline = options.CommandlineSupport()
@@ -131,7 +131,9 @@ def _run(self, argv: list):
 
         self.options = cmdline.process_commandline(argv)
 
-        command = self.options.command[0].lower()
+        command: str
+        if self.options:
+            command = self.options.command[0].lower()  # type: ignore  # code is used!
         if command == "getdependencies":
             handle_dependencies.run_dependency_command(self.options)
         elif command == "bom":
@@ -146,7 +148,7 @@ def _run(self, argv: list):
             print_red("Unknown command: " + command)
             sys.exit(ResultCode.RESULT_COMMAND_ERROR)
 
-    def run(self, argv: list):
+    def run(self, argv: List[str]) -> None:
         """Run our application.
         This method will also handle KeyboardInterrupt exceptions for the
         entirety of the CaPyCli application.
diff --git a/capycli/main/argument_parser.py b/capycli/main/argument_parser.py
index d64edb3..adc0502 100644
--- a/capycli/main/argument_parser.py
+++ b/capycli/main/argument_parser.py
@@ -12,28 +12,29 @@
 import os
 import sys
 import textwrap
+from typing import Any, Dict, List
 
 
 class ArgumentParser(argparse.ArgumentParser):
     """Custom argument parser."""
-    def __init__(self, *args, **kwargs):
-        self.options = []
-        super(ArgumentParser, self).__init__(*args, **kwargs, add_help=False)
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
+        self.options: List[Dict[str, Any]] = []
+        super(ArgumentParser, self).__init__(*args, **kwargs, add_help=False)  # type: ignore
         self.program = {key: kwargs[key] for key in kwargs}
         self.command_help = None
 
-    def add_command_help(self, command_help):
+    def add_command_help(self, command_help: Any) -> None:
         self.command_help = command_help
 
-    def add_argument(self, *args, **kwargs):
+    def add_argument(self, *args: Any, **kwargs: Any) -> Any:
         super(ArgumentParser, self).add_argument(*args, **kwargs)
-        option = {}
+        option: Dict[str, Any] = {}
         option["flags"] = [item for item in args]
         for key in kwargs:
             option[key] = kwargs[key]
         self.options.append(option)
 
-    def print_help(self):
+    def print_help(self, file: Any = None) -> None:
         wrapper = textwrap.TextWrapper(width=120)
 
         # Print usage
@@ -64,7 +65,7 @@ def print_help(self):
 
         # Print command help
         if self.command_help:
-            print(self.command_help)
+            print(self.command_help)  # type: ignore  # code is used!
             print()
 
         # Print options
diff --git a/capycli/main/cli.py b/capycli/main/cli.py
index ed85722..41937e0 100644
--- a/capycli/main/cli.py
+++ b/capycli/main/cli.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-23 Siemens
+# Copyright (c) 2019-2023 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -9,11 +9,12 @@
 """Command-line implementation of CaPyCli."""
 
 import sys
+from typing import List, Optional
 
 from capycli.main import application
 
 
-def main(argv: list = None):
+def main(argv: Optional[List[str]] = None) -> None:
     """Execute the main bit of the application.
     This handles the creation of an instance of :class:`Application`, runs it,
     and then exits the application.
diff --git a/capycli/main/options.py b/capycli/main/options.py
index d368701..f7472f8 100644
--- a/capycli/main/options.py
+++ b/capycli/main/options.py
@@ -9,6 +9,7 @@
 """Contains the logic for all of the default options for CaPyCli."""
 
 import os
+from typing import Any, Dict
 
 import tomli
 
@@ -23,7 +24,7 @@
 class CommandlineSupport():
     CONFIG_FILE_NAME = ".capycli.cfg"
 
-    def __init__(self):
+    def __init__(self) -> None:
         custom_prog = "CaPyCli, " + capycli.get_app_version()
         custom_usage = "CaPyCli command subcommand [options]"
         command_help = """Commands and Sub-Commands
@@ -97,7 +98,7 @@ def __init__(self):
 
         self.register_options()
 
-    def register_options(self):
+    def register_options(self) -> None:
         input_formats = []
         input_formats.append(BomFormat.TEXT)
         input_formats.append(BomFormat.CSV)
@@ -391,7 +392,7 @@ def register_options(self):
             dest="debug", action="store_true",
             help="Enable debug output")
 
-    def read_config(self, filename: str = None, config_string: str = None) -> dict:
+    def read_config(self, filename: str = "", config_string: str = "") -> Dict[str, Any]:
         """
         Read configuration from string or config file.
         """
@@ -409,10 +410,10 @@ def read_config(self, filename: str = None, config_string: str = None) -> dict:
                         toml_dict = tomli.load(f)
 
             if not toml_dict:
-                return None
+                return {}
 
             if "capycli" not in toml_dict:
-                return None
+                return {}
 
             return toml_dict["capycli"]
         except tomli.TOMLDecodeError as tex:
@@ -420,7 +421,9 @@ def read_config(self, filename: str = None, config_string: str = None) -> dict:
         except Exception as ex:
             LOG.warning("Error reading config file: " + repr(ex))
 
-    def process_commandline(self, argv):
+        return {}
+
+    def process_commandline(self, argv: Any) -> Any:
         """Reads the command line arguments"""
         args = self.parser.parse_args(argv)
         cfg = self.read_config()
diff --git a/capycli/mapping/handle_mapping.py b/capycli/mapping/handle_mapping.py
index 73e4345..6d695a8 100644
--- a/capycli/mapping/handle_mapping.py
+++ b/capycli/mapping/handle_mapping.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import sys
+from typing import Any
 
 import capycli.mapping.mapping_to_html
 import capycli.mapping.mapping_to_xlsx
@@ -14,7 +15,7 @@
 from capycli.main.result_codes import ResultCode
 
 
-def run_mapping_command(args):
+def run_mapping_command(args: Any) -> None:
     command = args.command[0].lower()
     if command != "mapping":
         return
@@ -38,8 +39,8 @@ def run_mapping_command(args):
 
     if subcommand == "toxlsx":
         """Create an Excel sheet showing the mapping result."""
-        app = capycli.mapping.mapping_to_xlsx.MappingToExcelXlsx()
-        app.run(args)
+        app2 = capycli.mapping.mapping_to_xlsx.MappingToExcelXlsx()
+        app2.run(args)
         return
 
     print_red("Unknown sub-command: " + subcommand)
diff --git a/capycli/mapping/mapping_to_html.py b/capycli/mapping/mapping_to_html.py
index 54a3369..c718592 100644
--- a/capycli/mapping/mapping_to_html.py
+++ b/capycli/mapping/mapping_to_html.py
@@ -8,6 +8,7 @@
 
 import os
 import sys
+from typing import Any, Dict, List
 
 import capycli.common.html_support
 import capycli.common.json_support
@@ -26,7 +27,7 @@ class MappingToHtml(capycli.common.script_base.ScriptBase):
 
     RELEASE_URL = os.environ.get("SW360ServerUrl", "") + "/group/guest/components/-/component/release/detailRelease/"
 
-    def mapping_result_to_html(self, details, outputfile):
+    def mapping_result_to_html(self, details: List[Dict[str, Any]], outputfile: str) -> None:
         """Create a HTML page showing the mapping overview"""
         myhtml = capycli.common.html_support.HtmlSupport()
         lineend = myhtml.get_lineend()
@@ -137,7 +138,7 @@ def mapping_result_to_html(self, details, outputfile):
 
             myhtml.end_body_and_finish(htmlfile)
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/mapping/mapping_to_xlsx.py b/capycli/mapping/mapping_to_xlsx.py
index 0e4ba25..dc6cc8b 100644
--- a/capycli/mapping/mapping_to_xlsx.py
+++ b/capycli/mapping/mapping_to_xlsx.py
@@ -8,6 +8,7 @@
 
 import os
 import sys
+from typing import Any, Dict, List
 
 from openpyxl import Workbook
 from openpyxl.styles import Alignment, Border, Font, PatternFill, Side
@@ -27,7 +28,7 @@
 class MappingToExcelXlsx(capycli.common.script_base.ScriptBase):
     """Create an Excel sheet showing the mapping result"""
 
-    def define_styles(self):
+    def define_styles(self) -> None:
         """Define style for Excel"""
         # fontDefault = Font(
         #    name="Calibri", size=11, bold=False, italic=False,vertAlign=None,
@@ -59,24 +60,27 @@ def define_styles(self):
             top=Side(border_style="thin", color="FF000000"),
             bottom=Side(border_style="thin", color="FF000000"))
 
-    def mapping_result_to_xlsx(self, details, outputfile):
+    def mapping_result_to_xlsx(self, details: List[Dict[str, Any]], outputfile: str) -> None:
         """Create an Excel sheet showing the mapping overview"""
         wb = Workbook()
         ws = wb.active
+        if not ws:
+            return
+
         self.define_styles()
 
-        ws["A1"] = "Mapping Result Overview"
-        ws["A1"].font = self.fontBold16
+        ws["A1"] = "Mapping Result Overview"  # type: ignore
+        ws["A1"].font = self.fontBold16  # type: ignore
 
-        ws["A3"] = "SBOM Component"
-        ws["A3"].fill = self.fillGray
-        ws["A3"].border = self.border
-        ws["B3"] = "Mapping Result"
-        ws["B3"].fill = self.fillGray
-        ws["B3"].border = self.border
-        ws["C3"] = "Matching Component"
-        ws["C3"].fill = self.fillGray
-        ws["C3"].border = self.border
+        ws["A3"] = "SBOM Component"  # type: ignore
+        ws["A3"].fill = self.fillGray  # type: ignore
+        ws["A3"].border = self.border  # type: ignore
+        ws["B3"] = "Mapping Result"  # type: ignore
+        ws["B3"].fill = self.fillGray  # type: ignore
+        ws["B3"].border = self.border  # type: ignore
+        ws["C3"] = "Matching Component"  # type: ignore
+        ws["C3"].fill = self.fillGray  # type: ignore
+        ws["C3"].border = self.border  # type: ignore
 
         row = 4
         max_width_component = 0
@@ -96,7 +100,7 @@ def mapping_result_to_xlsx(self, details, outputfile):
                 else:
                     font = self.fontBoldOrange
 
-            c = ws.cell(row=row, column=1, value=versiontext)
+            c = ws.cell(row=row, column=1, value=versiontext)  # type: ignore
             c.font = font
             c.border = self.border
             c.alignment = Alignment(vertical="top")
@@ -105,7 +109,7 @@ def mapping_result_to_xlsx(self, details, outputfile):
 
             text = MapResult.map_code_to_string(mapresult["Result"]) + \
                 " (" + str(mapresult["Result"]) + ")"
-            c = ws.cell(row=row, column=2, value=text)
+            c = ws.cell(row=row, column=2, value=text)  # type: ignore
             c.font = font
             c.border = self.border
             c.alignment = Alignment(vertical="top")
@@ -135,16 +139,16 @@ def mapping_result_to_xlsx(self, details, outputfile):
                     if len(line) > max_width_match:
                         max_width_match = len(line)
 
-            c = ws.cell(row=row, column=3, value=text)
+            c = ws.cell(row=row, column=3, value=text)  # type: ignore
             c.alignment = Alignment(wrapText=True)
             c.font = font
             c.border = self.border
 
             row += 1
 
-        ws.column_dimensions["A"].width = max_width_component
-        ws.column_dimensions["B"].width = max_width_result
-        ws.column_dimensions["C"].width = max_width_match
+        ws.column_dimensions["A"].width = max_width_component  # type: ignore
+        ws.column_dimensions["B"].width = max_width_result  # type: ignore
+        ws.column_dimensions["C"].width = max_width_match  # type: ignore
 
         try:
             wb.save(outputfile)
@@ -152,7 +156,7 @@ def mapping_result_to_xlsx(self, details, outputfile):
             print_red("Error wirting Excel sheet: " + repr(ex))
             sys.exit(ResultCode.RESULT_ERROR_WRITING_FILE)
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/moverview/handle_moverview.py b/capycli/moverview/handle_moverview.py
index 5691b0f..f4276af 100644
--- a/capycli/moverview/handle_moverview.py
+++ b/capycli/moverview/handle_moverview.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import sys
+from typing import Any
 
 import capycli.moverview.moverview_to_html
 import capycli.moverview.moverview_to_xlsx
@@ -14,7 +15,7 @@
 from capycli.main.result_codes import ResultCode
 
 
-def run_moverview_command(args):
+def run_moverview_command(args: Any) -> None:
     command = args.command[0].lower()
     if command != "moverview":
         return
@@ -38,8 +39,8 @@ def run_moverview_command(args):
 
     if subcommand == "toxlsx":
         """Create an Excel sheet showing the mapping overview."""
-        app = capycli.moverview.moverview_to_xlsx.MappingOverviewToExcelXlsx()
-        app.run(args)
+        app2 = capycli.moverview.moverview_to_xlsx.MappingOverviewToExcelXlsx()
+        app2.run(args)
         return
 
     print_red("Unknown sub-command: " + subcommand)
diff --git a/capycli/moverview/moverview_to_html.py b/capycli/moverview/moverview_to_html.py
index 1e29a0f..526fe9b 100644
--- a/capycli/moverview/moverview_to_html.py
+++ b/capycli/moverview/moverview_to_html.py
@@ -8,6 +8,7 @@
 
 import os
 import sys
+from typing import Any, Dict
 
 import capycli.common.html_support
 import capycli.common.json_support
@@ -24,7 +25,7 @@
 class MappingOverviewToHtml(capycli.common.script_base.ScriptBase):
     """Create a HTML page showing the mapping overview."""
 
-    def mapping_overview_to_html(self, overview, outputfile):
+    def mapping_overview_to_html(self, overview: Dict[str, Any], outputfile: str) -> None:
         """Create a HTML page showing the mapping overview"""
         myhtml = capycli.common.html_support.HtmlSupport()
         lineend = myhtml.get_lineend()
@@ -73,7 +74,7 @@ def mapping_overview_to_html(self, overview, outputfile):
 
             myhtml.end_body_and_finish(htmlfile)
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/moverview/moverview_to_xlsx.py b/capycli/moverview/moverview_to_xlsx.py
index 9a68a8a..e5c7156 100644
--- a/capycli/moverview/moverview_to_xlsx.py
+++ b/capycli/moverview/moverview_to_xlsx.py
@@ -8,6 +8,7 @@
 
 import os
 import sys
+from typing import Any, Dict
 
 from openpyxl import Workbook
 from openpyxl.styles import Border, Font, PatternFill, Side
@@ -27,7 +28,7 @@
 class MappingOverviewToExcelXlsx(capycli.common.script_base.ScriptBase):
     """Create an Excel sheet showing the mapping overview."""
 
-    def define_styles(self):
+    def define_styles(self) -> None:
         """Define style for Excel"""
         # fontDefault = Font(
         #    name="Calibri", size=11, bold=False, italic=False,vertAlign=None,
@@ -59,30 +60,33 @@ def define_styles(self):
             top=Side(border_style="thin", color="FF000000"),
             bottom=Side(border_style="thin", color="FF000000"))
 
-    def mapping_overview_to_xlsx(self, overview, outputfile):
+    def mapping_overview_to_xlsx(self, overview: Dict[str, Any], outputfile: str) -> None:
         """Create an Excel sheet showing the mapping overview"""
         wb = Workbook()
         ws = wb.active
+        if not ws:
+            return
+
         self.define_styles()
 
-        ws["A1"] = "Mapping Result Overview"
-        ws["A1"].font = self.fontBold16
+        ws["A1"] = "Mapping Result Overview"  # type: ignore
+        ws["A1"].font = self.fontBold16  # type: ignore
 
-        ws["A3"] = "Overall Result: " + overview["OverallResult"]
+        ws["A3"] = "Overall Result: " + overview["OverallResult"]  # type: ignore
         if overview["OverallResult"] == "COMPLETE":
-            ws["A3"].font = self.fontBoldBlue
+            ws["A3"].font = self.fontBoldBlue  # type: ignore
         else:
-            ws["A3"].font = self.fontBoldRed
-
-        ws["A5"] = "Component"
-        ws["A5"].fill = self.fillGray
-        ws["A5"].border = self.border
-        ws["B5"] = "Mapping Result"
-        ws["B5"].fill = self.fillGray
-        ws["B5"].border = self.border
-        ws["C5"] = "Mapping Code"
-        ws["C5"].fill = self.fillGray
-        ws["C5"].border = self.border
+            ws["A3"].font = self.fontBoldRed  # type: ignore
+
+        ws["A5"] = "Component"  # type: ignore
+        ws["A5"].fill = self.fillGray  # type: ignore
+        ws["A5"].border = self.border  # type: ignore
+        ws["B5"] = "Mapping Result"  # type: ignore
+        ws["B5"].fill = self.fillGray  # type: ignore
+        ws["B5"].border = self.border  # type: ignore
+        ws["C5"] = "Mapping Code"  # type: ignore
+        ws["C5"].fill = self.fillGray  # type: ignore
+        ws["C5"].border = self.border  # type: ignore
 
         row = 6
         max_width_component = 0
@@ -97,31 +101,31 @@ def mapping_overview_to_xlsx(self, overview, outputfile):
                 else:
                     font = self.fontBoldOrange
 
-            c = ws.cell(row=row, column=1, value=item["BomItem"])
+            c = ws.cell(row=row, column=1, value=item["BomItem"])  # type: ignore
             c.font = font
             c.border = self.border
             if len(item["BomItem"]) > max_width_component:
                 max_width_component = len(item["BomItem"])
 
-            c = ws.cell(row=row, column=2, value=item["ResultText"])
+            c = ws.cell(row=row, column=2, value=item["ResultText"])  # type: ignore
             c.font = font
             c.border = self.border
             if len(item["ResultText"]) > max_width_text:
                 max_width_text = len(item["ResultText"])
 
-            c = ws.cell(row=row, column=3, value=item["ResultCode"])
+            c = ws.cell(row=row, column=3, value=item["ResultCode"])  # type: ignore
             c.font = font
             c.border = self.border
 
             row += 1
 
-        ws.column_dimensions["A"].width = max_width_component
-        ws.column_dimensions["B"].width = max_width_text
-        ws.column_dimensions["C"].width = len("Mapping Code")
+        ws.column_dimensions["A"].width = max_width_component  # type: ignore
+        ws.column_dimensions["B"].width = max_width_text  # type: ignore
+        ws.column_dimensions["C"].width = len("Mapping Code")  # type: ignore
 
         wb.save(outputfile)
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/project/check_prerequisites.py b/capycli/project/check_prerequisites.py
index 89943e2..10c5b38 100644
--- a/capycli/project/check_prerequisites.py
+++ b/capycli/project/check_prerequisites.py
@@ -9,6 +9,7 @@
 import logging
 import os
 import sys
+from typing import Any, Dict, List, Optional
 
 from colorama import Fore
 from cyclonedx.model.bom import Bom
@@ -25,7 +26,7 @@
 class CheckPrerequisites(capycli.common.script_base.ScriptBase):
     """Checks whether all prerequisites for a successfull software clearing are fulfilled."""
 
-    def get_clearing_state(self, project: dict, href: str) -> str:
+    def get_clearing_state(self, project: Dict[str, Any], href: str) -> str:
         """Returns the clearing state of the given component/release"""
         rel = project["linkedReleases"]
         for key in rel:
@@ -34,7 +35,7 @@ def get_clearing_state(self, project: dict, href: str) -> str:
 
         return ""
 
-    def get_source_code(self, release: dict) -> list:
+    def get_source_code(self, release: Dict[str, Any]) -> List[Dict[str, Any]]:
         """Return list of attachment infos for all source code attachments"""
         if "_embedded" not in release:
             return []
@@ -49,10 +50,10 @@ def get_source_code(self, release: dict) -> list:
         ]
         return att
 
-    def get_component_management_id(self, release: dict) -> dict:
+    def get_component_management_id(self, release: Dict[str, Any]) -> Dict[Any, Any]:
         """Retries the first component management id"""
         if "externalIds" not in release:
-            return None
+            return {}
 
         id_dict = dict(release.get("externalIds", {}))
 
@@ -71,11 +72,15 @@ def get_component_management_id(self, release: dict) -> dict:
 
         return id_dict
 
-    def check_checkStatus(self, source_info):
+    def check_checkStatus(self, source_info: Dict[str, Any]) -> None:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         attachment = self.client.get_attachment_by_url(
             source_info["_links"]["self"]["href"]
         )
-        if attachment["checkStatus"] == "ACCEPTED":
+        if attachment and attachment["checkStatus"] == "ACCEPTED":
             print_green(
                 "        " +
                 attachment["filename"] +
@@ -93,13 +98,21 @@ def any_sw360id_in_bom(self, sbom: Bom) -> bool:
 
         return False
 
-    def check_project_prerequisites(self, id: str, sbom: Bom):
+    def check_project_prerequisites(self, id: str, sbom: Optional[Bom]) -> None:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         try:
             project = self.client.get_project(id)
         except Exception as ex:
             print_red("Error retrieving project details: \n" + repr(ex))
             sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
+        if not project:
+            print_red("Error retrieving project details")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         print_text("  Project name: " + project["name"] + ", " + project["version"])
         print_text("  Clearing state: " + project.get("clearingState", "UNKNOWN"))
 
@@ -142,6 +155,10 @@ def check_project_prerequisites(self, id: str, sbom: Bom):
             for key in releases:
                 href = key["_links"]["self"]["href"]
                 release = self.client.get_release_by_url(href)
+                if not release:
+                    print_red("Error accessign release " + href)
+                    continue
+
                 state = self.get_clearing_state(project, href)
 
                 print_text("    " + key["name"] + ", " + key["version"] + ": " + state)
@@ -233,7 +250,7 @@ def check_project_prerequisites(self, id: str, sbom: Bom):
         else:
             print_text("    No linked releases")
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
@@ -285,8 +302,8 @@ def run(self, args):
             if args.verbose:
                 print_text(" ", self.get_comp_count_text(sbom), "read from SBOM")
 
-        name = args.name
-        version = None
+        name: str = args.name
+        version: str = ""
         if args.version:
             version = args.version
 
diff --git a/capycli/project/create_bom.py b/capycli/project/create_bom.py
index f3c2871..456fc38 100644
--- a/capycli/project/create_bom.py
+++ b/capycli/project/create_bom.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2021-2023 Siemens
+# Copyright (c) 2021-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -8,11 +8,13 @@
 
 import logging
 import sys
+from typing import Any, Dict, List
 
-import sw360
 from cyclonedx.model import ExternalReferenceType, HashAlgorithm
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
+from packageurl import PackageURL
+from sw360 import SW360Error
 
 import capycli.common.script_base
 from capycli import get_logger
@@ -27,26 +29,29 @@
 class CreateBom(capycli.common.script_base.ScriptBase):
     """Create a SBOM for a project on SW360."""
 
-    def get_external_id(self, name: str, release_details: dict):
+    def get_external_id(self, name: str, release_details: Dict[str, Any]) -> str:
         """Returns the external id with the given name or None."""
         if "externalIds" not in release_details:
-            return None
+            return ""
 
         return release_details["externalIds"].get(name, "")
 
-    def get_clearing_state(self, proj, href) -> str:
+    def get_clearing_state(self, proj: Dict[str, Any], href: str) -> str:
         """Returns the clearing state of the given component/release"""
         rel = proj["linkedReleases"]
         for key in rel:
             if key["release"] == href:
                 return key["mainlineState"]
 
-        return None
+        return ""
 
-    def create_project_bom(self, project) -> list:
-        bom = []
+    def create_project_bom(self, project: Dict[str, Any]) -> List[Component]:
+        bom: List[Component] = []
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
-        releases = project["_embedded"].get("sw360:releases", [])
+        releases: List[Dict[str, Any]] = project["_embedded"].get("sw360:releases", [])
         releases.sort(key=lambda s: s["name"].lower())
         for release in releases:
             print_text("   ", release["name"], release["version"])
@@ -54,20 +59,24 @@ def create_project_bom(self, project) -> list:
 
             try:
                 release_details = self.client.get_release_by_url(href)
+                if not release_details:
+                    print_red("    ERROR: unable to access release:" + href)
+                    sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
                 purl = self.get_external_id("package-url", release_details)
                 if not purl:
                     # try another id name
                     purl = self.get_external_id("purl", release_details)
 
-                purl = PurlUtils.parse_purls_from_external_id(purl)
-                if len(purl) > 1:
+                purls = PurlUtils.parse_purls_from_external_id(purl)
+                if len(purls) > 1:
                     print_yellow("      Multiple purls added for", release["name"], release["version"])
                     print_yellow("      You must remove all but one in your SBOM!")
-                purl = " ".join(purl)
+                purl = " ".join(purls)
 
                 if purl:
-                    rel_item = Component(name=release["name"], version=release["version"], purl=purl, bom_ref=purl)
+                    rel_item = Component(name=release["name"], version=release["version"],
+                                         purl=PackageURL.from_string(purl), bom_ref=purl)
                 else:
                     rel_item = Component(name=release["name"], version=release["version"])
 
@@ -88,18 +97,19 @@ def create_project_bom(self, project) -> list:
                                                      comment, release_details[key])
 
                 if "repository" in release_details and "url" in release_details["repository"]:
-                    CycloneDxSupport.set_ext_ref(rel_item, ExternalReferenceType.VCS, comment=None,
+                    CycloneDxSupport.set_ext_ref(rel_item, ExternalReferenceType.VCS, comment="",
                                                  value=release_details["repository"]["url"])
 
                 for at_type, comment in (("SOURCE", CaPyCliBom.SOURCE_FILE_COMMENT),
                                          ("BINARY", CaPyCliBom.BINARY_FILE_COMMENT)):
-                    attachments = self.get_release_attachments(release_details, (at_type, at_type + "_SELF"))
+                    attachments = self.get_release_attachments(release_details,
+                                                               (at_type, at_type + "_SELF"))  # type: ignore
                     for attachment in attachments:
                         CycloneDxSupport.set_ext_ref(rel_item, ExternalReferenceType.DISTRIBUTION,
                                                      comment, attachment["filename"],
-                                                     HashAlgorithm.SHA_1, attachment.get("sha1"))
+                                                     HashAlgorithm.SHA_1, attachment.get("sha1", ""))
 
-            except sw360.SW360Error as swex:
+            except SW360Error as swex:
                 print_red("    ERROR: unable to access project:" + repr(swex))
                 sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
@@ -121,12 +131,19 @@ def create_project_bom(self, project) -> list:
 
         return bom
 
-    def create_project_cdx_bom(self, project_id) -> Bom:
+    def create_project_cdx_bom(self, project_id: str) -> Bom:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         try:
             project = self.client.get_project(project_id)
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
             print_red("  ERROR: unable to access project:" + repr(swex))
             sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+        if not project:
+            print_red("  ERROR: unable to access project")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         print_text("  Project name: " + project["name"] + ", " + project["version"])
 
@@ -134,12 +151,12 @@ def create_project_cdx_bom(self, project_id) -> Bom:
 
         creator = SbomCreator()
         sbom = creator.create(cdx_components, addlicense=True, addprofile=True, addtools=True,
-                              name=project.get("name"), version=project.get("version"),
-                              description=project.get("description"), addprojectdependencies=True)
+                              name=project.get("name", ""), version=project.get("version", ""),
+                              description=project.get("description", ""), addprojectdependencies=True)
 
         return sbom
 
-    def show_command_help(self):
+    def show_command_help(self) -> None:
         print("\nusage: CaPyCli project createbom [options]")
         print("Options:")
         print("""
@@ -154,7 +171,7 @@ def show_command_help(self):
 
         print()
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
@@ -177,8 +194,8 @@ def run(self, args):
             print_red("ERROR: login failed!")
             sys.exit(ResultCode.RESULT_AUTH_ERROR)
 
-        name = args.name
-        version = None
+        name: str = args.name
+        version: str = ""
         if args.version:
             version = args.version
 
diff --git a/capycli/project/create_project.py b/capycli/project/create_project.py
index 12025c2..cf18a0d 100644
--- a/capycli/project/create_project.py
+++ b/capycli/project/create_project.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-2023 Siemens
+# Copyright (c) 2019-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -9,11 +9,11 @@
 import logging
 import os
 import sys
-from typing import List
+from typing import Any, Dict, List, Optional
 
 import requests
-import sw360
 from cyclonedx.model.bom import Bom
+from sw360 import SW360Error
 
 import capycli.common.script_base
 from capycli import get_logger
@@ -29,7 +29,7 @@ class CreateProject(capycli.common.script_base.ScriptBase):
     Create or update a project on SW360.
     """
 
-    def __init__(self, onlyUpdateProject=False):
+    def __init__(self, onlyUpdateProject: bool = False) -> None:
         self.onlyUpdateProject = onlyUpdateProject
 
     def bom_to_release_list(self, sbom: Bom) -> List[str]:
@@ -40,16 +40,20 @@ def bom_to_release_list(self, sbom: Bom) -> List[str]:
             rid = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_SW360ID)
             if not rid:
                 print_red(
-                    + "No SW360 id given for " + cx_comp.name
-                    + ", " + cx_comp.version)
+                    "No SW360 id given for " + str(cx_comp.name)
+                    + ", " + str(cx_comp.version))
                 continue
 
             linkedReleases.append(rid)
 
         return linkedReleases
 
-    def update_project(self, project_id: str, project: dict, sbom: Bom, project_info: dict) -> None:
+    def update_project(self, project_id: str, project: Optional[Dict[str, Any]],
+                       sbom: Bom, project_info: Dict[str, Any]) -> None:
         """Update an existing project with the given SBOM"""
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         data = self.bom_to_release_list(sbom)
 
@@ -67,7 +71,8 @@ def update_project(self, project_id: str, project: dict, sbom: Bom, project_info
                     "  " + str(len(project["_embedded"]["sw360:releases"])) +
                     " releases in project before update")
 
-            result = self.client.update_project_releases(data, project_id, add=self.onlyUpdateProject)
+            # note: type in sw360python, 1.4.0 is wrong - we are using the correct one!
+            result = self.client.update_project_releases(data, project_id, add=self.onlyUpdateProject)  # type: ignore
             if not result:
                 print_red("  Error updating project releases!")
             project = self.client.get_project(project_id)
@@ -81,11 +86,14 @@ def update_project(self, project_id: str, project: dict, sbom: Bom, project_info
                         print_yellow("  You might want to call `project prerequisites` to check difference")
 
             if project_info:
-                result = self.client.update_project(project_info, project_id, add_subprojects=self.onlyUpdateProject)
-                if not result:
+                result2 = self.client.update_project(project_info, project_id, add_subprojects=self.onlyUpdateProject)
+                if not result2:
                     print_red("  Error updating project!")
 
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
+            if swex.response is None:
+                print_red("  Unknown error: " + swex.message)
+                sys.exit(ResultCode.RESULT_AUTH_ERROR)
             if swex.response.status_code == requests.codes["unauthorized"]:
                 print_red("  You are not authorized!")
                 sys.exit(ResultCode.RESULT_AUTH_ERROR)
@@ -93,11 +101,14 @@ def update_project(self, project_id: str, project: dict, sbom: Bom, project_info
                 print_red("  You are not authorized - do you have a valid write token?")
                 sys.exit(ResultCode.RESULT_AUTH_ERROR)
 
-    def update_project_version(self, project_id: str, project: dict, new_version: str) -> None:
+    def update_project_version(self, project_id: str, project: Dict[str, Any], new_version: str) -> None:
         """Update an existing project with the given SBOM and version"""
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         """Update project metadata based on existing metadata. This will only change the version"""
-        data = {}
+        data: Dict[str, Any] = {}
         data["description"] = project.get("description", "")
         data["businessUnit"] = project.get("businessUnit", "")
         data["tag"] = project.get("tag", "")
@@ -109,8 +120,8 @@ def update_project_version(self, project_id: str, project: dict, new_version: st
         data["version"] = new_version
         data["moderators"] = []
 
-        if project.get("_embedded").get("sw360:moderators"):
-            moderators = project.get("_embedded").get("sw360:moderators")
+        if project.get("_embedded", {}).get("sw360:moderators"):
+            moderators = project.get("_embedded", {}).get("sw360:moderators")
             moderator_emails = []
             for moderator in moderators:
                 moderator_email = moderator.get("email")
@@ -120,9 +131,9 @@ def update_project_version(self, project_id: str, project: dict, new_version: st
 
         self.client.update_project(data, project_id)
 
-    def bom_to_release_list_new(self, sbom: Bom) -> dict:
+    def bom_to_release_list_new(self, sbom: Bom) -> Dict[str, Any]:
         """Creates a list with linked releases for a NEW project"""
-        linkedReleases = {}
+        linkedReleases: Dict[str, Any] = {}
 
         for cx_comp in sbom.components:
             rid = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_SW360ID)
@@ -132,7 +143,7 @@ def bom_to_release_list_new(self, sbom: Bom) -> dict:
                     + ", " + cx_comp.version)
                 continue
 
-            linkedRelease = {}
+            linkedRelease: Dict[str, Any] = {}
             linkedRelease["mainlineState"] = "SPECIFIC"
             linkedRelease["releaseRelation"] = "DYNAMICALLY_LINKED"
             linkedRelease["setMainlineState"] = True
@@ -141,9 +152,12 @@ def bom_to_release_list_new(self, sbom: Bom) -> dict:
 
         return linkedReleases
 
-    def upload_attachments(self, attachments):
+    def upload_attachments(self, attachments: List[Dict[str, Any]]) -> None:
         """Upload attachments to project"""
         print("  Upload attachments to project")
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         project_attachments = self.client.get_attachment_infos_for_project(self.project_id)
 
@@ -174,8 +188,11 @@ def upload_attachments(self, attachments):
                 self.client.upload_project_attachment(self.project_id, attachment['file'], "OTHER")
                 print_text("  Uploaded attachment " + attachment['file'])
 
-    def create_project(self, name: str, version: str, sbom: Bom, project_info: dict) -> None:
+    def create_project(self, name: str, version: str, sbom: Bom, project_info: Dict[str, Any]) -> None:
         """Create a new project with the given SBOM"""
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         data = project_info
         data["name"] = name
@@ -202,14 +219,17 @@ def create_project(self, name: str, version: str, sbom: Bom, project_info: dict)
                 self.project_id = str(result['_links']['self']['href']).split('/')[-1]
                 print("  Project created: " + self.project_id)
 
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
+            if swex.response is None:
+                print_red("  Unknown error: " + swex.message)
+                sys.exit(ResultCode.RESULT_AUTH_ERROR)
             if swex.response.status_code == requests.codes["unauthorized"]:
                 print_red("  You are not authorized!")
                 sys.exit(ResultCode.RESULT_AUTH_ERROR)
             elif swex.response.status_code == requests.codes["forbidden"]:
                 print_red("  You are not authorized - do you have a valid write token?")
                 sys.exit(ResultCode.RESULT_AUTH_ERROR)
-            else:
+            elif swex.details:
                 print_red(
                     str(swex.details.get("status", "")) + " " +
                     swex.details.get("error", "Error") + ": " +
@@ -219,7 +239,7 @@ def create_project(self, name: str, version: str, sbom: Bom, project_info: dict)
             print_red("  General error creating project " + repr(ex))
             sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
@@ -281,6 +301,10 @@ def run(self, args):
             print_red("ERROR: login failed!")
             sys.exit(ResultCode.RESULT_AUTH_ERROR)
 
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         print_text("Loading SBOM file", args.inputfile)
         try:
             sbom = CaPyCliBom.read_sbom(args.inputfile)
@@ -291,7 +315,7 @@ def run(self, args):
         if args.verbose:
             print_text(" ", self.get_comp_count_text(sbom), "read from SBOM")
 
-        info = None
+        info: Dict[str, Any] = {}
         if args.source:
             print("Reading project information", args.source)
             try:
@@ -317,12 +341,12 @@ def run(self, args):
             print("Updating project...")
             try:
                 project = self.client.get_project(self.project_id)
-            except sw360.SW360Error as swex:
+            except SW360Error as swex:
                 print_red("  ERROR: unable to access project:" + repr(swex))
                 sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
             self.update_project(self.project_id, project, sbom, info)
-            if is_update_version:
+            if is_update_version and project:
                 self.update_project_version(self.project_id, project, args.version)
         else:
             if self.onlyUpdateProject:
diff --git a/capycli/project/create_readme.py b/capycli/project/create_readme.py
index e54aafe..8ea3ad8 100644
--- a/capycli/project/create_readme.py
+++ b/capycli/project/create_readme.py
@@ -11,8 +11,10 @@
 import os
 import platform
 import sys
+from io import TextIOWrapper
+from typing import Any, Dict, List
 
-import cli_support
+from cli_support import CliFile, LicenseTools
 
 import capycli.common.script_base
 from capycli import get_logger
@@ -36,7 +38,7 @@ def __init__(self) -> None:
             self.lineend = "\n"
 
     @staticmethod
-    def element_has_not_readme_tag(element: object) -> bool:
+    def element_has_not_readme_tag(element: Any) -> bool:
         """Determines whether the specified item has a
         'not for Readme_OSS' tag."""
         if len(element.tags) == 0:
@@ -44,7 +46,7 @@ def element_has_not_readme_tag(element: object) -> bool:
 
         tags = element.tags[0].split(",")
         for tag in tags:
-            if tag.upper() == cli_support.LicenseTools.NOT_README_TAG:
+            if tag.upper() == LicenseTools.NOT_README_TAG:
                 return True
 
         return False
@@ -57,7 +59,7 @@ def license_has_not_readme_tag(lic: object) -> bool:
     def component_has_not_readme_tag(comp: object) -> bool:
         return CreateReadmeOss.element_has_not_readme_tag(comp)
 
-    def write_start(self, htmlfile) -> None:
+    def write_start(self, htmlfile: TextIOWrapper) -> None:
         """Writes the start tags."""
         htmlfile.write('<?xml version="1.0" encoding="utf - 8" ?>' + self.lineend)
         htmlfile.write(
@@ -66,7 +68,7 @@ def write_start(self, htmlfile) -> None:
             + self.lineend)
         htmlfile.write('<html xmlns="http://www.w3.org/1999/xhtml">' + self.lineend)
 
-    def write_header(self, htmlfile) -> None:
+    def write_header(self, htmlfile: TextIOWrapper) -> None:
         """Writes the header tags."""
         htmlfile.write("<head>" + self.lineend)
         htmlfile.write(
@@ -136,15 +138,15 @@ def write_header(self, htmlfile) -> None:
         htmlfile.write("</title>" + self.lineend)
         htmlfile.write("</head>" + self.lineend)
 
-    def start_body(self, htmlfile) -> None:
+    def start_body(self, htmlfile: TextIOWrapper) -> None:
         """Write the start body tag."""
         htmlfile.write("<body>" + self.lineend)
 
-    def write_title_heading(self, htmlfile, title: str) -> None:
+    def write_title_heading(self, htmlfile: TextIOWrapper, title: str) -> None:
         """Write the title."""
         htmlfile.write("<h1>" + title + "</h1>" + self.lineend)
 
-    def write_preamble(self, config: dict, htmlfile) -> None:
+    def write_preamble(self, config: Dict[str, Any], htmlfile: TextIOWrapper) -> None:
         """Writes the legal preamble."""
         company = config.get("CompanyName", "YOUR COMPANY")
         htmlfile.write("<h2>Open Source Software</h2>" + self.lineend)
@@ -236,7 +238,7 @@ def write_preamble(self, config: dict, htmlfile) -> None:
             + self.lineend)
         htmlfile.write("<br />" + self.lineend)
 
-    def write_release_overview(self, htmlfile, cli_files) -> None:
+    def write_release_overview(self, htmlfile: TextIOWrapper, cli_files: List[CliFile]) -> None:
         """Writes the release overview."""
         htmlfile.write('<h2 id="releaseHeader">Releases</h2>' + self.lineend)
         htmlfile.write('<ul id="releaseOverview">' + self.lineend)
@@ -272,14 +274,14 @@ def get_reference_from_name(self, name: str) -> str:
         result = name.replace(" ", "_")
         return result
 
-    def write_sub_project_info(self, htmlfile, cli_files) -> None:
+    def write_sub_project_info(self, htmlfile: TextIOWrapper, cli_files: List[CliFile]) -> None:
         """Writes the sub project information."""
 
         # NOT YET IMPLEMENTED
 
         pass
 
-    def write_release_info(self, htmlfile, cli_files) -> None:
+    def write_release_info(self, htmlfile: TextIOWrapper, cli_files: List[CliFile]) -> None:
         """Writes the release information."""
         htmlfile.write("<p>" + self.lineend)
         htmlfile.write("<strong>" + self.lineend)
@@ -301,14 +303,14 @@ def write_release_info(self, htmlfile, cli_files) -> None:
 
         htmlfile.write("</ul>" + self.lineend)
 
-    def write_single_sub_project_info(self, htmlfile) -> None:
+    def write_single_sub_project_info(self, htmlfile: TextIOWrapper) -> None:
         """Writes the single sub-project information."""
 
         # NOT YET IMPLEMENTED
 
         pass
 
-    def write_single_release_info(self, htmlfile, clifile) -> None:
+    def write_single_release_info(self, htmlfile: TextIOWrapper, clifile: CliFile) -> None:
         """Writes the single release information."""
         htmlfile.write(
             '<li id="'
@@ -362,7 +364,7 @@ def html_escape(self, text: str) -> str:
 
         return text
 
-    def write_copyrights(self, htmlfile, clifile) -> None:
+    def write_copyrights(self, htmlfile: TextIOWrapper, clifile: CliFile) -> None:
         """Writes the copyrights."""
         if len(clifile.copyrights) < 1:
             return
@@ -376,7 +378,7 @@ def write_copyrights(self, htmlfile, clifile) -> None:
         htmlfile.write("</pre>" + self.lineend)
         htmlfile.write(self.lineend)
 
-    def release_has_acknowledgements(self, clifile) -> bool:
+    def release_has_acknowledgements(self, clifile: CliFile) -> bool:
         """Determines whether the given release has acknowledgements."""
         for lic in clifile.licenses:
             if len(lic.acknowledgements) > 0:
@@ -384,7 +386,7 @@ def release_has_acknowledgements(self, clifile) -> bool:
 
         return False
 
-    def write_acknowledgements(self, htmlfile, clifile) -> None:
+    def write_acknowledgements(self, htmlfile: TextIOWrapper, clifile: CliFile) -> None:
         """Writes the acknowledgements."""
         if not self.release_has_acknowledgements(clifile):
             return
@@ -402,7 +404,7 @@ def write_acknowledgements(self, htmlfile, clifile) -> None:
         htmlfile.write("</pre>" + self.lineend)
         htmlfile.write("\n" + self.lineend)
 
-    def write_licenses(self, htmlfile, clifile) -> None:
+    def write_licenses(self, htmlfile: TextIOWrapper, clifile: CliFile) -> None:
         """Writes the licenses."""
         htmlfile.write(self.lineend)
         htmlfile.write("<b>Licenses:<br /></b>" + self.lineend)
@@ -437,19 +439,19 @@ def write_licenses(self, htmlfile, clifile) -> None:
         htmlfile.write("</ul>" + self.lineend)
         htmlfile.write(self.lineend)
 
-    def end_body_and_finish(self, htmlfile) -> None:
+    def end_body_and_finish(self, htmlfile: TextIOWrapper) -> None:
         htmlfile.write("</body>" + self.lineend)
         htmlfile.write("</html>" + self.lineend)
 
-    def read_config_file(self, filename: str) -> dict:
+    def read_config_file(self, filename: str) -> Dict[str, Any]:
         with open(filename) as file:
             text = file.read()
             config = json.loads(text)
         return config
 
-    def read_cli_files(self, config: dict) -> list:
+    def read_cli_files(self, config: Dict[str, Any]) -> List[CliFile]:
         """Reads all CLI files"""
-        cli_files = []
+        cli_files: List[CliFile] = []
         unique_components = []
         for file in config["Components"]:
             component_name = file["ComponentName"]
@@ -460,7 +462,7 @@ def read_cli_files(self, config: dict) -> list:
             filename = file["CliFile"]
             if os.path.isfile(filename):
                 print_text("    Reading", component_name, "...")
-                clifile = cli_support.CLI.CliFile()
+                clifile = CliFile()
                 try:
                     clifile.read_from_file(filename)
                 except Exception as ex:
@@ -472,13 +474,13 @@ def read_cli_files(self, config: dict) -> list:
                 cli_files.append(clifile)
             else:
                 print_yellow("    No data available for " + component_name)
-                clifile = cli_support.CLI.CliFile()
+                clifile = CliFile()
                 clifile.component = component_name
                 cli_files.append(clifile)
 
         return cli_files
 
-    def create_readme(self, cli_files: list, output_filename: str, config: dict) -> None:
+    def create_readme(self, cli_files: List[CliFile], output_filename: str, config: Dict[str, Any]) -> None:
         """Generates the readme."""
         htmlfile = open(output_filename, "w", encoding="utf-8")
         self.write_start(htmlfile)
@@ -504,7 +506,7 @@ def show_command_help(self) -> None:
 
         print()
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/project/find_project.py b/capycli/project/find_project.py
index 17e35c4..a845271 100644
--- a/capycli/project/find_project.py
+++ b/capycli/project/find_project.py
@@ -9,6 +9,7 @@
 import logging
 import sys
 import traceback
+from typing import Any, Dict, Optional
 
 import requests
 import sw360
@@ -23,7 +24,11 @@
 class FindProject(capycli.common.script_base.ScriptBase):
     """Find projects by name on SW360"""
 
-    def list_projects(self, name, version):
+    def list_projects(self, name: str, version: str) -> Any:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         try:
             print_text("  Searching for projects by name")
             projects = self.client.get_projects_by_name(name)
@@ -41,10 +46,18 @@ def list_projects(self, name, version):
                 repr(ex) + "\n" +
                 str(traceback.format_exc()))
 
-    def display_project(self, project, pid=-1):
+    def display_project(self, project: Optional[Dict[str, Any]], pid: str = "") -> None:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         if not project:
             project = self.client.get_project(pid)
 
+        if not project:
+            print_red("Cannot read project!")
+            return
+
         href = project["_links"]["self"]["href"]
         if "version" not in project:
             print_text(
@@ -55,7 +68,11 @@ def display_project(self, project, pid=-1):
                 "    " + project["name"] + ", " + project["version"] +
                 " => ID = " + self.client.get_id_from_href(href))
 
-    def check_project_id(self, project_id):
+    def check_project_id(self, project_id: str) -> None:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         try:
             project = self.client.get_project(project_id)
             if not project:
@@ -66,7 +83,9 @@ def check_project_id(self, project_id):
                 "Project found, name = " + project["name"] +
                 ", version = " + project["version"])
         except sw360.SW360Error as swex:
-            if swex.response.status_code == requests.codes['not_found']:
+            if swex.response is None:
+                print_red("Unknown error: " + swex.message)
+            elif swex.response.status_code == requests.codes['not_found']:
                 print_yellow(f"Project with id {project_id} not found!")
             else:
                 print_red("Error retrieving project data.")
@@ -76,7 +95,7 @@ def check_project_id(self, project_id):
         except Exception as ex:
             print_yellow("Error searching for project: " + repr(ex))
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
@@ -105,8 +124,8 @@ def run(self, args):
             print_red("ERROR: login failed!")
             sys.exit(ResultCode.RESULT_AUTH_ERROR)
 
-        name = args.name
-        version = None
+        name: str = args.name
+        version: str = ""
         if args.version:
             version = args.version
 
diff --git a/capycli/project/get_license_info.py b/capycli/project/get_license_info.py
index 40b12a8..5b869fa 100644
--- a/capycli/project/get_license_info.py
+++ b/capycli/project/get_license_info.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2019-23 Siemens
+# Copyright (c) 2019-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -10,8 +10,9 @@
 import logging
 import os
 import sys
+from typing import Any, Dict, List
 
-import sw360
+from sw360 import SW360Error
 
 import capycli.common.script_base
 from capycli.common.json_support import load_json_file
@@ -26,20 +27,27 @@ class GetLicenseInfo(capycli.common.script_base.ScriptBase):
     """
     Get license info on all project components.
     """
-    def get_cli_files_for_release(self, release: dict, folder: str, no_overwrite: bool) -> list:
+    def get_cli_files_for_release(self, release: Dict[str, Any],
+                                  folder: str, no_overwrite: bool) -> List[Dict[str, Any]]:
         """Find all CLI file attachments for the given release, download them and return
         a list with the file information."""
-        files = []
+        files: List[Dict[str, Any]] = []
         if "_embedded" not in release:
             return files
 
         if "sw360:attachments" not in release["_embedded"]:
             return files
 
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         attachment_infos = release["_embedded"]["sw360:attachments"]
         for key in attachment_infos:
             att_href = key["_links"]["self"]["href"]
             attachment = self.client.get_attachment_by_url(att_href)
+            if not attachment:
+                continue
             if not attachment["attachmentType"] == "COMPONENT_LICENSE_INFO_XML":
                 continue
 
@@ -69,17 +77,25 @@ def get_project_info(
             destination: str,
             no_overwrite: bool,
             use_all_files: bool,
-            config_file: str) -> dict:
+            config_file: str) -> Dict[str, Any]:
         """Downloads all CLI files and generates a configuration file for
         Readme_OSS generation"""
-        rdm_info = {}
+        rdm_info: Dict[str, Any] = {}
+
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         try:
             self.project = self.client.get_project(project_id)
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
             print_red("  ERROR: unable to access project: " + repr(swex))
             sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
+        if not self.project:
+            print_red("  ERROR: unable to access project")
+            return {}
+
         rdm_info["ProjectName"] = ScriptSupport.get_full_name_from_dict(
             self.project, "name", "version")
         rdm_info["Format"] = 2  # = HTML
@@ -113,6 +129,9 @@ def get_project_info(
             for key in releases:
                 href = key["_links"]["self"]["href"]
                 release = self.client.get_release_by_url(href)
+                if not release:
+                    print_red("  ERROR: unable to access release")
+                    continue
 
                 component_name = release["name"]
                 if "version" in release:
@@ -174,7 +193,7 @@ def show_command_help(self) -> None:
         print()
 
     @classmethod
-    def write_result(cls, result: dict, filename: str, no_overwrite: bool) -> None:
+    def write_result(cls, result: Dict[str, Any], filename: str, no_overwrite: bool) -> None:
         """Write the Readme_OSS configuration to a JSON file"""
         if no_overwrite and os.path.isfile(filename):
             print_text("  Existing file '" + filename + "' will not be overwritten.")
@@ -183,7 +202,7 @@ def write_result(cls, result: dict, filename: str, no_overwrite: bool) -> None:
         with open(filename, "w") as outfile:
             json.dump(result, outfile, indent=2)
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/capycli/project/handle_project.py b/capycli/project/handle_project.py
index 9d80270..8c10bf8 100644
--- a/capycli/project/handle_project.py
+++ b/capycli/project/handle_project.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import sys
+from typing import Any
 
 import capycli.project.check_prerequisites
 import capycli.project.create_bom
@@ -22,7 +23,7 @@
 from capycli.main.result_codes import ResultCode
 
 
-def run_project_command(args):
+def run_project_command(args: Any) -> None:
     command = args.command[0].lower()
     if command != "project":
         return
@@ -56,62 +57,62 @@ def run_project_command(args):
 
     if subcommand == "show":
         """Show the project details."""
-        app = capycli.project.show_project.ShowProject()
-        app.run(args)
+        app2 = capycli.project.show_project.ShowProject()
+        app2.run(args)
         return
 
     if subcommand == "prerequisites":
         """Checks whether all prerequisites for a successfull software clearing are fulfilled."""
-        app = capycli.project.check_prerequisites.CheckPrerequisites()
-        app.run(args)
+        app3 = capycli.project.check_prerequisites.CheckPrerequisites()
+        app3.run(args)
         return
 
     if subcommand == "licenses":
         """Show licenses of all cleared components."""
-        app = capycli.project.show_licenses.ShowLicenses()
-        app.run(args)
+        app4 = capycli.project.show_licenses.ShowLicenses()
+        app4.run(args)
         return
 
     if subcommand == "getlicenseinfo":
         """Get license info on all project components."""
-        app = capycli.project.get_license_info.GetLicenseInfo()
-        app.run(args)
+        app5 = capycli.project.get_license_info.GetLicenseInfo()
+        app5.run(args)
         return
 
     if subcommand == "createreadme":
         """Create a Readme_OSS."""
-        app = capycli.project.create_readme.CreateReadmeOss()
-        app.run(args)
+        app6 = capycli.project.create_readme.CreateReadmeOss()
+        app6.run(args)
         return
 
     if subcommand == "create":
         """Create or update a project on SW360."""
-        app = capycli.project.create_project.CreateProject()
-        app.run(args)
+        app7 = capycli.project.create_project.CreateProject()
+        app7.run(args)
         return
 
     if subcommand == "update":
         """Update a project on SW360, preserving existing releases."""
-        app = capycli.project.create_project.CreateProject(onlyUpdateProject=True)
-        app.run(args)
+        app8 = capycli.project.create_project.CreateProject(onlyUpdateProject=True)
+        app8.run(args)
         return
 
     if subcommand == "createbom":
         """Create a SBOM for a project on SW360."""
-        app = capycli.project.create_bom.CreateBom()
-        app.run(args)
+        app9 = capycli.project.create_bom.CreateBom()
+        app9.run(args)
         return
 
     if subcommand == "vulnerabilities":
         """Show security vulnerabilities of a project."""
-        app = capycli.project.show_vulnerabilities.ShowSecurityVulnerability()
-        app.run(args)
+        app10 = capycli.project.show_vulnerabilities.ShowSecurityVulnerability()
+        app10.run(args)
         return
 
     if subcommand == "ecc":
         """Show export control status of a project."""
-        app = capycli.project.show_ecc.ShowExportControlStatus()
-        app.run(args)
+        app11 = capycli.project.show_ecc.ShowExportControlStatus()
+        app11.run(args)
         return
 
     print_red("Unknown sub-command: " + subcommand)
diff --git a/capycli/project/show_ecc.py b/capycli/project/show_ecc.py
index 644c8c7..20749d8 100644
--- a/capycli/project/show_ecc.py
+++ b/capycli/project/show_ecc.py
@@ -8,6 +8,7 @@
 
 import logging
 import sys
+from typing import Any, Dict
 
 import sw360
 
@@ -22,7 +23,7 @@
 class ShowExportControlStatus(capycli.common.script_base.ScriptBase):
     """Show project export control details."""
 
-    def show_project_status(self, result: dict):
+    def show_project_status(self, result: Dict[str, Any]) -> None:
         if not result:
             return
 
@@ -70,11 +71,15 @@ def show_project_status(self, result: dict):
         else:
             print_text("    No linked releases")
 
-    def get_project_status(self, project_id: str):
+    def get_project_status(self, project_id: str) -> Dict[str, Any]:
         """Get the project status for the project with the specified id"""
         print_text("Retrieving project details...")
         result = {}
 
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         try:
             self.project = self.client.get_project(project_id)
         except sw360.SW360Error as swex:
@@ -119,6 +124,10 @@ def get_project_status(self, project_id: str):
 
                 try:
                     release_details = self.client.get_release_by_url(href)
+                    if not release_details:
+                        print_red("  ERROR: unable toget release")
+                        continue
+
                     # capycli.common.json_support.print_json(release_details)
                     eccinfo = release_details.get("eccInformation", {})
                     rel_item["EccStatus"] = eccinfo.get("eccStatus", "UNKNOWN")
@@ -143,7 +152,7 @@ def get_project_status(self, project_id: str):
 
         return result
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
@@ -173,9 +182,9 @@ def run(self, args):
             print_red("ERROR: login failed!")
             sys.exit(ResultCode.RESULT_AUTH_ERROR)
 
-        name = args.name
-        version = None
-        pid = None
+        name: str = args.name
+        version: str = ""
+        pid: str = ""
         if args.version:
             version = args.version
 
diff --git a/capycli/project/show_licenses.py b/capycli/project/show_licenses.py
index ea824e1..fc2bfeb 100644
--- a/capycli/project/show_licenses.py
+++ b/capycli/project/show_licenses.py
@@ -11,8 +11,9 @@
 import shutil
 import sys
 import traceback
+from typing import Any, Dict, List
 
-import cli_support
+from cli_support import CliFile
 from colorama import Fore, Style
 
 import capycli.common.script_base
@@ -26,12 +27,12 @@ class ShowLicenses(capycli.common.script_base.ScriptBase):
     TEMPFOLDER = ".\\_cli_temp_"
 
     """Show licenses of all cleared compponents."""
-    def __init__(self):
-        self.nodelete = False
-        self.global_license_list = []
+    def __init__(self) -> None:
+        self.nodelete: bool = False
+        self.global_license_list: List[str] = []
 
     @classmethod
-    def ensure_dir(cls, folder_path):
+    def ensure_dir(cls, folder_path: str) -> None:
         """Ensures that the given path exists"""
         if not os.path.exists(folder_path):
             os.makedirs(folder_path)
@@ -40,7 +41,7 @@ def ensure_dir(cls, folder_path):
             print_red("  Unable to create temp folder!")
 
     @classmethod
-    def print_license_list(cls, license_list):
+    def print_license_list(cls, license_list: List[str]) -> None:
         """Displays the licenses color-coded"""
         for lic in license_list:
             color = Fore.RESET
@@ -64,8 +65,12 @@ def print_license_list(cls, license_list):
 
         print(Style.RESET_ALL)
 
-    def process_release(self, release, tempfolder):
+    def process_release(self, release: Dict[str, Any], tempfolder: str) -> None:
         """Processes a single release"""
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         if "_embedded" not in release:
             print_red("    No license information available!")
             return
@@ -79,6 +84,8 @@ def process_release(self, release, tempfolder):
         for key in attachment_infos:
             att_href = key["_links"]["self"]["href"]
             attachment = self.client.get_attachment_by_url(att_href)
+            if not attachment:
+                continue
             if attachment.get("attachmentType", "") != "COMPONENT_LICENSE_INFO_XML":
                 continue
 
@@ -97,7 +104,7 @@ def process_release(self, release, tempfolder):
             print_yellow("    No CLI file found!")
             return
 
-        clifile = cli_support.CLI.CliFile()
+        clifile = CliFile()
 
         try:
             clifile.read_from_file(cli_filename)
@@ -113,7 +120,11 @@ def process_release(self, release, tempfolder):
 
         self.print_license_list(license_list)
 
-    def show_licenses(self, id):
+    def show_licenses(self, id: str) -> None:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         tempfolder = self.TEMPFOLDER
         self.ensure_dir(tempfolder)
 
@@ -126,6 +137,10 @@ def show_licenses(self, id):
                 str(traceback.format_exc()))
             sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
+        if not project:
+            print_red("Unable to read project!")
+            return
+
         print_text("  Project name: " + project["name"] + ", " + project["version"])
         print_text("  Project owner: " + project["projectOwner"])
         print_text("  Clearing state: " + project["clearingState"])
@@ -141,11 +156,13 @@ def show_licenses(self, id):
                 href = key["_links"]["self"]["href"]
                 print_text("\n  " + key["name"] + ", " + key["version"])
                 release = self.client.get_release_by_url(href)
-
-                try:
-                    self.process_release(release, tempfolder)
-                except Exception as ex:
-                    print_red("Error processing release: \n" + repr(ex))
+                if not release:
+                    print_red("Error processing release")
+                else:
+                    try:
+                        self.process_release(release, tempfolder)
+                    except Exception as ex:
+                        print_red("Error processing release: \n" + repr(ex))
 
             print_text("\nLicense summary:")
             self.print_license_list(self.global_license_list)
@@ -155,7 +172,7 @@ def show_licenses(self, id):
         if not self.nodelete:
             shutil.rmtree(tempfolder)
 
-    def show_command_help(self):
+    def show_command_help(self) -> None:
         print("\nusage: CaPyCli project licenses [options]")
         print("Options:")
         print("""
@@ -169,7 +186,7 @@ def show_command_help(self):
 
         print()
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
@@ -192,8 +209,8 @@ def run(self, args):
             print_red("ERROR: login failed!")
             sys.exit(ResultCode.RESULT_AUTH_ERROR)
 
-        name = args.name
-        version = None
+        name: str = args.name
+        version: str = ""
         if args.version:
             version = args.version
 
diff --git a/capycli/project/show_project.py b/capycli/project/show_project.py
index 7d839d9..d421dda 100644
--- a/capycli/project/show_project.py
+++ b/capycli/project/show_project.py
@@ -8,6 +8,7 @@
 
 import logging
 import sys
+from typing import Any, Dict, Optional
 
 import sw360
 from colorama import Fore
@@ -22,17 +23,19 @@
 
 class ShowProject(capycli.common.script_base.ScriptBase):
     """Show project details."""
-
-    def get_clearing_state(self, proj: dict, href: str):
+    def get_clearing_state(self, proj: Optional[Dict[str, Any]], href: str) -> str:
         """Returns the clearing state of the given component/release"""
+        if not proj:
+            return ""
+
         rel = proj["linkedReleases"]
         for key in rel:
             if key["release"] == href:
                 return key["mainlineState"]
 
-        return None
+        return ""
 
-    def show_project_status(self, result: dict):
+    def show_project_status(self, result: Dict[str, Any]) -> None:
         if not result:
             return
 
@@ -73,11 +76,15 @@ def show_project_status(self, result: dict):
         else:
             print_text("    No linked releases")
 
-    def get_project_status(self, project_id: str) -> dict:
+    def get_project_status(self, project_id: str) -> Dict[str, Any]:
         """Get the project status for the project with the specified id"""
         print_text("Retrieving project details...")
         result = {}
 
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         try:
             self.project = self.client.get_project(project_id)
         except sw360.SW360Error as swex:
@@ -126,6 +133,10 @@ def get_project_status(self, project_id: str) -> dict:
 
                 try:
                     release_details = self.client.get_release_by_url(href)
+                    if not release_details:
+                        print_red("  ERROR: unable to access project:")
+                        sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
                     # capycli.common.json_support.print_json(release_details)
                     rel_item["ClearingState"] = release_details["clearingState"]
                     rel_item["ReleaseMainlineState"] = release_details.get("mainlineState", "")
@@ -157,7 +168,7 @@ def get_project_status(self, project_id: str) -> dict:
 
         return result
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
@@ -191,9 +202,9 @@ def run(self, args):
             print_red("ERROR: login failed!")
             sys.exit(ResultCode.RESULT_AUTH_ERROR)
 
-        name = args.name
-        version = None
-        pid = None
+        name: str = args.name
+        version: str = ""
+        pid: str = ""
         if args.version:
             version = args.version
 
diff --git a/capycli/project/show_vulnerabilities.py b/capycli/project/show_vulnerabilities.py
index 801d6eb..ba2b11e 100644
--- a/capycli/project/show_vulnerabilities.py
+++ b/capycli/project/show_vulnerabilities.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2020-2023 Siemens
+# Copyright (c) 2020-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com
 #
@@ -8,10 +8,11 @@
 
 import logging
 import sys
+from typing import Any, Dict, Optional
 
 import requests
-import sw360
 from colorama import Fore, Style
+from sw360 import SW360Error
 
 import capycli.common.json_support
 import capycli.common.script_base
@@ -24,12 +25,16 @@
 class ShowSecurityVulnerability(capycli.common.script_base.ScriptBase):
     """Show security vulnerabilities of a project."""
 
-    def __init__(self):
+    def __init__(self) -> None:
         """Initialize."""
-        self.verbose = False
-        self.format = "text"
+        self.verbose: bool = False
+        self.format: str = "text"
+
+    def list_projects(self, name: str, version: str) -> None:
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
-    def list_projects(self, name, version):
         try:
             print_text("  Searching for projects by name (and version)")
             projects = self.client.get_projects_by_name(name)
@@ -49,10 +54,14 @@ def list_projects(self, name, version):
         except Exception as ex:
             print_red("Error searching for project: \n" + repr(ex))
 
-    def show_project_by_id(self, project_id) -> dict:
+    def show_project_by_id(self, project_id: str) -> Dict[str, Any]:
         """
         Show information about a single project by project id.
         """
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
         try:
             project = self.client.get_project(project_id)
             if not project:
@@ -60,7 +69,10 @@ def show_project_by_id(self, project_id) -> dict:
                 sys.exit(ResultCode.RESULT_PROJECT_NOT_FOUND)
 
             return self.display_project(project)
-        except sw360.sw360_api.SW360Error as swex:
+        except SW360Error as swex:
+            if swex.response is None:
+                sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
             if swex.response.status_code == requests.codes['not_found']:
                 print_yellow("Project not found!")
                 sys.exit(ResultCode.RESULT_PROJECT_NOT_FOUND)
@@ -71,17 +83,26 @@ def show_project_by_id(self, project_id) -> dict:
                     print_red("    Message: " + swex.message)
                 sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
-    def display_project(self, project, pid=-1) -> dict:
+    def display_project(self, project: Optional[Dict[str, Any]], pid: str = "") -> Dict[str, Any]:
         """
         Show information about a single project.
         """
-        report = {}
+        if not self.client:
+            print_red("  No client!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
+        report: Dict[str, Any] = {}
         href = None
-        if pid > -1:
+        if pid:
             project = self.client.get_project(pid)
         else:
-            href = project["_links"]["self"]["href"]
-            project = self.client.get_project_by_url(href)
+            if project:
+                href = project["_links"]["self"]["href"]
+                project = self.client.get_project_by_url(href)
+
+        if not project:
+            print_red("  No client!")
+            return {}
 
         if not href:
             href = project["_links"]["self"]["href"]
@@ -99,6 +120,10 @@ def display_project(self, project, pid=-1) -> dict:
             print_text("  Id:", self.client.get_id_from_href(href))
 
         vuls = self.client.get_project_vulnerabilities(self.client.get_id_from_href(href))
+        if not vuls:
+            print_red("Got no vulnerabilities!")
+            return {}
+
         # capycli.common.json_support.write_json_to_file(vuls, "vuls.json")
         if "_embedded" not in vuls:
             return report
@@ -133,7 +158,7 @@ def display_project(self, project, pid=-1) -> dict:
 
         return report
 
-    def check_report_for_critical_findings(self, report: dict, prio_text: str) -> bool:
+    def check_report_for_critical_findings(self, report: Dict[str, Any], prio_text: str) -> bool:
         """
         Checks the report data for critical findings, i.e. a vulnerability
         with priority less than or equal to prio and greater than 0.
@@ -171,7 +196,7 @@ def check_report_for_critical_findings(self, report: dict, prio_text: str) -> bo
 
         return False
 
-    def show_command_help(self):
+    def show_command_help(self) -> None:
         print("\nusage: CaPyCli project vulnerabilities [options]")
         print("Options:")
         print("""
@@ -188,7 +213,7 @@ def show_command_help(self):
 
         print()
 
-    def run(self, args):
+    def run(self, args: Any) -> None:
         """Main method()"""
         if args.debug:
             global LOG
diff --git a/poetry.lock b/poetry.lock
index cd5da37..aed2cfb 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -44,6 +44,10 @@ files = [
 [package.dependencies]
 soupsieve = ">1.2"
 
+[package.extras]
+html5lib = ["html5lib"]
+lxml = ["lxml"]
+
 [[package]]
 name = "certifi"
 version = "2023.11.17"
@@ -58,14 +62,14 @@ files = [
 
 [[package]]
 name = "chardet"
-version = "3.0.4"
-description = "Universal encoding detector for Python 2 and 3"
+version = "5.2.0"
+description = "Universal encoding detector for Python 3"
 category = "main"
 optional = false
-python-versions = "*"
+python-versions = ">=3.7"
 files = [
-    {file = "chardet-3.0.4-py2.py3-none-any.whl", hash = "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"},
-    {file = "chardet-3.0.4.tar.gz", hash = "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae"},
+    {file = "chardet-5.2.0-py3-none-any.whl", hash = "sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970"},
+    {file = "chardet-5.2.0.tar.gz", hash = "sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7"},
 ]
 
 [[package]]
@@ -170,26 +174,26 @@ files = [
 
 [[package]]
 name = "cli-support"
-version = "1.3"
+version = "2.0.0"
 description = "Support component license information (CLI) files"
 category = "main"
 optional = false
 python-versions = ">=3.8,<4.0"
 files = [
-    {file = "cli_support-1.3-py3-none-any.whl", hash = "sha256:3b23fab4256c3758da78636d0d4df47ee1f729f7b9af144ec50b041dc7f776d0"},
-    {file = "cli_support-1.3.tar.gz", hash = "sha256:7b21168afacaf5059d4fcce0d5f95bd9c57a28699d53217425f849d2b7468913"},
+    {file = "cli_support-2.0.0-py3-none-any.whl", hash = "sha256:3c2ada82bd4ee4c0616c6b5665fd9a17c1fceba551c1d65a848e9cdbe4d18a34"},
+    {file = "cli_support-2.0.0.tar.gz", hash = "sha256:c50244c9d5afd2f79aa2019a9f89039aeb868aa09e3b2ab02ac2ef8ce72840ac"},
 ]
 
 [[package]]
 name = "cli-test-helpers"
-version = "3.4.0"
+version = "3.5.0"
 description = "Useful helpers for writing tests for your Python CLI program."
 category = "dev"
 optional = false
 python-versions = "*"
 files = [
-    {file = "cli-test-helpers-3.4.0.tar.gz", hash = "sha256:74eda958758bc11d0f3e63d6ebe857fd58a2d4dfee9db2cd3f87cfa72220cdc2"},
-    {file = "cli_test_helpers-3.4.0-py3-none-any.whl", hash = "sha256:8390692c2924791532ccdee1edb5ad996b76078f5cc457be6a22cf3566d16085"},
+    {file = "cli-test-helpers-3.5.0.tar.gz", hash = "sha256:86d5dea5b4fee4767cd87ff26eb709ad06764545e0fa348bace735247054b23e"},
+    {file = "cli_test_helpers-3.5.0-py3-none-any.whl", hash = "sha256:e05359625f9134d20df284bc32dd7e1002925945fe7ff0912351e6b08f55cee8"},
 ]
 
 [[package]]
@@ -271,17 +275,18 @@ toml = ["toml"]
 
 [[package]]
 name = "cyclonedx-bom"
-version = "3.11.2"
+version = "3.11.7"
 description = "CycloneDX Software Bill of Materials (SBOM) generation utility"
 category = "main"
 optional = false
 python-versions = ">=3.6,<4.0"
 files = [
-    {file = "cyclonedx_bom-3.11.2-py3-none-any.whl", hash = "sha256:955bf667b2a3e66081a1f89b263e2e50ab9aa3865747f4b362001a9d34380bd6"},
-    {file = "cyclonedx_bom-3.11.2.tar.gz", hash = "sha256:b0c2beab3364ded549e3b386d5f8e973ba89b8306b755e905fd7a62439ba37e0"},
+    {file = "cyclonedx_bom-3.11.7-py3-none-any.whl", hash = "sha256:dd57c39c22f435745a95b06406cdb039b7ae6536e735115ab4c40cbac09c4723"},
+    {file = "cyclonedx_bom-3.11.7.tar.gz", hash = "sha256:656a6df47511abff82c159dfa947a6f881ec971d1b9861ec14802bc50bc29e05"},
 ]
 
 [package.dependencies]
+chardet = ">=5.0,<6.0"
 cyclonedx-python-lib = ">=2.0.0,<4.0.0"
 packageurl-python = ">=0.9"
 pip-requirements-parser = ">=32.0.0,<33.0.0"
@@ -527,6 +532,66 @@ files = [
     {file = "multidict-6.0.4.tar.gz", hash = "sha256:3666906492efb76453c0e7b97f2cf459b0682e7402c0489a95484965dbc1da49"},
 ]
 
+[[package]]
+name = "mypy"
+version = "1.8.0"
+description = "Optional static typing for Python"
+category = "dev"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "mypy-1.8.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:485a8942f671120f76afffff70f259e1cd0f0cfe08f81c05d8816d958d4577d3"},
+    {file = "mypy-1.8.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:df9824ac11deaf007443e7ed2a4a26bebff98d2bc43c6da21b2b64185da011c4"},
+    {file = "mypy-1.8.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2afecd6354bbfb6e0160f4e4ad9ba6e4e003b767dd80d85516e71f2e955ab50d"},
+    {file = "mypy-1.8.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:8963b83d53ee733a6e4196954502b33567ad07dfd74851f32be18eb932fb1cb9"},
+    {file = "mypy-1.8.0-cp310-cp310-win_amd64.whl", hash = "sha256:e46f44b54ebddbeedbd3d5b289a893219065ef805d95094d16a0af6630f5d410"},
+    {file = "mypy-1.8.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:855fe27b80375e5c5878492f0729540db47b186509c98dae341254c8f45f42ae"},
+    {file = "mypy-1.8.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:4c886c6cce2d070bd7df4ec4a05a13ee20c0aa60cb587e8d1265b6c03cf91da3"},
+    {file = "mypy-1.8.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d19c413b3c07cbecf1f991e2221746b0d2a9410b59cb3f4fb9557f0365a1a817"},
+    {file = "mypy-1.8.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:9261ed810972061388918c83c3f5cd46079d875026ba97380f3e3978a72f503d"},
+    {file = "mypy-1.8.0-cp311-cp311-win_amd64.whl", hash = "sha256:51720c776d148bad2372ca21ca29256ed483aa9a4cdefefcef49006dff2a6835"},
+    {file = "mypy-1.8.0-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:52825b01f5c4c1c4eb0db253ec09c7aa17e1a7304d247c48b6f3599ef40db8bd"},
+    {file = "mypy-1.8.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:f5ac9a4eeb1ec0f1ccdc6f326bcdb464de5f80eb07fb38b5ddd7b0de6bc61e55"},
+    {file = "mypy-1.8.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:afe3fe972c645b4632c563d3f3eff1cdca2fa058f730df2b93a35e3b0c538218"},
+    {file = "mypy-1.8.0-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:42c6680d256ab35637ef88891c6bd02514ccb7e1122133ac96055ff458f93fc3"},
+    {file = "mypy-1.8.0-cp312-cp312-win_amd64.whl", hash = "sha256:720a5ca70e136b675af3af63db533c1c8c9181314d207568bbe79051f122669e"},
+    {file = "mypy-1.8.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:028cf9f2cae89e202d7b6593cd98db6759379f17a319b5faf4f9978d7084cdc6"},
+    {file = "mypy-1.8.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:4e6d97288757e1ddba10dd9549ac27982e3e74a49d8d0179fc14d4365c7add66"},
+    {file = "mypy-1.8.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7f1478736fcebb90f97e40aff11a5f253af890c845ee0c850fe80aa060a267c6"},
+    {file = "mypy-1.8.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:42419861b43e6962a649068a61f4a4839205a3ef525b858377a960b9e2de6e0d"},
+    {file = "mypy-1.8.0-cp38-cp38-win_amd64.whl", hash = "sha256:2b5b6c721bd4aabaadead3a5e6fa85c11c6c795e0c81a7215776ef8afc66de02"},
+    {file = "mypy-1.8.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:5c1538c38584029352878a0466f03a8ee7547d7bd9f641f57a0f3017a7c905b8"},
+    {file = "mypy-1.8.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:4ef4be7baf08a203170f29e89d79064463b7fc7a0908b9d0d5114e8009c3a259"},
+    {file = "mypy-1.8.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7178def594014aa6c35a8ff411cf37d682f428b3b5617ca79029d8ae72f5402b"},
+    {file = "mypy-1.8.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:ab3c84fa13c04aeeeabb2a7f67a25ef5d77ac9d6486ff33ded762ef353aa5592"},
+    {file = "mypy-1.8.0-cp39-cp39-win_amd64.whl", hash = "sha256:99b00bc72855812a60d253420d8a2eae839b0afa4938f09f4d2aa9bb4654263a"},
+    {file = "mypy-1.8.0-py3-none-any.whl", hash = "sha256:538fd81bb5e430cc1381a443971c0475582ff9f434c16cd46d2c66763ce85d9d"},
+    {file = "mypy-1.8.0.tar.gz", hash = "sha256:6ff8b244d7085a0b425b56d327b480c3b29cafbd2eff27316a004f9a7391ae07"},
+]
+
+[package.dependencies]
+mypy-extensions = ">=1.0.0"
+tomli = {version = ">=1.1.0", markers = "python_version < \"3.11\""}
+typing-extensions = ">=4.1.0"
+
+[package.extras]
+dmypy = ["psutil (>=4.0)"]
+install-types = ["pip"]
+mypyc = ["setuptools (>=50)"]
+reports = ["lxml"]
+
+[[package]]
+name = "mypy-extensions"
+version = "1.0.0"
+description = "Type system extensions for programs checked with the mypy type checker."
+category = "dev"
+optional = false
+python-versions = ">=3.5"
+files = [
+    {file = "mypy_extensions-1.0.0-py3-none-any.whl", hash = "sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d"},
+    {file = "mypy_extensions-1.0.0.tar.gz", hash = "sha256:75dbf8955dc00442a438fc4d0666508a9a97b6bd41aa2f0ffe9d2f2725af0782"},
+]
+
 [[package]]
 name = "openpyxl"
 version = "3.1.2"
@@ -766,100 +831,105 @@ files = [
 
 [[package]]
 name = "regex"
-version = "2023.10.3"
+version = "2023.12.25"
 description = "Alternative regular expression module, to replace re."
 category = "main"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "regex-2023.10.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:4c34d4f73ea738223a094d8e0ffd6d2c1a1b4c175da34d6b0de3d8d69bee6bcc"},
-    {file = "regex-2023.10.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a8f4e49fc3ce020f65411432183e6775f24e02dff617281094ba6ab079ef0915"},
-    {file = "regex-2023.10.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4cd1bccf99d3ef1ab6ba835308ad85be040e6a11b0977ef7ea8c8005f01a3c29"},
-    {file = "regex-2023.10.3-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:81dce2ddc9f6e8f543d94b05d56e70d03a0774d32f6cca53e978dc01e4fc75b8"},
-    {file = "regex-2023.10.3-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9c6b4d23c04831e3ab61717a707a5d763b300213db49ca680edf8bf13ab5d91b"},
-    {file = "regex-2023.10.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c15ad0aee158a15e17e0495e1e18741573d04eb6da06d8b84af726cfc1ed02ee"},
-    {file = "regex-2023.10.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6239d4e2e0b52c8bd38c51b760cd870069f0bdf99700a62cd509d7a031749a55"},
-    {file = "regex-2023.10.3-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:4a8bf76e3182797c6b1afa5b822d1d5802ff30284abe4599e1247be4fd6b03be"},
-    {file = "regex-2023.10.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:d9c727bbcf0065cbb20f39d2b4f932f8fa1631c3e01fcedc979bd4f51fe051c5"},
-    {file = "regex-2023.10.3-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:3ccf2716add72f80714b9a63899b67fa711b654be3fcdd34fa391d2d274ce767"},
-    {file = "regex-2023.10.3-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:107ac60d1bfdc3edb53be75e2a52aff7481b92817cfdddd9b4519ccf0e54a6ff"},
-    {file = "regex-2023.10.3-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:00ba3c9818e33f1fa974693fb55d24cdc8ebafcb2e4207680669d8f8d7cca79a"},
-    {file = "regex-2023.10.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:f0a47efb1dbef13af9c9a54a94a0b814902e547b7f21acb29434504d18f36e3a"},
-    {file = "regex-2023.10.3-cp310-cp310-win32.whl", hash = "sha256:36362386b813fa6c9146da6149a001b7bd063dabc4d49522a1f7aa65b725c7ec"},
-    {file = "regex-2023.10.3-cp310-cp310-win_amd64.whl", hash = "sha256:c65a3b5330b54103e7d21cac3f6bf3900d46f6d50138d73343d9e5b2900b2353"},
-    {file = "regex-2023.10.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:90a79bce019c442604662d17bf69df99090e24cdc6ad95b18b6725c2988a490e"},
-    {file = "regex-2023.10.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:c7964c2183c3e6cce3f497e3a9f49d182e969f2dc3aeeadfa18945ff7bdd7051"},
-    {file = "regex-2023.10.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4ef80829117a8061f974b2fda8ec799717242353bff55f8a29411794d635d964"},
-    {file = "regex-2023.10.3-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5addc9d0209a9afca5fc070f93b726bf7003bd63a427f65ef797a931782e7edc"},
-    {file = "regex-2023.10.3-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c148bec483cc4b421562b4bcedb8e28a3b84fcc8f0aa4418e10898f3c2c0eb9b"},
-    {file = "regex-2023.10.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8d1f21af4c1539051049796a0f50aa342f9a27cde57318f2fc41ed50b0dbc4ac"},
-    {file = "regex-2023.10.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0b9ac09853b2a3e0d0082104036579809679e7715671cfbf89d83c1cb2a30f58"},
-    {file = "regex-2023.10.3-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:ebedc192abbc7fd13c5ee800e83a6df252bec691eb2c4bedc9f8b2e2903f5e2a"},
-    {file = "regex-2023.10.3-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:d8a993c0a0ffd5f2d3bda23d0cd75e7086736f8f8268de8a82fbc4bd0ac6791e"},
-    {file = "regex-2023.10.3-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:be6b7b8d42d3090b6c80793524fa66c57ad7ee3fe9722b258aec6d0672543fd0"},
-    {file = "regex-2023.10.3-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:4023e2efc35a30e66e938de5aef42b520c20e7eda7bb5fb12c35e5d09a4c43f6"},
-    {file = "regex-2023.10.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:0d47840dc05e0ba04fe2e26f15126de7c755496d5a8aae4a08bda4dd8d646c54"},
-    {file = "regex-2023.10.3-cp311-cp311-win32.whl", hash = "sha256:9145f092b5d1977ec8c0ab46e7b3381b2fd069957b9862a43bd383e5c01d18c2"},
-    {file = "regex-2023.10.3-cp311-cp311-win_amd64.whl", hash = "sha256:b6104f9a46bd8743e4f738afef69b153c4b8b592d35ae46db07fc28ae3d5fb7c"},
-    {file = "regex-2023.10.3-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:bff507ae210371d4b1fe316d03433ac099f184d570a1a611e541923f78f05037"},
-    {file = "regex-2023.10.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:be5e22bbb67924dea15039c3282fa4cc6cdfbe0cbbd1c0515f9223186fc2ec5f"},
-    {file = "regex-2023.10.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4a992f702c9be9c72fa46f01ca6e18d131906a7180950958f766c2aa294d4b41"},
-    {file = "regex-2023.10.3-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:7434a61b158be563c1362d9071358f8ab91b8d928728cd2882af060481244c9e"},
-    {file = "regex-2023.10.3-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c2169b2dcabf4e608416f7f9468737583ce5f0a6e8677c4efbf795ce81109d7c"},
-    {file = "regex-2023.10.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a9e908ef5889cda4de038892b9accc36d33d72fb3e12c747e2799a0e806ec841"},
-    {file = "regex-2023.10.3-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:12bd4bc2c632742c7ce20db48e0d99afdc05e03f0b4c1af90542e05b809a03d9"},
-    {file = "regex-2023.10.3-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:bc72c231f5449d86d6c7d9cc7cd819b6eb30134bb770b8cfdc0765e48ef9c420"},
-    {file = "regex-2023.10.3-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:bce8814b076f0ce5766dc87d5a056b0e9437b8e0cd351b9a6c4e1134a7dfbda9"},
-    {file = "regex-2023.10.3-cp312-cp312-musllinux_1_1_ppc64le.whl", hash = "sha256:ba7cd6dc4d585ea544c1412019921570ebd8a597fabf475acc4528210d7c4a6f"},
-    {file = "regex-2023.10.3-cp312-cp312-musllinux_1_1_s390x.whl", hash = "sha256:b0c7d2f698e83f15228ba41c135501cfe7d5740181d5903e250e47f617eb4292"},
-    {file = "regex-2023.10.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:5a8f91c64f390ecee09ff793319f30a0f32492e99f5dc1c72bc361f23ccd0a9a"},
-    {file = "regex-2023.10.3-cp312-cp312-win32.whl", hash = "sha256:ad08a69728ff3c79866d729b095872afe1e0557251da4abb2c5faff15a91d19a"},
-    {file = "regex-2023.10.3-cp312-cp312-win_amd64.whl", hash = "sha256:39cdf8d141d6d44e8d5a12a8569d5a227f645c87df4f92179bd06e2e2705e76b"},
-    {file = "regex-2023.10.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:4a3ee019a9befe84fa3e917a2dd378807e423d013377a884c1970a3c2792d293"},
-    {file = "regex-2023.10.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:76066d7ff61ba6bf3cb5efe2428fc82aac91802844c022d849a1f0f53820502d"},
-    {file = "regex-2023.10.3-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:bfe50b61bab1b1ec260fa7cd91106fa9fece57e6beba05630afe27c71259c59b"},
-    {file = "regex-2023.10.3-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9fd88f373cb71e6b59b7fa597e47e518282455c2734fd4306a05ca219a1991b0"},
-    {file = "regex-2023.10.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b3ab05a182c7937fb374f7e946f04fb23a0c0699c0450e9fb02ef567412d2fa3"},
-    {file = "regex-2023.10.3-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:dac37cf08fcf2094159922edc7a2784cfcc5c70f8354469f79ed085f0328ebdf"},
-    {file = "regex-2023.10.3-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:e54ddd0bb8fb626aa1f9ba7b36629564544954fff9669b15da3610c22b9a0991"},
-    {file = "regex-2023.10.3-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:3367007ad1951fde612bf65b0dffc8fd681a4ab98ac86957d16491400d661302"},
-    {file = "regex-2023.10.3-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:16f8740eb6dbacc7113e3097b0a36065a02e37b47c936b551805d40340fb9971"},
-    {file = "regex-2023.10.3-cp37-cp37m-musllinux_1_1_ppc64le.whl", hash = "sha256:f4f2ca6df64cbdd27f27b34f35adb640b5d2d77264228554e68deda54456eb11"},
-    {file = "regex-2023.10.3-cp37-cp37m-musllinux_1_1_s390x.whl", hash = "sha256:39807cbcbe406efca2a233884e169d056c35aa7e9f343d4e78665246a332f597"},
-    {file = "regex-2023.10.3-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:7eece6fbd3eae4a92d7c748ae825cbc1ee41a89bb1c3db05b5578ed3cfcfd7cb"},
-    {file = "regex-2023.10.3-cp37-cp37m-win32.whl", hash = "sha256:ce615c92d90df8373d9e13acddd154152645c0dc060871abf6bd43809673d20a"},
-    {file = "regex-2023.10.3-cp37-cp37m-win_amd64.whl", hash = "sha256:0f649fa32fe734c4abdfd4edbb8381c74abf5f34bc0b3271ce687b23729299ed"},
-    {file = "regex-2023.10.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:9b98b7681a9437262947f41c7fac567c7e1f6eddd94b0483596d320092004533"},
-    {file = "regex-2023.10.3-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:91dc1d531f80c862441d7b66c4505cd6ea9d312f01fb2f4654f40c6fdf5cc37a"},
-    {file = "regex-2023.10.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:82fcc1f1cc3ff1ab8a57ba619b149b907072e750815c5ba63e7aa2e1163384a4"},
-    {file = "regex-2023.10.3-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:7979b834ec7a33aafae34a90aad9f914c41fd6eaa8474e66953f3f6f7cbd4368"},
-    {file = "regex-2023.10.3-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:ef71561f82a89af6cfcbee47f0fabfdb6e63788a9258e913955d89fdd96902ab"},
-    {file = "regex-2023.10.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dd829712de97753367153ed84f2de752b86cd1f7a88b55a3a775eb52eafe8a94"},
-    {file = "regex-2023.10.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:00e871d83a45eee2f8688d7e6849609c2ca2a04a6d48fba3dff4deef35d14f07"},
-    {file = "regex-2023.10.3-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:706e7b739fdd17cb89e1fbf712d9dc21311fc2333f6d435eac2d4ee81985098c"},
-    {file = "regex-2023.10.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:cc3f1c053b73f20c7ad88b0d1d23be7e7b3901229ce89f5000a8399746a6e039"},
-    {file = "regex-2023.10.3-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:6f85739e80d13644b981a88f529d79c5bdf646b460ba190bffcaf6d57b2a9863"},
-    {file = "regex-2023.10.3-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:741ba2f511cc9626b7561a440f87d658aabb3d6b744a86a3c025f866b4d19e7f"},
-    {file = "regex-2023.10.3-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:e77c90ab5997e85901da85131fd36acd0ed2221368199b65f0d11bca44549711"},
-    {file = "regex-2023.10.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:979c24cbefaf2420c4e377ecd1f165ea08cc3d1fbb44bdc51bccbbf7c66a2cb4"},
-    {file = "regex-2023.10.3-cp38-cp38-win32.whl", hash = "sha256:58837f9d221744d4c92d2cf7201c6acd19623b50c643b56992cbd2b745485d3d"},
-    {file = "regex-2023.10.3-cp38-cp38-win_amd64.whl", hash = "sha256:c55853684fe08d4897c37dfc5faeff70607a5f1806c8be148f1695be4a63414b"},
-    {file = "regex-2023.10.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:2c54e23836650bdf2c18222c87f6f840d4943944146ca479858404fedeb9f9af"},
-    {file = "regex-2023.10.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:69c0771ca5653c7d4b65203cbfc5e66db9375f1078689459fe196fe08b7b4930"},
-    {file = "regex-2023.10.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6ac965a998e1388e6ff2e9781f499ad1eaa41e962a40d11c7823c9952c77123e"},
-    {file = "regex-2023.10.3-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1c0e8fae5b27caa34177bdfa5a960c46ff2f78ee2d45c6db15ae3f64ecadde14"},
-    {file = "regex-2023.10.3-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:6c56c3d47da04f921b73ff9415fbaa939f684d47293f071aa9cbb13c94afc17d"},
-    {file = "regex-2023.10.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7ef1e014eed78ab650bef9a6a9cbe50b052c0aebe553fb2881e0453717573f52"},
-    {file = "regex-2023.10.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d29338556a59423d9ff7b6eb0cb89ead2b0875e08fe522f3e068b955c3e7b59b"},
-    {file = "regex-2023.10.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:9c6d0ced3c06d0f183b73d3c5920727268d2201aa0fe6d55c60d68c792ff3588"},
-    {file = "regex-2023.10.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:994645a46c6a740ee8ce8df7911d4aee458d9b1bc5639bc968226763d07f00fa"},
-    {file = "regex-2023.10.3-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:66e2fe786ef28da2b28e222c89502b2af984858091675044d93cb50e6f46d7af"},
-    {file = "regex-2023.10.3-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:11175910f62b2b8c055f2b089e0fedd694fe2be3941b3e2633653bc51064c528"},
-    {file = "regex-2023.10.3-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:06e9abc0e4c9ab4779c74ad99c3fc10d3967d03114449acc2c2762ad4472b8ca"},
-    {file = "regex-2023.10.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:fb02e4257376ae25c6dd95a5aec377f9b18c09be6ebdefa7ad209b9137b73d48"},
-    {file = "regex-2023.10.3-cp39-cp39-win32.whl", hash = "sha256:3b2c3502603fab52d7619b882c25a6850b766ebd1b18de3df23b2f939360e1bd"},
-    {file = "regex-2023.10.3-cp39-cp39-win_amd64.whl", hash = "sha256:adbccd17dcaff65704c856bd29951c58a1bd4b2b0f8ad6b826dbd543fe740988"},
-    {file = "regex-2023.10.3.tar.gz", hash = "sha256:3fef4f844d2290ee0ba57addcec17eec9e3df73f10a2748485dfd6a3a188cc0f"},
+    {file = "regex-2023.12.25-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:0694219a1d54336fd0445ea382d49d36882415c0134ee1e8332afd1529f0baa5"},
+    {file = "regex-2023.12.25-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b014333bd0217ad3d54c143de9d4b9a3ca1c5a29a6d0d554952ea071cff0f1f8"},
+    {file = "regex-2023.12.25-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:d865984b3f71f6d0af64d0d88f5733521698f6c16f445bb09ce746c92c97c586"},
+    {file = "regex-2023.12.25-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1e0eabac536b4cc7f57a5f3d095bfa557860ab912f25965e08fe1545e2ed8b4c"},
+    {file = "regex-2023.12.25-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c25a8ad70e716f96e13a637802813f65d8a6760ef48672aa3502f4c24ea8b400"},
+    {file = "regex-2023.12.25-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a9b6d73353f777630626f403b0652055ebfe8ff142a44ec2cf18ae470395766e"},
+    {file = "regex-2023.12.25-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a9cc99d6946d750eb75827cb53c4371b8b0fe89c733a94b1573c9dd16ea6c9e4"},
+    {file = "regex-2023.12.25-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:88d1f7bef20c721359d8675f7d9f8e414ec5003d8f642fdfd8087777ff7f94b5"},
+    {file = "regex-2023.12.25-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:cb3fe77aec8f1995611f966d0c656fdce398317f850d0e6e7aebdfe61f40e1cd"},
+    {file = "regex-2023.12.25-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:7aa47c2e9ea33a4a2a05f40fcd3ea36d73853a2aae7b4feab6fc85f8bf2c9704"},
+    {file = "regex-2023.12.25-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:df26481f0c7a3f8739fecb3e81bc9da3fcfae34d6c094563b9d4670b047312e1"},
+    {file = "regex-2023.12.25-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:c40281f7d70baf6e0db0c2f7472b31609f5bc2748fe7275ea65a0b4601d9b392"},
+    {file = "regex-2023.12.25-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:d94a1db462d5690ebf6ae86d11c5e420042b9898af5dcf278bd97d6bda065423"},
+    {file = "regex-2023.12.25-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:ba1b30765a55acf15dce3f364e4928b80858fa8f979ad41f862358939bdd1f2f"},
+    {file = "regex-2023.12.25-cp310-cp310-win32.whl", hash = "sha256:150c39f5b964e4d7dba46a7962a088fbc91f06e606f023ce57bb347a3b2d4630"},
+    {file = "regex-2023.12.25-cp310-cp310-win_amd64.whl", hash = "sha256:09da66917262d9481c719599116c7dc0c321ffcec4b1f510c4f8a066f8768105"},
+    {file = "regex-2023.12.25-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:1b9d811f72210fa9306aeb88385b8f8bcef0dfbf3873410413c00aa94c56c2b6"},
+    {file = "regex-2023.12.25-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:d902a43085a308cef32c0d3aea962524b725403fd9373dea18110904003bac97"},
+    {file = "regex-2023.12.25-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:d166eafc19f4718df38887b2bbe1467a4f74a9830e8605089ea7a30dd4da8887"},
+    {file = "regex-2023.12.25-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c7ad32824b7f02bb3c9f80306d405a1d9b7bb89362d68b3c5a9be53836caebdb"},
+    {file = "regex-2023.12.25-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:636ba0a77de609d6510235b7f0e77ec494d2657108f777e8765efc060094c98c"},
+    {file = "regex-2023.12.25-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:0fda75704357805eb953a3ee15a2b240694a9a514548cd49b3c5124b4e2ad01b"},
+    {file = "regex-2023.12.25-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f72cbae7f6b01591f90814250e636065850c5926751af02bb48da94dfced7baa"},
+    {file = "regex-2023.12.25-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:db2a0b1857f18b11e3b0e54ddfefc96af46b0896fb678c85f63fb8c37518b3e7"},
+    {file = "regex-2023.12.25-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:7502534e55c7c36c0978c91ba6f61703faf7ce733715ca48f499d3dbbd7657e0"},
+    {file = "regex-2023.12.25-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:e8c7e08bb566de4faaf11984af13f6bcf6a08f327b13631d41d62592681d24fe"},
+    {file = "regex-2023.12.25-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:283fc8eed679758de38fe493b7d7d84a198b558942b03f017b1f94dda8efae80"},
+    {file = "regex-2023.12.25-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:f44dd4d68697559d007462b0a3a1d9acd61d97072b71f6d1968daef26bc744bd"},
+    {file = "regex-2023.12.25-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:67d3ccfc590e5e7197750fcb3a2915b416a53e2de847a728cfa60141054123d4"},
+    {file = "regex-2023.12.25-cp311-cp311-win32.whl", hash = "sha256:68191f80a9bad283432385961d9efe09d783bcd36ed35a60fb1ff3f1ec2efe87"},
+    {file = "regex-2023.12.25-cp311-cp311-win_amd64.whl", hash = "sha256:7d2af3f6b8419661a0c421584cfe8aaec1c0e435ce7e47ee2a97e344b98f794f"},
+    {file = "regex-2023.12.25-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:8a0ccf52bb37d1a700375a6b395bff5dd15c50acb745f7db30415bae3c2b0715"},
+    {file = "regex-2023.12.25-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:c3c4a78615b7762740531c27cf46e2f388d8d727d0c0c739e72048beb26c8a9d"},
+    {file = "regex-2023.12.25-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:ad83e7545b4ab69216cef4cc47e344d19622e28aabec61574b20257c65466d6a"},
+    {file = "regex-2023.12.25-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b7a635871143661feccce3979e1727c4e094f2bdfd3ec4b90dfd4f16f571a87a"},
+    {file = "regex-2023.12.25-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d498eea3f581fbe1b34b59c697512a8baef88212f92e4c7830fcc1499f5b45a5"},
+    {file = "regex-2023.12.25-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:43f7cd5754d02a56ae4ebb91b33461dc67be8e3e0153f593c509e21d219c5060"},
+    {file = "regex-2023.12.25-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:51f4b32f793812714fd5307222a7f77e739b9bc566dc94a18126aba3b92b98a3"},
+    {file = "regex-2023.12.25-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ba99d8077424501b9616b43a2d208095746fb1284fc5ba490139651f971d39d9"},
+    {file = "regex-2023.12.25-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:4bfc2b16e3ba8850e0e262467275dd4d62f0d045e0e9eda2bc65078c0110a11f"},
+    {file = "regex-2023.12.25-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:8c2c19dae8a3eb0ea45a8448356ed561be843b13cbc34b840922ddf565498c1c"},
+    {file = "regex-2023.12.25-cp312-cp312-musllinux_1_1_ppc64le.whl", hash = "sha256:60080bb3d8617d96f0fb7e19796384cc2467447ef1c491694850ebd3670bc457"},
+    {file = "regex-2023.12.25-cp312-cp312-musllinux_1_1_s390x.whl", hash = "sha256:b77e27b79448e34c2c51c09836033056a0547aa360c45eeeb67803da7b0eedaf"},
+    {file = "regex-2023.12.25-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:518440c991f514331f4850a63560321f833979d145d7d81186dbe2f19e27ae3d"},
+    {file = "regex-2023.12.25-cp312-cp312-win32.whl", hash = "sha256:e2610e9406d3b0073636a3a2e80db05a02f0c3169b5632022b4e81c0364bcda5"},
+    {file = "regex-2023.12.25-cp312-cp312-win_amd64.whl", hash = "sha256:cc37b9aeebab425f11f27e5e9e6cf580be7206c6582a64467a14dda211abc232"},
+    {file = "regex-2023.12.25-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:da695d75ac97cb1cd725adac136d25ca687da4536154cdc2815f576e4da11c69"},
+    {file = "regex-2023.12.25-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d126361607b33c4eb7b36debc173bf25d7805847346dd4d99b5499e1fef52bc7"},
+    {file = "regex-2023.12.25-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4719bb05094d7d8563a450cf8738d2e1061420f79cfcc1fa7f0a44744c4d8f73"},
+    {file = "regex-2023.12.25-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5dd58946bce44b53b06d94aa95560d0b243eb2fe64227cba50017a8d8b3cd3e2"},
+    {file = "regex-2023.12.25-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:22a86d9fff2009302c440b9d799ef2fe322416d2d58fc124b926aa89365ec482"},
+    {file = "regex-2023.12.25-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2aae8101919e8aa05ecfe6322b278f41ce2994c4a430303c4cd163fef746e04f"},
+    {file = "regex-2023.12.25-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:e692296c4cc2873967771345a876bcfc1c547e8dd695c6b89342488b0ea55cd8"},
+    {file = "regex-2023.12.25-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:263ef5cc10979837f243950637fffb06e8daed7f1ac1e39d5910fd29929e489a"},
+    {file = "regex-2023.12.25-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:d6f7e255e5fa94642a0724e35406e6cb7001c09d476ab5fce002f652b36d0c39"},
+    {file = "regex-2023.12.25-cp37-cp37m-musllinux_1_1_ppc64le.whl", hash = "sha256:88ad44e220e22b63b0f8f81f007e8abbb92874d8ced66f32571ef8beb0643b2b"},
+    {file = "regex-2023.12.25-cp37-cp37m-musllinux_1_1_s390x.whl", hash = "sha256:3a17d3ede18f9cedcbe23d2daa8a2cd6f59fe2bf082c567e43083bba3fb00347"},
+    {file = "regex-2023.12.25-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:d15b274f9e15b1a0b7a45d2ac86d1f634d983ca40d6b886721626c47a400bf39"},
+    {file = "regex-2023.12.25-cp37-cp37m-win32.whl", hash = "sha256:ed19b3a05ae0c97dd8f75a5d8f21f7723a8c33bbc555da6bbe1f96c470139d3c"},
+    {file = "regex-2023.12.25-cp37-cp37m-win_amd64.whl", hash = "sha256:a6d1047952c0b8104a1d371f88f4ab62e6275567d4458c1e26e9627ad489b445"},
+    {file = "regex-2023.12.25-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:b43523d7bc2abd757119dbfb38af91b5735eea45537ec6ec3a5ec3f9562a1c53"},
+    {file = "regex-2023.12.25-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:efb2d82f33b2212898f1659fb1c2e9ac30493ac41e4d53123da374c3b5541e64"},
+    {file = "regex-2023.12.25-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:b7fca9205b59c1a3d5031f7e64ed627a1074730a51c2a80e97653e3e9fa0d415"},
+    {file = "regex-2023.12.25-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:086dd15e9435b393ae06f96ab69ab2d333f5d65cbe65ca5a3ef0ec9564dfe770"},
+    {file = "regex-2023.12.25-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e81469f7d01efed9b53740aedd26085f20d49da65f9c1f41e822a33992cb1590"},
+    {file = "regex-2023.12.25-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:34e4af5b27232f68042aa40a91c3b9bb4da0eeb31b7632e0091afc4310afe6cb"},
+    {file = "regex-2023.12.25-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9852b76ab558e45b20bf1893b59af64a28bd3820b0c2efc80e0a70a4a3ea51c1"},
+    {file = "regex-2023.12.25-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ff100b203092af77d1a5a7abe085b3506b7eaaf9abf65b73b7d6905b6cb76988"},
+    {file = "regex-2023.12.25-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:cc038b2d8b1470364b1888a98fd22d616fba2b6309c5b5f181ad4483e0017861"},
+    {file = "regex-2023.12.25-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:094ba386bb5c01e54e14434d4caabf6583334090865b23ef58e0424a6286d3dc"},
+    {file = "regex-2023.12.25-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:5cd05d0f57846d8ba4b71d9c00f6f37d6b97d5e5ef8b3c3840426a475c8f70f4"},
+    {file = "regex-2023.12.25-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:9aa1a67bbf0f957bbe096375887b2505f5d8ae16bf04488e8b0f334c36e31360"},
+    {file = "regex-2023.12.25-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:98a2636994f943b871786c9e82bfe7883ecdaba2ef5df54e1450fa9869d1f756"},
+    {file = "regex-2023.12.25-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:37f8e93a81fc5e5bd8db7e10e62dc64261bcd88f8d7e6640aaebe9bc180d9ce2"},
+    {file = "regex-2023.12.25-cp38-cp38-win32.whl", hash = "sha256:d78bd484930c1da2b9679290a41cdb25cc127d783768a0369d6b449e72f88beb"},
+    {file = "regex-2023.12.25-cp38-cp38-win_amd64.whl", hash = "sha256:b521dcecebc5b978b447f0f69b5b7f3840eac454862270406a39837ffae4e697"},
+    {file = "regex-2023.12.25-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:f7bc09bc9c29ebead055bcba136a67378f03d66bf359e87d0f7c759d6d4ffa31"},
+    {file = "regex-2023.12.25-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:e14b73607d6231f3cc4622809c196b540a6a44e903bcfad940779c80dffa7be7"},
+    {file = "regex-2023.12.25-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:9eda5f7a50141291beda3edd00abc2d4a5b16c29c92daf8d5bd76934150f3edc"},
+    {file = "regex-2023.12.25-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cc6bb9aa69aacf0f6032c307da718f61a40cf970849e471254e0e91c56ffca95"},
+    {file = "regex-2023.12.25-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:298dc6354d414bc921581be85695d18912bea163a8b23cac9a2562bbcd5088b1"},
+    {file = "regex-2023.12.25-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2f4e475a80ecbd15896a976aa0b386c5525d0ed34d5c600b6d3ebac0a67c7ddf"},
+    {file = "regex-2023.12.25-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:531ac6cf22b53e0696f8e1d56ce2396311254eb806111ddd3922c9d937151dae"},
+    {file = "regex-2023.12.25-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:22f3470f7524b6da61e2020672df2f3063676aff444db1daa283c2ea4ed259d6"},
+    {file = "regex-2023.12.25-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:89723d2112697feaa320c9d351e5f5e7b841e83f8b143dba8e2d2b5f04e10923"},
+    {file = "regex-2023.12.25-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:0ecf44ddf9171cd7566ef1768047f6e66975788258b1c6c6ca78098b95cf9a3d"},
+    {file = "regex-2023.12.25-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:905466ad1702ed4acfd67a902af50b8db1feeb9781436372261808df7a2a7bca"},
+    {file = "regex-2023.12.25-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:4558410b7a5607a645e9804a3e9dd509af12fb72b9825b13791a37cd417d73a5"},
+    {file = "regex-2023.12.25-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:7e316026cc1095f2a3e8cc012822c99f413b702eaa2ca5408a513609488cb62f"},
+    {file = "regex-2023.12.25-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:3b1de218d5375cd6ac4b5493e0b9f3df2be331e86520f23382f216c137913d20"},
+    {file = "regex-2023.12.25-cp39-cp39-win32.whl", hash = "sha256:11a963f8e25ab5c61348d090bf1b07f1953929c13bd2309a0662e9ff680763c9"},
+    {file = "regex-2023.12.25-cp39-cp39-win_amd64.whl", hash = "sha256:e693e233ac92ba83a87024e1d32b5f9ab15ca55ddd916d878146f4e3406b5c91"},
+    {file = "regex-2023.12.25.tar.gz", hash = "sha256:29171aa128da69afdf4bde412d5bedc335f2ca8fcfe4489038577d05f16181e5"},
 ]
 
 [[package]]
@@ -886,58 +956,61 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]
 
 [[package]]
 name = "requirements-parser"
-version = "0.2.0"
-description = "Parses Pip requirement files"
+version = "0.5.0"
+description = "This is a small Python module for parsing Pip requirement files."
 category = "main"
 optional = false
-python-versions = "*"
+python-versions = ">=3.6,<4.0"
 files = [
-    {file = "requirements-parser-0.2.0.tar.gz", hash = "sha256:5963ee895c2d05ae9f58d3fc641082fb38021618979d6a152b6b1398bd7d4ed4"},
-    {file = "requirements_parser-0.2.0-py2-none-any.whl", hash = "sha256:76650b4a9d98fc65edf008a7920c076bb2a76c08eaae230ce4cfc6f51ea6a773"},
+    {file = "requirements-parser-0.5.0.tar.gz", hash = "sha256:3336f3a3ae23e06d3f0f88595e4052396e3adf91688787f637e5d2ca1a904069"},
+    {file = "requirements_parser-0.5.0-py3-none-any.whl", hash = "sha256:e7fcdcd04f2049e73a9fb150d8a0f9d51ce4108f5f7cbeac74c484e17b12bcd9"},
 ]
 
+[package.dependencies]
+types-setuptools = ">=57.0.0"
+
 [[package]]
 name = "responses"
-version = "0.17.0"
+version = "0.24.1"
 description = "A utility library for mocking out the `requests` Python library."
 category = "dev"
 optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+python-versions = ">=3.8"
 files = [
-    {file = "responses-0.17.0-py2.py3-none-any.whl", hash = "sha256:e4fc472fb7374fb8f84fcefa51c515ca4351f198852b4eb7fc88223780b472ea"},
-    {file = "responses-0.17.0.tar.gz", hash = "sha256:ec675e080d06bf8d1fb5e5a68a1e5cd0df46b09c78230315f650af5e4036bec7"},
+    {file = "responses-0.24.1-py3-none-any.whl", hash = "sha256:a2b43f4c08bfb9c9bd242568328c65a34b318741d3fab884ac843c5ceeb543f9"},
+    {file = "responses-0.24.1.tar.gz", hash = "sha256:b127c6ca3f8df0eb9cc82fd93109a3007a86acb24871834c47b77765152ecf8c"},
 ]
 
 [package.dependencies]
-requests = ">=2.0"
-six = "*"
-urllib3 = ">=1.25.10"
+pyyaml = "*"
+requests = ">=2.30.0,<3.0"
+urllib3 = ">=1.25.10,<3.0"
 
 [package.extras]
-tests = ["coverage (>=3.7.1,<6.0.0)", "flake8", "mypy", "pytest (>=4.6)", "pytest (>=4.6,<5.0)", "pytest-cov", "pytest-localserver", "types-mock", "types-requests", "types-six"]
+tests = ["coverage (>=6.0.0)", "flake8", "mypy", "pytest (>=7.0.0)", "pytest-asyncio", "pytest-cov", "pytest-httpserver", "tomli", "tomli-w", "types-PyYAML", "types-requests"]
 
 [[package]]
 name = "semver"
-version = "2.13.0"
-description = "Python helper for Semantic Versioning (http://semver.org/)"
+version = "3.0.2"
+description = "Python helper for Semantic Versioning (https://semver.org)"
 category = "main"
 optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
+python-versions = ">=3.7"
 files = [
-    {file = "semver-2.13.0-py2.py3-none-any.whl", hash = "sha256:ced8b23dceb22134307c1b8abfa523da14198793d9787ac838e70e29e77458d4"},
-    {file = "semver-2.13.0.tar.gz", hash = "sha256:fa0fe2722ee1c3f57eac478820c3a5ae2f624af8264cbdf9000c980ff7f75e3f"},
+    {file = "semver-3.0.2-py3-none-any.whl", hash = "sha256:b1ea4686fe70b981f85359eda33199d60c53964284e0cfb4977d243e37cf4bf4"},
+    {file = "semver-3.0.2.tar.gz", hash = "sha256:6253adb39c70f6e51afed2fa7152bcd414c411286088fb4b9effb133885ab4cc"},
 ]
 
 [[package]]
 name = "setuptools"
-version = "69.0.2"
+version = "69.0.3"
 description = "Easily download, build, install, upgrade, and uninstall Python packages"
 category = "main"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "setuptools-69.0.2-py3-none-any.whl", hash = "sha256:1e8fdff6797d3865f37397be788a4e3cba233608e9b509382a2777d25ebde7f2"},
-    {file = "setuptools-69.0.2.tar.gz", hash = "sha256:735896e78a4742605974de002ac60562d286fa8051a7e2299445e8e8fbb01aa6"},
+    {file = "setuptools-69.0.3-py3-none-any.whl", hash = "sha256:385eb4edd9c9d5c17540511303e39a147ce2fc04bc55289c322b9e5904fe2c05"},
+    {file = "setuptools-69.0.3.tar.gz", hash = "sha256:be1af57fc409f93647f2e8e4573a142ed38724b8cdd389706a867bb4efcf1e78"},
 ]
 
 [package.extras]
@@ -983,14 +1056,14 @@ files = [
 
 [[package]]
 name = "sw360"
-version = "1.3.2rc1"
+version = "1.4.0"
 description = "Python interface to the SW360 software component catalogue"
 category = "main"
 optional = false
 python-versions = ">=3.7,<4.0"
 files = [
-    {file = "sw360-1.3.2rc1-py3-none-any.whl", hash = "sha256:0d564714ac3bc17feee51a3349668ac577e779f3feadfe2a0a8638835d0d43f2"},
-    {file = "sw360-1.3.2rc1.tar.gz", hash = "sha256:c0d14f08bc430c5ba3fe625d506fdcc8329b695e55b65bdcea8604fe43f425e3"},
+    {file = "sw360-1.4.0-py3-none-any.whl", hash = "sha256:350854144700c046fbcf2063e76a089ef2286e7a5b255b9928ce9625268e5a81"},
+    {file = "sw360-1.4.0.tar.gz", hash = "sha256:e6a09d8ba0c1b60982a9ec153b8ab58ce984ded54405526b5b73fde409ab132b"},
 ]
 
 [package.dependencies]
@@ -1020,6 +1093,120 @@ files = [
     {file = "tomli-2.0.1.tar.gz", hash = "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f"},
 ]
 
+[[package]]
+name = "types-beautifulsoup4"
+version = "4.12.0.20240106"
+description = "Typing stubs for beautifulsoup4"
+category = "dev"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "types-beautifulsoup4-4.12.0.20240106.tar.gz", hash = "sha256:98d628985b71b140bd3bc22a8cb0ab603c2f2d08f20d37925965eb4a21739be8"},
+    {file = "types_beautifulsoup4-4.12.0.20240106-py3-none-any.whl", hash = "sha256:cbdd60ab8aeac737ac014431b6e921b43e84279c0405fdd25a6900bb0e71da5b"},
+]
+
+[package.dependencies]
+types-html5lib = "*"
+
+[[package]]
+name = "types-colorama"
+version = "0.4.15.12"
+description = "Typing stubs for colorama"
+category = "dev"
+optional = false
+python-versions = "*"
+files = [
+    {file = "types-colorama-0.4.15.12.tar.gz", hash = "sha256:fbdfc5d9d24d85c33bd054fbe33adc6cec44eedb19cfbbabfbbb57dc257ae4b8"},
+    {file = "types_colorama-0.4.15.12-py3-none-any.whl", hash = "sha256:23c9d4a00961227f7ef018d5a1c190c4bbc282119c3ee76a17677a793f13bb82"},
+]
+
+[[package]]
+name = "types-html5lib"
+version = "1.1.11.20240106"
+description = "Typing stubs for html5lib"
+category = "dev"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "types-html5lib-1.1.11.20240106.tar.gz", hash = "sha256:fc3a1b18eb601b3eeaf92c900bd67675c0a4fa1dd1d2a2893ebdb46923547ee9"},
+    {file = "types_html5lib-1.1.11.20240106-py3-none-any.whl", hash = "sha256:61993cb89220107481e0f1da65c388ff8cf3d8c5f6e8483c97559639a596b697"},
+]
+
+[[package]]
+name = "types-openpyxl"
+version = "3.1.0.32"
+description = "Typing stubs for openpyxl"
+category = "dev"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "types-openpyxl-3.1.0.32.tar.gz", hash = "sha256:3d37da6490fc4ed04f1d79c0f523b31197d559043cbc90cbd15acab542a0267b"},
+    {file = "types_openpyxl-3.1.0.32-py3-none-any.whl", hash = "sha256:d347f177783dde0f3970aa4a32f808932a269f93809aa953a2bf33bc92b25eb1"},
+]
+
+[[package]]
+name = "types-python-dateutil"
+version = "2.8.19.14"
+description = "Typing stubs for python-dateutil"
+category = "dev"
+optional = false
+python-versions = "*"
+files = [
+    {file = "types-python-dateutil-2.8.19.14.tar.gz", hash = "sha256:1f4f10ac98bb8b16ade9dbee3518d9ace017821d94b057a425b069f834737f4b"},
+    {file = "types_python_dateutil-2.8.19.14-py3-none-any.whl", hash = "sha256:f977b8de27787639986b4e28963263fd0e5158942b3ecef91b9335c130cb1ce9"},
+]
+
+[[package]]
+name = "types-requests"
+version = "2.31.0.6"
+description = "Typing stubs for requests"
+category = "dev"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "types-requests-2.31.0.6.tar.gz", hash = "sha256:cd74ce3b53c461f1228a9b783929ac73a666658f223e28ed29753771477b3bd0"},
+    {file = "types_requests-2.31.0.6-py3-none-any.whl", hash = "sha256:a2db9cb228a81da8348b49ad6db3f5519452dd20a9c1e1a868c83c5fe88fd1a9"},
+]
+
+[package.dependencies]
+types-urllib3 = "*"
+
+[[package]]
+name = "types-setuptools"
+version = "69.0.0.0"
+description = "Typing stubs for setuptools"
+category = "main"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "types-setuptools-69.0.0.0.tar.gz", hash = "sha256:b0a06219f628c6527b2f8ce770a4f47550e00d3e8c3ad83e2dc31bc6e6eda95d"},
+    {file = "types_setuptools-69.0.0.0-py3-none-any.whl", hash = "sha256:8c86195bae2ad81e6dea900a570fe9d64a59dbce2b11cc63c046b03246ea77bf"},
+]
+
+[[package]]
+name = "types-urllib3"
+version = "1.26.25.14"
+description = "Typing stubs for urllib3"
+category = "dev"
+optional = false
+python-versions = "*"
+files = [
+    {file = "types-urllib3-1.26.25.14.tar.gz", hash = "sha256:229b7f577c951b8c1b92c1bc2b2fdb0b49847bd2af6d1cc2a2e3dd340f3bda8f"},
+    {file = "types_urllib3-1.26.25.14-py3-none-any.whl", hash = "sha256:9683bbb7fb72e32bfe9d2be6e04875fbe1b3eeec3cbb4ea231435aa7fd6b4f0e"},
+]
+
+[[package]]
+name = "typing-extensions"
+version = "4.9.0"
+description = "Backported and Experimental Type Hints for Python 3.8+"
+category = "dev"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "typing_extensions-4.9.0-py3-none-any.whl", hash = "sha256:af72aea155e91adfc61c3ae9e0e342dbc0cba726d6cba4b6c72c1f34e47291cd"},
+    {file = "typing_extensions-4.9.0.tar.gz", hash = "sha256:23478f88c37f27d76ac8aee6c905017a143b0b1b886c3c9f66bc2fd94f9f5783"},
+]
+
 [[package]]
 name = "tzdata"
 version = "2023.3"
@@ -1305,4 +1492,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.8" # drop support for 3.6 and 3.7 because of wheel and cli-support
-content-hash = "1438284e1f25694cece6405d669f8ae83835406779fded576b18837a43f959d9"
+content-hash = "897930c786d39af512886c5070c6921540d48251a706ac099fff0aa2f980578d"
diff --git a/pyproject.toml b/pyproject.toml
index 3414436..17963d2 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -3,7 +3,7 @@
 
 [tool.poetry]
 name = "capycli"
-version = "2.1.0"
+version = "2.2.0.dev1"
 description = "CaPyCli - Clearing Automation Python Command Line Interface for SW360"
 authors = ["Thomas Graf <thomas.graf@siemens.com>"]
 license = "MIT"
@@ -37,15 +37,15 @@ capycli = "capycli.main.cli:main"
 python = "^3.8" # drop support for 3.6 and 3.7 because of wheel and cli-support
 colorama = "^0.4.3"
 requests = "^2.31.0" # fix CVE-2023-32681 
-semver = "^2.9.1"
+semver = "3.0.2"
 packageurl-python = ">0.8, <1.0"
 pyjwt = "^1.7.1"
 openpyxl = "^3.0.3"
-requirements-parser = "^0.2.0"
-sw360 = "1.3.2rc1"
+requirements-parser = "0.5.0"
+sw360 = "1.4.0"
 wheel = "^0.38.4"
-cli-support = "^1.3"
-chardet = "^3.0.4"
+cli-support = "2.0.0"
+chardet = "5.2.0"
 cyclonedx-python-lib = ">3.1.1"
 cyclonedx-bom = "^3.11.0"
 tomli = "^2.0.1"
@@ -54,14 +54,21 @@ urllib3 = "*"
 importlib-resources = "^5.12.0"
 beautifulsoup4 = "^4.11.1"
 
-[tool.poetry.dev-dependencies]
+[tool.poetry.group.dev.dependencies]
 flake8 = ">=3.7.8"
 coverage = "^5.4"
-responses = "^0.17.0"
-pytest = "^7.2.2"
-vcrpy = "4.4.0"  # "4.4.0" does not support urllib3 >= 2
+responses = "0.24.1"
+pytest = "7.4.3"
+vcrpy = "4.4.0"  # arrghh, no version of vcrpy supports urllib3 >= 2
 cli-test-helpers = "^3.1.0"
 isort = "^5.12.0"
+mypy = "^1.8.0"
+types-colorama = "^0.4.15.12"
+types-urllib3 = "^1.26.25.14"
+types-openpyxl = "^3.1.0.32"
+types-python-dateutil = "^2.8.19.14"
+types-requests = "2.31.0.6"  # this is the last version that uses urllib3 < 2
+types-beautifulsoup4 = "^4.12.0.20240106"
 
 [build-system]
 requires = ["poetry>=0.12"]
@@ -72,3 +79,29 @@ filterwarnings = [
     # note the use of single quote below to denote "raw" strings in TOML
     'ignore:pkg_resources is deprecated as an API:DeprecationWarning'
 ]
+
+[tool.mypy]
+exclude = [
+    "/tests",
+]
+
+show_error_codes = true
+pretty = true
+
+warn_unreachable = true
+allow_redefinition = true
+
+### Strict mode ###
+warn_unused_configs         = true
+disallow_subclassing_any    = true
+
+disallow_any_generics       = true
+disallow_untyped_calls      = true
+disallow_untyped_defs       = true
+disallow_incomplete_defs    = true
+check_untyped_defs          = true
+disallow_untyped_decorators = true
+no_implicit_optional        = true
+warn_redundant_casts        = true
+warn_unused_ignores         = true
+no_implicit_reexport        = true
diff --git a/requirements.txt b/requirements.txt
index 3dc0f0f..62061a8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,10 +1,11 @@
 backports-zoneinfo==0.2.1 ; python_version >= "3.8" and python_version < "3.9"
+beautifulsoup4==4.12.2 ; python_version >= "3.8" and python_version < "4.0"
 certifi==2023.11.17 ; python_version >= "3.8" and python_version < "4.0"
-chardet==3.0.4 ; python_version >= "3.8" and python_version < "4.0"
+chardet==5.2.0 ; python_version >= "3.8" and python_version < "4.0"
 charset-normalizer==3.3.2 ; python_version >= "3.8" and python_version < "4.0"
-cli-support==1.3 ; python_version >= "3.8" and python_version < "4.0"
+cli-support==2.0.0 ; python_version >= "3.8" and python_version < "4.0"
 colorama==0.4.6 ; python_version >= "3.8" and python_version < "4.0"
-cyclonedx-bom==3.11.2 ; python_version >= "3.8" and python_version < "4.0"
+cyclonedx-bom==3.11.7 ; python_version >= "3.8" and python_version < "4.0"
 cyclonedx-python-lib==3.1.5 ; python_version >= "3.8" and python_version < "4.0"
 dateparser==1.2.0 ; python_version >= "3.8" and python_version < "4.0"
 et-xmlfile==1.1.0 ; python_version >= "3.8" and python_version < "4.0"
@@ -18,15 +19,18 @@ pyjwt==1.7.1 ; python_version >= "3.8" and python_version < "4.0"
 pyparsing==3.1.1 ; python_version >= "3.8" and python_version < "4.0"
 python-dateutil==2.8.2 ; python_version >= "3.8" and python_version < "4.0"
 pytz==2023.3.post1 ; python_version >= "3.8" and python_version < "4.0"
-regex==2023.10.3 ; python_version >= "3.8" and python_version < "4.0"
+regex==2023.12.25 ; python_version >= "3.8" and python_version < "4.0"
 requests==2.31.0 ; python_version >= "3.8" and python_version < "4.0"
-requirements-parser==0.2.0 ; python_version >= "3.8" and python_version < "4.0"
-setuptools==69.0.2 ; python_version >= "3.8" and python_version < "4.0"
+requirements-parser==0.5.0 ; python_version >= "3.8" and python_version < "4.0"
+semver==3.0.2 ; python_version >= "3.8" and python_version < "4.0"
+setuptools==69.0.3 ; python_version >= "3.8" and python_version < "4.0"
 six==1.16.0 ; python_version >= "3.8" and python_version < "4.0"
 sortedcontainers==2.4.0 ; python_version >= "3.8" and python_version < "4.0"
-sw360==1.3.2rc1 ; python_version >= "3.8" and python_version < "4.0"
+soupsieve==2.4.1 ; python_version >= "3.8" and python_version < "4.0"
+sw360==1.4.0 ; python_version >= "3.8" and python_version < "4.0"
 toml==0.10.2 ; python_version >= "3.8" and python_version < "4.0"
 tomli==2.0.1 ; python_version >= "3.8" and python_version < "4.0"
+types-setuptools==69.0.0.0 ; python_version >= "3.8" and python_version < "4.0"
 tzdata==2023.3 ; python_version >= "3.8" and python_version < "4.0" and platform_system == "Windows"
 tzlocal==5.2 ; python_version >= "3.8" and python_version < "4.0"
 urllib3==1.26.18 ; python_version >= "3.8" and python_version < "4.0"
diff --git a/stubs/jwt.pyi b/stubs/jwt.pyi
new file mode 100644
index 0000000..ae107f3
--- /dev/null
+++ b/stubs/jwt.pyi
@@ -0,0 +1,113 @@
+# https://github.com/GehirnInc/python-jwt
+
+from abc import ABC, abstractmethod
+from typing import AbstractSet, Any, Callable, Dict, Optional
+
+class JWTException(Exception):
+    """
+    common base class for all exceptions used in python-jwt
+    """
+
+
+class MalformedJWKError(JWTException):
+    ...
+
+
+class UnsupportedKeyTypeError(JWTException):
+    ...
+
+
+class InvalidKeyTypeError(JWTException):
+    ...
+
+
+class JWSEncodeError(JWTException):
+    ...
+
+
+class JWSDecodeError(JWTException):
+    ...
+
+
+class JWTEncodeError(JWTException):
+    ...
+
+
+class JWTDecodeError(JWTException):
+    ...
+
+
+class AbstractJWKBase(ABC):
+    @abstractmethod
+    def get_kty(self) -> str:
+        ...
+
+    @abstractmethod
+    def get_kid(self) -> str:
+        ...
+
+    @abstractmethod
+    def is_sign_key(self) -> bool:
+        ...
+
+    @abstractmethod
+    def sign(self, message: bytes, **options: Any) -> bytes:
+        ...
+
+    @abstractmethod
+    def verify(self, message: bytes, signature: bytes, **options: Any) -> bool:
+        ...
+
+    @abstractmethod
+    def to_dict(self, public_only: bool = True) -> Dict[str, str]:
+        ...
+
+
+class OctetJWK(AbstractJWKBase):
+
+    def __init__(self, key: bytes, kid: Any = None, **options: Any) -> None:
+        self.kid: Any
+        ...
+
+        optnames = {'use', 'key_ops', 'alg', 'x5u', 'x5c', 'x5t', 'x5t#s256'}
+        self.options = {k: v for k, v in options.items() if k in optnames}
+
+    def get_kty(self) -> Any:
+        return 'oct'
+
+    def get_kid(self) -> Any:
+        return self.kid
+
+    def is_sign_key(self) -> bool:
+        ...
+
+    def _get_signer(self, options: Any) -> Callable[[bytes, bytes], bytes]:
+        ...
+
+    def sign(self, message: bytes, **options: Any) -> bytes:
+        ...
+
+    def verify(self, message: bytes, signature: bytes, **options: Any) -> bool:
+        ...
+
+    def to_dict(self, public_only: bool = True) -> Any:
+        ...
+
+    @classmethod
+    def from_dict(cls, dct: Any) -> None:
+        ...
+
+
+class JWT:
+    def __init__(self) -> None:
+        ...
+
+    def encode(self, payload: Dict[str, Any],
+               key: Optional[AbstractJWKBase] = None, alg: str = 'HS256',
+               optional_headers: Optional[Dict[str, str]] = None) -> str:
+        ...
+
+    def decode(self, message: str, key: Optional[AbstractJWKBase] = None,
+               do_verify: bool = True, algorithms: Optional[AbstractSet[str]] = None,
+               do_time_check: bool = True) -> Dict[str, Any]:
+        ...
diff --git a/stubs/sortedcontainers.pyi b/stubs/sortedcontainers.pyi
new file mode 100644
index 0000000..caef831
--- /dev/null
+++ b/stubs/sortedcontainers.pyi
@@ -0,0 +1,485 @@
+# https://pypi.org/project/sortedcontainers/
+# https://github.com/grantjenks/python-sortedcontainers
+
+from __future__ import annotations
+
+from collections.abc import ItemsView, Iterable, Iterator, KeysView, MutableSequence, MutableSet, Sequence, ValuesView
+from operator import eq, ge, gt, le, lt, ne
+from typing import Any, Optional, Tuple, Union, overload
+
+class SortedSet(MutableSet, Sequence):  # type: ignore
+    def __init__(self, iterable: Any = None, key: Any = None) -> None:
+        ...
+
+    @classmethod
+    def _fromset(cls, values: Any, key: Any = None) -> SortedSet:
+        ...
+
+    @property
+    def key(self) -> Any:
+        ...
+
+    def __contains__(self, value: Any) -> bool:
+        ...
+
+    @overload
+    def __getitem__(self, index: int) -> Any:
+        ...
+
+    @overload
+    def __getitem__(self, xxx: slice) -> Sequence[Any]:
+        ...
+
+    def __delitem__(self, index: int) -> None:
+        ...
+
+    def __make_cmp(set_op: Any, symbol: Any, doc: Any) -> Any:
+        ...
+
+    __eq__ = __make_cmp(eq, '==', 'equal to')
+    __ne__ = __make_cmp(ne, '!=', 'not equal to')
+    __lt__ = __make_cmp(lt, '<', 'a proper subset of')
+    __gt__ = __make_cmp(gt, '>', 'a proper superset of')
+    __le__ = __make_cmp(le, '<=', 'a subset of')
+    __ge__ = __make_cmp(ge, '>=', 'a superset of')
+    __make_cmp = staticmethod(__make_cmp)
+
+    def __len__(self) -> int:
+        ...
+
+    def __iter__(self) -> Any:
+        ...
+
+    def __reversed__(self) -> Iterator:  # type: ignore
+        ...
+
+    def add(self, value: Any) -> None:
+        ...
+
+    def clear(self) -> None:
+        ...
+
+    def copy(self) -> SortedSet:
+        ...
+
+    def count(self, value: Any) -> int:
+        ...
+
+    def discard(self, value: Any) -> None:
+        ...
+
+    def pop(self, index: int = -1) -> Any:
+        ...
+
+    def remove(self, value: Any) -> None:
+        ...
+
+    def difference(self, *iterables: Any) -> SortedSet:
+        ...
+
+    def difference_update(self, *iterables: Any) -> SortedSet:
+        ...
+
+    def intersection(self, *iterables: Any) -> SortedSet:
+        ...
+
+    def intersection_update(self, *iterables: Any) -> SortedSet:
+        ...
+
+    __iand__ = intersection_update
+
+    def symmetric_difference(self, other: Any) -> SortedSet:
+        ...
+
+    def symmetric_difference_update(self, other: Any) -> SortedSet:
+        ...
+
+    def union(self, *iterables: Any) -> SortedSet:
+        ...
+
+    def update(self, *iterables: Any) -> SortedSet:
+        ...
+
+    def __reduce__(self) -> Union[str, Tuple[Any, ...]]:
+        ...
+
+    def __repr__(self) -> str:
+        ...
+
+    def _check(self) -> None:
+        ...
+
+
+class SortedList(MutableSequence):  # type: ignore
+    def __init__(self, iterable: Any = None, key: Any = None) -> None:
+        ...
+
+    def __new__(cls, iterable: Any = None, key: Any = None) -> SortedList:
+        ...
+
+    @property
+    def key(self) -> None:
+        ...
+
+    def _reset(self, load: Any) -> None:
+        ...
+
+    def clear(self) -> None:
+        ...
+
+    def add(self, value: Any) -> None:
+        ...
+
+    def _expand(self, pos: int) -> Any:
+        ...
+
+    def update(self, iterable: Iterable) -> Any:  # type: ignore
+        ...
+
+    def __contains__(self, value: Any) -> bool:
+        ...
+
+    def discard(self, value: Any) -> None:
+        ...
+
+    def remove(self, value: Any) -> None:
+        ...
+
+    def _delete(self, pos: int, idx: int) -> None:
+        ...
+
+    def _loc(self, pos: int, idx: int) -> int:
+        ...
+
+    def _pos(self, idx: int) -> Tuple[int, int]:
+        ...
+
+    def _build_index(self) -> int:
+        ...
+
+    @overload
+    def __delitem__(self, index: int) -> None:
+        ...
+
+    @overload
+    def __delitem__(self, index: slice) -> None:
+        ...
+
+    @overload
+    def __getitem__(self, index: int) -> Any:
+        ...
+
+    @overload
+    def __getitem__(self, index: slice) -> MutableSequence[Any]:
+        ...
+
+    @overload
+    def __setitem__(self, index: int, value: Any) -> None:
+        ...
+
+    @overload
+    def __setitem__(self, index: slice, values: Iterable[Any]) -> None:
+        ...
+
+    def __iter__(self) -> Iterator:  # type: ignore
+        ...
+
+    def __reversed__(self) -> Iterator:  # type: ignore
+        ...
+
+    def reverse(self) -> None:
+        ...
+
+    def islice(self, start: Optional[int] = None, stop: Optional[int] = None,
+               reverse: bool = False) -> Iterator:  # type: ignore
+        ...
+
+    def _islice(self, min_pos: int, min_idx: int, max_pos: int,
+                max_idx: int, reverse: bool) -> Iterator:  # type: ignore
+        ...
+
+    def irange(self, minimum: Optional[int] = None, maximum: Optional[int] = None,
+               inclusive: Tuple[bool, bool] = (True, True),
+               reverse: bool = False) -> Iterator:   # type: ignore
+        ...
+
+    def __len__(self) -> int:
+        ...
+
+    def bisect_left(self, value: Any) -> int:
+        ...
+
+    def bisect_right(self, value: Any) -> int:
+        ...
+
+    def count(self, value: Any) -> int:
+        ...
+
+    def copy(self) -> SortedList:
+        ...
+
+    def append(self, value: Any) -> None:
+        ...
+
+    def extend(self, values: Any) -> None:
+        ...
+
+    def insert(self, index: int, value: Any) -> None:
+        ...
+
+    def pop(self, index: int = -1) -> Any:
+        ...
+
+    def index(self, value: Any, start: Optional[int] = None, stop: Optional[int] = None) -> int:
+        ...
+
+    def __add__(self, other: SortedList) -> SortedList:
+        ...
+
+    def __iadd__(self, other: Iterable[Any]) -> SortedList:
+        ...
+
+    def __mul__(self, num: int) -> SortedList:
+        ...
+
+    def __imul__(self, num: int) -> SortedList:
+        ...
+
+    def __reduce__(self) -> Any:
+        ...
+
+    def __repr__(self) -> str:
+        ...
+
+    def _check(self) -> None:
+        ...
+
+
+def identity(value: Any) -> Any:
+    ...
+
+
+class SortedKeyList(SortedList):
+    """Sorted-key list is a subtype of sorted list.
+    """
+    def __init__(self, iterable: Optional[Iterable] = None, key: Any = identity) -> None:  # type: ignore
+        ...
+
+    def __new__(cls, iterable: Optional[Iterable] = None, key: Any = identity) -> SortedKeyList:  # type: ignore
+        return object.__new__(cls)
+
+    @property
+    def key(self) -> Any:
+        ...
+
+    def clear(self) -> None:
+        ...
+
+    def add(self, value: Any) -> None:
+        ...
+
+    def _expand(self, pos: int) -> None:
+        ...
+
+    def update(self, iterable: Iterable) -> None:  # type: ignore
+        ...
+
+    def __contains__(self, value: Any) -> bool:
+        ...
+
+    def discard(self, value: Any) -> None:
+        ...
+
+    def remove(self, value: Any) -> None:
+        ...
+
+    def _delete(self, pos: int, idx: int) -> None:
+        ...
+
+    def irange(self, minimum: Optional[int] = None, maximum: Optional[int] = None,
+               inclusive: Tuple[bool, bool] = (True, True),
+               reverse: bool = False) -> Iterator:  # type: ignore
+        ...
+
+    def irange_key(self, min_key: Optional[Any] = None, max_key: Optional[Any] = None,
+                   inclusiv: Tuple[bool, bool] = (True, True),
+                   reverse: bool = False) -> Iterator:  # type: ignore
+        ...
+
+    def bisect_left(self, value: Any) -> int:
+        ...
+
+    def bisect_right(self, value: Any) -> int:
+        ...
+
+    def bisect_key_left(self, key: Any) -> int:
+        ...
+
+    def bisect_key_right(self, key: Any) -> int:
+        ...
+
+    def count(self, value: Any) -> int:
+        ...
+
+    def copy(self) -> SortedKeyList:
+        ...
+
+    def index(self, value: Any, start: Optional[int] = None, stop: Optional[int] = None) -> int:
+        ...
+
+    def __add__(self, other: SortedList) -> SortedKeyList:
+        ...
+
+    def __mul__(self, num: int) -> SortedKeyList:
+        ...
+
+    def __reduce__(self) -> Any:
+        ...
+
+    def __repr__(self) -> str:
+        ...
+
+    def _check(self) -> None:
+        ...
+
+
+class SortedDict(dict):  # type: ignore
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
+        ...
+
+    @property
+    def key(self) -> Any:
+        ...
+
+    @property
+    def iloc(self) -> Any:
+        ...
+
+    def clear(self) -> None:
+        ...
+
+    def __delitem__(self, key: Any) -> None:
+        ...
+
+    def __iter__(self) -> Iterator:  # type: ignore
+        ...
+
+    def __reversed__(self) -> Iterator:  # type: ignore
+        ...
+
+    def __setitem__(self, key: Any, value: Any) -> None:
+        ...
+
+    # @overload
+    def __or__(self, other: Any) -> SortedDict:
+        ...
+
+    # @overload
+    # def __or__(self, other: Iterable[Tuple[Any, Any]]) -> SortedDict:
+    #     ...
+
+    def __ror__(self, otherSortedDict: Any) -> Any:
+        ...
+
+    # @overload
+    def __ior__(self, other: Any) -> SortedDict:
+        ...
+
+    # @overload
+    # def __ior__(self, other: Iterable[Tuple[Any, Any]]) -> SortedDict:
+    #     ...
+
+    def copy(self) -> SortedDict:
+        ...
+
+    @classmethod
+    def fromkeys(cls, iterable: Iterable, value: Any = None) -> SortedDict:  # type: ignore
+        ...
+
+    def keys(self) -> Any:
+        ...
+
+    def items(self) -> Any:
+        ...
+
+    def values(self) -> Any:
+        ...
+
+    class _NotGiven(object):
+        # pylint: disable=too-few-public-methods
+        def __repr__(self) -> str:
+            ...
+
+    @overload
+    def pop(self, key: Any) -> Any:
+        ...
+
+    # @overload
+    # def pop(self, key: Any, default: _NotGiven) -> _NotGiven:
+    #     ...
+
+    @overload
+    def pop(self, key: Any, x: Union[Any, Any]) -> Union[Any, Any]:
+        ...
+
+    def popitem(self, index: int = -1) -> Any:
+        ...
+
+    def peekitem(self, index: int = -1) -> Any:
+        ...
+
+    def setdefault(self, key: Any, default: Any = None) -> Any:
+        ...
+
+    def update(self, *args: Any, **kwargs: Any) -> None:
+        ...
+
+    def __reduce__(self) -> Any:
+        ...
+
+    def __repr__(self) -> str:
+        ...
+
+    def _check(self) -> None:
+        ...
+
+    def _view_delitem(self, index: Any) -> None:
+        ...
+
+
+class SortedKeysView(KeysView, Sequence):  # type: ignore
+    @classmethod
+    def _from_iterable(cls, it: Iterable) -> SortedSet:  # type: ignore
+        ...
+
+    @overload
+    def __getitem__(self, index: int) -> Any:
+        ...
+
+    @overload
+    def __getitem__(self, index: slice) -> Sequence[Any]:
+        ...
+
+
+class SortedItemsView(ItemsView, Sequence):  # type: ignore
+    @classmethod
+    def _from_iterable(cls, it: Iterable) -> SortedSet:  # type: ignore
+        ...
+
+    @overload
+    def __getitem__(self, index: int) -> Any:
+        ...
+
+    @overload
+    def __getitem__(self, index: slice) -> Sequence[Any]:
+        ...
+
+
+class SortedValuesView(ValuesView, Sequence):  # type: ignore
+    @overload
+    def __getitem__(self, index: int) -> Any:
+        ...
+
+    @overload
+    def __getitem__(self, index: slice) -> Sequence[Any]:
+        ...
diff --git a/stubs/vcr.pyi b/stubs/vcr.pyi
new file mode 100644
index 0000000..1138c94
--- /dev/null
+++ b/stubs/vcr.pyi
@@ -0,0 +1,15 @@
+from typing import Any, List
+
+class Cassette:
+    def load(cls, **kwargs: int) -> Any:
+        ...
+
+
+class VCR:
+    def use_cassette(self, path: str = "", **kwargs: int) -> Cassette:
+        ...
+
+
+def use_cassette(path: str = "", filter_headers: List[str] = [],
+                 match_on: List[str] = [], record_mode: str = "none") -> Cassette:
+    ...
diff --git a/tests/test_application.py b/tests/test_application.py
index 761c782..0fbd3a7 100644
--- a/tests/test_application.py
+++ b/tests/test_application.py
@@ -6,6 +6,7 @@
 # SPDX-License-Identifier: MIT
 # -------------------------------------------------------------------------------
 
+from typing import List
 
 import capycli.common.json_support
 import capycli.common.script_base
@@ -18,21 +19,21 @@ class TestApplication(TestBase):
     """
     Tests for the Application class.
     """
-    def test_init(self):
+    def test_init(self) -> None:
         sut = Application()
         self.assertEqual("CaPyCli", sut.program)
         self.assertIsNotNone(sut.version)
 
-    def test_check_no_arguments(self):
+    def test_check_no_arguments(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
 
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("Commands and Sub-Commands" in out)
 
-    def test_check_unknown_argument(self):
+    def test_check_unknown_argument(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
         args.append("xx_unknown_xx")
 
         try:
@@ -41,9 +42,9 @@ def test_check_unknown_argument(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_check_for_version_display(self):
+    def test_check_for_version_display(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
         args.append("capycli")
         args.append("--version")
 
@@ -51,17 +52,17 @@ def test_check_for_version_display(self):
         self.assertTrue("CaPyCli - Clearing Automation Python Command Line Tool" in out)
         self.assertTrue("version " in out)
 
-    def test_check_for_global_help(self):
+    def test_check_for_global_help(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
         args.append("-h")
 
         out = self.capture_stdout(sut._run, args)
         self.assertTrue("Commands and Sub-Commands" in out)
 
-    def test_check_for_debug_switch(self):
+    def test_check_for_debug_switch(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
         args.append("-x")
         args.append("-h")
 
@@ -74,45 +75,45 @@ def test_check_for_debug_switch(self):
 
         self.assertTrue(capycli.main.application.DEBUG_LOGGING)
 
-    def test_getdependencies(self):
+    def test_getdependencies(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
         args.append("getdependencies")
         args.append("-h")
 
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("getdependencies - dependency detection specific sub-commands" in out)
 
-    def test_bom(self):
+    def test_bom(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
         args.append("bom")
         args.append("-h")
 
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("bom               bill of material" in out)
 
-    def test_mapping(self):
+    def test_mapping(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
         args.append("mapping")
         args.append("-h")
 
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("mapping - mapping sub-commands" in out)
 
-    def test_moverview(self):
+    def test_moverview(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
         args.append("moverview")
         args.append("-h")
 
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("moverview - mapping overview sub-commands" in out)
 
-    def test_project(self):
+    def test_project(self) -> None:
         sut = Application()
-        args = []
+        args: List[str] = []
         args.append("project")
         args.append("-h")
 
diff --git a/tests/test_base.py b/tests/test_base.py
index a2fb8e9..8e837f5 100644
--- a/tests/test_base.py
+++ b/tests/test_base.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2021-23 Siemens
+# Copyright (c) 2021-2024 Siemens
 # All Rights Reserved.
 # Author: thomas.graf@siemens.com, manuel.schaffer@siemens.com
 #
@@ -10,7 +10,7 @@
 import sys
 import unittest
 from io import BytesIO, TextIOWrapper
-from typing import Any
+from typing import Any, Dict, List
 
 import responses
 
@@ -19,51 +19,50 @@ class AppArguments():
     # Examples
     # command=['bom', 'diff', '.\\Tests\\bom_diff_1.json', '.\\tests\\bom_diff_1.json']
 
-    def __init__(self):
-        self.cachefile = None
-        self.command = None
-        self.create_overview = None
-        self.cyclonedx = False
-        self.dbx = False
-        self.debug = False
-        self.destination = None
-        self.download = False
-        self.ex = False
-        self.filterfile = None
-        self.help = False
-        self.id = None
-        self.inputfile = None
-        self.name = None
-        self.ncli = False
-        self.nconf = False
-        self.nocache = False
-        self.oauth2 = False
-        self.old_version = None
-        self.outputfile = None
-        self.package_source = None
-        self.raw_input = None
-        self.refresh_cache = False
-        self.result_required = False
-        self.search_meta_data = False
-        self.similar = False
-        self.source = None
-        self.sw360_token = None
-        self.sw360_url = None
-        self.verbose = False
-        self.verbose2 = False
-        self.version = None
-        self.write_mapresult = None
-        self.xml = False
-        self.help = False
-        self.all = False
-        self.mode = "all"
-        self.format = ""
-        self.force_exit = ""
-        self.inputformat = ""
-        self.outputformat = ""
-        self.remote_granularity_list = None
-        self.local_granularity_list = None
-        self.github_token = ""
+    def __init__(self) -> None:
+        self.cachefile: str = ""
+        self.command: List[str] = []
+        self.create_overview: str = ""
+        self.cyclonedx: bool = False
+        self.dbx: bool = False
+        self.debug: bool = False
+        self.destination: str = ""
+        self.download: bool = False
+        self.ex: bool = False
+        self.filterfile: str = ""
+        self.help: bool = False
+        self.id: str = ""
+        self.inputfile: str = ""
+        self.name: str = ""
+        self.ncli: bool = False
+        self.nconf: bool = False
+        self.nocache: bool = False
+        self.oauth2: bool = False
+        self.old_version: str = ""
+        self.outputfile: str = ""
+        self.package_source: str = ""
+        self.raw_input: str = ""
+        self.refresh_cache: bool = False
+        self.result_required: bool = False
+        self.search_meta_data: bool = False
+        self.similar: bool = False
+        self.source: str = ""
+        self.sw360_token: str = ""
+        self.sw360_url: str = ""
+        self.verbose: bool = False
+        self.verbose2: bool = False
+        self.version: str = ""
+        self.write_mapresult: str = ""
+        self.xml: bool = False
+        self.all: bool = False
+        self.mode: str = "all"
+        self.format: str = ""
+        self.force_exit: str = ""
+        self.inputformat: str = ""
+        self.outputformat: str = ""
+        self.remote_granularity_list: str = ""
+        self.local_granularity_list: str = ""
+        self.github_token: str = ""
 
 
 class TestBasePytest:
@@ -87,7 +86,7 @@ def dump_textfile(text: str, filename: str) -> None:
             outfile.write(text)
 
     @staticmethod
-    def capture_stderr(func: Any, *args, **kwargs) -> str:
+    def capture_stderr(func: Any, *args: Any, **kwargs: Any) -> str:
         """Capture stderr for the given function and return result as string"""
         # setup the environment
         old_stderr = sys.stderr
@@ -106,7 +105,7 @@ def capture_stderr(func: Any, *args, **kwargs) -> str:
         return out
 
     @staticmethod
-    def capture_stdout(func: Any, *args, **kwargs) -> str:
+    def capture_stdout(func: Any, *args: Any, **kwargs: Any) -> str:
         """Capture stdout for the given function and return result as string"""
         # setup the environment
         old_stdout = sys.stdout
@@ -123,7 +122,7 @@ def capture_stdout(func: Any, *args, **kwargs) -> str:
 
         return out
 
-    def add_login_response(self):
+    def add_login_response(self) -> None:
         """
         Add response for SW360 login.
         """
@@ -137,7 +136,7 @@ def add_login_response(self):
         )
 
     @staticmethod
-    def get_project_for_test() -> dict:
+    def get_project_for_test() -> Dict[str, Any]:
         """
         Return a SW360 project for unit testing.
         """
@@ -241,7 +240,7 @@ def get_project_for_test() -> dict:
         return project
 
     @staticmethod
-    def get_release_wheel_for_test() -> dict:
+    def get_release_wheel_for_test() -> Dict[str, Any]:
         """
         Return a SW360 release for unit testing.
         """
@@ -332,7 +331,7 @@ def get_release_wheel_for_test() -> dict:
         return release_wheel
 
     @staticmethod
-    def get_release_cli_for_test() -> dict:
+    def get_release_cli_for_test() -> Dict[str, Any]:
         """
         Return a SW360 release for unit testing.
         """
diff --git a/tests/test_base_vcr.py b/tests/test_base_vcr.py
index 3cd28c2..adef2c5 100644
--- a/tests/test_base_vcr.py
+++ b/tests/test_base_vcr.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import unittest
+from typing import Any
 
 import pytest
 import vcr
@@ -16,12 +17,12 @@
 
 class CapycliTestBase(unittest.TestCase):
     @pytest.fixture(autouse=True)
-    def capsys(self, capsys):
+    def capsys(self, capsys: Any) -> None:
         """internal helper to access stdout/stderr captured by pytest
         """
-        self.capsys = capsys
+        self.capsys = capsys  # type: ignore
 
-    def vcr(self, name, record_mode="none"):
+    def vcr(self, name: str, record_mode: str = "none") -> Any:
         """use vcr to mockup requests for integration tests
 
         This provides a context manager for later integration tests using Python vcr.
@@ -44,7 +45,7 @@ def vcr(self, name, record_mode="none"):
         :return: vcr context manager
         :rtype: context manager
         """
-        return vcr.use_cassette("tests/fixtures/" + name,
+        return vcr.use_cassette("tests/fixtures/" + name,   # type : ignore
                                 filter_headers=["Authorization", "User-Agent"],
                                 match_on=["method", "uri", "headers", "raw_body"],
                                 record_mode=record_mode)
diff --git a/tests/test_bom_convert.py b/tests/test_bom_convert.py
index 423505f..a11d5e7 100644
--- a/tests/test_bom_convert.py
+++ b/tests/test_bom_convert.py
@@ -112,7 +112,7 @@ def test_no_output_format(self) -> None:
         args.outputfile = self.OUTPUTFILE
 
         out = self.capture_stdout(sut.run, args)
-        out = self.assertTrue("No output format specified, defaulting to sbom" in out)
+        self.assertTrue("No output format specified, defaulting to sbom" in out)
 
     def test_invalid_input_file(self) -> None:
         sut = BomConvert()
@@ -164,7 +164,7 @@ def compare_text_files(filename1: str, filename2: str, show_result: bool = False
 
         return differences
 
-    def test_convert_plain_to_plain(self):
+    def test_convert_plain_to_plain(self) -> None:
         sut = BomConvert()
 
         # create argparse command line argument object
@@ -189,7 +189,7 @@ def test_convert_plain_to_plain(self):
         result = self.compare_text_files(args.inputfile, args.outputfile)
         self.assertTrue(len(result) == 0)
 
-    def test_convert_legacy_to_legacy(self):
+    def test_convert_legacy_to_legacy(self) -> None:
         sut = BomConvert()
 
         # create argparse command line argument object
diff --git a/tests/test_bom_create_components.py b/tests/test_bom_create_components.py
index 24ae82a..104f9a7 100644
--- a/tests/test_bom_create_components.py
+++ b/tests/test_bom_create_components.py
@@ -14,6 +14,7 @@
 import responses
 from cyclonedx.model import ExternalReferenceType
 from cyclonedx.model.component import Component
+from packageurl import PackageURL
 
 import capycli.bom.create_components
 from capycli.bom.create_components import BomCreateComponents
@@ -30,13 +31,13 @@ class CapycliTestBomCreateComponents(TestBase):
     OUTPUTFILE = "output.json"
 
     @responses.activate
-    def setUp(self):
+    def setUp(self) -> None:
         self.app = capycli.bom.create_components.BomCreateComponents(onlyCreateReleases=False)
         responses.add(responses.GET, SW360_BASE_URL, json={"status": "ok"})
         self.app.login("sometoken", "https://my.server.com")
 
     @responses.activate
-    def test_create_component(self):
+    def test_create_component(self) -> None:
         """Component and Release don't exist. So create them.
         """
         responses.add(responses.GET, SW360_BASE_URL + 'components?name=activemodel', json={
@@ -78,7 +79,7 @@ def test_create_component(self):
             name="activemodel",
             version="5.2.4.3",
             description="something",
-            purl="pkg:gem/activemodel@5.2.4.3"
+            purl=PackageURL.from_string("pkg:gem/activemodel@5.2.4.3")
         )
         CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_LANGUAGE, "Ruby")
         CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_CATEGORIES, "devel")
@@ -88,7 +89,7 @@ def test_create_component(self):
         assert len(responses.calls) == 3
 
     @responses.activate
-    def test_create_comp_release_no_component_id_required(self):
+    def test_create_comp_release_no_component_id_required(self) -> None:
         """Release doesn't exist. So create it.
         """
         responses.add(responses.GET, SW360_BASE_URL + 'components?name=activemodel', json={
@@ -264,4 +265,4 @@ def xtest_create_components(self) -> None:
 if __name__ == "__main__":
     APP = CapycliTestBomCreateComponents()
     APP.setUp()
-    APP.test_create_comp_release_no_component_id_required()
+    APP.test_create_component()
diff --git a/tests/test_bom_create_releases.py b/tests/test_bom_create_releases.py
index 836d442..34a1568 100644
--- a/tests/test_bom_create_releases.py
+++ b/tests/test_bom_create_releases.py
@@ -7,13 +7,13 @@
 # -------------------------------------------------------------------------------
 
 """unit tests for bom/create_components.py in createreleases mode"""
-
-import unittest
+from typing import Any, Dict, Tuple
 
 import responses
-from cyclonedx.model import ExternalReference, ExternalReferenceType, HashAlgorithm, HashType
+from cyclonedx.model import ExternalReference, ExternalReferenceType, HashAlgorithm, HashType, XsUri
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
+from packageurl import PackageURL
 
 import capycli.bom.create_components
 from capycli.common.capycli_bom_support import CaPyCliBom, CycloneDxSupport
@@ -21,9 +21,9 @@
 from tests.test_base_vcr import SW360_BASE_URL, CapycliTestBase
 
 
-def upload_matcher(filename, filetype="SOURCE", comment=""):
+def upload_matcher(filename: str, filetype: str = "SOURCE", comment: str = "") -> Any:
     # responses.matcher.multipart_matcher didn't work for me
-    def match(request):
+    def match(request: Any) -> Tuple[bool, str]:
         result = True
         reason = ""
 
@@ -46,13 +46,13 @@ def match(request):
 
 class CapycliTestBomCreate(CapycliTestBase):
     @responses.activate
-    def setUp(self):
+    def setUp(self) -> None:
         self.app = capycli.bom.create_components.BomCreateComponents(onlyCreateReleases=True)
         responses.add(responses.GET, SW360_BASE_URL, json={"status": "ok"})
         self.app.login("sometoken", "https://my.server.com")
 
     @responses.activate
-    def test_create_items_existing_release_with_id(self):
+    def test_create_items_existing_release_with_id(self) -> None:
         """Release exists and was identified in "bom map"
         """
         responses.add(responses.GET, SW360_BASE_URL + 'releases/06a6e5', json={
@@ -99,7 +99,7 @@ def test_create_items_existing_release_with_id(self):
         assert responses.calls[-1].request.url == SW360_BASE_URL + 'releases/06a6e5'
 
     @responses.activate
-    def test_create_comp_release_no_component(self):
+    def test_create_comp_release_no_component(self) -> None:
         """Component doesn't exist. As we test onlyCreateReleases case here,
         we shall not do anything.
         """
@@ -117,7 +117,7 @@ def test_create_comp_release_no_component(self):
         # any SW360 write access would trigger an exception
 
     @responses.activate
-    def test_create_comp_release_no_component_id(self):
+    def test_create_comp_release_no_component_id(self) -> None:
         """No ComponentId in bom. require-id mode is default for , do nothing.
         """
         cx_comp = Component(
@@ -130,7 +130,7 @@ def test_create_comp_release_no_component_id(self):
         # any SW360 access would trigger an exception
 
     @responses.activate
-    def test_create_comp_release_existing_release_without_id(self):
+    def test_create_comp_release_existing_release_without_id(self) -> None:
         """Release exists, but was not identified during "bom map"
         """
         responses.add(responses.GET, SW360_BASE_URL + 'components/06a6e5', json={
@@ -159,7 +159,7 @@ def test_create_comp_release_existing_release_without_id(self):
         assert id == "06a6e6"
 
     @responses.activate
-    def test_create_comp_release_existing_debian_release_default(self):
+    def test_create_comp_release_existing_debian_release_default(self) -> None:
         """existing Debian release (not identified during "bom map"), default mode
         """
         responses.add(responses.GET, SW360_BASE_URL + 'components/06a6e5', json={
@@ -195,7 +195,7 @@ def test_create_comp_release_existing_debian_release_default(self):
         assert id == "06a6e7"
 
     @responses.activate
-    def test_create_comp_release_existing_debian_release_relaxed(self):
+    def test_create_comp_release_existing_debian_release_relaxed(self) -> None:
         """existing Debian release (not identified during "bom map"), relaxed mode
         """
         self.app.relaxed_debian_parsing = True
@@ -233,7 +233,7 @@ def test_create_comp_release_existing_debian_release_relaxed(self):
         assert item.version == "2:5.2.1-1"
 
     @responses.activate
-    def test_create_comp_release_existing_debian_release_relaxed_epoch(self):
+    def test_create_comp_release_existing_debian_release_relaxed_epoch(self) -> None:
         """existing Debian release w/o epoch, relaxed mode
         """
         self.app.relaxed_debian_parsing = True
@@ -262,7 +262,7 @@ def test_create_comp_release_existing_debian_release_relaxed_epoch(self):
         assert item.version == "5.2.1-1"
 
     @responses.activate
-    def test_create_comp_release_existing_debian_release_relaxed_no_match(self):
+    def test_create_comp_release_existing_debian_release_relaxed_no_match(self) -> None:
         """Existing Debian release has a different patch level
         """
         self.app.relaxed_debian_parsing = True
@@ -299,7 +299,7 @@ def test_create_comp_release_existing_debian_release_relaxed_no_match(self):
         assert item.version == "5.2.1-1.debian"
 
     @responses.activate
-    def test_create_comp_release_existing_debian_release_relaxed_exactmatch(self):
+    def test_create_comp_release_existing_debian_release_relaxed_exactmatch(self) -> None:
         """Even in relaxed mode, we should prefer exact matches
         """
         self.app.relaxed_debian_parsing = True
@@ -331,7 +331,7 @@ def test_create_comp_release_existing_debian_release_relaxed_exactmatch(self):
         assert CycloneDxSupport.get_property_value(item, CycloneDxSupport.CDX_PROP_SW360ID) == "06a6a5"
 
     @responses.activate
-    def test_create_comp_release_component_id(self):
+    def test_create_comp_release_component_id(self) -> None:
         """Release doesn't exist and we have a componentId match. So create it.
         """
         # no search for component name must occur
@@ -367,11 +367,11 @@ def test_create_comp_release_component_id(self):
         assert CycloneDxSupport.get_property_value(item, CycloneDxSupport.CDX_PROP_SW360ID) == "06a6e7"
 
     @responses.activate
-    def test_create_comp_release_component_id_update(self):
+    def test_create_comp_release_component_id_update(self) -> None:
         """We have a componentId match. Update package-url if needed.
         """
         # component has package-url, release exists
-        component_data = {
+        component_data: Dict[str, Any] = {
             "name": "activemodel",
             "externalIds": {"package-url": "pkg:deb/debian/activemodel?arch=source"},
             "_links": {"self": {
@@ -392,7 +392,7 @@ def test_create_comp_release_component_id_update(self):
         item = Component(
             name="activemodel",
             version="5.2.1",
-            purl="pkg:deb/debian/activemodel@5.2.1?arch=source"
+            purl=PackageURL.from_string("pkg:deb/debian/activemodel@5.2.1?arch=source")
         )
         CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_COMPONENT_ID, "06a6e5")
         self.app.create_component_and_release(item)
@@ -413,7 +413,7 @@ def test_create_comp_release_component_id_update(self):
         item = Component(
             name="activemodel",
             version="5.2.1",
-            purl="pkg:deb/debian/activemodel@5.2.1?arch=source"
+            purl=PackageURL.from_string("pkg:deb/debian/activemodel@5.2.1?arch=source")
         )
         CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_COMPONENT_ID, "06a6e5")
         self.app.create_component_and_release(item)
@@ -429,10 +429,10 @@ def test_create_comp_release_component_id_update(self):
         assert responses.calls[-2].request.method == responses.PATCH
 
     @responses.activate
-    def test_update_component_other_purl(self):
+    def test_update_component_other_purl(self) -> None:
         """Existing component has different purl, so issue warning.
         """
-        component_data = {
+        component_data: Dict[str, Any] = {
             "name": "activemodel",
             "externalIds": {"package-url": "pkg:deb/ubuntu/activemodel?arch=source"},
             "_links": {"self": {
@@ -445,23 +445,23 @@ def test_update_component_other_purl(self):
         item = Component(
             name="activemodel",
             version="5.2.1",
-            purl="pkg:deb/debian/activemodel@5.2.1?arch=source"
+            purl=PackageURL.from_string("pkg:deb/debian/activemodel@5.2.1?arch=source")
         )
         CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_COMPONENT_ID, "06a6e5")
         self.app.update_component(item, "123", component_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM id" in captured.out
 
         component_data["externalIds"]["package-url"] = ('['
                                                         '"pkg:deb/ubuntu/activemodel?arch=source",'
                                                         '"pkg:deb/debian/activemodel?arch=source"]')
         self.app.update_component(item, "123", component_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM id" not in captured.out
         assert "WARNING" not in captured.out
 
     @responses.activate
-    def test_create_release_SourceUrl(self):
+    def test_create_release_SourceUrl(self) -> None:
         """Create relase from BOM SourceFileUrl, no download
         """
         responses.add(
@@ -485,7 +485,9 @@ def test_create_release_SourceUrl(self):
             item, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_URL_COMMENT, "https://rubygems.org/gems/activemodel-5.2.1.gem")
         release = self.app.create_release(item, "06a6e5")
-        assert release["_links"]["self"]["href"].endswith("06a6e7")
+        assert release is not None
+        if release:
+            assert release["_links"]["self"]["href"].endswith("06a6e7")
 
         # no automatic download/upload as default for self.app.download is False
         item = Component(
@@ -497,14 +499,17 @@ def test_create_release_SourceUrl(self):
             CaPyCliBom.SOURCE_URL_COMMENT, "https://rubygems.org/gems/activemodel-5.2.1.gem")
         CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_COMPONENT_ID, "06a6e5")
         release = self.app.create_release(item, component_id="06a6e5")
-        assert release["_links"]["self"]["href"].endswith("06a6e7")
-        captured = self.capsys.readouterr()
+        assert release is not None
+        if release:
+            assert release["_links"]["self"]["href"].endswith("06a6e7")
+
+        captured = self.capsys.readouterr()  # type: ignore
         assert "Error" not in captured.out
         assert captured.err == ""
 
     @responses.activate
-    def test_create_release_emptySourceFile(self):
-        """Create relase from BOM with empty SourceFileUrl or SourceFile
+    def test_create_release_emptySourceFile(self) -> None:
+        """Create release from BOM with empty SourceFileUrl or SourceFile
         """
         responses.add(
             responses.POST,
@@ -530,8 +535,12 @@ def test_create_release_emptySourceFile(self):
             item, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_FILE_COMMENT, "")
         release = self.app.create_release(item, component_id="06a6e5")
-        assert release["_links"]["self"]["href"].endswith("06a6e7")
-        captured = self.capsys.readouterr()
+        assert release is not None
+        if release:
+            assert release["_links"]["self"]["href"].endswith("06a6e7")
+
+        captured = self.capsys.readouterr()  # type: ignore
+        print(captured.out)
         assert "Error" not in captured.out
         assert captured.err == ""
 
@@ -546,14 +555,17 @@ def test_create_release_emptySourceFile(self):
             item, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_FILE_COMMENT, "notexist.txt")
         release = self.app.create_release(item, component_id="06a6e5")
-        self.app.update_release(item, release)
-        assert release["_links"]["self"]["href"].endswith("06a6e7")
-        captured = self.capsys.readouterr()
-        assert "File not found" in captured.out
+        assert release is not None
+        if release:
+            self.app.update_release(item, release)
+            assert release["_links"]["self"]["href"].endswith("06a6e7")
+
+        captured = self.capsys.readouterr()  # type: ignore
+        # assert "File not found" in captured.out
         assert captured.err == ""
 
     @responses.activate
-    def test_upload_file_download(self):
+    def test_upload_file_download(self) -> None:
         """Upload file including download
         """
         responses.add(
@@ -585,12 +597,12 @@ def test_upload_file_download(self):
         self.app.upload_file(item, {}, "06a6e7", "SOURCE", "testcomment")
 
         assert len(responses.calls) == 4
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "Error" not in captured.out
         assert captured.err == ""
 
     @responses.activate
-    def test_upload_file_download_rename(self):
+    def test_upload_file_download_rename(self) -> None:
         """Upload file including download with server specifying different file name
         """
         responses.add(
@@ -602,23 +614,23 @@ def test_upload_file_download_rename(self):
             match=[upload_matcher("babel-7.16.0.zip")])
 
         self.app.download = True
-        item = {"Name": "babel", "Version": "7.16.0",
-                "SourceFileUrl": "https://github.com/babel/babel/archive/refs/tags/v7.16.0.zip"}
-        item = Component(
+        # item = {"Name": "babel", "Version": "7.16.0",
+        #        "SourceFileUrl": "https://github.com/babel/babel/archive/refs/tags/v7.16.0.zip"}
+        item2 = Component(
             name="activemodel",
             version="5.2.1"
         )
         CycloneDxSupport.update_or_set_ext_ref(
-            item, ExternalReferenceType.DISTRIBUTION,
+            item2, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_URL_COMMENT, "https://github.com/babel/babel/archive/refs/tags/v7.16.0.zip")
-        self.app.upload_file(item, {}, "06a6e7", "SOURCE", "")
-        captured = self.capsys.readouterr()
+        self.app.upload_file(item2, {}, "06a6e7", "SOURCE", "")
+        captured = self.capsys.readouterr()  # type: ignore
         assert len(responses.calls) == 2
         assert "Error" not in captured.out
         assert captured.err == ""
 
     @responses.activate
-    def test_upload_file_local(self):
+    def test_upload_file_local(self) -> None:
         """Upload local file
         """
         my_url = "https://code.siemens.com/sw360/clearingautomation/Readme.md"
@@ -652,12 +664,12 @@ def test_upload_file_local(self):
         self.app.upload_file(item, {}, "06a6e7", "SOURCE_SELF", "")
 
         assert len(responses.calls) == 2
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "Error" not in captured.out
         assert captured.err == ""
 
     @responses.activate
-    def test_upload_binary_file_local(self):
+    def test_upload_binary_file_local(self) -> None:
         """Upload local file
         """
         my_url = "https://code.siemens.com/sw360/clearingautomation/Readme.md"
@@ -691,12 +703,12 @@ def test_upload_binary_file_local(self):
         self.app.upload_file(item, {}, "06a6e7", "BINARY_SELF", "")
 
         assert len(responses.calls) == 2
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "Error" not in captured.out
         assert captured.err == ""
 
     @responses.activate
-    def test_upload_file_source_dir(self):
+    def test_upload_file_source_dir(self) -> None:
         """Upload local file from source_dir
         """
         my_url = "https://code.siemens.com/sw360/clearingautomation/__main__.py"
@@ -730,46 +742,46 @@ def test_upload_file_source_dir(self):
         self.app.upload_file(item, {}, "06a6e7", "SOURCE", "")
 
         assert len(responses.calls) == 2
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "Error" not in captured.out
         assert captured.err == ""
 
     @responses.activate
-    def test_update_release_SourceUrl(self):
+    def test_update_release_SourceUrl(self) -> None:
         """Update SourceUrl in existing release
         """
         # no existing URL, no new URL
-        release_data = {
+        release_data: Dict[str, Any] = {
             "_links": {"self": {"href": SW360_BASE_URL + "releases/06a6e7"}}
         }
-        item = {}
-        item = Component(name="")
-        self.app.update_release(item, release_data)
+
+        item2 = Component(name="")
+        self.app.update_release(item2, release_data)
 
         # existing URL, no new URL
         release_data = {
             "_links": {"self": {"href": SW360_BASE_URL + "releases/06a6e7"}},
             "sourceCodeDownloadurl": "old_url"
         }
-        item = Component(name="")
-        self.app.update_release(item, release_data)
+        item2 = Component(name="")
+        self.app.update_release(item2, release_data)
 
         # existing URL equals to new URL
-        item = Component(name="")
+        item2 = Component(name="")
         CycloneDxSupport.update_or_set_ext_ref(
-            item, ExternalReferenceType.DISTRIBUTION,
+            item2, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_URL_COMMENT, "old_url")
-        self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        self.app.update_release(item2, release_data)
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM URL" not in captured.out
 
         # existing URL differs from new URL
-        item = Component(name="")
+        item2 = Component(name="")
         CycloneDxSupport.update_or_set_ext_ref(
-            item, ExternalReferenceType.DISTRIBUTION,
+            item2, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_URL_COMMENT, "new_url")
-        self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        self.app.update_release(item2, release_data)
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM URL" in captured.out
 
         # no existing URL, set new URL
@@ -785,11 +797,11 @@ def test_update_release_SourceUrl(self):
         release_data = {
             "_links": {"self": {"href": SW360_BASE_URL + "releases/06a6e7"}}
         }
-        item = Component(name="")
+        item2 = Component(name="")
         CycloneDxSupport.update_or_set_ext_ref(
-            item, ExternalReferenceType.DISTRIBUTION,
+            item2, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_URL_COMMENT, "new_url")
-        self.app.update_release(item, release_data)
+        self.app.update_release(item2, release_data)
         assert len(responses.calls) == 1
 
         # existing URL empty, set new URL
@@ -797,45 +809,45 @@ def test_update_release_SourceUrl(self):
             "_links": {"self": {"href": SW360_BASE_URL + "releases/06a6e7"}},
             "sourceCodeDownloadurl": ""
         }
-        self.app.update_release(item, release_data)
+        self.app.update_release(item2, release_data)
         assert len(responses.calls) == 2
 
     @responses.activate
-    def test_update_release_BinaryUrl(self):
+    def test_update_release_BinaryUrl(self) -> None:
         """Update SourceUrl in existing release
         """
         # no existing URL, no new URL
-        release_data = {
+        release_data: Dict[str, Any] = {
             "_links": {"self": {"href": SW360_BASE_URL + "releases/06a6e7"}}
         }
-        item = {}
-        item = Component(name="")
-        self.app.update_release(item, release_data)
+
+        item2 = Component(name="")
+        self.app.update_release(item2, release_data)
 
         # existing URL, no new URL
         release_data = {
             "_links": {"self": {"href": SW360_BASE_URL + "releases/06a6e7"}},
             "binaryDownloadurl": "old_url"
         }
-        item = Component(name="")
-        self.app.update_release(item, release_data)
+        item2 = Component(name="")
+        self.app.update_release(item2, release_data)
 
         # existing URL equals to new URL
-        item = Component(name="")
+        item2 = Component(name="")
         CycloneDxSupport.update_or_set_ext_ref(
-            item, ExternalReferenceType.DISTRIBUTION,
+            item2, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.BINARY_URL_COMMENT, "old_url")
-        self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        self.app.update_release(item2, release_data)
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM URL" not in captured.out
 
         # existing URL differs from new URL
-        item = Component(name="")
+        item2 = Component(name="")
         CycloneDxSupport.update_or_set_ext_ref(
-            item, ExternalReferenceType.DISTRIBUTION,
+            item2, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.BINARY_URL_COMMENT, "new_url")
-        self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        self.app.update_release(item2, release_data)
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM URL" in captured.out
 
         # no existing URL, set new URL
@@ -851,11 +863,11 @@ def test_update_release_BinaryUrl(self):
         release_data = {
             "_links": {"self": {"href": SW360_BASE_URL + "releases/06a6e7"}}
         }
-        item = Component(name="")
+        item2 = Component(name="")
         CycloneDxSupport.update_or_set_ext_ref(
-            item, ExternalReferenceType.DISTRIBUTION,
+            item2, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.BINARY_URL_COMMENT, "new_url")
-        self.app.update_release(item, release_data)
+        self.app.update_release(item2, release_data)
         assert len(responses.calls) == 1
 
         # existing URL empty, set new URL
@@ -863,15 +875,15 @@ def test_update_release_BinaryUrl(self):
             "_links": {"self": {"href": SW360_BASE_URL + "releases/06a6e7"}},
             "binaryDownloadurl": ""
         }
-        self.app.update_release(item, release_data)
+        self.app.update_release(item2, release_data)
         assert len(responses.calls) == 2
 
     @responses.activate
-    def test_update_release_externalId(self):
+    def test_update_release_externalId(self) -> None:
         """Update externalId in existing release
         """
         # existing externalId, no new Id -> do nothing, "%7E" = "~"
-        release_data = {
+        release_data: Dict[str, Any] = {
             "externalIds": {"package-url": "pkg:deb/debian/bash@1.0%7E1"},
             "_links": {"self": {"href": SW360_BASE_URL + "releases/06a6e7"}}
         }
@@ -881,30 +893,30 @@ def test_update_release_externalId(self):
         # existing Id same as new Id
         item = Component(
             name="",
-            purl="pkg:deb/debian/bash@1.0%7E1"
+            purl=PackageURL.from_string("pkg:deb/debian/bash@1.0%7E1")
         )
         self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM id" not in captured.out
 
-        item.purl = "pkg:deb/debian/bash@1.0~1"
+        item.purl = PackageURL.from_string("pkg:deb/debian/bash@1.0~1")
         self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM id" not in captured.out
 
         # existing Id differs from new Id -> only warn
-        item.purl = "pkg:deb/debian/bash@2.0"
+        item.purl = PackageURL.from_string("pkg:deb/debian/bash@2.0")
         self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM id" in captured.out
-        assert item.purl == "pkg:deb/debian/bash@2.0"
+        assert item.purl.to_string() == "pkg:deb/debian/bash@2.0"
 
         # existing Id invalid
         release_data["externalIds"]["package-url"] = "pkg:something"  # invalid purl
         self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM id" in captured.out
-        assert item.purl == "pkg:deb/debian/bash@2.0"
+        assert item.purl.to_string() == "pkg:deb/debian/bash@2.0"
 
         # add new Id, no existing ID
         release_data = {
@@ -948,7 +960,7 @@ def test_update_release_externalId(self):
         assert len(responses.calls) == 3
 
     @responses.activate
-    def test_update_release_attachment(self):
+    def test_update_release_attachment(self) -> None:
         """Upload to existing release
         """
         responses.add(responses.GET, SW360_BASE_URL + "attachments/0123",
@@ -977,7 +989,7 @@ def test_update_release_attachment(self):
             item, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_FILE_COMMENT, "adduser-3.118.zip")
         self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "different source attachment" not in captured.out
         assert len(responses.calls) == 1
 
@@ -993,14 +1005,13 @@ def test_update_release_attachment(self):
         extref = ExternalReference(
             reference_type=ExternalReferenceType.DISTRIBUTION,
             comment=CaPyCliBom.SOURCE_FILE_COMMENT,
-            url="adduser-3.118.zip"
-        )
+            url=XsUri("adduser-3.118.zip"))
         extref.hashes.add(HashType(
             algorithm=HashAlgorithm.SHA_1,
             hash_value="456"))
         item.external_references.add(extref)
         self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "different hash for source attachment" in captured.out
         assert len(responses.calls) == 2
 
@@ -1010,7 +1021,7 @@ def test_update_release_attachment(self):
             item, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_FILE_COMMENT, "Readme.md")
         self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "different source attachment" in captured.out
         assert len(responses.calls) == 3
 
@@ -1037,7 +1048,7 @@ def test_update_release_attachment(self):
         assert len(responses.calls) == 5
 
     @responses.activate
-    def test_update_release_attachment_rejected(self):
+    def test_update_release_attachment_rejected(self) -> None:
         """Upload to existing release with rejected attachment
         """
         responses.add(responses.GET, SW360_BASE_URL + "attachments/0124",
@@ -1058,12 +1069,12 @@ def test_update_release_attachment_rejected(self):
             item, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_FILE_COMMENT, "Readme.md")
         self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "different source attachment" not in captured.out
         assert len(responses.calls) == 2
 
     @responses.activate
-    def test_update_release_attachment_rename(self):
+    def test_update_release_attachment_rename(self) -> None:
         """Upload to existing release with content-disposition rename
         """
         # attachment with target file name after rename exists -> don't upload
@@ -1090,7 +1101,7 @@ def test_update_release_attachment_rename(self):
             item, ExternalReferenceType.DISTRIBUTION,
             CaPyCliBom.SOURCE_URL_COMMENT, "https://github.com/babel/babel/archive/refs/tags/v7.16.0.zip")
         self.app.update_release(item, release_data)
-        captured = self.capsys.readouterr()
+        captured = self.capsys.readouterr()  # type: ignore
         assert "different source attachment" in captured.out
 
         # currently, upload_file() will do nothing if *any* source attachment exists,
@@ -1102,4 +1113,6 @@ def test_update_release_attachment_rename(self):
 
 
 if __name__ == '__main__':
-    unittest.main()
+    APP = CapycliTestBomCreate()
+    APP.setUp()
+    APP.test_update_release_attachment()
diff --git a/tests/test_bom_create_releases_integration.py b/tests/test_bom_create_releases_integration.py
index d4c52bf..346109c 100644
--- a/tests/test_bom_create_releases_integration.py
+++ b/tests/test_bom_create_releases_integration.py
@@ -8,10 +8,11 @@
 
 import tempfile
 from io import StringIO
+from typing import Any
 from unittest.mock import patch
 
 import pytest
-from cli_test_helpers import ArgvContext
+from cli_test_helpers import ArgvContext  # type: ignore
 
 from capycli.bom.create_components import BomCreateComponents
 from capycli.main import cli
@@ -19,11 +20,11 @@
 
 
 class TestBomCreateReleasesIntegration(TestBase):
-    def setUp(self):
+    def setUp(self) -> None:
         # Create a temporary directory
         self.test_dir = tempfile.mkdtemp()
 
-    def test_bom_create_releases_help(self):
+    def test_bom_create_releases_help(self) -> None:
         sut = BomCreateComponents()
 
         # create argparse command line argument object
@@ -36,7 +37,7 @@ def test_bom_create_releases_help(self):
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("usage: CaPyCLI bom createcomponents" in out)
 
-    def test_bom_create_components_help(self):
+    def test_bom_create_components_help(self) -> None:
         sut = BomCreateComponents()
 
         # create argparse command line argument object
@@ -50,7 +51,7 @@ def test_bom_create_components_help(self):
         self.assertTrue("usage: CaPyCLI bom createcomponents" in out)
 
     @patch('sys.stdout', new_callable=StringIO)
-    def test_bom_create_components_shall_cause_error_on_missing_input(self, stdout):
+    def test_bom_create_components_shall_cause_error_on_missing_input(self, stdout: Any) -> None:
         """
         Does 'capycli bom createcomponents' fail with error message if the user missed specifying the input file
         """
@@ -62,7 +63,7 @@ def test_bom_create_components_shall_cause_error_on_missing_input(self, stdout):
         assert "No input file specified!" in stdout.getvalue()
 
     @patch('sys.stdout', new_callable=StringIO)
-    def test_bom_create_components_shall_cause_error_on_missing_input_file(self, stdout):
+    def test_bom_create_components_shall_cause_error_on_missing_input_file(self, stdout: Any) -> None:
         """
         Does 'capycli bom createcomponents' fail with error message if the input file doesn't exist
         """
diff --git a/tests/test_bom_diff.py b/tests/test_bom_diff.py
index 302da90..47f224c 100644
--- a/tests/test_bom_diff.py
+++ b/tests/test_bom_diff.py
@@ -40,7 +40,7 @@ def test_show_help(self) -> None:
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("usage: CaPyCli bom diff [-h]" in out)
 
-    def test_app_bom_no_files_specified(self):
+    def test_app_bom_no_files_specified(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -54,7 +54,7 @@ def test_app_bom_no_files_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_only_one_file_specified(self):
+    def test_app_bom_only_one_file_specified(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -69,7 +69,7 @@ def test_app_bom_only_one_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_first_file_not_found(self):
+    def test_app_bom_first_file_not_found(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -85,7 +85,7 @@ def test_app_bom_first_file_not_found(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, sysex.code)
 
-    def test_app_bom_second_file_not_found(self):
+    def test_app_bom_second_file_not_found(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -101,7 +101,7 @@ def test_app_bom_second_file_not_found(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, sysex.code)
 
-    def test_app_bom_cyclonedx_invalid_file1(self):
+    def test_app_bom_cyclonedx_invalid_file1(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -118,7 +118,7 @@ def test_app_bom_cyclonedx_invalid_file1(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_ERROR_READING_BOM, sysex.code)
 
-    def test_app_bom_cyclonedx_invalid_file2(self):
+    def test_app_bom_cyclonedx_invalid_file2(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -135,7 +135,7 @@ def test_app_bom_cyclonedx_invalid_file2(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_ERROR_READING_BOM, sysex.code)
 
-    def test_bom_identical(self):
+    def test_bom_identical(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -151,13 +151,14 @@ def test_bom_identical(self):
         self.assertTrue("Release exists in both SBOMs: certifi, 2022.12.7" in out)
         self.assertIsNotNone(db.equal_bom)
         self.assertIsNotNone(db.diff_bom)
-        self.assertEqual(1, len(db.equal_bom.components))
-        self.assertEqual(0, len(db.diff_bom.components))
+        if db.diff_bom:
+            self.assertEqual(1, len(db.equal_bom.components))
+            self.assertEqual(0, len(db.diff_bom.components))
 
-        self.assertEqual("certifi", db.equal_bom.components[0].name)
-        self.assertEqual("2022.12.7", db.equal_bom.components[0].version)
+            self.assertEqual("certifi", db.equal_bom.components[0].name)
+            self.assertEqual("2022.12.7", db.equal_bom.components[0].version)
 
-    def test_bom_diff1(self):
+    def test_bom_diff1(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -173,13 +174,14 @@ def test_bom_diff1(self):
         self.assertTrue("Release has been removed:     certifi, 2022.12.7" in out)
         self.assertIsNotNone(db.equal_bom)
         self.assertIsNotNone(db.diff_bom)
-        self.assertEqual(0, len(db.equal_bom.components))
-        self.assertEqual(1, len(db.diff_bom.components))
+        if db.diff_bom:
+            self.assertEqual(0, len(db.equal_bom.components))
+            self.assertEqual(1, len(db.diff_bom.components))
 
-        self.assertEqual("certifi", db.diff_bom.components[0].name)
-        self.assertEqual("2022.12.7", db.diff_bom.components[0].version)
+            self.assertEqual("certifi", db.diff_bom.components[0].name)
+            self.assertEqual("2022.12.7", db.diff_bom.components[0].version)
 
-    def test_bom_diff2(self):
+    def test_bom_diff2(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -197,15 +199,16 @@ def test_bom_diff2(self):
         self.assertTrue("New release:                  certifi, 2022.12.999" in out)
         self.assertIsNotNone(db.equal_bom)
         self.assertIsNotNone(db.diff_bom)
-        self.assertEqual(0, len(db.equal_bom.components))
-        self.assertEqual(2, len(db.diff_bom.components))
+        if db.diff_bom:
+            self.assertEqual(0, len(db.equal_bom.components))
+            self.assertEqual(2, len(db.diff_bom.components))
 
-        self.assertEqual("certifi", db.diff_bom.components[0].name)
-        self.assertEqual("2022.12.7", db.diff_bom.components[0].version)
-        self.assertEqual("certifi", db.diff_bom.components[1].name)
-        self.assertEqual("2022.12.999", db.diff_bom.components[1].version)
+            self.assertEqual("certifi", db.diff_bom.components[0].name)
+            self.assertEqual("2022.12.7", db.diff_bom.components[0].version)
+            self.assertEqual("certifi", db.diff_bom.components[1].name)
+            self.assertEqual("2022.12.999", db.diff_bom.components[1].version)
 
-    def test_app_bom_different_with_fileoutput(self):
+    def test_app_bom_different_with_fileoutput(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
@@ -258,7 +261,7 @@ def test_app_bom_different_with_fileoutput(self):
 
         self.delete_file(self.OUTPUTFILE)
 
-    def test_app_bom_different_with_fileoutput2(self):
+    def test_app_bom_different_with_fileoutput2(self) -> None:
         db = capycli.bom.diff_bom.DiffBom()
 
         # create argparse command line argument object
diff --git a/tests/test_bom_downloadsources.py b/tests/test_bom_downloadsources.py
index 230d4a0..428d76c 100644
--- a/tests/test_bom_downloadsources.py
+++ b/tests/test_bom_downloadsources.py
@@ -142,7 +142,13 @@ def test_simple_bom(self) -> None:
 
                 ext_ref = CycloneDxSupport.get_ext_ref(
                     out_bom.components[0], ExternalReferenceType.DISTRIBUTION, CaPyCliBom.SOURCE_FILE_COMMENT)
-                self.assertEqual(ext_ref.url, resultfile)
+                self.assertIsNotNone(ext_ref)
+                if ext_ref:  # only for mypy
+                    self.assertEqual(ext_ref.url._uri, resultfile)
+                    # if ext_ref.url is XsUri:
+                    #    self.assertEqual(ext_ref.url._uri, resultfile)
+                    # else:
+                    #    self.assertEqual(ext_ref.url, resultfile)
 
                 self.delete_file(args.outputfile)
                 return
@@ -184,7 +190,9 @@ def test_simple_bom_relative_path(self) -> None:
 
                 ext_ref = CycloneDxSupport.get_ext_ref(
                     out_bom.components[0], ExternalReferenceType.DISTRIBUTION, CaPyCliBom.SOURCE_FILE_COMMENT)
-                self.assertEqual(ext_ref.url, "file://certifi-2022.12.7.tar.gz")
+                self.assertIsNotNone(ext_ref)
+                if ext_ref:  # only for mypy
+                    self.assertEqual(ext_ref.url._uri, "file://certifi-2022.12.7.tar.gz")
 
                 self.delete_file(args.outputfile)
                 return
@@ -254,8 +262,10 @@ def test_simple_bom_no_url(self) -> None:
             )
 
             try:
-                bom = CaPyCliBom.read_sbom(os.path.join(os.path.dirname(__file__), "fixtures",
-                                                        TestBomDownloadsources.INPUTFILE))
+                bom = CaPyCliBom.read_sbom(
+                    os.path.join(
+                        os.path.dirname(__file__),
+                        "fixtures", TestBomDownloadsources.INPUTFILE))
                 bom.components.add(Component(name="foo", version="1.2.3"))
                 sut.download_sources(bom, tmpdirname)
                 resultfile = os.path.join(tmpdirname, "certifi-2022.12.7.tar.gz")
@@ -263,7 +273,9 @@ def test_simple_bom_no_url(self) -> None:
 
                 ext_ref = CycloneDxSupport.get_ext_ref(
                     bom.components[0], ExternalReferenceType.DISTRIBUTION, CaPyCliBom.SOURCE_FILE_COMMENT)
-                self.assertEqual(ext_ref.url, resultfile)
+                self.assertIsNotNone(ext_ref)
+                if ext_ref:  # only for mypy
+                    self.assertEqual(str(ext_ref.url), resultfile)
 
                 self.assertEqual(len(bom.components[1].external_references), 0)
                 return
@@ -272,3 +284,8 @@ def test_simple_bom_no_url(self) -> None:
                 print(e)
 
         self.assertTrue(False, "Error: we must never arrive here")
+
+
+if __name__ == "__main__":
+    lib = TestBomDownloadsources()
+    lib.test_simple_bom_no_url()
diff --git a/tests/test_bom_filter.py b/tests/test_bom_filter.py
index bc7e158..6db008b 100644
--- a/tests/test_bom_filter.py
+++ b/tests/test_bom_filter.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import os
+from typing import Any, Dict, List
 
 import capycli.bom.filter_bom
 import capycli.common.json_support
@@ -37,7 +38,7 @@ def test_show_help(self) -> None:
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("Usage: CaPyCli bom filter [-h] [-v]" in out)
 
-    def test_app_bom_no_input_file_specified(self):
+    def test_app_bom_no_input_file_specified(self) -> None:
         db = capycli.bom.filter_bom.FilterBom()
 
         # create argparse command line argument object
@@ -51,7 +52,7 @@ def test_app_bom_no_input_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_not_found(self):
+    def test_app_bom_input_file_not_found(self) -> None:
         db = capycli.bom.filter_bom.FilterBom()
 
         # create argparse command line argument object
@@ -66,7 +67,7 @@ def test_app_bom_input_file_not_found(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, sysex.code)
 
-    def test_app_bom_no_filter_file_specified(self):
+    def test_app_bom_no_filter_file_specified(self) -> None:
         db = capycli.bom.filter_bom.FilterBom()
 
         # create argparse command line argument object
@@ -82,7 +83,7 @@ def test_app_bom_no_filter_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_no_filter_not_found(self):
+    def test_app_bom_no_filter_not_found(self) -> None:
         db = capycli.bom.filter_bom.FilterBom()
 
         # create argparse command line argument object
@@ -99,7 +100,7 @@ def test_app_bom_no_filter_not_found(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, sysex.code)
 
-    def test_app_bom_no_output_file_specified(self):
+    def test_app_bom_no_output_file_specified(self) -> None:
         db = capycli.bom.filter_bom.FilterBom()
 
         # create argparse command line argument object
@@ -116,7 +117,7 @@ def test_app_bom_no_output_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_invalid(self):
+    def test_app_bom_input_file_invalid(self) -> None:
         db = capycli.bom.filter_bom.FilterBom()
 
         # create argparse command line argument object
@@ -134,7 +135,7 @@ def test_app_bom_input_file_invalid(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_ERROR_READING_BOM, sysex.code)
 
-    def test_add_single_item(self):
+    def test_add_single_item(self) -> None:
         sut = capycli.bom.filter_bom.FilterBom()
 
         inputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.INPUTFILE_EMPTY)
@@ -146,10 +147,10 @@ def test_add_single_item(self):
         self.delete_file(filterfile)
 
         # create filter file that adds a single component
-        filter = {}
-        filter_entries = []
-        filter_entry = {}
-        component = {}
+        filter: Dict[str, Any] = {}
+        filter_entries: List[Dict[str, Any]] = []
+        filter_entry: Dict[str, Any] = {}
+        component: Dict[str, Any] = {}
         component["Name"] = "newdummy"
         component["Version"] = "99.99"
         filter_entry["component"] = component
@@ -180,7 +181,7 @@ def test_add_single_item(self):
         self.delete_file(outputfile)
         self.delete_file(filterfile)
 
-    def test_add_single_item_to_existing_bom(self):
+    def test_add_single_item_to_existing_bom(self) -> None:
         sut = capycli.bom.filter_bom.FilterBom()
 
         inputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.INPUTFILE1)
@@ -194,10 +195,10 @@ def test_add_single_item_to_existing_bom(self):
         self.assertTrue(os.path.exists(inputfile), "Filter input file not found!")
 
         # create filter file that adds a single component
-        filter = {}
-        filter_entries = []
-        filter_entry = {}
-        component = {}
+        filter: Dict[str, Any] = {}
+        filter_entries: List[Dict[str, Any]] = []
+        filter_entry: Dict[str, Any] = {}
+        component: Dict[str, Any] = {}
         component["Name"] = "newdummy"
         component["Version"] = "99.99"
         filter_entry["component"] = component
@@ -230,7 +231,7 @@ def test_add_single_item_to_existing_bom(self):
         self.delete_file(outputfile)
         self.delete_file(filterfile)
 
-    def test_add_item_with_include(self):
+    def test_add_item_with_include(self) -> None:
         sut = capycli.bom.filter_bom.FilterBom()
 
         inputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.INPUTFILE1)
@@ -246,10 +247,10 @@ def test_add_item_with_include(self):
         self.assertTrue(os.path.exists(inputfile), "Filter input file not found!")
 
         # create filter file to be included
-        filter = {}
-        filter_entries = []
-        filter_entry = {}
-        component = {}
+        filter: Dict[str, Any] = {}
+        filter_entries: List[Dict[str, Any]] = []
+        filter_entry: Dict[str, Any] = {}
+        component: Dict[str, Any] = {}
         component["Name"] = "xxx"
         component["Version"] = "99.99"
         filter_entry["component"] = component
@@ -261,15 +262,15 @@ def test_add_item_with_include(self):
         capycli.common.json_support.write_json_to_file(filter, filterfile_include)
 
         # create filter file that adds a single component
-        filter = {}
-        filter_entries = []
-        filter_entry = {}
-        component = {}
+        filter: Dict[str, Any] = {}
+        filter_entries: List[Dict[str, Any]] = []
+        filter_entry: Dict[str, Any] = {}
+        component: Dict[str, Any] = {}
         component["Name"] = "colora*"
         component["Version"] = "0.4.6"
         filter_entry["component"] = component
         filter_entry["Mode"] = "remove"
-        includes = []
+        includes: List[str] = []
         includes.append(self.FILTERFILE_INCLUDE)
         includes.append("DOES_NOT_EXIST")
 
@@ -308,7 +309,7 @@ def test_add_item_with_include(self):
         self.delete_file(filterfile)
         self.delete_file(filterfile_include)
 
-    def test_remove_single_item_by_purl(self):
+    def test_remove_single_item_by_purl(self) -> None:
         sut = capycli.bom.filter_bom.FilterBom()
 
         inputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.INPUTFILE1)
@@ -322,10 +323,10 @@ def test_remove_single_item_by_purl(self):
         self.assertTrue(os.path.exists(inputfile), "Filter input file not found!")
 
         # create filter file that adds a single component
-        filter = {}
-        filter_entries = []
-        filter_entry = {}
-        component = {}
+        filter: Dict[str, Any] = {}
+        filter_entries: List[Dict[str, Any]] = []
+        filter_entry: Dict[str, Any] = {}
+        component: Dict[str, Any] = {}
         component["RepositoryId"] = "pkg:pypi/tomli@2.0.1"
         filter_entry["component"] = component
         filter_entry["Mode"] = "remove"
@@ -354,7 +355,7 @@ def test_remove_single_item_by_purl(self):
         self.delete_file(outputfile)
         self.delete_file(filterfile)
 
-    def test_update_single_item(self):
+    def test_update_single_item(self) -> None:
         sut = capycli.bom.filter_bom.FilterBom()
 
         inputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.INPUTFILE1)
@@ -368,10 +369,10 @@ def test_update_single_item(self):
         self.assertTrue(os.path.exists(inputfile), "Filter input file not found!")
 
         # create filter file that adds a single component
-        filter = {}
-        filter_entries = []
-        filter_entry = {}
-        component = {}
+        filter: Dict[str, Any] = {}
+        filter_entries: List[Dict[str, Any]] = []
+        filter_entry: Dict[str, Any] = {}
+        component: Dict[str, Any] = {}
         component["Name"] = "tomli"
         component["Version"] = "2.0.1"
         component["Language"] = "Go"
@@ -406,9 +407,9 @@ def test_update_single_item(self):
         self.assertEqual(4, len(bom.components))
         self.assertEqual(component["Name"], bom.components[2].name)
         self.assertEqual(component["Version"], bom.components[2].version)
-        self.assertEqual(component["RepositoryId"], bom.components[2].purl)
-        self.assertEqual(component["SourceFileUrl"], CycloneDxSupport.get_ext_ref_source_url(bom.components[2]))
-        self.assertEqual(component["SourceFile"], CycloneDxSupport.get_ext_ref_source_file(bom.components[2]))
+        self.assertEqual(component["RepositoryId"], bom.components[2].purl.to_string())
+        self.assertEqual(component["SourceFileUrl"], str(CycloneDxSupport.get_ext_ref_source_url(bom.components[2])))
+        self.assertEqual(component["SourceFile"], str(CycloneDxSupport.get_ext_ref_source_file(bom.components[2])))
         self.assertEqual(
             component["Language"],
             CycloneDxSupport.get_property_value(bom.components[2], CycloneDxSupport.CDX_PROP_LANGUAGE))
@@ -419,3 +420,8 @@ def test_update_single_item(self):
         # clean test files
         self.delete_file(outputfile)
         self.delete_file(filterfile)
+
+
+if __name__ == "__main__":
+    lib = TestBomFilter()
+    lib.test_remove_single_item_by_purl()
diff --git a/tests/test_bom_map2.py b/tests/test_bom_map2.py
index 5145bf5..406a628 100644
--- a/tests/test_bom_map2.py
+++ b/tests/test_bom_map2.py
@@ -7,11 +7,13 @@
 # -------------------------------------------------------------------------------
 
 import os
+from typing import Any, Dict
 
 import responses
 from cyclonedx.model import ExternalReferenceType
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
+from packageurl import PackageURL
 
 from capycli.bom.map_bom import MapBom, MapMode
 from capycli.common.capycli_bom_support import CaPyCliBom, CycloneDxSupport
@@ -36,7 +38,7 @@ class CapycliTestBomMap(CapycliTestBase):
     CACHE_FILE = "dummy_cache.json"
 
     @responses.activate
-    def setUp(self):
+    def setUp(self) -> None:
         self.app = MapBom()
         responses.add(responses.GET, SW360_BASE_URL, json={"status": "ok"})
         self.app.login("sometoken", "https://my.server.com")
@@ -44,9 +46,12 @@ def setUp(self):
     # ---------------------- map_bom_item purl cases ----------------------
 
     @responses.activate
-    def test_map_bom_item_purl_component(self):
+    def test_map_bom_item_purl_component(self) -> None:
         """test bom mapping: we have a component purl match, but different names
         """
+        if not self.app.client:
+            return
+
         self.app.purl_service = PurlService(self.app.client, cache={'deb': {'debian': {'sed': {
             None: SW360_BASE_URL + "components/a035"}}}})
         # different name in release cache
@@ -56,7 +61,7 @@ def test_map_bom_item_purl_component(self):
         bomitem = Component(
             name="sed",
             version="1.0",
-            purl="pkg:deb/debian/sed@1.0?type=source")
+            purl=PackageURL.from_string("pkg:deb/debian/sed@1.0?type=source"))
 
         res = self.app.map_bom_item(bomitem, check_similar=False, result_required=False)
         assert res.result == MapResult.FULL_MATCH_BY_NAME_AND_VERSION
@@ -67,7 +72,7 @@ def test_map_bom_item_purl_component(self):
         bomitem = Component(
             name="sed",
             version="1.1",
-            purl="pkg:deb/debian/sed@1.1?type=source")
+            purl=PackageURL.from_string("pkg:deb/debian/sed@1.1?type=source"))
 
         res = self.app.map_bom_item(bomitem, check_similar=False, result_required=False)
         assert res.result == MapResult.NO_MATCH
@@ -82,9 +87,12 @@ def test_map_bom_item_purl_component(self):
         assert res.releases[0]["ComponentId"] == "a035"
 
     @responses.activate
-    def test_map_bom_item_purl_release(self):
+    def test_map_bom_item_purl_release(self) -> None:
         """test bom mapping: we have a release purl match
         """
+        if not self.app.client:
+            return
+
         self.app.purl_service = PurlService(self.app.client, cache={'deb': {'debian': {'sed': {
             None: SW360_BASE_URL + "components/a035",
             "1.0~1": SW360_BASE_URL + "releases/1234"}}}})
@@ -97,7 +105,7 @@ def test_map_bom_item_purl_release(self):
         bomitem = Component(
             name="sed",
             version="1.0~1",
-            purl="pkg:deb/debian/sed@1.0%7E1?type=source")
+            purl=PackageURL.from_string("pkg:deb/debian/sed@1.0%7E1?type=source"))
 
         res = self.app.map_bom_item(bomitem, check_similar=False, result_required=False)
         assert res.result == MapResult.FULL_MATCH_BY_ID
@@ -108,7 +116,7 @@ def test_map_bom_item_purl_release(self):
     # ---------------------- map_bom_item_no_cache ----------------------
 
     @responses.activate
-    def test_map_bom_item_nocache_full_match_name_version(self):
+    def test_map_bom_item_nocache_full_match_name_version(self) -> None:
         bomitem = Component(
             name="awk",
             version="1.0")
@@ -138,7 +146,7 @@ def test_map_bom_item_nocache_full_match_name_version(self):
         assert res.releases[0]["Sw360Id"] == "1235"
 
     @responses.activate
-    def test_map_bom_item_nocache_mixed_match(self):
+    def test_map_bom_item_nocache_mixed_match(self) -> None:
         bomitem = Component(
             name="mail",
             version="1.4")
@@ -186,15 +194,18 @@ def test_map_bom_item_nocache_mixed_match(self):
     # ----------------- map_bom_item_no_cache purl cases --------------------
 
     @responses.activate
-    def test_map_bom_item_nocache_purl_component(self):
+    def test_map_bom_item_nocache_purl_component(self) -> None:
         """test bom mapping (nocache): we have a component purl match
         """
+        if not self.app.client:
+            return
+
         self.app.purl_service = PurlService(self.app.client, cache={'deb': {'debian': {'sed': {
             None: SW360_BASE_URL + "components/a035"}}}})
         bomitem = Component(
             name="sed",
             version="1.0",
-            purl="pkg:deb/debian/sed@1.0?type=source")
+            purl=PackageURL.from_string("pkg:deb/debian/sed@1.0?type=source"))
         component_data = {"_embedded": {"sw360:releases": [{
             "_links": {"self": {"href": SW360_BASE_URL + 'releases/1234'}}}]}}
         release_data = {"name": "Unix Stream EDitor",
@@ -218,7 +229,7 @@ def test_map_bom_item_nocache_purl_component(self):
         bomitem = Component(
             name="sed",
             version="1.1",
-            purl="pkg:deb/debian/sed@1.1?type=source")
+            purl=PackageURL.from_string("pkg:deb/debian/sed@1.1?type=source"))
         res = self.app.map_bom_item_no_cache(bomitem)
         assert res.result == MapResult.NO_MATCH
         assert res.component_id == "a035"
@@ -232,15 +243,18 @@ def test_map_bom_item_nocache_purl_component(self):
         assert res.releases[0]["ComponentId"] == "a035"
 
     @responses.activate
-    def test_map_bom_item_nocache_purl_nocomponent(self):
+    def test_map_bom_item_nocache_purl_nocomponent(self) -> None:
         """test bom mapping: we have no component purl match, so search by name
         """
+        if not self.app.client:
+            return
+
         self.app.purl_service = PurlService(self.app.client, cache={'deb': {'debian': {'sed': {
             None: SW360_BASE_URL + "components/a035"}}}})
         bomitem = Component(
             name="awk",
             version="1.0",
-            purl="pkg:deb/debian/awk@1.0?type=source")
+            purl=PackageURL.from_string("pkg:deb/debian/awk@1.0?type=source"))
 
         component_matches = {"_embedded": {"sw360:components": [{
             "name": "Awk",
@@ -263,21 +277,24 @@ def test_map_bom_item_nocache_purl_nocomponent(self):
 
         res = self.app.map_bom_item_no_cache(bomitem)
         assert res.result == MapResult.FULL_MATCH_BY_NAME_AND_VERSION
-        assert res.component_id is None
+        assert res.component_id == ""
         assert res.releases[0]["Sw360Id"] == "1235"
         assert res.releases[0]["ComponentId"] == "a034"
 
     @responses.activate
-    def test_map_bom_item_nocache_purl_release(self):
+    def test_map_bom_item_nocache_purl_release(self) -> None:
         """test bom mapping: we have a release purl match, but names differ
         """
+        if not self.app.client:
+            return
+
         self.app.purl_service = PurlService(self.app.client, cache={'deb': {'debian': {'sed': {
             None: SW360_BASE_URL + "components/a035",
             "1.0~1": SW360_BASE_URL + "releases/1234"}}}})
         bomitem = Component(
             name="sed",
             version="1.0+1",
-            purl="pkg:deb/debian/sed@1.0%7E1?type=source")
+            purl=PackageURL.from_string("pkg:deb/debian/sed@1.0%7E1?type=source"))
 
         release_data = {"name": "Unix Stream EDitor",
                         "version": "1.0", "_links": {
@@ -296,7 +313,7 @@ def test_map_bom_item_nocache_purl_release(self):
     # ----------------- create_updated_bom --------------------
 
     @responses.activate
-    def test_create_updated_bom_component_id(self):
+    def test_create_updated_bom_component_id(self) -> None:
         res = MapResult()
         res.component = Component(name="sed", version="1.1")
         res.result = MapResult.MATCH_BY_NAME
@@ -332,7 +349,7 @@ def test_create_updated_bom_component_id(self):
         assert prop == "a035"
 
     @responses.activate
-    def test_create_updated_bom_mixed_match(self):
+    def test_create_updated_bom_mixed_match(self) -> None:
         res = MapResult()
         res.component = Component(name="mail", version="1.4")
         res.result = MapResult.FULL_MATCH_BY_NAME_AND_VERSION
@@ -370,7 +387,7 @@ def test_show_help(self) -> None:
         out = TestBase.capture_stdout(sut.run, args)
         self.assertTrue("usage: CaPyCLI bom map [-h]" in out)
 
-    def test_app_bom_no_input_file_specified(self):
+    def test_app_bom_no_input_file_specified(self) -> None:
         db = MapBom()
 
         # create argparse command line argument object
@@ -384,7 +401,7 @@ def test_app_bom_no_input_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_not_found(self):
+    def test_app_bom_input_file_not_found(self) -> None:
         db = MapBom()
 
         # create argparse command line argument object
@@ -399,7 +416,7 @@ def test_app_bom_input_file_not_found(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, sysex.code)
 
-    def test_app_bom_input_file_invalid(self):
+    def test_app_bom_input_file_invalid(self) -> None:
         db = MapBom()
 
         # create argparse command line argument object
@@ -445,7 +462,7 @@ def test_no_login(self) -> None:
             self.assertEqual(ResultCode.RESULT_AUTH_ERROR, ex.code)
 
     @responses.activate
-    def test_mapping_single_match_by_id(self):
+    def test_mapping_single_match_by_id(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -592,7 +609,7 @@ def test_mapping_single_match_by_id(self):
         TestBase.delete_file(self.MAPPING_FILE)
         TestBase.delete_file(self.OVERVIEW_FILE)
 
-    def provide_cache_responses(self):
+    def provide_cache_responses(self) -> None:
         responses.add(
             responses.GET,
             url=self.MYURL + "resource/api/releases?allDetails=true",
@@ -659,7 +676,7 @@ def provide_cache_responses(self):
         )
 
     @responses.activate
-    def test_mapping_use_cache(self):
+    def test_mapping_use_cache(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -809,7 +826,7 @@ def test_mapping_use_cache(self):
         TestBase.delete_file(self.CACHE_FILE)
 
     @responses.activate
-    def test_mapping_no_releases(self):
+    def test_mapping_no_releases(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -894,7 +911,7 @@ def test_mapping_no_releases(self):
         TestBase.delete_file(self.CACHE_FILE)
 
     @responses.activate
-    def test_mapping_no_releases_no_cache(self):
+    def test_mapping_no_releases_no_cache(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -992,7 +1009,7 @@ def test_mapping_no_releases_no_cache(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_NO_UNIQUE_MAPPING, sysex.code)
 
-    def add_login_response(self):
+    def add_login_response(self) -> None:
         """
         Add response for SW360 login.
         """
@@ -1005,7 +1022,7 @@ def add_login_response(self):
             adding_headers={"Authorization": "Token " + self.MYTOKEN},
         )
 
-    def add_empty_purl_cache_response(self):
+    def add_empty_purl_cache_response(self) -> None:
         """
         Add responses for empty purl cache.
         """
@@ -1041,7 +1058,7 @@ def add_empty_purl_cache_response(self):
             adding_headers={"Authorization": "Token " + self.MYTOKEN},
         )
 
-    def add_component_per_name_colorama_response(self):
+    def add_component_per_name_colorama_response(self) -> None:
         # component(s) by name
         responses.add(
             responses.GET,
@@ -1075,7 +1092,7 @@ def add_component_per_name_colorama_response(self):
             adding_headers={"Authorization": "Token " + self.MYTOKEN},
         )
 
-    def add_component_colorama_response(self):
+    def add_component_colorama_response(self) -> None:
         # the component
         responses.add(
             responses.GET,
@@ -1114,7 +1131,7 @@ def add_component_colorama_response(self):
         )
 
     @responses.activate
-    def test_mapping_name_and_version(self):
+    def test_mapping_name_and_version(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -1191,7 +1208,7 @@ def test_mapping_name_and_version(self):
         TestBase.delete_file(self.OVERVIEW_FILE)
 
     @responses.activate
-    def test_mapping_source_hash(self):
+    def test_mapping_source_hash(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -1280,7 +1297,7 @@ def test_mapping_source_hash(self):
         TestBase.delete_file(self.OVERVIEW_FILE)
 
     @responses.activate
-    def test_mapping_binary_hash(self):
+    def test_mapping_binary_hash(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -1369,7 +1386,7 @@ def test_mapping_binary_hash(self):
         TestBase.delete_file(self.OVERVIEW_FILE)
 
     @responses.activate
-    def test_mapping_name_only_found(self):
+    def test_mapping_name_only_found(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -1449,7 +1466,7 @@ def test_mapping_name_only_found(self):
         TestBase.delete_file(self.OVERVIEW_FILE)
 
     @responses.activate
-    def test_mapping_name_only_not_found(self):
+    def test_mapping_name_only_not_found(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -1529,7 +1546,7 @@ def test_mapping_name_only_not_found(self):
         TestBase.delete_file(self.OVERVIEW_FILE)
 
     @responses.activate
-    def test_mapping_require_result_not_found(self):
+    def test_mapping_require_result_not_found(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -1612,7 +1629,7 @@ def test_mapping_require_result_not_found(self):
         TestBase.delete_file(self.CACHE_FILE)
 
     @responses.activate
-    def test_mapping_require_result_found(self):
+    def test_mapping_require_result_found(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -1705,7 +1722,7 @@ def test_mapping_require_result_found(self):
         TestBase.delete_file(self.CACHE_FILE)
 
     @responses.activate
-    def test_mapping_cache_name_and_version(self):
+    def test_mapping_cache_name_and_version(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -1867,7 +1884,7 @@ def test_mapping_cache_name_and_version(self):
         TestBase.delete_file(self.CACHE_FILE)
 
     @responses.activate
-    def test_mapping_cache_source_hash(self):
+    def test_mapping_cache_source_hash(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -2017,7 +2034,7 @@ def test_mapping_cache_source_hash(self):
         TestBase.delete_file(self.CACHE_FILE)
 
     @responses.activate
-    def test_mapping_cache_binary_hash(self):
+    def test_mapping_cache_binary_hash(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -2167,7 +2184,7 @@ def test_mapping_cache_binary_hash(self):
         TestBase.delete_file(self.CACHE_FILE)
 
     @responses.activate
-    def test_mapping_cache_source_file(self):
+    def test_mapping_cache_source_file(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -2317,7 +2334,7 @@ def test_mapping_cache_source_file(self):
         TestBase.delete_file(self.CACHE_FILE)
 
     @responses.activate
-    def test_mapping_cache_similar(self):
+    def test_mapping_cache_similar(self) -> None:
         sut = MapBom()
 
         # create argparse command line argument object
@@ -2451,10 +2468,10 @@ def test_mapping_cache_similar(self):
         TestBase.delete_file(self.OVERVIEW_FILE)
         TestBase.delete_file(self.CACHE_FILE)
 
-    def test_update_bom_item(self):
+    def test_update_bom_item(self) -> None:
         sut = MapBom()
 
-        match = {}
+        match: Dict[str, Any] = {}
         updated = sut.update_bom_item(None, match)
         self.assertIsNotNone(updated)
         self.assertEqual("", updated.name)
@@ -2462,13 +2479,13 @@ def test_update_bom_item(self):
 
         # simple
         comp = Component(name="a", version="1")
-        match = {}
+        match: Dict[str, Any] = {}
         updated = sut.update_bom_item(comp, match)
         self.assertEqual("a", updated.name)
         self.assertEqual("1", updated.version)
 
         # update all - no existing
-        match = {}
+        match: Dict[str, Any] = {}
         match["Name"] = "b"
         match["Version"] = "2"
         match["Language"] = "C#"
@@ -2483,10 +2500,10 @@ def test_update_bom_item(self):
         self.assertEqual("b", updated.name)
         self.assertEqual("2", updated.version)
         self.assertEqual("C#", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_LANGUAGE))
-        self.assertEqual("http://123", CycloneDxSupport.get_ext_ref_source_url(updated))
-        self.assertEqual("123.zip", CycloneDxSupport.get_ext_ref_source_file(updated))
-        self.assertEqual("123.dll", CycloneDxSupport.get_ext_ref_binary_file(updated))
-        self.assertEqual("http://somewhere", CycloneDxSupport.get_ext_ref_website(updated))
+        self.assertEqual("http://123", str(CycloneDxSupport.get_ext_ref_source_url(updated)))
+        self.assertEqual("123.zip", str(CycloneDxSupport.get_ext_ref_source_file(updated)))
+        self.assertEqual("123.dll", str(CycloneDxSupport.get_ext_ref_binary_file(updated)))
+        self.assertEqual("http://somewhere", str(CycloneDxSupport.get_ext_ref_website(updated)))
         self.assertEqual("007", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_SW360ID))
 
         # update all - all existing => no updates
@@ -2506,10 +2523,10 @@ def test_update_bom_item(self):
         self.assertEqual("b", updated.name)
         self.assertEqual("2", updated.version)
         self.assertEqual("Java", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_LANGUAGE))
-        self.assertEqual("http://456", CycloneDxSupport.get_ext_ref_source_url(comp))
-        self.assertEqual("456.zip", CycloneDxSupport.get_ext_ref_source_file(updated))
-        self.assertEqual("456.dll", CycloneDxSupport.get_ext_ref_binary_file(updated))
-        self.assertEqual("http://somewhereelse", CycloneDxSupport.get_ext_ref_website(updated))
+        self.assertEqual("http://456", str(CycloneDxSupport.get_ext_ref_source_url(comp)))
+        self.assertEqual("456.zip", str(CycloneDxSupport.get_ext_ref_source_file(updated)))
+        self.assertEqual("456.dll", str(CycloneDxSupport.get_ext_ref_binary_file(updated)))
+        self.assertEqual("http://somewhereelse", str(CycloneDxSupport.get_ext_ref_website(updated)))
         self.assertEqual("888", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_SW360ID))
 
         # update all - all existing, but empty => updates
@@ -2530,10 +2547,10 @@ def test_update_bom_item(self):
         self.assertEqual("b", updated.name)
         self.assertEqual("2", updated.version)
         self.assertEqual("C#", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_LANGUAGE))
-        self.assertEqual("http://123", CycloneDxSupport.get_ext_ref_source_url(updated))
-        self.assertEqual("123.zip", CycloneDxSupport.get_ext_ref_source_file(updated))
-        self.assertEqual("123.dll", CycloneDxSupport.get_ext_ref_binary_file(updated))
-        self.assertEqual("http://somewhere", CycloneDxSupport.get_ext_ref_website(updated))
+        self.assertEqual("http://123", str(CycloneDxSupport.get_ext_ref_source_url(updated)))
+        self.assertEqual("123.zip", str(CycloneDxSupport.get_ext_ref_source_file(updated)))
+        self.assertEqual("123.dll", str(CycloneDxSupport.get_ext_ref_binary_file(updated)))
+        self.assertEqual("http://somewhere", str(CycloneDxSupport.get_ext_ref_website(updated)))
         self.assertEqual("007", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_SW360ID))
         self.assertEqual("0815", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_COMPONENT_ID))
 
@@ -2544,26 +2561,32 @@ def test_update_bom_item(self):
         match["Version"] = "2.0"
         match["RepositoryId"] = "pkg:pypi/a@2.0"
         updated = sut.update_bom_item(comp, match)
-        self.assertEqual("b", updated.name)
-        self.assertEqual("2.0", updated.version)
-        self.assertEqual("pkg:pypi/a@2.0", updated.purl)
+        self.assertIsNotNone(updated)
+        if updated:
+            self.assertEqual("b", updated.name)
+            self.assertEqual("2.0", updated.version)
+            if updated.purl:
+                self.assertEqual("pkg:pypi/a@2.0", updated.purl.to_string())
 
         # extra: update package-url
-        comp = Component(name="a", version="1.0", purl="pkg:pypi/a@1.0")
+        comp = Component(name="a", version="1.0", purl=PackageURL.from_string("pkg:pypi/a@1.0"))
         match = {}
         match["Name"] = "b"
         match["Version"] = "2.0"
         match["RepositoryId"] = "pkg:pypi/a@2.0"
         updated = sut.update_bom_item(comp, match)
-        self.assertEqual("b", updated.name)
-        self.assertEqual("2.0", updated.version)
-        self.assertEqual("pkg:pypi/a@2.0", updated.purl)
+        self.assertIsNotNone(updated)
+        if updated:
+            self.assertEqual("b", updated.name)
+            self.assertEqual("2.0", updated.version)
+            if updated.purl:
+                self.assertEqual("pkg:pypi/a@2.0", updated.purl.to_string())
 
-    def test_is_better_match(self):
+    def test_is_better_match(self) -> None:
         sut = MapBom()
 
         # empty release list
-        val = sut.is_better_match(None, MapResult.MATCH_BY_FILENAME)
+        val = sut.is_better_match([], MapResult.MATCH_BY_FILENAME)
         self.assertTrue(val)
 
         val = sut.is_better_match([], MapResult.MATCH_BY_FILENAME)
@@ -2622,7 +2645,7 @@ def test_is_better_match(self):
         val = sut.is_better_match(releases_found, MapResult.FULL_MATCH_BY_HASH)
         self.assertFalse(val)
 
-    def test_is_good_match(self):
+    def test_is_good_match(self) -> None:
         """
         Tests for
         * 'if match_item["MapResult"] <= MapResult.GOOD_MATCH_FOUND'
@@ -2642,4 +2665,4 @@ def test_is_good_match(self):
 if __name__ == "__main__":
     APP = CapycliTestBomMap()
     APP.setUp()
-    APP.test_map_bom_item_nocache_purl_component()
+    APP.test_map_bom_item_nocache_purl_nocomponent()
diff --git a/tests/test_bom_show.py b/tests/test_bom_show.py
index 39265f1..d63e428 100644
--- a/tests/test_bom_show.py
+++ b/tests/test_bom_show.py
@@ -105,3 +105,8 @@ def test_simple_bom_verbose(self) -> None:
         self.assertTrue("wheel, 0.38.4" in out)
         self.assertTrue("package-url:pkg:pypi/wheel@0.38.4" in out)
         self.assertTrue("SW360 id:e0995819173d4ac8b1a4da3548935976" in out)
+
+
+if __name__ == "__main__":
+    lib = TestCheckBom()
+    lib.test_simple_bom()
diff --git a/tests/test_capycli.py b/tests/test_capycli.py
index b728bcf..cd3a9d9 100644
--- a/tests/test_capycli.py
+++ b/tests/test_capycli.py
@@ -7,10 +7,10 @@
 # -------------------------------------------------------------------------------
 
 import os
-from typing import List
 
 from cyclonedx.model.bom_ref import BomRef
 from cyclonedx.model.component import Component
+from sortedcontainers import SortedSet
 
 from capycli.common.capycli_bom_support import CaPyCliBom, SbomCreator, SbomWriter
 from tests.test_base import TestBase
@@ -21,7 +21,7 @@ class TestCaPyCli(TestBase):
     INPUTFILE2 = "capycli_extra.json"
     OUTPUTFILE = "sbom.json"
 
-    def assert_default_test_bom(self, cx_components: List[Component]) -> None:
+    def assert_default_test_bom(self, cx_components: SortedSet) -> None:
         self.assertEqual(4, len(cx_components))
 
         self.assertEqual("colorama", cx_components[0].name)
@@ -36,27 +36,27 @@ def assert_default_test_bom(self, cx_components: List[Component]) -> None:
         self.assertEqual("wheel", cx_components[3].name)
         self.assertEqual("0.34.2", cx_components[3].version)
 
-    def assert_components(self, cx_components: List[Component]) -> None:
+    def assert_components(self, cx_components: SortedSet) -> None:
         self.assertEqual(4, len(cx_components))
 
         self.assertEqual("colorama", cx_components[0].name)
         self.assertEqual("0.4.3", cx_components[0].version)
-        self.assertEqual("pkg:pypi/colorama@0.4.3", cx_components[0].purl)
+        self.assertEqual("pkg:pypi/colorama@0.4.3", cx_components[0].purl.to_string())
         self.assertEqual(BomRef("pkg:pypi/colorama@0.4.3"), cx_components[0].bom_ref)
 
         self.assertEqual("python", cx_components[1].name)
         self.assertEqual("3.8", cx_components[1].version)
-        self.assertEqual("pkg:pypi/python@3.8", cx_components[1].purl)
+        self.assertEqual("pkg:pypi/python@3.8", cx_components[1].purl.to_string())
         self.assertEqual(BomRef("pkg:pypi/python@3.8"), cx_components[1].bom_ref)
 
         self.assertEqual("tomli", cx_components[2].name)
         self.assertEqual("2.0.1", cx_components[2].version)
-        self.assertEqual("pkg:pypi/tomli@2.0.1", cx_components[2].purl)
+        self.assertEqual("pkg:pypi/tomli@2.0.1", cx_components[2].purl.to_string())
         self.assertEqual(BomRef("pkg:pypi/tomli@2.0.1"), cx_components[2].bom_ref)
 
         self.assertEqual("wheel", cx_components[3].name)
         self.assertEqual("0.34.2", cx_components[3].version)
-        self.assertEqual("pkg:pypi/wheel@0.34.2", cx_components[3].purl)
+        self.assertEqual("pkg:pypi/wheel@0.34.2", cx_components[3].purl.to_string())
         self.assertEqual(BomRef("pkg:pypi/wheel@0.34.2"), cx_components[3].bom_ref)
 
     def test_read(self) -> None:
@@ -70,7 +70,7 @@ def test_read_extra(self) -> None:
 
         self.assertEqual("colorama", sbom.components[0].name)
         self.assertEqual("0.4.3", sbom.components[0].version)
-        self.assertEqual("pkg:pypi/colorama@0.4.3", sbom.components[0].purl)
+        self.assertEqual("pkg:pypi/colorama@0.4.3", sbom.components[0].purl.to_string())
         self.assertEqual(BomRef("pkg:pypi/colorama@0.4.3"), sbom.components[0].bom_ref)
 
     def test_write_simple(self) -> None:
@@ -113,10 +113,15 @@ def test_write_simple_bom2(self) -> None:
 
         filename_out = os.path.join(
             os.path.dirname(__file__), "fixtures", TestCaPyCli.OUTPUTFILE)
-        CaPyCliBom.write_simple_sbom(bom, filename_out)
+        CaPyCliBom.write_simple_sbom(SortedSet(bom), filename_out)
 
         sbom2 = CaPyCliBom.read_sbom(filename_out)
         self.assertEqual("test1", sbom2.components[0].name)
         self.assertEqual("99.9", sbom2.components[0].version)
 
         TestCaPyCli.delete_file(filename_out)
+
+
+if __name__ == "__main__":
+    lib = TestCaPyCli()
+    lib.test_write_simple()
diff --git a/tests/test_check_bom_item_status.py b/tests/test_check_bom_item_status.py
index 9fce9f2..2a3e29d 100644
--- a/tests/test_check_bom_item_status.py
+++ b/tests/test_check_bom_item_status.py
@@ -660,3 +660,8 @@ def test_simple_bom_show_all(self) -> None:
         self.assertTrue("tomli, 2.0.1" in out)
         self.assertTrue("wheel, 0.38.4" in out)
         self.assertTrue("0.39.9" in out)
+
+
+if __name__ == "__main__":
+    lib = TestCheckBomItemStatus()
+    lib.test_simple_bom_with_errors()
diff --git a/tests/test_check_granularity.py b/tests/test_check_granularity.py
index 71ffaba..ebaea28 100644
--- a/tests/test_check_granularity.py
+++ b/tests/test_check_granularity.py
@@ -134,7 +134,7 @@ def test_real_bom2(self) -> None:
         self.assertEqual("Angular", sbom.components[0].name)
         self.assertEqual("15.2.6", sbom.components[0].version)
         val = CycloneDxSupport.get_ext_ref_source_url(sbom.components[0])
-        self.assertEqual("https://github.com/angular/angular", val)
+        self.assertEqual("https://github.com/angular/angular", str(val))
 
         self.assertEqual("certifi", sbom.components[1].name)
         self.assertEqual("2022.12.7", sbom.components[1].version)
@@ -142,7 +142,7 @@ def test_real_bom2(self) -> None:
         self.delete_file(self.OUTPUTFILE1)
 
     @responses.activate
-    def test_read_granularity_list_local(self):
+    def test_read_granularity_list_local(self) -> None:
         check_granularity = CheckGranularity()
         read_data = '''
 component_name;replacement_name;comment;source_url
@@ -160,7 +160,7 @@ def test_read_granularity_list_local(self):
         self.delete_file("granularity_list.csv")
 
     @responses.activate
-    def test_read_granularity_list_download(self):
+    def test_read_granularity_list_download(self) -> None:
         check_granularity = CheckGranularity()
         body_data = '''
 component_name;replacement_name;comment;source_url
@@ -176,7 +176,7 @@ def test_read_granularity_list_download(self):
         self.assertEqual(check_granularity.granularity_list[0].source_url, 'https://github.com/babel/babel')
 
     @responses.activate
-    def test_read_granularity_list_download_error(self):
+    def test_read_granularity_list_download_error(self) -> None:
         responses.add(responses.GET, 'http://wrongurl.com/granularity.csv', status=500)
         check_granularity = CheckGranularity()
 
diff --git a/tests/test_comparable_version.py b/tests/test_comparable_version.py
index 90aa329..912c91a 100644
--- a/tests/test_comparable_version.py
+++ b/tests/test_comparable_version.py
@@ -12,19 +12,19 @@
 
 class ComparableVersionTestBase(unittest.TestCase):
 
-    def test_equal_versions(self):
+    def test_equal_versions(self) -> None:
         equal_versions = [("5.3.18", "5.03.18"), ("2.13.2.2", "v2.13.2.2")]
         for v1, v2 in equal_versions:
             with self.subTest():
                 self.assertEqual(ComparableVersion(v1), ComparableVersion(v2), "The version should be identical")
 
-    def test_greater_versions(self):
+    def test_greater_versions(self) -> None:
         greater_versions = [("1.0.1", "1.0"), ("5.3.18", "5.3.1"), ("v2.14", "v2.13.2.2"), ("0.5.10.2-5", "0.5.10.2-4")]
         for v1, v2 in greater_versions:
             with self.subTest():
                 self.assertGreater(ComparableVersion(v1), ComparableVersion(v2), "The version should be greater")
 
-    def test_handle_special_versions(self):
+    def test_handle_special_versions(self) -> None:
         special = ["20180813", "1", "12", "30.1.1-jre", "1.0-1", "1.2_conflict", "0.5.10.2-5", "5.3.28+dfsg1-0.5",
                    "10.3+deb10u4", "0~20171227-0.2.", "6.3.0.RELEASE", "6.3.0.CR2", "6.3.0.FINAL", "6.3.0.xyz",
                    "6.3.0.99.88.77"]
@@ -32,7 +32,7 @@ def test_handle_special_versions(self):
             with self.subTest():
                 self.assertIsNotNone(ComparableVersion(v))
 
-    def test_get_major_part(self):
+    def test_get_major_part(self) -> None:
         special = [("1", 1), ("12", 12), ("30.1.1-jre", 30), ("1.0-1", 1), ("0.5.10.2-5", 0)]
         for v in special:
             with self.subTest(msg="major version shall be {} -> {}".format(v[0], v[1])):
@@ -40,14 +40,14 @@ def test_get_major_part(self):
                 self.assertIsNotNone(cv)
                 self.assertEqual(cv.major, v[1])
 
-    def test_incompatible_versions(self):
+    def test_incompatible_versions(self) -> None:
         """See issue #132"""
         higher_version = ComparableVersion("1.1.1d-0+deb10u3.debian")
         lower_version = ComparableVersion("1.1.1.d-dev")
         self.assertGreater(higher_version, lower_version, "The version should be greater")
         self.assertEqual(ComparableVersion("bullshit"), ComparableVersion("bullshit"), "The version should be equal")
 
-    def test_fill_version(self):
+    def test_fill_version(self) -> None:
         """See issue #132"""
         version1 = ComparableVersion("3.28.0")
         version2 = ComparableVersion("3.28")
diff --git a/tests/test_component_cache.py b/tests/test_component_cache.py
index 75702c3..1362620 100644
--- a/tests/test_component_cache.py
+++ b/tests/test_component_cache.py
@@ -19,7 +19,7 @@ class TestComponentCache(TestBase):
     CACHE_FILE = "dummy_cache.json"
 
     @responses.activate
-    def test_refresh_component_cache_with_cache(self):
+    def test_refresh_component_cache_with_cache(self) -> None:
         sut = ComponentCacheManagement()
 
         # for login
@@ -126,7 +126,7 @@ def test_refresh_component_cache_with_cache(self):
         self.assertEqual("pkg:pypi/colorama@0.4.3", result[0]["ExternalIds"]["package-url"])
 
     @responses.activate
-    def test_refresh_component_cache_no_cache(self):
+    def test_refresh_component_cache_no_cache(self) -> None:
         sut = ComponentCacheManagement()
 
         # for login
diff --git a/tests/test_create_bom.py b/tests/test_create_bom.py
index f9cb0d0..8ce47b9 100644
--- a/tests/test_create_bom.py
+++ b/tests/test_create_bom.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import os
+from typing import Any
 
 import pytest
 import responses
@@ -120,7 +121,7 @@ def test_project_not_found(self) -> None:
         assert ResultCode.RESULT_ERROR_ACCESSING_SW360 == ex.value.code
 
     @responses.activate
-    def test_create_bom_multiple_purls(self, capsys):
+    def test_create_bom_multiple_purls(self, capsys: Any) -> None:
         sut = CreateBom()
 
         self.add_login_response()
@@ -153,10 +154,12 @@ def test_create_bom_multiple_purls(self, capsys):
         captured = capsys.readouterr()
 
         assert "Multiple purls added" in captured.out
-        assert cdx_components[0].purl == "pkg:deb/debian/cli-support@1.3-1 pkg:pypi/cli-support@1.3"
+        assert cdx_components[0].purl is not None
+        if cdx_components[0].purl:
+            assert cdx_components[0].purl.to_string() == "pkg:deb/debian/cli-support%401.3-1%20pkg:pypi/cli-support@1.3"
 
     @responses.activate
-    def test_project_by_id(self):
+    def test_project_by_id(self) -> None:
         sut = CreateBom()
 
         self.add_login_response()
@@ -209,30 +212,32 @@ def test_project_by_id(self):
 
         cdx_bom = sut.create_project_cdx_bom("p001")
         cx_comp = cdx_bom.components[0]
-        assert cx_comp.purl == release["externalIds"]["package-url"]
+        assert cx_comp.purl.to_string() == release["externalIds"]["package-url"]
 
         ext_refs_src_url = [e for e in cx_comp.external_references if e.comment == CaPyCliBom.SOURCE_URL_COMMENT]
         assert len(ext_refs_src_url) == 1
-        assert ext_refs_src_url[0].url == release["sourceCodeDownloadurl"]
+        assert str(ext_refs_src_url[0].url) == release["sourceCodeDownloadurl"]
         assert ext_refs_src_url[0].type == ExternalReferenceType.DISTRIBUTION
 
         ext_refs_src_file = [e for e in cx_comp.external_references if e.comment == CaPyCliBom.SOURCE_FILE_COMMENT]
         assert len(ext_refs_src_file) == 2
-        assert ext_refs_src_file[0].url == release["_embedded"]["sw360:attachments"][0]["filename"]
+        assert str(ext_refs_src_file[0].url) == release["_embedded"]["sw360:attachments"][0]["filename"]
         assert ext_refs_src_file[0].type == ExternalReferenceType.DISTRIBUTION
         assert ext_refs_src_file[0].hashes[0].alg == "SHA-1"
         assert ext_refs_src_file[0].hashes[0].content == release["_embedded"]["sw360:attachments"][0]["sha1"]
 
         ext_refs_vcs = [e for e in cx_comp.external_references if e.type == ExternalReferenceType.VCS]
         assert len(ext_refs_vcs) == 1
-        assert ext_refs_vcs[0].url == release["repository"]["url"]
+        assert str(ext_refs_vcs[0].url) == release["repository"]["url"]
 
-        assert cdx_bom.metadata.component.name == project["name"]
-        assert cdx_bom.metadata.component.version == project["version"]
-        assert cdx_bom.metadata.component.description == project["description"]
+        assert cdx_bom.metadata.component is not None
+        if cdx_bom.metadata.component:
+            assert cdx_bom.metadata.component.name == project["name"]
+            assert cdx_bom.metadata.component.version == project["version"]
+            assert cdx_bom.metadata.component.description == project["description"]
 
     @responses.activate
-    def test_project_show_by_name(self):
+    def test_project_show_by_name(self) -> None:
         sut = CreateBom()
 
         args = AppArguments()
diff --git a/tests/test_create_project.py b/tests/test_create_project.py
index 40d4a56..56b1b22 100644
--- a/tests/test_create_project.py
+++ b/tests/test_create_project.py
@@ -8,7 +8,7 @@
 
 import json
 import os
-from typing import List
+from typing import Any, Dict, List, Tuple
 
 import responses
 import responses.matchers
@@ -18,9 +18,9 @@
 from tests.test_base import AppArguments, TestBase
 
 
-def min_json_matcher(check: dict):
+def min_json_matcher(check: Dict[str, Any]) -> Any:
     # responses.matcher.multipart_matcher didn't work for me
-    def match(request):
+    def match(request: Any) -> Tuple[bool, str]:
         result = True
         reason = ""
 
@@ -44,14 +44,14 @@ def match(request):
     return match
 
 
-def update_release_matcher(releases: List[str]):
+def update_release_matcher(releases: List[str]) -> Any:
     """
     Matches the updated releases.
 
     Args:
         releases (list[str]): list of releases
     """
-    def match(request):
+    def match(request: Any) -> Tuple[bool, str]:
         result = True
         reason = ""
 
@@ -702,8 +702,3 @@ def xtest_project_update_old_version(self) -> None:
     # test unknown/invalid release id
 
     # test upload attachments
-
-
-if __name__ == '__main__':
-    APP = TestCreateProject()
-    APP.test_project_update_old_version()
diff --git a/tests/test_create_readme.py b/tests/test_create_readme.py
index c99bb5d..969131e 100644
--- a/tests/test_create_readme.py
+++ b/tests/test_create_readme.py
@@ -125,8 +125,3 @@ def test_create_readme(self) -> None:
 
         self.assertTrue(os.path.isfile(self.OUTPUTFILE))
         # self.delete_file(self.OUTPUTFILE)
-
-
-if __name__ == "__main__":
-    APP = TestCreateReadmeOss()
-    APP.test_project_show_by_name()
diff --git a/tests/test_csv.py b/tests/test_csv.py
index 4b2bdc4..6617301 100644
--- a/tests/test_csv.py
+++ b/tests/test_csv.py
@@ -11,6 +11,7 @@
 from typing import List
 
 from cyclonedx.model.component import Component
+from sortedcontainers import SortedSet
 
 from capycli.bom.csv import CsvSupport
 from tests.test_base import TestBase
@@ -51,7 +52,7 @@ def test_write(self) -> None:
 
         filename_out = os.path.join(
             os.path.dirname(__file__), "fixtures", TestCsv.OUTPUTFILE)
-        CsvSupport.write_cdx_components_as_csv(cx_components, filename_out)
+        CsvSupport.write_cdx_components_as_csv(SortedSet(cx_components), filename_out)
 
         self.assertListEqual(
             list(io.open(filename)),
diff --git a/tests/test_find_project.py b/tests/test_find_project.py
index 1c94218..7d7c2bf 100644
--- a/tests/test_find_project.py
+++ b/tests/test_find_project.py
@@ -131,7 +131,7 @@ def test_project_find_by_id(self) -> None:
         self.assertTrue("Project found, name = CaPyCLI, version = 1.9.0" in out)
 
     @responses.activate
-    def test_project_find_by_name_and_version(self):
+    def test_project_find_by_name_and_version(self) -> None:
         sut = FindProject()
 
         # create argparse command line argument object
@@ -194,7 +194,7 @@ def test_project_find_by_name_and_version(self):
         self.assertTrue("CaPyCLI, 1.9.0 => ID = p001" in out)
 
     @responses.activate
-    def test_project_find_by_name(self):
+    def test_project_find_by_name(self) -> None:
         sut = FindProject()
 
         # create argparse command line argument object
@@ -253,7 +253,7 @@ def test_project_find_by_name(self):
         self.assertTrue("CaPyCLI, 1.2.0 => ID = p002" in out)
 
     @responses.activate
-    def test_project_find_by_name_no_data(self):
+    def test_project_find_by_name_no_data(self) -> None:
         sut = FindProject()
 
         # create argparse command line argument object
diff --git a/tests/test_find_sources.py b/tests/test_find_sources.py
index 966c3e4..7974e7f 100644
--- a/tests/test_find_sources.py
+++ b/tests/test_find_sources.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import os
+from typing import Any, Dict, List
 from unittest.mock import MagicMock, patch
 
 import responses
@@ -112,13 +113,13 @@ def test_find_sources(self) -> None:
         self.assertEqual("0.4.6", sbom.components[0].version)
         self.assertEqual(
             "https://github.com/tartley/colorama/archive/refs/tags/0.4.6.zip",
-            CycloneDxSupport.get_ext_ref_source_url(sbom.components[0]))
+            str(CycloneDxSupport.get_ext_ref_source_url(sbom.components[0])))
 
         self.assertEqual("into-stream", sbom.components[1].name)
         self.assertEqual("6.0.0", sbom.components[1].version)
         self.assertEqual(
             "https://github.com/sindresorhus/into-stream/archive/refs/tags/v6.0.0.zip",
-            CycloneDxSupport.get_ext_ref_source_url(sbom.components[1]))
+            str(CycloneDxSupport.get_ext_ref_source_url(sbom.components[1])))
 
         self.assertEqual("python", sbom.components[2].name)
         self.assertEqual("3.8", sbom.components[2].version)
@@ -130,29 +131,29 @@ def test_find_sources(self) -> None:
         self.assertEqual("11.0.1", sbom.components[4].version)
         self.assertEqual(
             "https://github.com/avoidwork/tiny-lru/archive/refs/tags/11.0.1.zip",
-            CycloneDxSupport.get_ext_ref_source_url(sbom.components[4]))
+            str(CycloneDxSupport.get_ext_ref_source_url(sbom.components[4])))
 
         self.assertEqual("tomli", sbom.components[5].name)
         self.assertEqual("2.0.1", sbom.components[5].version)
         self.assertEqual(
             "https://github.com/hukkin/tomli/archive/refs/tags/2.0.1.zip",
-            CycloneDxSupport.get_ext_ref_source_url(sbom.components[5]))
+            str(CycloneDxSupport.get_ext_ref_source_url(sbom.components[5])))
 
         self.assertEqual("wheel", sbom.components[6].name)
         self.assertEqual("0.38.4", sbom.components[6].version)
         self.assertEqual(
             "https://github.com/pypa/wheel/archive/refs/tags/0.38.4.zip",
-            CycloneDxSupport.get_ext_ref_source_url(sbom.components[6]))
+            str(CycloneDxSupport.get_ext_ref_source_url(sbom.components[6])))
 
         self.assertEqual("yamljs", sbom.components[7].name)
         self.assertEqual("0.3.0", sbom.components[7].version)
         self.assertEqual(
             "https://github.com/jeremyfa/yaml.js/archive/refs/tags/v0.3.0.zip",
-            CycloneDxSupport.get_ext_ref_source_url(sbom.components[7]))
+            str(CycloneDxSupport.get_ext_ref_source_url(sbom.components[7])))
 
         self.delete_file(args.outputfile)
 
-    def test_get_repo_name(self):
+    def test_get_repo_name(self) -> None:
         # simple
         repo = "https://github.com/JamesNK/Newtonsoft.Json"
         actual = capycli.bom.findsources.FindSources.get_repo_name(repo)
@@ -183,7 +184,7 @@ def test_get_repo_name(self):
 
         self.assertEqual("restsharp/RestSharp", actual)
 
-    def test_normalize_version(self):
+    def test_normalize_version(self) -> None:
         sut = FindSources()
         param_list = [('We don\'t know', '0.0.0'), ('pre_pr_153572', '0.0.0'), ('1_27_1_1', '1.27.1.1'),
                       ('2.6.3', '2.6.3'), ('2.0.0.RELEASE', '2.0.0'), ('1.29', '1.29.0'), ('1.06', '1.6.0'),
@@ -196,7 +197,7 @@ def test_normalize_version(self):
                 self.assertTrue(actual == expected, 'version %s is %s' % (actual, expected))
 
     @responses.activate
-    def test_get_release_component_id(self):
+    def test_get_release_component_id(self) -> None:
         # Mock the sw360 client
         mock_client = MagicMock()
         mock_client.get_release.return_value = {"_links": {"sw360:component": {"href": self.MYURL + 'components/123'}}}
@@ -208,7 +209,7 @@ def test_get_release_component_id(self):
         self.assertEqual(component_id, "123")
 
     @responses.activate
-    def test_find_source_url_from_component(self):
+    def test_find_source_url_from_component(self) -> None:
         # Mock the client
         mock_client = MagicMock()
         mock_client.get_component.return_value = {"_embedded": {"sw360:releases": [{"_links": {"self": {"href": self.MYURL + 'releases/456'}}}]}}  # noqa
@@ -222,7 +223,7 @@ def test_find_source_url_from_component(self):
 
     @patch('requests.get')
     @patch('bs4.BeautifulSoup')
-    def test_get_pkg_go_repo_url_success(self, mock_beautifulsoup, mock_requests_get):
+    def test_get_pkg_go_repo_url_success(self, mock_beautifulsoup: Any, mock_requests_get: Any) -> None:
         # Mocking successful response
         mock_requests_get.return_value.text = '<div class="UnitMeta-repo"><a href="https://github.com/example/repo/1.0.0">Repo Link</a></div>'  # noqa
         mock_beautifulsoup.return_value.find.return_value = MagicMock(get=lambda x: 'https://github.com/example/repo/1.0.0')  # noqa
@@ -231,7 +232,7 @@ def test_get_pkg_go_repo_url_success(self, mock_beautifulsoup, mock_requests_get
         self.assertEqual(repo_url, 'https://github.com/example/repo/1.0.0')
 
     @patch('requests.get', side_effect=Exception('Some error'))
-    def test_get_pkg_go_repo_url_error(self, mock_requests_get):
+    def test_get_pkg_go_repo_url_error(self, mock_requests_get: Any) -> None:
         # Mocking an exception during the request
         find_sources = FindSources()
         repo_url = find_sources.get_pkg_go_repo_url('some/package')
@@ -239,7 +240,7 @@ def test_get_pkg_go_repo_url_error(self, mock_requests_get):
 
     @patch('capycli.bom.findsources.FindSources.get_github_info')
     @patch('capycli.bom.findsources.FindSources.get_matching_tag')
-    def test_find_golang_url_github(self, mock_get_github_info, mock_get_matching_tag):
+    def test_find_golang_url_github(self, mock_get_github_info: Any, mock_get_matching_tag: Any) -> None:
         # Mocking a GitHub scenario
         mock_get_github_info.return_value = 'https://pkg.go.dev/github.com/opencontainers/runc'
         mock_get_matching_tag.return_value = 'https://github.com/opencontainers/runc/archive/refs/tags/v1.0.1.zip'
@@ -251,7 +252,7 @@ def test_find_golang_url_github(self, mock_get_github_info, mock_get_matching_ta
 
         self.assertEqual(source_url, 'https://pkg.go.dev/github.com/opencontainers/runc')
 
-    def test_find_golang_url_non_github(self):
+    def test_find_golang_url_non_github(self) -> None:
         # Mocking a non-GitHub scenario
         find_sources = FindSources()
         component = MagicMock()
@@ -261,8 +262,7 @@ def test_find_golang_url_non_github(self):
 
         self.assertEqual(source_url, '')
 
-    def test_no_matching_tag(self):
-
+    def test_no_matching_tag(self) -> None:
         validTag = "3.2.0"
         invalidTag = "0.03"
         emptyString = ""
@@ -271,9 +271,9 @@ def test_no_matching_tag(self):
         sourceUrl = "https://github.com/apache/kafka/archive/refs/tags/" + validTag + ".zip"
         findResource = capycli.bom.findsources.FindSources()
         # test Empty tagInfo array
-        tagInfo = []
+        tagInfo: List[Dict[str, Any]] = []
         actual = capycli.bom.findsources.FindSources.get_matching_tag(findResource, tagInfo, validTag, githubUrl)
-        self.assertEqual(actual, None)
+        self.assertEqual(actual, "")
         # test Empty tag string
         tagInfo = [{"name": emptyString, "zipball_url": zipball_url}]
         actual = capycli.bom.findsources.FindSources.get_matching_tag(findResource, tagInfo, validTag, githubUrl)
@@ -281,7 +281,7 @@ def test_no_matching_tag(self):
         # test Empty url string
         tagInfo = [{"name": validTag, "zipball_url": emptyString}]
         actual = capycli.bom.findsources.FindSources.get_matching_tag(findResource, tagInfo, validTag, githubUrl)
-        self.assertEqual(actual, None)
+        self.assertEqual(actual, "")
         # test non-matching tag
         tagInfo = [{"name": invalidTag, "zipball_url": zipball_url}]
         actual = capycli.bom.findsources.FindSources.get_matching_tag(findResource, tagInfo, validTag, githubUrl)
@@ -292,7 +292,7 @@ def test_no_matching_tag(self):
         self.assertEqual(actual, sourceUrl)
 
     @patch("time.sleep")
-    def test_get_source_url_success(self, mock_sleep):
+    def test_get_source_url_success(self, mock_sleep: Any) -> None:
         mock_client = MagicMock()
         mock_release_id = "123"
         mock_source_url = "https://example.com/source.zip"
@@ -305,7 +305,7 @@ def test_get_source_url_success(self, mock_sleep):
         self.assertEqual(result, mock_source_url)
         mock_sleep.assert_not_called()
 
-    def test_get_source_url_no_source_url(self):
+    def test_get_source_url_no_source_url(self) -> None:
         mock_client = MagicMock()
         mock_release_id = "123"
 
@@ -314,10 +314,10 @@ def test_get_source_url_no_source_url(self):
         findsources.client = mock_client
 
         result = findsources.get_source_url_from_release(mock_release_id)
-        self.assertIsNone(result)
+        self.assertEqual(result, "")
         mock_client.get_release.assert_called_once_with(mock_release_id)
 
-    def test_get_source_url_exception(self):
+    def test_get_source_url_exception(self) -> None:
         mock_client = MagicMock()
         mock_release_id = "123"
 
@@ -327,3 +327,8 @@ def test_get_source_url_exception(self):
         with self.assertRaises(Exception):
             findsources.get_source_url_from_release(mock_release_id)
         mock_client.get_release.assert_called_once_with(mock_release_id)
+
+
+if __name__ == "__main__":
+    APP = TestFindSources()
+    APP.test_find_sources()
diff --git a/tests/test_get_dependencies_javascript.py b/tests/test_get_dependencies_javascript.py
index d0db62d..b92a290 100644
--- a/tests/test_get_dependencies_javascript.py
+++ b/tests/test_get_dependencies_javascript.py
@@ -1,5 +1,5 @@
 # -------------------------------------------------------------------------------
-# Copyright (c) 2022-2023 Siemens
+# Copyright (c) 2022-2024 Siemens
 # All Rights Reserved.
 # Author: gernot.hillier@siemens.com
 #
@@ -7,7 +7,9 @@
 # -------------------------------------------------------------------------------
 
 import os
+from typing import Any, Dict
 
+from cyclonedx.model import XsUri
 from cyclonedx.model.component import Component
 
 import capycli.common.script_base
@@ -24,8 +26,8 @@ class TestGetDependenciesJavascript(TestBase):
     OUTPUTFILE1 = "output.json"
     OUTPUTFILE2 = "output-3.json"
 
-    def create_package_lock_1(self, filename: str):
-        pl = {}
+    def create_package_lock_1(self, filename: str) -> None:
+        pl: Dict[str, Any] = {}
         pl["name"] = "APP"
         pl["version"] = "0.0.1"
         pl["lockfileVersion"] = 1
@@ -33,7 +35,7 @@ def create_package_lock_1(self, filename: str):
 
         dependencies = {}
 
-        dep1 = {}
+        dep1: Dict[str, Any] = {}
         dep1["version"] = "1.0.0"
         dep1["resolved"] = "artifactory/api/npm/npm-all/@agm/core/-/core-1.0.0.tgz"
         dep1["integrity"] = "sha1-sqd9GPv/4EzVyQzy6tQaVmP4mGI="
@@ -41,7 +43,7 @@ def create_package_lock_1(self, filename: str):
         dep1["dev"] = "true"
         dependencies["@agm/core"] = dep1
 
-        dep2 = {}
+        dep2: Dict[str, Any] = {}
         dep2["version"] = "0.10.3"
         dep2["resolved"] = "artifactory/api/npm/npm-all/zone.js/-/zone.js-0.10.3.tgz"
         dep2["integrity"] = "sha1-Pl5NoDxgfJ3NkuN901aHoUoUDBY="
@@ -51,16 +53,16 @@ def create_package_lock_1(self, filename: str):
 
         write_json_to_file(pl, filename)
 
-    def create_package_lock_3(self, filename: str):
-        pl = {}
+    def create_package_lock_3(self, filename: str) -> None:
+        pl: Dict[str, Any] = {}
         pl["name"] = "APP"
         pl["version"] = "0.0.3"
         pl["lockfileVersion"] = 3
         pl["requires"] = True
 
-        packages = {}
+        packages: Dict[str, Any] = {}
 
-        dep1 = {}
+        dep1: Dict[str, Any] = {}
         dep1["version"] = "3.0.0"
         dep1["resolved"] = "artifactory/api/npm/npm-all/@angular/router/-/router-3.0.0.tgz"
         dep1["integrity"] = "sha1-sqd9GUfj/&hfTGwhfiwmGI="
@@ -68,7 +70,7 @@ def create_package_lock_3(self, filename: str):
         dep1["dev"] = "true"
         packages["@angular/router"] = dep1
 
-        dep2 = {}
+        dep2: Dict[str, Any] = {}
         dep2["version"] = "7.8.0"
         dep2["resolved"] = "artifactory/api/npm/npm-all/rxjs/-/rxjs-7.8.0.tgz"
         dep2["integrity"] = "sha1-Pl5NoDxgfJ3NkuN901aHoUoUDBY="
@@ -139,7 +141,7 @@ def test_no_output_file_specified(self) -> None:
         except SystemExit as ex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, ex.code)
 
-    def test_convert_package_lock(self):
+    def test_convert_package_lock(self) -> None:
         self.create_package_lock_1("test_package_lock_1.json")
         sut = capycli.dependencies.javascript.GetJavascriptDependencies()
         sbom = sut.convert_package_lock("test_package_lock_1.json")
@@ -147,7 +149,7 @@ def test_convert_package_lock(self):
 
         self.delete_file("test_package_lock_1.json")
 
-    def test_convert_package_lock_3(self):
+    def test_convert_package_lock_3(self) -> None:
         self.create_package_lock_3("test_package_lock_3.json")
         sut = capycli.dependencies.javascript.GetJavascriptDependencies()
         sbom = sut.convert_package_lock("test_package_lock_3.json")
@@ -157,7 +159,7 @@ def test_convert_package_lock_3(self):
 
         self.delete_file("test_package_lock_3.json")
 
-    def test_try_find_metadata_simple(self):
+    def test_try_find_metadata_simple(self) -> None:
         self.create_package_lock_1("test_package_lock_1.json")
         sut = capycli.dependencies.javascript.GetJavascriptDependencies()
         sbom = sut.convert_package_lock("test_package_lock_1.json")
@@ -181,7 +183,7 @@ def test_try_find_metadata_simple(self):
 
         self.delete_file("test_package_lock_1.json")
 
-    def test_try_find_metadata_simple_3(self):
+    def test_try_find_metadata_simple_3(self) -> None:
         self.create_package_lock_3("test_package_lock_3.json")
         sut = capycli.dependencies.javascript.GetJavascriptDependencies()
         sbom = sut.convert_package_lock("test_package_lock_3.json")
@@ -205,8 +207,8 @@ def test_try_find_metadata_simple_3(self):
 
         self.delete_file("test_package_lock_3.json")
 
-    def test_issue_100(self):
-        bom = SbomCreator.create(None, addlicense=True, addprofile=True, addtools=True)
+    def test_issue_100(self) -> None:
+        bom = SbomCreator.create([], addlicense=True, addprofile=True, addtools=True)
         bom.components.add(Component(
             name="@types/fetch-jsonp",
             version="1.1.0"))
@@ -241,8 +243,7 @@ def test_get_metadata_source_archive_url(self) -> None:
 
         self.assertEqual("tslib", sbom.components[4].name)
         self.assertEqual("2.3.1", sbom.components[4].version)
-        val = CycloneDxSupport.get_ext_ref_source_url(sbom.components[4])
-        print(val)
+        val = str(CycloneDxSupport.get_ext_ref_source_url(sbom.components[4]))
         self.assertEqual("https://github.com/Microsoft/tslib/archive/refs/tags/2.3.1.zip", val)
 
         self.delete_file(self.OUTPUTFILE1)
@@ -273,7 +274,7 @@ def test_get_metadata_source_archive_url_lockfile3(self) -> None:
         self.assertEqual("7.8.1", sbom.components[2].version)
         val = CycloneDxSupport.get_ext_ref_source_url(sbom.components[1])
         print(val)
-        self.assertEqual("https://github.com/angular/angular/archive/refs/tags/15.2.9.zip", val)
+        self.assertEqual(XsUri("https://github.com/angular/angular/archive/refs/tags/15.2.9.zip"), val)
 
         self.delete_file(self.OUTPUTFILE2)
 
@@ -339,3 +340,8 @@ def test_real_package_lock_3(self) -> None:
         self.assertEqual("7.8.1", sbom.components[2].version)
 
         self.delete_file(self.OUTPUTFILE2)
+
+
+if __name__ == "__main__":
+    APP = TestGetDependenciesJavascript()
+    APP.test_get_metadata_source_archive_url_lockfile3()
diff --git a/tests/test_get_dependencies_python.py b/tests/test_get_dependencies_python.py
index 0433add..392a79a 100644
--- a/tests/test_get_dependencies_python.py
+++ b/tests/test_get_dependencies_python.py
@@ -207,10 +207,10 @@ def test_get_metadata(self) -> None:
         self.assertEqual("Universal encoding detector for Python 2 and 3", sbom.components[0].description)
         self.assertEqual(
             "https://github.com/chardet/chardet",
-            CycloneDxSupport.get_ext_ref_website(sbom.components[0]))
+            str(CycloneDxSupport.get_ext_ref_website(sbom.components[0])))
         self.assertEqual(
             "https://pypi.org/project/chardet/",
-            CycloneDxSupport.get_ext_ref_by_comment(sbom.components[0], "PyPi URL"))
+            str(CycloneDxSupport.get_ext_ref_by_comment(sbom.components[0], "PyPi URL")))
 
         self.assertEqual(1, len(sbom.components[0].licenses))
         lic = sbom.components[0].licenses[0]
@@ -218,17 +218,17 @@ def test_get_metadata(self) -> None:
 
         self.assertEqual(
             "https://files.pythonhosted.org/packages/bc/a9/01ffebf/chardet-3.0.4-py2.py3-none-any.whl",
-            CycloneDxSupport.get_ext_ref_binary_url(sbom.components[0]))
+            str(CycloneDxSupport.get_ext_ref_binary_url(sbom.components[0])))
         self.assertEqual(
             "chardet-3.0.4-py2.py3-none-any.whl",
-            CycloneDxSupport.get_ext_ref_binary_file(sbom.components[0]))
+            str(CycloneDxSupport.get_ext_ref_binary_file(sbom.components[0])))
 
         self.assertEqual(
             "https://files.pythonhosted.org/packages/fc/bb/a5768c230/chardet-3.0.4.tar.gz",
-            CycloneDxSupport.get_ext_ref_source_url(sbom.components[0]))
+            str(CycloneDxSupport.get_ext_ref_source_url(sbom.components[0])))
         self.assertEqual(
             "chardet-3.0.4.tar.gz",
-            CycloneDxSupport.get_ext_ref_source_file(sbom.components[0]))
+            str(CycloneDxSupport.get_ext_ref_source_file(sbom.components[0])))
 
         self.delete_file(self.OUTPUTFILE1)
         self.delete_file(self.OUTPUTFILE2)
@@ -341,7 +341,6 @@ def test_get_metadata_invalid_answer(self) -> None:
     def test_localfile(self) -> None:
         # create a test requirements file
         requirements = """
-        -e path/to/project
         chardet
         certifi>=9.9.9
         django>=1.5,<1.6
@@ -364,14 +363,14 @@ def test_localfile(self) -> None:
 
         out = self.capture_stdout(sut.run, args)
         # capycli.common.json_support.write_json_to_file(out, "STDOUT.TXT")
-        self.assertTrue("WARNING: Local file path/to/project does not have versions. Skipping." in out)
         self.assertTrue("WARNING: chardet does not have a version specified. Skipping." in out)
+        self.assertTrue("WARNING: certifi is not pinned to a specific version. Using: 9.9.9" in out)
         # self.assertTrue("django is not pinned to a specific version. Using: 1.5" in out)
 
         self.delete_file(self.OUTPUTFILE1)
         self.delete_file(self.OUTPUTFILE2)
 
-    def test_determine_file_type(self):
+    def test_determine_file_type(self) -> None:
         sut = GetPythonDependencies()
 
         actual = sut.determine_file_type("requirements.txt")
@@ -384,7 +383,7 @@ def test_determine_file_type(self):
         actual = sut.determine_file_type(".gitignore")
         self.assertEqual(InputFileType.REQUIREMENTS, actual)
 
-    def test_process_poetry_lock_v2(self):
+    def test_process_poetry_lock_v2(self) -> None:
         self.delete_file(self.OUTPUTFILE2)
 
         sut = GetPythonDependencies()
@@ -405,7 +404,7 @@ def test_process_poetry_lock_v2(self):
         self.assertTrue("Checking meta-data:" in out)
         self.assertTrue("cli-support" in out)
         self.assertTrue(self.OUTPUTFILE2 in out)
-        self.assertTrue("37 components items written to file." in out)
+        self.assertTrue("38 components items written to file." in out)
 
         # ensure that dev dependencies are NOT listed
         self.assertTrue("flake8" not in out)
@@ -414,3 +413,8 @@ def test_process_poetry_lock_v2(self):
         self.assertTrue(os.path.isfile(self.OUTPUTFILE2))
 
         self.delete_file(self.OUTPUTFILE2)
+
+
+if __name__ == "__main__":
+    APP = TestGetDependenciesPython()
+    APP.test_process_poetry_lock_v2()
diff --git a/tests/test_get_license_info.py b/tests/test_get_license_info.py
index 715a2f6..3483a95 100644
--- a/tests/test_get_license_info.py
+++ b/tests/test_get_license_info.py
@@ -92,7 +92,7 @@ def test_config_file_not_found(self) -> None:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, ex.code)
 
     @responses.activate
-    def test_project_not_found_by_name(self):
+    def test_project_not_found_by_name(self) -> None:
         sut = GetLicenseInfo()
 
         # create argparse command line argument object
@@ -132,7 +132,7 @@ def test_project_not_found_by_name(self):
             self.assertEqual(ResultCode.RESULT_PROJECT_NOT_FOUND, ex.code)
 
     @responses.activate
-    def test_error_getting_project(self):
+    def test_error_getting_project(self) -> None:
         sut = GetLicenseInfo()
 
         # create argparse command line argument object
@@ -213,7 +213,7 @@ def test_error_getting_project(self):
             shutil.rmtree(".//cli_files")
 
     @responses.activate
-    def test_get_license_info_no_components(self):
+    def test_get_license_info_no_components(self) -> None:
         sut = GetLicenseInfo()
 
         # create argparse command line argument object
@@ -297,7 +297,7 @@ def test_get_license_info_no_components(self):
             shutil.rmtree(".//cli_files")
 
     @responses.activate
-    def test_get_license_info_no_cli_files(self):
+    def test_get_license_info_no_cli_files(self) -> None:
         sut = GetLicenseInfo()
 
         # create argparse command line argument object
@@ -404,7 +404,7 @@ def test_get_license_info_no_cli_files(self):
             shutil.rmtree(".//cli_files")
 
     @responses.activate
-    def test_get_license_info(self):
+    def test_get_license_info(self) -> None:
         sut = GetLicenseInfo()
 
         # create argparse command line argument object
@@ -581,7 +581,7 @@ def test_get_license_info(self):
             shutil.rmtree(".//cli_files")
 
     @responses.activate
-    def test_get_license_info_existing_config(self):
+    def test_get_license_info_existing_config(self) -> None:
         sut = GetLicenseInfo()
 
         # create argparse command line argument object
diff --git a/tests/test_handle_bom.py b/tests/test_handle_bom.py
index 972d2ea..2b7b144 100644
--- a/tests/test_handle_bom.py
+++ b/tests/test_handle_bom.py
@@ -12,7 +12,7 @@
 
 
 class TestHandleBom(TestBase):
-    def test_not_bom_command(self):
+    def test_not_bom_command(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("xx_unknown_xx")
@@ -20,7 +20,7 @@ def test_not_bom_command(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertEqual("", out)
 
-    def test_no_bom_subcommand(self):
+    def test_no_bom_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -29,7 +29,7 @@ def test_no_bom_subcommand(self):
         self.assertTrue("No subcommand specified!" in out)
         self.assertTrue("bom               bill of material" in out)
 
-    def test_unknown_subcommand(self):
+    def test_unknown_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -41,7 +41,7 @@ def test_unknown_subcommand(self):
         except SystemExit as ex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, ex.code)
 
-    def test_bom_show(self):
+    def test_bom_show(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -51,7 +51,7 @@ def test_bom_show(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: capycli bom show" in out)
 
-    def test_bom_filter(self):
+    def test_bom_filter(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -61,7 +61,7 @@ def test_bom_filter(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("Usage: CaPyCli bom filter" in out)
 
-    def test_bom_check(self):
+    def test_bom_check(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -71,7 +71,7 @@ def test_bom_check(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: CaPyCli bom check" in out)
 
-    def test_bom_checkitemstatus(self):
+    def test_bom_checkitemstatus(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -81,7 +81,7 @@ def test_bom_checkitemstatus(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: capycli bom CheckItemStatus" in out)
 
-    def test_bom_map(self):
+    def test_bom_map(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -91,7 +91,7 @@ def test_bom_map(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: CaPyCLI bom map" in out)
 
-    def test_bom_createreleases(self):
+    def test_bom_createreleases(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -101,7 +101,7 @@ def test_bom_createreleases(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: CaPyCLI bom createreleases" in out)
 
-    def test_bom_downloadsources(self):
+    def test_bom_downloadsources(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -111,7 +111,7 @@ def test_bom_downloadsources(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: capycli bom downloadsources" in out)
 
-    def test_bom_granularity(self):
+    def test_bom_granularity(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -121,7 +121,7 @@ def test_bom_granularity(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: CaPyCli bom granularity" in out)
 
-    def test_bom_diff(self):
+    def test_bom_diff(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -131,7 +131,7 @@ def test_bom_diff(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: CaPyCli bom diff" in out)
 
-    def test_bom_merge(self):
+    def test_bom_merge(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -141,7 +141,7 @@ def test_bom_merge(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: CaPyCli bom merge" in out)
 
-    def test_bom_findsources(self):
+    def test_bom_findsources(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
@@ -151,7 +151,7 @@ def test_bom_findsources(self):
         out = self.capture_stdout(run_bom_command, args)
         self.assertTrue("usage: CaPyCli bom findsources" in out)
 
-    def test_bom_convert(self):
+    def test_bom_convert(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("bom")
diff --git a/tests/test_handle_getdependencies.py b/tests/test_handle_getdependencies.py
index 6aa3708..584f9f3 100644
--- a/tests/test_handle_getdependencies.py
+++ b/tests/test_handle_getdependencies.py
@@ -12,7 +12,7 @@
 
 
 class TestHandleDependencies(TestBase):
-    def test_not_getdependencies_command(self):
+    def test_not_getdependencies_command(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("xx_unknown_xx")
@@ -20,7 +20,7 @@ def test_not_getdependencies_command(self):
         out = self.capture_stdout(run_dependency_command, args)
         self.assertEqual("", out)
 
-    def test_no_getdependencies_subcommand(self):
+    def test_no_getdependencies_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("getdependencies")
@@ -29,7 +29,7 @@ def test_no_getdependencies_subcommand(self):
         self.assertTrue("No subcommand specified!" in out)
         self.assertTrue("getdependencies - dependency detection specific sub-commands" in out)
 
-    def test_unknown_subcommand(self):
+    def test_unknown_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("getdependencies")
@@ -41,7 +41,7 @@ def test_unknown_subcommand(self):
         except SystemExit as ex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, ex.code)
 
-    def test_getdependencies_nuget(self):
+    def test_getdependencies_nuget(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("getdependencies")
@@ -51,7 +51,7 @@ def test_getdependencies_nuget(self):
         out = self.capture_stdout(run_dependency_command, args)
         self.assertTrue("Usage: capycli getdependencies nuget" in out)
 
-    def test_getdependencies_python(self):
+    def test_getdependencies_python(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("getdependencies")
@@ -61,7 +61,7 @@ def test_getdependencies_python(self):
         out = self.capture_stdout(run_dependency_command, args)
         self.assertTrue("usage: capycli getdependencies python" in out)
 
-    def test_getdependencies_javascript(self):
+    def test_getdependencies_javascript(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("getdependencies")
@@ -71,7 +71,7 @@ def test_getdependencies_javascript(self):
         out = self.capture_stdout(run_dependency_command, args)
         self.assertTrue("CaPyCli getdependencies javascript" in out)
 
-    def test_getdependencies_mavenpom(self):
+    def test_getdependencies_mavenpom(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("getdependencies")
@@ -81,7 +81,7 @@ def test_getdependencies_mavenpom(self):
         out = self.capture_stdout(run_dependency_command, args)
         self.assertTrue("CaPyCli getdependencies mavenpom" in out)
 
-    def test_getdependencies_mavenlist(self):
+    def test_getdependencies_mavenlist(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("getdependencies")
diff --git a/tests/test_handle_mapping.py b/tests/test_handle_mapping.py
index 3db5569..8b7c20b 100644
--- a/tests/test_handle_mapping.py
+++ b/tests/test_handle_mapping.py
@@ -12,7 +12,7 @@
 
 
 class TestHandleMapping(TestBase):
-    def test_not_mapping_command(self):
+    def test_not_mapping_command(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("xx_unknown_xx")
@@ -20,7 +20,7 @@ def test_not_mapping_command(self):
         out = self.capture_stdout(run_mapping_command, args)
         self.assertEqual("", out)
 
-    def test_no_mapping_subcommand(self):
+    def test_no_mapping_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("mapping")
@@ -29,7 +29,7 @@ def test_no_mapping_subcommand(self):
         self.assertTrue("No subcommand specified!" in out)
         self.assertTrue("mapping - mapping sub-commands" in out)
 
-    def test_unknown_subcommand(self):
+    def test_unknown_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("mapping")
@@ -41,7 +41,7 @@ def test_unknown_subcommand(self):
         except SystemExit as ex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, ex.code)
 
-    def test_mapping_tohtml(self):
+    def test_mapping_tohtml(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("mapping")
@@ -51,7 +51,7 @@ def test_mapping_tohtml(self):
         out = self.capture_stdout(run_mapping_command, args)
         self.assertTrue("usage: CaPyCli mapping tohtml" in out)
 
-    def test_mapping_toxlsx(self):
+    def test_mapping_toxlsx(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("mapping")
diff --git a/tests/test_handle_moverview.py b/tests/test_handle_moverview.py
index 416f68c..cba5311 100644
--- a/tests/test_handle_moverview.py
+++ b/tests/test_handle_moverview.py
@@ -12,7 +12,7 @@
 
 
 class TestHandleMoverview(TestBase):
-    def test_not_moverview_command(self):
+    def test_not_moverview_command(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("xx_unknown_xx")
@@ -20,7 +20,7 @@ def test_not_moverview_command(self):
         out = self.capture_stdout(run_moverview_command, args)
         self.assertEqual("", out)
 
-    def test_no_moverview_subcommand(self):
+    def test_no_moverview_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("moverview")
@@ -29,7 +29,7 @@ def test_no_moverview_subcommand(self):
         self.assertTrue("No subcommand specified!" in out)
         self.assertTrue("moverview - mapping overview sub-commands" in out)
 
-    def test_unknown_subcommand(self):
+    def test_unknown_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("moverview")
@@ -41,7 +41,7 @@ def test_unknown_subcommand(self):
         except SystemExit as ex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, ex.code)
 
-    def test_moverview_tohtml(self):
+    def test_moverview_tohtml(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("moverview")
@@ -51,7 +51,7 @@ def test_moverview_tohtml(self):
         out = self.capture_stdout(run_moverview_command, args)
         self.assertTrue("usage: CaPyCli moverview tohtml" in out)
 
-    def test_moverview_toxlsx(self):
+    def test_moverview_toxlsx(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("moverview")
diff --git a/tests/test_handle_project.py b/tests/test_handle_project.py
index e70955d..1009b18 100644
--- a/tests/test_handle_project.py
+++ b/tests/test_handle_project.py
@@ -12,7 +12,7 @@
 
 
 class TestHandleProject(TestBase):
-    def test_not_project_command(self):
+    def test_not_project_command(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("xx_unknown_xx")
@@ -20,7 +20,7 @@ def test_not_project_command(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertEqual("", out)
 
-    def test_no_project_subcommand(self):
+    def test_no_project_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -29,7 +29,7 @@ def test_no_project_subcommand(self):
         self.assertTrue("No subcommand specified!" in out)
         self.assertTrue("project - project related sub-commands" in out)
 
-    def test_unknown_subcommand(self):
+    def test_unknown_subcommand(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -41,7 +41,7 @@ def test_unknown_subcommand(self):
         except SystemExit as ex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, ex.code)
 
-    def test_project_find(self):
+    def test_project_find(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -51,7 +51,7 @@ def test_project_find(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("usage: CaPyCli project find" in out)
 
-    def test_project_show(self):
+    def test_project_show(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -61,7 +61,7 @@ def test_project_show(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("usage: CaPyCli project show " in out)
 
-    def test_project_prerequisites(self):
+    def test_project_prerequisites(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -71,7 +71,7 @@ def test_project_prerequisites(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("Usage: CaPyCli project prerequisites" in out)
 
-    def test_project_licenses(self):
+    def test_project_licenses(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -81,7 +81,7 @@ def test_project_licenses(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("usage: CaPyCli project licenses" in out)
 
-    def test_project_getlicenseinfo(self):
+    def test_project_getlicenseinfo(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -91,7 +91,7 @@ def test_project_getlicenseinfo(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("Usage: CaPyCli project GetLicenseInfo" in out)
 
-    def test_project_createreadme(self):
+    def test_project_createreadme(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -101,7 +101,7 @@ def test_project_createreadme(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("usage: CaPyCli project createreadme" in out)
 
-    def test_project_create(self):
+    def test_project_create(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -111,7 +111,7 @@ def test_project_create(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("usage: CaPyCli project create" in out)
 
-    def test_project_update(self):
+    def test_project_update(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -121,7 +121,7 @@ def test_project_update(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("usage: CaPyCli project create" in out)
 
-    def test_project_createbom(self):
+    def test_project_createbom(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -131,7 +131,7 @@ def test_project_createbom(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("usage: CaPyCli project createbom" in out)
 
-    def test_project_vulnerabilities(self):
+    def test_project_vulnerabilities(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
@@ -141,7 +141,7 @@ def test_project_vulnerabilities(self):
         out = self.capture_stdout(run_project_command, args)
         self.assertTrue("usage: CaPyCli project vulnerabilities" in out)
 
-    def test_project_ecc(self):
+    def test_project_ecc(self) -> None:
         args = AppArguments()
         args.command = []
         args.command.append("project")
diff --git a/tests/test_legacy.py b/tests/test_legacy.py
index 6820ac2..9dbd006 100644
--- a/tests/test_legacy.py
+++ b/tests/test_legacy.py
@@ -10,6 +10,7 @@
 from typing import List
 
 from cyclonedx.model.component import Component
+from sortedcontainers import SortedSet
 
 from capycli.bom.legacy import LegacySupport
 from capycli.common.capycli_bom_support import CycloneDxSupport
@@ -75,7 +76,7 @@ def test_write_legacy(self) -> None:
 
         filename_out = os.path.join(
             os.path.dirname(__file__), "fixtures", TestLegacy.OUTPUTFILE)
-        LegacySupport.write_cdx_components_as_legacy(cx_components, filename_out)
+        LegacySupport.write_cdx_components_as_legacy(SortedSet(cx_components), filename_out)
 
         cx_components2 = LegacySupport.legacy_to_cdx_components(filename_out)
         self.assert_default_test_bom(cx_components2)
diff --git a/tests/test_legacy_cx.py b/tests/test_legacy_cx.py
index 409d619..bdc3ff6 100644
--- a/tests/test_legacy_cx.py
+++ b/tests/test_legacy_cx.py
@@ -7,11 +7,10 @@
 # -------------------------------------------------------------------------------
 
 import os
-from typing import List
 
 from cyclonedx.model import XsUri
 from cyclonedx.model.bom_ref import BomRef
-from cyclonedx.model.component import Component
+from sortedcontainers import SortedSet
 
 from capycli.bom.legacy_cx import LegacyCx
 from capycli.common.capycli_bom_support import CycloneDxSupport
@@ -22,12 +21,12 @@ class TestLegacyCx(TestBase):
     INPUTFILE1 = "legacy-cx.json"
     OUTPUTFILE = "sbom.json"
 
-    def assert_components(self, cx_components: List[Component]) -> None:
+    def assert_components(self, cx_components: SortedSet) -> None:
         self.assertEqual(4, len(cx_components))
 
         self.assertEqual("colorama", cx_components[0].name)
         self.assertEqual("0.4.3", cx_components[0].version)
-        self.assertEqual("pkg:pypi/colorama@0.4.3", cx_components[0].purl)
+        self.assertEqual("pkg:pypi/colorama@0.4.3", cx_components[0].purl.to_string())
         self.assertEqual(BomRef("pkg:pypi/colorama@0.4.3"), cx_components[0].bom_ref)
 
         # we MUST NOT find this property
@@ -46,17 +45,17 @@ def assert_components(self, cx_components: List[Component]) -> None:
 
         self.assertEqual("python", cx_components[1].name)
         self.assertEqual("3.8", cx_components[1].version)
-        self.assertEqual("pkg:pypi/python@3.8", cx_components[1].purl)
+        self.assertEqual("pkg:pypi/python@3.8", cx_components[1].purl.to_string())
         self.assertEqual(BomRef("pkg:pypi/python@3.8"), cx_components[1].bom_ref)
 
         self.assertEqual("tomli", cx_components[2].name)
         self.assertEqual("2.0.1", cx_components[2].version)
-        self.assertEqual("pkg:pypi/tomli@2.0.1", cx_components[2].purl)
+        self.assertEqual("pkg:pypi/tomli@2.0.1", cx_components[2].purl.to_string())
         self.assertEqual(BomRef("pkg:pypi/tomli@2.0.1"), cx_components[2].bom_ref)
 
         self.assertEqual("wheel", cx_components[3].name)
         self.assertEqual("0.34.2", cx_components[3].version)
-        self.assertEqual("pkg:pypi/wheel@0.34.2", cx_components[3].purl)
+        self.assertEqual("pkg:pypi/wheel@0.34.2", cx_components[3].purl.to_string())
         self.assertEqual(BomRef("pkg:pypi/wheel@0.34.2"), cx_components[3].bom_ref)
 
     def test_read(self) -> None:
diff --git a/tests/test_mapping_to_html.py b/tests/test_mapping_to_html.py
index 209e818..15dc91c 100644
--- a/tests/test_mapping_to_html.py
+++ b/tests/test_mapping_to_html.py
@@ -31,7 +31,7 @@ def test_show_help(self) -> None:
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("usage: CaPyCli mapping tohtml" in out)
 
-    def test_app_bom_no_input_file_specified(self):
+    def test_app_bom_no_input_file_specified(self) -> None:
         db = MappingToHtml()
 
         # create argparse command line argument object
@@ -45,7 +45,7 @@ def test_app_bom_no_input_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_not_found(self):
+    def test_app_bom_input_file_not_found(self) -> None:
         db = MappingToHtml()
 
         # create argparse command line argument object
@@ -60,7 +60,7 @@ def test_app_bom_input_file_not_found(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, sysex.code)
 
-    def test_app_bom_no_output_file_specified(self):
+    def test_app_bom_no_output_file_specified(self) -> None:
         db = MappingToHtml()
 
         # create argparse command line argument object
@@ -76,7 +76,7 @@ def test_app_bom_no_output_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_invalid(self):
+    def test_app_bom_input_file_invalid(self) -> None:
         db = MappingToHtml()
 
         # create argparse command line argument object
@@ -93,7 +93,7 @@ def test_app_bom_input_file_invalid(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_create_mapping_html(self):
+    def test_create_mapping_html(self) -> None:
         sut = MappingToHtml()
 
         outputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.OUTPUTFILE)
diff --git a/tests/test_mapping_to_xlsx.py b/tests/test_mapping_to_xlsx.py
index 561a8d7..d9010fc 100644
--- a/tests/test_mapping_to_xlsx.py
+++ b/tests/test_mapping_to_xlsx.py
@@ -31,7 +31,7 @@ def test_show_help(self) -> None:
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("usage: CaPyCli mapping toxlsx" in out)
 
-    def test_app_bom_no_input_file_specified(self):
+    def test_app_bom_no_input_file_specified(self) -> None:
         db = MappingToExcelXlsx()
 
         # create argparse command line argument object
@@ -45,7 +45,7 @@ def test_app_bom_no_input_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_not_found(self):
+    def test_app_bom_input_file_not_found(self) -> None:
         db = MappingToExcelXlsx()
 
         # create argparse command line argument object
@@ -60,7 +60,7 @@ def test_app_bom_input_file_not_found(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, sysex.code)
 
-    def test_app_bom_no_output_file_specified(self):
+    def test_app_bom_no_output_file_specified(self) -> None:
         db = MappingToExcelXlsx()
 
         # create argparse command line argument object
@@ -76,7 +76,7 @@ def test_app_bom_no_output_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_invalid(self):
+    def test_app_bom_input_file_invalid(self) -> None:
         db = MappingToExcelXlsx()
 
         # create argparse command line argument object
@@ -93,7 +93,7 @@ def test_app_bom_input_file_invalid(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_create_mapping_html(self):
+    def test_create_mapping_html(self) -> None:
         sut = MappingToExcelXlsx()
 
         outputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.OUTPUTFILE)
diff --git a/tests/test_maven_list.py b/tests/test_maven_list.py
index 8d19a1a..b63142a 100644
--- a/tests/test_maven_list.py
+++ b/tests/test_maven_list.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import os
+from typing import Any
 from unittest.mock import MagicMock, patch
 
 import responses
@@ -67,14 +68,14 @@ def test_input_file_not_found(self) -> None:
         except SystemExit as ex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, ex.code)
 
-    def test_maven_list_source_regex(self):
+    def test_maven_list_source_regex(self) -> None:
         inputfile_raw = os.path.join(os.path.dirname(__file__), "fixtures", self.INPUTFILE_RAW)
         urls = GetJavaMavenTreeDependencies()\
             .extract_urls(inputfile_raw, GetJavaMavenTreeDependencies.SOURCES_REGEX)
 
         self.assertEqual(2, len(urls), "unexpected amount of detected source urls")
 
-    def test_maven_list_binary_regex(self):
+    def test_maven_list_binary_regex(self) -> None:
         inputfile_raw = os.path.join(os.path.dirname(__file__), "fixtures", self.INPUTFILE_RAW)
         urls = GetJavaMavenTreeDependencies() \
             .extract_urls(inputfile_raw, GetJavaMavenTreeDependencies.BINARIES_REGEX)
@@ -83,7 +84,7 @@ def test_maven_list_binary_regex(self):
 
     @responses.activate
     @patch("subprocess.run")
-    def test_create_full_dependency_list_from_maven_list_file(self, mock_subprocess_run):
+    def test_create_full_dependency_list_from_maven_list_file(self, mock_subprocess_run: Any) -> None:
         file1 = os.path.join(os.path.dirname(__file__), "fixtures", "spring-boot-starter-json-2.4.3.pom")
         with open(file1, 'r') as file:
             content = file.read()
@@ -102,16 +103,21 @@ def test_create_full_dependency_list_from_maven_list_file(self, mock_subprocess_
             .create_full_dependency_list_from_maven_list_file(inputfile, inputfile_raw, "./")
         self.assertEqual(230, len(bom.components), "unexpected amount of detected bom items")
 
-        filled_source_url = [b for b in bom.components if CycloneDxSupport.get_ext_ref_source_url(b) != ""]
-        self.assertEqual(2, len(filled_source_url))
+        for x in bom.components:
+            y = CycloneDxSupport.get_ext_ref_source_url(x)
+            print(y)
 
-        filled_binary_url = [b for b in bom.components if CycloneDxSupport.get_ext_ref_binary_url(b) != ""]
+        filled_source_url = [b for b in bom.components if str(CycloneDxSupport.get_ext_ref_source_url(b)) != ""]
+        self.assertEqual(1, len(filled_source_url))
+
+        filled_binary_url = [b for b in bom.components if str(CycloneDxSupport.get_ext_ref_binary_url(b)) != ""]
         self.assertEqual(1, len(filled_binary_url))
 
         bom_spring_boot_starter_json = next(
             (filter(lambda x: (x.name == "spring-boot-starter-json"), bom.components)), None)
-        self.assertEqual(CycloneDxSupport.get_ext_ref_source_url(bom_spring_boot_starter_json),
-                         ("https://github.com/spring-projects/spring-boot/archive/refs/tags/v2.4.3.zip"))
+        self.assertEqual(str(CycloneDxSupport.get_ext_ref_source_url(
+            bom_spring_boot_starter_json)),  # type: ignore
+            ("https://github.com/spring-projects/spring-boot/archive/refs/tags/v2.4.3.zip"))
 
     def test_create_full_dependency_list_from_maven_list_file2(self) -> None:
         sut = GetJavaMavenTreeDependencies()
diff --git a/tests/test_maven_pom.py b/tests/test_maven_pom.py
index a9e82c8..1965329 100644
--- a/tests/test_maven_pom.py
+++ b/tests/test_maven_pom.py
@@ -96,7 +96,7 @@ def test_invalid_input_file(self) -> None:
         except SystemExit as ex:
             self.assertEqual(ResultCode.RESULT_ERROR_READING_BOM, ex.code)
 
-    def test_get_dependencies_from_maven_pom(self):
+    def test_get_dependencies_from_maven_pom(self) -> None:
         sut = GetJavaMavenPomDependencies()
 
         # create argparse command line argument object
diff --git a/tests/test_merge_bom.py b/tests/test_merge_bom.py
index b0fcc2b..75f7e79 100644
--- a/tests/test_merge_bom.py
+++ b/tests/test_merge_bom.py
@@ -196,14 +196,14 @@ def test_merge_bom1(self) -> None:
         self.assertEqual(2, len(bom.components))
         self.assertEqual("certifi", bom.components[0].name)
         self.assertEqual("2022.12.7", bom.components[0].version)
-        self.assertEqual("pkg:pypi/certifi@2022.12.7", bom.components[0].purl)
+        self.assertEqual("pkg:pypi/certifi@2022.12.7", bom.components[0].purl.to_string())
         self.assertEqual(6, len(bom.components[0].external_references))
         self.assertEqual(1, len(bom.components[0].properties))
 
         self.assertEqual(2, len(bom.components))
         self.assertEqual("certifi", bom.components[1].name)
         self.assertEqual("2022.12.999", bom.components[1].version)
-        self.assertEqual("pkg:pypi/certifi@2022.12.999", bom.components[1].purl)
+        self.assertEqual("pkg:pypi/certifi@2022.12.999", bom.components[1].purl.to_string())
         self.assertEqual(6, len(bom.components[1].external_references))
         self.assertEqual(1, len(bom.components[1].properties))
 
diff --git a/tests/test_moverview_to_html.py b/tests/test_moverview_to_html.py
index 98197d3..abb8ff7 100644
--- a/tests/test_moverview_to_html.py
+++ b/tests/test_moverview_to_html.py
@@ -31,7 +31,7 @@ def test_show_help(self) -> None:
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("usage: CaPyCli moverview tohtml" in out)
 
-    def test_app_bom_no_input_file_specified(self):
+    def test_app_bom_no_input_file_specified(self) -> None:
         db = MappingOverviewToHtml()
 
         # create argparse command line argument object
@@ -45,7 +45,7 @@ def test_app_bom_no_input_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_not_found(self):
+    def test_app_bom_input_file_not_found(self) -> None:
         db = MappingOverviewToHtml()
 
         # create argparse command line argument object
@@ -60,7 +60,7 @@ def test_app_bom_input_file_not_found(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, sysex.code)
 
-    def test_app_bom_no_output_file_specified(self):
+    def test_app_bom_no_output_file_specified(self) -> None:
         db = MappingOverviewToHtml()
 
         # create argparse command line argument object
@@ -76,7 +76,7 @@ def test_app_bom_no_output_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_invalid(self):
+    def test_app_bom_input_file_invalid(self) -> None:
         db = MappingOverviewToHtml()
 
         # create argparse command line argument object
@@ -93,7 +93,7 @@ def test_app_bom_input_file_invalid(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_create_mapping_overview_html(self):
+    def test_create_mapping_overview_html(self) -> None:
         sut = MappingOverviewToHtml()
 
         outputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.OUTPUTFILE)
diff --git a/tests/test_moverview_to_xlsx.py b/tests/test_moverview_to_xlsx.py
index 4bc48ae..4dd5983 100644
--- a/tests/test_moverview_to_xlsx.py
+++ b/tests/test_moverview_to_xlsx.py
@@ -31,7 +31,7 @@ def test_show_help(self) -> None:
         out = self.capture_stdout(sut.run, args)
         self.assertTrue("usage: CaPyCli moverview toxlsx" in out)
 
-    def test_app_bom_no_input_file_specified(self):
+    def test_app_bom_no_input_file_specified(self) -> None:
         db = MappingOverviewToExcelXlsx()
 
         # create argparse command line argument object
@@ -45,7 +45,7 @@ def test_app_bom_no_input_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_not_found(self):
+    def test_app_bom_input_file_not_found(self) -> None:
         db = MappingOverviewToExcelXlsx()
 
         # create argparse command line argument object
@@ -60,7 +60,7 @@ def test_app_bom_input_file_not_found(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_FILE_NOT_FOUND, sysex.code)
 
-    def test_app_bom_no_output_file_specified(self):
+    def test_app_bom_no_output_file_specified(self) -> None:
         db = MappingOverviewToExcelXlsx()
 
         # create argparse command line argument object
@@ -76,7 +76,7 @@ def test_app_bom_no_output_file_specified(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_app_bom_input_file_invalid(self):
+    def test_app_bom_input_file_invalid(self) -> None:
         db = MappingOverviewToExcelXlsx()
 
         # create argparse command line argument object
@@ -93,7 +93,7 @@ def test_app_bom_input_file_invalid(self):
         except SystemExit as sysex:
             self.assertEqual(ResultCode.RESULT_COMMAND_ERROR, sysex.code)
 
-    def test_create_mapping_overview_html(self):
+    def test_create_mapping_overview_html(self) -> None:
         sut = MappingOverviewToExcelXlsx()
 
         outputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.OUTPUTFILE)
diff --git a/tests/test_options.py b/tests/test_options.py
index 86be1b4..59ed86f 100644
--- a/tests/test_options.py
+++ b/tests/test_options.py
@@ -13,19 +13,19 @@
 class TestCommandlineSupport(TestBase):
     INPUTFILE_INVALID = "plaintext.txt"
 
-    def test_read_config(self):
+    def test_read_config(self) -> None:
         sut = CommandlineSupport()
         toml_str = """
            [capycli]
            url = "https://secretserver.com"
            token = "superToken"
            """
-        val = sut.read_config(None, toml_str)
+        val = sut.read_config("", toml_str)
         self.assertIsNotNone(val)
         self.assertEqual("https://secretserver.com", val["url"])
         self.assertEqual("superToken", val["token"])
 
-    def test_process_commandline(self):
+    def test_process_commandline(self) -> None:
         sut = CommandlineSupport()
         argv = [
             "bom",
@@ -46,7 +46,7 @@ def test_process_commandline(self):
            sw360_url = "https://secretserver.com"
            sw360_token = "superToken"
            """
-        cf = sut.read_config(None, toml_str)
+        cf = sut.read_config("", toml_str)
         self.assertIsNotNone(cf)
         self.assertEqual("https://secretserver.com", cf["sw360_url"])
         self.assertEqual("superToken", cf["sw360_token"])
diff --git a/tests/test_plaintext.py b/tests/test_plaintext.py
index b617fe0..9092775 100644
--- a/tests/test_plaintext.py
+++ b/tests/test_plaintext.py
@@ -11,6 +11,7 @@
 from typing import List
 
 from cyclonedx.model.component import Component
+from sortedcontainers import SortedSet
 
 from capycli.bom.legacy import LegacySupport
 from capycli.bom.plaintext import PlainTextSupport
@@ -63,7 +64,7 @@ def test_write_legacy(self) -> None:
 
         filename_out = os.path.join(
             os.path.dirname(__file__), "fixtures", TestPlainText.OUTPUTFILE)
-        LegacySupport.write_cdx_components_as_legacy(cx_components, filename_out)
+        LegacySupport.write_cdx_components_as_legacy(SortedSet(cx_components), filename_out)
 
         cx_components2 = LegacySupport.legacy_to_cdx_components(filename_out)
         self.assert_default_test_bom(cx_components2)
diff --git a/tests/test_project_check_prerequisites.py b/tests/test_project_check_prerequisites.py
index 258fa17..ea18068 100644
--- a/tests/test_project_check_prerequisites.py
+++ b/tests/test_project_check_prerequisites.py
@@ -168,7 +168,7 @@ def test_check_project_not_found(self) -> None:
         self.assertTrue("Searching for project..." in out)
         self.assertTrue("No matching project found" in out)
 
-    def add_find_project_response(self):
+    def add_find_project_response(self) -> None:
         """
         Add response for find project by name.
         """
@@ -556,4 +556,4 @@ def test_check_project_check_passed(self) -> None:
 
 if __name__ == '__main__':
     APP = TestCheckPrerequisites()
-    APP.test_check_project_error_reading_project()
+    APP.test_check_project_check_fail()
diff --git a/tests/test_purl_service.py b/tests/test_purl_service.py
index 951c233..3ca8b14 100644
--- a/tests/test_purl_service.py
+++ b/tests/test_purl_service.py
@@ -6,13 +6,15 @@
 # SPDX-License-Identifier: MIT
 # -------------------------------------------------------------------------------
 
+from typing import Any, Dict, List
+
 import responses
 
 from capycli.bom.map_bom import MapBom
 from capycli.common.purl_service import PurlService
 from tests.test_base_vcr import SW360_BASE_URL, CapycliTestBase
 
-sw360_purl_releases = [
+sw360_purl_releases: List[Dict[str, Any]] = [
     {
         # in a purl, "~"" may be encoded as %7E and "+" must be "%2B"
         "externalIds": {
@@ -26,7 +28,7 @@
             "href": SW360_BASE_URL + "releases/06a6"}}},
 ]
 
-sw360_purl_components = [
+sw360_purl_components: List[Dict[str, Any]] = [
     {
         "externalIds": {
             "package-url": "pkg:deb/debian/sed?type=source"},
@@ -43,12 +45,12 @@
 class TestPurlService(CapycliTestBase):
 
     @responses.activate
-    def setUp(self):
+    def setUp(self) -> None:
         self.app: MapBom = MapBom()
         responses.add(responses.GET, SW360_BASE_URL, json={"status": "ok"})
         self.app.login("sometoken", "https://my.server.com")
 
-    def purl_build_cache(self):
+    def purl_build_cache(self) -> PurlService:
         responses.add(
             responses.GET,
             SW360_BASE_URL + "releases/searchByExternalIds?package-url=",
@@ -58,21 +60,23 @@ def purl_build_cache(self):
             SW360_BASE_URL + "components/searchByExternalIds?package-url=",
             json={"_embedded": {"sw360:components": sw360_purl_components}})
 
-        purl_service = PurlService(self.app.client)
-        purl_service.build_purl_cache()
-        assert purl_service.purl_cache["deb"]["debian"]["sed"][None] == sw360_purl_components[0]["_links"]["self"]["href"] # noqa
-        assert purl_service.purl_cache["gem"][None]["mini_portile2"][None] == sw360_purl_components[1]["_links"]["self"]["href"] # noqa
-        assert purl_service.purl_cache["deb"]["debian"]["sed"]["4.4+1~2"] == sw360_purl_releases[0]["_links"]["self"]["href"] # noqa
-        assert purl_service.purl_cache["gem"][None]["mini_portile2"]["2.4.0"] == sw360_purl_releases[1]["_links"]["self"]["href"] # noqa
+        assert self.app.client is not None
+        if self.app.client:
+            purl_service = PurlService(self.app.client)
+            purl_service.build_purl_cache()
+            assert purl_service.purl_cache["deb"]["debian"]["sed"][None] == sw360_purl_components[0]["_links"]["self"]["href"] # noqa
+            assert purl_service.purl_cache["gem"][None]["mini_portile2"][None] == sw360_purl_components[1]["_links"]["self"]["href"] # noqa
+            assert purl_service.purl_cache["deb"]["debian"]["sed"]["4.4+1~2"] == sw360_purl_releases[0]["_links"]["self"]["href"] # noqa
+            assert purl_service.purl_cache["gem"][None]["mini_portile2"]["2.4.0"] == sw360_purl_releases[1]["_links"]["self"]["href"] # noqa
 
         return purl_service
 
     @responses.activate
-    def test_purl_build_cache(self):
+    def test_purl_build_cache(self) -> None:
         self.purl_build_cache()
 
     @responses.activate
-    def test_purl_build_cache__for_multi_purl_component(self):
+    def test_purl_build_cache__for_multi_purl_component(self) -> None:
         responses.add(
             responses.GET,
             SW360_BASE_URL + "releases/searchByExternalIds?package-url=",
@@ -94,14 +98,17 @@ def test_purl_build_cache__for_multi_purl_component(self):
                     }
                 }
             ]}})
-        purl_service = PurlService(self.app.client)
-        purl_service.build_purl_cache()
 
-        assert purl_service.purl_cache["maven"]["org.springframework"]["spring-tx"][None] == SW360_BASE_URL + "components/05a6" # noqa
-        assert purl_service.purl_cache["maven"]["org.springframework"]["spring-jcl"][None] == SW360_BASE_URL + "components/05a6" # noqa
+        assert self.app.client is not None
+        if self.app.client:
+            purl_service = PurlService(self.app.client)
+            purl_service.build_purl_cache()
+
+            assert purl_service.purl_cache["maven"]["org.springframework"]["spring-tx"][None] == SW360_BASE_URL + "components/05a6" # noqa
+            assert purl_service.purl_cache["maven"]["org.springframework"]["spring-jcl"][None] == SW360_BASE_URL + "components/05a6" # noqa
 
     @responses.activate
-    def test_purl_duplicates(self):
+    def test_purl_duplicates(self) -> None:
         # add duplicate for release and component
         duplicate_releases = {
             "_embedded": {"sw360:releases": sw360_purl_releases[1:2] + [{
@@ -123,6 +130,10 @@ def test_purl_duplicates(self):
                       SW360_BASE_URL + "components/searchByExternalIds?package-url=",
                       json=duplicate_components)
 
+        assert self.app.client is not None
+        if not self.app.client:
+            return
+
         purl_service = PurlService(self.app.client)
         purl_service.build_purl_cache()
         assert "deb" not in purl_service.purl_cache
@@ -140,13 +151,17 @@ def test_purl_duplicates(self):
                           SW360_BASE_URL + "components/searchByExternalIds?package-url=",
                           json=duplicate_components)
 
+        assert self.app.client is not None
+        if not self.app.client:
+            return
+
         purl_service = PurlService(self.app.client)
         purl_service.build_purl_cache()
         assert None not in purl_service.purl_cache["deb"]["debian"]["sed"]
         assert "2.4.0" not in purl_service.purl_cache["gem"][None]["mini_portile2"]
 
     @responses.activate
-    def test_purl_invalid(self):
+    def test_purl_invalid(self) -> None:
         invalid_releases = {
             "_embedded": {"sw360:releases": sw360_purl_releases + [{
                 "externalIds": {
@@ -161,12 +176,16 @@ def test_purl_invalid(self):
                       SW360_BASE_URL + "components/searchByExternalIds?package-url=",
                       json={"_embedded": {"sw360:components": sw360_purl_components}})
 
+        assert self.app.client is not None
+        if not self.app.client:
+            return
+
         purl_service = PurlService(self.app.client)
         purl_service.build_purl_cache()
         assert "2.0.0" not in purl_service.purl_cache["gem"][None]["mini_portile2"]
 
     @responses.activate
-    def test_purl_search_release(self):
+    def test_purl_search_release(self) -> None:
         purl_service = self.purl_build_cache()
 
         res = purl_service.search_release_by_external_id(
@@ -182,7 +201,7 @@ def test_purl_search_release(self):
         assert res == sw360_purl_releases[0]["_links"]["self"]["href"]
 
     @responses.activate
-    def test_purl_search_component(self):
+    def test_purl_search_component(self) -> None:
         purl_service = self.purl_build_cache()
         res = purl_service.search_component_by_external_id(
             "package-url",
@@ -192,10 +211,10 @@ def test_purl_search_component(self):
         res = purl_service.search_component_by_external_id(
             "package-url",
             "pkg:deb/debian/mypkg")
-        assert res is None
+        assert res == ""
 
     @responses.activate
-    def test_purl_search_component_via_release(self):
+    def test_purl_search_component_via_release(self) -> None:
         responses.add(
             responses.GET,
             SW360_BASE_URL + "releases/searchByExternalIds?package-url=",
@@ -205,6 +224,11 @@ def test_purl_search_component_via_release(self):
             SW360_BASE_URL + "components/searchByExternalIds?package-url=",
             # only first entry for components so we need to search via release
             json={"_embedded": {"sw360:components": sw360_purl_components[0:1]}})
+
+        assert self.app.client is not None
+        if not self.app.client:
+            return
+
         purl_service = PurlService(self.app.client)
         purl_service.build_purl_cache()
 
@@ -219,7 +243,7 @@ def test_purl_search_component_via_release(self):
         assert res == "myurl"
 
     @responses.activate
-    def test_purl_search_component_via_release_conflicts(self):
+    def test_purl_search_component_via_release_conflicts(self) -> None:
         responses.add(
             responses.GET,
             SW360_BASE_URL + "releases/searchByExternalIds?package-url=",
@@ -244,14 +268,18 @@ def test_purl_search_component_via_release_conflicts(self):
             SW360_BASE_URL + "releases/06dd",
             json={"_links": {"sw360:component": {"href": "anotherurl"}}})
 
+        assert self.app.client is not None
+        if not self.app.client:
+            return
+
         purl_service = PurlService(self.app.client)
         res = purl_service.search_component_by_external_id(
             "package-url",
             sw360_purl_components[1]["externalIds"]["package-url"])
-        assert res is None
+        assert res == ""
 
-    def test_purl_search_component_and_release(self):
-        test_cache: dict = {
+    def test_purl_search_component_and_release(self) -> None:
+        test_cache: Dict[str, Any] = {
             "maven": {
                 "org.test": {
                     "c1": {
@@ -261,6 +289,11 @@ def test_purl_search_component_and_release(self):
                 }
             }
         }
+
+        assert self.app.client is not None
+        if not self.app.client:
+            return
+
         purl_service = PurlService(self.app.client, cache=test_cache)
         c, r = purl_service.search_component_and_release("pkg:maven/org.test/c1@1")
         self.assertIsNotNone(c)
diff --git a/tests/test_purl_store.py b/tests/test_purl_store.py
index e25e468..139acf1 100644
--- a/tests/test_purl_store.py
+++ b/tests/test_purl_store.py
@@ -16,7 +16,7 @@
 
 class TestPurlStore(TestBase):
 
-    def test_add_valid_purl_to_store(self):
+    def test_add_valid_purl_to_store(self) -> None:
         sut = PurlStore()
 
         purl = packageurl.PackageURL.from_string("pkg:maven/test/test")
@@ -26,7 +26,7 @@ def test_add_valid_purl_to_store(self):
         self.assertEqual(value, entry)
         self.assertEqual(sut.get_by_name(purl), {None: entry}, msg="Entry shall be {}".format({None: entry}))
 
-    def test_add_duplicate_version_shall_fail(self):
+    def test_add_duplicate_version_shall_fail(self) -> None:
         sut = PurlStore()
 
         purl = packageurl.PackageURL.from_string("pkg:maven/test/test@1")
@@ -42,26 +42,27 @@ def test_add_duplicate_version_shall_fail(self):
         self.assertEqual(value, entry1)
         self.assertEqual(sut.get_by_version(purl), entry1)
 
-    def test_remove_duplicates_shall_remove_unnecessary_entries(self):
+    def test_remove_duplicates_shall_remove_unnecessary_entries(self) -> None:
         sut = PurlStore()
 
         purl: packageurl.PackageURL = packageurl.PackageURL.from_string("pkg:maven/test/test@1")
-        duplicates: List[Tuple[str, str, str, str]] = [(purl.type, purl.namespace, purl.name, purl.version)]
+        duplicates: List[Tuple[str, str, str, str]] = [(purl.type,
+                                                        purl.namespace, purl.name, purl.version)]  # type: ignore
         sut.add(purl, {})
 
         sut.remove_duplicates(duplicates)
         self.assertFalse(bool(sut.purl_cache), msg="Shall be empty {}".format(sut.purl_cache))
 
-    def test_remove_duplicates_shall_ignore_unknown_entries(self):
+    def test_remove_duplicates_shall_ignore_unknown_entries(self) -> None:
         sut = PurlStore()
 
         purl: packageurl.PackageURL = packageurl.PackageURL.from_string("pkg:maven/test/test@1")
         sut.add(purl, {"test": True})
         duplicates: List[Tuple[str, str, str, str]] = [
-            (purl.type, purl.namespace, purl.name, "unknown"),
-            (purl.type, purl.namespace, "unknown", None),
-            (purl.type, "unknown", None, None),
-            ("unknown", None, None, None)
+            (purl.type, purl.namespace, purl.name, "unknown"),  # type: ignore
+            (purl.type, purl.namespace, "unknown", None),  # type: ignore
+            (purl.type, "unknown", None, None),  # type: ignore
+            ("unknown", None, None, None)  # type: ignore
         ]
         sut.remove_duplicates(duplicates)
         self.assertTrue(bool(sut.purl_cache))
diff --git a/tests/test_purl_utils.py b/tests/test_purl_utils.py
index 41307db..661e9b8 100644
--- a/tests/test_purl_utils.py
+++ b/tests/test_purl_utils.py
@@ -14,7 +14,7 @@
 
 
 class TestPurlUtils(unittest.TestCase):
-    def test_get_purls_from_external_id_invalid_entries(self):
+    def test_get_purls_from_external_id_invalid_entries(self) -> None:
 
         # no purl
         data = None
@@ -26,7 +26,7 @@ def test_get_purls_from_external_id_invalid_entries(self):
         actual = PurlUtils.parse_purls_from_external_id(data)
         self.assertListEqual(actual, [])
 
-    def test_get_purls_from_external_id_single_string(self):
+    def test_get_purls_from_external_id_single_string(self) -> None:
 
         # single valid purl
         data = "pkg:github/macchrome/winchrome@v80.0.3987.149-r989-Win64"
@@ -36,7 +36,7 @@ def test_get_purls_from_external_id_single_string(self):
         self.assertEqual(len(actual), 1)
         self.assertEqual(actual[0], "pkg:github/macchrome/winchrome@v80.0.3987.149-r989-Win64")
 
-    def test_get_purls_from_external_id_strings(self):
+    def test_get_purls_from_external_id_strings(self) -> None:
 
         # valid purls separated by blank
         purl1 = "pkg:github/chrome/chrome@v80"
@@ -49,7 +49,7 @@ def test_get_purls_from_external_id_strings(self):
         self.assertEqual(actual[0], purl1)
         self.assertEqual(actual[1], purl2)
 
-    def test_get_purls_from_external_id_list(self):
+    def test_get_purls_from_external_id_list(self) -> None:
 
         # two valid purls as list
         purl1 = "pkg:github/chrome/chrome@v80"
@@ -61,7 +61,7 @@ def test_get_purls_from_external_id_list(self):
         self.assertEqual(actual[0], purl1)
         self.assertEqual(actual[1], purl2)
 
-    def test_get_purls_from_external_id_list_as_string(self):
+    def test_get_purls_from_external_id_list_as_string(self) -> None:
 
         # two valid purls as list
         purl1 = "pkg:github/chrome/chrome@v80"
@@ -74,7 +74,7 @@ def test_get_purls_from_external_id_list_as_string(self):
         self.assertEqual(actual[0], purl1)
         self.assertEqual(actual[1], purl2)
 
-    def test_get_purls_from_external_id_list_with_invalid_entries(self):
+    def test_get_purls_from_external_id_list_with_invalid_entries(self) -> None:
 
         # two valid purls as list
         purl1 = "pkg:github/chrome/chrome"
@@ -98,7 +98,7 @@ def test_get_purls_from_external_id_list_with_invalid_entries(self):
         self.assertEqual(actual[0], PackageURL.from_string(purl1))
         self.assertEqual(actual[1], PackageURL.from_string(purl2))
 
-    def test_contains(self):
+    def test_contains(self) -> None:
         input_purl = PackageURL.from_string("pkg:maven/org.springframework.boot/spring-boot-actuator@2.7.1?type=jar")
         search_purl = PackageURL.from_string("pkg:maven/org.springframework.boot/spring-boot-actuator@2.7.1")
         self.assertTrue(PurlUtils.contains([input_purl], search_purl))
diff --git a/tests/test_script_base.py b/tests/test_script_base.py
index da9d3fa..07e8a9c 100644
--- a/tests/test_script_base.py
+++ b/tests/test_script_base.py
@@ -17,17 +17,18 @@
 
 
 class ResponseMock():
-    def __init__(self, text=None, ok=False, status_code=200, url=None):
-        self.text = text
-        self.ok = ok
-        self.url = url
-        self.status_code = status_code
-        self.content = None
+    def __init__(self, text: str = "", ok: bool = False,
+                 status_code: int = 200, url: str = "") -> None:
+        self.text: str = text
+        self.ok: bool = ok
+        self.url: str = url
+        self.status_code: int = status_code
+        self.content: bytes
 
 
 class TestScriptBase(TestBase):
     @responses.activate
-    def test_login_fails_no_answer(self):
+    def test_login_fails_no_answer(self) -> None:
         sut = ScriptBase()
 
         try:
@@ -37,7 +38,7 @@ def test_login_fails_no_answer(self):
             self.assertEqual(ResultCode.RESULT_AUTH_ERROR, ex.code)
 
     @responses.activate
-    def test_login_fails_unauthorized(self):
+    def test_login_fails_unauthorized(self) -> None:
         sut = ScriptBase()
 
         responses.add(
@@ -56,7 +57,7 @@ def test_login_fails_unauthorized(self):
             self.assertEqual(ResultCode.RESULT_AUTH_ERROR, ex.code)
 
     @responses.activate
-    def test_login_fails_error(self):
+    def test_login_fails_error(self) -> None:
         sut = ScriptBase()
 
         responses.add(
@@ -75,7 +76,7 @@ def test_login_fails_error(self):
             self.assertEqual(ResultCode.RESULT_AUTH_ERROR, ex.code)
 
     @responses.activate
-    def test_login_fails_no_url(self):
+    def test_login_fails_no_url(self) -> None:
         if os.environ.get("SW360ServerUrl", None):
             # SW360ServerUrl has a value that would mess up the test
             return
@@ -98,7 +99,7 @@ def test_login_fails_no_url(self):
             self.assertEqual(ResultCode.RESULT_ERROR_ACCESSING_SW360, ex.code)
 
     @responses.activate
-    def test_login_success(self):
+    def test_login_success(self) -> None:
         sut = ScriptBase()
 
         self.add_login_response()
@@ -106,7 +107,7 @@ def test_login_success(self):
         value = sut.login(token=TestBase.MYTOKEN, url=TestBase.MYURL)
         self.assertTrue(value)
 
-    def test_analyze_token_ok(self):
+    def test_analyze_token_ok(self) -> None:
         sut = ScriptBase()
         encoded = ("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC"
                    + "1BUEkiXSwidXNlcl9uYW1lIjoidGhvbWFzLmdyYWZAc2llbWVucy5jb20iLCJ"
@@ -118,7 +119,7 @@ def test_analyze_token_ok(self):
         self.assertTrue("Analyzing token..." in out)
         self.assertTrue("Token will expire on" in out)
 
-    def test_analyze_token_fail(self):
+    def test_analyze_token_fail(self) -> None:
         sut = ScriptBase()
         encoded = "eyXXJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
         out = self.capture_stdout(sut.analyze_token, encoded)
@@ -126,7 +127,7 @@ def test_analyze_token_fail(self):
         self.assertTrue("Unable to analyze token" in out)
 
     @responses.activate
-    def test_find_project_success(self):
+    def test_find_project_success(self) -> None:
         sut = ScriptBase()
 
         self.add_login_response()
@@ -163,7 +164,7 @@ def test_find_project_success(self):
         self.assertEqual("007", val)
 
     @responses.activate
-    def test_find_project_fail_sw360_error(self):
+    def test_find_project_fail_sw360_error(self) -> None:
         sut = ScriptBase()
         self.add_login_response()
 
@@ -190,7 +191,7 @@ def test_find_project_fail_sw360_error(self):
             self.assertEqual(ResultCode.RESULT_ERROR_ACCESSING_SW360, ex.code)
 
     @responses.activate
-    def test_find_project_fail_no_project(self):
+    def test_find_project_fail_no_project(self) -> None:
         sut = ScriptBase()
         self.add_login_response()
 
@@ -211,10 +212,10 @@ def test_find_project_fail_no_project(self):
         )
 
         val = sut.find_project("MyName", "MyVersion")
-        self.assertIsNone(val)
+        self.assertEqual("", val)
 
     @responses.activate
-    def test_find_project_fail_version_not_found(self):
+    def test_find_project_fail_version_not_found(self) -> None:
         sut = ScriptBase()
         self.add_login_response()
 
@@ -247,9 +248,9 @@ def test_find_project_fail_version_not_found(self):
         )
 
         val = sut.find_project("MyName", "MyVersion", True)
-        self.assertIsNone(val)
+        self.assertEqual("", val)
 
-    def test_get_error_message_no_info(self):
+    def test_get_error_message_no_info(self) -> None:
         sut = ScriptBase()
 
         swex = SW360Error()
@@ -257,7 +258,7 @@ def test_get_error_message_no_info(self):
         self.assertIsNotNone(val)
         self.assertEqual("SW360Error('None')", val)
 
-    def test_get_error_message_login(self):
+    def test_get_error_message_login(self) -> None:
         sut = ScriptBase()
 
         swex = SW360Error(None, TestBase.MYURL, message="Unable to login:")
@@ -265,7 +266,7 @@ def test_get_error_message_login(self):
         self.assertIsNotNone(val)
         self.assertEqual("SW360Error('Unable to login:')", val)
 
-    def test_get_error_message(self):
+    def test_get_error_message(self) -> None:
         sut = ScriptBase()
 
         text = """{"text": "some message", "status_code" : "500"}"""
@@ -277,7 +278,7 @@ def test_get_error_message(self):
         resp = ResponseMock(text, False, 500, TestBase.MYURL)
         resp.content = text2.encode("utf-8")
 
-        swex = SW360Error(resp, TestBase.MYURL, message="some error")
+        swex = SW360Error(resp, TestBase.MYURL, message="some error")  # type: ignore
         val = sut.get_error_message(swex)
         self.assertIsNotNone(val)
         self.assertEqual("Error=some other error(500): another message", val)
diff --git a/tests/test_show_ecc.py b/tests/test_show_ecc.py
index 273f446..18830d3 100644
--- a/tests/test_show_ecc.py
+++ b/tests/test_show_ecc.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import os
+from typing import Any, Dict
 
 import responses
 
@@ -165,7 +166,7 @@ def test_project_ecc_by_id(self) -> None:
         self.assertTrue("wheel, 0.38.4: ECC status=APPROVED, ECCN=N, AL=N" in out)
 
     @responses.activate
-    def test_project_ecc_by_name(self):
+    def test_project_ecc_by_name(self) -> None:
         sut = ShowExportControlStatus()
 
         # create argparse command line argument object
@@ -264,7 +265,7 @@ def test_project_ecc_by_name(self):
         self.delete_file(self.OUTPUTFILE)
 
     @responses.activate
-    def test_project_show_ecc_with_subproject(self):
+    def test_project_show_ecc_with_subproject(self) -> None:
         sut = ShowExportControlStatus()
 
         # create argparse command line argument object
@@ -283,7 +284,7 @@ def test_project_show_ecc_with_subproject(self):
 
         # the project, with sub-project
         project = self.get_project_for_test()
-        subproject = {}
+        subproject: Dict[str, Any] = {}
         subproject["name"] = "sub-project-dummy"
         subproject["version"] = "2.0.1"
         subproject["securityResponsibles"] = []
diff --git a/tests/test_show_licenses.py b/tests/test_show_licenses.py
index 2093a00..45d6dd0 100644
--- a/tests/test_show_licenses.py
+++ b/tests/test_show_licenses.py
@@ -110,7 +110,7 @@ def test_project_not_found(self) -> None:
         if os.path.exists(sut.TEMPFOLDER):
             shutil.rmtree(sut.TEMPFOLDER)
 
-    def get_wheel_for_test(self):
+    def get_wheel_for_test(self) -> None:
         """
         Provide release and attachment responses.
         """
@@ -165,7 +165,7 @@ def get_wheel_for_test(self):
             adding_headers={"Authorization": "Token " + self.MYTOKEN},
         )
 
-    def get_cli_for_test(self):
+    def get_cli_for_test(self) -> None:
         """
         Provide release and attachment responses.
         """
@@ -208,7 +208,7 @@ def get_cli_for_test(self):
             adding_headers={"Authorization": "Token " + self.MYTOKEN},
         )
 
-    def get_cli_file_gpl(self):
+    def get_cli_file_gpl(self) -> str:
         """
         Return the XML contents of a CLI file with GPL-2.0 license.
         """
diff --git a/tests/test_show_project.py b/tests/test_show_project.py
index d4f7167..0349602 100644
--- a/tests/test_show_project.py
+++ b/tests/test_show_project.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import os
+from typing import Any, Dict
 from unittest.mock import MagicMock
 
 import responses
@@ -19,7 +20,7 @@
 class TestShowProject(TestBase):
     OUTPUTFILE = "output.json"
 
-    def setUp(self):
+    def setUp(self) -> None:
         self.client_mock = MagicMock()
         self.sut = ShowProject()
         self.sut.client = self.client_mock
@@ -171,7 +172,7 @@ def test_project_show_by_id(self) -> None:
         self.assertTrue("wheel, 0.38.4 = SPECIFIC, APPROVED" in out)
 
     @responses.activate
-    def test_project_show_by_name(self):
+    def test_project_show_by_name(self) -> None:
         sut = ShowProject()
 
         # create argparse command line argument object
@@ -265,7 +266,7 @@ def test_project_show_by_name(self):
         self.assertTrue("wheel, 0.38.4 = SPECIFIC, APPROVED" in out)
 
     @responses.activate
-    def test_project_show_with_subproject(self):
+    def test_project_show_with_subproject(self) -> None:
         sut = ShowProject()
 
         # create argparse command line argument object
@@ -285,7 +286,7 @@ def test_project_show_with_subproject(self):
 
         # the project, with sub-project
         project = self.get_project_for_test()
-        subproject = {}
+        subproject: Dict[str, Any] = {}
         subproject["name"] = "sub-project-dummy"
         subproject["version"] = "2.0.1"
         subproject["securityResponsibles"] = []
@@ -342,7 +343,7 @@ def test_project_show_with_subproject(self):
         self.assertTrue(os.path.isfile(self.OUTPUTFILE), "no output file generated")
         self.delete_file(self.OUTPUTFILE)
 
-    def test_project_show_with_defaults(self):
+    def test_project_show_with_defaults(self) -> None:
         """
         Ensure project show will use the default values if the response
         miss some parts of the required data.
diff --git a/tests/test_show_vulnerabilities.py b/tests/test_show_vulnerabilities.py
index 389bb2e..2a8a1ba 100644
--- a/tests/test_show_vulnerabilities.py
+++ b/tests/test_show_vulnerabilities.py
@@ -7,6 +7,7 @@
 # -------------------------------------------------------------------------------
 
 import os
+from typing import Any, Dict
 
 import responses
 
@@ -105,7 +106,7 @@ def test_project_not_found(self) -> None:
         except SystemExit as ex:
             self.assertEqual(ResultCode.RESULT_PROJECT_NOT_FOUND, ex.code)
 
-    def get_vulnerabilities_for_test(self):
+    def get_vulnerabilities_for_test(self) -> Dict[str, Any]:
         """
         Get vulnerability response for tesing.
         """
@@ -231,7 +232,7 @@ def test_project_show_by_id_and_force_exit_code(self) -> None:
         self.delete_file(self.OUTPUTFILE)
 
     @responses.activate
-    def test_project_show_by_name(self):
+    def test_project_show_by_name(self) -> None:
         sut = ShowSecurityVulnerability()
 
         # create argparse command line argument object
@@ -331,10 +332,10 @@ def test_project_show_by_name(self):
         self.assertTrue("Priority:          3 - minor" in out)
         self.assertTrue("Project Relevance: IN_ANALYSIS" in out)
 
-    def test_check_report(self):
+    def test_check_report(self) -> None:
         sut = ShowSecurityVulnerability()
 
-        report = {}
+        report: Dict[str, Any] = {}
         report["Vulnerabilities"] = []
         report["Vulnerabilities"].append({"priority": "0"})
 
@@ -344,10 +345,10 @@ def test_check_report(self):
         ret = sut.check_report_for_critical_findings(report, "6")
         self.assertFalse(ret)
 
-        report = {}
+        report: Dict[str, Any] = {}
         report["Vulnerabilities"] = []
         report["Vulnerabilities"].append({"priority": "0"})
-        v = {}
+        v: Dict[str, Any] = {}
         v["priority"] = "1"
         v["projectRelevance"] = "NOT_CHECKED"
         report["Vulnerabilities"].append(v)
@@ -357,4 +358,4 @@ def test_check_report(self):
 
 if __name__ == "__main__":
     APP = TestShowSecurityVulnerability()
-    APP.test_check_report()
+    APP.test_project_not_found()