fix: async subprocess + httpx — no more event loop blocking during scans

guarddog_nexus/webhooks.py

@@ -115,23 +115,16 @@ async def nexus_webhook(
 
 async def _scan_component(repository: str, name: str, version: str):
     """Look up component assets via Nexus API, then scan each package file."""
-    import subprocess
 
-    api_url = (
-        f"{config.nexus_url.rstrip('/')}/service/rest/v1/search"
-        f"?repository={repository}&name={name}&version={version}&format=pypi"
+    from guarddog_nexus.nexus_client import nexus_get
+
+    api_path = (
+        f"/service/rest/v1/search?repository={repository}&name={name}&version={version}&format=pypi"
     )
     try:
-        result = subprocess.run(
-            ["curl", "-sf", "-u", f"{config.nexus_username}:{config.nexus_password}", api_url],
-            capture_output=True,
-            text=True,
-            timeout=30,
-        )
-        if result.returncode != 0:
-            log.warning("Component lookup failed for %s==%s: %s", name, version, result.stderr)
-            return
-        data = json.loads(result.stdout)
+        resp = await nexus_get(api_path)
+        resp.raise_for_status()
+        data = resp.json()
     except Exception as e:
         log.warning("Component lookup error for %s==%s: %s", name, version, e)
         return