fix: propagate initiator/source_ip to _scan_component for component webhooks

guarddog_nexus/routes/webhooks.py

@@ -149,7 +149,9 @@ async def nexus_webhook(
         if ecosystem is None:
             return {"status": WEBHOOK_STATUS_IGNORED, "reason": "unknown_ecosystem"}
 
-        background_tasks.add_task(_scan_component, repository, name, version, ecosystem)
+        background_tasks.add_task(
+            _scan_component, repository, name, version, ecosystem, initiator, source_ip
+        )
         return {
             "status": WEBHOOK_STATUS_ACCEPTED,
             "component": f"{name}=={version}",
@@ -162,7 +164,14 @@ async def nexus_webhook(
     }
 
 
-async def _scan_component(repository: str, name: str, version: str, ecosystem: str):
+async def _scan_component(
+    repository: str,
+    name: str,
+    version: str,
+    ecosystem: str,
+    initiator: str | None = None,
+    source_ip: str | None = None,
+):
     try:
         from ..core.nexus import nexus_get
 
@@ -198,7 +207,15 @@ async def _scan_component(repository: str, name: str, version: str, ecosystem: s
                 )
                 log.info("Scanning component asset: %s", asset_path)
                 async for session in get_session():
-                    await harvest(download_url, repository, ecosystem, asset_path, session)
+                    await harvest(
+                        download_url,
+                        repository,
+                        ecosystem,
+                        asset_path,
+                        session,
+                        initiator=initiator,
+                        source_ip=source_ip,
+                    )
                     break
     except Exception as e:
         log.error("Component scan failed for %s==%s: %s", name, version, e)