From 1c54ad63ad2d39c2f1e7b3844ac84a37ac6cad05 Mon Sep 17 00:00:00 2001 From: Assaf Attias <49212512+attiasas@users.noreply.github.com> Date: Sun, 22 Sep 2024 19:07:12 +0300 Subject: [PATCH 1/5] Update dependencies (#183) --- audit_test.go | 2 +- commands/audit/audit_test.go | 31 +++++++++++++++++-------------- go.mod | 16 ++++++++-------- go.sum | 28 ++++++++++++++-------------- jas/analyzermanager.go | 2 +- 5 files changed, 41 insertions(+), 38 deletions(-) diff --git a/audit_test.go b/audit_test.go index cd8ed215..e6e1f9c7 100644 --- a/audit_test.go +++ b/audit_test.go @@ -341,7 +341,7 @@ func TestXrayAuditMultiProjects(t *testing.T) { defer securityTestUtils.CleanTestsHomeEnv() output := securityTests.PlatformCli.WithoutCredentials().RunCliCmdWithOutput(t, "audit", "--format="+string(format.SimpleJson), workingDirsFlag) securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 35, 0) - securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 9, 6, 3, 0, 24, 2, 1, 0) + securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 9, 6, 3, 0, 23, 2, 1, 0) } func TestXrayAuditPipJson(t *testing.T) { diff --git a/commands/audit/audit_test.go b/commands/audit/audit_test.go index 915e64a0..2f86776c 100644 --- a/commands/audit/audit_test.go +++ b/commands/audit/audit_test.go @@ -1,6 +1,10 @@ package audit import ( + "path/filepath" + "strings" + "testing" + biutils "github.com/jfrog/build-info-go/utils" "github.com/jfrog/jfrog-cli-core/v2/common/format" coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" @@ -10,9 +14,6 @@ import ( scanservices "github.com/jfrog/jfrog-client-go/xray/services" "github.com/jfrog/jfrog-client-go/xsc/services" "github.com/stretchr/testify/assert" - "path/filepath" - "strings" - "testing" ) // Note: Currently, if a config profile is provided, the scan will use the profile's settings, IGNORING jfrog-apps-config if exists. @@ -181,16 +182,18 @@ func TestAuditWithScansOutputDir(t *testing.T) { assert.NoError(t, err) assert.Len(t, filesList, 5) - var fileNamesWithoutSuffix []string - for _, fileName := range filesList { - // Removing .json suffix to so we can check by suffix all expected files exist - splitName := strings.Split(fileName, "_") - fileNamesWithoutSuffix = append(fileNamesWithoutSuffix, splitName[0]) - } + searchForStrWithSubString(t, filesList, "sca_results") + searchForStrWithSubString(t, filesList, "iac_results") + searchForStrWithSubString(t, filesList, "sast_results") + searchForStrWithSubString(t, filesList, "secrets_results") + searchForStrWithSubString(t, filesList, "applicability_results") +} - assert.Contains(t, fileNamesWithoutSuffix, filepath.Join(outputDirPath, "sca")) - assert.Contains(t, fileNamesWithoutSuffix, filepath.Join(outputDirPath, "iac")) - assert.Contains(t, fileNamesWithoutSuffix, filepath.Join(outputDirPath, "sast")) - assert.Contains(t, fileNamesWithoutSuffix, filepath.Join(outputDirPath, "secrets")) - assert.Contains(t, fileNamesWithoutSuffix, filepath.Join(outputDirPath, "applicability")) +func searchForStrWithSubString(t *testing.T, filesList []string, subString string) { + for _, file := range filesList { + if strings.Contains(file, subString) { + return + } + } + assert.Fail(t, "File %s not found in the list", subString) } diff --git a/go.mod b/go.mod index 968585d5..22cb394b 100644 --- a/go.mod +++ b/go.mod @@ -1,22 +1,22 @@ module github.com/jfrog/jfrog-cli-security -go 1.22.3 +go 1.22.7 require ( github.com/beevik/etree v1.4.0 github.com/google/go-github/v56 v56.0.0 github.com/gookit/color v1.5.4 - github.com/jfrog/build-info-go v1.9.36 + github.com/jfrog/build-info-go v1.10.0 github.com/jfrog/froggit-go v1.16.1 github.com/jfrog/gofrog v1.7.6 github.com/jfrog/jfrog-apps-config v1.0.1 - github.com/jfrog/jfrog-cli-core/v2 v2.55.7 - github.com/jfrog/jfrog-client-go v1.46.2 + github.com/jfrog/jfrog-cli-core/v2 v2.56.0 + github.com/jfrog/jfrog-client-go v1.47.0 github.com/magiconair/properties v1.8.7 github.com/owenrumney/go-sarif/v2 v2.3.0 github.com/stretchr/testify v1.9.0 github.com/urfave/cli v1.22.15 - golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e + golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 golang.org/x/sync v0.8.0 golang.org/x/text v0.18.0 gopkg.in/yaml.v3 v3.0.1 @@ -101,13 +101,13 @@ require ( go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.9.0 // indirect golang.org/x/crypto v0.27.0 // indirect - golang.org/x/mod v0.20.0 // indirect - golang.org/x/net v0.28.0 // indirect + golang.org/x/mod v0.21.0 // indirect + golang.org/x/net v0.29.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sys v0.25.0 // indirect golang.org/x/term v0.24.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.24.0 // indirect + golang.org/x/tools v0.25.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index f1ab8899..dba68582 100644 --- a/go.sum +++ b/go.sum @@ -890,18 +890,18 @@ github.com/jedib0t/go-pretty/v6 v6.5.9 h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+ github.com/jedib0t/go-pretty/v6 v6.5.9/go.mod h1:zbn98qrYlh95FIhwwsbIip0LYpwSG8SUOScs+v9/t0E= github.com/jfrog/archiver/v3 v3.6.1 h1:LOxnkw9pOn45DzCbZNFV6K0+6dCsQ0L8mR3ZcujO5eI= github.com/jfrog/archiver/v3 v3.6.1/go.mod h1:VgR+3WZS4N+i9FaDwLZbq+jeU4B4zctXL+gL4EMzfLw= -github.com/jfrog/build-info-go v1.9.36 h1:bKoYW3o+U70Zbz2kt5NT84N5JWNxdDXHOf+kVdzK+j4= -github.com/jfrog/build-info-go v1.9.36/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE= +github.com/jfrog/build-info-go v1.10.0 h1:jSxmN58mH0LaP+v1IQadplwJPRILLgI3xieBTXTCSos= +github.com/jfrog/build-info-go v1.10.0/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE= github.com/jfrog/froggit-go v1.16.1 h1:FBIM1qevX/ag9unfmpGzfmZ36D8ulOJ+DPTSFUk3l5U= github.com/jfrog/froggit-go v1.16.1/go.mod h1:TEJSzgiV+3D/GVGE8Y6j46ut1jrBLD1FL6WdMdKwwCE= github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s= github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-cli-core/v2 v2.55.7 h1:V4dO2FMNIH49lov3dMj3jYRg8KBTG7hyhHI8ftYByf8= -github.com/jfrog/jfrog-cli-core/v2 v2.55.7/go.mod h1:DPO5BfWAeOByahFMMy+PcjmbPlcyoRy7Bf2C5sGKVi0= -github.com/jfrog/jfrog-client-go v1.46.2 h1:1rk7PliYGc7zVSFVE2/RO77JOR1KdEtr28os8GQiLyI= -github.com/jfrog/jfrog-client-go v1.46.2/go.mod h1:qtQ9ML8xrRJmUwU/t6QRsov7C5mIZndTDY3qulgB5hA= +github.com/jfrog/jfrog-cli-core/v2 v2.56.0 h1:rCNKhfESgsq0o6//gU1mNCvuCboE5BMfycj/RM/gq8k= +github.com/jfrog/jfrog-cli-core/v2 v2.56.0/go.mod h1:D8m0L8GCZiYCY9MjhnWY4egCqyVlU2iZsVA0yysBsVw= +github.com/jfrog/jfrog-client-go v1.47.0 h1:OBMB6TxqziBByjuk6hm0BM30pQwOb3XzjZKf/cmwCeM= +github.com/jfrog/jfrog-client-go v1.47.0/go.mod h1:UxzL9Q4pDoM+HQjSuQiGNakyoJNuxqPSs35/amBJvdY= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= @@ -1140,8 +1140,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= -golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk= -golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -1184,8 +1184,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= -golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1247,8 +1247,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1495,8 +1495,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= -golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= +golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= +golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index 4222119c..46074965 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -24,7 +24,7 @@ import ( const ( ApplicabilityFeatureId = "contextual_analysis" AnalyzerManagerZipName = "analyzerManager.zip" - defaultAnalyzerManagerVersion = "1.8.15" + defaultAnalyzerManagerVersion = "1.9.1" analyzerManagerDownloadPath = "xsc-gen-exe-analyzer-manager-local/v1" analyzerManagerDirName = "analyzerManager" analyzerManagerExecutableName = "analyzerManager" From 8306f5b9b5a1e1ddf9336f09540f13dfa1ba74da Mon Sep 17 00:00:00 2001 From: Eyal Kapon Date: Mon, 23 Sep 2024 14:22:32 +0300 Subject: [PATCH 2/5] Show only requested scanners in SARIF format (#185) --- commands/scan/dockerscan.go | 2 +- commands/scan/scan.go | 2 +- utils/resultwriter.go | 33 +++++++++++++++++++------------- utils/securityJobSummary.go | 4 ++-- utils/securityJobSummary_test.go | 11 +++++------ 5 files changed, 29 insertions(+), 23 deletions(-) diff --git a/commands/scan/dockerscan.go b/commands/scan/dockerscan.go index dfb9c59c..88728882 100644 --- a/commands/scan/dockerscan.go +++ b/commands/scan/dockerscan.go @@ -106,7 +106,7 @@ func (dsc *DockerScanCommand) Run() (err error) { } } dsc.analyticsMetricsService.UpdateGeneralEvent(dsc.analyticsMetricsService.CreateXscAnalyticsGeneralEventFinalizeFromAuditResults(scanResults)) - if err = utils.RecordSarifOutput(scanResults); err != nil { + if err = utils.RecordSarifOutput(scanResults, utils.GetAllSupportedScans()); err != nil { return } return utils.RecordSecurityCommandSummary(utils.NewDockerScanSummary( diff --git a/commands/scan/scan.go b/commands/scan/scan.go index 1d34dbef..b580e70a 100644 --- a/commands/scan/scan.go +++ b/commands/scan/scan.go @@ -201,7 +201,7 @@ func (scanCmd *ScanCommand) indexFile(filePath string) (*xrayUtils.BinaryGraphNo func (scanCmd *ScanCommand) Run() (err error) { return scanCmd.RunAndRecordResults(utils.Binary, func(scanResults *utils.Results) (err error) { - if err = utils.RecordSarifOutput(scanResults); err != nil { + if err = utils.RecordSarifOutput(scanResults, utils.GetAllSupportedScans()); err != nil { return } return utils.RecordSecurityCommandSummary(utils.NewBinaryScanSummary( diff --git a/utils/resultwriter.go b/utils/resultwriter.go index 9eb70064..cb5f72d6 100644 --- a/utils/resultwriter.go +++ b/utils/resultwriter.go @@ -141,7 +141,7 @@ func (rw *ResultsWriter) PrintScanResults() error { case format.Json: return PrintJson(rw.results.GetScaScansXrayResults()) case format.Sarif: - return PrintSarif(rw.results, rw.isMultipleRoots, rw.includeLicenses) + return PrintSarif(rw.results, rw.isMultipleRoots, rw.includeLicenses, rw.subScansPreformed) } return nil } @@ -157,7 +157,7 @@ func (rw *ResultsWriter) printScanResultsTables() (err error) { printMessage(coreutils.PrintTitle("The full scan results are available here: ") + coreutils.PrintLink(resultsPath)) } log.Output() - if shouldPrintTable(rw.subScansPreformed, ScaScan, rw.results.ResultType) { + if shouldScannerBeCalled(rw.subScansPreformed, ScaScan, rw.results.ResultType) { if rw.hasViolationContext { if err = PrintViolationsTable(violations, rw.results, rw.isMultipleRoots, rw.printExtended); err != nil { return @@ -174,23 +174,23 @@ func (rw *ResultsWriter) printScanResultsTables() (err error) { } } } - if shouldPrintTable(rw.subScansPreformed, SecretsScan, rw.results.ResultType) { + if shouldScannerBeCalled(rw.subScansPreformed, SecretsScan, rw.results.ResultType) { if err = PrintSecretsTable(rw.results.ExtendedScanResults.SecretsScanResults, rw.results.ExtendedScanResults.EntitledForJas, rw.results.ExtendedScanResults.SecretValidation); err != nil { return } } - if shouldPrintTable(rw.subScansPreformed, IacScan, rw.results.ResultType) { + if shouldScannerBeCalled(rw.subScansPreformed, IacScan, rw.results.ResultType) { if err = PrintIacTable(rw.results.ExtendedScanResults.IacScanResults, rw.results.ExtendedScanResults.EntitledForJas); err != nil { return } } - if !shouldPrintTable(rw.subScansPreformed, SastScan, rw.results.ResultType) { + if !shouldScannerBeCalled(rw.subScansPreformed, SastScan, rw.results.ResultType) { return nil } return PrintSastTable(rw.results.ExtendedScanResults.SastScanResults, rw.results.ExtendedScanResults.EntitledForJas) } -func shouldPrintTable(requestedScans []SubScanType, subScan SubScanType, scanType CommandType) bool { +func shouldScannerBeCalled(requestedScans []SubScanType, subScan SubScanType, scanType CommandType) bool { if scanType.IsTargetBinary() && (subScan == IacScan || subScan == SastScan) { return false } @@ -210,7 +210,14 @@ func printMessage(message string) { log.Output("💬" + message) } -func GenerateSarifReportFromResults(results *Results, isMultipleRoots, includeLicenses bool, allowedLicenses []string) (report *sarif.Report, err error) { +func filterAndPatchRunsIfRequired(requestedScans []SubScanType, subScan SubScanType, results *Results, scanResults []*sarif.Run) (filtered []*sarif.Run) { + if !shouldScannerBeCalled(requestedScans, subScan, results.ResultType) { + return + } + return patchRunsToPassIngestionRules(subScan, results, scanResults...) +} + +func GenerateSarifReportFromResults(results *Results, isMultipleRoots, includeLicenses bool, allowedLicenses []string, requestedScans []SubScanType) (report *sarif.Report, err error) { report, err = sarifutils.NewReport() if err != nil { return @@ -220,10 +227,10 @@ func GenerateSarifReportFromResults(results *Results, isMultipleRoots, includeLi return } - report.Runs = append(report.Runs, patchRunsToPassIngestionRules(ScaScan, results, xrayRun)...) - report.Runs = append(report.Runs, patchRunsToPassIngestionRules(IacScan, results, results.ExtendedScanResults.IacScanResults...)...) - report.Runs = append(report.Runs, patchRunsToPassIngestionRules(SecretsScan, results, results.ExtendedScanResults.SecretsScanResults...)...) - report.Runs = append(report.Runs, patchRunsToPassIngestionRules(SastScan, results, results.ExtendedScanResults.SastScanResults...)...) + report.Runs = append(report.Runs, filterAndPatchRunsIfRequired(requestedScans, ScaScan, results, []*sarif.Run{xrayRun})...) + report.Runs = append(report.Runs, filterAndPatchRunsIfRequired(requestedScans, IacScan, results, results.ExtendedScanResults.IacScanResults)...) + report.Runs = append(report.Runs, filterAndPatchRunsIfRequired(requestedScans, SecretsScan, results, results.ExtendedScanResults.SecretsScanResults)...) + report.Runs = append(report.Runs, filterAndPatchRunsIfRequired(requestedScans, SastScan, results, results.ExtendedScanResults.SastScanResults)...) return } @@ -927,8 +934,8 @@ func PrintJson(output interface{}) error { return nil } -func PrintSarif(results *Results, isMultipleRoots, includeLicenses bool) error { - sarifReport, err := GenerateSarifReportFromResults(results, isMultipleRoots, includeLicenses, nil) +func PrintSarif(results *Results, isMultipleRoots, includeLicenses bool, subScans []SubScanType) error { + sarifReport, err := GenerateSarifReportFromResults(results, isMultipleRoots, includeLicenses, nil, subScans) if err != nil { return err } diff --git a/utils/securityJobSummary.go b/utils/securityJobSummary.go index e71d7d51..67b0a25b 100644 --- a/utils/securityJobSummary.go +++ b/utils/securityJobSummary.go @@ -173,7 +173,7 @@ func RecordSecurityCommandSummary(content ScanCommandResultSummary) (err error) return manager.Record(content) } -func RecordSarifOutput(cmdResults *Results) (err error) { +func RecordSarifOutput(cmdResults *Results, supportedScans []SubScanType) (err error) { manager, err := getRecordManager() if err != nil || manager == nil { return @@ -187,7 +187,7 @@ func RecordSarifOutput(cmdResults *Results) (err error) { log.Info("Results can be uploaded to Github security tab automatically by upgrading your JFrog subscription.") return } - sarifReport, err := GenerateSarifReportFromResults(cmdResults, true, false, nil) + sarifReport, err := GenerateSarifReportFromResults(cmdResults, true, false, nil, supportedScans) if err != nil { return err } diff --git a/utils/securityJobSummary_test.go b/utils/securityJobSummary_test.go index 218fbc1f..abcc4f3b 100644 --- a/utils/securityJobSummary_test.go +++ b/utils/securityJobSummary_test.go @@ -2,11 +2,6 @@ package utils import ( "fmt" - "os" - "path/filepath" - "strings" - "testing" - "github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/commandsummary" coreUtils "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" @@ -15,6 +10,10 @@ import ( "github.com/jfrog/jfrog-client-go/utils/io/fileutils" clientTests "github.com/jfrog/jfrog-client-go/utils/tests" "github.com/stretchr/testify/assert" + "os" + "path/filepath" + "strings" + "testing" ) var ( @@ -62,7 +61,7 @@ func TestSaveSarifOutputOnlyForJasEntitled(t *testing.T) { cleanUp := clientTests.SetEnvWithCallbackAndAssert(t, coreUtils.SummaryOutputDirPathEnv, tempDir) defer cleanUp() - assert.NoError(t, RecordSarifOutput(createDummyJasResult(testCase.isJasEntitled))) + assert.NoError(t, RecordSarifOutput(createDummyJasResult(testCase.isJasEntitled), GetAllSupportedScans())) assert.Equal(t, testCase.isJasEntitled, hasFilesInDir(t, filepath.Join(tempDir, commandsummary.OutputDirName, "security", string(commandsummary.SarifReport)))) }) } From d87f379e1f5fc882e4ae310110e032c0094f7c73 Mon Sep 17 00:00:00 2001 From: Eran Turgeman <81029514+eranturgeman@users.noreply.github.com> Date: Mon, 23 Sep 2024 15:16:32 +0300 Subject: [PATCH 3/5] Improved JAS inclusion warning log (#187) --- jas/runner/jasrunner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jas/runner/jasrunner.go b/jas/runner/jasrunner.go index 3d6e8091..87e209c1 100644 --- a/jas/runner/jasrunner.go +++ b/jas/runner/jasrunner.go @@ -24,7 +24,7 @@ func AddJasScannersTasks(securityParallelRunner *utils.SecurityParallelRunner, s serverDetails *config.ServerDetails, thirdPartyApplicabilityScan bool, scanner *jas.JasScanner, scanType applicability.ApplicabilityScanType, secretsScanType secrets.SecretsScanType, errHandlerFunc func(error), scansToPreform []utils.SubScanType, configProfile *services.ConfigProfile, scansOutputDir string) (err error) { if serverDetails == nil || len(serverDetails.Url) == 0 { - log.Warn("To include 'Advanced Security' scan as part of the audit output, please run the 'jf c add' command before running this command.") + log.Warn("To incorporate the ‘Advanced Security’ scans into the audit output make sure platform url is provided and valid (run 'jf c add' prior to 'jf audit' via CLI, or provide JF_URL via Frogbot)") return } // For docker scan we support only secrets and contextual scans. From 1aabcef99a68a779695113e3f8d205c8dbe4e4c0 Mon Sep 17 00:00:00 2001 From: Assaf Attias <49212512+attiasas@users.noreply.github.com> Date: Tue, 24 Sep 2024 13:10:22 +0300 Subject: [PATCH 4/5] Add logs and add error if serverDetails not provided (#189) --- commands/audit/audit.go | 58 +++++++++++++++++++++++------------- commands/scan/scan.go | 8 +++-- jas/analyzermanager.go | 1 + jas/common.go | 27 +++++++++++------ jas/runner/jasrunner.go | 8 ++--- jas/runner/jasrunner_test.go | 25 +++++++++------- 6 files changed, 78 insertions(+), 49 deletions(-) diff --git a/commands/audit/audit.go b/commands/audit/audit.go index 8f93a52a..99d5c77d 100644 --- a/commands/audit/audit.go +++ b/commands/audit/audit.go @@ -3,8 +3,9 @@ package audit import ( "errors" "fmt" + + "github.com/jfrog/gofrog/log" jfrogappsconfig "github.com/jfrog/jfrog-apps-config/go" - "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" "github.com/jfrog/jfrog-cli-security/jas" "github.com/jfrog/jfrog-cli-security/jas/applicability" @@ -194,17 +195,11 @@ func RunAudit(auditParams *AuditParams) (results *utils.Results, err error) { if err != nil { return results, fmt.Errorf("failed to create JFrogAppsConfig: %s", err.Error()) } - jasScanner := &jas.JasScanner{} - if results.ExtendedScanResults.EntitledForJas { - // Download (if needed) the analyzer manager and run scanners. - auditParallelRunner.JasWg.Add(1) - if _, jasErr := auditParallelRunner.Runner.AddTaskWithError(func(threadId int) error { - return downloadAnalyzerManagerAndRunScanners(auditParallelRunner, results, serverDetails, auditParams, jasScanner, jfrogAppsConfig, threadId) - }, auditParallelRunner.AddErrorToChan); jasErr != nil { - auditParallelRunner.AddErrorToChan(fmt.Errorf("failed to create AM downloading task, skipping JAS scans...: %s", jasErr.Error())) - } + var jasScanner *jas.JasScanner + var jasScanErr error + if jasScanner, jasScanErr = RunJasScans(auditParallelRunner, auditParams, results, jfrogAppsConfig); jasScanErr != nil { + auditParallelRunner.AddErrorToChan(jasScanErr) } - // The sca scan doesn't require the analyzer manager, so it can run separately from the analyzer manager download routine. if scaScanErr := buildDepTreeAndRunScaScan(auditParallelRunner, auditParams, results); scaScanErr != nil { auditParallelRunner.AddErrorToChan(scaScanErr) @@ -214,9 +209,8 @@ func RunAudit(auditParams *AuditParams) (results *utils.Results, err error) { auditParallelRunner.JasWg.Wait() // Wait for all jas scanners to complete before cleaning up scanners temp dir auditParallelRunner.JasScannersWg.Wait() - cleanup := jasScanner.ScannerDirCleanupFunc - if cleanup != nil { - auditParallelRunner.AddErrorToChan(cleanup()) + if jasScanner != nil && jasScanner.ScannerDirCleanupFunc != nil { + auditParallelRunner.AddErrorToChan(jasScanner.ScannerDirCleanupFunc()) } close(auditParallelRunner.ErrorsQueue) auditParallelRunner.Runner.Done() @@ -244,19 +238,41 @@ func isEntitledForJas(xrayManager *xray.XrayServicesManager, auditParams *AuditP return jas.IsEntitledForJas(xrayManager, auditParams.xrayVersion) } -func downloadAnalyzerManagerAndRunScanners(auditParallelRunner *utils.SecurityParallelRunner, scanResults *utils.Results, - serverDetails *config.ServerDetails, auditParams *AuditParams, scanner *jas.JasScanner, jfrogAppsConfig *jfrogappsconfig.JFrogAppsConfig, threadId int) (err error) { +func RunJasScans(auditParallelRunner *utils.SecurityParallelRunner, auditParams *AuditParams, results *utils.Results, jfrogAppsConfig *jfrogappsconfig.JFrogAppsConfig) (jasScanner *jas.JasScanner, err error) { + if !results.ExtendedScanResults.EntitledForJas { + log.Info("Not entitled for JAS, skipping advance security scans...") + return + } + serverDetails, err := auditParams.ServerDetails() + if err != nil { + err = fmt.Errorf("failed to get server details: %s", err.Error()) + return + } + jasScanner, err = jas.CreateJasScanner(jfrogAppsConfig, serverDetails, jas.GetAnalyzerManagerXscEnvVars(auditParams.commonGraphScanParams.MultiScanId, results.ExtendedScanResults.SecretValidation, results.GetScaScannedTechnologies()...), auditParams.Exclusions()...) + if err != nil { + err = fmt.Errorf("failed to create jas scanner: %s", err.Error()) + return + } else if jasScanner == nil { + log.Debug("Jas scanner was not created, skipping advance security scans...") + return + } + auditParallelRunner.JasWg.Add(1) + if _, jasErr := auditParallelRunner.Runner.AddTaskWithError(func(threadId int) error { + return downloadAnalyzerManagerAndRunScanners(auditParallelRunner, jasScanner, results, auditParams, threadId) + }, auditParallelRunner.AddErrorToChan); jasErr != nil { + auditParallelRunner.AddErrorToChan(fmt.Errorf("failed to create AM downloading task, skipping JAS scans...: %s", jasErr.Error())) + } + return +} + +func downloadAnalyzerManagerAndRunScanners(auditParallelRunner *utils.SecurityParallelRunner, scanner *jas.JasScanner, scanResults *utils.Results, auditParams *AuditParams, threadId int) (err error) { defer func() { auditParallelRunner.JasWg.Done() }() if err = jas.DownloadAnalyzerManagerIfNeeded(threadId); err != nil { return fmt.Errorf("%s failed to download analyzer manager: %s", clientutils.GetLogMsgPrefix(threadId, false), err.Error()) } - scanner, err = jas.CreateJasScanner(scanner, jfrogAppsConfig, serverDetails, jas.GetAnalyzerManagerXscEnvVars(auditParams.commonGraphScanParams.MultiScanId, scanResults.ExtendedScanResults.SecretValidation, scanResults.GetScaScannedTechnologies()...), auditParams.Exclusions()...) - if err != nil { - return fmt.Errorf("failed to create jas scanner: %s", err.Error()) - } - if err = runner.AddJasScannersTasks(auditParallelRunner, scanResults, auditParams.DirectDependencies(), serverDetails, auditParams.thirdPartyApplicabilityScan, scanner, applicability.ApplicabilityScannerType, secrets.SecretsScannerType, auditParallelRunner.AddErrorToChan, auditParams.ScansToPerform(), auditParams.configProfile, auditParams.scanResultsOutputDir); err != nil { + if err = runner.AddJasScannersTasks(auditParallelRunner, scanResults, auditParams.DirectDependencies(), auditParams.thirdPartyApplicabilityScan, scanner, applicability.ApplicabilityScannerType, secrets.SecretsScannerType, auditParallelRunner.AddErrorToChan, auditParams.ScansToPerform(), auditParams.configProfile, auditParams.scanResultsOutputDir); err != nil { return fmt.Errorf("%s failed to run JAS scanners: %s", clientutils.GetLogMsgPrefix(threadId, false), err.Error()) } return diff --git a/commands/scan/scan.go b/commands/scan/scan.go index b580e70a..ac4af6ab 100644 --- a/commands/scan/scan.go +++ b/commands/scan/scan.go @@ -451,13 +451,15 @@ func (scanCmd *ScanCommand) createIndexerHandlerFunc(file *spec.File, entitledFo log.Error(fmt.Sprintf("failed to create JFrogAppsConfig: %s", err.Error())) indexedFileErrors[threadId] = append(indexedFileErrors[threadId], formats.SimpleJsonError{FilePath: filePath, ErrorMessage: err.Error()}) } - scanner := &jas.JasScanner{} - scanner, err = jas.CreateJasScanner(scanner, jfrogAppsConfig, scanCmd.serverDetails, jas.GetAnalyzerManagerXscEnvVars(scanResults.MultiScanId, validateSecrets, techutils.Technology(graphScanResults.ScannedPackageType))) + scanner, err := jas.CreateJasScanner(jfrogAppsConfig, scanCmd.serverDetails, jas.GetAnalyzerManagerXscEnvVars(scanResults.MultiScanId, validateSecrets, techutils.Technology(graphScanResults.ScannedPackageType))) if err != nil { log.Error(fmt.Sprintf("failed to create jas scanner: %s", err.Error())) indexedFileErrors[threadId] = append(indexedFileErrors[threadId], formats.SimpleJsonError{FilePath: filePath, ErrorMessage: err.Error()}) + } else if scanner == nil { + log.Debug(fmt.Sprintf("Jas scanner was not created for %s, skipping Jas scans", filePath)) + return nil } - err = runner.AddJasScannersTasks(jasFileProducerConsumer, &scanResults, &depsList, scanCmd.serverDetails, false, scanner, applicability.ApplicabilityDockerScanScanType, secrets.SecretsScannerDockerScanType, jasErrHandlerFunc, utils.GetAllSupportedScans(), nil, "") + err = runner.AddJasScannersTasks(jasFileProducerConsumer, &scanResults, &depsList, false, scanner, applicability.ApplicabilityDockerScanScanType, secrets.SecretsScannerDockerScanType, jasErrHandlerFunc, utils.GetAllSupportedScans(), nil, "") if err != nil { log.Error(fmt.Sprintf("scanning '%s' failed with error: %s", graph.Id, err.Error())) indexedFileErrors[threadId] = append(indexedFileErrors[threadId], formats.SimpleJsonError{FilePath: filePath, ErrorMessage: err.Error()}) diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index 46074965..22a47be4 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -123,6 +123,7 @@ func GetAnalyzerManagerExecutable() (analyzerManagerPath string, err error) { return } if !exists { + log.Debug(fmt.Sprintf("The analyzer manager executable was not found at %s", analyzerManagerPath)) err = errors.New("unable to locate the analyzer manager package. Advanced security scans cannot be performed without this package") } return analyzerManagerPath, err diff --git a/jas/common.go b/jas/common.go index dd547435..d5b28b20 100644 --- a/jas/common.go +++ b/jas/common.go @@ -31,6 +31,11 @@ import ( "gopkg.in/yaml.v3" ) +const ( + NoServerUrlError = "To incorporate the ‘Advanced Security’ scans into the audit output make sure platform url is provided and valid (run 'jf c add' prior to 'jf audit' via CLI, or provide JF_URL via Frogbot)" + NoServerDetailsError = "Jfrog Server details are missing" +) + type JasScanner struct { TempDir string AnalyzerManager AnalyzerManager @@ -41,17 +46,22 @@ type JasScanner struct { Exclusions []string } -func CreateJasScanner(scanner *JasScanner, jfrogAppsConfig *jfrogappsconfig.JFrogAppsConfig, serverDetails *config.ServerDetails, envVars map[string]string, exclusions ...string) (*JasScanner, error) { - var err error - if scanner.AnalyzerManager.AnalyzerManagerFullPath, err = GetAnalyzerManagerExecutable(); err != nil { - return scanner, err +func CreateJasScanner(jfrogAppsConfig *jfrogappsconfig.JFrogAppsConfig, serverDetails *config.ServerDetails, envVars map[string]string, exclusions ...string) (scanner *JasScanner, err error) { + if serverDetails == nil { + err = errors.New(NoServerDetailsError) + return + } + if len(serverDetails.Url) == 0 { + log.Warn(NoServerUrlError) + return } + scanner = &JasScanner{} if scanner.EnvVars, err = getJasEnvVars(serverDetails, envVars); err != nil { - return scanner, err + return } var tempDir string if tempDir, err = fileutils.CreateTempDir(); err != nil { - return scanner, err + return } scanner.TempDir = tempDir scanner.ScannerDirCleanupFunc = func() error { @@ -60,7 +70,7 @@ func CreateJasScanner(scanner *JasScanner, jfrogAppsConfig *jfrogappsconfig.JFro scanner.ServerDetails = serverDetails scanner.JFrogAppsConfig = jfrogAppsConfig scanner.Exclusions = exclusions - return scanner, err + return } func getJasEnvVars(serverDetails *config.ServerDetails, vars map[string]string) (map[string]string, error) { @@ -215,8 +225,7 @@ func InitJasTest(t *testing.T, workingDirs ...string) (*JasScanner, func()) { assert.NoError(t, DownloadAnalyzerManagerIfNeeded(0)) jfrogAppsConfigForTest, err := CreateJFrogAppsConfig(workingDirs) assert.NoError(t, err) - scanner := &JasScanner{} - scanner, err = CreateJasScanner(scanner, jfrogAppsConfigForTest, &FakeServerDetails, GetAnalyzerManagerXscEnvVars("", false)) + scanner, err := CreateJasScanner(jfrogAppsConfigForTest, &FakeServerDetails, GetAnalyzerManagerXscEnvVars("", false)) assert.NoError(t, err) return scanner, func() { assert.NoError(t, scanner.ScannerDirCleanupFunc()) diff --git a/jas/runner/jasrunner.go b/jas/runner/jasrunner.go index 87e209c1..d113b878 100644 --- a/jas/runner/jasrunner.go +++ b/jas/runner/jasrunner.go @@ -5,7 +5,6 @@ import ( "fmt" "github.com/jfrog/gofrog/parallel" jfrogappsconfig "github.com/jfrog/jfrog-apps-config/go" - "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-cli-security/jas" "github.com/jfrog/jfrog-cli-security/jas/applicability" "github.com/jfrog/jfrog-cli-security/jas/iac" @@ -20,11 +19,10 @@ import ( "golang.org/x/exp/slices" ) -func AddJasScannersTasks(securityParallelRunner *utils.SecurityParallelRunner, scanResults *utils.Results, directDependencies *[]string, - serverDetails *config.ServerDetails, thirdPartyApplicabilityScan bool, scanner *jas.JasScanner, scanType applicability.ApplicabilityScanType, +func AddJasScannersTasks(securityParallelRunner *utils.SecurityParallelRunner, scanResults *utils.Results, directDependencies *[]string, thirdPartyApplicabilityScan bool, scanner *jas.JasScanner, scanType applicability.ApplicabilityScanType, secretsScanType secrets.SecretsScanType, errHandlerFunc func(error), scansToPreform []utils.SubScanType, configProfile *services.ConfigProfile, scansOutputDir string) (err error) { - if serverDetails == nil || len(serverDetails.Url) == 0 { - log.Warn("To incorporate the ‘Advanced Security’ scans into the audit output make sure platform url is provided and valid (run 'jf c add' prior to 'jf audit' via CLI, or provide JF_URL via Frogbot)") + // Set the analyzer manager executable path. + if scanner.AnalyzerManager.AnalyzerManagerFullPath, err = jas.GetAnalyzerManagerExecutable(); err != nil { return } // For docker scan we support only secrets and contextual scans. diff --git a/jas/runner/jasrunner_test.go b/jas/runner/jasrunner_test.go index 878ce1e8..e5e9f03e 100644 --- a/jas/runner/jasrunner_test.go +++ b/jas/runner/jasrunner_test.go @@ -16,7 +16,7 @@ import ( "github.com/stretchr/testify/assert" ) -func TestGetExtendedScanResults_AnalyzerManagerDoesntExist(t *testing.T) { +func TestJasRunner_AnalyzerManagerNotExist(t *testing.T) { tmpDir, err := fileutils.CreateTempDir() assert.NoError(t, err) defer func() { @@ -26,32 +26,35 @@ func TestGetExtendedScanResults_AnalyzerManagerDoesntExist(t *testing.T) { defer func() { assert.NoError(t, os.Unsetenv(coreutils.HomeDir)) }() - scanner := &jas.JasScanner{} - _, err = jas.CreateJasScanner(scanner, nil, &jas.FakeServerDetails, jas.GetAnalyzerManagerXscEnvVars("", false)) + scanner, err := jas.CreateJasScanner(nil, &jas.FakeServerDetails, jas.GetAnalyzerManagerXscEnvVars("", false)) + assert.NoError(t, err) + if scanner.AnalyzerManager.AnalyzerManagerFullPath, err = jas.GetAnalyzerManagerExecutable(); err != nil { + return + } assert.Error(t, err) + assert.NotNil(t, scanner) assert.ErrorContains(t, err, "unable to locate the analyzer manager package. Advanced security scans cannot be performed without this package") } -func TestGetExtendedScanResults_ServerNotValid(t *testing.T) { +func TestJasRunner(t *testing.T) { securityParallelRunnerForTest := utils.CreateSecurityParallelRunner(cliutils.Threads) scanResults := &utils.Results{ScaResults: []*utils.ScaScanResult{{Technology: techutils.Pip, XrayResults: jas.FakeBasicXrayResults}}, ExtendedScanResults: &utils.ExtendedScanResults{}} - scanner := &jas.JasScanner{} - jasScanner, err := jas.CreateJasScanner(scanner, nil, &jas.FakeServerDetails, jas.GetAnalyzerManagerXscEnvVars("", false, scanResults.GetScaScannedTechnologies()...)) + jfrogAppsConfigForTest, err := jas.CreateJFrogAppsConfig(nil) + assert.NoError(t, err) + jasScanner, err := jas.CreateJasScanner(jfrogAppsConfigForTest, &jas.FakeServerDetails, jas.GetAnalyzerManagerXscEnvVars("", false, scanResults.GetScaScannedTechnologies()...)) assert.NoError(t, err) - err = AddJasScannersTasks(securityParallelRunnerForTest, scanResults, &[]string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, nil, false, jasScanner, applicability.ApplicabilityScannerType, secrets.SecretsScannerType, securityParallelRunnerForTest.AddErrorToChan, utils.GetAllSupportedScans(), nil, "") + err = AddJasScannersTasks(securityParallelRunnerForTest, scanResults, &[]string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, false, jasScanner, applicability.ApplicabilityScannerType, secrets.SecretsScannerType, securityParallelRunnerForTest.AddErrorToChan, utils.GetAllSupportedScans(), nil, "") assert.NoError(t, err) } -func TestGetExtendedScanResults_AnalyzerManagerReturnsError(t *testing.T) { +func TestJasRunner_AnalyzerManagerReturnsError(t *testing.T) { assert.NoError(t, jas.DownloadAnalyzerManagerIfNeeded(0)) jfrogAppsConfigForTest, _ := jas.CreateJFrogAppsConfig(nil) - scanner := &jas.JasScanner{} - scanner, _ = jas.CreateJasScanner(scanner, nil, &jas.FakeServerDetails, jas.GetAnalyzerManagerXscEnvVars("", false)) + scanner, _ := jas.CreateJasScanner(nil, &jas.FakeServerDetails, jas.GetAnalyzerManagerXscEnvVars("", false)) _, err := applicability.RunApplicabilityScan(jas.FakeBasicXrayResults, []string{"issueId_2_direct_dependency", "issueId_1_direct_dependency"}, scanner, false, applicability.ApplicabilityScannerType, jfrogAppsConfigForTest.Modules[0], 0) - // Expect error: assert.ErrorContains(t, err, "failed to run Applicability scan") } From b57c62569d3fea2525b0afa3dff11d73f51e8816 Mon Sep 17 00:00:00 2001 From: Assaf Attias <49212512+attiasas@users.noreply.github.com> Date: Tue, 24 Sep 2024 15:52:22 +0300 Subject: [PATCH 5/5] Update Dependencies (#190) --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 22cb394b..db05b5d2 100644 --- a/go.mod +++ b/go.mod @@ -6,12 +6,12 @@ require ( github.com/beevik/etree v1.4.0 github.com/google/go-github/v56 v56.0.0 github.com/gookit/color v1.5.4 - github.com/jfrog/build-info-go v1.10.0 + github.com/jfrog/build-info-go v1.10.1 github.com/jfrog/froggit-go v1.16.1 github.com/jfrog/gofrog v1.7.6 github.com/jfrog/jfrog-apps-config v1.0.1 - github.com/jfrog/jfrog-cli-core/v2 v2.56.0 - github.com/jfrog/jfrog-client-go v1.47.0 + github.com/jfrog/jfrog-cli-core/v2 v2.56.1 + github.com/jfrog/jfrog-client-go v1.47.1 github.com/magiconair/properties v1.8.7 github.com/owenrumney/go-sarif/v2 v2.3.0 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index dba68582..48357587 100644 --- a/go.sum +++ b/go.sum @@ -890,18 +890,18 @@ github.com/jedib0t/go-pretty/v6 v6.5.9 h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+ github.com/jedib0t/go-pretty/v6 v6.5.9/go.mod h1:zbn98qrYlh95FIhwwsbIip0LYpwSG8SUOScs+v9/t0E= github.com/jfrog/archiver/v3 v3.6.1 h1:LOxnkw9pOn45DzCbZNFV6K0+6dCsQ0L8mR3ZcujO5eI= github.com/jfrog/archiver/v3 v3.6.1/go.mod h1:VgR+3WZS4N+i9FaDwLZbq+jeU4B4zctXL+gL4EMzfLw= -github.com/jfrog/build-info-go v1.10.0 h1:jSxmN58mH0LaP+v1IQadplwJPRILLgI3xieBTXTCSos= -github.com/jfrog/build-info-go v1.10.0/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE= +github.com/jfrog/build-info-go v1.10.1 h1:5nLrpFjbV2zuBdmJXW2nybAz5vyu+qDkOtR7v0ehi8s= +github.com/jfrog/build-info-go v1.10.1/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE= github.com/jfrog/froggit-go v1.16.1 h1:FBIM1qevX/ag9unfmpGzfmZ36D8ulOJ+DPTSFUk3l5U= github.com/jfrog/froggit-go v1.16.1/go.mod h1:TEJSzgiV+3D/GVGE8Y6j46ut1jrBLD1FL6WdMdKwwCE= github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s= github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-cli-core/v2 v2.56.0 h1:rCNKhfESgsq0o6//gU1mNCvuCboE5BMfycj/RM/gq8k= -github.com/jfrog/jfrog-cli-core/v2 v2.56.0/go.mod h1:D8m0L8GCZiYCY9MjhnWY4egCqyVlU2iZsVA0yysBsVw= -github.com/jfrog/jfrog-client-go v1.47.0 h1:OBMB6TxqziBByjuk6hm0BM30pQwOb3XzjZKf/cmwCeM= -github.com/jfrog/jfrog-client-go v1.47.0/go.mod h1:UxzL9Q4pDoM+HQjSuQiGNakyoJNuxqPSs35/amBJvdY= +github.com/jfrog/jfrog-cli-core/v2 v2.56.1 h1:+Me+RQx8BYKib+RZLFtGWFftLjEd3NrjVVxJbSYElKU= +github.com/jfrog/jfrog-cli-core/v2 v2.56.1/go.mod h1:+a9VRDizwc+SK2Io6e4Yp8j7hkTeQstQTmNVwrxdh6Q= +github.com/jfrog/jfrog-client-go v1.47.1 h1:VT2v28/usTSP56+i3MC3fgRvZoh6vjRgQgs8xTk+sYU= +github.com/jfrog/jfrog-client-go v1.47.1/go.mod h1:7M/vgei7VGcLjUxwQ/3r9pH3lvDHlt6Q+Gw+YMis/mc= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=