Merge remote-tracking branch 'upstream/dev' into add_pnpm

.github/PULL_REQUEST_TEMPLATE.md

@@ -3,5 +3,6 @@
 - [ ] The code has been formatted properly using `go fmt ./...`.
 - [ ] All [static analysis checks](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml) passed.
 - [ ] All [tests](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml) have passed. If this feature is not already covered by the tests, new tests have been added.
+- [ ] All changes are detailed at the description. if not already covered at [JFrog Documentation](https://github.com/jfrog/documentation), new documentation have been added.
 
 -----

CONTRIBUTING.md

@@ -0,0 +1,127 @@
+# Contribution Guide
+
+Welcome to the contribution guide for our project! We appreciate your interest in contributing to the development of this project. Below, you will find essential information on local development, running tests, and guidelines for submitting pull requests.
+
+## Table of Contents
+
+- [🏠🏗️ Local development](#%EF%B8%8F-local-development)
+- [🚦 Running Tests](#-running-tests)
+- [📖 Submitting PR Guidelines](#-submitting-pr-guidelines)
+
+
+## 🏠🏗️ Local Development
+
+To run a command locally, use the following command template:
+
+```sh
+go run github.com/jfrog/jfrog-cli-security command [options] [arguments...]
+```
+
+---
+
+This project heavily depends on the following modules:
+
+- [github.com/jfrog/jfrog-client-go](https://github.com/jfrog/jfrog-client-go)
+- [github.com/jfrog/jfrog-cli-core](github.com/jfrog/jfrog-cli-core)
+
+During local development, if you come across code that needs to be modified in one of the mentioned modules, it is advisable to replace the dependency with a local clone of the module.
+
+<details>
+<summary>Replacing a dependency with a local clone</summary>
+
+---
+
+To include this local dependency, For instance, let's assume you wish to modify files from `jfrog-cli-core`, modify the `go.mod` file as follows:
+
+```
+replace github.com/jfrog/jfrog-cli-core/v2 => /local/path/in/your/machine/jfrog-cli-core
+```
+
+Afterward, execute `go mod tidy` to ensure the Go module files are updated. Note that Go will automatically adjust the version in the `go.mod` file.
+
+---
+
+</details>
+
+
+## 🚦 Running Tests
+
+When running tests, builds and repositories with timestamps like `cli-rt1-1592990748` and `cli-rt2-1592990748` will be created. The content of these repositories will be deleted once the tests are completed.
+
+To run tests, use the following command:
+
+```
+go test -v github.com/jfrog/jfrog-cli-security [test-types] [flags]
+```
+
+### The available flags are:
+
+| Flag                | Description                                                                                     |
+| ------------------- | ----------------------------------------------------------------------------------------------- |
+| `-jfrog.url`        | [Default: http://localhost:8081] JFrog platform URL                                             |
+| `-jfrog.user`       | [Default: admin] JFrog platform username                                                        |
+| `-jfrog.password`   | [Default: password] JFrog platform password                                                     |
+| `-jfrog.adminToken` | [Optional] JFrog platform admin token                                                           |
+| `-ci.runId`         | [Optional] A unique identifier used as a suffix to create repositories and builds in the tests. |
+| `-jfrog.sshKeyPath`    | [Optional] Path to the SSH key file. Use this flag only if the Artifactory URL format is `ssh://[domain]:port`. |
+| `-jfrog.sshPassphrase` | [Optional] Passphrase for the SSH key.                                                                          |
+
+---
+
+
+### The available test types are:
+
+| Type                 | Description        |
+| -------------------- | ------------------ |
+| `-test.security`     | [Default: true] Security commands integration tests  |
+| `-test.dockerScan`   | [Optional] Docker scan integration tests  |
+
+### Docker Scan tests
+
+<details>
+
+#### Requirements
+
+- Make sure the `RTLIC` environment variable is configured with a valid license.
+- Before running the tests, wait for Artifactory to finish booting up in the container.
+
+| Flag                      | Description                         |
+| ------------------------- | ----------------------------------- |
+| `-test.containerRegistry` | Artifactory Docker registry domain. |
+
+
+</details>
+
+## 📖 Submitting PR Guidelines
+
+Once you have completed your coding changes, it is recommended to push the modifications made to the other modules first. Once these changes are pushed, you can update this project to resolve dependencies from your GitHub fork or branch.
+
+<details>
+
+<summary>Resolve dependencies from GitHub fork or branch</summary>
+
+---
+
+To achieve this, modify the `go.mod` file to point the dependency to your repository and branch, as shown in the example below:
+
+```
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
+```
+
+Finally, execute `go mod tidy` to update the Go module files. Please note that Go will automatically update the version in the `go.mod` file.
+
+---
+
+</details>
+
+### Before submitting the pull request, ensure:
+
+- Your changes are covered by `unit` and `integration` tests. If not, please add new tests.
+- The code compiles, by running `go vet ./...`.
+- To format the code, by running `go fmt ./...`.
+- The documentation covers the changes, if not please add and make changes at [The documentation repository](https://github.com/jfrog/documentation)
+
+### When creating the pull request, ensure:
+
+- The pull request is on the `dev` branch.
+- The pull request description describes the changes made.

README.md

@@ -7,13 +7,13 @@
 
 | Branch |                                                                                                                                                                                            Status                                                                                                                                                                                            |
 |:------:|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|
-| master | [![Test](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml?query=branch%3Amaster) [![Static Analysis](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml/badge.svg?branch=master)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml) |
+| main | [![Test](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml?query=branch%main) [![Static Analysis](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml/badge.svg?branch=main)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml) |
 |  dev   |     [![Test](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml/badge.svg?branch=dev)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml?query=branch%3Adev) [![Static Analysis](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml/badge.svg?branch=dev)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml)      |
 
 ##  General
 
-**jfrog-cli-security** is a Go module that encompasses the security commands of [JFrog CLI](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli). This module is an Embedded JFrog CLI Plugins and is referenced as a Go module within the [JFrog CLI codebase](https://github.com/jfrog/jfrog-cli).
+**jfrog-cli-security** is a Go module that encompasses the security commands of [JFrog CLI](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli). This module is an Embedded JFrog CLI Plugin and is referenced as a Go module within the [JFrog CLI codebase](https://github.com/jfrog/jfrog-cli).
 
 ## 🫱🏻‍🫲🏼 Contributions
 
-We welcome contributions from the community through pull requests. To assist in enhancing this project, please review our [Plugin Contribution](https://github.com/jfrog/jfrog-cli-core/blob/dev/plugins/README.md) guide.
+We welcome contributions from the community through pull requests. To assist in enhancing this project, please review our [Contribution](CONTRIBUTING.md) guide.

utils/analyzermanager.go

@@ -109,7 +109,7 @@ func (am *AnalyzerManager) ExecWithOutputFile(configFile, scanCommand, workingDi
 	}()
 	cmd.Dir = workingDir
 	output, err := cmd.CombinedOutput()
-	if err != nil {
+	if isCI() || err != nil {
 		if len(output) > 0 {
 			log.Debug(fmt.Sprintf("%s %q output: %s", workingDir, strings.Join(cmd.Args, " "), string(output)))
 		}
@@ -165,6 +165,10 @@ func GetAnalyzerManagerExecutableName() string {
 	return analyzerManager
 }
 
+func isCI() bool {
+	return strings.ToLower(os.Getenv(coreutils.CI)) == "true"
+}
+
 func SetAnalyzerManagerEnvVariables(serverDetails *config.ServerDetails) error {
 	if serverDetails == nil {
 		return errors.New("cant get xray server details")
@@ -181,12 +185,14 @@ func SetAnalyzerManagerEnvVariables(serverDetails *config.ServerDetails) error {
 	if err := os.Setenv(jfTokenEnvVariable, serverDetails.AccessToken); errorutils.CheckError(err) != nil {
 		return err
 	}
-	analyzerManagerLogFolder, err := coreutils.CreateDirInJfrogHome(filepath.Join(coreutils.JfrogLogsDirName, analyzerManagerLogDirName))
-	if err != nil {
-		return err
-	}
-	if err = os.Setenv(logDirEnvVariable, analyzerManagerLogFolder); errorutils.CheckError(err) != nil {
-		return err
+	if !isCI() {
+		analyzerManagerLogFolder, err := coreutils.CreateDirInJfrogHome(filepath.Join(coreutils.JfrogLogsDirName, analyzerManagerLogDirName))
+		if err != nil {
+			return err
+		}
+		if err = os.Setenv(logDirEnvVariable, analyzerManagerLogFolder); errorutils.CheckError(err) != nil {
+			return err
+		}
 	}
 	return nil
 }