Move security content and use Jfrog-CLI-Security embedded plugin

buildtools/cli.go

@@ -19,6 +19,7 @@
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/commands/yarn"
 	containerutils "github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/container"
 	"github.com/jfrog/jfrog-cli-core/v2/common/build"
+	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
 	commonCliUtils "github.com/jfrog/jfrog-cli-core/v2/common/cliutils"
 	"github.com/jfrog/jfrog-cli-core/v2/common/commands"
 	outputFormat "github.com/jfrog/jfrog-cli-core/v2/common/format"
@@ -51,7 +52,8 @@
 	yarndocs "github.com/jfrog/jfrog-cli/docs/buildtools/yarn"
 	"github.com/jfrog/jfrog-cli/docs/buildtools/yarnconfig"
 	"github.com/jfrog/jfrog-cli/docs/common"
-	"github.com/jfrog/jfrog-cli/scan"
+	"github.com/jfrog/jfrog-cli-security/commands/scan"
+	securityCLI "github.com/jfrog/jfrog-cli-security/cli"
 	"github.com/jfrog/jfrog-cli/utils/cliutils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
@@ -411,6 +413,9 @@
 	if err != nil {
 		return err
 	}
+	if xrayScan {
+		commandsUtils.ConditionalUploadScanFunc = scan.ConditionalUploadDefaultScanFunc
+	}
 	filteredMavenArgs, format, err := coreutils.ExtractXrayOutputFormatFromArgs(filteredMavenArgs)
 	if err != nil {
 		return err
@@ -464,6 +469,9 @@
 	if err != nil {
 		return err
 	}
+	if xrayScan {
+		commandsUtils.ConditionalUploadScanFunc = scan.ConditionalUploadDefaultScanFunc
+	}
 	filteredGradleArgs, format, err := coreutils.ExtractXrayOutputFormatFromArgs(filteredGradleArgs)
 	if err != nil {
 		return err
@@ -687,7 +695,11 @@
 	case "push":
 		err = pushCmd(c, image)
 	case "scan":
-		return scan.DockerScan(c, image)
+		convertedCtx , err := components.ConvertContext(c)
+		if err != nil {
+			return err
+		}
+		return securityCLI.DockerScan(convertedCtx, image)
 	default:
 		err = dockerNativeCmd(c)
 	}
@@ -827,6 +839,9 @@
 	if err = npmCmd.Init(); err != nil {
 		return err
 	}
+	if npmCmd.GetXrayScan() {
+		commandsUtils.ConditionalUploadScanFunc = scan.ConditionalUploadDefaultScanFunc
+	}
 	printDeploymentView, detailedSummary := log.IsStdErrTerminal(), npmCmd.IsDetailedSummary()
 	if !detailedSummary {
 		npmCmd.SetDetailedSummary(printDeploymentView)

go.mod

@@ -10,6 +10,7 @@ require (
 	github.com/jfrog/build-info-go v1.9.20
 	github.com/jfrog/gofrog v1.5.0
 	github.com/jfrog/jfrog-cli-core/v2 v2.47.10
+	github.com/jfrog/jfrog-cli-security v1.0.0
 	github.com/jfrog/jfrog-client-go v1.35.6
 	github.com/jszwec/csvutil v1.9.0
 	github.com/mholt/archiver/v3 v3.5.1
@@ -128,7 +129,9 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240110073910-2461fe7e7b4f
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240111145839-b856a91ecdc6
+
+replace github.com/jfrog/jfrog-cli-security => github.com/attiasas/jfrog-cli-security v0.0.0-20240111150000-801607649f2c
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20231220102935-c8776c613ad8
 

go.sum

@@ -27,6 +27,10 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkE
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240111145839-b856a91ecdc6 h1:oK813X9R1dIM30x4XnIN9/1UfYQurCdTCwnkZYHSKl4=
+github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240111145839-b856a91ecdc6/go.mod h1:MBdk6VvRW27IojGy9UJ2F2pAucVuB6ecS15DQ5rHAH8=
+github.com/attiasas/jfrog-cli-security v0.0.0-20240111150000-801607649f2c h1:VvOnUOje4As5fBgcG2MjMM9mxkG8JAqKE5y8Sz8vqlU=
+github.com/attiasas/jfrog-cli-security v0.0.0-20240111150000-801607649f2c/go.mod h1:n54Li24uYLhK4IGdYCVKyC4jkav4XvJR8ut5g5lMPb4=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
@@ -135,8 +139,6 @@ github.com/jfrog/gofrog v1.5.0 h1:OLaXpNaEniliE4Kq8lJ5evVYzzt3zdYtpMIBu6TO++c=
 github.com/jfrog/gofrog v1.5.0/go.mod h1:wQqagqq2VpuCWRPlq/65GbH9gsRz+7Bgc1Q+PKD4Y+k=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240110073910-2461fe7e7b4f h1:UETEUtFCOm0bhd7AeRgaf9QxPsSgnPgHgjfo7OHOOXQ=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240110073910-2461fe7e7b4f/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII=
 github.com/jfrog/jfrog-client-go v1.35.6 h1:nVS94x6cwSRkhtj8OM3elbUcGgQhqsK8YMPvC/gf5sk=
 github.com/jfrog/jfrog-client-go v1.35.6/go.mod h1:V+XKC27k6GA5OcWIAItpnxZAZnCigg8xCkpXKP905Fk=
 github.com/jszwec/csvutil v1.9.0 h1:iTmq9G1P0e+AUq/MkFg6tetJ+1BH3fOX8Xi0RAcwiGc=

main.go

@@ -2,14 +2,21 @@
 
 import (
 	"fmt"
+	"os"
+	"runtime"
+	"sort"
+	"strings"
+
 	"github.com/agnivade/levenshtein"
 	corecommon "github.com/jfrog/jfrog-cli-core/v2/docs/common"
 	setupcore "github.com/jfrog/jfrog-cli-core/v2/general/envsetup"
+	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
 	coreconfig "github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/log"
+	securityCLI "github.com/jfrog/jfrog-cli-security/cli"
 	"github.com/jfrog/jfrog-cli/artifactory"
 	"github.com/jfrog/jfrog-cli/buildtools"
 	"github.com/jfrog/jfrog-cli/completion"
 	"github.com/jfrog/jfrog-cli/config"
 	"github.com/jfrog/jfrog-cli/distribution"
@@ -27,18 +34,12 @@
 	"github.com/jfrog/jfrog-cli/pipelines"
 	"github.com/jfrog/jfrog-cli/plugins"
 	"github.com/jfrog/jfrog-cli/plugins/utils"
-	"github.com/jfrog/jfrog-cli/scan"
 	"github.com/jfrog/jfrog-cli/utils/cliutils"
-	"github.com/jfrog/jfrog-cli/xray"
 	clientutils "github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	clientlog "github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/urfave/cli"
 	"golang.org/x/exp/slices"
-	"os"
-	"runtime"
-	"sort"
-	"strings"
 )
 
 const commandHelpTemplate string = `{{.HelpName}}{{if .UsageText}}
@@ -182,12 +183,6 @@
 			Subcommands: missioncontrol.GetCommands(),
 			Category:    otherCategory,
 		},
-		{
-			Name:        cliutils.CmdXray,
-			Usage:       "Xray commands.",
-			Subcommands: xray.GetCommands(),
-			Category:    otherCategory,
-		},
 		{
 			Name:        cliutils.CmdDistribution,
 			Usage:       "Distribution commands.",
@@ -289,13 +284,37 @@
 			Action:       token.AccessTokenCreateCmd,
 		},
 	}
-	allCommands := append(slices.Clone(cliNameSpaces), utils.GetPlugins()...)
-	allCommands = append(allCommands, scan.GetCommands()...)
+	allCommands := append(slices.Clone(cliNameSpaces), ConvertEmbeddedPlugin(securityCLI.GetJfrogCliSecurityApp())...)
+	allCommands = append(allCommands, utils.GetPlugins()...)
 	allCommands = append(allCommands, buildtools.GetCommands()...)
 	allCommands = append(allCommands, lifecycle.GetCommands()...)
 	return append(allCommands, buildtools.GetBuildToolsHelpCommands()...)
 }
 
+func ConvertEmbeddedPlugin(jfrogApp components.App) (embeddedCmd []cli.Command) {
+	// Convert commands
+	if converted, err := components.ConvertCommands(jfrogApp.Name, jfrogApp.Commands); err != nil {
+		clientlog.Error(fmt.Sprintf("failed adding '%s' embedded plugin as commands. Last error: %s", jfrogApp.Name, err.Error()))
+		return
+	} else {
+		embeddedCmd = append(embeddedCmd, converted...)
+	}
+	// Convert subcommands
+	if subcommands, err := components.ConvertSubcommands(jfrogApp.Subcommands); err != nil {
+		clientlog.Error(fmt.Sprintf("failed adding '%s' embedded plugin as sub commands. Last error: %s", jfrogApp.Name, err.Error()))
+		return
+	} else {
+		for _, subcommand := range subcommands {
+			// commands name-space without category is considered as 'other' category
+			if subcommand.Category == "" {
+				subcommand.Category = otherCategory
+			}
+			embeddedCmd = append(embeddedCmd, subcommand)
+		}
+	}
+	return
+}
+
 func getAppHelpTemplate() string {
 	return `NAME:
    ` + coreutils.GetCliExecutableName() + ` - {{.Usage}}

main_test.go

@@ -68,9 +68,6 @@ func setupIntegrationTests() {
 	if *tests.TestPlugins {
 		InitPluginsTests()
 	}
-	if *tests.TestXray {
-		InitXrayTests()
-	}
 	if *tests.TestAccess {
 		InitAccessTests()
 	}
@@ -89,9 +86,6 @@ func tearDownIntegrationTests() {
 	if *tests.TestNpm || *tests.TestGradle || *tests.TestMaven || *tests.TestGo || *tests.TestNuget || *tests.TestPip || *tests.TestPipenv || *tests.TestDocker || *tests.TestPodman || *tests.TestDockerScan {
 		CleanBuildToolsTests()
 	}
-	if *tests.TestXray {
-		CleanXrayTests()
-	}
 	if *tests.TestDistribution {
 		CleanDistributionTests()
 	}

pip_test.go

@@ -4,7 +4,7 @@ import (
 	biutils "github.com/jfrog/build-info-go/utils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	coretests "github.com/jfrog/jfrog-cli-core/v2/utils/tests"
-	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/audit/sca/python"
+	"github.com/jfrog/jfrog-cli-security/commands/audit/sca/python"
 	clientTestUtils "github.com/jfrog/jfrog-client-go/utils/tests"
 	"os"
 	"path/filepath"