adjustments in audit params (#692)

Adjustments in RunInstallAndAudit due to changes in jfrog-cli-security

go.mod

@@ -119,7 +119,7 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-// replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security dev
+replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.3.1-0.20240618131618-bb2f45c8b90e
 
 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
 

go.sum

@@ -900,8 +900,8 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
 github.com/jfrog/jfrog-cli-core/v2 v2.53.1 h1:odwPJlrUVw7yKIYctVIn7/8YW/Ynwq4vvsmrXOzAAa8=
 github.com/jfrog/jfrog-cli-core/v2 v2.53.1/go.mod h1:4iTSevmlThM1Aw5NAY4WyVxim5US4SkrmxHSHFimaqk=
-github.com/jfrog/jfrog-cli-security v1.3.0 h1:NJxWAj+9v1hJINQtRGlficTmWqXYGghdjEHSy4NE8EY=
-github.com/jfrog/jfrog-cli-security v1.3.0/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8=
+github.com/jfrog/jfrog-cli-security v1.3.1-0.20240618131618-bb2f45c8b90e h1:F1Yx/K4cDzsWOnbK5YoYYIRh5lwP0iZ8vxa7UPslqxw=
+github.com/jfrog/jfrog-cli-security v1.3.1-0.20240618131618-bb2f45c8b90e/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8=
 github.com/jfrog/jfrog-client-go v1.41.0 h1:g5OTFvreOVQ6U/5LUXFJfA3Bc+AZCo2PO/EzCLxLbLE=
 github.com/jfrog/jfrog-client-go v1.41.0/go.mod h1:AN+/mT2DIBE4oRZicJojqND2BEKLfA7f73i5rT3Lfcc=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=

scanpullrequest/scanpullrequest_test.go

@@ -89,8 +89,8 @@ func TestCreateVulnerabilitiesRows(t *testing.T) {
 
 	// Run createNewIssuesRows and make sure that only the XRAY-2 violation exists in the results
 	securityViolationsRows, licenseViolations, err := createNewVulnerabilitiesRows(
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
 		nil,
 	)
 	assert.NoError(t, err)
@@ -168,8 +168,8 @@ func TestCreateVulnerabilitiesRowsCaseNoPrevViolations(t *testing.T) {
 
 	// Run createNewIssuesRows and expect both XRAY-1 and XRAY-2 violation in the results
 	vulnerabilities, licenses, err := createNewVulnerabilitiesRows(
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
 		[]string{},
 	)
 	assert.NoError(t, err)
@@ -213,8 +213,8 @@ func TestGetNewViolationsCaseNoNewViolations(t *testing.T) {
 
 	// Run createNewIssuesRows and expect no violations in the results
 	securityViolations, licenseViolations, err := createNewVulnerabilitiesRows(
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
 		[]string{"MIT"},
 	)
 	assert.NoError(t, err)
@@ -285,14 +285,14 @@ func TestGetNewVulnerabilities(t *testing.T) {
 	// Run createNewIssuesRows and make sure that only the XRAY-2 vulnerability exists in the results
 	vulnerabilities, licenses, err := createNewVulnerabilitiesRows(
 		&xrayutils.Results{
-			ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}},
+			ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}},
 			ExtendedScanResults: &xrayutils.ExtendedScanResults{
 				EntitledForJas:           true,
 				ApplicabilityScanResults: []*sarif.Run{xrayutils.CreateRunWithDummyResults(xrayutils.CreateResultWithOneLocation("file1", 1, 10, 2, 11, "snippet", "applic_CVE-2023-4321", ""))},
 			},
 		},
 		&xrayutils.Results{
-			ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}},
+			ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}},
 			ExtendedScanResults: &xrayutils.ExtendedScanResults{
 				EntitledForJas:           true,
 				ApplicabilityScanResults: []*sarif.Run{xrayutils.CreateRunWithDummyResults(xrayutils.CreateResultWithOneLocation("file1", 1, 10, 2, 11, "snippet", "applic_CVE-2023-4321", ""))},
@@ -355,8 +355,8 @@ func TestGetNewVulnerabilitiesCaseNoPrevVulnerabilities(t *testing.T) {
 
 	// Run createNewIssuesRows and expect both XRAY-1 and XRAY-2 vulnerability in the results
 	vulnerabilities, licenses, err := createNewVulnerabilitiesRows(
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
 		nil,
 	)
 	assert.NoError(t, err)
@@ -391,8 +391,8 @@ func TestGetNewVulnerabilitiesCaseNoNewVulnerabilities(t *testing.T) {
 
 	// Run createNewIssuesRows and expect no vulnerability in the results
 	vulnerabilities, licenses, err := createNewVulnerabilitiesRows(
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
-		&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
+		&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
 		nil,
 	)
 	assert.NoError(t, err)
@@ -403,7 +403,7 @@ func TestGetNewVulnerabilitiesCaseNoNewVulnerabilities(t *testing.T) {
 func TestGetAllIssues(t *testing.T) {
 	allowedLicenses := []string{"MIT"}
 	auditResults := &xrayutils.Results{
-		ScaResults: []xrayutils.ScaScanResult{{
+		ScaResults: []*xrayutils.ScaScanResult{{
 			XrayResults: []services.ScanResponse{{
 				Vulnerabilities: []services.Vulnerability{
 					{Cves: []services.Cve{{Id: "CVE-2022-2122"}}, Severity: "High", Components: map[string]services.Component{"Dep-1": {FixedVersions: []string{"1.2.3"}}}},

scanrepository/scanrepository_test.go

@@ -441,15 +441,14 @@ func TestCreateVulnerabilitiesMap(t *testing.T) {
 		{
 			name: "Scan results with no violations and vulnerabilities",
 			scanResults: &xrayutils.Results{
-				ScaResults:          []xrayutils.ScaScanResult{},
 				ExtendedScanResults: &xrayutils.ExtendedScanResults{},
 			},
 			expectedMap: map[string]*utils.VulnerabilityDetails{},
 		},
 		{
 			name: "Scan results with vulnerabilities and no violations",
 			scanResults: &xrayutils.Results{
-				ScaResults: []xrayutils.ScaScanResult{{
+				ScaResults: []*xrayutils.ScaScanResult{{
 					XrayResults: []services.ScanResponse{
 						{
 							Vulnerabilities: []services.Vulnerability{
@@ -500,7 +499,7 @@ func TestCreateVulnerabilitiesMap(t *testing.T) {
 		{
 			name: "Scan results with violations and no vulnerabilities",
 			scanResults: &xrayutils.Results{
-				ScaResults: []xrayutils.ScaScanResult{{
+				ScaResults: []*xrayutils.ScaScanResult{{
 					XrayResults: []services.ScanResponse{
 						{
 							Violations: []services.Violation{

utils/scandetails.go

@@ -6,10 +6,13 @@ import (
 	"fmt"
 	"github.com/jfrog/froggit-go/vcsclient"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-security/commands/audit"
+	"github.com/jfrog/jfrog-cli-security/scangraph"
 	xrayutils "github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/jfrog/jfrog-client-go/xray/services"
+	"os"
 	"path/filepath"
 )
 
@@ -89,6 +92,26 @@ func (sc *ScanDetails) SetRepoName(repoName string) *ScanDetails {
 	return sc
 }
 
+func (sc *ScanDetails) CreateCommonGraphScanParams() *scangraph.CommonGraphScanParams {
+	commonParams := &scangraph.CommonGraphScanParams{
+		RepoPath: sc.RepoPath,
+		Watches:  sc.Watches,
+		ScanType: sc.ScanType,
+	}
+	if sc.ProjectKey == "" {
+		commonParams.ProjectKey = os.Getenv(coreutils.Project)
+	} else {
+		commonParams.ProjectKey = sc.ProjectKey
+	}
+	commonParams.IncludeVulnerabilities = sc.IncludeVulnerabilities
+	commonParams.IncludeLicenses = sc.IncludeLicenses
+	commonParams.MultiScanId = sc.MultiScanId
+	if commonParams.MultiScanId != "" {
+		commonParams.XscVersion = sc.XscVersion
+	}
+	return commonParams
+}
+
 func createXrayScanParams(watches []string, project string, includeLicenses bool) (params *services.XrayGraphScanParams) {
 	params = &services.XrayGraphScanParams{
 		ScanType:        services.Dependency,
@@ -117,17 +140,17 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra
 		SetInstallCommandArgs(sc.InstallCommandArgs)
 
 	auditParams := audit.NewAuditParams().
-		SetXrayGraphScanParams(sc.XrayGraphScanParams).
 		SetWorkingDirs(workDirs).
 		SetMinSeverityFilter(sc.MinSeverityFilter()).
 		SetFixableOnly(sc.FixableOnly()).
-		SetGraphBasicParams(auditBasicParams)
-
+		SetGraphBasicParams(auditBasicParams).
+		SetCommonGraphScanParams(sc.CreateCommonGraphScanParams())
 	auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan)
 
 	auditResults, err = audit.RunAudit(auditParams)
+
 	if auditResults != nil {
-		err = errors.Join(err, auditResults.ScaError, auditResults.JasError)
+		err = errors.Join(err, auditResults.ScansErr)
 	}
 	return
 }