jfrog · attiasas · Nov 25, 2024 · Nov 17, 2024 · Nov 18, 2024 · Nov 21, 2024
diff --git a/audit_test.go b/audit_test.go
@@ -575,7 +575,7 @@ func getNoJasAuditMockCommand() components.Command {
 		Name:  docs.Audit,
 		Flags: docs.GetCommandFlags(docs.Audit),
 		Action: func(c *components.Context) error {
-			auditCmd, err := cli.CreateAuditCmd(c)
+			_, _, _, auditCmd, err := cli.CreateAuditCmd(c)
 			if err != nil {
 				return err
 			}

diff --git a/cli/scancommands.go b/cli/scancommands.go
@@ -206,6 +206,10 @@ func ScanCmd(c *components.Context) error {
 	if err != nil {
 		return err
 	}
+	xrayVersion, xscVersion, err := GetJfrogServicesVersion(serverDetails)
+	if err != nil {
+		return err
+	}
 	var specFile *spec.SpecFiles
 	if c.IsFlagSet(flags.SpecFlag) && len(c.GetStringFlagValue(flags.SpecFlag)) > 0 {
 		specFile, err = pluginsCommon.GetFileSystemSpec(c)
@@ -233,6 +237,8 @@ func ScanCmd(c *components.Context) error {
 		return err
 	}
 	scanCmd := scan.NewScanCommand().
+		SetXrayVersion(xrayVersion).
+		SetXscVersion(xscVersion).
 		SetServerDetails(serverDetails).
 		SetThreads(threads).
 		SetSpec(specFile).
@@ -369,7 +375,7 @@ func BuildScan(c *components.Context) error {
 }
 
 func AuditCmd(c *components.Context) error {
-	auditCmd, err := CreateAuditCmd(c)
+	xrayVersion, xscVersion, serverDetails, auditCmd, err := CreateAuditCmd(c)
 	if err != nil {
 		return err
 	}
@@ -419,7 +425,7 @@ func AuditCmd(c *components.Context) error {
 	auditCmd.SetThreads(threads)
 	err = progressbar.ExecWithProgress(auditCmd)
 	// Reporting error if Xsc service is enabled
-	reportErrorIfExists(err, auditCmd)
+	reportErrorIfExists(xrayVersion, xscVersion, serverDetails, err)
 	return err
 }
 
@@ -428,46 +434,42 @@ func shouldAddSubScan(subScan utils.SubScanType, c *components.Context) bool {
 		(subScan == utils.ContextualAnalysisScan && c.GetBoolFlagValue(flags.Sca) && !c.GetBoolFlagValue(flags.WithoutCA)) || (subScan == utils.SecretTokenValidationScan && c.GetBoolFlagValue(flags.Secrets) && c.GetBoolFlagValue(flags.SecretValidation))
 }
 
-func reportErrorIfExists(err error, auditCmd *audit.AuditCommand) {
+func reportErrorIfExists(xrayVersion, xscVersion string, serverDetails *coreConfig.ServerDetails, err error) {
 	if err == nil || !usage.ShouldReportUsage() {
 		return
 	}
-	var serverDetails *coreConfig.ServerDetails
-	serverDetails, innerError := auditCmd.ServerDetails()
-	if innerError != nil {
-		log.Debug(fmt.Sprintf("failed to get server details for error report: %q", innerError))
-		return
-	}
-	if reportError := xsc.ReportError(serverDetails, err, "cli"); reportError != nil {
+	if reportError := xsc.ReportError(xrayVersion, xscVersion, serverDetails, err, "cli"); reportError != nil {
 		log.Debug("failed to report error log:" + reportError.Error())
 	}
 }
 
-func CreateAuditCmd(c *components.Context) (*audit.AuditCommand, error) {
+func CreateAuditCmd(c *components.Context) (string, string, *coreConfig.ServerDetails, *audit.AuditCommand, error) {
 	auditCmd := audit.NewGenericAuditCommand()
 	serverDetails, err := createServerDetailsWithConfigOffer(c)
 	if err != nil {
-		return nil, err
+		return "", "", nil, nil, err
 	}
 	err = validateXrayContext(c, serverDetails)
 	if err != nil {
-		return nil, err
+		return "", "", nil, nil, err
+	}
+	xrayVersion, xscVersion, err := GetJfrogServicesVersion(serverDetails)
+	if err != nil {
+		return "", "", nil, nil, err
 	}
 	format, err := outputFormat.GetOutputFormat(c.GetStringFlagValue(flags.OutputFormat))
 	if err != nil {
-		return nil, err
+		return "", "", nil, nil, err
 	}
 	minSeverity, err := getMinimumSeverity(c)
 	if err != nil {
-		return nil, err
+		return "", "", nil, nil, err
 	}
 	scansOutputDir, err := getAndValidateOutputDirExistsIfProvided(c)
 	if err != nil {
-		return nil, err
+		return "", "", nil, nil, err
 	}
 
-	auditCmd.SetAnalyticsMetricsService(xsc.NewAnalyticsMetricsService(serverDetails))
-
 	auditCmd.SetTargetRepoPath(addTrailingSlashToRepoPathIfNeeded(c)).
 		SetProject(getProject(c)).
 		SetIncludeVulnerabilities(c.GetBoolFlagValue(flags.Vuln) || shouldIncludeVulnerabilities(c)).
@@ -489,6 +491,8 @@ func CreateAuditCmd(c *components.Context) (*audit.AuditCommand, error) {
 		auditCmd.SetWorkingDirs(splitByCommaAndTrim(c.GetStringFlagValue(flags.WorkingDirs)))
 	}
 	auditCmd.SetServerDetails(serverDetails).
+		SetXrayVersion(xrayVersion).
+		SetXscVersion(xscVersion).
 		SetExcludeTestDependencies(c.GetBoolFlagValue(flags.ExcludeTestDeps)).
 		SetOutputFormat(format).
 		SetUseJas(true).
@@ -497,7 +501,7 @@ func CreateAuditCmd(c *components.Context) (*audit.AuditCommand, error) {
 		SetNpmScope(c.GetStringFlagValue(flags.DepType)).
 		SetPipRequirementsFile(c.GetStringFlagValue(flags.RequirementsFile)).
 		SetExclusions(pluginsCommon.GetStringsArrFlagValue(c, flags.Exclusions))
-	return auditCmd, err
+	return xrayVersion, xscVersion, serverDetails, auditCmd, err
 }
 
 func logNonGenericAuditCommandDeprecation(cmdName string) {
@@ -513,7 +517,7 @@ func logNonGenericAuditCommandDeprecation(cmdName string) {
 
 func AuditSpecificCmd(c *components.Context, technology techutils.Technology) error {
 	logNonGenericAuditCommandDeprecation(c.CommandName)
-	auditCmd, err := CreateAuditCmd(c)
+	xrayVersion, xscVersion, serverDetails, auditCmd, err := CreateAuditCmd(c)
 	if err != nil {
 		return err
 	}
@@ -522,7 +526,7 @@ func AuditSpecificCmd(c *components.Context, technology techutils.Technology) er
 	err = progressbar.ExecWithProgress(auditCmd)
 
 	// Reporting error if Xsc service is enabled
-	reportErrorIfExists(err, auditCmd)
+	reportErrorIfExists(xrayVersion, xscVersion, serverDetails, err)
 	return err
 }
 
@@ -709,6 +713,10 @@ func DockerScan(c *components.Context, image string) error {
 	if err != nil {
 		return err
 	}
+	xrayVersion, xscVersion, err := GetJfrogServicesVersion(serverDetails)
+	if err != nil {
+		return err
+	}
 	containerScanCommand := scan.NewDockerScanCommand()
 	format, err := outputFormat.GetOutputFormat(c.GetStringFlagValue(flags.OutputFormat))
 	if err != nil {
@@ -721,6 +729,8 @@ func DockerScan(c *components.Context, image string) error {
 	containerScanCommand.SetImageTag(image).
 		SetTargetRepoPath(addTrailingSlashToRepoPathIfNeeded(c)).
 		SetServerDetails(serverDetails).
+		SetXrayVersion(xrayVersion).
+		SetXscVersion(xscVersion).
 		SetOutputFormat(format).
 		SetProject(getProject(c)).
 		SetIncludeVulnerabilities(c.GetBoolFlagValue(flags.Vuln) || shouldIncludeVulnerabilities(c)).
@@ -731,10 +741,33 @@ func DockerScan(c *components.Context, image string) error {
 		SetFixableOnly(c.GetBoolFlagValue(flags.FixableOnly)).
 		SetMinSeverityFilter(minSeverity).
 		SetThreads(threads).
-		SetAnalyticsMetricsService(xsc.NewAnalyticsMetricsService(serverDetails)).
+		// SetAnalyticsMetricsService(xsc.NewAnalyticsMetricsService(serverDetails)).
 		SetSecretValidation(c.GetBoolFlagValue(flags.SecretValidation))
 	if c.GetStringFlagValue(flags.Watches) != "" {
 		containerScanCommand.SetWatches(splitByCommaAndTrim(c.GetStringFlagValue(flags.Watches)))
 	}
 	return progressbar.ExecWithProgress(containerScanCommand)
 }
+
+func GetJfrogServicesVersion(serverDetails *coreConfig.ServerDetails) (xrayVersion, xscVersion string, err error) {
+	xrayManager, err := xray.CreateXrayServiceManager(serverDetails)
+	if err != nil {
+		return
+	}
+	xrayVersion, err = xrayManager.GetVersion()
+	log.Debug("Xray version: " + xrayVersion)
+	if err != nil {
+		return
+	}
+	xscService, err := xsc.CreateXscService(xrayVersion, serverDetails)
+	if err != nil {
+		return
+	}
+	xscVersion, e := xscService.GetVersion()
+	if e != nil {
+		log.Debug("Using Xray: " + e.Error())
+		return
+	}
+	log.Debug("XSC version: " + xscVersion)
+	return
+}
diff --git a/commands/audit/audit.go b/commands/audit/audit.go
@@ -33,15 +33,14 @@ import (
 )
 
 type AuditCommand struct {
-	watches                 []string
-	projectKey              string
-	targetRepoPath          string
-	IncludeVulnerabilities  bool
-	IncludeLicenses         bool
-	Fail                    bool
-	PrintExtendedTable      bool
-	analyticsMetricsService *xsc.AnalyticsMetricsService
-	Threads                 int
+	watches                []string
+	projectKey             string
+	targetRepoPath         string
+	IncludeVulnerabilities bool
+	IncludeLicenses        bool
+	Fail                   bool
+	PrintExtendedTable     bool
+	Threads                int
 	AuditParams
 }
 
@@ -84,11 +83,6 @@ func (auditCmd *AuditCommand) SetPrintExtendedTable(printExtendedTable bool) *Au
 	return auditCmd
 }
 
-func (auditCmd *AuditCommand) SetAnalyticsMetricsService(analyticsMetricsService *xsc.AnalyticsMetricsService) *AuditCommand {
-	auditCmd.analyticsMetricsService = analyticsMetricsService
-	return auditCmd
-}
-
 func (auditCmd *AuditCommand) SetThreads(threads int) *AuditCommand {
 	auditCmd.Threads = threads
 	return auditCmd
@@ -103,7 +97,6 @@ func (auditCmd *AuditCommand) CreateCommonGraphScanParams() *scangraph.CommonGra
 	commonParams.ProjectKey = auditCmd.projectKey
 	commonParams.IncludeVulnerabilities = auditCmd.IncludeVulnerabilities
 	commonParams.IncludeLicenses = auditCmd.IncludeLicenses
-	commonParams.MultiScanId, commonParams.XscVersion = xsc.GetXscMsiAndVersion(auditCmd.analyticsMetricsService)
 	return commonParams
 }
 
@@ -114,9 +107,18 @@ func (auditCmd *AuditCommand) Run() (err error) {
 	if err != nil {
 		return
 	}
+	serverDetails, err := auditCmd.ServerDetails()
+	if err != nil {
+		return
+	}
+
+	multiScanId, startTime := xsc.SendNewScanEvent(
+		auditCmd.GetXrayVersion(),
+		auditCmd.GetXscVersion(),
+		serverDetails,
+		xsc.CreateAnalyticsEvent(xscservices.CliProduct, xscservices.CliEventType, serverDetails),
+	)
 
-	// Should be called before creating the audit params, so the params will contain XSC information.
-	auditCmd.analyticsMetricsService.AddGeneralEvent(auditCmd.analyticsMetricsService.CreateGeneralEvent(xscservices.CliProduct, xscservices.CliEventType))
 	auditParams := NewAuditParams().
 		SetWorkingDirs(workingDirs).
 		SetMinSeverityFilter(auditCmd.minSeverityFilter).
@@ -125,11 +127,12 @@ func (auditCmd *AuditCommand) Run() (err error) {
 		SetCommonGraphScanParams(auditCmd.CreateCommonGraphScanParams()).
 		SetThirdPartyApplicabilityScan(auditCmd.thirdPartyApplicabilityScan).
 		SetThreads(auditCmd.Threads).
-		SetScansResultsOutputDir(auditCmd.scanResultsOutputDir)
+		SetScansResultsOutputDir(auditCmd.scanResultsOutputDir).SetStartTime(startTime).SetMultiScanId(multiScanId)
 	auditParams.SetIsRecursiveScan(isRecursiveScan).SetExclusions(auditCmd.Exclusions())
 
 	auditResults := RunAudit(auditParams)
-	auditCmd.analyticsMetricsService.UpdateGeneralEvent(auditCmd.analyticsMetricsService.CreateXscAnalyticsGeneralEventFinalizeFromAuditResults(auditResults))
+
+	xsc.SendScanEndedWithResults(serverDetails, auditResults)
 
 	if auditCmd.Progress() != nil {
 		if err = auditCmd.Progress().Quit(); err != nil {
@@ -217,7 +220,7 @@ func isEntitledForJas(xrayManager *xray.XrayServicesManager, auditParams *AuditP
 		// Dry run without JAS
 		return false, nil
 	}
-	return jas.IsEntitledForJas(xrayManager, auditParams.xrayVersion)
+	return jas.IsEntitledForJas(xrayManager, auditParams.GetXrayVersion())
 }
 
 func RunJasScans(auditParallelRunner *utils.SecurityParallelRunner, auditParams *AuditParams, scanResults *results.SecurityCommandResults, jfrogAppsConfig *jfrogappsconfig.JFrogAppsConfig) (jasScanner *jas.JasScanner, generalError error) {
@@ -231,7 +234,7 @@ func RunJasScans(auditParallelRunner *utils.SecurityParallelRunner, auditParams
 		return
 	}
 	auditParallelRunner.ResultsMu.Lock()
-	jasScanner, err = jas.CreateJasScanner(serverDetails, scanResults.SecretValidation, auditParams.minSeverityFilter, jas.GetAnalyzerManagerXscEnvVars(auditParams.commonGraphScanParams.MultiScanId, scanResults.GetTechnologies()...), auditParams.Exclusions()...)
+	jasScanner, err = jas.CreateJasScanner(serverDetails, scanResults.SecretValidation, auditParams.minSeverityFilter, jas.GetAnalyzerManagerXscEnvVars(auditParams.GetMultiScanId(), scanResults.GetTechnologies()...), auditParams.Exclusions()...)
 	auditParallelRunner.ResultsMu.Unlock()
 	if err != nil {
 		generalError = fmt.Errorf("failed to create jas scanner: %s", err.Error())
@@ -300,13 +303,16 @@ func initAuditCmdResults(params *AuditParams) (cmdResults *results.SecurityComma
 	if err != nil {
 		return cmdResults.AddGeneralError(err, false)
 	}
-	var xrayManager *xray.XrayServicesManager
-	if xrayManager, params.xrayVersion, err = xrayutils.CreateXrayServiceManagerAndGetVersion(serverDetails); err != nil {
+	if err = clientutils.ValidateMinimumVersion(clientutils.Xray, params.GetXrayVersion(), scangraph.GraphScanMinXrayVersion); err != nil {
 		return cmdResults.AddGeneralError(err, false)
-	} else {
-		cmdResults.SetXrayVersion(params.xrayVersion)
 	}
-	if err = clientutils.ValidateMinimumVersion(clientutils.Xray, params.xrayVersion, scangraph.GraphScanMinXrayVersion); err != nil {
+	cmdResults.SetXrayVersion(params.GetXrayVersion())
+	cmdResults.SetXscVersion(params.GetXscVersion())
+	cmdResults.SetMultiScanId(params.GetMultiScanId())
+	cmdResults.SetStartTime(params.StartTime())
+	// Send entitlement requests
+	xrayManager, err := xrayutils.CreateXrayServiceManager(serverDetails)
+	if err != nil {
 		return cmdResults.AddGeneralError(err, false)
 	}
 	entitledForJas, err := isEntitledForJas(xrayManager, params)
@@ -316,9 +322,8 @@ func initAuditCmdResults(params *AuditParams) (cmdResults *results.SecurityComma
 		cmdResults.SetEntitledForJas(entitledForJas)
 	}
 	if entitledForJas {
-		cmdResults.SetSecretValidation(jas.CheckForSecretValidation(xrayManager, params.xrayVersion, slices.Contains(params.AuditBasicParams.ScansToPerform(), utils.SecretTokenValidationScan)))
+		cmdResults.SetSecretValidation(jas.CheckForSecretValidation(xrayManager, params.GetXrayVersion(), slices.Contains(params.AuditBasicParams.ScansToPerform(), utils.SecretTokenValidationScan)))
 	}
-	cmdResults.SetMultiScanId(params.commonGraphScanParams.MultiScanId)
 	// Initialize targets
 	detectScanTargets(cmdResults, params)
 	if params.IsRecursiveScan() && len(params.workingDirs) == 1 && len(cmdResults.Targets) == 0 {