From b5f99a7bc47ef556fc970ed35243b38bda7ee5a3 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 10 Sep 2023 15:12:55 +0300 Subject: [PATCH 01/13] stash --- go.mod | 4 ++-- go.sum | 4 ---- scan/cli.go | 3 ++- utils/cliutils/commandsflags.go | 34 +++++++++++++++++++-------------- 4 files changed, 24 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 7f67c2b4b..68e57ccd5 100644 --- a/go.mod +++ b/go.mod @@ -125,10 +125,10 @@ require ( // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344 -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230907095444-fd00f19be95d +replace github.com/jfrog/jfrog-cli-core/v2 => ../jfrog-cli-core // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27 -replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6 +replace github.com/jfrog/jfrog-client-go => ../jfrog-client-go replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38 diff --git a/go.sum b/go.sum index f5dd5a740..4e192698b 100644 --- a/go.sum +++ b/go.sum @@ -239,10 +239,6 @@ github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38 h1:XyAcwWP2a github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38/go.mod h1:QEskae5fQpjeY2PBzsjWtUQVskYSNDF2sSmw/Gx44dQ= github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk= github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230907095444-fd00f19be95d h1:7Qlsj5PkqSfayuNaM07L8W+H0bBqEGd+iPusoJOU6w8= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230907095444-fd00f19be95d/go.mod h1:PCRqGSz6tKQNtiITSk9WZGflJjno/Vg4DvXPLkH6xO8= -github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6 h1:9mNCAUu/uHx80s4rMc9PeI1lllrZ1MOPUesIMglFoTY= -github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6/go.mod h1:soD5VL3X+G+0KKUNSlb0CSdF9nwHsQZCr0xqOGedAHM= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jszwec/csvutil v1.8.0 h1:G7vS2LGdpZZDH1HmHeNbxOaJ/ZnJlpwGFvOkTkJzzNk= diff --git a/scan/cli.go b/scan/cli.go index 0cb030a7c..8f494aaa5 100644 --- a/scan/cli.go +++ b/scan/cli.go @@ -258,7 +258,8 @@ func createAuditCmd(c *cli.Context) (*audit.AuditCommand, error) { SetFail(c.BoolT("fail")). SetPrintExtendedTable(c.Bool(cliutils.ExtendedTable)). SetMinSeverityFilter(minSeverity). - SetFixableOnly(c.Bool(cliutils.FixableOnly)) + SetFixableOnly(c.Bool(cliutils.FixableOnly)). + SetIncludeEnvApplicabilityScan(c.Bool(cliutils.EnvApplicabilityScan)) if c.String("watches") != "" { auditCmd.SetWatches(splitByCommaAndTrim(c.String("watches"))) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index 24bc36d46..3ba0fac04 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -458,19 +458,21 @@ const ( BypassArchiveLimits = "bypass-archive-limits" // Audit commands - auditPrefix = "audit-" - useWrapperAudit = auditPrefix + UseWrapper - ExcludeTestDeps = "exclude-test-deps" - DepType = "dep-type" - RequirementsFile = "requirements-file" - watches = "watches" - workingDirs = "working-dirs" - repoPath = "repo-path" - licenses = "licenses" - vuln = "vuln" - ExtendedTable = "extended-table" - MinSeverity = "min-severity" - FixableOnly = "fixable-only" + auditPrefix = "audit-" + useWrapperAudit = auditPrefix + UseWrapper + ExcludeTestDeps = "exclude-test-deps" + DepType = "dep-type" + // Run applicability scanning on env dependencies folders, for example node_modules. + EnvApplicabilityScan = "include-env-applicability" + RequirementsFile = "requirements-file" + watches = "watches" + workingDirs = "working-dirs" + repoPath = "repo-path" + licenses = "licenses" + vuln = "vuln" + ExtendedTable = "extended-table" + MinSeverity = "min-severity" + FixableOnly = "fixable-only" // *** Mission Control Commands' flags *** missionControlPrefix = "mc-" curationThreads = "curation-threads" @@ -1634,6 +1636,10 @@ var flagsMap = map[string]cli.Flag{ Name: dryRun, Usage: "[Default: false] Set to true to only simulate the distribution of the release bundle.` `", }, + EnvApplicabilityScan: cli.BoolFlag{ + Name: EnvApplicabilityScan, + Usage: "fill this here", + }, } var commandFlags = map[string][]string{ @@ -1934,7 +1940,7 @@ var commandFlags = map[string][]string{ }, Audit: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, ExcludeTestDeps, - useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, + useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, EnvApplicabilityScan, }, AuditMvn: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, useWrapperAudit, From 57a519bdefd9a01daeeb454daa5d3e81c7ec5784 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 10 Sep 2023 20:56:38 +0300 Subject: [PATCH 02/13] Add new flag --- go.mod | 4 ++-- go.sum | 4 ++++ scan/cli.go | 2 +- utils/cliutils/commandsflags.go | 10 +++++----- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 68e57ccd5..b4778c937 100644 --- a/go.mod +++ b/go.mod @@ -125,10 +125,10 @@ require ( // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344 -replace github.com/jfrog/jfrog-cli-core/v2 => ../jfrog-cli-core +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910175248-2b65639c6044 // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27 -replace github.com/jfrog/jfrog-client-go => ../jfrog-client-go +replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6 replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38 diff --git a/go.sum b/go.sum index 4e192698b..6a15a7ce0 100644 --- a/go.sum +++ b/go.sum @@ -133,6 +133,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910175248-2b65639c6044 h1:mPNtGlPhKOHjPSROWf+MZxmTcLjZmTpkpZ7H0s1oYSk= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910175248-2b65639c6044/go.mod h1:PCRqGSz6tKQNtiITSk9WZGflJjno/Vg4DvXPLkH6xO8= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= @@ -239,6 +241,8 @@ github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38 h1:XyAcwWP2a github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38/go.mod h1:QEskae5fQpjeY2PBzsjWtUQVskYSNDF2sSmw/Gx44dQ= github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk= github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0= +github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6 h1:9mNCAUu/uHx80s4rMc9PeI1lllrZ1MOPUesIMglFoTY= +github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6/go.mod h1:soD5VL3X+G+0KKUNSlb0CSdF9nwHsQZCr0xqOGedAHM= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jszwec/csvutil v1.8.0 h1:G7vS2LGdpZZDH1HmHeNbxOaJ/ZnJlpwGFvOkTkJzzNk= diff --git a/scan/cli.go b/scan/cli.go index 8f494aaa5..fe9cca48b 100644 --- a/scan/cli.go +++ b/scan/cli.go @@ -259,7 +259,7 @@ func createAuditCmd(c *cli.Context) (*audit.AuditCommand, error) { SetPrintExtendedTable(c.Bool(cliutils.ExtendedTable)). SetMinSeverityFilter(minSeverity). SetFixableOnly(c.Bool(cliutils.FixableOnly)). - SetIncludeEnvApplicabilityScan(c.Bool(cliutils.EnvApplicabilityScan)) + SetIncludeEnvApplicabilityScan(c.Bool(cliutils.ScanEnvFoldersApplicability)) if c.String("watches") != "" { auditCmd.SetWatches(splitByCommaAndTrim(c.String("watches"))) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index 3ba0fac04..5af44ec57 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -463,8 +463,8 @@ const ( ExcludeTestDeps = "exclude-test-deps" DepType = "dep-type" // Run applicability scanning on env dependencies folders, for example node_modules. - EnvApplicabilityScan = "include-env-applicability" - RequirementsFile = "requirements-file" + ScanEnvFoldersApplicability = "scan-env-applicability" + RequirementsFile = "requirements-file" watches = "watches" workingDirs = "working-dirs" repoPath = "repo-path" @@ -1636,8 +1636,8 @@ var flagsMap = map[string]cli.Flag{ Name: dryRun, Usage: "[Default: false] Set to true to only simulate the distribution of the release bundle.` `", }, - EnvApplicabilityScan: cli.BoolFlag{ - Name: EnvApplicabilityScan, + ScanEnvFoldersApplicability: cli.BoolFlag{ + Name: ScanEnvFoldersApplicability, Usage: "fill this here", }, } @@ -1940,7 +1940,7 @@ var commandFlags = map[string][]string{ }, Audit: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, ExcludeTestDeps, - useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, EnvApplicabilityScan, + useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ScanEnvFoldersApplicability, }, AuditMvn: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, useWrapperAudit, From bf5aca9604f164d97b17ba55ff413b794a04f83a Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 10 Sep 2023 22:04:49 +0300 Subject: [PATCH 03/13] update deps --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b4778c937..e117b9e9f 100644 --- a/go.mod +++ b/go.mod @@ -125,7 +125,7 @@ require ( // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344 -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910175248-2b65639c6044 +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910181901-68423a52c061 // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27 diff --git a/go.sum b/go.sum index 6a15a7ce0..7ed16a3dd 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910175248-2b65639c6044 h1:mPNtGlPhKOHjPSROWf+MZxmTcLjZmTpkpZ7H0s1oYSk= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910175248-2b65639c6044/go.mod h1:PCRqGSz6tKQNtiITSk9WZGflJjno/Vg4DvXPLkH6xO8= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910181901-cedde6cd3da8 h1:zNx55ZyqeLVwq5HlkDE7Q+WZrYMKGX6j9YZTCdAiAVI= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910181901-cedde6cd3da8/go.mod h1:PCRqGSz6tKQNtiITSk9WZGflJjno/Vg4DvXPLkH6xO8= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= From 917cae260d96301d85fe05c33ea5d9b9b1952701 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 10 Sep 2023 22:07:02 +0300 Subject: [PATCH 04/13] update deps --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e117b9e9f..49a192093 100644 --- a/go.mod +++ b/go.mod @@ -125,7 +125,7 @@ require ( // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344 -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910181901-68423a52c061 +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910185742-68423a52c061 // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27 diff --git a/go.sum b/go.sum index 7ed16a3dd..405fad69f 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910181901-cedde6cd3da8 h1:zNx55ZyqeLVwq5HlkDE7Q+WZrYMKGX6j9YZTCdAiAVI= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910181901-cedde6cd3da8/go.mod h1:PCRqGSz6tKQNtiITSk9WZGflJjno/Vg4DvXPLkH6xO8= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910185742-68423a52c061 h1:nkoxJsl36AJ80Z5hjdsNZSwDP/dE0oai9lXQjJO/Xyc= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910185742-68423a52c061/go.mod h1:PCRqGSz6tKQNtiITSk9WZGflJjno/Vg4DvXPLkH6xO8= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= From 37c175bd81a17f645ab05ce870c9cb1c386aedb0 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 11 Sep 2023 10:50:16 +0300 Subject: [PATCH 05/13] Update flag name --- go.mod | 18 +++++++++--------- go.sum | 32 ++++++++++++++++---------------- scan/cli.go | 2 +- utils/cliutils/commandsflags.go | 13 +++++++------ 4 files changed, 33 insertions(+), 32 deletions(-) diff --git a/go.mod b/go.mod index 49a192093..8d7cd73c3 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/buger/jsonparser v1.1.1 github.com/go-git/go-git/v5 v5.8.1 github.com/gocarina/gocsv v0.0.0-20230616125104-99d496ca653d - github.com/jfrog/build-info-go v1.9.9 + github.com/jfrog/build-info-go v1.9.10 github.com/jfrog/gofrog v1.3.0 github.com/jfrog/jfrog-cli-core/v2 v2.41.4 github.com/jfrog/jfrog-client-go v1.31.6 @@ -18,8 +18,8 @@ require ( github.com/urfave/cli v1.22.14 github.com/vbauerster/mpb/v7 v7.5.3 github.com/xeipuuv/gojsonschema v1.2.0 - golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 - golang.org/x/term v0.11.0 + golang.org/x/exp v0.0.0-20230905200255-921286631fa9 + golang.org/x/term v0.12.0 gopkg.in/yaml.v2 v2.4.0 ) @@ -108,13 +108,13 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect - golang.org/x/crypto v0.12.0 // indirect + golang.org/x/crypto v0.13.0 // indirect golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.14.0 // indirect + golang.org/x/net v0.15.0 // indirect golang.org/x/sync v0.3.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect - golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect + golang.org/x/sys v0.12.0 // indirect + golang.org/x/text v0.13.0 // indirect + golang.org/x/tools v0.13.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect google.golang.org/grpc v1.57.0 // indirect google.golang.org/protobuf v1.30.0 // indirect @@ -125,7 +125,7 @@ require ( // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344 -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910185742-68423a52c061 +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911074043-ba311758818e // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27 diff --git a/go.sum b/go.sum index 405fad69f..19e84ddbc 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910185742-68423a52c061 h1:nkoxJsl36AJ80Z5hjdsNZSwDP/dE0oai9lXQjJO/Xyc= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230910185742-68423a52c061/go.mod h1:PCRqGSz6tKQNtiITSk9WZGflJjno/Vg4DvXPLkH6xO8= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911074043-ba311758818e h1:bD6EugKDqDqj4aAV31zGiy+lmupkip3hRcbwvpTig+s= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911074043-ba311758818e/go.mod h1:NNm941pX0BHru3kFTsVC9TIukhqvoABj/p6o1frdxF0= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= @@ -431,8 +431,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -443,8 +443,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -508,8 +508,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -598,15 +598,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -619,8 +619,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -676,8 +676,8 @@ golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/scan/cli.go b/scan/cli.go index fe9cca48b..070d5c941 100644 --- a/scan/cli.go +++ b/scan/cli.go @@ -259,7 +259,7 @@ func createAuditCmd(c *cli.Context) (*audit.AuditCommand, error) { SetPrintExtendedTable(c.Bool(cliutils.ExtendedTable)). SetMinSeverityFilter(minSeverity). SetFixableOnly(c.Bool(cliutils.FixableOnly)). - SetIncludeEnvApplicabilityScan(c.Bool(cliutils.ScanEnvFoldersApplicability)) + SetThirdPartyContextualAnalysis(c.Bool(cliutils.ThirdPartyContextualAnalysis)) if c.String("watches") != "" { auditCmd.SetWatches(splitByCommaAndTrim(c.String("watches"))) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index 5af44ec57..a05ae7c78 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -463,8 +463,8 @@ const ( ExcludeTestDeps = "exclude-test-deps" DepType = "dep-type" // Run applicability scanning on env dependencies folders, for example node_modules. - ScanEnvFoldersApplicability = "scan-env-applicability" - RequirementsFile = "requirements-file" + ThirdPartyContextualAnalysis = "deps-code-contextual-analysis" + RequirementsFile = "requirements-file" watches = "watches" workingDirs = "working-dirs" repoPath = "repo-path" @@ -1636,9 +1636,10 @@ var flagsMap = map[string]cli.Flag{ Name: dryRun, Usage: "[Default: false] Set to true to only simulate the distribution of the release bundle.` `", }, - ScanEnvFoldersApplicability: cli.BoolFlag{ - Name: ScanEnvFoldersApplicability, - Usage: "fill this here", + ThirdPartyContextualAnalysis: cli.BoolFlag{ + Name: ThirdPartyContextualAnalysis, + Usage: "[Default: false] Applicable for npm only. when set, the 'vulnerability contextual analysis' feature also uses the code of the project dependencies to determine the applicability of the vulnerability ", + Hidden: true, }, } @@ -1940,7 +1941,7 @@ var commandFlags = map[string][]string{ }, Audit: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, ExcludeTestDeps, - useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ScanEnvFoldersApplicability, + useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, }, AuditMvn: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, useWrapperAudit, From f0264eb255de715dfe014e9683875021973cadd9 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 11 Sep 2023 11:54:15 +0300 Subject: [PATCH 06/13] update flag name --- utils/cliutils/commandsflags.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index a05ae7c78..0171dd47f 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -462,17 +462,17 @@ const ( useWrapperAudit = auditPrefix + UseWrapper ExcludeTestDeps = "exclude-test-deps" DepType = "dep-type" - // Run applicability scanning on env dependencies folders, for example node_modules. - ThirdPartyContextualAnalysis = "deps-code-contextual-analysis" + // Run applicability scanning on third-party dependencies folders, for example node_modules. + ThirdPartyContextualAnalysis = "third-party-contextual-analysis" RequirementsFile = "requirements-file" - watches = "watches" - workingDirs = "working-dirs" - repoPath = "repo-path" - licenses = "licenses" - vuln = "vuln" - ExtendedTable = "extended-table" - MinSeverity = "min-severity" - FixableOnly = "fixable-only" + watches = "watches" + workingDirs = "working-dirs" + repoPath = "repo-path" + licenses = "licenses" + vuln = "vuln" + ExtendedTable = "extended-table" + MinSeverity = "min-severity" + FixableOnly = "fixable-only" // *** Mission Control Commands' flags *** missionControlPrefix = "mc-" curationThreads = "curation-threads" From 4c3e95fe802e708fba1f737c36c4c026aa502235 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 11 Sep 2023 15:05:06 +0300 Subject: [PATCH 07/13] renames --- go.mod | 2 +- go.sum | 4 ++-- scan/cli.go | 2 +- utils/cliutils/commandsflags.go | 26 +++++++++++++------------- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 8d7cd73c3..238790589 100644 --- a/go.mod +++ b/go.mod @@ -125,7 +125,7 @@ require ( // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344 -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911074043-ba311758818e +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911120123-ad5ad84c2f0e // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27 diff --git a/go.sum b/go.sum index 19e84ddbc..0119143c1 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911074043-ba311758818e h1:bD6EugKDqDqj4aAV31zGiy+lmupkip3hRcbwvpTig+s= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911074043-ba311758818e/go.mod h1:NNm941pX0BHru3kFTsVC9TIukhqvoABj/p6o1frdxF0= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911120123-ad5ad84c2f0e h1:6EV7DC68KXqyYkfMobM8zGBmDgTMGpi249yhlAp7xQc= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911120123-ad5ad84c2f0e/go.mod h1:NNm941pX0BHru3kFTsVC9TIukhqvoABj/p6o1frdxF0= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= diff --git a/scan/cli.go b/scan/cli.go index 070d5c941..628511c7e 100644 --- a/scan/cli.go +++ b/scan/cli.go @@ -259,7 +259,7 @@ func createAuditCmd(c *cli.Context) (*audit.AuditCommand, error) { SetPrintExtendedTable(c.Bool(cliutils.ExtendedTable)). SetMinSeverityFilter(minSeverity). SetFixableOnly(c.Bool(cliutils.FixableOnly)). - SetThirdPartyContextualAnalysis(c.Bool(cliutils.ThirdPartyContextualAnalysis)) + SetThirdPartyApplicabilityScan(c.Bool(cliutils.ThirdPartyDepsApplicability)) if c.String("watches") != "" { auditCmd.SetWatches(splitByCommaAndTrim(c.String("watches"))) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index 0171dd47f..9eccf0ad8 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -463,16 +463,16 @@ const ( ExcludeTestDeps = "exclude-test-deps" DepType = "dep-type" // Run applicability scanning on third-party dependencies folders, for example node_modules. - ThirdPartyContextualAnalysis = "third-party-contextual-analysis" - RequirementsFile = "requirements-file" - watches = "watches" - workingDirs = "working-dirs" - repoPath = "repo-path" - licenses = "licenses" - vuln = "vuln" - ExtendedTable = "extended-table" - MinSeverity = "min-severity" - FixableOnly = "fixable-only" + ThirdPartyDepsApplicability = "third-party-contextual-analysis" + RequirementsFile = "requirements-file" + watches = "watches" + workingDirs = "working-dirs" + repoPath = "repo-path" + licenses = "licenses" + vuln = "vuln" + ExtendedTable = "extended-table" + MinSeverity = "min-severity" + FixableOnly = "fixable-only" // *** Mission Control Commands' flags *** missionControlPrefix = "mc-" curationThreads = "curation-threads" @@ -1636,8 +1636,8 @@ var flagsMap = map[string]cli.Flag{ Name: dryRun, Usage: "[Default: false] Set to true to only simulate the distribution of the release bundle.` `", }, - ThirdPartyContextualAnalysis: cli.BoolFlag{ - Name: ThirdPartyContextualAnalysis, + ThirdPartyDepsApplicability: cli.BoolFlag{ + Name: ThirdPartyDepsApplicability, Usage: "[Default: false] Applicable for npm only. when set, the 'vulnerability contextual analysis' feature also uses the code of the project dependencies to determine the applicability of the vulnerability ", Hidden: true, }, @@ -1941,7 +1941,7 @@ var commandFlags = map[string][]string{ }, Audit: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, ExcludeTestDeps, - useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, + useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyDepsApplicability, }, AuditMvn: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, useWrapperAudit, From 939aefa5ffcb61a77b316bc020364124ffc742ae Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 11 Sep 2023 16:55:01 +0300 Subject: [PATCH 08/13] update deps --- go.mod | 6 +----- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 238790589..9a2bc30f3 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/jfrog/build-info-go v1.9.10 github.com/jfrog/gofrog v1.3.0 github.com/jfrog/jfrog-cli-core/v2 v2.41.4 - github.com/jfrog/jfrog-client-go v1.31.6 + github.com/jfrog/jfrog-client-go v1.32.1 github.com/jszwec/csvutil v1.8.0 github.com/mholt/archiver/v3 v3.5.1 github.com/stretchr/testify v1.8.4 @@ -127,8 +127,4 @@ require ( replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911120123-ad5ad84c2f0e -// replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27 - -replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6 - replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38 diff --git a/go.sum b/go.sum index 0119143c1..295adca48 100644 --- a/go.sum +++ b/go.sum @@ -241,8 +241,8 @@ github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38 h1:XyAcwWP2a github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38/go.mod h1:QEskae5fQpjeY2PBzsjWtUQVskYSNDF2sSmw/Gx44dQ= github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk= github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0= -github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6 h1:9mNCAUu/uHx80s4rMc9PeI1lllrZ1MOPUesIMglFoTY= -github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6/go.mod h1:soD5VL3X+G+0KKUNSlb0CSdF9nwHsQZCr0xqOGedAHM= +github.com/jfrog/jfrog-client-go v1.32.1 h1:RQmuPSLsF5222vZJzwkgHSZMMJF83ExS7SwIvh4P+H8= +github.com/jfrog/jfrog-client-go v1.32.1/go.mod h1:362+oa7uTTYurzBs1L0dmUTlLo7uhpAU/pwM5Zb9clg= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jszwec/csvutil v1.8.0 h1:G7vS2LGdpZZDH1HmHeNbxOaJ/ZnJlpwGFvOkTkJzzNk= From 8cab8ab3e1b9b0f702e440ebcdc998b9a55e2b84 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 11 Sep 2023 17:10:22 +0300 Subject: [PATCH 09/13] update deps --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9a2bc30f3..2b83e4cd8 100644 --- a/go.mod +++ b/go.mod @@ -125,6 +125,6 @@ require ( // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344 -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911120123-ad5ad84c2f0e +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911135209-0fcb045a377f replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38 diff --git a/go.sum b/go.sum index 295adca48..d1f4d5c24 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911120123-ad5ad84c2f0e h1:6EV7DC68KXqyYkfMobM8zGBmDgTMGpi249yhlAp7xQc= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911120123-ad5ad84c2f0e/go.mod h1:NNm941pX0BHru3kFTsVC9TIukhqvoABj/p6o1frdxF0= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911135209-0fcb045a377f h1:eVuB9hWI9yUI60Pwht0KibG+iERVrmvU5R94XsCDtOU= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230911135209-0fcb045a377f/go.mod h1:HCMfdtCy2B81EF8YiQlsfbG3CsLk/VeqoWGNYoSUz8Q= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= From cf66471c20a2256304d093031fe6cb8b5255b828 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 13 Sep 2023 09:32:43 +0300 Subject: [PATCH 10/13] update deps --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 291b4e298..d96004058 100644 --- a/go.mod +++ b/go.mod @@ -123,4 +123,4 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect ) -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230912065250-8f4ff198100d +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913063056-eb631dc56d24 diff --git a/go.sum b/go.sum index c39961a32..8bace2d4d 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230912065250-8f4ff198100d h1:dV+0s5nKXrvbY7z2jbuwimFMKQNDmYmwiZ4hCIdB6Kc= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230912065250-8f4ff198100d/go.mod h1:HCMfdtCy2B81EF8YiQlsfbG3CsLk/VeqoWGNYoSUz8Q= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913063056-eb631dc56d24 h1:slu4/S4GfCqhL1vUA//5//p+jBGVloD5Izb7iED5D4A= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913063056-eb631dc56d24/go.mod h1:HCMfdtCy2B81EF8YiQlsfbG3CsLk/VeqoWGNYoSUz8Q= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= From d1ab5c24a5e6ee79c9a5467093be2ba797dd8ad9 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 13 Sep 2023 17:10:36 +0300 Subject: [PATCH 11/13] Update core and comments --- go.mod | 2 +- go.sum | 4 ++-- utils/cliutils/commandsflags.go | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index d96004058..f55a4b068 100644 --- a/go.mod +++ b/go.mod @@ -123,4 +123,4 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect ) -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913063056-eb631dc56d24 +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913140825-741f55b71e2e diff --git a/go.sum b/go.sum index 8bace2d4d..4b09a931c 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913063056-eb631dc56d24 h1:slu4/S4GfCqhL1vUA//5//p+jBGVloD5Izb7iED5D4A= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913063056-eb631dc56d24/go.mod h1:HCMfdtCy2B81EF8YiQlsfbG3CsLk/VeqoWGNYoSUz8Q= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913140825-741f55b71e2e h1:6pRD2k07WcUnBQ++nco/hXixRWPalmc8s7qbIwmbKKg= +github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913140825-741f55b71e2e/go.mod h1:HCMfdtCy2B81EF8YiQlsfbG3CsLk/VeqoWGNYoSUz8Q= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index 9eccf0ad8..db8144907 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -463,6 +463,7 @@ const ( ExcludeTestDeps = "exclude-test-deps" DepType = "dep-type" // Run applicability scanning on third-party dependencies folders, for example node_modules. + // When on, only applicablity scanner will run. ThirdPartyDepsApplicability = "third-party-contextual-analysis" RequirementsFile = "requirements-file" watches = "watches" @@ -1638,7 +1639,7 @@ var flagsMap = map[string]cli.Flag{ }, ThirdPartyDepsApplicability: cli.BoolFlag{ Name: ThirdPartyDepsApplicability, - Usage: "[Default: false] Applicable for npm only. when set, the 'vulnerability contextual analysis' feature also uses the code of the project dependencies to determine the applicability of the vulnerability ", + Usage: "[Default: false] Applicable for npm only. when set, the 'vulnerability contextual analysis' feature also uses the code of the project dependencies to determine the applicability of the vulnerability. Notice: disables all the scanners expect for applicability scanner.", Hidden: true, }, } From 7cebe4b9c2136a32f25fef7994587a4a30b843e0 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 13 Sep 2023 17:41:45 +0300 Subject: [PATCH 12/13] remove comment --- go.mod | 2 +- go.sum | 4 ++-- utils/cliutils/commandsflags.go | 10 ++++------ 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index f55a4b068..b4525d9b2 100644 --- a/go.mod +++ b/go.mod @@ -123,4 +123,4 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect ) -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913140825-741f55b71e2e +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230913142358-739e5b3feef6 diff --git a/go.sum b/go.sum index 4b09a931c..bf7e5c385 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,6 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913140825-741f55b71e2e h1:6pRD2k07WcUnBQ++nco/hXixRWPalmc8s7qbIwmbKKg= -github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230913140825-741f55b71e2e/go.mod h1:HCMfdtCy2B81EF8YiQlsfbG3CsLk/VeqoWGNYoSUz8Q= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= @@ -241,6 +239,8 @@ github.com/jfrog/build-info-go v1.9.10 h1:uXnDLVxpqxoAMpXcki00QaBB+M2BoGMMpHODPk github.com/jfrog/build-info-go v1.9.10/go.mod h1:ujJ8XQZMdT2tMkLSMJNyDd1pCY+duwHdjV+9or9FLIg= github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk= github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230913142358-739e5b3feef6 h1:grhcb7Ev/DwLV+B/ZQ73LzAbB/+DoUQcJyaMivu+cD0= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230913142358-739e5b3feef6/go.mod h1:HCMfdtCy2B81EF8YiQlsfbG3CsLk/VeqoWGNYoSUz8Q= github.com/jfrog/jfrog-client-go v1.32.1 h1:RQmuPSLsF5222vZJzwkgHSZMMJF83ExS7SwIvh4P+H8= github.com/jfrog/jfrog-client-go v1.32.1/go.mod h1:362+oa7uTTYurzBs1L0dmUTlLo7uhpAU/pwM5Zb9clg= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index db8144907..b1176b854 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -458,12 +458,10 @@ const ( BypassArchiveLimits = "bypass-archive-limits" // Audit commands - auditPrefix = "audit-" - useWrapperAudit = auditPrefix + UseWrapper - ExcludeTestDeps = "exclude-test-deps" - DepType = "dep-type" - // Run applicability scanning on third-party dependencies folders, for example node_modules. - // When on, only applicablity scanner will run. + auditPrefix = "audit-" + useWrapperAudit = auditPrefix + UseWrapper + ExcludeTestDeps = "exclude-test-deps" + DepType = "dep-type" ThirdPartyDepsApplicability = "third-party-contextual-analysis" RequirementsFile = "requirements-file" watches = "watches" From f31362b84a653b13d7f8cb11030c19ca373451ae Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 13 Sep 2023 17:56:45 +0300 Subject: [PATCH 13/13] update comments --- scan/cli.go | 2 +- utils/cliutils/commandsflags.go | 36 ++++++++++++++++----------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/scan/cli.go b/scan/cli.go index 628511c7e..33c6df002 100644 --- a/scan/cli.go +++ b/scan/cli.go @@ -259,7 +259,7 @@ func createAuditCmd(c *cli.Context) (*audit.AuditCommand, error) { SetPrintExtendedTable(c.Bool(cliutils.ExtendedTable)). SetMinSeverityFilter(minSeverity). SetFixableOnly(c.Bool(cliutils.FixableOnly)). - SetThirdPartyApplicabilityScan(c.Bool(cliutils.ThirdPartyDepsApplicability)) + SetThirdPartyApplicabilityScan(c.Bool(cliutils.ThirdPartyContextualAnalysis)) if c.String("watches") != "" { auditCmd.SetWatches(splitByCommaAndTrim(c.String("watches"))) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index b1176b854..4de652c35 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -458,20 +458,20 @@ const ( BypassArchiveLimits = "bypass-archive-limits" // Audit commands - auditPrefix = "audit-" - useWrapperAudit = auditPrefix + UseWrapper - ExcludeTestDeps = "exclude-test-deps" - DepType = "dep-type" - ThirdPartyDepsApplicability = "third-party-contextual-analysis" - RequirementsFile = "requirements-file" - watches = "watches" - workingDirs = "working-dirs" - repoPath = "repo-path" - licenses = "licenses" - vuln = "vuln" - ExtendedTable = "extended-table" - MinSeverity = "min-severity" - FixableOnly = "fixable-only" + auditPrefix = "audit-" + useWrapperAudit = auditPrefix + UseWrapper + ExcludeTestDeps = "exclude-test-deps" + DepType = "dep-type" + ThirdPartyContextualAnalysis = "third-party-contextual-analysis" + RequirementsFile = "requirements-file" + watches = "watches" + workingDirs = "working-dirs" + repoPath = "repo-path" + licenses = "licenses" + vuln = "vuln" + ExtendedTable = "extended-table" + MinSeverity = "min-severity" + FixableOnly = "fixable-only" // *** Mission Control Commands' flags *** missionControlPrefix = "mc-" curationThreads = "curation-threads" @@ -1635,9 +1635,9 @@ var flagsMap = map[string]cli.Flag{ Name: dryRun, Usage: "[Default: false] Set to true to only simulate the distribution of the release bundle.` `", }, - ThirdPartyDepsApplicability: cli.BoolFlag{ - Name: ThirdPartyDepsApplicability, - Usage: "[Default: false] Applicable for npm only. when set, the 'vulnerability contextual analysis' feature also uses the code of the project dependencies to determine the applicability of the vulnerability. Notice: disables all the scanners expect for applicability scanner.", + ThirdPartyContextualAnalysis: cli.BoolFlag{ + Name: ThirdPartyContextualAnalysis, + Usage: "Default: false] [npm] when set, the Contextual Analysis scan also uses the code of the project dependencies to determine the applicability of the vulnerability.", Hidden: true, }, } @@ -1940,7 +1940,7 @@ var commandFlags = map[string][]string{ }, Audit: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, ExcludeTestDeps, - useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyDepsApplicability, + useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, }, AuditMvn: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, useWrapperAudit,