Merge branch 'jas-violations-support' of https://github.com/eranturgeman/jfrog-cli-security into skip-not-applicable-cves

# Conflicts:
#	go.mod
#	go.sum
#	utils/results/common.go

Author: eranturgeman

commands/audit/audit_test.go

@@ -57,14 +57,14 @@ func TestDetectScansToPerform(t *testing.T) {
 					ScanTarget: results.ScanTarget{
 						Target: filepath.Join(dir, "Nuget"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 				},
 				{
 					ScanTarget: results.ScanTarget{
 						Technology: techutils.Go,
 						Target:     filepath.Join(dir, "dir", "go"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "dir", "go", "go.mod")},
 					},
@@ -74,7 +74,7 @@ func TestDetectScansToPerform(t *testing.T) {
 						Technology: techutils.Maven,
 						Target:     filepath.Join(dir, "dir", "maven"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{
 							filepath.Join(dir, "dir", "maven", "maven-sub", "pom.xml"),
@@ -88,7 +88,7 @@ func TestDetectScansToPerform(t *testing.T) {
 						Technology: techutils.Npm,
 						Target:     filepath.Join(dir, "dir", "npm"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "dir", "npm", "package.json")},
 					},
@@ -98,7 +98,7 @@ func TestDetectScansToPerform(t *testing.T) {
 					ScanTarget: results.ScanTarget{
 						Target: filepath.Join(dir, "yarn"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 				},
 			},
 		},
@@ -116,7 +116,7 @@ func TestDetectScansToPerform(t *testing.T) {
 						Technology: techutils.Nuget,
 						Target:     filepath.Join(dir, "Nuget"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "Nuget", "Nuget-sub", "project.csproj"), filepath.Join(dir, "Nuget", "project.sln")},
 					},
@@ -126,7 +126,7 @@ func TestDetectScansToPerform(t *testing.T) {
 						Technology: techutils.Go,
 						Target:     filepath.Join(dir, "dir", "go"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "dir", "go", "go.mod")},
 					},
@@ -136,7 +136,7 @@ func TestDetectScansToPerform(t *testing.T) {
 						Technology: techutils.Maven,
 						Target:     filepath.Join(dir, "dir", "maven"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{
 							filepath.Join(dir, "dir", "maven", "maven-sub", "pom.xml"),
@@ -150,7 +150,7 @@ func TestDetectScansToPerform(t *testing.T) {
 						Technology: techutils.Npm,
 						Target:     filepath.Join(dir, "dir", "npm"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "dir", "npm", "package.json")},
 					},
@@ -160,7 +160,7 @@ func TestDetectScansToPerform(t *testing.T) {
 						Technology: techutils.Yarn,
 						Target:     filepath.Join(dir, "yarn"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "yarn", "package.json")},
 					},
@@ -170,7 +170,7 @@ func TestDetectScansToPerform(t *testing.T) {
 						Technology: techutils.Pip,
 						Target:     filepath.Join(dir, "yarn", "Pip"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "yarn", "Pip", "requirements.txt")},
 					},
@@ -180,7 +180,7 @@ func TestDetectScansToPerform(t *testing.T) {
 						Technology: techutils.Pipenv,
 						Target:     filepath.Join(dir, "yarn", "Pipenv"),
 					},
-					JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
+					JasResults: &results.JasScansResults{JasVulnerabilities: results.JasScanResults{}, JasViolations: results.JasScanResults{}},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "yarn", "Pipenv", "Pipfile")},
 					},

commands/audit/sca/common.go

@@ -59,6 +59,25 @@ func RunXrayDependenciesTreeScanGraph(scanGraphParams *scangraph.ScanGraphParams
 	return
 }
 
+func GetScaScanStatusCode(err error, result *services.ScanResponse) int {
+	if err != nil || result == nil || result.ScannedStatus == "Failed" {
+		return 1
+	}
+	return 0
+}
+
+func GetScaScansStatusCode(err error, results ...services.ScanResponse) int {
+	if err != nil {
+		return 1
+	}
+	for _, result := range results {
+		if result.ScannedStatus == "Failed" {
+			return 1
+		}
+	}
+	return 0
+}
+
 func CreateTestWorkspace(t *testing.T, sourceDir string) (string, func()) {
 	return tests.CreateTestWorkspace(t, filepath.Join("..", "..", "..", "..", "tests", "testdata", sourceDir))
 }

commands/audit/scarunner.go

@@ -132,14 +132,17 @@ func executeScaScanTask(auditParallelRunner *utils.SecurityParallelRunner, serve
 		log.Info(clientutils.GetLogMsgPrefix(threadId, false)+"Running SCA scan for", scan.Target, "vulnerable dependencies in", scan.Target, "directory...")
 		// Scan the dependency tree.
 		scanResults, xrayErr := runScaWithTech(scan.Technology, auditParams, serverDetails, *treeResult.FlatTree, treeResult.FullDepTrees)
+
+		auditParallelRunner.ResultsMu.Lock()
+		defer auditParallelRunner.ResultsMu.Unlock()
+
+		scan.NewScaScanResults(sca.GetScaScansStatusCode(xrayErr, scanResults...), scanResults...).IsMultipleRootProject = clientutils.Pointer(len(treeResult.FullDepTrees) > 1)
+		addThirdPartyDependenciesToParams(auditParams, scan.Technology, treeResult.FlatTree, treeResult.FullDepTrees)
+
 		if xrayErr != nil {
 			return fmt.Errorf("%s Xray dependency tree scan request on '%s' failed:\n%s", clientutils.GetLogMsgPrefix(threadId, false), scan.Technology, xrayErr.Error())
 		}
-		auditParallelRunner.ResultsMu.Lock()
-		scan.NewScaScanResults(scanResults...).IsMultipleRootProject = clientutils.Pointer(len(treeResult.FullDepTrees) > 1)
-		addThirdPartyDependenciesToParams(auditParams, scan.Technology, treeResult.FlatTree, treeResult.FullDepTrees)
 		err = dumpScanResponseToFileIfNeeded(scanResults, auditParams.scanResultsOutputDir, utils.ScaScan)
-		auditParallelRunner.ResultsMu.Unlock()
 		return
 	}
 }

commands/enrich/enrich.go

@@ -14,6 +14,7 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/common/spec"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
+	"github.com/jfrog/jfrog-cli-security/commands/audit/sca"
 	"github.com/jfrog/jfrog-cli-security/commands/enrich/enrichgraph"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-cli-security/utils/results"
@@ -265,7 +266,7 @@ func (enrichCmd *EnrichCommand) createIndexerHandlerFunc(indexedFileProducer par
 				if err != nil {
 					return targetResults.AddTargetError(fmt.Errorf("%s failed to import graph: %s", logPrefix, err.Error()), false)
 				}
-				targetResults.NewScaScanResults(*scanResults)
+				targetResults.NewScaScanResults(sca.GetScaScanStatusCode(err, scanResults), *scanResults)
 				targetResults.Technology = techutils.Technology(scanResults.ScannedPackageType)
 				return
 			}

commands/scan/buildscan.go

@@ -147,7 +147,7 @@ func (bsc *BuildScanCommand) runBuildScanAndPrintResults(xrayManager *xray.XrayS
 
 	cmdResults := results.NewCommandResults(utils.Build).SetXrayVersion(xrayVersion)
 	scanResults := cmdResults.NewScanResults(results.ScanTarget{Name: fmt.Sprintf("%s (%s)", params.BuildName, params.BuildNumber)})
-	scanResults.NewScaScanResults(services.ScanResponse{
+	scanResults.NewScaScanResults(0, services.ScanResponse{
 		Violations:      buildScanResults.Violations,
 		Vulnerabilities: buildScanResults.Vulnerabilities,
 		XrayDataUrl:     buildScanResults.MoreDetailsUrl,

commands/scan/scan.go

@@ -15,6 +15,7 @@ import (
 	"golang.org/x/exp/slices"
 
 	jfrogappsconfig "github.com/jfrog/jfrog-apps-config/go"
+	"github.com/jfrog/jfrog-cli-security/commands/audit/sca"
 	"github.com/jfrog/jfrog-cli-security/jas"
 	"github.com/jfrog/jfrog-cli-security/jas/applicability"
 	"github.com/jfrog/jfrog-cli-security/jas/runner"
@@ -470,7 +471,7 @@ func (scanCmd *ScanCommand) createIndexerHandlerFunc(file *spec.File, cmdResults
 				if err != nil {
 					return targetResults.AddTargetError(fmt.Errorf("%s sca scanning '%s' failed with error: %s", scanLogPrefix, graph.Id, err.Error()), false)
 				} else {
-					targetResults.NewScaScanResults(*graphScanResults)
+					targetResults.NewScaScanResults(sca.GetScaScanStatusCode(err, graphScanResults), *graphScanResults)
 					targetResults.Technology = techutils.Technology(graphScanResults.ScannedPackageType)
 				}
 				if !cmdResults.EntitledForJas {

go.mod

@@ -112,7 +112,7 @@ require (
 )
 
 // attiasas:add_repo_context_scan_graph
-replace github.com/jfrog/jfrog-client-go => github.com/eranturgeman/jfrog-client-go v0.0.0-20241203155523-a45a65df37a2
+replace github.com/jfrog/jfrog-client-go => github.com/attiasas/jfrog-client-go v0.0.0-20241202121042-ba0c6c74db7a
 
 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
 

go.sum

@@ -22,6 +22,8 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuW
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/attiasas/jfrog-client-go v0.0.0-20241202121042-ba0c6c74db7a h1:47orWZJqdB4YIiqnYd0ysEjvqXiwy3eadwKkHo6s1qg=
+github.com/attiasas/jfrog-client-go v0.0.0-20241202121042-ba0c6c74db7a/go.mod h1:1a7bmQHkRmPEza9wva2+WVrYzrGbosrMymq57kyG5gU=
 github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs=
 github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
@@ -57,8 +59,6 @@ github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcej
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/eranturgeman/jfrog-client-go v0.0.0-20241203155523-a45a65df37a2 h1:3CSNTx8Vcr6/BQJY5g38wqZjnoCOYj2EK6sHanyteQI=
-github.com/eranturgeman/jfrog-client-go v0.0.0-20241203155523-a45a65df37a2/go.mod h1:1a7bmQHkRmPEza9wva2+WVrYzrGbosrMymq57kyG5gU=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/forPelevin/gomoji v1.2.0 h1:9k4WVSSkE1ARO/BWywxgEUBvR/jMnao6EZzrql5nxJ8=

jas/analyzermanager.go

@@ -158,18 +158,27 @@ func GetAnalyzerManagerEnvVariables(serverDetails *config.ServerDetails) (envVar
 }
 
 func ParseAnalyzerManagerError(scanner jasutils.JasScanType, err error) (formatErr error) {
+	exitCode := GetAnalyzerManagerExitCode(err)
+	if err == nil {
+		return
+	}
+	if exitCodeDescription, exitCodeExists := exitCodeErrorsMap[exitCode]; exitCodeExists {
+		log.Warn(exitCodeDescription)
+		return nil
+	}
+	return fmt.Errorf(ErrFailedScannerRun, scanner, err.Error())
+}
+
+func GetAnalyzerManagerExitCode(err error) int {
 	var exitError *exec.ExitError
 	if errors.As(err, &exitError) {
-		exitCode := exitError.ExitCode()
-		if exitCodeDescription, exitCodeExists := exitCodeErrorsMap[exitCode]; exitCodeExists {
-			log.Warn(exitCodeDescription)
-			return nil
-		}
+		return exitError.ExitCode()
 	}
 	if err != nil {
-		return fmt.Errorf(ErrFailedScannerRun, scanner, err.Error())
+		// An exit code of -1 is used to indicate that an error occurred before the command was executed or that the exit code could not be determined.
+		return -1
 	}
-	return
+	return 0
 }
 
 // Download the latest AnalyzerManager executable if not cached locally.

jas/runner/jasrunner.go

@@ -134,13 +134,14 @@ func runSecretsScan(securityParallelRunner *utils.SecurityParallelRunner, scanne
 			securityParallelRunner.JasScannersWg.Done()
 		}()
 		vulnerabilitiesResults, violationsResults, err := secrets.RunSecretsScan(scanner, secretsScanType, module, threadId)
+		securityParallelRunner.ResultsMu.Lock()
+		defer securityParallelRunner.ResultsMu.Unlock()
+
+		extendedScanResults.NewJasScanResults(jasutils.Secrets, vulnerabilitiesResults, violationsResults, jas.GetAnalyzerManagerExitCode(err))
+
 		if err != nil {
 			return fmt.Errorf("%s%s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
 		}
-		securityParallelRunner.ResultsMu.Lock()
-		defer securityParallelRunner.ResultsMu.Unlock()
-		extendedScanResults.JasVulnerabilities.SecretsScanResults = append(extendedScanResults.JasVulnerabilities.SecretsScanResults, vulnerabilitiesResults...)
-		extendedScanResults.JasViolations.SecretsScanResults = append(extendedScanResults.JasViolations.SecretsScanResults, violationsResults...)
 		err = dumpSarifRunToFileIfNeeded(vulnerabilitiesResults, scansOutputDir, jasutils.Secrets)
 		return
 	}
@@ -153,13 +154,14 @@ func runIacScan(securityParallelRunner *utils.SecurityParallelRunner, scanner *j
 			securityParallelRunner.JasScannersWg.Done()
 		}()
 		vulnerabilitiesResults, violationsResults, err := iac.RunIacScan(scanner, module, threadId)
-		if err != nil {
-			return fmt.Errorf("%s %s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
-		}
 		securityParallelRunner.ResultsMu.Lock()
 		defer securityParallelRunner.ResultsMu.Unlock()
-		extendedScanResults.JasVulnerabilities.IacScanResults = append(extendedScanResults.JasVulnerabilities.IacScanResults, vulnerabilitiesResults...)
-		extendedScanResults.JasViolations.IacScanResults = append(extendedScanResults.JasViolations.IacScanResults, violationsResults...)
+
+		extendedScanResults.NewJasScanResults(jasutils.IaC, vulnerabilitiesResults, violationsResults, jas.GetAnalyzerManagerExitCode(err))
+
+		if err != nil {
+			return fmt.Errorf("%s%s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
+		}
 		err = dumpSarifRunToFileIfNeeded(vulnerabilitiesResults, scansOutputDir, jasutils.IaC)
 		return
 	}
@@ -172,13 +174,14 @@ func runSastScan(securityParallelRunner *utils.SecurityParallelRunner, scanner *
 			securityParallelRunner.JasScannersWg.Done()
 		}()
 		vulnerabilitiesResults, violationsResults, err := sast.RunSastScan(scanner, module, signedDescriptions, threadId)
-		if err != nil {
-			return fmt.Errorf("%s %s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
-		}
 		securityParallelRunner.ResultsMu.Lock()
 		defer securityParallelRunner.ResultsMu.Unlock()
-		extendedScanResults.JasVulnerabilities.SastScanResults = append(extendedScanResults.JasVulnerabilities.SastScanResults, vulnerabilitiesResults...)
-		extendedScanResults.JasViolations.SastScanResults = append(extendedScanResults.JasViolations.SastScanResults, violationsResults...)
+
+		extendedScanResults.NewJasScanResults(jasutils.Sast, vulnerabilitiesResults, violationsResults, jas.GetAnalyzerManagerExitCode(err))
+
+		if err != nil {
+			return fmt.Errorf("%s%s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
+		}
 		err = dumpSarifRunToFileIfNeeded(vulnerabilitiesResults, scansOutputDir, jasutils.Sast)
 		return
 	}
@@ -193,12 +196,14 @@ func runContextualScan(securityParallelRunner *utils.SecurityParallelRunner, sca
 		// Wait for sca scans to complete before running contextual scan
 		securityParallelRunner.ScaScansWg.Wait()
 		caScanResults, err := applicability.RunApplicabilityScan(scanResults.GetScaScansXrayResults(), *directDependencies, scanner, thirdPartyApplicabilityScan, scanType, module, threadId)
-		if err != nil {
-			return fmt.Errorf("%s %s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
-		}
 		securityParallelRunner.ResultsMu.Lock()
 		defer securityParallelRunner.ResultsMu.Unlock()
-		scanResults.JasResults.ApplicabilityScanResults = append(scanResults.JasResults.ApplicabilityScanResults, caScanResults...)
+
+		scanResults.JasResults.NewApplicabilityScanResults(caScanResults, jas.GetAnalyzerManagerExitCode(err))
+
+		if err != nil {
+			return fmt.Errorf("%s%s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
+		}
 		err = dumpSarifRunToFileIfNeeded(caScanResults, scansOutputDir, jasutils.Applicability)
 		return
 	}