Merge branch 'dev' of https://github.com/jfrog/jfrog-cli-security into fix-get-severity-details-applicability-status-switch

eranturgeman · eranturgeman · commit b8bde76297fb · 2025-10-12T12:11:32.000+03:00
diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go
@@ -23,7 +23,7 @@ import (
 const (
 	ApplicabilityFeatureId                    = "contextual_analysis"
 	AnalyzerManagerZipName                    = "analyzerManager.zip"
-	defaultAnalyzerManagerVersion             = "1.23.3"
+	defaultAnalyzerManagerVersion             = "1.23.9"
 	analyzerManagerDownloadPath               = "xsc-gen-exe-analyzer-manager-local/v1"
 	analyzerManagerDirName                    = "analyzerManager"
 	analyzerManagerExecutableName             = "analyzerManager"
diff --git a/utils/results/common.go b/utils/results/common.go
@@ -1103,10 +1103,12 @@ func getDataFromNode(node *xrayUtils.GraphNode, parsed *datastructures.Set[strin
 }
 
 func getNodeDirectDependencies(node *xrayUtils.GraphNode) (dependencies *[]string) {
-	dependencies = &[]string{}
+	depSet := datastructures.MakeSet[string]()
 	for _, dep := range node.Nodes {
-		*dependencies = append(*dependencies, techutils.XrayComponentIdToCdxComponentRef(dep.Id))
+		depSet.Add(techutils.XrayComponentIdToCdxComponentRef(dep.Id))
 	}
+	dependencies = &[]string{}
+	*dependencies = depSet.ToSlice()
 	return
 }
 
diff --git a/utils/results/common_test.go b/utils/results/common_test.go
@@ -1310,7 +1310,7 @@ func TestDepTreeToSbom(t *testing.T) {
 			expectedDependencies: &[]cyclonedx.Dependency{
 				{
 					Ref:          "npm:root:1.0.0",
-					Dependencies: &[]string{"npm:A:1.0.1", "npm:D:2.0.0", "npm:B:1.0.0"},
+					Dependencies: &[]string{"npm:A:1.0.1", "npm:B:1.0.0", "npm:D:2.0.0"},
 				},
 				{
 					Ref:          "npm:A:1.0.1",
@@ -1456,6 +1456,13 @@ func TestDepTreeToSbom(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			components, dependencies := DepsTreeToSbom(test.depTrees...)
+			if dependencies != nil {
+				for i := range *dependencies {
+					if (*dependencies)[i].Dependencies != nil {
+						sort.Strings(*(*dependencies)[i].Dependencies)
+					}
+				}
+			}
 			assert.Equal(t, test.expectedComponents, components)
 			assert.Equal(t, test.expectedDependencies, dependencies)
 		})

Original file line number	Diff line number	Diff line change
`@@ -1103,10 +1103,12 @@ func getDataFromNode(node xrayUtils.GraphNode, parsed datastructures.Set[strin`
`1103`	`1103`	`}`
`1104`	`1104`
`1105`	`1105`	`func getNodeDirectDependencies(node xrayUtils.GraphNode) (dependencies []string) {`
`1106`		`- dependencies = &[]string{}`
	`1106`	`+ depSet := datastructures.MakeSet[string]()`
`1107`	`1107`	`for _, dep := range node.Nodes {`
`1108`		`- dependencies = append(dependencies, techutils.XrayComponentIdToCdxComponentRef(dep.Id))`
	`1108`	`+ depSet.Add(techutils.XrayComponentIdToCdxComponentRef(dep.Id))`
`1109`	`1109`	`}`
	`1110`	`+ dependencies = &[]string{}`
	`1111`	`+ *dependencies = depSet.ToSlice()`
`1110`	`1112`	`return`
`1111`	`1113`	`}`
`1112`	`1114`