diff --git a/commands/audit/audit.go b/commands/audit/audit.go index 53ad656f2..a86f662f5 100644 --- a/commands/audit/audit.go +++ b/commands/audit/audit.go @@ -105,11 +105,12 @@ func (auditCmd *AuditCommand) SetThreads(threads int) *AuditCommand { } // Create a results context based on the provided parameters. resolves conflicts between the parameters based on the retrieved platform watches. -func CreateAuditResultsContext(serverDetails *config.ServerDetails, xrayVersion string, watches []string, artifactoryRepoPath, projectKey, gitRepoHttpsCloneUrl string, includeVulnerabilities, includeLicenses, includeSbom bool) (context results.ResultContext) { +func CreateAuditResultsContext(serverDetails *config.ServerDetails, xrayVersion string, watches []string, artifactoryRepoPath, projectKey, gitRepoHttpsCloneUrl, applicationKey string, includeVulnerabilities, includeLicenses, includeSbom bool) (context results.ResultContext) { context = results.ResultContext{ RepoPath: artifactoryRepoPath, Watches: watches, ProjectKey: projectKey, + ApplicationKey: applicationKey, IncludeVulnerabilities: shouldIncludeVulnerabilities(includeVulnerabilities, watches, artifactoryRepoPath, projectKey, ""), IncludeLicenses: includeLicenses, IncludeSbom: includeSbom, @@ -183,6 +184,8 @@ func (auditCmd *AuditCommand) Run() (err error) { auditCmd.targetRepoPath, auditCmd.projectKey, auditCmd.gitRepoHttpsCloneUrl, + // AppTrust is currently not supported in Audit command, therefore we pass an empty applicationKey + "", auditCmd.IncludeVulnerabilities, auditCmd.IncludeLicenses, auditCmd.IncludeSbom, @@ -496,6 +499,7 @@ func addJasScansToRunner(auditParallelRunner *utils.SecurityParallelRunner, audi auditParams.GetMultiScanId(), utils.GetGitRepoUrlKey(auditParams.resultsContext.GitRepoHttpsCloneUrl), auditParams.resultsContext.ProjectKey, + auditParams.resultsContext.ApplicationKey, auditParams.resultsContext.Watches, scanResults.GetTechnologies()..., ), diff --git a/commands/audit/audit_test.go b/commands/audit/audit_test.go index 5c90af41f..937f3a9c1 100644 --- a/commands/audit/audit_test.go +++ b/commands/audit/audit_test.go @@ -834,6 +834,7 @@ func TestCreateResultsContext(t *testing.T) { mockWatches := []string{"watch-1", "watch-2"} mockProjectKey := "project" mockArtifactoryRepoPath := "repo/path" + mockApplicationKey := "app-key" tests := []struct { name string @@ -867,6 +868,7 @@ func TestCreateResultsContext(t *testing.T) { httpCloneUrl string watches []string jfrogProjectKey string + jfrogApplicationKey string includeVulnerabilities bool includeLicenses bool includeSbom bool @@ -875,6 +877,7 @@ func TestCreateResultsContext(t *testing.T) { expectedHttpCloneUrl string expectedWatches []string expectedJfrogProjectKey string + expectedJfrogApplicationKey string expectedIncludeVulnerabilities bool expectedIncludeLicenses bool expectedIncludeSbom bool @@ -905,6 +908,12 @@ func TestCreateResultsContext(t *testing.T) { includeLicenses: true, expectedIncludeLicenses: true, }, + { + name: "Application Key", + jfrogApplicationKey: mockApplicationKey, + expectedJfrogApplicationKey: mockApplicationKey, + expectedIncludeVulnerabilities: true, + }, { name: "Git Clone Url", httpCloneUrl: validations.TestMockGitInfo.Source.GitRepoHttpsCloneUrl, @@ -916,6 +925,7 @@ func TestCreateResultsContext(t *testing.T) { httpCloneUrl: validations.TestMockGitInfo.Source.GitRepoHttpsCloneUrl, watches: mockWatches, jfrogProjectKey: mockProjectKey, + jfrogApplicationKey: mockApplicationKey, includeVulnerabilities: true, includeLicenses: true, includeSbom: true, @@ -923,6 +933,7 @@ func TestCreateResultsContext(t *testing.T) { expectedHttpCloneUrl: testCaseExpectedGitRepoHttpsCloneUrl, expectedWatches: mockWatches, expectedJfrogProjectKey: mockProjectKey, + expectedJfrogApplicationKey: mockApplicationKey, expectedIncludeVulnerabilities: true, expectedIncludeLicenses: true, expectedIncludeSbom: true, @@ -932,11 +943,12 @@ func TestCreateResultsContext(t *testing.T) { t.Run(fmt.Sprintf("%s - %s", test.name, testCase.name), func(t *testing.T) { mockServer, serverDetails, _ := validations.XrayServer(t, validations.MockServerParams{XrayVersion: test.xrayVersion, ReturnMockPlatformWatches: test.expectedPlatformWatches}) defer mockServer.Close() - context := CreateAuditResultsContext(serverDetails, test.xrayVersion, testCase.watches, testCase.artifactoryRepoPath, testCase.jfrogProjectKey, testCase.httpCloneUrl, testCase.includeVulnerabilities, testCase.includeLicenses, testCase.includeSbom) + context := CreateAuditResultsContext(serverDetails, test.xrayVersion, testCase.watches, testCase.artifactoryRepoPath, testCase.jfrogProjectKey, testCase.httpCloneUrl, testCase.jfrogApplicationKey, testCase.includeVulnerabilities, testCase.includeLicenses, testCase.includeSbom) assert.Equal(t, testCase.expectedArtifactoryRepoPath, context.RepoPath) assert.Equal(t, testCase.expectedHttpCloneUrl, context.GitRepoHttpsCloneUrl) assert.Equal(t, testCase.expectedWatches, context.Watches) assert.Equal(t, testCase.expectedJfrogProjectKey, context.ProjectKey) + assert.Equal(t, testCase.expectedJfrogApplicationKey, context.ApplicationKey) assert.Equal(t, testCase.expectedIncludeVulnerabilities, context.IncludeVulnerabilities) assert.Equal(t, testCase.expectedIncludeLicenses, context.IncludeLicenses) assert.Equal(t, testCase.expectedIncludeSbom, context.IncludeSbom) diff --git a/commands/git/audit/gitaudit.go b/commands/git/audit/gitaudit.go index 4ccc8b969..49609ae52 100644 --- a/commands/git/audit/gitaudit.go +++ b/commands/git/audit/gitaudit.go @@ -84,6 +84,8 @@ func toAuditParams(params GitAuditParams) *sourceAudit.AuditParams { params.resultsContext.RepoPath, params.resultsContext.ProjectKey, params.source.Source.GitRepoHttpsCloneUrl, + // AppTrust is currently not supported in Git Audit command, therefore we pass an empty applicationKey + "", params.resultsContext.IncludeVulnerabilities, params.resultsContext.IncludeLicenses, false, diff --git a/commands/scan/scan.go b/commands/scan/scan.go index c0ac93039..0f547f71c 100644 --- a/commands/scan/scan.go +++ b/commands/scan/scan.go @@ -522,9 +522,11 @@ func (scanCmd *ScanCommand) RunBinaryJasScans(cmdType utils.CommandType, msi str jas.NotDiffScanEnvValue, jas.GetAnalyzerManagerXscEnvVars( msi, - // Passing but empty since not supported for binary scans - scanCmd.resultsContext.GitRepoHttpsCloneUrl, + // GitRepoHttpsCloneUrl is not relevant for binary scans, therefore we pass an empty value + "", scanCmd.resultsContext.ProjectKey, + // AppTrust is not supported for binary scans, therefore we pass an empty applicationKey + "", scanCmd.resultsContext.Watches, targetResults.GetTechnologies()..., ), diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index f7ca63d5b..d52384668 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -39,6 +39,7 @@ const ( watchesEnvVariable = "AM_WATCHES" projectEnvVariable = "AM_PROJECT_KEY" gitRepoEnvVariable = "AM_GIT_REPO_VIOLATIONS" + applicationKeyEnvVariable = "AM_APPLICATION_KEY" notEntitledExitCode = 31 unsupportedCommandExitCode = 13 unsupportedOsExitCode = 55 diff --git a/jas/common.go b/jas/common.go index 1a29f4930..f196f5940 100644 --- a/jas/common.go +++ b/jas/common.go @@ -450,7 +450,7 @@ func CheckForSecretValidation(xrayManager *xray.XrayServicesManager, xrayVersion return err == nil && isEnabled } -func GetAnalyzerManagerXscEnvVars(msi string, gitRepoUrl, projectKey string, watches []string, technologies ...techutils.Technology) map[string]string { +func GetAnalyzerManagerXscEnvVars(msi string, gitRepoUrl, projectKey, applicationKey string, watches []string, technologies ...techutils.Technology) map[string]string { envVars := map[string]string{utils.JfMsiEnvVariable: msi} if gitRepoUrl != "" { envVars[gitRepoEnvVariable] = gitRepoUrl @@ -458,6 +458,9 @@ func GetAnalyzerManagerXscEnvVars(msi string, gitRepoUrl, projectKey string, wat if projectKey != "" { envVars[projectEnvVariable] = projectKey } + if applicationKey != "" { + envVars[applicationKeyEnvVariable] = applicationKey + } if len(watches) > 0 { envVars[watchesEnvVariable] = strings.Join(watches, ",") } diff --git a/jas/common_test.go b/jas/common_test.go index d5f907f8f..ad5be8486 100644 --- a/jas/common_test.go +++ b/jas/common_test.go @@ -416,6 +416,7 @@ func TestGetAnalyzerManagerXscEnvVars(t *testing.T) { msi string gitRepoUrl string projectKey string + applicationKey string watches []string technologies []techutils.Technology expectedOutput map[string]string @@ -482,10 +483,24 @@ func TestGetAnalyzerManagerXscEnvVars(t *testing.T) { watchesEnvVariable: "watch1,watch2", }, }, + { + name: "With Application Key", + msi: "msi", + gitRepoUrl: "gitRepoUrl", + applicationKey: "appKey", + technologies: []techutils.Technology{techutils.Npm}, + expectedOutput: map[string]string{ + JfPackageManagerEnvVariable: string(techutils.Npm), + JfLanguageEnvVariable: string(techutils.JavaScript), + utils.JfMsiEnvVariable: "msi", + gitRepoEnvVariable: "gitRepoUrl", + applicationKeyEnvVariable: "appKey", + }, + }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { - assert.Equal(t, test.expectedOutput, GetAnalyzerManagerXscEnvVars(test.msi, test.gitRepoUrl, test.projectKey, test.watches, test.technologies...)) + assert.Equal(t, test.expectedOutput, GetAnalyzerManagerXscEnvVars(test.msi, test.gitRepoUrl, test.projectKey, test.applicationKey, test.watches, test.technologies...)) }) } } diff --git a/jas/runner/jasrunner_test.go b/jas/runner/jasrunner_test.go index 6854c3d07..74c7f8c81 100644 --- a/jas/runner/jasrunner_test.go +++ b/jas/runner/jasrunner_test.go @@ -43,7 +43,7 @@ func TestJasRunner(t *testing.T) { securityParallelRunnerForTest := utils.CreateSecurityParallelRunner(cliutils.Threads) targetResults := results.NewCommandResults(utils.SourceCode).SetEntitledForJas(true).SetSecretValidation(true).NewScanResults(results.ScanTarget{Target: "target", Technology: techutils.Pip}) - jasScanner, err := jas.NewJasScanner(&jas.FakeServerDetails, jas.WithEnvVars(false, jas.NotDiffScanEnvValue, jas.GetAnalyzerManagerXscEnvVars("", "", "", []string{}, targetResults.GetTechnologies()...))) + jasScanner, err := jas.NewJasScanner(&jas.FakeServerDetails, jas.WithEnvVars(false, jas.NotDiffScanEnvValue, jas.GetAnalyzerManagerXscEnvVars("", "", "", "", []string{}, targetResults.GetTechnologies()...))) assert.NoError(t, err) targetResults.ScaScanResults(0, jas.FakeBasicXrayResults[0]) diff --git a/sca/bom/buildinfo/technologies/conan/conan_test.go b/sca/bom/buildinfo/technologies/conan/conan_test.go index 6bedc5cf5..f23962499 100644 --- a/sca/bom/buildinfo/technologies/conan/conan_test.go +++ b/sca/bom/buildinfo/technologies/conan/conan_test.go @@ -18,10 +18,10 @@ var expectedResult = &xrayUtils.GraphNode{ Nodes: []*xrayUtils.GraphNode{ {Id: "conan://zlib:1.3.1"}, {Id: "conan://openssl:3.0.9", Nodes: []*xrayUtils.GraphNode{{Id: "conan://zlib:1.3.1"}}}, - {Id: "conan://meson:1.4.1", Nodes: []*xrayUtils.GraphNode{{Id: "conan://ninja:1.12.1"}}}, + {Id: "conan://meson:1.4.1", Nodes: []*xrayUtils.GraphNode{{Id: "conan://ninja:1.13.0"}}}, }, } -var expectedUniqueDeps = []string{"conan://openssl:3.0.9", "conan://zlib:1.3.1", "conan://meson:1.4.1", "conan://ninja:1.12.1"} +var expectedUniqueDeps = []string{"conan://openssl:3.0.9", "conan://zlib:1.3.1", "conan://meson:1.4.1", "conan://ninja:1.13.0"} func TestParseConanDependencyTree(t *testing.T) { _, cleanUp := technologies.CreateTestWorkspace(t, filepath.Join("other", "conan")) @@ -58,7 +58,7 @@ func TestCalculateUniqueDeps(t *testing.T) { "1": {Name: "zlib", Version: "1.3.1"}, "2": {Name: "openssl", Version: "3.0.9"}, "3": {Name: "meson", Version: "1.4.1"}, - "4": {Name: "ninja", Version: "1.12.1"}, + "4": {Name: "ninja", Version: "1.13.0"}, "5": {Name: "openssl", Version: "3.0.9"}, // duplicate, should be removed } diff --git a/tests/testdata/other/conan/dependencies.json b/tests/testdata/other/conan/dependencies.json index 1d433243b..488361456 100644 --- a/tests/testdata/other/conan/dependencies.json +++ b/tests/testdata/other/conan/dependencies.json @@ -133,7 +133,7 @@ "visible": true }, "4": { - "ref": "ninja/1.12.1", + "ref": "ninja/1.13.0", "run": true, "libs": false, "skip": false, @@ -887,7 +887,7 @@ "vendor": false, "dependencies": { "4": { - "ref": "ninja/1.12.1", + "ref": "ninja/1.13.0", "run": true, "libs": false, "skip": false, @@ -906,7 +906,7 @@ "test": false }, "4": { - "ref": "ninja/1.12.1#fd583651bf0c6a901943495d49878803", + "ref": "ninja/1.13.0#fd583651bf0c6a901943495d49878803", "id": "4", "recipe": "Downloaded", "package_id": "3593751651824fb813502c69c971267624ced41a", @@ -937,7 +937,7 @@ "win_bash_run": null, "default_options": null, "options_description": null, - "version": "1.12.1", + "version": "1.13.0", "topics": [ "ninja", "build" @@ -993,7 +993,7 @@ } }, "conf_info": {}, - "label": "ninja/1.12.1", + "label": "ninja/1.13.0", "info": { "settings": { "os": "Linux", @@ -1012,7 +1012,7 @@ }, "overrides": {}, "resolved_ranges": { - "ninja/[>=1.10.2 <2]": "ninja/1.12.1" + "ninja/[>=1.10.2 <2]": "ninja/1.13.0" }, "replaced_requires": {}, "error": null diff --git a/utils/results/results.go b/utils/results/results.go index 5cef4bd6d..5031c77ad 100644 --- a/utils/results/results.go +++ b/utils/results/results.go @@ -55,6 +55,8 @@ type ResultContext struct { ProjectKey string `json:"project_key,omitempty"` // (Resource) If gitRepository is provided we will fetch the watches defined on the git repository. GitRepoHttpsCloneUrl string `json:"git_repo_key,omitempty"` + // (Resource) If applicationKey is provided we will fetch the watches defined on the application, and the scans will be performed and presented in the Application context only. + ApplicationKey string `json:"application_key,omitempty"` // If non of the above is provided or requested, the results will include vulnerabilities IncludeVulnerabilities bool `json:"include_vulnerabilities"` // If requested, the results will include licenses