Add technology to audit params if provided by user through 'install' …

…command (#749)
jfrog · Sep 15, 2024 · 32170ad · 32170ad
1 parent 5402418
commit 32170ad
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -119,7 +119,7 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-// replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security dev
+replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.8.2-0.20240915195230-f6f8065c192e
 
 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
 

diff --git a/go.sum b/go.sum
@@ -901,8 +901,8 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
 github.com/jfrog/jfrog-cli-core/v2 v2.55.7 h1:V4dO2FMNIH49lov3dMj3jYRg8KBTG7hyhHI8ftYByf8=
 github.com/jfrog/jfrog-cli-core/v2 v2.55.7/go.mod h1:DPO5BfWAeOByahFMMy+PcjmbPlcyoRy7Bf2C5sGKVi0=
-github.com/jfrog/jfrog-cli-security v1.8.1 h1:VdU3pnI5iufqw1ctcvej7N6ao9dx4ADhwQIPETmtkYg=
-github.com/jfrog/jfrog-cli-security v1.8.1/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U=
+github.com/jfrog/jfrog-cli-security v1.8.2-0.20240915195230-f6f8065c192e h1:ez781jDFeMr1/odsF21AcvPDtrypflNQhddP4OnzXio=
+github.com/jfrog/jfrog-cli-security v1.8.2-0.20240915195230-f6f8065c192e/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U=
 github.com/jfrog/jfrog-client-go v1.46.2 h1:1rk7PliYGc7zVSFVE2/RO77JOR1KdEtr28os8GQiLyI=
 github.com/jfrog/jfrog-client-go v1.46.2/go.mod h1:qtQ9ML8xrRJmUwU/t6QRsov7C5mIZndTDY3qulgB5hA=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=

diff --git a/utils/params.go b/utils/params.go
@@ -4,8 +4,10 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/jfrog/jfrog-cli-security/utils/techutils"
 	"github.com/jfrog/jfrog-cli-security/utils/xsc"
 	"github.com/jfrog/jfrog-client-go/xsc/services"
+	"golang.org/x/exp/slices"
 	"net/http"
 	"net/url"
 	"os"
@@ -129,6 +131,21 @@ func (p *Project) setDefaultsIfNeeded() error {
 	return nil
 }
 
+func (p *Project) GetTechFromInstallCmdIfExists() []string {
+	var technologies []string
+	if p.InstallCommandName != "" {
+		if !slices.Contains(techutils.AllTechnologiesStrings, p.InstallCommandName) {
+			log.Warn(fmt.Sprintf("The technology ‘%s’ was inferred from the provided install command but is not listed among the supported technologies. Please provide an install command for one of the following supported technologies: %s", p.InstallCommandName, techutils.AllTechnologiesStrings))
+			return technologies
+		}
+		technologies = append(technologies, p.InstallCommandName)
+		if strings.ToLower(p.InstallCommandName) == "dotnet" {
+			technologies = append(technologies, "nuget")
+		}
+	}
+	return technologies
+}
+
 type Scan struct {
 	IncludeAllVulnerabilities       bool      `yaml:"includeAllVulnerabilities,omitempty"`
 	FixableOnly                     bool      `yaml:"fixableOnly,omitempty"`

diff --git a/utils/scandetails.go b/utils/scandetails.go
@@ -153,7 +153,8 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra
 		SetIgnoreConfigFile(true).
 		SetServerDetails(sc.ServerDetails).
 		SetInstallCommandName(sc.InstallCommandName).
-		SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true)
+		SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true).
+		SetTechnologies(sc.GetTechFromInstallCmdIfExists())
 
 	auditParams := audit.NewAuditParams().
 		SetWorkingDirs(workDirs).