pull dev

.github/workflows/analysis.yml

@@ -31,7 +31,7 @@ jobs:
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-go
+          restore-keys: ${{ runner.os }}-go-
       - name: Run Go vet
         run: go vet -v ./...
 

.github/workflows/frogbot-scan-repository.yml

@@ -10,6 +10,7 @@ permissions:
   security-events: write
 jobs:
   scan-repository:
+    name: Scan Repository (${{ matrix.branch }} branch)
     runs-on: ubuntu-latest
     strategy:
       matrix:

.github/workflows/mavenTests.yml

@@ -35,7 +35,7 @@ jobs:
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-go
+          restore-keys: ${{ runner.os }}-go-
       - name: Setup Maven v3.8.8 for macOS
         uses: stCarolas/[email protected]
         with:

.github/workflows/nugetTests.yml

@@ -43,7 +43,7 @@ jobs:
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-go
+          restore-keys: ${{ runner.os }}-go-
       - name: Setup Artifactory
         run: |
           go install github.com/jfrog/jfrog-testing-infra/local-rt-setup@latest

.github/workflows/xrayTests.yml

@@ -62,9 +62,11 @@ jobs:
         uses: actions/checkout@v3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
-      - name: Run Xray And Xsc tests
-        run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.${{ matrix.suite }} --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} --jfrog.user=${{ secrets.PLATFORM_USER }} --test.containerRegistry=${{ secrets.CONTAINER_REGISTRY }}
-        if: ${{ matrix.os != 'ubuntu-latest' }}
-      - name: Run Docker scan and Xray tests
+
+      - name: Run Xray tests (without Docker Scan)
+        run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.xray --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} --jfrog.user=${{ secrets.PLATFORM_USER }} --test.containerRegistry=${{ secrets.CONTAINER_REGISTRY }}
+        if: ${{ matrix.os != 'ubuntu' }}
+
+      - name: Run Xray tests (with Docker Scan, only on Ubuntu)
         run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.xray --test.dockerScan --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} --test.containerRegistry=${{ secrets.CONTAINER_REGISTRY }}
         if: ${{ matrix.os == 'ubuntu' }}

go.mod

@@ -125,7 +125,9 @@ require (
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344
 
-replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230904074759-623cdbd94d40
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230905110023-5f3ac877bde1
+
+// replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27
 
 replace github.com/jfrog/jfrog-client-go => github.com/eyaldelarea/jfrog-client-go v1.28.4-0.20230904072239-1e6715ddfa46
 

go.sum

@@ -133,8 +133,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230904074759-623cdbd94d40 h1:Fa2l91BN4PaWId59mxfIOvwMaYqTAwCCFKUzpCUhcdA=
-github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230904074759-623cdbd94d40/go.mod h1:XXfPmqg9mgS7eR8cgvKplyTWLfsv3IO2rnX3jmPkbb0=
+github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230905110023-5f3ac877bde1 h1:rOI3A/31hzN7GKZbIgfkhVLuknC9EvCe+R2PtOIvkCA=
+github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230905110023-5f3ac877bde1/go.mod h1:XXfPmqg9mgS7eR8cgvKplyTWLfsv3IO2rnX3jmPkbb0=
 github.com/eyaldelarea/jfrog-client-go v1.28.4-0.20230904072239-1e6715ddfa46 h1:9IqNDt2xaBhzyFXILsC5xaKQZUDT6Rx5UmStDtpTPTE=
 github.com/eyaldelarea/jfrog-client-go v1.28.4-0.20230904072239-1e6715ddfa46/go.mod h1:uUnMrqHX7Xi+OCaZEE4b3BtsmGeOSCB7XqaEWVXEH/E=
 github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ=

pip_test.go

@@ -4,7 +4,7 @@ import (
 	biutils "github.com/jfrog/build-info-go/utils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	coretests "github.com/jfrog/jfrog-cli-core/v2/utils/tests"
-	"github.com/jfrog/jfrog-cli-core/v2/xray/audit/python"
+	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/audit/sca/python"
 	clientTestUtils "github.com/jfrog/jfrog-client-go/utils/tests"
 	"os"
 	"path/filepath"

scan/cli.go

@@ -3,7 +3,6 @@ package scan
 import (
 	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/audit"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/curation"
-	xrCmdUtils "github.com/jfrog/jfrog-cli-core/v2/xray/commands/utils"
 	xrutils "github.com/jfrog/jfrog-cli-core/v2/xray/utils"
 	curationdocs "github.com/jfrog/jfrog-cli/docs/scan/curation"
 	"os"
@@ -172,7 +171,7 @@ func GetCommands() []cli.Command {
 }
 
 func AuditCmd(c *cli.Context) error {
-	auditCmd, err := createGenericAuditCmd(c)
+	auditCmd, err := createAuditCmd(c)
 	if err != nil {
 		return err
 	}
@@ -198,7 +197,7 @@ func AuditCmd(c *cli.Context) error {
 
 func AuditSpecificCmd(c *cli.Context, technology coreutils.Technology) error {
 	cliutils.LogNonGenericAuditCommandDeprecation(c.Command.Name)
-	auditCmd, err := createGenericAuditCmd(c)
+	auditCmd, err := createAuditCmd(c)
 	if err != nil {
 		return err
 	}
@@ -208,7 +207,7 @@ func AuditSpecificCmd(c *cli.Context, technology coreutils.Technology) error {
 }
 
 func CurationCmd(c *cli.Context) error {
-	threads, err := xrCmdUtils.DetectNumOfThreads(c.Int("threads"))
+	threads, err := curation.DetectNumOfThreads(c.Int("threads"))
 	if err != nil {
 		return err
 	}
@@ -234,7 +233,7 @@ func CurationCmd(c *cli.Context) error {
 	return progressbar.ExecWithProgress(curationAuditCommand)
 }
 
-func createGenericAuditCmd(c *cli.Context) (*audit.AuditCommand, error) {
+func createAuditCmd(c *cli.Context) (*audit.AuditCommand, error) {
 	auditCmd := audit.NewGenericAuditCommand()
 	err := validateXrayContext(c)
 	if err != nil {

xray_test.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	biutils "github.com/jfrog/build-info-go/utils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
+	"github.com/jfrog/jfrog-cli-core/v2/xray/scangraph"
 	xrayScan "github.com/jfrog/jfrog-client-go/xray/scan"
 	"net/http"
 	"net/http/httptest"
@@ -26,12 +27,11 @@ import (
 	artUtils "github.com/jfrog/jfrog-cli-core/v2/artifactory/utils"
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/container"
 	coreCmd "github.com/jfrog/jfrog-cli-core/v2/common/commands"
-	tests2 "github.com/jfrog/jfrog-cli-core/v2/common/tests"
+	commontests "github.com/jfrog/jfrog-cli-core/v2/common/tests"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	coretests "github.com/jfrog/jfrog-cli-core/v2/utils/tests"
 	coreCuration "github.com/jfrog/jfrog-cli-core/v2/xray/commands/curation"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/scan"
-	commands "github.com/jfrog/jfrog-cli-core/v2/xray/commands/utils"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/formats"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/utils"
 	"github.com/jfrog/jfrog-cli/inttestutils"
@@ -115,13 +115,13 @@ func TestXrayBinaryScanSimpleJsonWithProgress(t *testing.T) {
 }
 
 func testXrayBinaryScan(t *testing.T, format string) string {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	binariesPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "binaries", "*")
 	return xrayCli.RunCliCmdWithOutput(t, "scan", binariesPath, "--licenses", "--format="+format)
 }
 
 func TestXrayBinaryScanWithBypassArchiveLimits(t *testing.T) {
-	initXrayTest(t, commands.BypassArchiveLimitsMinXrayVersion)
+	initXrayTest(t, scan.BypassArchiveLimitsMinXrayVersion)
 	unsetEnv := clientTestUtils.SetEnvWithCallbackAndAssert(t, "JF_INDEXER_COMPRESS_MAXENTITIES", "10")
 	defer unsetEnv()
 	binariesPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "binaries", "*")
@@ -150,8 +150,9 @@ func TestXrayAuditNpmSimpleJson(t *testing.T) {
 
 func testXrayAuditNpm(t *testing.T, format string, isXsc bool) string {
 	if !isXsc {
-		initXrayTest(t, commands.GraphScanMinXrayVersion)
+		initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	}
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	npmProjectPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "npm")
@@ -194,7 +195,7 @@ func TestXrayAuditYarnV1SimpleJson(t *testing.T) {
 }
 
 func testXrayAuditYarn(t *testing.T, projectDirName string, yarnCmd func()) {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	yarnProjectPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", projectDirName)
@@ -231,7 +232,7 @@ func TestXrayAuditNugetMultiProject(t *testing.T) {
 }
 
 func testXrayAuditNuget(t *testing.T, projectName, format string) string {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	projectPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "nuget", projectName)
@@ -257,7 +258,7 @@ func TestXrayAuditGradleSimpleJson(t *testing.T) {
 }
 
 func testXrayAuditGradle(t *testing.T, format string) string {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	gradleProjectPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "gradle")
@@ -281,7 +282,7 @@ func TestXrayAuditMavenSimpleJson(t *testing.T) {
 }
 
 func testXrayAuditMaven(t *testing.T, format string) string {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	mvnProjectPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "maven")
@@ -295,7 +296,7 @@ func testXrayAuditMaven(t *testing.T, format string) string {
 }
 
 func TestXrayAuditNoTech(t *testing.T) {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	prevWd := changeWD(t, tempDirPath)
@@ -306,7 +307,7 @@ func TestXrayAuditNoTech(t *testing.T) {
 }
 
 func TestXrayAuditDetectTech(t *testing.T) {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	mvnProjectPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "maven")
@@ -324,7 +325,7 @@ func TestXrayAuditDetectTech(t *testing.T) {
 }
 
 func TestXrayAuditMultiProjects(t *testing.T) {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	multiProject := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray")
@@ -362,7 +363,7 @@ func TestXrayAuditPipSimpleJsonWithRequirementsFile(t *testing.T) {
 }
 
 func testXrayAuditPip(t *testing.T, format, requirementsFile string) string {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	pipProjectPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "python", "pip")
@@ -391,7 +392,7 @@ func TestXrayAuditPipenvSimpleJson(t *testing.T) {
 }
 
 func testXrayAuditPipenv(t *testing.T, format string) string {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	pipenvProjectPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "python", "pipenv")
@@ -453,7 +454,7 @@ func TestXrayAuditPoetrySimpleJson(t *testing.T) {
 }
 
 func testXrayAuditPoetry(t *testing.T, format string) string {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	poetryProjectPath := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray", "python", "poetry")
@@ -618,7 +619,7 @@ func runDockerScan(t *testing.T, imageName, watchName string, minViolations, min
 
 func createTestWatch(t *testing.T) (string, func()) {
 	trueValue := true
-	xrayManager, err := commands.CreateXrayServiceManager(xrayDetails)
+	xrayManager, err := utils.CreateXrayServiceManager(xrayDetails)
 	assert.NoError(t, err)
 	// Create new default policy.
 	policyParams := xrayUtils.PolicyParams{
@@ -682,7 +683,7 @@ func TestXrayAuditJasNoViolationsSimpleJson(t *testing.T) {
 }
 
 func testXrayAuditJas(t *testing.T, format string, project string) string {
-	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
 	projectDir := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), filepath.Join("xray", project))
@@ -706,9 +707,9 @@ func verifySimpleJsonJasResults(t *testing.T, content string, minIacViolations,
 		assert.GreaterOrEqual(t, len(results.Iacs), minIacViolations, "Found less IaC then expected")
 		var applicableResults, notApplicableResults int
 		for _, vuln := range results.Vulnerabilities {
-			if utils.ApplicabilityStatus(vuln.Applicable) == utils.NotApplicable {
+			if vuln.Applicable == string(utils.NotApplicable) {
 				notApplicableResults++
-			} else if utils.ApplicabilityStatus(vuln.Applicable) == utils.Applicable {
+			} else if vuln.Applicable == string(utils.Applicable) {
 				applicableResults++
 			}
 		}
@@ -806,7 +807,7 @@ func getCurationExpectedResponse(config *config.ServerDetails) []coreCuration.Pa
 
 func curationServer(t *testing.T, expectedRequest map[string]bool, requestToFail map[string]bool) (*httptest.Server, *config.ServerDetails) {
 	mapLockReadWrite := sync.Mutex{}
-	serverMock, config, _ := tests2.CreateRtRestsMockServer(t, func(w http.ResponseWriter, r *http.Request) {
+	serverMock, config, _ := commontests.CreateRtRestsMockServer(t, func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == http.MethodHead {
 			mapLockReadWrite.Lock()
 			if _, exist := expectedRequest[r.RequestURI]; exist {

xsc_test.go

@@ -1,7 +1,7 @@
 package main
 
 import (
-	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/utils"
+	"github.com/jfrog/jfrog-cli-core/v2/xray/scangraph"
 	"github.com/jfrog/jfrog-cli/utils/tests"
 	clientutils "github.com/jfrog/jfrog-client-go/utils"
 	"testing"
@@ -20,6 +20,6 @@ func validateXscVersion(t *testing.T, minVersion string) {
 	}
 }
 func TestXSCAudit(t *testing.T) {
-	initXscTest(t, utils.XscMinVersion)
+	initXscTest(t, scangraph.XscMinVersion)
 	testXrayAuditNpm(t, "json", true)
 }