Record SARIF results after security commands to upload for GitHub (#138)

Author: attiasas

commands/audit/audit.go

@@ -140,7 +140,6 @@ func (auditCmd *AuditCommand) Run() (err error) {
 		SetOutputFormat(auditCmd.OutputFormat()).
 		SetPrintExtendedTable(auditCmd.PrintExtendedTable).
 		SetExtraMessages(messages).
-		SetScanType(services.Dependency).
 		SetSubScansPreformed(auditCmd.ScansToPerform()).
 		PrintScanResults(); err != nil {
 		return
@@ -170,7 +169,7 @@ func (auditCmd *AuditCommand) HasViolationContext() bool {
 // If the current server is entitled for JAS, the advanced security results will be included in the scan results.
 func RunAudit(auditParams *AuditParams) (results *utils.Results, err error) {
 	// Initialize Results struct
-	results = utils.NewAuditResults()
+	results = utils.NewAuditResults(utils.SourceCode)
 	serverDetails, err := auditParams.ServerDetails()
 	if err != nil {
 		return

commands/curation/curationaudit.go

@@ -4,6 +4,14 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
+	"regexp"
+	"sort"
+	"strings"
+	"sync"
+
 	"golang.org/x/exp/maps"
 
 	"github.com/jfrog/gofrog/datastructures"
@@ -28,13 +36,6 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	xrayClient "github.com/jfrog/jfrog-client-go/xray"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
-	"net/http"
-	"os"
-	"path/filepath"
-	"regexp"
-	"sort"
-	"strings"
-	"sync"
 )
 
 const (

commands/curation/curationaudit_test.go

@@ -979,7 +979,14 @@ func Test_convertResultsToSummary(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			assert.ElementsMatch(t, tt.expected.Scans, convertResultsToSummary(tt.input).Scans)
+			summary := convertResultsToSummary(tt.input)
+			// Sort Blocked base on count (low first) to make the test deterministic
+			for _, scan := range summary.Scans {
+				sort.Slice(scan.CuratedPackages.Blocked, func(i, j int) bool {
+					return len(scan.CuratedPackages.Blocked[i].Packages) < len(scan.CuratedPackages.Blocked[j].Packages)
+				})
+			}
+			assert.Equal(t, tt.expected, summary)
 		})
 	}
 }

commands/enrich/enrich.go

@@ -190,7 +190,7 @@ func (enrichCmd *EnrichCommand) Run() (err error) {
 	scanErrors = appendErrorSlice(scanErrors, fileProducerErrors)
 	scanErrors = appendErrorSlice(scanErrors, indexedFileProducerErrors)
 
-	scanResults := xrutils.NewAuditResults()
+	scanResults := xrutils.NewAuditResults(utils.SBOM)
 	scanResults.XrayVersion = xrayVersion
 	scanResults.ScaResults = flatResults
 

commands/scan/buildscan.go

@@ -149,7 +149,7 @@ func (bsc *BuildScanCommand) runBuildScanAndPrintResults(xrayManager *xray.XrayS
 		XrayDataUrl:     buildScanResults.MoreDetailsUrl,
 	}}
 
-	scanResults := utils.NewAuditResults()
+	scanResults := utils.NewAuditResults(utils.Build)
 	scanResults.XrayVersion = xrayVersion
 	scanResults.ScaResults = []*utils.ScaScanResult{{Target: fmt.Sprintf("%s (%s)", params.BuildName, params.BuildNumber), XrayResults: scanResponse}}
 
@@ -160,7 +160,6 @@ func (bsc *BuildScanCommand) runBuildScanAndPrintResults(xrayManager *xray.XrayS
 		SetIncludeLicenses(false).
 		SetIsMultipleRootProject(true).
 		SetPrintExtendedTable(bsc.printExtendedTable).
-		SetScanType(services.Binary).
 		SetExtraMessages(nil)
 
 	if bsc.outputFormat != outputFormat.Table {

commands/scan/dockerscan.go

@@ -96,12 +96,19 @@ func (dsc *DockerScanCommand) Run() (err error) {
 			err = errorutils.CheckError(e)
 		}
 	}()
-	return dsc.ScanCommand.RunAndRecordResults(func(scanResults *utils.Results) (err error) {
+	return dsc.ScanCommand.RunAndRecordResults(utils.DockerImage, func(scanResults *utils.Results) (err error) {
 		if scanResults == nil {
 			return
 		}
+		if scanResults.ScaResults != nil {
+			for _, result := range scanResults.ScaResults {
+				result.Name = dsc.imageTag
+			}
+		}
 		dsc.analyticsMetricsService.UpdateGeneralEvent(dsc.analyticsMetricsService.CreateXscAnalyticsGeneralEventFinalizeFromAuditResults(scanResults))
-
+		if err = utils.RecordSarifOutput(scanResults); err != nil {
+			return
+		}
 		return utils.RecordSecurityCommandSummary(utils.NewDockerScanSummary(
 			scanResults,
 			dsc.ScanCommand.serverDetails,

commands/scan/scan.go

@@ -194,7 +194,10 @@ func (scanCmd *ScanCommand) indexFile(filePath string) (*xrayUtils.BinaryGraphNo
 }
 
 func (scanCmd *ScanCommand) Run() (err error) {
-	return scanCmd.RunAndRecordResults(func(scanResults *utils.Results) error {
+	return scanCmd.RunAndRecordResults(utils.Binary, func(scanResults *utils.Results) (err error) {
+		if err = utils.RecordSarifOutput(scanResults); err != nil {
+			return
+		}
 		return utils.RecordSecurityCommandSummary(utils.NewBinaryScanSummary(
 			scanResults,
 			scanCmd.serverDetails,
@@ -204,7 +207,7 @@ func (scanCmd *ScanCommand) Run() (err error) {
 	})
 }
 
-func (scanCmd *ScanCommand) RunAndRecordResults(recordResFunc func(scanResults *utils.Results) error) (err error) {
+func (scanCmd *ScanCommand) RunAndRecordResults(cmdType utils.CommandType, recordResFunc func(scanResults *utils.Results) error) (err error) {
 	defer func() {
 		if err != nil {
 			var e *exec.ExitError
@@ -220,7 +223,7 @@ func (scanCmd *ScanCommand) RunAndRecordResults(recordResFunc func(scanResults *
 		return err
 	}
 
-	scanResults := utils.NewAuditResults()
+	scanResults := utils.NewAuditResults(cmdType)
 	scanResults.XrayVersion = xrayVersion
 	if scanCmd.analyticsMetricsService != nil {
 		scanResults.MultiScanId = scanCmd.analyticsMetricsService.GetMsi()
@@ -323,15 +326,10 @@ func (scanCmd *ScanCommand) RunAndRecordResults(recordResFunc func(scanResults *
 		SetIncludeLicenses(scanCmd.includeLicenses).
 		SetPrintExtendedTable(scanCmd.printExtendedTable).
 		SetIsMultipleRootProject(scanResults.IsMultipleProject()).
-		SetScanType(services.Binary).
 		PrintScanResults(); err != nil {
 		return
 	}
 
-	if err != nil {
-		return err
-	}
-
 	if err = recordResFunc(scanResults); err != nil {
 		return err
 	}