Get Extended value for SARIF record (#220)

jfrog · Nov 4, 2024 · ebfda25 · ebfda25
1 parent 83b152a
commit ebfda25
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 17 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -229,7 +229,7 @@ jobs:
 
   Code_Coverage:
     name: Generate Code Coverage Report
-    if: github.event_name == 'pull_request'
+    if: github.event_name == 'pull_request_target'
     runs-on: ubuntu-latest
     needs: [Unit_Tests]
     permissions:

diff --git a/commands/scan/dockerscan.go b/commands/scan/dockerscan.go
@@ -109,7 +109,7 @@ func (dsc *DockerScanCommand) Run() (err error) {
 
 func (dsc *DockerScanCommand) recordResults(scanResults *results.SecurityCommandResults) (err error) {
 	hasViolationContext := dsc.ScanCommand.hasViolationContext()
-	if err = output.RecordSarifOutput(scanResults, dsc.ScanCommand.includeVulnerabilities, hasViolationContext); err != nil {
+	if err = output.RecordSarifOutput(scanResults, dsc.ScanCommand.serverDetails, dsc.ScanCommand.includeVulnerabilities, hasViolationContext); err != nil {
 		return
 	}
 	var summary output.ScanCommandResultSummary

diff --git a/commands/scan/scan.go b/commands/scan/scan.go
@@ -210,7 +210,7 @@ func (scanCmd *ScanCommand) Run() (err error) {
 
 func (scanCmd *ScanCommand) recordResults(scanResults *results.SecurityCommandResults) (err error) {
 	hasViolationContext := scanCmd.hasViolationContext()
-	if err = output.RecordSarifOutput(scanResults, scanCmd.includeVulnerabilities, hasViolationContext); err != nil {
+	if err = output.RecordSarifOutput(scanResults, scanCmd.serverDetails, scanCmd.includeVulnerabilities, hasViolationContext); err != nil {
 		return
 	}
 	var summary output.ScanCommandResultSummary

diff --git a/go.mod b/go.mod
@@ -10,8 +10,8 @@ require (
 	github.com/jfrog/froggit-go v1.16.2
 	github.com/jfrog/gofrog v1.7.6
 	github.com/jfrog/jfrog-apps-config v1.0.1
-	github.com/jfrog/jfrog-cli-core/v2 v2.56.4
-	github.com/jfrog/jfrog-client-go v1.47.3
+	github.com/jfrog/jfrog-cli-core/v2 v2.56.5
+	github.com/jfrog/jfrog-client-go v1.47.4
 	github.com/magiconair/properties v1.8.7
 	github.com/owenrumney/go-sarif/v2 v2.3.0
 	github.com/stretchr/testify v1.9.0

diff --git a/go.sum b/go.sum
@@ -130,10 +130,10 @@ github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s=
 github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-core/v2 v2.56.4 h1:LqByz2FmVTDQm/u2xGeTL6O8Hs9JadaTj3QMpel9ZwY=
-github.com/jfrog/jfrog-cli-core/v2 v2.56.4/go.mod h1:AwQ9WuOA64g3torX9K5kP0xFAAbchfRInhZwbufoW+Q=
-github.com/jfrog/jfrog-client-go v1.47.3 h1:99/JSSgU0rvnM2zWYos2n+Gz1IYLCUoIorE4Xco+Dew=
-github.com/jfrog/jfrog-client-go v1.47.3/go.mod h1:NepfaidmK/xiKsVC+0Ur9sANOqL6io8Y7pSaCau7J6o=
+github.com/jfrog/jfrog-cli-core/v2 v2.56.5 h1:jigHavEpmfBV5tRHkVSW4B/GG5F54UOdNEt2jVyP0qc=
+github.com/jfrog/jfrog-cli-core/v2 v2.56.5/go.mod h1:XlN2hMNiNFeNM9aR8H29RZkenI39lDe+LE+BTm1dM6k=
+github.com/jfrog/jfrog-client-go v1.47.4 h1:4FAuDDvoDRy9LEFe1WwUO5prBXkgyhaWGEZ0vXYL/Z4=
+github.com/jfrog/jfrog-client-go v1.47.4/go.mod h1:NepfaidmK/xiKsVC+0Ur9sANOqL6io8Y7pSaCau7J6o=
 github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
 github.com/k0kubun/pp v3.0.1+incompatible/go.mod h1:GWse8YhT0p8pT4ir3ZgBbfZild3tgzSScAn6HmfYukg=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=

diff --git a/utils/results/output/securityJobSummary.go b/utils/results/output/securityJobSummary.go
@@ -184,14 +184,18 @@ func RecordSecurityCommandSummary(content ScanCommandResultSummary) (err error)
 	return manager.Record(content)
 }
 
-func RecordSarifOutput(cmdResults *results.SecurityCommandResults, includeVulnerabilities, hasViolationContext bool, requestedScans ...utils.SubScanType) (err error) {
+func RecordSarifOutput(cmdResults *results.SecurityCommandResults, serverDetails *config.ServerDetails, includeVulnerabilities, hasViolationContext bool, requestedScans ...utils.SubScanType) (err error) {
 	// Verify if we should record the results
 	manager, err := getRecordManager()
 	if err != nil || manager == nil {
 		return
 	}
-	if !cmdResults.EntitledForJas || !commandsummary.StaticMarkdownConfig.IsExtendedSummary() {
-		// If no JAS no GHAS
+	record, err := ifNoJasNoGHAS(cmdResults, serverDetails)
+	if err != nil {
+		return
+	}
+	if !record {
+		// No JAS no GHAS
 		log.Info("Results can be uploaded to Github security tab automatically by upgrading your JFrog subscription.")
 		return
 	}
@@ -214,6 +218,13 @@ func RecordSarifOutput(cmdResults *results.SecurityCommandResults, includeVulner
 	return manager.RecordWithIndex(out, commandsummary.SarifReport)
 }
 
+func ifNoJasNoGHAS(cmdResults *results.SecurityCommandResults, serverDetails *config.ServerDetails) (extended bool, err error) {
+	if !cmdResults.EntitledForJas {
+		return
+	}
+	return commandsummary.CheckExtendedSummaryEntitled(serverDetails.Url)
+}
+
 func CombineSarifOutputFiles(dataFilePaths []string) (data []byte, err error) {
 	if len(dataFilePaths) == 0 {
 		return

diff --git a/utils/results/output/securityJobSummary_test.go b/utils/results/output/securityJobSummary_test.go
@@ -2,7 +2,13 @@ package output
 
 import (
 	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/commandsummary"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	coreUtils "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests"
 	"github.com/jfrog/jfrog-cli-security/utils"
@@ -13,10 +19,6 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	clientTests "github.com/jfrog/jfrog-client-go/utils/tests"
 	"github.com/stretchr/testify/assert"
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
 )
 
 var (
@@ -58,7 +60,7 @@ func TestSaveSarifOutputOnlyForJasEntitled(t *testing.T) {
 			cleanUp := clientTests.SetEnvWithCallbackAndAssert(t, coreUtils.SummaryOutputDirPathEnv, tempDir)
 			defer cleanUp()
 
-			assert.NoError(t, RecordSarifOutput(createDummyJasResult(testCase.isJasEntitled), true, true, utils.GetAllSupportedScans()...))
+			assert.NoError(t, RecordSarifOutput(createDummyJasResult(testCase.isJasEntitled), &config.ServerDetails{Url: "https://url.com"}, true, true, utils.GetAllSupportedScans()...))
 			assert.Equal(t, testCase.isJasEntitled, hasFilesInDir(t, filepath.Join(tempDir, commandsummary.OutputDirName, "security", string(commandsummary.SarifReport))))
 		})
 	}