Merge branch 'main' of https://github.com/Checkmarx/ast-cli into feature/ast-105749-sbom-scan

cx-hitesh-madgulkar · cx-hitesh-madgulkar · commit d21eeddffdfe · 2025-07-18T18:09:19.000+05:30
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -2,4 +2,4 @@
 # Each line is a file pattern followed by one or more owners
 
 # Specify the default owners for the entire repository
-*       @AlvoBen @greensd4 @miryamfoiferCX
+*       @cx-anurag-dalke
diff --git a/internal/commands/data/checkmarxIgnoredTempList.json b/internal/commands/data/checkmarxIgnoredTempList.json
@@ -2,6 +2,7 @@
   {
     "PackageManager": "npm",
     "PackageName": "coa",
-    "PackageVersion": "3.1.3"
+    "PackageVersion": "3.1.3",
+    "FilePath": "../../../commands/data/manifests/package.json"
   }
 ]
diff --git a/internal/commands/data/checkmarxIgnoredTempListCsproj.json b/internal/commands/data/checkmarxIgnoredTempListCsproj.json
@@ -2,6 +2,8 @@
   {
     "PackageManager": "nuget",
     "PackageName": "Microsoft.Extensions.Caching.Memory",
-    "PackageVersion": "6.0.3"
+    "PackageVersion": "6.0.3",
+    "FilePath": "../../../commands/data/manifests/test.csproj"
+
   }
 ]
diff --git a/internal/services/realtimeengine/ossrealtime/config.go b/internal/services/realtimeengine/ossrealtime/config.go
@@ -22,22 +22,23 @@ type OssPackageResults struct {
 	Packages []OssPackage `json:"Packages"`
 }
 
-func composeID(packageManager, packageName, packageVersion string) string {
-	return fmt.Sprintf("%s_%s_%s", packageManager, packageName, packageVersion)
+func composeID(packageManager, packageName, packageVersion, filePath string) string {
+	return fmt.Sprintf("%s_%s_%s_%s", packageManager, packageName, packageVersion, filePath)
 }
 
 func (p *OssPackage) GetID() string {
-	return composeID(p.PackageManager, p.PackageName, p.PackageVersion)
+	return composeID(p.PackageManager, p.PackageName, p.PackageVersion, p.FilePath)
 }
 
 type IgnoredPackage struct {
 	PackageManager string `json:"PackageManager"`
 	PackageName    string `json:"PackageName"`
 	PackageVersion string `json:"PackageVersion"`
+	FilePath       string `json:"FilePath"`
 }
 
 func (p IgnoredPackage) GetID() string {
-	return composeID(p.PackageManager, p.PackageName, p.PackageVersion)
+	return composeID(p.PackageManager, p.PackageName, p.PackageVersion, p.FilePath)
 }
 
 type Vulnerability struct {
diff --git a/internal/services/realtimeengine/ossrealtime/oss-realtime.go b/internal/services/realtimeengine/ossrealtime/oss-realtime.go
@@ -95,7 +95,9 @@ func (o *OssRealtimeService) RunOssRealtimeScan(filePath, ignoredFilePath string
 		ignoreMap := buildIgnoreMap(ignoredPkgs)
 		response.Packages = filterIgnoredPackages(response.Packages, ignoreMap)
 	}
-
+	for i := range response.Packages {
+		response.Packages[i].FilePath = filePath
+	}
 	return response, nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`	`{`
`3`	`3`	`"PackageManager": "npm",`
`4`	`4`	`"PackageName": "coa",`
`5`		`- "PackageVersion": "3.1.3"`
	`5`	`+ "PackageVersion": "3.1.3",`
	`6`	`+ "FilePath": "../../../commands/data/manifests/package.json"`
`6`	`7`	`}`
`7`	`8`	`]`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,8 @@`
`2`	`2`	`{`
`3`	`3`	`"PackageManager": "nuget",`
`4`	`4`	`"PackageName": "Microsoft.Extensions.Caching.Memory",`
`5`		`- "PackageVersion": "6.0.3"`
	`5`	`+ "PackageVersion": "6.0.3",`
	`6`	`+ "FilePath": "../../../commands/data/manifests/test.csproj"`
	`7`	`+`
`6`	`8`	`}`
`7`	`9`	`]`
Original file line number	Diff line number	Diff line change
`@@ -22,22 +22,23 @@ type OssPackageResults struct {`
`22`	`22`	Packages []OssPackage `json:"Packages"`
`23`	`23`	`}`
`24`	`24`
`25`		`-func composeID(packageManager, packageName, packageVersion string) string {`
`26`		`- return fmt.Sprintf("%s_%s_%s", packageManager, packageName, packageVersion)`
	`25`	`+func composeID(packageManager, packageName, packageVersion, filePath string) string {`
	`26`	`+ return fmt.Sprintf("%s_%s_%s_%s", packageManager, packageName, packageVersion, filePath)`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`func (p *OssPackage) GetID() string {`
`30`		`- return composeID(p.PackageManager, p.PackageName, p.PackageVersion)`
	`30`	`+ return composeID(p.PackageManager, p.PackageName, p.PackageVersion, p.FilePath)`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`type IgnoredPackage struct {`
`34`	`34`	PackageManager string `json:"PackageManager"`
`35`	`35`	PackageName string `json:"PackageName"`
`36`	`36`	PackageVersion string `json:"PackageVersion"`
	`37`	+ FilePath string `json:"FilePath"`
`37`	`38`	`}`
`38`	`39`
`39`	`40`	`func (p IgnoredPackage) GetID() string {`
`40`		`- return composeID(p.PackageManager, p.PackageName, p.PackageVersion)`
	`41`	`+ return composeID(p.PackageManager, p.PackageName, p.PackageVersion, p.FilePath)`
`41`	`42`	`}`
`42`	`43`
`43`	`44`	`type Vulnerability struct {`
Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,9 @@ func (o *OssRealtimeService) RunOssRealtimeScan(filePath, ignoredFilePath string`
`95`	`95`	`ignoreMap := buildIgnoreMap(ignoredPkgs)`
`96`	`96`	`response.Packages = filterIgnoredPackages(response.Packages, ignoreMap)`
`97`	`97`	`}`
`98`		`-`
	`98`	`+ for i := range response.Packages {`
	`99`	`+ response.Packages[i].FilePath = filePath`
	`100`	`+ }`
`99`	`101`	`return response, nil`
`100`	`102`	`}`
`101`	`103`