Add option to disable Jas scans (#776)

Author: attiasas

scanpullrequest/scanpullrequest.go

@@ -136,7 +136,8 @@ func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient,
 		SetFixableOnly(repoConfig.FixableOnly).
 		SetFailOnInstallationErrors(*repoConfig.FailOnSecurityIssues).
 		SetConfigProfile(repoConfig.ConfigProfile).
-		SetSkipAutoInstall(repoConfig.SkipAutoInstall)
+		SetSkipAutoInstall(repoConfig.SkipAutoInstall).
+		SetDisableJas(repoConfig.DisableJas)
 	if scanDetails, err = scanDetails.SetMinSeverity(repoConfig.MinSeverity); err != nil {
 		return
 	}

scanrepository/scanrepository.go

@@ -4,13 +4,14 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"github.com/go-git/go-git/v5"
-	biutils "github.com/jfrog/build-info-go/utils"
 	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
 
+	"github.com/go-git/go-git/v5"
+	biutils "github.com/jfrog/build-info-go/utils"
+
 	"github.com/jfrog/frogbot/v2/packagehandlers"
 	"github.com/jfrog/frogbot/v2/utils"
 	"github.com/jfrog/frogbot/v2/utils/outputwriter"
@@ -123,8 +124,8 @@ func (cfp *ScanRepositoryCmd) setCommandPrerequisites(repository *utils.Reposito
 		SetFailOnInstallationErrors(*repository.FailOnSecurityIssues).
 		SetFixableOnly(repository.FixableOnly).
 		SetSkipAutoInstall(repository.SkipAutoInstall).
-		SetFixableOnly(repository.FixableOnly).
-		SetAllowPartialResults(repository.AllowPartialResults)
+		SetAllowPartialResults(repository.AllowPartialResults).
+		SetDisableJas(repository.DisableJas)
 	if cfp.scanDetails, err = cfp.scanDetails.SetMinSeverity(repository.MinSeverity); err != nil {
 		return
 	}

utils/consts.go

@@ -61,6 +61,7 @@ const (
 	DepsRepoEnv                        = "JF_DEPS_REPO"
 	MinSeverityEnv                     = "JF_MIN_SEVERITY"
 	FixableOnlyEnv                     = "JF_FIXABLE_ONLY"
+	DisableJasEnv                      = "JF_DISABLE_ADVANCED_SECURITY"
 	DetectionOnlyEnv                   = "JF_SKIP_AUTOFIX"
 	AllowedLicensesEnv                 = "JF_ALLOWED_LICENSES"
 	SkipAutoInstallEnv                 = "JF_SKIP_AUTO_INSTALL"

utils/params.go

@@ -4,17 +4,18 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"github.com/jfrog/jfrog-cli-security/utils/techutils"
-	"github.com/jfrog/jfrog-cli-security/utils/xsc"
-	"github.com/jfrog/jfrog-client-go/xsc/services"
-	"golang.org/x/exp/slices"
 	"net/http"
 	"net/url"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 
+	"github.com/jfrog/jfrog-cli-security/utils/techutils"
+	"github.com/jfrog/jfrog-cli-security/utils/xsc"
+	"github.com/jfrog/jfrog-client-go/xsc/services"
+	"golang.org/x/exp/slices"
+
 	"github.com/jfrog/frogbot/v2/utils/outputwriter"
 	securityutils "github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-cli-security/utils/severityutils"
@@ -153,6 +154,7 @@ type Scan struct {
 	FailOnSecurityIssues            *bool     `yaml:"failOnSecurityIssues,omitempty"`
 	AvoidPreviousPrCommentsDeletion bool      `yaml:"avoidPreviousPrCommentsDeletion,omitempty"`
 	MinSeverity                     string    `yaml:"minSeverity,omitempty"`
+	DisableJas                      bool      `yaml:"disableJas,omitempty"`
 	AllowedLicenses                 []string  `yaml:"allowedLicenses,omitempty"`
 	Projects                        []Project `yaml:"projects,omitempty"`
 	EmailDetails                    `yaml:",inline"`
@@ -213,6 +215,11 @@ func (s *Scan) setDefaultsIfNeeded() (err error) {
 			return
 		}
 	}
+	if !s.DisableJas {
+		if s.DisableJas, err = getBoolEnv(DisableJasEnv, false); err != nil {
+			return
+		}
+	}
 	if !s.DetectionOnly {
 		if s.DetectionOnly, err = getBoolEnv(DetectionOnlyEnv, false); err != nil {
 			return

utils/params_test.go

@@ -4,12 +4,13 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/jfrog/jfrog-client-go/utils/tests"
-	"github.com/jfrog/jfrog-client-go/xsc/services"
 	"os"
 	"path/filepath"
 	"testing"
 
+	"github.com/jfrog/jfrog-client-go/utils/tests"
+	"github.com/jfrog/jfrog-client-go/xsc/services"
+
 	"github.com/jfrog/froggit-go/vcsclient"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 
@@ -166,6 +167,7 @@ func TestExtractAndAssertRepoParams(t *testing.T) {
 		GitEmailAuthorEnv:    "[email protected]",
 		MinSeverityEnv:       "high",
 		FixableOnlyEnv:       "true",
+		DisableJasEnv:        "true",
 		DetectionOnlyEnv:     "true",
 		AllowedLicensesEnv:   "MIT, Apache-2.0, ISC",
 		AvoidExtraMessages:   "true",
@@ -196,6 +198,7 @@ func TestExtractAndAssertRepoParams(t *testing.T) {
 		assert.Equal(t, "this is my branch {BRANCH_NAME_HASH}", templates.branchNameTemplate)
 		assert.Equal(t, "High", repo.MinSeverity)
 		assert.True(t, repo.FixableOnly)
+		assert.True(t, repo.DisableJas)
 		assert.True(t, repo.DetectionOnly)
 		assert.Equal(t, true, repo.AggregateFixes)
 		assert.Equal(t, "[email protected]", repo.EmailAuthor)
@@ -349,6 +352,7 @@ func TestGenerateConfigAggregatorFromEnv(t *testing.T) {
 		FailOnSecurityIssuesEnv:            "false",
 		MinSeverityEnv:                     "medium",
 		FixableOnlyEnv:                     "true",
+		DisableJasEnv:                      "true",
 		DetectionOnlyEnv:                   "true",
 		AllowedLicensesEnv:                 "MIT, Apache-2.0",
 		AvoidExtraMessages:                 "true",
@@ -392,6 +396,7 @@ func validateBuildRepoAggregator(t *testing.T, repo *Repository, gitParams *Git,
 	assert.Equal(t, false, *repo.FailOnSecurityIssues)
 	assert.Equal(t, "Medium", repo.MinSeverity)
 	assert.Equal(t, true, repo.FixableOnly)
+	assert.Equal(t, true, repo.DisableJas)
 	assert.Equal(t, true, repo.DetectionOnly)
 	assert.ElementsMatch(t, []string{"MIT", "Apache-2.0"}, repo.AllowedLicenses)
 	assert.Equal(t, gitParams.RepoOwner, repo.RepoOwner)

utils/scandetails.go

@@ -4,10 +4,11 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	clientservices "github.com/jfrog/jfrog-client-go/xsc/services"
 	"os"
 	"path/filepath"
 
+	clientservices "github.com/jfrog/jfrog-client-go/xsc/services"
+
 	"github.com/jfrog/froggit-go/vcsclient"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
@@ -28,6 +29,7 @@ type ScanDetails struct {
 	client                   vcsclient.VcsClient
 	failOnInstallationErrors bool
 	fixableOnly              bool
+	disableJas               bool
 	skipAutoInstall          bool
 	minSeverityFilter        severityutils.Severity
 	baseBranch               string
@@ -39,6 +41,11 @@ func NewScanDetails(client vcsclient.VcsClient, server *config.ServerDetails, gi
 	return &ScanDetails{client: client, ServerDetails: server, Git: git}
 }
 
+func (sc *ScanDetails) SetDisableJas(disable bool) *ScanDetails {
+	sc.disableJas = disable
+	return sc
+}
+
 func (sc *ScanDetails) SetFailOnInstallationErrors(toFail bool) *ScanDetails {
 	sc.failOnInstallationErrors = toFail
 	return sc
@@ -107,6 +114,10 @@ func (sc *ScanDetails) FixableOnly() bool {
 	return sc.fixableOnly
 }
 
+func (sc *ScanDetails) DisableJas() bool {
+	return sc.disableJas
+}
+
 func (sc *ScanDetails) MinSeverityFilter() severityutils.Severity {
 	return sc.minSeverityFilter
 }
@@ -174,10 +185,13 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *res
 		SetIgnoreConfigFile(true).
 		SetServerDetails(sc.ServerDetails).
 		SetInstallCommandName(sc.InstallCommandName).
-		SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true).
+		SetInstallCommandArgs(sc.InstallCommandArgs).
 		SetTechnologies(sc.GetTechFromInstallCmdIfExists()).
 		SetSkipAutoInstall(sc.skipAutoInstall).
-		SetAllowPartialResults(sc.allowPartialResults)
+		SetAllowPartialResults(sc.allowPartialResults).
+		SetExclusions(sc.PathExclusions).
+		SetIsRecursiveScan(sc.IsRecursiveScan).
+		SetUseJas(!sc.DisableJas())
 
 	auditParams := audit.NewAuditParams().
 		SetWorkingDirs(workDirs).
@@ -186,7 +200,6 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *res
 		SetGraphBasicParams(auditBasicParams).
 		SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()).
 		SetConfigProfile(sc.configProfile)
-	auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan)
 
 	auditResults, err = audit.RunAudit(auditParams)