Merge remote-tracking branch 'upstream/dev' into pr/eranturgeman/241

Author: attiasas

cli/scancommands.go

@@ -206,7 +206,7 @@ func ScanCmd(c *components.Context) error {
 	if err != nil {
 		return err
 	}
-	xrayVersion, xscVersion, err := GetJfrogServicesVersion(serverDetails)
+	xrayVersion, xscVersion, err := xsc.GetJfrogServicesVersion(serverDetails)
 	if err != nil {
 		return err
 	}
@@ -453,7 +453,7 @@ func CreateAuditCmd(c *components.Context) (string, string, *coreConfig.ServerDe
 	if err != nil {
 		return "", "", nil, nil, err
 	}
-	xrayVersion, xscVersion, err := GetJfrogServicesVersion(serverDetails)
+	xrayVersion, xscVersion, err := xsc.GetJfrogServicesVersion(serverDetails)
 	if err != nil {
 		return "", "", nil, nil, err
 	}
@@ -715,7 +715,7 @@ func DockerScan(c *components.Context, image string) error {
 	if err != nil {
 		return err
 	}
-	xrayVersion, xscVersion, err := GetJfrogServicesVersion(serverDetails)
+	xrayVersion, xscVersion, err := xsc.GetJfrogServicesVersion(serverDetails)
 	if err != nil {
 		return err
 	}
@@ -749,26 +749,3 @@ func DockerScan(c *components.Context, image string) error {
 	}
 	return progressbar.ExecWithProgress(containerScanCommand)
 }
-
-func GetJfrogServicesVersion(serverDetails *coreConfig.ServerDetails) (xrayVersion, xscVersion string, err error) {
-	xrayManager, err := xray.CreateXrayServiceManager(serverDetails)
-	if err != nil {
-		return
-	}
-	xrayVersion, err = xrayManager.GetVersion()
-	if err != nil {
-		return
-	}
-	log.Debug("Xray version: " + xrayVersion)
-	xscService, err := xsc.CreateXscService(xrayVersion, serverDetails)
-	if err != nil {
-		return
-	}
-	xscVersion, e := xscService.GetVersion()
-	if e != nil {
-		log.Debug("Using Xray: " + e.Error())
-		return
-	}
-	log.Debug("XSC version: " + xscVersion)
-	return
-}

commands/enrich/enrich.go

@@ -1,10 +1,10 @@
 package enrich
 
 import (
-	"encoding/json"
 	"encoding/xml"
 	"errors"
 	"fmt"
+	"github.com/jfrog/jfrog-cli-security/utils/results/output"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -18,7 +18,6 @@ import (
 	"github.com/jfrog/jfrog-cli-security/commands/enrich/enrichgraph"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-cli-security/utils/results"
-	"github.com/jfrog/jfrog-cli-security/utils/results/output"
 	"github.com/jfrog/jfrog-cli-security/utils/techutils"
 	"github.com/jfrog/jfrog-cli-security/utils/xray"
 	"github.com/jfrog/jfrog-client-go/artifactory/services/fspatterns"
@@ -28,6 +27,7 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/jfrog/jfrog-client-go/xray/services"
+	orderedJson "github.com/virtuald/go-ordered-json"
 )
 
 type FileContext func(string) parallel.TaskFunc
@@ -76,8 +76,8 @@ func AppendVulnsToJson(cmdResults *results.SecurityCommandResults) error {
 	if err != nil {
 		return fmt.Errorf("error reading file: %s", err.Error())
 	}
-	var data map[string]interface{}
-	err = json.Unmarshal(fileContent, &data)
+	var data orderedJson.OrderedObject
+	err = orderedJson.Unmarshal(fileContent, &data)
 	if err != nil {
 		return fmt.Errorf("error parsing JSON: %s", err.Error())
 	}
@@ -94,7 +94,7 @@ func AppendVulnsToJson(cmdResults *results.SecurityCommandResults) error {
 			vulnerabilities = append(vulnerabilities, vulnerability)
 		}
 	}
-	data["vulnerabilities"] = vulnerabilities
+	data = append(data, orderedJson.Member{Key: "vulnerabilities", Value: vulnerabilities})
 	return output.PrintJson(data)
 }
 

commands/scan/scan.go

@@ -26,6 +26,7 @@ import (
 	"github.com/jfrog/jfrog-cli-security/utils/techutils"
 	"github.com/jfrog/jfrog-cli-security/utils/xray"
 	"github.com/jfrog/jfrog-cli-security/utils/xray/scangraph"
+	"github.com/jfrog/jfrog-cli-security/utils/xsc"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"golang.org/x/sync/errgroup"
 
@@ -624,5 +625,9 @@ func directDepsListFromVulnerabilities(scanResult ...services.ScanResponse) *[]s
 }
 
 func ConditionalUploadDefaultScanFunc(serverDetails *config.ServerDetails, fileSpec *spec.SpecFiles, threads int, scanOutputFormat format.OutputFormat) error {
-	return NewScanCommand().SetServerDetails(serverDetails).SetSpec(fileSpec).SetThreads(threads).SetOutputFormat(scanOutputFormat).SetFail(true).SetPrintExtendedTable(false).Run()
+	xrayVersion, xscVersion, err := xsc.GetJfrogServicesVersion(serverDetails)
+	if err != nil {
+		return err
+	}
+	return NewScanCommand().SetServerDetails(serverDetails).SetXrayVersion(xrayVersion).SetXscVersion(xscVersion).SetSpec(fileSpec).SetThreads(threads).SetOutputFormat(scanOutputFormat).SetFail(true).SetPrintExtendedTable(false).Run()
 }

go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/owenrumney/go-sarif/v2 v2.3.0
 	github.com/stretchr/testify v1.9.0
 	github.com/urfave/cli v1.22.16
+	github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74
 	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
 	golang.org/x/sync v0.10.0
 	golang.org/x/text v0.21.0

go.sum

@@ -257,6 +257,8 @@ github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ=
 github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po=
 github.com/vbauerster/mpb/v8 v8.8.3 h1:dTOByGoqwaTJYPubhVz3lO5O6MK553XVgUo33LdnNsQ=
 github.com/vbauerster/mpb/v8 v8.8.3/go.mod h1:JfCCrtcMsJwP6ZwMn9e5LMnNyp3TVNpUWWkN+nd4EWk=
+github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo=
+github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
 github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc=

utils/results/output/resultwriter.go

@@ -106,12 +106,17 @@ func (rw *ResultsWriter) PrintScanResults() error {
 		// Don't print if there are no results and only errors.
 		return nil
 	}
+	// Helper for Debugging purposes, print the raw results to the log
+	if err := rw.printRawResultsLog(); err != nil {
+		return err
+	}
+
 	switch rw.format {
 	case format.Table:
 		return rw.printTables()
 	case format.SimpleJson:
 		// Helper for Debugging purposes, print the raw results to the log
-		if err := rw.printOrSaveRawResults(false); err != nil {
+		if err := rw.printRawResultsLog(); err != nil {
 			return err
 		}
 		simpleJson, err := rw.createResultsConvertor(false).ConvertToSimpleJson(rw.commandResults)
@@ -123,7 +128,7 @@ func (rw *ResultsWriter) PrintScanResults() error {
 		return PrintJson(rw.commandResults.GetScaScansXrayResults())
 	case format.Sarif:
 		// Helper for Debugging purposes, print the raw results to the log
-		if err := rw.printOrSaveRawResults(false); err != nil {
+		if err := rw.printRawResultsLog(); err != nil {
 			return err
 		}
 		return rw.printSarif()
@@ -166,22 +171,12 @@ func PrintJson(output interface{}) (err error) {
 	return nil
 }
 
-// If "CI" env var is true, print raw JSON of the results. Otherwise, save it as a file and print a link to it.
-// If printMsg is true, print it to the console. Otherwise, print the message to the log.
-func (rw *ResultsWriter) printOrSaveRawResults(printMsg bool) (err error) {
+// Log (Debug) the inner results.SecurityCommandResults object object as a JSON string.
+func (rw *ResultsWriter) printRawResultsLog() (err error) {
 	if !rw.commandResults.HasInformation() {
 		log.Debug("No information to print")
 		return
 	}
-	if printMsg && !utils.IsCI() {
-		// Save the results to a file and print a link to it.
-		var resultsPath string
-		if resultsPath, err = WriteJsonResults(rw.commandResults); err != nil {
-			return
-		}
-		printMessage(coreutils.PrintTitle("The full scan results are available here: ") + coreutils.PrintLink(resultsPath))
-		return
-	}
 	// Print the raw results to console.
 	var msg string
 	if msg, err = utils.GetAsJsonString(rw.commandResults, false, true); err != nil {
@@ -198,9 +193,6 @@ func (rw *ResultsWriter) printTables() (err error) {
 		return
 	}
 	printMessages(rw.messages)
-	if err = rw.printOrSaveRawResults(true); err != nil {
-		return
-	}
 	if utils.IsScanRequested(rw.commandResults.CmdType, utils.ScaScan, rw.subScansPerformed...) {
 		if rw.hasViolationContext {
 			if err = PrintViolationsTable(tableContent, rw.commandResults.CmdType, rw.printExtended); err != nil {

utils/utils.go

@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	orderedJson "github.com/virtuald/go-ordered-json"
 	"os"
 	"path/filepath"
 	"strings"
@@ -136,7 +137,7 @@ func UniqueUnion[T comparable](arr []T, elements ...T) []T {
 
 func GetAsJsonBytes(output interface{}, escapeValues, indent bool) (results []byte, err error) {
 	if escapeValues {
-		if results, err = json.Marshal(output); errorutils.CheckError(err) != nil {
+		if results, err = orderedJson.Marshal(output); errorutils.CheckError(err) != nil {
 			return
 		}
 	} else {

utils/xsc/xscmanager.go

@@ -4,6 +4,7 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	clientconfig "github.com/jfrog/jfrog-client-go/config"
+	"github.com/jfrog/jfrog-client-go/utils/log"
 	xscservices "github.com/jfrog/jfrog-client-go/xray/services/xsc"
 	"github.com/jfrog/jfrog-client-go/xsc"
 	xscservicesutils "github.com/jfrog/jfrog-client-go/xsc/services/utils"
@@ -47,3 +48,26 @@ func createDeprecatedXscServiceManager(serviceDetails *config.ServerDetails) (*x
 	}
 	return xsc.New(serviceConfig)
 }
+
+func GetJfrogServicesVersion(serverDetails *config.ServerDetails) (xrayVersion, xscVersion string, err error) {
+	xrayManager, err := xray.CreateXrayServiceManager(serverDetails)
+	if err != nil {
+		return
+	}
+	xrayVersion, err = xrayManager.GetVersion()
+	if err != nil {
+		return
+	}
+	log.Debug("Xray version: " + xrayVersion)
+	xscService, err := CreateXscService(xrayVersion, serverDetails)
+	if err != nil {
+		return
+	}
+	xscVersion, e := xscService.GetVersion()
+	if e != nil {
+		log.Debug("Using Xray: " + e.Error())
+		return
+	}
+	log.Debug("XSC version: " + xscVersion)
+	return
+}