Merge remote-tracking branch 'upstream/dev' into static_sca_violations_remediations

attiasas · attiasas · commit 4c4a60a8de61 · 2025-11-02T13:35:50.000+02:00
diff --git a/cli/docs/flags.go b/cli/docs/flags.go
@@ -110,6 +110,7 @@ const (
 	MinSeverity         = "min-severity"
 	FixableOnly         = "fixable-only"
 	Rescan              = "rescan"
+	TriggerScanRetries  = "trigger-scan-retries"
 	Vuln                = "vuln"
 	buildPrefix         = "build-"
 	BuildVuln           = buildPrefix + Vuln
@@ -161,7 +162,7 @@ var commandFlags = map[string][]string{
 		url, user, password, accessToken, ServerId, Threads, InsecureTls,
 	},
 	BuildScan: {
-		url, user, password, accessToken, ServerId, scanProjectKey, BuildVuln, OutputFormat, Fail, ExtendedTable, Rescan, InsecureTls,
+		url, user, password, accessToken, ServerId, scanProjectKey, BuildVuln, OutputFormat, Fail, ExtendedTable, Rescan, InsecureTls, TriggerScanRetries,
 	},
 	DockerScan: {
 		url, xrayUrl, user, password, accessToken, ServerId, scanProjectKey, Watches, RepoPath, Licenses, Sbom, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, SecretValidation, InsecureTls,
@@ -257,6 +258,7 @@ var flagsMap = map[string]components.Flag{
 	MinSeverity:         components.NewStringFlag(MinSeverity, "Set the minimum severity of issues to display. Acceptable values: Low, Medium, High, or Critical."),
 	FixableOnly:         components.NewBoolFlag(FixableOnly, "Set to true if you wish to display issues that have a fix version only."),
 	Rescan:              components.NewBoolFlag(Rescan, "Set to true when scanning an already successfully scanned build, for example after adding an ignore rule."),
+	TriggerScanRetries:  components.NewStringFlag(TriggerScanRetries, "Number of retries for triggering the build scan in Xray in case of failure.", components.WithIntDefaultValue(12)), // 5 seconds * 12 = 1 minute
 	BuildVuln:           components.NewBoolFlag(Vuln, "Set to true if you'd like to receive all vulnerabilities, regardless of the policy configured in Xray. Ignored if provided 'format' is 'sarif'."),
 	ScanVuln:            components.NewBoolFlag(Vuln, "Set to true if you'd like to receive all vulnerabilities, regardless of the policy configured in Xray."),
 	InsecureTls:         components.NewBoolFlag(InsecureTls, "Set to true to skip TLS certificates verification."),
diff --git a/cli/scancommands.go b/cli/scancommands.go
@@ -353,6 +353,10 @@ func BuildScan(c *components.Context) error {
 	if err != nil {
 		return err
 	}
+	fetchRetries, err := c.GetIntFlagValue(flags.TriggerScanRetries)
+	if err != nil {
+		return err
+	}
 	if err = validateConnectionAndViolationContextInputs(c, serverDetails, format); err != nil {
 		return err
 	}
@@ -361,6 +365,7 @@ func BuildScan(c *components.Context) error {
 		// Sarif shouldn't include the additional all-vulnerabilities info that received by adding the vuln flag
 		SetIncludeVulnerabilities(getProject(c) == "" || (format != outputFormat.Sarif && c.GetBoolFlagValue(flags.Vuln))).
 		SetFailBuild(c.GetBoolFlagValue(flags.Fail)).
+		SetTriggerScanRetries(fetchRetries).
 		SetBuildConfiguration(buildConfiguration).
 		SetOutputFormat(format).
 		SetPrintExtendedTable(c.GetBoolFlagValue(flags.ExtendedTable)).
diff --git a/commands/scan/buildscan.go b/commands/scan/buildscan.go
@@ -33,6 +33,7 @@ type BuildScanCommand struct {
 	failBuild              bool
 	printExtendedTable     bool
 	rescan                 bool
+	triggerRetries         int
 }
 
 func NewBuildScanCommand() *BuildScanCommand {
@@ -78,6 +79,11 @@ func (bsc *BuildScanCommand) SetRescan(rescan bool) *BuildScanCommand {
 	return bsc
 }
 
+func (bsc *BuildScanCommand) SetTriggerScanRetries(triggerRetries int) *BuildScanCommand {
+	bsc.triggerRetries = triggerRetries
+	return bsc
+}
+
 // Scan published builds with Xray
 func (bsc *BuildScanCommand) Run() (err error) {
 	xrayManager, xrayVersion, err := xrayutils.CreateXrayServiceManagerAndGetVersion(bsc.serverDetails, xrayutils.WithScopedProjectKey(bsc.buildConfiguration.GetProject()))
@@ -121,7 +127,7 @@ func (bsc *BuildScanCommand) Run() (err error) {
 }
 
 func (bsc *BuildScanCommand) runBuildScanAndPrintResults(xrayManager *xray.XrayServicesManager, xrayVersion string, params services.XrayBuildParams) (isFailBuildResponse bool, err error) {
-	buildScanResults, noFailBuildPolicy, err := xrayManager.BuildScan(params, bsc.includeVulnerabilities)
+	buildScanResults, noFailBuildPolicy, err := xrayManager.BuildScan(params, bsc.includeVulnerabilities, bsc.triggerRetries)
 	if err != nil {
 		return false, err
 	}
diff --git a/go.mod b/go.mod
@@ -14,13 +14,13 @@ require (
 	github.com/gookit/color v1.6.0
 	github.com/hashicorp/go-hclog v1.6.3
 	github.com/hashicorp/go-plugin v1.6.3
-	github.com/jfrog/build-info-go v1.12.0
+	github.com/jfrog/build-info-go v1.12.1
 	github.com/jfrog/froggit-go v1.20.4
 	github.com/jfrog/gofrog v1.7.6
 	github.com/jfrog/jfrog-apps-config v1.0.1
 	github.com/jfrog/jfrog-cli-artifactory v0.7.3-0.20251021143342-49bab7f38cec
 	github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20251023084247-a56afca52451
-	github.com/jfrog/jfrog-client-go v1.55.1-0.20251023073119-78f187c9afbf
+	github.com/jfrog/jfrog-client-go v1.55.1-0.20251030113529-d87ecf28ffb6
 	github.com/magiconair/properties v1.8.10
 	github.com/owenrumney/go-sarif/v3 v3.2.3
 	github.com/package-url/packageurl-go v0.1.3
diff --git a/go.sum b/go.sum
@@ -130,8 +130,8 @@ github.com/jedib0t/go-pretty/v6 v6.6.8 h1:JnnzQeRz2bACBobIaa/r+nqjvws4yEhcmaZ4n1
 github.com/jedib0t/go-pretty/v6 v6.6.8/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU=
 github.com/jfrog/archiver/v3 v3.6.1 h1:LOxnkw9pOn45DzCbZNFV6K0+6dCsQ0L8mR3ZcujO5eI=
 github.com/jfrog/archiver/v3 v3.6.1/go.mod h1:VgR+3WZS4N+i9FaDwLZbq+jeU4B4zctXL+gL4EMzfLw=
-github.com/jfrog/build-info-go v1.12.0 h1:/abBQdIxrkYjOwO79sIL0p+XPnMCCtKhiWToHKXXqHg=
-github.com/jfrog/build-info-go v1.12.0/go.mod h1:szdz9+WzB7+7PGnILLUgyY+OF5qD5geBT7UGNIxibyw=
+github.com/jfrog/build-info-go v1.12.1 h1:pXyx2F3MzrdbLPhYU8om+RHl87yEDYW+UwAUw3f40fQ=
+github.com/jfrog/build-info-go v1.12.1/go.mod h1:szdz9+WzB7+7PGnILLUgyY+OF5qD5geBT7UGNIxibyw=
 github.com/jfrog/froggit-go v1.20.4 h1:N9XkNV00HNjpI8p6xXlF9DrWmvE9hz3z2XRDAYJDweQ=
 github.com/jfrog/froggit-go v1.20.4/go.mod h1:obSG1SlsWjktkuqmKtpq7MNTTL63e0ot+ucTnlOMV88=
 github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s=

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ type BuildScanCommand struct {`
`33`	`33`	`failBuild bool`
`34`	`34`	`printExtendedTable bool`
`35`	`35`	`rescan bool`
	`36`	`+ triggerRetries int`
`36`	`37`	`}`
`37`	`38`
`38`	`39`	`func NewBuildScanCommand() *BuildScanCommand {`
`@@ -78,6 +79,11 @@ func (bsc BuildScanCommand) SetRescan(rescan bool) BuildScanCommand {`
`78`	`79`	`return bsc`
`79`	`80`	`}`
`80`	`81`
	`82`	`+func (bsc BuildScanCommand) SetTriggerScanRetries(triggerRetries int) BuildScanCommand {`
	`83`	`+ bsc.triggerRetries = triggerRetries`
	`84`	`+ return bsc`
	`85`	`+}`
	`86`	`+`
`81`	`87`	`// Scan published builds with Xray`
`82`	`88`	`func (bsc *BuildScanCommand) Run() (err error) {`
`83`	`89`	`xrayManager, xrayVersion, err := xrayutils.CreateXrayServiceManagerAndGetVersion(bsc.serverDetails, xrayutils.WithScopedProjectKey(bsc.buildConfiguration.GetProject()))`
`@@ -121,7 +127,7 @@ func (bsc *BuildScanCommand) Run() (err error) {`
`121`	`127`	`}`
`122`	`128`
`123`	`129`	`func (bsc BuildScanCommand) runBuildScanAndPrintResults(xrayManager xray.XrayServicesManager, xrayVersion string, params services.XrayBuildParams) (isFailBuildResponse bool, err error) {`
`124`		`- buildScanResults, noFailBuildPolicy, err := xrayManager.BuildScan(params, bsc.includeVulnerabilities)`
	`130`	`+ buildScanResults, noFailBuildPolicy, err := xrayManager.BuildScan(params, bsc.includeVulnerabilities, bsc.triggerRetries)`
`125`	`131`	`if err != nil {`
`126`	`132`	`return false, err`
`127`	`133`	`}`