Merge remote-tracking branch 'upstream/dev' into always_relative_path

Author: attiasas

.github/actions/install-and-setup/action.yml

@@ -12,7 +12,7 @@ runs:
   steps:
     # Install dependencies
     - name: Setup Go
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@v6
       with:
         go-version: 1.24.x
     # - name: Setup Go with cache
@@ -27,21 +27,21 @@ runs:
       run: gem install cocoapods
 
     - name: Install npm
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@v6
       with:
         node-version: "16"
     - name: Setup Pnpm
-      uses: pnpm/action-setup@v3
+      uses: pnpm/action-setup@v4
       with:
         version: 8
 
     - name: Install Java
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: "11"
         distribution: "adopt"
     - name: Setup Gradle
-      uses: gradle/gradle-build-action@v2
+      uses: gradle/actions/setup-gradle@v3
       with:
         gradle-version: 7.6
 
@@ -50,7 +50,7 @@ runs:
       with:
         nuget-version: 6.11.0
     - name: Install dotnet
-      uses: actions/setup-dotnet@v4
+      uses: actions/setup-dotnet@v5
       with:
         dotnet-version: '6.x'
 
@@ -72,7 +72,7 @@ runs:
       shell: 'bash'
 
     - name: Setup Python3
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version: "3.x"
     - name: Setup Pipenv
@@ -87,21 +87,16 @@ runs:
         conan profile detect
       shell: ${{ runner.os == 'Windows' && 'powershell' || 'bash' }}
 
-    - name: Install Swift on Linux
-      uses: swift-actions/setup-swift@v2
-      if: ${{ inputs.install-swift == 'true' && runner.os == 'Linux'}}
-
-    - name: Install Swift on MacOS
-      run: brew install swift
-      shell: ${{ runner.os == 'macOS' && 'sh' || 'bash' || 'pwsh' }}
-      if: ${{ inputs.install-swift == 'true' && runner.os == 'macOS'}}
+    - name: Install Swift on Linux and macOS
+      uses: SwiftyLab/setup-swift@latest
+      if: ${{ inputs.install-swift == 'true' && (runner.os == 'Linux' || runner.os == 'macOS') }}
 
     - name: Install Swift on Windows
       uses: compnerd/[email protected]
       with:
         branch: swift-6.1-release
         tag: 6.1-RELEASE
-      if: ${{ inputs.install-swift == 'true' && runner.os == 'Windows'}}
+      if: ${{ inputs.install-swift == 'true' && runner.os == 'Windows' }}
 
     # Ensure Java 11 remains active after all installations (Swift setup might override it)
     - name: Force Java 11 on Windows

.github/workflows/analysis.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ${{ matrix.os }}-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Go with cache
         uses: jfrog/.github/actions/install-go-with-cache@main
@@ -48,7 +48,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Go with cache
         uses: jfrog/.github/actions/install-go-with-cache@main
@@ -60,7 +60,7 @@ jobs:
     name: Spell Check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Check spelling
         uses: crate-ci/typos@master

.github/workflows/cla.yml

@@ -19,7 +19,7 @@ jobs:
       - name: "CLA Assistant"
         if: ${{ steps.sign-or-recheck.outputs.match != '' || github.event_name == 'pull_request_target' }}
         # Alpha Release
-        uses: cla-assistant/[email protected].0
+        uses: cla-assistant/[email protected].1
         env:
           # Generated and maintained by GitHub
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/embedded-jar-test.yml

@@ -15,7 +15,7 @@ jobs:
     env:
       GOPROXY: direct
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Download JARs
         run: buildscripts/download-jars.sh

.github/workflows/test.yml

@@ -3,6 +3,7 @@ name: JFrog CLI Security Tests
 permissions:
   actions: read
   contents: read
+  pull-requests: write
 
 on:
   push:
@@ -33,17 +34,17 @@ jobs:
     if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
       - name: Remove 'safe to test' label
         uses: actions-ecosystem/action-remove-labels@v1
         if: ${{ github.event_name != 'push' }}
         with:
           labels: "safe to test"
 
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
       - name: Start FastCI Optimization
         uses: jfrog-fastci/fastci@main
         with:
@@ -69,7 +70,7 @@ jobs:
     steps:
       # Prepare the environment
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -122,7 +123,7 @@ jobs:
     steps:
       # Prepare the environment
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -153,7 +154,7 @@ jobs:
     steps:
       # Prepare the environment
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -182,7 +183,7 @@ jobs:
     steps:
       # Prepare the environment
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Start FastCI Optimization
@@ -209,7 +210,7 @@ jobs:
     steps:
       # Prepare the environment
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Start FastCI Optimization
@@ -236,7 +237,7 @@ jobs:
     steps:
       # Prepare the environment
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -265,7 +266,7 @@ jobs:
     steps:
       # Prepare the environment
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -294,7 +295,7 @@ jobs:
     steps:
       # Prepare the environment
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -323,7 +324,7 @@ jobs:
     steps:
       # Prepare the environment
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 

artifactory_test.go

@@ -23,7 +23,6 @@ import (
 	"github.com/jfrog/jfrog-cli-security/jas"
 	securityTests "github.com/jfrog/jfrog-cli-security/tests"
 	securityTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils"
-	"github.com/jfrog/jfrog-cli-security/tests/utils/integration"
 	securityIntegrationTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils/integration"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-cli-security/utils/artifactory"
@@ -49,6 +48,7 @@ func TestDependencyResolutionFromArtifactory(t *testing.T) {
 		resolveRepoName string
 		cacheRepoName   string
 		projectType     project.ProjectType
+		skipMsg         string
 	}{
 		{
 			testProjectPath: []string{"npm", "npm-no-lock"},
@@ -61,6 +61,7 @@ func TestDependencyResolutionFromArtifactory(t *testing.T) {
 			resolveRepoName: securityTests.NugetRemoteRepo,
 			cacheRepoName:   securityTests.NugetRemoteRepo,
 			projectType:     project.Dotnet,
+			skipMsg:         "Dotnet restore fails, pending fix XRAY-128186",
 		},
 		{
 			testProjectPath: []string{"yarn", "yarn-v2"},
@@ -85,6 +86,7 @@ func TestDependencyResolutionFromArtifactory(t *testing.T) {
 			resolveRepoName: securityTests.MvnVirtualRepo,
 			cacheRepoName:   securityTests.MvnRemoteRepo,
 			projectType:     project.Maven,
+			skipMsg:         "Snapshot repository is blocked by JPD, pending fix XRAY-124910",
 		},
 		{
 			testProjectPath: []string{"go", "simple-project"},
@@ -116,6 +118,9 @@ func TestDependencyResolutionFromArtifactory(t *testing.T) {
 
 	for _, testCase := range testCases {
 		t.Run(testCase.projectType.String(), func(t *testing.T) {
+			if testCase.skipMsg != "" {
+				securityTestUtils.SkipTestIfDurationNotPassed(t, "22-10-2025", 30, testCase.skipMsg)
+			}
 			testSingleTechDependencyResolution(t, testCase.testProjectPath, testCase.resolveRepoName, testCase.cacheRepoName, testCase.projectType)
 		})
 	}
@@ -289,7 +294,7 @@ func TestUploadCdxCmdCommand(t *testing.T) {
 	}
 	defer securityIntegrationTestUtils.ExecDeleteRepo(repoPath)
 	// Run the upload command
-	assert.NoError(t, integration.GetArtifactoryCli(cli.GetJfrogCliSecurityApp()).Exec("upload-cdx", "--rt-repo-path", repoPath, cdxFileToUpload))
+	assert.NoError(t, securityIntegrationTestUtils.GetArtifactoryCli(cli.GetJfrogCliSecurityApp()).Exec("upload-cdx", "--rt-repo-path", repoPath, cdxFileToUpload))
 
 	// Validate the file was uploaded successfully
 	searchResults, err := artifactory.SearchArtifactsInRepo(securityTests.RtDetails, filepath.Base(cdxFileToUpload), repoPath)

buildscripts/download-jars.sh

@@ -7,7 +7,7 @@
 # https://github.com/jfrog/maven-dep-tree
 
 # Once you have updated the versions mentioned below, please execute this script from the root directory of the jfrog-cli-core to ensure the JAR files are updated.
-GRADLE_DEP_TREE_VERSION="3.0.4"
+GRADLE_DEP_TREE_VERSION="3.1.0"
 # Changing this version also requires a change in mavenDepTreeVersion within utils/java/mvn.go.
 MAVEN_DEP_TREE_VERSION="1.1.5"
 

cli/docs/flags.go

@@ -163,7 +163,7 @@ var commandFlags = map[string][]string{
 		url, user, password, accessToken, ServerId, scanProjectKey, BuildVuln, OutputFormat, Fail, ExtendedTable, Rescan, InsecureTls,
 	},
 	DockerScan: {
-		ServerId, scanProjectKey, Watches, RepoPath, Licenses, Sbom, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, SecretValidation, InsecureTls,
+		url, xrayUrl, user, password, accessToken, ServerId, scanProjectKey, Watches, RepoPath, Licenses, Sbom, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, SecretValidation, InsecureTls,
 	},
 	Audit: {
 		url, xrayUrl, user, password, accessToken, ServerId, InsecureTls, scanProjectKey, Watches, RepoPath, Sbom, Licenses, OutputFormat, ExcludeTestDeps,

cli/gitcommands.go

@@ -87,7 +87,7 @@ func GitAuditCmd(c *components.Context) error {
 	sbomGenerator, scaScanStrategy := getScanDynamicLogic(c)
 	gitAuditCmd.SetSbomGenerator(sbomGenerator).SetScaScanStrategy(scaScanStrategy)
 	// Run the command with progress bar if needed, Reporting error if Xsc service is enabled
-	return reportErrorIfExists(xrayVersion, xscVersion, serverDetails, progressbar.ExecWithProgress(gitAuditCmd))
+	return reportErrorIfExists(xrayVersion, xscVersion, serverDetails, gitAuditCmd.GetProjectKey(), progressbar.ExecWithProgress(gitAuditCmd))
 }
 
 func GetCountContributorsParams(c *components.Context) (*contributors.CountContributorsParams, error) {

cli/scancommands.go

@@ -413,7 +413,7 @@ func AuditCmd(c *components.Context) error {
 	}
 	auditCmd.SetThreads(threads)
 	// Reporting error if Xsc service is enabled
-	return reportErrorIfExists(xrayVersion, xscVersion, serverDetails, progressbar.ExecWithProgress(auditCmd))
+	return reportErrorIfExists(xrayVersion, xscVersion, serverDetails, auditCmd.GetProjectKey(), progressbar.ExecWithProgress(auditCmd))
 }
 
 func CreateAuditCmd(c *components.Context) (string, string, *coreConfig.ServerDetails, *audit.AuditCommand, error) {
@@ -507,7 +507,7 @@ func AuditSpecificCmd(c *components.Context, technology techutils.Technology) er
 	technologies := []string{string(technology)}
 	auditCmd.SetTechnologies(technologies)
 	// Reporting error if Xsc service is enabled
-	return reportErrorIfExists(xrayVersion, xscVersion, serverDetails, progressbar.ExecWithProgress(auditCmd))
+	return reportErrorIfExists(xrayVersion, xscVersion, serverDetails, auditCmd.GetProjectKey(), progressbar.ExecWithProgress(auditCmd))
 }
 
 func CurationCmd(c *components.Context) error {