Get Extended value for SARIF record

Author: attiasas

commands/audit/sca/pnpm/pnpm.go

@@ -117,7 +117,7 @@ func installProjectIfNeeded(pnpmExecPath, workingDir string) (dirForDependencies
 		}
 	}()
 
-	// Exclude Visual Studio inner directorty since it is not neccessary for the scan process and may cause race condition. 
+	// Exclude Visual Studio inner directorty since it is not neccessary for the scan process and may cause race condition.
 	err = biutils.CopyDir(workingDir, dirForDependenciesCalculation, true, []string{sca.DotVsRepoSuffix})
 	if err != nil {
 		err = fmt.Errorf("failed copying project to temp dir: %w", err)

commands/audit/sca/python/python.go

@@ -94,7 +94,7 @@ func getDependencies(auditPython *AuditPython) (dependenciesGraph map[string][]s
 		)
 	}()
 
-	// Exclude Visual Studio inner directorty since it is not neccessary for the scan process and may cause race condition. 
+	// Exclude Visual Studio inner directorty since it is not neccessary for the scan process and may cause race condition.
 	err = biutils.CopyDir(wd, tempDirPath, true, []string{sca.DotVsRepoSuffix})
 	if err != nil {
 		return

go.mod

@@ -111,7 +111,8 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
+// eyalbe4:expose-checkExtendedSummaryEntitled
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyalbe4/jfrog-cli-core/v2 v2.31.1-0.20241103143946-b834dc94c11b
 
 // replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev
 

go.sum

@@ -60,6 +60,8 @@ github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcej
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
+github.com/eyalbe4/jfrog-cli-core/v2 v2.31.1-0.20241103143946-b834dc94c11b h1:OnxP1FB4rXh0FOFD3VQ3kGgeu7LV5KAE8I1SvMe1yZQ=
+github.com/eyalbe4/jfrog-cli-core/v2 v2.31.1-0.20241103143946-b834dc94c11b/go.mod h1:7oHMWVSnX+l9Pj3IkyibQrGnrdkBVD2bf1pBbUAgv/k=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/forPelevin/gomoji v1.2.0 h1:9k4WVSSkE1ARO/BWywxgEUBvR/jMnao6EZzrql5nxJ8=
@@ -130,8 +132,6 @@ github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s=
 github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-core/v2 v2.56.4 h1:LqByz2FmVTDQm/u2xGeTL6O8Hs9JadaTj3QMpel9ZwY=
-github.com/jfrog/jfrog-cli-core/v2 v2.56.4/go.mod h1:AwQ9WuOA64g3torX9K5kP0xFAAbchfRInhZwbufoW+Q=
 github.com/jfrog/jfrog-client-go v1.47.3 h1:99/JSSgU0rvnM2zWYos2n+Gz1IYLCUoIorE4Xco+Dew=
 github.com/jfrog/jfrog-client-go v1.47.3/go.mod h1:NepfaidmK/xiKsVC+0Ur9sANOqL6io8Y7pSaCau7J6o=
 github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=

utils/results/output/securityJobSummary.go

@@ -184,13 +184,17 @@ func RecordSecurityCommandSummary(content ScanCommandResultSummary) (err error)
 	return manager.Record(content)
 }
 
-func RecordSarifOutput(cmdResults *results.SecurityCommandResults, includeVulnerabilities, hasViolationContext bool, requestedScans ...utils.SubScanType) (err error) {
+func RecordSarifOutput(cmdResults *results.SecurityCommandResults, serverDetails *config.ServerDetails, includeVulnerabilities, hasViolationContext bool, requestedScans ...utils.SubScanType) (err error) {
 	// Verify if we should record the results
 	manager, err := getRecordManager()
 	if err != nil || manager == nil {
 		return
 	}
-	if !cmdResults.EntitledForJas || !commandsummary.StaticMarkdownConfig.IsExtendedSummary() {
+	extended, err := commandsummary.CheckExtendedSummaryEntitled(serverDetails.Url)
+	if err != nil {
+		return
+	}
+	if !cmdResults.EntitledForJas || !extended {
 		// If no JAS no GHAS
 		log.Info("Results can be uploaded to Github security tab automatically by upgrading your JFrog subscription.")
 		return