Add options for binary commands to pass output dir (jfrog#656)

Author: attiasas

cli/docs/flags.go

@@ -176,7 +176,7 @@ var commandFlags = map[string][]string{
 	XrScan: {
 		Url, XrayUrl, user, password, accessToken, ServerId, SpecFlag, Threads, scanRecursive, scanRegexp, scanAnt,
 		scanProjectKey, Watches, RepoPath, Licenses, Sbom, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, InsecureTls,
-		binarySca, binarySecrets, binaryWithoutCA, SecretValidation,
+		binarySca, binarySecrets, binaryWithoutCA, SecretValidation, OutputDir,
 	},
 	Enrich: {
 		Url, XrayUrl, user, password, accessToken, ServerId, Threads, InsecureTls,
@@ -189,7 +189,7 @@ var commandFlags = map[string][]string{
 	},
 	DockerScan: {
 		Url, XrayUrl, user, password, accessToken, ServerId, scanProjectKey, Watches, RepoPath, Licenses, Sbom, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, InsecureTls,
-		binarySca, binarySecrets, binaryWithoutCA, SecretValidation,
+		binarySca, binarySecrets, binaryWithoutCA, SecretValidation, OutputDir,
 	},
 	Audit: {
 		Url, XrayUrl, user, password, accessToken, ServerId, InsecureTls, scanProjectKey, Watches, RepoPath, Sbom, Licenses, OutputFormat, ExcludeTestDeps,

cli/scancommands.go

@@ -332,6 +332,7 @@ func ScanCmd(c *components.Context) error {
 		SetThreads(threads).
 		SetSpec(specFile).
 		SetOutputFormat(format).
+		SetOutputDir(c.GetStringFlagValue(flags.OutputDir)).
 		SetProject(getProject(c)).
 		SetBaseRepoPath(repoPath).
 		SetIncludeVulnerabilities(c.GetBoolFlagValue(flags.Vuln) || shouldIncludeVulnerabilities(c)).
@@ -778,6 +779,7 @@ func DockerScan(c *components.Context, image string) error {
 		SetXrayVersion(xrayVersion).
 		SetXscVersion(xscVersion).
 		SetOutputFormat(format).
+		SetOutputDir(c.GetStringFlagValue(flags.OutputDir)).
 		SetProject(getProject(c)).
 		SetBaseRepoPath(addTrailingSlashToRepoPathIfNeeded(c)).
 		SetIncludeVulnerabilities(c.GetBoolFlagValue(flags.Vuln) || shouldIncludeVulnerabilities(c)).

commands/scan/scan.go

@@ -63,6 +63,7 @@ type ScanCommand struct {
 	threads       int
 	// The location of the downloaded Xray indexer binary on the local file system.
 	outputFormat        format.OutputFormat
+	outputDir           string
 	minSeverityFilter   severityutils.Severity
 	fail                bool
 	printExtendedTable  bool
@@ -124,6 +125,11 @@ func (scanCmd *ScanCommand) SetThreads(threads int) *ScanCommand {
 	return scanCmd
 }
 
+func (scanCmd *ScanCommand) SetOutputDir(outputDir string) *ScanCommand {
+	scanCmd.outputDir = outputDir
+	return scanCmd
+}
+
 func (scanCmd *ScanCommand) SetOutputFormat(format format.OutputFormat) *ScanCommand {
 	scanCmd.outputFormat = format
 	return scanCmd
@@ -248,6 +254,7 @@ func (scanCmd *ScanCommand) RunAndRecordResults(cmdType utils.CommandType, recor
 
 	if err = output.NewResultsWriter(cmdResults).
 		SetOutputFormat(scanCmd.outputFormat).
+		SetOutputDir(scanCmd.outputDir).
 		SetPlatformUrl(scanCmd.serverDetails.Url).
 		SetPrintExtendedTable(scanCmd.printExtendedTable).
 		SetSubScansPerformed(scanCmd.scansToPerform).
@@ -517,6 +524,13 @@ func (scanCmd *ScanCommand) RunBinaryScaScan(fileTarget string, cmdResults *resu
 	}
 	targetResults.ScaScanResults(scan.GetScaScansStatusCode(err, *graphScanResults), *graphScanResults)
 	targetResults.Technology = techutils.ToTechnology(graphScanResults.ScannedPackageType)
+	// Dump scan response if requested
+	if scanCmd.outputDir == "" {
+		return
+	}
+	if e := scan.DumpScanResponseToFileIfNeeded(*graphScanResults, scanCmd.outputDir, utils.ScaScan, scanThreadId); e != nil {
+		log.Warn(fmt.Sprintf(clientutils.GetLogMsgPrefix(scanThreadId, false)+"Failed to dump SCA scan results for target %s: %s", targetResults.Target, e.Error()))
+	}
 	return
 }
 
@@ -574,11 +588,12 @@ func (scanCmd *ScanCommand) RunBinaryJasScans(cmdType utils.CommandType, msi str
 	}
 	log.Debug(fmt.Sprintf("Using analyzer manager executable at: %s", scanner.AnalyzerManager.AnalyzerManagerFullPath))
 	jasParams := runner.JasRunnerParams{
-		Runner:         jasFileProducerConsumer,
-		ServerDetails:  scanCmd.serverDetails,
-		Scanner:        scanner,
-		Module:         module,
-		ScansToPerform: scanCmd.scansToPerform,
+		Runner:          jasFileProducerConsumer,
+		ServerDetails:   scanCmd.serverDetails,
+		Scanner:         scanner,
+		Module:          module,
+		TargetOutputDir: scanCmd.outputDir,
+		ScansToPerform:  scanCmd.scansToPerform,
 		CvesProvider: func() (directCves []string, indirectCves []string) {
 			if graphScanResults == nil {
 				// No SCA scan results, return empty CVE lists.

sca/scan/scascan.go

@@ -160,7 +160,7 @@ func scaScanTask(strategy SbomScanStrategy, params ScaScanParams) (err error) {
 			return err
 		}
 		log.Info(utils.GetScanFindingsLog(utils.ScaScan, len(scanResults.Vulnerabilities), startTime, params.ThreadId))
-		return dumpScanResponseToFileIfNeeded(scanResults, params.ResultsOutputDir, utils.ScaScan, params.ThreadId)
+		return DumpScanResponseToFileIfNeeded(scanResults, params.ResultsOutputDir, utils.ScaScan, params.ThreadId)
 	}
 	// New flow: we scan the SBOM and enrich it with CVE vulnerabilities and calculate violations.
 	bomWithVulnerabilities, err := strategy.SbomEnrichTask(params.ScanResults.ScaResults.Sbom)
@@ -192,7 +192,7 @@ func GetScaScansStatusCode(err error, results ...services.ScanResponse) int {
 
 // If an output dir was provided through --output-dir flag, we create in the provided path new file containing the scan results
 // TODO: remove this function once the new flow is fully implemented.
-func dumpScanResponseToFileIfNeeded(results services.ScanResponse, scanResultsOutputDir string, scanType utils.SubScanType, threadId int) (err error) {
+func DumpScanResponseToFileIfNeeded(results services.ScanResponse, scanResultsOutputDir string, scanType utils.SubScanType, threadId int) (err error) {
 	if scanResultsOutputDir == "" {
 		return
 	}