diff --git a/scanpullrequest/scanpullrequest.go b/scanpullrequest/scanpullrequest.go index 98c2fc70c..13b49a193 100644 --- a/scanpullrequest/scanpullrequest.go +++ b/scanpullrequest/scanpullrequest.go @@ -136,7 +136,8 @@ func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient, SetFixableOnly(repoConfig.FixableOnly). SetFailOnInstallationErrors(*repoConfig.FailOnSecurityIssues). SetConfigProfile(repoConfig.ConfigProfile). - SetSkipAutoInstall(repoConfig.SkipAutoInstall) + SetSkipAutoInstall(repoConfig.SkipAutoInstall). + SetDisableJas(repoConfig.DisableJas) if scanDetails, err = scanDetails.SetMinSeverity(repoConfig.MinSeverity); err != nil { return } diff --git a/scanrepository/scanrepository.go b/scanrepository/scanrepository.go index ad1668b33..5eefeca22 100644 --- a/scanrepository/scanrepository.go +++ b/scanrepository/scanrepository.go @@ -4,13 +4,14 @@ import ( "context" "errors" "fmt" - "github.com/go-git/go-git/v5" - biutils "github.com/jfrog/build-info-go/utils" "os" "path/filepath" "regexp" "strings" + "github.com/go-git/go-git/v5" + biutils "github.com/jfrog/build-info-go/utils" + "github.com/jfrog/frogbot/v2/packagehandlers" "github.com/jfrog/frogbot/v2/utils" "github.com/jfrog/frogbot/v2/utils/outputwriter" @@ -123,8 +124,7 @@ func (cfp *ScanRepositoryCmd) setCommandPrerequisites(repository *utils.Reposito SetFailOnInstallationErrors(*repository.FailOnSecurityIssues). SetFixableOnly(repository.FixableOnly). SetSkipAutoInstall(repository.SkipAutoInstall). - SetFixableOnly(repository.FixableOnly). - SetAllowPartialResults(repository.AllowPartialResults) + SetAllowPartialResults(repository.AllowPartialResults).SetDisableJas(repository.DisableJas) if cfp.scanDetails, err = cfp.scanDetails.SetMinSeverity(repository.MinSeverity); err != nil { return } diff --git a/utils/consts.go b/utils/consts.go index 5730d8c00..488223118 100644 --- a/utils/consts.go +++ b/utils/consts.go @@ -61,6 +61,7 @@ const ( DepsRepoEnv = "JF_DEPS_REPO" MinSeverityEnv = "JF_MIN_SEVERITY" FixableOnlyEnv = "JF_FIXABLE_ONLY" + DisableJasEnv = "JF_DISABLE_ADVANCE_SECURITY" DetectionOnlyEnv = "JF_SKIP_AUTOFIX" AllowedLicensesEnv = "JF_ALLOWED_LICENSES" SkipAutoInstallEnv = "JF_SKIP_AUTO_INSTALL" diff --git a/utils/params.go b/utils/params.go index 6c534b4a6..928327157 100644 --- a/utils/params.go +++ b/utils/params.go @@ -4,10 +4,6 @@ import ( "context" "errors" "fmt" - "github.com/jfrog/jfrog-cli-security/utils/techutils" - "github.com/jfrog/jfrog-cli-security/utils/xsc" - "github.com/jfrog/jfrog-client-go/xsc/services" - "golang.org/x/exp/slices" "net/http" "net/url" "os" @@ -15,6 +11,11 @@ import ( "strconv" "strings" + "github.com/jfrog/jfrog-cli-security/utils/techutils" + "github.com/jfrog/jfrog-cli-security/utils/xsc" + "github.com/jfrog/jfrog-client-go/xsc/services" + "golang.org/x/exp/slices" + "github.com/jfrog/frogbot/v2/utils/outputwriter" securityutils "github.com/jfrog/jfrog-cli-security/utils" "github.com/jfrog/jfrog-cli-security/utils/severityutils" @@ -153,6 +154,7 @@ type Scan struct { FailOnSecurityIssues *bool `yaml:"failOnSecurityIssues,omitempty"` AvoidPreviousPrCommentsDeletion bool `yaml:"avoidPreviousPrCommentsDeletion,omitempty"` MinSeverity string `yaml:"minSeverity,omitempty"` + DisableJas bool `yaml:"disableJas,omitempty"` AllowedLicenses []string `yaml:"allowedLicenses,omitempty"` Projects []Project `yaml:"projects,omitempty"` EmailDetails `yaml:",inline"` @@ -213,6 +215,11 @@ func (s *Scan) setDefaultsIfNeeded() (err error) { return } } + if !s.DisableJas { + if s.DisableJas, err = getBoolEnv(DisableJasEnv, false); err != nil { + return + } + } if !s.DetectionOnly { if s.DetectionOnly, err = getBoolEnv(DetectionOnlyEnv, false); err != nil { return diff --git a/utils/scandetails.go b/utils/scandetails.go index 00477b5c8..074daa476 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -4,10 +4,11 @@ import ( "context" "errors" "fmt" - clientservices "github.com/jfrog/jfrog-client-go/xsc/services" "os" "path/filepath" + clientservices "github.com/jfrog/jfrog-client-go/xsc/services" + "github.com/jfrog/froggit-go/vcsclient" "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" @@ -28,6 +29,7 @@ type ScanDetails struct { client vcsclient.VcsClient failOnInstallationErrors bool fixableOnly bool + disableJas bool skipAutoInstall bool minSeverityFilter severityutils.Severity baseBranch string @@ -39,6 +41,11 @@ func NewScanDetails(client vcsclient.VcsClient, server *config.ServerDetails, gi return &ScanDetails{client: client, ServerDetails: server, Git: git} } +func (sc *ScanDetails) SetDisableJas(disable bool) *ScanDetails { + sc.disableJas = disable + return sc +} + func (sc *ScanDetails) SetFailOnInstallationErrors(toFail bool) *ScanDetails { sc.failOnInstallationErrors = toFail return sc @@ -107,6 +114,10 @@ func (sc *ScanDetails) FixableOnly() bool { return sc.fixableOnly } +func (sc *ScanDetails) DisableJas() bool { + return sc.disableJas +} + func (sc *ScanDetails) MinSeverityFilter() severityutils.Severity { return sc.minSeverityFilter } @@ -186,7 +197,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *res SetGraphBasicParams(auditBasicParams). SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()). SetConfigProfile(sc.configProfile) - auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan) + auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan).SetUseJas(!sc.DisableJas()) auditResults, err = audit.RunAudit(auditParams)