diff --git a/commands/audit/audit.go b/commands/audit/audit.go index 5a0803b36..0e65e1b70 100644 --- a/commands/audit/audit.go +++ b/commands/audit/audit.go @@ -376,6 +376,7 @@ func getScanLogicOptions(params *AuditParams) (bomGenOptions []bom.SbomGenerator xrayplugin.WithTotalTargets(len(params.workingDirs)), xrayplugin.WithBinaryPath(params.CustomBomGenBinaryPath()), xrayplugin.WithIgnorePatterns(params.Exclusions()), + xrayplugin.WithSpecificTechnologies(params.Technologies()), xrayplugin.WithSnippetDetection(shouldIncludeSnippetDetection(params)), } // Scan Strategies Options diff --git a/sca/bom/xrayplugin/plugin/config.go b/sca/bom/xrayplugin/plugin/config.go index 216586a8c..b21bc0003 100644 --- a/sca/bom/xrayplugin/plugin/config.go +++ b/sca/bom/xrayplugin/plugin/config.go @@ -1,15 +1,23 @@ package plugin +import ( + "github.com/jfrog/jfrog-cli-security/utils/techutils" +) + // Config holds the configuration for Xray plugin library options. type Config struct { // The BOMRef of the scanned target, will be used at the Metadata and considered the Root. - BomRef string `json:"bom-ref,omitempty"` + BomRef string `json:"bom-ref,omitempty" yaml:"bom-ref,omitempty"` // The component type of the target ("application" / "library" / "file"...), will be used at the Metadata component. - Type string `json:"type,omitempty"` + Type string `json:"type,omitempty" yaml:"type,omitempty"` // The name of the target, will be used at the Metadata component. - Name string `json:"name,omitempty"` + Name string `json:"name,omitempty" yaml:"name,omitempty"` + // [Optional] The logging level for the scan process. if not set will get from environment variable or default to "info". + LogLevel string `json:"logLevel,omitempty" yaml:"logLevel,omitempty"` // [Optional] The version of the target, will be used at the Metadata component. - Version string `json:"version,omitempty"` + Version string `json:"version,omitempty" yaml:"version,omitempty"` // [Optional] Patterns (git ignore like) to ignore when scanning the target. - IgnorePatterns []string `json:"ignorePatterns,omitempty"` + IgnorePatterns []string `json:"ignorePatterns,omitempty" yaml:"ignorePatterns,omitempty"` + // [Optional] Ecosystems to scan. + Ecosystems []techutils.Technology `json:"ecosystems,omitempty" yaml:"ecosystems,omitempty"` } diff --git a/sca/bom/xrayplugin/plugin/plugin.go b/sca/bom/xrayplugin/plugin/plugin.go index 7929f546b..a11492c95 100644 --- a/sca/bom/xrayplugin/plugin/plugin.go +++ b/sca/bom/xrayplugin/plugin/plugin.go @@ -24,7 +24,7 @@ import ( const ( xrayLibPluginVersionEnvVariable = "JFROG_CLI_XRAY_LIB_PLUGIN_VERSION" - defaultXrayLibPluginVersion = "1.0.4" + defaultXrayLibPluginVersion = "1.1.0" SnippetDetectionEnvVariable = "JFROG_XRAY_SNIPPET_SCAN_ENABLE" diff --git a/sca/bom/xrayplugin/xraylibbom.go b/sca/bom/xrayplugin/xraylibbom.go index a6ad618c9..a9c8a5979 100644 --- a/sca/bom/xrayplugin/xraylibbom.go +++ b/sca/bom/xrayplugin/xraylibbom.go @@ -11,6 +11,7 @@ import ( "github.com/jfrog/jfrog-cli-security/utils" "github.com/jfrog/jfrog-cli-security/utils/formats/cdxutils" "github.com/jfrog/jfrog-cli-security/utils/results" + "github.com/jfrog/jfrog-cli-security/utils/techutils" "github.com/jfrog/jfrog-client-go/utils/io/fileutils" "github.com/jfrog/jfrog-client-go/utils/log" ) @@ -19,6 +20,7 @@ type XrayLibBomGenerator struct { binaryPath string snippetDetection bool ignorePatterns []string + specificTechs []techutils.Technology totalTargets int } @@ -34,6 +36,17 @@ func WithTotalTargets(totalTargets int) bom.SbomGeneratorOption { } } +func WithSpecificTechnologies(technologies []string) bom.SbomGeneratorOption { + return func(sg bom.SbomGenerator) { + if sbg, ok := sg.(*XrayLibBomGenerator); ok { + sbg.specificTechs = make([]techutils.Technology, 0, len(technologies)) + for _, tech := range technologies { + sbg.specificTechs = append(sbg.specificTechs, techutils.Technology(tech)) + } + } + } +} + func WithBinaryPath(binaryPath string) bom.SbomGeneratorOption { return func(sg bom.SbomGenerator) { if sbg, ok := sg.(*XrayLibBomGenerator); ok { @@ -129,6 +142,7 @@ func (sbg *XrayLibBomGenerator) executeScanner(scanner plugin.Scanner, target re Type: string(cyclonedx.ComponentTypeFile), Name: target.Target, IgnorePatterns: sbg.ignorePatterns, + Ecosystems: sbg.specificTechs, } if scanConfigStr, err := utils.GetAsJsonString(scanConfig, false, true); err == nil { log.Debug(fmt.Sprintf("Scan configuration: %s", scanConfigStr))