Add Force specific tech in static sca

commands/audit/audit.go

@@ -376,6 +376,7 @@ func getScanLogicOptions(params *AuditParams) (bomGenOptions []bom.SbomGenerator
 		xrayplugin.WithTotalTargets(len(params.workingDirs)),
 		xrayplugin.WithBinaryPath(params.CustomBomGenBinaryPath()),
 		xrayplugin.WithIgnorePatterns(params.Exclusions()),
+		xrayplugin.WithSpecificTechnologies(params.Technologies()),
 		xrayplugin.WithSnippetDetection(shouldIncludeSnippetDetection(params)),
 	}
 	// Scan Strategies Options

sca/bom/xrayplugin/plugin/config.go

@@ -1,15 +1,23 @@
 package plugin
 
+import (
+	"github.com/jfrog/jfrog-cli-security/utils/techutils"
+)
+
 // Config holds the configuration for Xray plugin library options.
 type Config struct {
 	// The BOMRef of the scanned target, will be used at the Metadata and considered the Root.
-	BomRef string `json:"bom-ref,omitempty"`
+	BomRef string `json:"bom-ref,omitempty" yaml:"bom-ref,omitempty"`
 	// The component type of the target ("application" / "library" / "file"...), will be used at the Metadata component.
-	Type string `json:"type,omitempty"`
+	Type string `json:"type,omitempty" yaml:"type,omitempty"`
 	// The name of the target, will be used at the Metadata component.
-	Name string `json:"name,omitempty"`
+	Name string `json:"name,omitempty" yaml:"name,omitempty"`
+	// [Optional] The logging level for the scan process. if not set will get from environment variable or default to "info".
+	LogLevel string `json:"logLevel,omitempty" yaml:"logLevel,omitempty"`
 	// [Optional] The version of the target, will be used at the Metadata component.
-	Version string `json:"version,omitempty"`
+	Version string `json:"version,omitempty" yaml:"version,omitempty"`
 	// [Optional] Patterns (git ignore like) to ignore when scanning the target.
-	IgnorePatterns []string `json:"ignorePatterns,omitempty"`
+	IgnorePatterns []string `json:"ignorePatterns,omitempty" yaml:"ignorePatterns,omitempty"`
+	// [Optional] Ecosystems to scan.
+	Ecosystems []techutils.Technology `json:"ecosystems,omitempty" yaml:"ecosystems,omitempty"`
 }

sca/bom/xrayplugin/plugin/plugin.go

@@ -24,7 +24,7 @@ import (
 
 const (
 	xrayLibPluginVersionEnvVariable = "JFROG_CLI_XRAY_LIB_PLUGIN_VERSION"
-	defaultXrayLibPluginVersion     = "1.0.4"
+	defaultXrayLibPluginVersion     = "1.1.0"
 
 	SnippetDetectionEnvVariable = "JFROG_XRAY_SNIPPET_SCAN_ENABLE"
 

sca/bom/xrayplugin/xraylibbom.go

@@ -11,6 +11,7 @@ import (
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-cli-security/utils/formats/cdxutils"
 	"github.com/jfrog/jfrog-cli-security/utils/results"
+	"github.com/jfrog/jfrog-cli-security/utils/techutils"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 )
@@ -19,6 +20,7 @@ type XrayLibBomGenerator struct {
 	binaryPath       string
 	snippetDetection bool
 	ignorePatterns   []string
+	specificTechs    []techutils.Technology
 	totalTargets     int
 }
 
@@ -34,6 +36,17 @@ func WithTotalTargets(totalTargets int) bom.SbomGeneratorOption {
 	}
 }
 
+func WithSpecificTechnologies(technologies []string) bom.SbomGeneratorOption {
+	return func(sg bom.SbomGenerator) {
+		if sbg, ok := sg.(*XrayLibBomGenerator); ok {
+			sbg.specificTechs = make([]techutils.Technology, 0, len(technologies))
+			for _, tech := range technologies {
+				sbg.specificTechs = append(sbg.specificTechs, techutils.Technology(tech))
+			}
+		}
+	}
+}
+
 func WithBinaryPath(binaryPath string) bom.SbomGeneratorOption {
 	return func(sg bom.SbomGenerator) {
 		if sbg, ok := sg.(*XrayLibBomGenerator); ok {
@@ -129,6 +142,7 @@ func (sbg *XrayLibBomGenerator) executeScanner(scanner plugin.Scanner, target re
 		Type:           string(cyclonedx.ComponentTypeFile),
 		Name:           target.Target,
 		IgnorePatterns: sbg.ignorePatterns,
+		Ecosystems:     sbg.specificTechs,
 	}
 	if scanConfigStr, err := utils.GetAsJsonString(scanConfig, false, true); err == nil {
 		log.Debug(fmt.Sprintf("Scan configuration: %s", scanConfigStr))