From 02c0644b8df6757a7664472655c3e9ca197d7165 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 10:06:20 +0300 Subject: [PATCH 01/12] Update AnalyzerManager default version to 1.34.1 --- jas/analyzermanager.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index 7e92083a4..6a09d3bab 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -25,7 +25,7 @@ import ( const ( ApplicabilityFeatureId = "contextual_analysis" AnalyzerManagerZipName = "analyzerManager.zip" - defaultAnalyzerManagerVersion = "1.33.0" + defaultAnalyzerManagerVersion = "1.34.1" analyzerManagerDownloadPath = "xsc-gen-exe-analyzer-manager-local/v1" analyzerManagerDirName = "analyzerManager" analyzerManagerExecutableName = "analyzerManager" From 7c8fbe0865a7002852e3d3da9b763aee2d613bae Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 10:37:48 +0300 Subject: [PATCH 02/12] fix tests after update --- audit_test.go | 12 ++++++------ git_test.go | 8 ++++---- sca/bom/buildinfo/technologies/pnpm/pnpm_test.go | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/audit_test.go b/audit_test.go index 6c196e8d3..5e4e71f82 100644 --- a/audit_test.go +++ b/audit_test.go @@ -1166,11 +1166,11 @@ func TestAuditNewScaCycloneDxPipenv(t *testing.T) { assert.NoError(t, err) validations.VerifyCycloneDxResults(t, output, validations.ValidationParams{ ExactResultsMatch: true, - Total: &validations.TotalCount{Vulnerabilities: 10, BomComponents: 4 /* components */ + 1 /* root */, Licenses: 1}, + Total: &validations.TotalCount{Vulnerabilities: 11, BomComponents: 4 /* components */ + 1 /* root */, Licenses: 1}, SbomComponents: &validations.SbomCount{Root: 1, Direct: 4}, Vulnerabilities: &validations.VulnerabilityCount{ - ValidateScan: &validations.ScanCount{Sca: 10}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 4, NotApplicable: 6}, + ValidateScan: &validations.ScanCount{Sca: 11}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 5, NotApplicable: 6}, }, }) } @@ -1184,11 +1184,11 @@ func TestAuditNewScaCycloneDxUV(t *testing.T) { assert.NoError(t, err) validations.VerifyCycloneDxResults(t, output, validations.ValidationParams{ ExactResultsMatch: true, - Total: &validations.TotalCount{Vulnerabilities: 18, BomComponents: 1 /* root */ + 8 /* direct */ + 1 /* file (secret)*/, Licenses: 5}, + Total: &validations.TotalCount{Vulnerabilities: 19, BomComponents: 1 /* root */ + 8 /* direct */ + 1 /* file (secret)*/, Licenses: 5}, SbomComponents: &validations.SbomCount{Root: 1, Direct: 8}, Vulnerabilities: &validations.VulnerabilityCount{ - ValidateScan: &validations.ScanCount{Sca: 16, Sast: 1, Secrets: 1}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 7, NotApplicable: 9}, + ValidateScan: &validations.ScanCount{Sca: 17, Sast: 1, Secrets: 1}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 8, NotApplicable: 9}, }, }) } diff --git a/git_test.go b/git_test.go index 51a76da00..7407136f5 100644 --- a/git_test.go +++ b/git_test.go @@ -271,8 +271,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 12, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 10, NotCovered: 2, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 19, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 10, NotCovered: 9, Inactive: 2}, }, ExactResultsMatch: true, }, @@ -299,8 +299,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 2, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 2, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 10, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 10, Inactive: 2}, }, ExactResultsMatch: true, }, diff --git a/sca/bom/buildinfo/technologies/pnpm/pnpm_test.go b/sca/bom/buildinfo/technologies/pnpm/pnpm_test.go index 96d5adbd4..eaf3d8c3c 100644 --- a/sca/bom/buildinfo/technologies/pnpm/pnpm_test.go +++ b/sca/bom/buildinfo/technologies/pnpm/pnpm_test.go @@ -43,7 +43,7 @@ func TestBuildDependencyTreeLimitedDepth(t *testing.T) { name: "With transitive dependencies", treeDepth: "1", expectedUniqueDeps: []string{ - "npm://axios:1.16.0", + "npm://axios:1.16.1", "npm://balaganjs:1.0.0", "npm://yargs:13.3.0", "npm://zen-website:1.0.0", @@ -53,7 +53,7 @@ func TestBuildDependencyTreeLimitedDepth(t *testing.T) { Nodes: []*xrayUtils.GraphNode{ { Id: "npm://balaganjs:1.0.0", - Nodes: []*xrayUtils.GraphNode{{Id: "npm://axios:1.16.0"}, {Id: "npm://yargs:13.3.0"}}, + Nodes: []*xrayUtils.GraphNode{{Id: "npm://axios:1.16.1"}, {Id: "npm://yargs:13.3.0"}}, }, }, }, From 57d3198ead8eef77e21f1f1114d3319c71e3134c Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 10:45:23 +0300 Subject: [PATCH 03/12] add jfrog ignore --- sca/bom/buildinfo/technologies/java/deptreemanager.go | 1 + 1 file changed, 1 insertion(+) diff --git a/sca/bom/buildinfo/technologies/java/deptreemanager.go b/sca/bom/buildinfo/technologies/java/deptreemanager.go index 5b11857cb..52fd914e6 100644 --- a/sca/bom/buildinfo/technologies/java/deptreemanager.go +++ b/sca/bom/buildinfo/technologies/java/deptreemanager.go @@ -106,6 +106,7 @@ func parseDepTreeFiles(jsonFilePaths string) ([]*moduleDepTree, error) { } func parseDepTreeFile(path string) (results *moduleDepTree, err error) { + // jfrog-ignore: The file is a JSON file that contains the dependency tree of a module in a Gradle/Maven project. depTreeJson, err := os.ReadFile(strings.TrimSpace(path)) if errorutils.CheckError(err) != nil { return From 7f7d3dc585b973b7bf7ab726678dffe155c83e91 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 11:05:47 +0300 Subject: [PATCH 04/12] try to fix skip not applicable test --- git_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/git_test.go b/git_test.go index 7407136f5..f7cd67ca3 100644 --- a/git_test.go +++ b/git_test.go @@ -271,8 +271,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 19, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 10, NotCovered: 9, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 20, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 10, NotCovered: 10, Inactive: 2}, }, ExactResultsMatch: true, }, @@ -299,8 +299,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 10, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 10, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 8, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 8, Inactive: 2}, }, ExactResultsMatch: true, }, From c47d8e2fba2b5ad787de2f0c9cbd493ae016f74b Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 11:07:37 +0300 Subject: [PATCH 05/12] update dummy repo name to isolate --- git_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_test.go b/git_test.go index f7cd67ca3..7ef9b781a 100644 --- a/git_test.go +++ b/git_test.go @@ -67,7 +67,7 @@ func testGitAuditCommand(t *testing.T, params auditCommandTestParams) (string, e } func getDummyGitRepoUrl() string { - return fmt.Sprintf("https://github.com/jfrog/dummy-repo-url%s.git", securityTests.GetUniqueSuffix()) + return fmt.Sprintf("https://test.git.provider.com/jfrog/dummy-repo-url%s.git", securityTests.GetUniqueSuffix()) } func createTestProjectRunGitAuditAndValidate(t *testing.T, projectPath string, gitAuditParams gitAuditCommandTestParams, xrayVersion, xscVersion, expectError string, validationParams validations.ValidationParams) { From d33e029766668fcf65c964f247ed7961bbac214b Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 17:16:32 +0300 Subject: [PATCH 06/12] fix tests --- git_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/git_test.go b/git_test.go index 7ef9b781a..03646c6fc 100644 --- a/git_test.go +++ b/git_test.go @@ -299,8 +299,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 8, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 8, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 10, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 10, Inactive: 2}, }, ExactResultsMatch: true, }, From 77889f1c97a53a5a4a3cb211ee7fcb57a83d0921 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 17 May 2026 15:22:57 +0300 Subject: [PATCH 07/12] Update deps, fix tests --- git_test.go | 6 ++--- go.mod | 36 +++++++++++++-------------- go.sum | 72 ++++++++++++++++++++++++++--------------------------- 3 files changed, 57 insertions(+), 57 deletions(-) diff --git a/git_test.go b/git_test.go index 03646c6fc..da047c189 100644 --- a/git_test.go +++ b/git_test.go @@ -272,7 +272,7 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { validations.ValidationParams{ Violations: &validations.ViolationCount{ ValidateScan: &validations.ScanCount{Sca: 20, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 10, NotCovered: 10, Inactive: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 13, NotCovered: 7, Inactive: 2}, }, ExactResultsMatch: true, }, @@ -299,8 +299,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 10, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 10, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 7, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 7, Inactive: 2}, }, ExactResultsMatch: true, }, diff --git a/go.mod b/go.mod index fa9b01eb1..c264d12a4 100644 --- a/go.mod +++ b/go.mod @@ -1,33 +1,33 @@ module github.com/jfrog/jfrog-cli-security -go 1.25.7 +go 1.26.3 require ( github.com/CycloneDX/cyclonedx-go v0.10.0 github.com/beevik/etree v1.6.0 - github.com/go-git/go-git/v5 v5.18.0 + github.com/go-git/go-git/v5 v5.19.0 github.com/google/go-github/v56 v56.0.0 github.com/google/uuid v1.6.0 - github.com/gookit/color v1.6.0 + github.com/gookit/color v1.6.1 github.com/hashicorp/go-hclog v1.6.3 github.com/hashicorp/go-plugin v1.6.3 - github.com/jfrog/build-info-go v1.13.1-0.20260429070557-93b98034d295 + github.com/jfrog/build-info-go v1.13.1-0.20260514141440-b2463b51dc3a github.com/jfrog/froggit-go v1.22.0 github.com/jfrog/gofrog v1.7.6 github.com/jfrog/jfrog-apps-config v1.0.1 - github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260501071051-3c8035fc662b - github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260504054219-ba16d20c7b0f - github.com/jfrog/jfrog-client-go v1.55.1-0.20260505115216-b6c67f807bc3 + github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260515045427-eb0cec44a4e2 + github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260515092054-cca97077293d + github.com/jfrog/jfrog-client-go v1.55.1-0.20260508101905-a17af78a38d7 github.com/magiconair/properties v1.8.10 github.com/owenrumney/go-sarif/v3 v3.2.3 github.com/package-url/packageurl-go v0.1.3 github.com/stretchr/testify v1.11.1 github.com/urfave/cli v1.22.17 github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 - golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 + golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f golang.org/x/sync v0.20.0 - golang.org/x/sys v0.42.0 - golang.org/x/text v0.35.0 + golang.org/x/sys v0.44.0 + golang.org/x/text v0.37.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -39,7 +39,7 @@ require ( github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect github.com/andybalholm/brotli v1.2.0 // indirect - github.com/buger/jsonparser v1.1.2 // indirect + github.com/buger/jsonparser v1.2.0 // indirect github.com/c-bata/go-prompt v0.2.6 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chzyer/readline v1.5.1 // indirect @@ -65,7 +65,7 @@ require ( github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/gfleury/go-bitbucket-v1 v0.0.0-20240917142304-df385efaac68 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.8.0 // indirect + github.com/go-git/go-billy/v5 v5.9.0 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-viper/mapstructure/v2 v2.5.0 // indirect @@ -82,7 +82,7 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.8 // indirect github.com/hashicorp/yamux v0.1.1 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/jedib0t/go-pretty/v6 v6.7.8 // indirect + github.com/jedib0t/go-pretty/v6 v6.7.10 // indirect github.com/jfrog/archiver/v3 v3.6.3 // indirect github.com/kevinburke/ssh_config v1.6.0 // indirect github.com/klauspost/compress v1.18.5 // indirect @@ -107,7 +107,7 @@ require ( github.com/opencontainers/image-spec v1.1.1 // indirect github.com/pelletier/go-toml/v2 v2.3.0 // indirect github.com/pierrec/lz4/v4 v4.1.26 // indirect - github.com/pjbgf/sha1cd v0.5.0 // indirect + github.com/pjbgf/sha1cd v0.6.0 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/term v1.2.0-beta.2 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -138,11 +138,11 @@ require ( go.opentelemetry.io/otel/metric v1.42.0 // indirect go.opentelemetry.io/otel/trace v1.42.0 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.49.0 // indirect - golang.org/x/mod v0.34.0 // indirect - golang.org/x/net v0.52.0 // indirect + golang.org/x/crypto v0.50.0 // indirect + golang.org/x/mod v0.35.0 // indirect + golang.org/x/net v0.53.0 // indirect golang.org/x/oauth2 v0.36.0 // indirect - golang.org/x/term v0.41.0 // indirect + golang.org/x/term v0.43.0 // indirect golang.org/x/time v0.15.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 // indirect google.golang.org/grpc v1.79.3 // indirect diff --git a/go.sum b/go.sum index 42c832a5f..b79a9f1ca 100644 --- a/go.sum +++ b/go.sum @@ -27,8 +27,8 @@ github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oM github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8= -github.com/buger/jsonparser v1.1.2 h1:frqHqw7otoVbk5M8LlE/L7HTnIq2v9RX6EJ48i9AxJk= -github.com/buger/jsonparser v1.1.2/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= +github.com/buger/jsonparser v1.2.0 h1:4EFcvK1kD4jyj6YqNK6skK6w+y7FHHBR+XBCtxwu/6g= +github.com/buger/jsonparser v1.2.0/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/c-bata/go-prompt v0.2.6 h1:POP+nrHE+DfLYx370bedwNhsqmpCUynWPxuHi0C5vZI= github.com/c-bata/go-prompt v0.2.6/go.mod h1:/LMAke8wD2FsNu9EXNdHxNLbd9MedkPnCdfpU9wwHfY= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= @@ -98,12 +98,12 @@ github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0= -github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY= +github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmmBPA= +github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.18.0 h1:O831KI+0PR51hM2kep6T8k+w0/LIAD490gvqMCvL5hM= -github.com/go-git/go-git/v5 v5.18.0/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo= +github.com/go-git/go-git/v5 v5.19.0 h1:+WkVUQZSy/F1Gb13udrMKjIM2PrzsNfDKFSfo5tkMtc= +github.com/go-git/go-git/v5 v5.19.0/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -139,8 +139,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gookit/assert v0.1.1 h1:lh3GcawXe/p+cU7ESTZ5Ui3Sm/x8JWpIis4/1aF0mY0= github.com/gookit/assert v0.1.1/go.mod h1:jS5bmIVQZTIwk42uXl4lyj4iaaxx32tqH16CFj0VX2E= -github.com/gookit/color v1.6.0 h1:JjJXBTk1ETNyqyilJhkTXJYYigHG24TM9Xa2M1xAhRA= -github.com/gookit/color v1.6.0/go.mod h1:9ACFc7/1IpHGBW8RwuDm/0YEnhg3dwwXpoMsmtyHfjs= +github.com/gookit/color v1.6.1 h1:KoTnDxJPRgrL0SoX0f8rCFg2zI0t4E3GZZBMo2nN8LU= +github.com/gookit/color v1.6.1/go.mod h1:9ACFc7/1IpHGBW8RwuDm/0YEnhg3dwwXpoMsmtyHfjs= github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/grokify/mogo v0.74.0 h1:+/Q8+C0IaaLhBf9+TBcw/AbBQppTz7Ypa/uUqLpLClY= @@ -157,24 +157,24 @@ github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jedib0t/go-pretty/v6 v6.7.8 h1:BVYrDy5DPBA3Qn9ICT+PokP9cvCv1KaHv2i+Hc8sr5o= -github.com/jedib0t/go-pretty/v6 v6.7.8/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU= +github.com/jedib0t/go-pretty/v6 v6.7.10 h1:B/2qW2Bkv2L6n14PP8o1kx75kWzHOQ3YTluWzg9icac= +github.com/jedib0t/go-pretty/v6 v6.7.10/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU= github.com/jfrog/archiver/v3 v3.6.3 h1:hkAmPjBw393tPmQ07JknLNWFNZjXdy2xFEnOW9wwOxI= github.com/jfrog/archiver/v3 v3.6.3/go.mod h1:5V9l+Fte30Y4qe9dUOAd3yNTf8lmtVNuhKNrvI8PMhg= -github.com/jfrog/build-info-go v1.13.1-0.20260429070557-93b98034d295 h1:EH0h86KwGvNHWyEBQoHoU9WfMMKy1GJ6jJQNmfy6E0U= -github.com/jfrog/build-info-go v1.13.1-0.20260429070557-93b98034d295/go.mod h1:+OCtMb22/D+u7Wne5lzkjJjaWr0LRZcHlDwTH86Mpwo= +github.com/jfrog/build-info-go v1.13.1-0.20260514141440-b2463b51dc3a h1:+TOYHOux+EIkmJUcZvcpWcMjhwkEo0EyIkepEcAxJX8= +github.com/jfrog/build-info-go v1.13.1-0.20260514141440-b2463b51dc3a/go.mod h1:CYRUCvLKfyARjoJXLWAxce1qNUxTEtbRKAARkV42vpE= github.com/jfrog/froggit-go v1.22.0 h1:eeN5F8sOUo+h2cXkzArAu4nvSdjkDTAZtgqwrct70qg= github.com/jfrog/froggit-go v1.22.0/go.mod h1:wRDryqyp3oe+eHgME2mpnEQmO8XBECIPagFwj0nHmdI= github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s= github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260501071051-3c8035fc662b h1:FthglG4ivcUSQLNPWWdKzbBHR9FCCG1WJSO5fpbLkY4= -github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260501071051-3c8035fc662b/go.mod h1:teaYcsWBYyYa0mhofzOJkEqWRMZ/1gS7uhy6HT64XXg= -github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260504054219-ba16d20c7b0f h1:l5BPLF8GYBSvXmNqurqAP291lVHr1iCo4nwc5xe7KNM= -github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260504054219-ba16d20c7b0f/go.mod h1:bjAkVD8c2W+jg4whqy10bSXDC/c+Se8/ll/GPp5F/+0= -github.com/jfrog/jfrog-client-go v1.55.1-0.20260505115216-b6c67f807bc3 h1:yjPAmowZM/2yDpgYVwWBuFFm8IETnYkCe5OLp6zFsQA= -github.com/jfrog/jfrog-client-go v1.55.1-0.20260505115216-b6c67f807bc3/go.mod h1:sCE06+GngPoyrGO0c+vmhgMoVSP83UMNiZnIuNPzU8U= +github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260515045427-eb0cec44a4e2 h1:1nCyNPDxH2EXUz0zx2bFBViYrW/KoqGcQDH9Jm8HHs8= +github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260515045427-eb0cec44a4e2/go.mod h1:XESHQN9MEeje13fJaXtbljidwTqlJO+qhhUHHDxwntQ= +github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260515092054-cca97077293d h1:6IRzTppsSWOMIRVXmFVlnOHi0QLs5+4Mfd3sHATsRTw= +github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260515092054-cca97077293d/go.mod h1:bh1ptuSLGZT4l51hl+xgUlS7sAd8K77tKn0wa5n7TQo= +github.com/jfrog/jfrog-client-go v1.55.1-0.20260508101905-a17af78a38d7 h1:o8fk4yWLqNMldarXyh/4NbmdbYbuM+lKYobdJK7shqM= +github.com/jfrog/jfrog-client-go v1.55.1-0.20260508101905-a17af78a38d7/go.mod h1:sCE06+GngPoyrGO0c+vmhgMoVSP83UMNiZnIuNPzU8U= github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c= github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo= github.com/kevinburke/ssh_config v1.6.0 h1:J1FBfmuVosPHf5GRdltRLhPJtJpTlMdKTBjRgTaQBFY= @@ -252,8 +252,8 @@ github.com/pelletier/go-toml/v2 v2.3.0 h1:k59bC/lIZREW0/iVaQR8nDHxVq8OVlIzYCOJf4 github.com/pelletier/go-toml/v2 v2.3.0/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= github.com/pierrec/lz4/v4 v4.1.26 h1:GrpZw1gZttORinvzBdXPUXATeqlJjqUG/D87TKMnhjY= github.com/pierrec/lz4/v4 v4.1.26/go.mod h1:EoQMVJgeeEOMsCqCzqFm2O0cJvljX2nGZjcRIPL34O4= -github.com/pjbgf/sha1cd v0.5.0 h1:a+UkboSi1znleCDUNT3M5YxjOnN1fz2FhN48FlwCxs0= -github.com/pjbgf/sha1cd v0.5.0/go.mod h1:lhpGlyHLpQZoxMv8HcgXvZEhcGs0PG/vsZnEJ7H0iCM= +github.com/pjbgf/sha1cd v0.6.0 h1:3WJ8Wz8gvDz29quX1OcEmkAlUg9diU4GxJHqs0/XiwU= +github.com/pjbgf/sha1cd v0.6.0/go.mod h1:lhpGlyHLpQZoxMv8HcgXvZEhcGs0PG/vsZnEJ7H0iCM= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -354,14 +354,14 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= -golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 h1:jiDhWWeC7jfWqR9c/uplMOqJ0sbNlNWv0UkzE0vX1MA= -golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90/go.mod h1:xE1HEv6b+1SCZ5/uscMRjUBKtIxworgEcEi+/n9NQDQ= +golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= +golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= +golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f h1:W3F4c+6OLc6H2lb//N1q4WpJkhzJCK5J6kUi1NTVXfM= +golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f/go.mod h1:J1xhfL/vlindoeF/aINzNzt2Bket5bjo9sdOYzOsU80= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= -golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= +golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= +golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -372,8 +372,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= @@ -411,16 +411,16 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= +golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -428,16 +428,16 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= -golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= +golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= +golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= From eb8d3339434d437fe1a8c19576ed3cdd673e2e96 Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 20 May 2026 15:08:35 +0300 Subject: [PATCH 08/12] add unique commit hash for tests that require it --- git_test.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/git_test.go b/git_test.go index da047c189..f1bea3c42 100644 --- a/git_test.go +++ b/git_test.go @@ -60,6 +60,7 @@ type gitAuditCommandTestParams struct { auditCommandTestParams // Override the test project repo clone url OverrideRepoCloneUrl string + OverrideCommitMsg string } func testGitAuditCommand(t *testing.T, params auditCommandTestParams) (string, error) { @@ -67,7 +68,11 @@ func testGitAuditCommand(t *testing.T, params auditCommandTestParams) (string, e } func getDummyGitRepoUrl() string { - return fmt.Sprintf("https://test.git.provider.com/jfrog/dummy-repo-url%s.git", securityTests.GetUniqueSuffix()) + return fmt.Sprintf("https://test.git.provider.com/jfrog-tests/dummy-repo-url%s.git", securityTests.GetUniqueSuffix()) +} + +func getDummyCommitMsg(baseMsg string) string { + return fmt.Sprintf("commit-message-%s-%s", baseMsg, securityTests.GetUniqueSuffix()) } func createTestProjectRunGitAuditAndValidate(t *testing.T, projectPath string, gitAuditParams gitAuditCommandTestParams, xrayVersion, xscVersion, expectError string, validationParams validations.ValidationParams) { @@ -80,6 +85,9 @@ func createTestProjectRunGitAuditAndValidate(t *testing.T, projectPath string, g // Override the git remote url to a dummy one to avoid flaky tests due to collisions in policy/watch created for the same repo. assert.NoError(t, exec.Command("git", "remote", "set-url", "origin", gitAuditParams.OverrideRepoCloneUrl).Run(), "Failed to set dummy git remote url") } + if gitAuditParams.OverrideCommitMsg != "" { + assert.NoError(t, exec.Command("git", "commit", "--amend", "--date=now", "-m", gitAuditParams.OverrideCommitMsg).Run(), "Failed to set dummy commit msg") + } // Run the audit command with git repo and verify violations are reported to the platform. output, err := testGitAuditCommand(t, gitAuditParams.auditCommandTestParams) if expectError != "" { @@ -138,6 +146,7 @@ func TestGitAuditStaticScaSimpleJson(t *testing.T) { Watches: []string{watchName}, }, OverrideRepoCloneUrl: dummyCloneUrl, + OverrideCommitMsg: getDummyCommitMsg("git-audit-static-sca-simple-json"), }, xrayVersion, "", "One or more of the detected violations are configured to fail the build that including them", validations.ValidationParams{ @@ -170,6 +179,7 @@ func TestGitAuditViolationsWithIgnoreRule(t *testing.T) { gitAuditCommandTestParams{ auditCommandTestParams: auditCommandTestParams{Format: format.SimpleJson, WithLicense: true, WithVuln: true}, OverrideRepoCloneUrl: dummyCloneUrl, + OverrideCommitMsg: getDummyCommitMsg("git-audit-violations-with-ignore-rule-before"), }, xrayVersion, xscVersion, "One or more of the detected violations are configured to fail the build that including them", validations.ValidationParams{ @@ -203,6 +213,7 @@ func TestGitAuditViolationsWithIgnoreRule(t *testing.T) { gitAuditCommandTestParams{ auditCommandTestParams: auditCommandTestParams{Format: format.SimpleJson}, OverrideRepoCloneUrl: dummyCloneUrl, + OverrideCommitMsg: getDummyCommitMsg("git-audit-violations-with-ignore-rule-after"), }, xrayVersion, xscVersion, "", // No Violations should be reported since all violations are ignored. @@ -267,6 +278,7 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { gitAuditCommandTestParams{ auditCommandTestParams: auditCommandTestParams{Format: format.SimpleJson, Watches: []string{watchName}, DisableFailOnFailedBuildFlag: true}, OverrideRepoCloneUrl: dummyCloneUrl, + OverrideCommitMsg: getDummyCommitMsg("git-audit-jas-skip-not-applicable-cves-violations-before"), }, xrayVersion, xscVersion, "", validations.ValidationParams{ @@ -295,6 +307,7 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { gitAuditCommandTestParams{ auditCommandTestParams: auditCommandTestParams{Format: format.SimpleJson, Watches: []string{skipWatchName}, DisableFailOnFailedBuildFlag: true}, OverrideRepoCloneUrl: dummyCloneUrl, + OverrideCommitMsg: getDummyCommitMsg("git-audit-jas-skip-not-applicable-cves-violations-after"), }, xrayVersion, xscVersion, "", validations.ValidationParams{ From 8010e98a95a37e1fe9958a0c705f1126d2bfc1a1 Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 20 May 2026 15:11:44 +0300 Subject: [PATCH 09/12] Update dependencies --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index c264d12a4..e56f857ef 100644 --- a/go.mod +++ b/go.mod @@ -5,19 +5,19 @@ go 1.26.3 require ( github.com/CycloneDX/cyclonedx-go v0.10.0 github.com/beevik/etree v1.6.0 - github.com/go-git/go-git/v5 v5.19.0 + github.com/go-git/go-git/v5 v5.19.1 github.com/google/go-github/v56 v56.0.0 github.com/google/uuid v1.6.0 github.com/gookit/color v1.6.1 github.com/hashicorp/go-hclog v1.6.3 github.com/hashicorp/go-plugin v1.6.3 - github.com/jfrog/build-info-go v1.13.1-0.20260514141440-b2463b51dc3a + github.com/jfrog/build-info-go v1.13.1-0.20260519074839-e2d81022f459 github.com/jfrog/froggit-go v1.22.0 github.com/jfrog/gofrog v1.7.6 github.com/jfrog/jfrog-apps-config v1.0.1 github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260515045427-eb0cec44a4e2 - github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260515092054-cca97077293d - github.com/jfrog/jfrog-client-go v1.55.1-0.20260508101905-a17af78a38d7 + github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260519160146-908527b450ff + github.com/jfrog/jfrog-client-go v1.55.1-0.20260518073856-78c118beaa69 github.com/magiconair/properties v1.8.10 github.com/owenrumney/go-sarif/v3 v3.2.3 github.com/package-url/packageurl-go v0.1.3 diff --git a/go.sum b/go.sum index b79a9f1ca..ba653b083 100644 --- a/go.sum +++ b/go.sum @@ -102,8 +102,8 @@ github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmm github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.19.0 h1:+WkVUQZSy/F1Gb13udrMKjIM2PrzsNfDKFSfo5tkMtc= -github.com/go-git/go-git/v5 v5.19.0/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ= +github.com/go-git/go-git/v5 v5.19.1 h1:nX27AnaU43/K5bKktKwgBmR9lawoYVe1Ckg0rgzzN00= +github.com/go-git/go-git/v5 v5.19.1/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -161,8 +161,8 @@ github.com/jedib0t/go-pretty/v6 v6.7.10 h1:B/2qW2Bkv2L6n14PP8o1kx75kWzHOQ3YTluWz github.com/jedib0t/go-pretty/v6 v6.7.10/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU= github.com/jfrog/archiver/v3 v3.6.3 h1:hkAmPjBw393tPmQ07JknLNWFNZjXdy2xFEnOW9wwOxI= github.com/jfrog/archiver/v3 v3.6.3/go.mod h1:5V9l+Fte30Y4qe9dUOAd3yNTf8lmtVNuhKNrvI8PMhg= -github.com/jfrog/build-info-go v1.13.1-0.20260514141440-b2463b51dc3a h1:+TOYHOux+EIkmJUcZvcpWcMjhwkEo0EyIkepEcAxJX8= -github.com/jfrog/build-info-go v1.13.1-0.20260514141440-b2463b51dc3a/go.mod h1:CYRUCvLKfyARjoJXLWAxce1qNUxTEtbRKAARkV42vpE= +github.com/jfrog/build-info-go v1.13.1-0.20260519074839-e2d81022f459 h1:tlqz9iKWaachSMvHQtGediH8dqWBKGXlDDCXtY9QfGM= +github.com/jfrog/build-info-go v1.13.1-0.20260519074839-e2d81022f459/go.mod h1:CYRUCvLKfyARjoJXLWAxce1qNUxTEtbRKAARkV42vpE= github.com/jfrog/froggit-go v1.22.0 h1:eeN5F8sOUo+h2cXkzArAu4nvSdjkDTAZtgqwrct70qg= github.com/jfrog/froggit-go v1.22.0/go.mod h1:wRDryqyp3oe+eHgME2mpnEQmO8XBECIPagFwj0nHmdI= github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s= @@ -171,10 +171,10 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260515045427-eb0cec44a4e2 h1:1nCyNPDxH2EXUz0zx2bFBViYrW/KoqGcQDH9Jm8HHs8= github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20260515045427-eb0cec44a4e2/go.mod h1:XESHQN9MEeje13fJaXtbljidwTqlJO+qhhUHHDxwntQ= -github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260515092054-cca97077293d h1:6IRzTppsSWOMIRVXmFVlnOHi0QLs5+4Mfd3sHATsRTw= -github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260515092054-cca97077293d/go.mod h1:bh1ptuSLGZT4l51hl+xgUlS7sAd8K77tKn0wa5n7TQo= -github.com/jfrog/jfrog-client-go v1.55.1-0.20260508101905-a17af78a38d7 h1:o8fk4yWLqNMldarXyh/4NbmdbYbuM+lKYobdJK7shqM= -github.com/jfrog/jfrog-client-go v1.55.1-0.20260508101905-a17af78a38d7/go.mod h1:sCE06+GngPoyrGO0c+vmhgMoVSP83UMNiZnIuNPzU8U= +github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260519160146-908527b450ff h1:SrtP+sdTSZjbjLDQ4XVtWCM11Ao+Hrj8OADtR+K2eCQ= +github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20260519160146-908527b450ff/go.mod h1:D9afcOJmauUYcQZ3WGDg7HejyoBmCQr2XrwXHeN1YY8= +github.com/jfrog/jfrog-client-go v1.55.1-0.20260518073856-78c118beaa69 h1:ARMrNOd2lp3LjjnH7h1xzaHarrutEUrH4VUF84R/dJE= +github.com/jfrog/jfrog-client-go v1.55.1-0.20260518073856-78c118beaa69/go.mod h1:k3PqoFpS6XDt9/4xg3pS8J8JUvxtaz1w2vdTdodknGk= github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c= github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo= github.com/kevinburke/ssh_config v1.6.0 h1:J1FBfmuVosPHf5GRdltRLhPJtJpTlMdKTBjRgTaQBFY= From e83b3268fd41a4dd545b240e575be57c5fceaee7 Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 20 May 2026 15:29:55 +0300 Subject: [PATCH 10/12] fix binary tests after upgrade AM version --- scans_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scans_test.go b/scans_test.go index f9fe653a7..ed25b6c04 100644 --- a/scans_test.go +++ b/scans_test.go @@ -175,10 +175,10 @@ func TestXrayBinaryScanJsonJar(t *testing.T) { integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayBinaryScanJASArtifact(t, "student-services-security-0.0.1.jar", false, binaryScanParams{Format: format.SimpleJson}) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ - Total: &validations.TotalCount{Vulnerabilities: 41}, + Total: &validations.TotalCount{Vulnerabilities: 101}, Vulnerabilities: &validations.VulnerabilityCount{ - ValidateScan: &validations.ScanCount{Sca: 40, Secrets: 1}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{Applicable: 17, NotCovered: 3, NotApplicable: 20}, + ValidateScan: &validations.ScanCount{Sca: 100, Secrets: 1}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{Applicable: 6, NotCovered: 34, NotApplicable: 60}, }, }) } From 7de53a8678512ded6e9f1c49dcef8bb74ff6fb1d Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 20 May 2026 16:13:07 +0300 Subject: [PATCH 11/12] fix more tests --- audit_test.go | 6 +++--- git_test.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/audit_test.go b/audit_test.go index 5e4e71f82..e9d593cf1 100644 --- a/audit_test.go +++ b/audit_test.go @@ -1184,11 +1184,11 @@ func TestAuditNewScaCycloneDxUV(t *testing.T) { assert.NoError(t, err) validations.VerifyCycloneDxResults(t, output, validations.ValidationParams{ ExactResultsMatch: true, - Total: &validations.TotalCount{Vulnerabilities: 19, BomComponents: 1 /* root */ + 8 /* direct */ + 1 /* file (secret)*/, Licenses: 5}, + Total: &validations.TotalCount{Vulnerabilities: 20, BomComponents: 1 /* root */ + 8 /* direct */ + 1 /* file (secret)*/, Licenses: 5}, SbomComponents: &validations.SbomCount{Root: 1, Direct: 8}, Vulnerabilities: &validations.VulnerabilityCount{ - ValidateScan: &validations.ScanCount{Sca: 17, Sast: 1, Secrets: 1}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 8, NotApplicable: 9}, + ValidateScan: &validations.ScanCount{Sca: 18, Sast: 1, Secrets: 1}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 9, NotApplicable: 9}, }, }) } diff --git a/git_test.go b/git_test.go index f1bea3c42..4a6cba022 100644 --- a/git_test.go +++ b/git_test.go @@ -284,7 +284,7 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { validations.ValidationParams{ Violations: &validations.ViolationCount{ ValidateScan: &validations.ScanCount{Sca: 20, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 13, NotCovered: 7, Inactive: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 15, NotCovered: 7, Inactive: 2}, }, ExactResultsMatch: true, }, From f6db2f2c65446e17b614884cffeacabcce6edf33 Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 20 May 2026 21:38:43 +0300 Subject: [PATCH 12/12] try to fix tests with new vuln and statuses --- git_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/git_test.go b/git_test.go index 4a6cba022..50d446532 100644 --- a/git_test.go +++ b/git_test.go @@ -283,8 +283,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 20, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 15, NotCovered: 7, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 19, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 15, NotCovered: 4, Inactive: 2}, }, ExactResultsMatch: true, }, @@ -312,8 +312,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 7, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 7, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 4, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 4, Inactive: 2}, }, ExactResultsMatch: true, },