From e839d03dff17d771f5d408f112e8cb3497bcb491 Mon Sep 17 00:00:00 2001 From: Assaf Attias <49212512+attiasas@users.noreply.github.com> Date: Sun, 5 Nov 2023 13:26:48 +0200 Subject: [PATCH] Audit SCA recursive scan (#2283) --- scan/cli.go | 3 ++- utils/cliutils/commandsflags.go | 19 ++++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/scan/cli.go b/scan/cli.go index a53d499f8..371a93af8 100644 --- a/scan/cli.go +++ b/scan/cli.go @@ -259,7 +259,8 @@ func createAuditCmd(c *cli.Context) (*audit.AuditCommand, error) { SetPrintExtendedTable(c.Bool(cliutils.ExtendedTable)). SetMinSeverityFilter(minSeverity). SetFixableOnly(c.Bool(cliutils.FixableOnly)). - SetThirdPartyApplicabilityScan(c.Bool(cliutils.ThirdPartyContextualAnalysis)) + SetThirdPartyApplicabilityScan(c.Bool(cliutils.ThirdPartyContextualAnalysis)). + SetExclusions(cliutils.GetStringsArrFlagValue(c, "exclusions")) if c.String("watches") != "" { auditCmd.SetWatches(splitByCommaAndTrim(c.String("watches"))) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index ef823ad63..3607aafd9 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -494,6 +494,7 @@ const ( RequirementsFile = "requirements-file" watches = "watches" workingDirs = "working-dirs" + ExclusionsAudit = auditPrefix + exclusions repoPath = "repo-path" licenses = "licenses" vuln = "vuln" @@ -1380,6 +1381,10 @@ var flagsMap = map[string]cli.Flag{ Name: workingDirs, Usage: "[Optional] A comma-separated list of relative working directories, to determine audit targets locations.` `", }, + ExclusionsAudit: cli.StringFlag{ + Name: exclusions, + Usage: "[Default: *node_modules*;*target*;*venv*;*test*] List of exclusions separated by semicolons, utilized to skip sub-projects from undergoing an audit. These exclusions may incorporate the * and ? wildcards.` `", + }, ExtendedTable: cli.BoolFlag{ Name: ExtendedTable, Usage: "[Default: false] Set to true if you'd like the table to include extended fields such as 'CVSS' & 'Xray Issue Id'. Ignored if provided 'format' is not 'table'.` `", @@ -2016,25 +2021,25 @@ var commandFlags = map[string][]string{ }, Audit: { xrUrl, user, password, accessToken, serverId, InsecureTls, Project, watches, repoPath, licenses, xrOutput, ExcludeTestDeps, - useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, + useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, ExclusionsAudit, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, }, AuditMvn: { - xrUrl, user, password, accessToken, serverId, InsecureTls, Project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, useWrapperAudit, + xrUrl, user, password, accessToken, serverId, InsecureTls, Project, ExclusionsAudit, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, useWrapperAudit, }, AuditGradle: { - xrUrl, user, password, accessToken, serverId, ExcludeTestDeps, useWrapperAudit, Project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, + xrUrl, user, password, accessToken, serverId, ExcludeTestDeps, ExclusionsAudit, useWrapperAudit, Project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, }, AuditNpm: { - xrUrl, user, password, accessToken, serverId, DepType, Project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, + xrUrl, user, password, accessToken, serverId, DepType, Project, ExclusionsAudit, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, }, AuditGo: { - xrUrl, user, password, accessToken, serverId, Project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, + xrUrl, user, password, accessToken, serverId, Project, ExclusionsAudit, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, }, AuditPip: { - xrUrl, user, password, accessToken, serverId, RequirementsFile, Project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, + xrUrl, user, password, accessToken, serverId, RequirementsFile, Project, ExclusionsAudit, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, }, AuditPipenv: { - xrUrl, user, password, accessToken, serverId, Project, watches, repoPath, licenses, xrOutput, ExtendedTable, + xrUrl, user, password, accessToken, serverId, Project, ExclusionsAudit, watches, repoPath, licenses, xrOutput, ExtendedTable, }, XrScan: { xrUrl, user, password, accessToken, serverId, specFlag, threads, scanRecursive, scanRegexp, scanAnt,