@coana-tech/cli 13.19.2 → 13.19.4

package/cli.js

@@ -95630,7 +95630,9 @@ var init_constants3 = __esm({
       "REACHABILITY_ANALYZERS_SCRIPT_PATH",
       "JAVA_HOME",
       "GRADLE_HOME",
-      "SBT_HOME"
+      "SBT_HOME",
+      "HOME",
+      "USER"
     ];
   }
 });
@@ -95800,7 +95802,7 @@ var init_other_modules_communicator = __esm({
       }
       async runInDocker(image, entryPoint, commandName, args2, subprojectPath, tmpDir, env = process.env) {
         const envArgs = Object.keys(env).filter((key) => !DOCKER_ENV_VARS_BLACKLIST.includes(key)).flatMap((key) => ["-e", key]);
-        const cmd = cmdt`docker run --pull always -v ${this.rootWorkingDir}:/project -v ${tmpDir}:${tmpDir}
+        const cmd = cmdt`docker run --pull always --rm -v ${this.rootWorkingDir}:/project -v ${tmpDir}:${tmpDir}
       -v=${this.options.coanaLogPath}:${this.options.coanaLogPath}
       ${envArgs} ${image} ${entryPoint} ${commandName} ${args2}`;
         return await execPipeAndLogOnFailure(cmd, subprojectPath, { env });
@@ -130101,7 +130103,9 @@ __export(dashboard_integration_exports, {
   getExperimentName: () => getExperimentName,
   getPreviousAnalysisResults: () => getPreviousAnalysisResults,
   sendCLIProgressToDashboard: () => sendCLIProgressToDashboard,
+  sendDependencyTreesToDashboard: () => sendDependencyTreesToDashboard,
   sendErrorReportToDashboard: () => sendErrorReportToDashboard,
+  sendLogToDashboard: () => sendLogToDashboard,
   sendRegressionsToDashboard: () => sendRegressionsToDashboard,
   sendToDashboard: () => sendToDashboard,
   sendWarningToDashboard: () => sendWarningToDashboard,
@@ -130249,6 +130253,22 @@ async function sendWarningToDashboard(message2, data2, additionalData, reportId,
     logger.warn("Unable to send warning to dashboard:", error.message);
   }
 }
+async function sendDependencyTreesToDashboard(dependencyTrees, reportId, apiKey) {
+  try {
+    await sendPostRequest(
+      coanaAPIUrls.SEND_DEPENDENCY_TREES.replace(":reportId", reportId),
+      apiKey,
+      {},
+      dependencyTrees
+    );
+  } catch (e) {
+    sendWarningToDashboard("Unable to send dependency trees", { reportId }, void 0, reportId, apiKey);
+    logger.warn(
+      "Unable to send dependency trees:",
+      e.message
+    );
+  }
+}
 async function sendToDashboard(report, writeReportToFile, reportId, apiKey) {
   try {
     if (writeReportToFile) {
@@ -130285,6 +130305,17 @@ async function sendErrorReportToDashboard(apiKey, stackTrace, shouldLogSharing,
     console.log("Error submitting crash report to dashboard:", e);
   }
 }
+async function sendLogToDashboard(logContent, reportId, apiKey) {
+  if (!logContent) return;
+  logger.info("Sending log to Coana");
+  try {
+    await sendPostRequest(coanaAPIUrls.SEND_LOG.replace(":reportId", reportId), apiKey, { reportId }, {
+      logContent
+    });
+  } catch (error) {
+    logger.warn("Unable to send log to dashboard:", error.message);
+  }
+}
 async function sendPostRequest(url2, apiKey, params, data2) {
   const axiosConfig = {
     headers: {
@@ -130310,10 +130341,12 @@ var init_dashboard_integration = __esm({
       CREATE_ANALYSIS_METADATA: `${coanaAPI}/reports/:reportId/analysis-metadata`,
       REPORT_CLI_PROGRESS: `${coanaAPI}/reports/:reportId/cli-progress`,
       CREATE_REGRESSIONS: `${coanaAPI}/reports/:reportId/regressions`,
+      SEND_LOG: `${coanaAPI}/reports/:reportId/log`,
       GET_LATEST_BUCKETS: `${coanaAPI}/latest-buckets`,
       GET_LATEST_RESULTS: `${coanaAPI}/latest-results`,
       GET_EXPERIMENT_NAME: `${coanaAPI}/experiment-name`,
-      REPORT_WARNING: `${coanaAPI}/cli/warn`
+      REPORT_WARNING: `${coanaAPI}/cli/warn`,
+      SEND_DEPENDENCY_TREES: `${coanaAPI}/reports/:reportId/dependency-trees`
     };
     reportSubmitEndpoint = process.env.COANA_CLI_SUBMIT_ENDPOINT ?? "https://app.coana.tech/api/v1/reports/submit";
     errorSubmitEndpoint = process.env.COANA_CLI_ERROR_SUBMIT_ENDPOINT ?? "https://app.coana.tech/api/v1/cli/error";
@@ -189074,13 +189107,56 @@ var init_slack = __esm({
 });
 
 // ../web-compat-utils/src/dependency-tree.ts
+var dependency_tree_exports = {};
+__export(dependency_tree_exports, {
+  ADVISORY_ECOSYSTEMS: () => ADVISORY_ECOSYSTEMS,
+  ADVISORY_SEVERITIES: () => ADVISORY_SEVERITIES,
+  PACKAGE_MANAGERS: () => PACKAGE_MANAGERS,
+  getEcosystem: () => getEcosystem,
+  mergeDependencyTrees: () => mergeDependencyTrees,
+  toPlainDependencyTree: () => toPlainDependencyTree
+});
 function getEcosystem({ ecosystem }) {
   return ecosystem ?? "NPM";
 }
-var ADVISORY_ECOSYSTEMS;
+function mergeDependencyTrees(dependencyTrees) {
+  if (dependencyTrees.length === 1) return dependencyTrees[0];
+  const newTree = {
+    ...dependencyTrees[0],
+    transitiveDependencies: {},
+    dependencies: []
+  };
+  for (const dependencyTree of dependencyTrees) {
+    if (dependencyTree.dependencies)
+      newTree.dependencies = i([...newTree.dependencies, ...dependencyTree.dependencies ?? []]);
+    for (const [identifier, node] of Object.entries(dependencyTree.transitiveDependencies)) {
+      if (!newTree.transitiveDependencies[identifier])
+        newTree.transitiveDependencies[identifier] = { ...node, dependencies: [...node.dependencies ?? []] };
+      else {
+        const existingNode = newTree.transitiveDependencies[identifier];
+        existingNode.dependencies = i([...existingNode.dependencies ?? [], ...node.dependencies ?? []]);
+      }
+    }
+  }
+  return newTree;
+}
+function toPlainDependencyTree(dependencyTree) {
+  function pickNode(node) {
+    return a(node, ["packageName", "version", "dependencies", "resolvedType"]);
+  }
+  return {
+    ...pickNode(dependencyTree),
+    transitiveDependencies: Object.fromEntries(
+      Object.entries(dependencyTree.transitiveDependencies).map(([key, value]) => [key, pickNode(value)])
+    ),
+    ecosystem: dependencyTree.ecosystem
+  };
+}
+var ADVISORY_ECOSYSTEMS, ADVISORY_SEVERITIES, PACKAGE_MANAGERS;
 var init_dependency_tree = __esm({
   "../web-compat-utils/src/dependency-tree.ts"() {
     "use strict";
+    init_dist();
     ADVISORY_ECOSYSTEMS = [
       "COMPOSER",
       "ERLANG",
@@ -189095,6 +189171,24 @@ var init_dependency_tree = __esm({
       "RUST",
       "SWIFT"
     ];
+    ADVISORY_SEVERITIES = ["info", "INFO", "low", "LOW", "moderate", "MODERATE", "high", "HIGH", "critical", "CRITICAL"];
+    PACKAGE_MANAGERS = [
+      "NPM",
+      "PNPM",
+      "YARN",
+      "RUSH",
+      "MAVEN",
+      "GRADLE",
+      "SBT",
+      "POETRY",
+      "PIP_REQUIREMENTS",
+      "PIPENV",
+      "GO",
+      "CARGO",
+      "NUGET",
+      "RUBYGEMS",
+      "COMPOSER"
+    ];
   }
 });
 
@@ -190036,7 +190130,7 @@ var require_version = __commonJS({
     "use strict";
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.version = void 0;
-    exports2.version = "13.19.2";
+    exports2.version = "13.19.4";
   }
 });
 
@@ -190071,6 +190165,7 @@ var require_cli_core = __commonJS({
     var dashboard_integration_1 = (init_dashboard_integration(), __toCommonJS(dashboard_integration_exports));
     var vulnerability_scanning_1 = require_vulnerability_scanning();
     var version_12 = require_version();
+    var dependency_tree_1 = (init_dependency_tree(), __toCommonJS(dependency_tree_exports));
     var CliCore = class {
       options;
       spinner;
@@ -190130,24 +190225,31 @@ var require_cli_core = __commonJS({
         } catch (e) {
           await this.spinner.fail();
           logger_singleton_1.logger.error("CLI failed with error:", e);
-          await this.shareLogWithDashboard(e, true);
+          await this.shareErrorLogWithDashboard(e, true);
           throw e;
         }
       }
-      async shareLogWithDashboard(e, shouldLogSharing) {
+      async getLogContent() {
+        await logger_singleton_1.logger.finish();
+        let logContent;
+        try {
+          logContent = await (0, promises_12.readFile)(this.coanaLogPath, "utf-8");
+        } catch (e) {
+          this.spinner.suspend(() => {
+            console.error("Error reading log file", e);
+          });
+        }
+        return logContent;
+      }
+      async shareErrorLogWithDashboard(e, shouldLogSharing) {
         if (this.options.apiKey) {
-          await logger_singleton_1.logger.finish();
-          let logContent;
-          try {
-            logContent = await (0, promises_12.readFile)(this.coanaLogPath, "utf-8");
-          } catch (e2) {
-            this.spinner.suspend(() => {
-              console.error("Error reading log file", e2);
-            });
-          }
-          await (0, dashboard_integration_1.sendErrorReportToDashboard)(this.options.apiKey, e.stack ?? e.message ?? "Unknown stack trace", shouldLogSharing, this.options.repoUrl, this.options.projectName, logContent);
+          await (0, dashboard_integration_1.sendErrorReportToDashboard)(this.options.apiKey, e.stack ?? e.message ?? "Unknown stack trace", shouldLogSharing, this.options.repoUrl, this.options.projectName, await this.getLogContent());
         }
       }
+      async shareLogWithDashboard() {
+        if (this.options.apiKey && this.reportId)
+          await (0, dashboard_integration_1.sendLogToDashboard)(await this.getLogContent(), this.reportId, this.options.apiKey);
+      }
       async outputAndShareReport(report) {
         logger_singleton_1.logger.info("Report computed successfully");
         const outputDir = this.options.outputDir;
@@ -190172,9 +190274,12 @@ var require_cli_core = __commonJS({
         }
         if (report.vulnerabilities.some((v) => v.codeAwareScanResult.type === "analysisError")) {
           logger_singleton_1.logger.warn("Analysis error detected in the report - sharing log with Coana to help debug the issue");
-          await this.shareLogWithDashboard(new Error("Sharing log due to analysis error"), false);
+          await this.shareErrorLogWithDashboard(new Error("Sharing log due to analysis error"), false);
         } else if (report.vulnerabilities.some((v) => v.ecosystem === "PIP")) {
-          await this.shareLogWithDashboard(new Error("Sharing log file for run including a python project"), false);
+          await this.shareErrorLogWithDashboard(new Error("Sharing log file for run including a python project"), false);
+        }
+        if (this.options.runEnv === "MANAGED_SCAN") {
+          this.shareLogWithDashboard();
         }
         if (this.options.printReport) {
           logger_singleton_1.logger.info(JSON.stringify((0, lodash_1.omit)(report, "dependencyTrees"), null, 2));
@@ -190226,18 +190331,10 @@ var require_cli_core = __commonJS({
         await this.spinner.setText(`Compiling report`);
         const allVulnerabilities = workspacesOutput.flatMap(({ vulnerabilities }) => vulnerabilities);
         this.spinner.stop();
-        const dependencyTrees = workspacesOutput.map(({ subprojectPath, workspacePath, dependencyTree }) => ({
-          treeType: "v1",
-          dependencyTree,
-          ecosystem: dependencyTree.ecosystem ?? "NPM",
-          workspacePath,
-          subprojectPath
-        }));
         const report = {
-          reportType: "v6",
+          reportType: "v7",
           vulnerabilities: allVulnerabilities,
-          ...await this.createMetadataForReport(manager, startTime),
-          dependencyTrees: dependencyTrees.flat()
+          ...await this.createMetadataForReport(manager, startTime)
         };
         return report;
       }
@@ -190365,6 +190462,19 @@ var require_cli_core = __commonJS({
           this.sendProgress("PREPARE_PROJECT_AND_GET_PROJECT_DATA", true, subprojectPath);
           const projectInfo = await otherModulesCommunicator.prepareProjectAndGetProjectData(packageManagerName, subprojectPath, workspacePaths, this.options.lightweightReachability, this.options.providerProject ? await this.runOnProvider(this.options.providerProject) : void 0);
           this.sendProgress("PREPARE_PROJECT_AND_GET_PROJECT_DATA", false, subprojectPath);
+          const workspaceToPlainDependencyTree = Object.fromEntries(workspacePaths.map((workspacePath) => [
+            workspacePath,
+            (0, dependency_tree_1.toPlainDependencyTree)(projectInfo[workspacePath].dataForAnalysis.dependencyTree)
+          ]));
+          const dependencyTrees = workspacePaths.map((workspacePath) => ({
+            treeType: "v1",
+            dependencyTree: workspaceToPlainDependencyTree[workspacePath],
+            ecosystem: workspaceToPlainDependencyTree[workspacePath].ecosystem ?? "NPM",
+            workspacePath,
+            subprojectPath: (0, path_1.relative)(rootWorkingDirectory, subprojectPath) || "."
+          }));
+          if (this.shareWithDashboard)
+            (0, dashboard_integration_1.sendDependencyTreesToDashboard)(dependencyTrees, this.reportId, this.options.apiKey);
           const workspaceToVulnerabilities = Object.fromEntries(await (0, async_1.asyncMap)(workspacePaths, async (workspacePath) => this.spinner.wrap(`Scanning for vulnerabilities: (${subProjAndWsPath.packageManagerName}) ${(0, path_1.join)(subProjAndWsPath.subprojectPath, workspacePath)}`, async () => {
             const dependencyTree = projectInfo[workspacePath].dataForAnalysis.dependencyTree;
             this.sendProgress("SCAN_FOR_VULNERABILITIES", true, subprojectPath, workspacePath);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "13.19.2",
+  "version": "13.19.4",
   "description": "Coana CLI",
   "bin": {
     "@coana-tech/cli": "./cli.js"