@coana-tech/cli 14.9.16 → 14.9.18

package/cli.mjs

@@ -49667,7 +49667,7 @@ var require_cjs = __commonJS({
 var require_lib3 = __commonJS({
   "../../node_modules/.pnpm/write-file-atomic@5.0.1/node_modules/write-file-atomic/lib/index.js"(exports2, module2) {
     "use strict";
-    module2.exports = writeFile10;
+    module2.exports = writeFile11;
     module2.exports.sync = writeFileSync4;
     module2.exports._getTmpname = getTmpname;
     module2.exports._cleanupOnExit = cleanupOnExit;
@@ -49792,7 +49792,7 @@ var require_lib3 = __commonJS({
         }
       }
     }
-    async function writeFile10(filename, data2, options, callback) {
+    async function writeFile11(filename, data2, options, callback) {
       if (options instanceof Function) {
         callback = options;
         options = {};
@@ -73933,7 +73933,7 @@ var require_lockfile = __commonJS({
             if (eol !== "\n") {
               data2 = data2.replace(/\n/g, eol);
             }
-            yield writeFile10(path2, data2);
+            yield writeFile11(path2, data2);
           });
           return function writeFilePreservingEol2(_x30, _x31) {
             return _ref31.apply(this, arguments);
@@ -73945,7 +73945,7 @@ var require_lockfile = __commonJS({
             const file = (_path || _load_path()).default.join(dir, filename);
             const fileLink = (_path || _load_path()).default.join(dir, filename + "-link");
             try {
-              yield writeFile10(file, "test");
+              yield writeFile11(file, "test");
               yield link(file, fileLink);
             } catch (err) {
               return false;
@@ -74095,7 +74095,7 @@ var require_lockfile = __commonJS({
         const lockQueue = exports3.lockQueue = new (_blockingQueue || _load_blockingQueue()).default("fs lock");
         const readFileBuffer = exports3.readFileBuffer = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.readFile);
         const open = exports3.open = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.open);
-        const writeFile10 = exports3.writeFile = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.writeFile);
+        const writeFile11 = exports3.writeFile = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.writeFile);
         const readlink2 = exports3.readlink = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.readlink);
         const realpath2 = exports3.realpath = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.realpath);
         const readdir8 = exports3.readdir = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.readdir);
@@ -102092,7 +102092,7 @@ var require_summary = __commonJS({
     exports2.summary = exports2.markdownSummary = exports2.SUMMARY_DOCS_URL = exports2.SUMMARY_ENV_VAR = void 0;
     var os_1 = __require("os");
     var fs_1 = __require("fs");
-    var { access: access5, appendFile: appendFile2, writeFile: writeFile10 } = fs_1.promises;
+    var { access: access5, appendFile: appendFile2, writeFile: writeFile11 } = fs_1.promises;
     exports2.SUMMARY_ENV_VAR = "GITHUB_STEP_SUMMARY";
     exports2.SUMMARY_DOCS_URL = "https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary";
     var Summary = class {
@@ -102150,7 +102150,7 @@ var require_summary = __commonJS({
         return __awaiter(this, void 0, void 0, function* () {
           const overwrite = !!(options === null || options === void 0 ? void 0 : options.overwrite);
           const filePath = yield this.filePath();
-          const writeFunc = overwrite ? writeFile10 : appendFile2;
+          const writeFunc = overwrite ? writeFile11 : appendFile2;
           yield writeFunc(filePath, this._buffer, { encoding: "utf8" });
           return this.emptyBuffer();
         });
@@ -197540,7 +197540,7 @@ function getVulnerabilitiesFromReport(report) {
 
 // dist/cli-core.js
 import { writeFileSync as writeFileSync3 } from "fs";
-import { mkdir as mkdir2, readFile as readFile16 } from "fs/promises";
+import { mkdir as mkdir2, readFile as readFile16, writeFile as writeFile10 } from "fs/promises";
 
 // ../../node_modules/.pnpm/kleur@4.1.5/node_modules/kleur/index.mjs
 var FORCE_COLOR;
@@ -213131,7 +213131,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.9.16";
+var version2 = "14.9.18";
 
 // dist/cli-core.js
 var { omit, partition, pick } = import_lodash15.default;
@@ -213144,6 +213144,7 @@ var CliCore = class {
   coanaLogPath = "";
   shareWithDashboard;
   reportId;
+  reportDependencyTrees;
   apiKey = {
     type: "missing"
   };
@@ -213158,7 +213159,7 @@ var CliCore = class {
     }
     this.rootWorkingDirectory = resolve24(rootWorkingDirectory);
     this.spinner = Spinner.instance({ text: "Running Coana CLI", isSilent: this.options.silent });
-    this.shareWithDashboard = !!(this.options.apiKey && !this.options.disableReportSubmission && (this.options.repoUrl ?? this.options.projectName));
+    this.shareWithDashboard = !this.options.socketMode && !!(this.options.apiKey && !this.options.disableReportSubmission && (this.options.repoUrl ?? this.options.projectName));
   }
   verifyApiKey(key) {
     const checkIfApiKeyIsEmptyMessage = "You may be trying to provide the API key through an environment variable or CI secret which is either undefined or empty.";
@@ -213182,6 +213183,9 @@ var CliCore = class {
     if (this.options.guardrailMode) {
       this.options.disableReportSubmission = true;
     }
+    if (this.options.socketMode === "") {
+      throw new Error("The argument for --socket-mode may not be the empty string");
+    }
     if (this.options.apiKey) {
       try {
         this.verifyApiKey(this.options.apiKey);
@@ -213260,6 +213264,19 @@ var CliCore = class {
   }
   async outputAndShareReport(report) {
     const outputDir = this.options.outputDir;
+    if (this.options.socketMode) {
+      if (!this.reportDependencyTrees) {
+        throw new Error("Dependency trees should be available when using --socket-mode");
+      }
+      const socketReport = {
+        ...report,
+        dependencyTrees: this.reportDependencyTrees
+      };
+      const outputFile = resolve24(this.options.socketMode);
+      await writeFile10(outputFile, JSON.stringify(socketReport, null, 2));
+      logger.info(kleur_default.green(`Socket report written to: ${outputFile}`));
+      return;
+    }
     if (outputDir) {
       const jsonReportPath = resolve24(outputDir, `${DEFAULT_REPORT_FILENAME_BASE}.json`);
       await mkdir2(outputDir, { recursive: true });
@@ -213481,6 +213498,8 @@ var CliCore = class {
         workspacePath,
         subprojectPath: relative10(rootWorkingDirectory, subprojectPath) || "."
       }));
+      if (this.options.socketMode)
+        this.reportDependencyTrees = dependencyTrees;
       if (this.shareWithDashboard)
         sendDependencyTreesToDashboard(dependencyTrees, this.reportId, this.apiKey);
       const workspaceToVulnerabilities = Object.fromEntries(await asyncMap(workspacePaths, async (workspacePath, idx) => this.spinner.wrap(`Scanning for vulnerabilities: (${subProjAndWsPath.packageManagerName}) (${idx + 1}/${workspacePaths.length}) ${workspacePath}`, async () => {
@@ -213644,7 +213663,7 @@ async function getGitDataToMetadataIfAvailable(rootWorkingDirectory) {
 // dist/index.js
 var program2 = new Command();
 var run2 = new Command();
-run2.name("run").argument("<path>", "File system path to folder containing the project").option("-o, --output-dir <path>", "Write json report to <path>/coana-report.json").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("-p, --print-report", "Print the report to the console", false).option("--offline-database <path>", "Path to a coana-offline-db.json file for running the CLI without internet connectivity", void 0).option("-t, --timeout <timeout>", "Set API <timeout> in milliseconds to Coana backend.", "300000").option("-a, --analysis-timeout <timeout>", "Set <timeout> in seconds for each reachability analysis run").option("--memory-limit <memoryInMB>", "Set memory limit for analysis to <memoryInMB> megabytes of memory.", "8192").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available.", "1").option("--api-key <key>", "Set the Coana dashboard API key. By setting you also enable the dashboard integration.").addOption(new Option("--write-report-to-file", "Write the report dashboard-compatible report to dashboard-report.json. This report may help the Coana team debug issues with the report insertion mechanism.").default(false).hideHelp()).option("--project-name <repoName>", "Set the name of the repository. Used for dashboard integration.").option("--repo-url <repoUrl>", "Set the URL of the repository. Used for dashboard integration.").option("--include-dirs <dirs...>", "globs for directories to include from the detection of subprojects (space-separated). Notice, projects that are not included may still be scanned if they are referenced from included projects.").option("--exclude-dirs <dirs...>", "globs for directories to exclude from the detection of subprojects (space-separated). Notice, excluded projects may still be scanned if they are referenced from non-excluded projects.").option("--disable-analysis-splitting", "Limits Coana to at most 1 reachability analysis run per workspace").option("--print-analysis-log-file", "Store log output from the JavaScript/TypeScript reachability analysis in the file js-analysis.log file in the root of each workspace", false).option("--entry-points <entryPoints...>", "List of files to analyze for root workspace. The reachability analysis automatically analyzes all files used by the entry points. If not provided, all JavaScript and TypeScript files are considered entry points. For non-root workspaces, all JavaScript and TypeScript files are analyzed as well.").option("--include-projects-with-no-reachability-support", "Also runs Coana on projects where we support traditional SCA, but does not yet support reachability analysis.", false).option("--ecosystems <ecosystems...>", "List of ecosystems to analyze. Currently NPM, PIP, MAVEN and GO are supported. Default is all supported ecosystems.", (ecosystems) => ecosystems.split(" ").map((e) => e.toUpperCase())).option("--changed-files <files...>", "List of files that have changed. If provided, Coana only analyzes workspaces and modules that contain changed files.").option("--disable-report-submission", "Disable the submission of the report to the Coana dashboard. Used by the pipeline blocking feature.", false).option("--provider-project <path>", "File system path to folder containing the provider project (Only supported for Maven, Gradle, and SBT)").option("--provider-workspaces <dirs...>", "List of workspaces that build the provided runtime environment (Only supported for Maven, Gradle, and SBT)", (paths) => paths.split(" ")).option("--lightweight-reachability", "Runs Coana in lightweight mode. This increases analysis speed but also raises the risk of Coana misclassifying the reachability of certain complex vulnerabilities. Recommended only for use with Coana Guardrail mode.", false).addOption(new Option("--run-without-docker", "Run package managers and reachability analyzers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--run-env <env>", "Specifies the environment in which the CLI is run. So far only MANAGED_SCAN and UNKNOWN are supported.").default("UNKNOWN").choices(["UNKNOWN", "MANAGED_SCAN"]).hideHelp()).addOption(new Option("--guardrail-mode", "Run Coana in guardrail mode. This mode is used to prevent new reachable vulnerabilities from being introduced into the codebase. Usually run as a CI check when pushing new commits to a pull request.").default(false)).version(version2).configureHelp({ sortOptions: true }).action(async (path2, options) => {
+run2.name("run").argument("<path>", "File system path to folder containing the project").option("-o, --output-dir <path>", "Write json report to <path>/coana-report.json").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("-p, --print-report", "Print the report to the console", false).option("--offline-database <path>", "Path to a coana-offline-db.json file for running the CLI without internet connectivity", void 0).option("-t, --timeout <timeout>", "Set API <timeout> in milliseconds to Coana backend.", "300000").option("-a, --analysis-timeout <timeout>", "Set <timeout> in seconds for each reachability analysis run").option("--memory-limit <memoryInMB>", "Set memory limit for analysis to <memoryInMB> megabytes of memory.", "8192").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available.", "1").option("--api-key <key>", "Set the Coana dashboard API key. By setting you also enable the dashboard integration.").addOption(new Option("--write-report-to-file", "Write the report dashboard-compatible report to dashboard-report.json. This report may help the Coana team debug issues with the report insertion mechanism.").default(false).hideHelp()).option("--project-name <repoName>", "Set the name of the repository. Used for dashboard integration.").option("--repo-url <repoUrl>", "Set the URL of the repository. Used for dashboard integration.").option("--include-dirs <dirs...>", "globs for directories to include from the detection of subprojects (space-separated). Notice, projects that are not included may still be scanned if they are referenced from included projects.").option("--exclude-dirs <dirs...>", "globs for directories to exclude from the detection of subprojects (space-separated). Notice, excluded projects may still be scanned if they are referenced from non-excluded projects.").option("--disable-analysis-splitting", "Limits Coana to at most 1 reachability analysis run per workspace").option("--print-analysis-log-file", "Store log output from the JavaScript/TypeScript reachability analysis in the file js-analysis.log file in the root of each workspace", false).option("--entry-points <entryPoints...>", "List of files to analyze for root workspace. The reachability analysis automatically analyzes all files used by the entry points. If not provided, all JavaScript and TypeScript files are considered entry points. For non-root workspaces, all JavaScript and TypeScript files are analyzed as well.").option("--include-projects-with-no-reachability-support", "Also runs Coana on projects where we support traditional SCA, but does not yet support reachability analysis.", false).option("--ecosystems <ecosystems...>", "List of ecosystems to analyze. Currently NPM, PIP, MAVEN and GO are supported. Default is all supported ecosystems.", (ecosystems) => ecosystems.split(" ").map((e) => e.toUpperCase())).option("--changed-files <files...>", "List of files that have changed. If provided, Coana only analyzes workspaces and modules that contain changed files.").option("--disable-report-submission", "Disable the submission of the report to the Coana dashboard. Used by the pipeline blocking feature.", false).option("--provider-project <path>", "File system path to folder containing the provider project (Only supported for Maven, Gradle, and SBT)").option("--provider-workspaces <dirs...>", "List of workspaces that build the provided runtime environment (Only supported for Maven, Gradle, and SBT)", (paths) => paths.split(" ")).option("--lightweight-reachability", "Runs Coana in lightweight mode. This increases analysis speed but also raises the risk of Coana misclassifying the reachability of certain complex vulnerabilities. Recommended only for use with Coana Guardrail mode.", false).addOption(new Option("--run-without-docker", "Run package managers and reachability analyzers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--run-env <env>", "Specifies the environment in which the CLI is run. So far only MANAGED_SCAN and UNKNOWN are supported.").default("UNKNOWN").choices(["UNKNOWN", "MANAGED_SCAN"]).hideHelp()).addOption(new Option("--guardrail-mode", "Run Coana in guardrail mode. This mode is used to prevent new reachable vulnerabilities from being introduced into the codebase. Usually run as a CI check when pushing new commits to a pull request.")).addOption(new Option("--socket-mode <output-file>", "Run Coana in socket mode and write report to <output-file>").hideHelp()).version(version2).configureHelp({ sortOptions: true }).action(async (path2, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
   await new CliCore(path2, options).main();
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.9.16",
+  "version": "14.9.18",
   "description": "Coana CLI",
   "type": "module",
   "bin": {