@contrast/contrast 1.0.10 → 1.0.11

package/README.md

@@ -10,7 +10,7 @@ CodeSec delivers:
 ## Install
 
 ```shell
-npm install -g @contrast/contrast
+npm install --location=global @contrast/contrast
 ```
 
 ## Authenticate

package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js

@@ -13,6 +13,7 @@ const severityCountModel_1 = require("./models/severityCountModel");
 const reportOutputModel_1 = require("./models/reportOutputModel");
 const constants_1 = require("../../../constants/constants");
 const cli_table3_1 = __importDefault(require("cli-table3"));
+const reportGuidanceModel_1 = require("./models/reportGuidanceModel");
 const createSummaryMessage = (numberOfVulnerableLibraries, numberOfCves) => {
     numberOfVulnerableLibraries === 1
         ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVE`)
@@ -92,10 +93,10 @@ const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, nu
             colWidths: [12, 1, 100]
         });
         const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
-        const advice = gatherRemediationAdvice(guidance, reportModel);
+        const advice = gatherRemediationAdvice(guidance, libraryName, libraryVersion);
         const body = buildBody(reportModel.cveArray, advice);
         const reportOutputModel = new reportOutputModel_1.ReportOutputModel(header, body);
-        table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.issueMessageCves, reportOutputModel.body.adviceMessage);
+        table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.adviceMessage);
         console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
         console.log(table.toString() + '\n');
     }
@@ -107,9 +108,10 @@ exports.printFormattedOutput = printFormattedOutput;
 function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
     const vulnerabilityPluralised = numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability';
     const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
-    const vulnMessage = chalk_1.default
-        .hex(highestSeverity.outputColour)
-        .bold(`${formattedHeaderNum} - [${highestSeverity.severity}] ${libraryName}-${version}`);
+    const headerColour = chalk_1.default.hex(highestSeverity.outputColour);
+    const headerNumAndSeverity = headerColour(`${formattedHeaderNum} - [${highestSeverity.severity}]`);
+    const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`);
+    const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`;
     const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`;
     return new reportOutputModel_1.ReportOutputHeaderModel(vulnMessage, introducesMessage);
 }
@@ -125,29 +127,27 @@ function buildBody(cveArray, advice) {
         cveMessages.push(builtMessage);
     });
     const numAndSeverityType = getNumOfAndSeverityType(cveArray);
-    const issueMessage = [chalk_1.default.bold('Issue'), ':', `${numAndSeverityType}`];
-    const issueMessageCves = ['', '', cveMessages.join(', ')];
-    const displayAdvice = advice?.minimum
-        ? `Update to version ${chalk_1.default.bold(advice.minimum)}`
-        : `Update to latest version`;
+    const issueMessage = [
+        chalk_1.default.bold('Issue'),
+        ':',
+        `${numAndSeverityType} ${cveMessages.join(', ')}`
+    ];
+    const minOrMax = advice.maximum ? advice.maximum : advice.minimum;
+    const displayAdvice = minOrMax
+        ? `Change to version ${chalk_1.default.bold(minOrMax)}`
+        : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.';
     const adviceMessage = [chalk_1.default.bold('Advice'), ':', displayAdvice];
-    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, issueMessageCves, adviceMessage);
+    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, adviceMessage);
 }
 exports.buildBody = buildBody;
-function gatherRemediationAdvice(guidance, reportModel) {
-    const guidanceData = {
-        minimum: undefined,
-        maximum: undefined,
-        latest: undefined
-    };
-    const data = guidance[reportModel.compositeKey.libraryName +
-        '@' +
-        reportModel.compositeKey.libraryVersion];
+function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
+    const guidanceModel = new reportGuidanceModel_1.ReportGuidanceModel();
+    const data = guidance[libraryName + '@' + libraryVersion];
     if (data) {
-        guidanceData.minimum = data.minUpgradeVersion;
-        guidanceData.maximum = data.maxUpgradeVersion;
+        guidanceModel.minimum = data.minUpgradeVersion;
+        guidanceModel.maximum = data.maxUpgradeVersion;
     }
-    return guidanceData;
+    return guidanceModel;
 }
 exports.gatherRemediationAdvice = gatherRemediationAdvice;
 function buildFormattedHeaderNum(contrastHeaderNum) {
@@ -156,11 +156,22 @@ function buildFormattedHeaderNum(contrastHeaderNum) {
 exports.buildFormattedHeaderNum = buildFormattedHeaderNum;
 function getNumOfAndSeverityType(cveArray) {
     const { critical, high, medium, low, note } = (0, reportUtils_1.severityCountAllCVEs)(cveArray, new severityCountModel_1.SeverityCountModel());
-    const criticalMessage = critical > 0 ? `${critical} Critical` : '';
-    const highMessage = high > 0 ? `${high} High` : '';
-    const mediumMessage = medium > 0 ? `${medium} Medium` : '';
-    const lowMessage = low > 0 ? `${low} Low` : '';
-    const noteMessage = note > 0 ? `${note} Note` : '';
+    const criticalNumCheck = critical > 0;
+    const highNumCheck = high > 0;
+    const highDivider = highNumCheck ? '|' : '';
+    const mediumNumCheck = medium > 0;
+    const mediumDivider = mediumNumCheck ? '|' : '';
+    const lowNumCheck = low > 0;
+    const lowDivider = lowNumCheck ? '|' : '';
+    const noteNumCheck = low > 0;
+    const noteDivider = noteNumCheck ? '|' : '';
+    const criticalMessage = criticalNumCheck
+        ? `${critical} Critical ${highDivider}`
+        : '';
+    const highMessage = highNumCheck ? `${high} High ${mediumDivider}` : '';
+    const mediumMessage = mediumNumCheck ? `${medium} Medium ${lowDivider}` : '';
+    const lowMessage = lowNumCheck ? `${low} Low ${noteDivider}` : '';
+    const noteMessage = noteNumCheck ? `${note} Note` : '';
     return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
         .replace(/\s+/g, ' ')
         .trim();

package/dist/audit/languageAnalysisEngine/report/models/reportGuidanceModel.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReportGuidanceModel = void 0;
+class ReportGuidanceModel {
+}
+exports.ReportGuidanceModel = ReportGuidanceModel;

package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js

@@ -16,9 +16,8 @@ class ReportOutputHeaderModel {
 }
 exports.ReportOutputHeaderModel = ReportOutputHeaderModel;
 class ReportOutputBodyModel {
-    constructor(issueMessage, issueMessageCves, adviceMessage) {
+    constructor(issueMessage, adviceMessage) {
         this.issueMessage = issueMessage;
-        this.issueMessageCves = issueMessageCves;
         this.adviceMessage = adviceMessage;
     }
 }

package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js

@@ -8,6 +8,7 @@ class SeverityCountModel {
         this.medium = 0;
         this.low = 0;
         this.note = 0;
+        this.total = 0;
     }
     get getTotal() {
         return this.critical + this.high + this.medium + this.low + this.note;

package/dist/audit/languageAnalysisEngine/report/reportingFeature.js

@@ -32,6 +32,8 @@ const reportUtils_1 = require("./utils/reportUtils");
 const i18n_1 = __importDefault(require("i18n"));
 const chalk_1 = __importDefault(require("chalk"));
 const constants = __importStar(require("../../../constants/constants"));
+const severityCountModel_1 = require("./models/severityCountModel");
+const common = __importStar(require("../../../common/fail"));
 function convertKeysToStandardFormat(config, guidance) {
     let convertedGuidance = guidance;
     switch (config.language) {
@@ -70,16 +72,16 @@ function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config, rem
         console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundGoodWork'));
         console.log(chalk_1.default.bold(`Found ${numberOfVulnerableLibraries} vulnerabilities`));
         console.log(i18n_1.default.__('foundDetailedVulnerabilities', String(0), String(0), String(0), String(0), String(0)));
+        return [false, 0, [new severityCountModel_1.SeverityCountModel()]];
     }
     else {
         let numberOfCves = 0;
         vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
         const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(config, vulnerableLibraries, numberOfVulnerableLibraries, numberOfCves, guidance);
-        return [
-            hasSomeVulnerabilitiesReported,
-            numberOfCves,
-            (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries)
-        ];
+        let severityCount = new severityCountModel_1.SeverityCountModel();
+        severityCount = (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries, severityCount);
+        severityCount.total = severityCount.getTotal;
+        return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount];
     }
 }
 exports.formatVulnerabilityOutput = formatVulnerabilityOutput;
@@ -87,10 +89,12 @@ async function vulnerabilityReportV2(config, reportId) {
     console.log();
     const reportResponse = await (0, commonReportingFunctions_1.getReport)(config, reportId);
     if (reportResponse !== undefined) {
-        const name = config.applicationName;
-        formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
+        let output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
             ? reportResponse.remediationGuidance
             : {});
+        if (config.fail) {
+            common.processFail(config, output[2]);
+        }
     }
 }
 exports.vulnerabilityReportV2 = vulnerabilityReportV2;

package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js

@@ -46,8 +46,7 @@ function convertGenericToTypedLibraryVulns(libraries) {
     });
 }
 exports.convertGenericToTypedLibraryVulns = convertGenericToTypedLibraryVulns;
-function severityCountAllLibraries(vulnerableLibraries) {
-    const severityCount = new severityCountModel_1.SeverityCountModel();
+function severityCountAllLibraries(vulnerableLibraries, severityCount) {
     vulnerableLibraries.forEach(lib => severityCountAllCVEs(lib.cveArray, severityCount));
     return severityCount;
 }

package/dist/commands/audit/auditConfig.js

@@ -6,9 +6,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAuditConfig = void 0;
 const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
 const constants_1 = __importDefault(require("../../constants"));
-const parsedCLIOptions_1 = __importDefault(require("../../utils/parsedCLIOptions"));
-const getAuditConfig = (argv) => {
-    const auditParameters = parsedCLIOptions_1.default.getCommandLineArgsCustom(argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
+const parsedCLIOptions_1 = require("../../utils/parsedCLIOptions");
+const getAuditConfig = async (contrastConf, command, argv) => {
+    const auditParameters = await (0, parsedCLIOptions_1.getCommandLineArgsCustom)(contrastConf, command, argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
     return { ...paramsAuth, ...auditParameters };
 };

package/dist/commands/audit/processAudit.js

@@ -4,13 +4,15 @@ exports.processAudit = void 0;
 const auditConfig_1 = require("./auditConfig");
 const help_1 = require("./help");
 const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
-const processAudit = async (argv) => {
+const telemetry_1 = require("../../telemetry/telemetry");
+const processAudit = async (contrastConf, argv) => {
     if (argv.indexOf('--help') != -1) {
         printHelpMessage();
         process.exit(0);
     }
-    const config = (0, auditConfig_1.getAuditConfig)(argv);
+    const config = await (0, auditConfig_1.getAuditConfig)(contrastConf, 'audit', argv);
     await (0, scaAnalysis_1.processSca)(config);
+    await (0, telemetry_1.sendTelemetryConfigAsObject)(config, 'audit', argv, 'SUCCESS', config.language);
 };
 exports.processAudit = processAudit;
 const printHelpMessage = () => {

package/dist/commands/auth/auth.js

@@ -11,7 +11,7 @@ const parsedCLIOptions = require('../../utils/parsedCLIOptions');
 const constants = require('../../constants');
 const commandLineUsage = require('command-line-usage');
 const processAuth = async (argv, config) => {
-    let authParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.authOptionDefinitions);
+    let authParams = await parsedCLIOptions.getCommandLineArgsCustom(config, 'auth', argv, constants.commandLineDefinitions.authOptionDefinitions);
     if (authParams.help) {
         console.log(authUsageGuide);
         process.exit(0);

package/dist/commands/config/config.js

@@ -3,9 +3,9 @@ const parsedCLIOptions = require('../../utils/parsedCLIOptions');
 const constants = require('../../constants');
 const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
-const processConfig = (argv, config) => {
+const processConfig = async (argv, config) => {
     try {
-        let configParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.configOptionDefinitions);
+        let configParams = await parsedCLIOptions.getCommandLineArgsCustom(config, 'config', argv, constants.commandLineDefinitions.configOptionDefinitions);
         if (configParams.help) {
             console.log(configUsageGuide);
             process.exit(0);

package/dist/commands/scan/processScan.js

@@ -5,18 +5,25 @@ const { saveScanFile } = require('../../utils/saveFile');
 const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
 const { formatScanOutput } = require('../../scan/formatScanOutput');
 const { processSca } = require('./sca/scaAnalysis');
-const processScan = async (argvMain) => {
-    let config = scanConfig.getScanConfig(argvMain);
+const common = require('../../common/fail');
+const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
+const processScan = async (contrastConf, argv) => {
+    let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
+    let output = undefined;
     if (config.experimental) {
-        await processSca(config);
+        await processSca(config, argv);
     }
     let scanResults = new ScanResultsModel(await startScan(config));
+    await sendTelemetryConfigAsObject(config, 'scan', argv, 'SUCCESS', scanResults.scanDetail.language);
     if (scanResults.scanResultsInstances !== undefined) {
-        formatScanOutput(scanResults);
+        output = formatScanOutput(scanResults);
     }
     if (config.save !== undefined) {
         await saveScanFile(config, scanResults);
     }
+    if (config.fail) {
+        common.processFail(config, output);
+    }
 };
 module.exports = {
     processScan

package/dist/commands/scan/sca/scaAnalysis.js

@@ -15,20 +15,25 @@ const i18n = require('i18n');
 const { vulnerabilityReportV2 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature');
 const auditSave = require('../../../audit/save');
 const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
+const { auditUsageGuide } = require('../../audit/help');
 const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames');
 const path = require('path');
 const processSca = async (config) => {
     const startTime = performance.now();
     let filesFound;
+    if (config.help) {
+        console.log(auditUsageGuide);
+        process.exit(0);
+    }
     const projectStats = await rootFile.getProjectStats(config.file);
     let pathWithFile = projectStats.isFile();
-    let fileName = config.file;
+    config.fileName = config.file;
     config.file = pathWithFile
         ? rootFile.getDirectoryFromPathGiven(config.file).concat('/')
         : config.file;
     filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
     if (filesFound.length > 1 && pathWithFile) {
-        filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(fileName)));
+        filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
     }
     let messageToSend = undefined;
     if (filesFound.length === 1) {
@@ -89,7 +94,9 @@ const processSca = async (config) => {
             throw new Error();
         }
         else {
-            throw new Error('multiple language files detected, please use --file to specify a directory or the file where dependencies are declared');
+            throw new Error(`multiple language files detected \n` +
+                JSON.stringify(filesFound) +
+                `\nplease use --file to audit one language only. Example: contrast audit --file package-lock.json`);
         }
     }
 };

package/dist/common/HTTPClient.js

@@ -253,6 +253,12 @@ HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
         'https://pkg.contrastsecurity.com/artifactory/cli/latest-version.txt';
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.postTelemetry = function postTelemetry(config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createTelemetryEventUrl(config);
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
 HTTPClient.prototype.postAnalyticsFunction = function (config, provider, body) {
     const url = createAnalyticsFunctionPostUrl(config, provider);
     const options = { ...this.requestOptions, body, url };
@@ -319,6 +325,9 @@ function createDataUrl() {
 function createSbomUrl(config, type) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
 }
+function createTelemetryEventUrl(config) {
+    return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/cli`;
+}
 module.exports = HTTPClient;
 module.exports.pollForAuthUrl = pollForAuthUrl;
 module.exports.getServerlessHost = getServerlessHost;

package/dist/common/fail.js

@@ -0,0 +1,66 @@
+"use strict";
+const i18n = require('i18n');
+const processFail = (config, reportResults) => {
+    if (config.severity !== undefined) {
+        if (reportResults[config.severity] !== undefined &&
+            isSeverityViolation(config.severity, reportResults)) {
+            failPipeline('failSeverityOptionErrorMessage');
+        }
+    }
+    if (config.severity === undefined && reportResults.total > 0) {
+        failPipeline('failThresholdOptionErrorMessage');
+    }
+};
+const isSeverityViolation = (severity, reportResults) => {
+    let count = 0;
+    switch (severity) {
+        case 'critical':
+            count += reportResults.critical;
+            break;
+        case 'high':
+            count += reportResults.high + reportResults.critical;
+            break;
+        case 'medium':
+            count += reportResults.medium + reportResults.low + reportResults.critical;
+            break;
+        case 'low':
+            count +=
+                reportResults.high + reportResults.critical + reportResults.medium;
+            break;
+        case 'note':
+            if (reportResults.note == reportResults.total) {
+                count = 0;
+            }
+            else {
+                count = reportResults.total;
+            }
+            break;
+        default:
+            count = 0;
+    }
+    return count > 0;
+};
+const failPipeline = (message = '') => {
+    console.log('\n ******************************** ' +
+        i18n.__('snapshotFailureHeader') +
+        ' *********************************\n' +
+        i18n.__(message));
+    process.exit(1);
+};
+const parseSeverity = severity => {
+    const severities = ['NOTE', 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'];
+    if (severities.includes(severity.toUpperCase())) {
+        return severity.toLowerCase();
+    }
+    else {
+        console.log(severity +
+            ' Not recognised as a severity type please use LOW, MEDIUM, HIGH, CRITICAL, NOTE');
+        return undefined;
+    }
+};
+module.exports = {
+    failPipeline,
+    processFail,
+    isSeverityViolation,
+    parseSeverity
+};

package/dist/common/versionChecker.js

@@ -23,7 +23,7 @@ const getLatestVersion = async (config) => {
     }
 };
 async function findLatestCLIVersion(config) {
-    const messageHidden = config.get('updateMessageHidden');
+    const messageHidden = config.get('isCI');
     if (!messageHidden) {
         let latestCLIVersion = await getLatestVersion(config);
         latestCLIVersion = latestCLIVersion.substring(8);

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.10';
+const APP_VERSION = '1.0.11';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/constants/locales.js

@@ -79,8 +79,9 @@ const en_locales = () => {
         constantsHostId: 'Provide the name of the host and optionally the port expressed as "<host>:<port>".',
         constantsApplicationName: 'The name of the application cataloged by Contrast UI',
         constantsCatalogueApplication: 'Provide this if you want to catalogue an application',
+        failOptionErrorMessage: ' FAIL - CVEs have been detected that match at least the cve_severity option specified.',
         constantsLanguage: 'Valid values are JAVA, DOTNET, NODE, PYTHON and RUBY. If there are multiple project configuration files in the project_path, language is also required.  Also, provide this when cataloguing an application',
-        constantsFilePath: `Path of the file you want to perform an SCA audit on. If no folder is specified, Contrast searches for dependency files in the working directory.`,
+        constantsFilePath: `Specify a directory or the file where dependencies are declared. (By default, CodeSec will search for project files in the current directory.)`,
         constantsSilent: 'Silences JSON output.',
         constantsAppGroups: 'Assign your application to one or more pre-existing groups when using the catalogue command. Group lists should be comma separated.',
         constantsVersion: 'Displays CLI Version you are currently on.',
@@ -93,7 +94,8 @@ const en_locales = () => {
         constantsProjectId: 'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
         constantsReport: 'Display vulnerability information for this application',
         constantsFail: 'Set the process to fail if this option is set in combination with --cve_severity.',
-        failOptionErrorMessage: ' FAIL - CVEs have been detected that match at least the cve_severity or cve_threshold option specified.',
+        failThresholdOptionErrorMessage: 'More than 0 vulnerabilities found',
+        failSeverityOptionErrorMessage: ' FAIL - Results detected vulnerabilities over accepted severity level',
         constantsSeverity: 'Allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
         constantsCount: 'The number of CVEs that must be exceeded to fail a build',
         constantsHeader: 'CodeSec by Contrast Security',
@@ -276,7 +278,8 @@ const en_locales = () => {
         constantsAuditPrerequisitesContentPHPMessage: `${chalk.bold('PHP:')} composer.json and composer.lock\n`,
         constantsAuditOptions: 'Audit Options',
         auditOptionsSaveDescription: 'Generate and save an SBOM (Software Bill of Materials)\n',
-        auditOptionsSaveOptionsDescription: 'Valid options are: spdx, cyclonedx (cycloneDX is the default format)',
+        auditOptionsSaveOptionsDescription: 'Valid options are: --save spdx and --save cyclonedx (CycloneDX is the default format.)',
+        exceededFreeTier: `It looks like you are really loving CodeSec! \nYou have reached the monthly scan limit on the FREE tier. \nPlease contact sales@contrastsecurity.com to upgrade.`,
         scanNotCompleted: 'Scan not completed. Check for framework and language support here: %s',
         auditNotCompleted: 'audit not completed.  Please try again',
         scanNoVulnerabilitiesFound: '🎉 No vulnerabilities found.',

package/dist/constants.js

@@ -2,6 +2,7 @@
 const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
 const { en_locales } = require('./constants/locales.js');
+const { parseSeverity } = require('./common/fail');
 i18n.configure({
     staticCatalog: {
         en: en_locales()
@@ -93,6 +94,22 @@ const scanOptionDefinitions = [
             '}: ' +
             i18n.__('constantsProxyServer')
     },
+    {
+        name: 'fail',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('failOptionErrorMessage')
+    },
+    {
+        name: 'severity',
+        type: severity => parseSeverity(severity),
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsSeverity')
+    },
     {
         name: 'ff',
         type: Boolean,
@@ -195,6 +212,22 @@ const auditOptionDefinitions = [
             '}: ' +
             i18n.__('constantsFilePath')
     },
+    {
+        name: 'fail',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('failOptionErrorMessage')
+    },
+    {
+        name: 'severity',
+        type: severity => parseSeverity(severity),
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsSeverity')
+    },
     {
         name: 'app-groups',
         description: '{bold ' +
@@ -227,6 +260,7 @@ const auditOptionDefinitions = [
     {
         name: 'ignore-dev',
         type: Boolean,
+        alias: 'i',
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
@@ -259,7 +293,6 @@ const auditOptionDefinitions = [
     },
     {
         name: 'host',
-        alias: 'h',
         description: '{bold ' +
             i18n.__('constantsRequired') +
             '}: ' +
@@ -302,6 +335,11 @@ const auditOptionDefinitions = [
             i18n.__('constantsOptional') +
             '}: ' +
             i18n.__('scanOptionsTimeoutSummary')
+    },
+    {
+        name: 'help',
+        alias: 'h',
+        type: Boolean
     }
 ];
 const mainUsageGuide = commandLineUsage([

package/dist/index.js

@@ -15,6 +15,7 @@ const lambda_1 = require("./lambda/lambda");
 const getConfig_1 = require("./utils/getConfig");
 const versionChecker_1 = require("./common/versionChecker");
 const errorHandling_1 = require("./common/errorHandling");
+const telemetry_1 = require("./telemetry/telemetry");
 const { commandLineDefinitions: { mainUsageGuide, mainDefinition } } = constants_1.default;
 const config = (0, getConfig_1.localConfig)(constants_2.APP_NAME, constants_2.APP_VERSION);
 const getMainOption = () => {
@@ -58,10 +59,10 @@ const start = async () => {
                 return await (0, lambda_1.processLambda)(argvMain);
             }
             if (command === 'scan') {
-                return await (0, processScan_1.processScan)(argvMain);
+                return await (0, processScan_1.processScan)(config, argvMain);
             }
             if (command === 'audit') {
-                return await (0, processAudit_1.processAudit)(argvMain);
+                return await (0, processAudit_1.processAudit)(config, argvMain);
             }
             if (command === 'help' ||
                 argvMain.includes('--help') ||
@@ -73,9 +74,11 @@ const start = async () => {
                 foundCommand
                     ? console.log(`Unknown Command: Did you mean "${foundCommand}"? \nUse "${foundCommand} --help" for the full list of options`)
                     : console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+                await (0, telemetry_1.sendTelemetryConfigAsConfObj)(config, command, argvMain, 'FAILURE', 'undefined');
             }
             else {
                 console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+                await (0, telemetry_1.sendTelemetryConfigAsConfObj)(config, command, argvMain, 'FAILURE', 'undefined');
             }
             process.exit(9);
         }

package/dist/scaAnalysis/common/scaParserForGoAndJava.js

@@ -0,0 +1,32 @@
+"use strict";
+const parseDependenciesForSCAServices = dependencyTreeObject => {
+    let parsedDependencyTree = {};
+    let subDeps;
+    for (let tree in dependencyTreeObject) {
+        let unParsedDependencyTree = dependencyTreeObject[tree];
+        for (let dependency in unParsedDependencyTree) {
+            subDeps = parseSubDependencies(unParsedDependencyTree[dependency].edges);
+            let parsedDependency = {
+                name: unParsedDependencyTree[dependency].artifactID,
+                group: unParsedDependencyTree[dependency].group,
+                version: unParsedDependencyTree[dependency].version,
+                directDependency: unParsedDependencyTree[dependency].type === 'direct',
+                isProduction: true,
+                dependencies: subDeps
+            };
+            parsedDependencyTree[dependency] = parsedDependency;
+        }
+    }
+    return parsedDependencyTree;
+};
+const parseSubDependencies = dependencies => {
+    let subDeps = [];
+    for (let x in dependencies) {
+        subDeps.push(dependencies[x]);
+    }
+    return subDeps;
+};
+module.exports = {
+    parseDependenciesForSCAServices,
+    parseSubDependencies
+};