@contrast/contrast 1.0.12 → 1.0.14

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.12';
+const APP_VERSION = '1.0.14';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/constants/locales.js

@@ -20,7 +20,7 @@ const en_locales = () => {
         unauthenticatedErrorHeader: '401 error - Unauthenticated',
         unauthenticatedErrorMessage: 'Please check the following keys are correct:\n--organization-id, --api-key or --authorization',
         badRequestErrorHeader: '400 error - Bad Request',
-        badRequestErrorMessage: 'Please check the following key is correct: \n--application-id',
+        badRequestErrorMessage: 'Please check your parameters and try again',
         badRequestCatalogueErrorMessage: 'The application name already exists, please use a unique name',
         forbiddenRequestErrorHeader: '403 error - Forbidden',
         forbiddenRequestErrorMessage: 'You do not have permission to access this server.',
@@ -80,6 +80,7 @@ const en_locales = () => {
         constantsApplicationName: 'The name of the application cataloged by Contrast UI',
         constantsCatalogueApplication: 'Provide this if you want to catalogue an application',
         failOptionErrorMessage: ' FAIL - CVEs have been detected that match at least the cve_severity option specified.',
+        failOptionMessage: ' Use with contrast scan or contrast audit. Detects failures based on the severity level specified with the --severity command. For example, "contrast scan --fail --severity high". Returns all failures if no severity level is specified.',
         constantsLanguage: 'Valid values are JAVA, DOTNET, NODE, PYTHON and RUBY. If there are multiple project configuration files in the project_path, language is also required.  Also, provide this when cataloguing an application',
         constantsFilePath: `Specify a directory or the file where dependencies are declared. (By default, CodeSec will search for project files in the current directory.)`,
         constantsSilent: 'Silences JSON output.',
@@ -96,7 +97,7 @@ const en_locales = () => {
         constantsFail: 'Set the process to fail if this option is set in combination with --cve_severity.',
         failThresholdOptionErrorMessage: 'More than 0 vulnerabilities found',
         failSeverityOptionErrorMessage: ' FAIL - Results detected vulnerabilities over accepted severity level',
-        constantsSeverity: 'Allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
+        constantsSeverity: 'Use with "contrast scan --fail --severity high" or "contrast audit --fail --severity high". Set the severity level to detect vulnerabilities or dependencies. Severity levels are critical, high, medium, low or note.',
         constantsCount: 'The number of CVEs that must be exceeded to fail a build',
         constantsHeader: 'CodeSec by Contrast Security',
         configHeader2: 'Config options',
@@ -113,7 +114,7 @@ const en_locales = () => {
         configHeader: 'Config',
         constantsConfigUsageContents: 'view / clear the configuration',
         constantsPrerequisitesContent: 'To scan a Java project you will need a .jar or .war file for analysis\n' +
-            'To scan a Javascript project you will need a .js or.zip file for analysis\n' +
+            'To scan a Javascript project you will need a single .js or a .zip of  multiple .js files\n' +
             'To scan a .NET c# webforms project you will need a .exe or a .zip file for analysis\n',
         constantsUsage: 'Usage',
         constantsUsageCommandExample: 'contrast [command] [options]',
@@ -213,16 +214,23 @@ const en_locales = () => {
         scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
         scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
         authSuccessMessage: 'Authentication successful',
-        runAuthSuccessMessage: "Now you can use CodeSec by Contrast \nRun: \n'contrast scan' on your file \n'contrast audit' on a file or directory,\n'contrast lambda' on an AWS function.\nor 'contrast help' to learn more about the capabilities.",
+        runAuthSuccessMessage: chalk.bold('CodeSec by Contrast') +
+            '\nScan, secure and ship your code in minutes for FREE. \n' +
+            chalk.bold('\nRun\n') +
+            chalk.bold('\ncontrast scan') +
+            " to run Contrast's industry leading SAST scanner. \nSupports Java, JavaScript and .Net \n" +
+            chalk.bold('\ncontrast audit') +
+            ' to find vulnerabilities in your open source dependencies.\nSupports Java, .NET, Node, Ruby, Python, Go and PHP \n' +
+            chalk.bold('\ncontrast lambda') +
+            ' to secure your AWS serverless functions. \nSupports Java and Python \n' +
+            chalk.bold('\ncontrast help') +
+            ' to learn more about the capabilities.',
         authWaitingMessage: 'Waiting for auth...',
         authTimedOutMessage: 'Auth Timed out, try again',
         zipErrorScan: 'We only support zip files for JAVASCRIPT language, please set the flag --language JAVASCRIPT',
         unknownFileErrorScan: 'Unsupported file selected for Scan.',
         foundScanFile: 'Found: %s',
-        foundDetailedVulnerabilities: chalk.bold('%s Critical') +
-            ' | ' +
-            chalk.bold('%s High') +
-            ' | %s Medium | %s Low | %s Note',
+        foundDetailedVulnerabilities: chalk.bold('%s') + ' | ' + chalk.bold('%s') + ' | %s | %s | %s ',
         requiredParams: 'All required parameters are not present.',
         timeoutScan: 'Timeout set to 5 minutes.',
         searchingScanFileDirectory: 'Searching for file to scan from %s...',

package/dist/constants.js

@@ -101,7 +101,7 @@ const scanOptionDefinitions = [
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('failOptionErrorMessage')
+            i18n.__('failOptionMessage')
     },
     {
         name: 'severity',
@@ -219,7 +219,7 @@ const auditOptionDefinitions = [
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('failOptionErrorMessage')
+            i18n.__('failOptionMessage')
     },
     {
         name: 'severity',

package/dist/index.js

@@ -45,7 +45,7 @@ const start = async () => {
                 return;
             }
             config.set('numOfRuns', config.get('numOfRuns') + 1);
-            if (config.get('numOfRuns') >= 1) {
+            if (config.get('numOfRuns') >= 10) {
                 await (0, versionChecker_1.findLatestCLIVersion)(config);
                 config.set('numOfRuns', 0);
             }
@@ -73,11 +73,13 @@ const start = async () => {
                 const foundCommand = (0, errorHandling_1.findCommandOnError)(mainOptions._unknown);
                 foundCommand
                     ? console.log(`Unknown Command: Did you mean "${foundCommand}"? \nUse "${foundCommand} --help" for the full list of options`)
-                    : console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+                    : console.log(`\nUnknown Command: ${command} \n`);
+                console.log(mainUsageGuide);
                 await (0, telemetry_1.sendTelemetryConfigAsConfObj)(config, command, argvMain, 'FAILURE', 'undefined');
             }
             else {
-                console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+                console.log(`\nUnknown Command: ${command}\n`);
+                console.log(mainUsageGuide);
                 await (0, telemetry_1.sendTelemetryConfigAsConfObj)(config, command, argvMain, 'FAILURE', 'undefined');
             }
             process.exit(9);

package/dist/lambda/lambda.js

@@ -23,6 +23,7 @@ const oraWrapper_1 = __importDefault(require("../utils/oraWrapper"));
 const analytics_1 = require("./analytics");
 const types_1 = require("./types");
 const constants_2 = require("../constants/constants");
+const chalk_1 = __importDefault(require("chalk"));
 const failedStates = [
     'UNSUPPORTED',
     'EXCLUDED',
@@ -109,6 +110,7 @@ const processLambda = async (argv) => {
         }
         await (0, analytics_1.postAnalytics)(endCommandAnalytics).catch((error) => {
         });
+        postRunMessage();
         if (errorMsg) {
             process.exit(1);
         }
@@ -117,7 +119,7 @@ const processLambda = async (argv) => {
 exports.processLambda = processLambda;
 const getAvailableFunctions = async (lambdaOptions) => {
     const lambdas = await (0, lambdaUtils_1.getAllLambdas)(lambdaOptions);
-    (0, lambdaUtils_1.printAvailableLambdas)(lambdas, { runtimes: ['python', 'java'] });
+    (0, lambdaUtils_1.printAvailableLambdas)(lambdas, { runtimes: ['python', 'java', 'node'] });
 };
 exports.getAvailableFunctions = getAvailableFunctions;
 const actualProcessLambda = async (lambdaOptions) => {
@@ -191,3 +193,8 @@ const handleLambdaHelp = () => {
     printHelpMessage();
     process.exit(0);
 };
+const postRunMessage = () => {
+    console.log('\n' + chalk_1.default.underline.bold('Other Codesec Features:'));
+    console.log("'contrast scan' to run CodeSec’s industry leading SAST scanner");
+    console.log("'contrast audit' to find vulnerabilities in your open source dependencies\n");
+};

package/dist/scaAnalysis/common/auditReport.js

@@ -0,0 +1,78 @@
+"use strict";
+const { getSeverityCounts, createSummaryMessageTop, printVulnInfo, getReportTable, getIssueRow, printNoVulnFoundMsg } = require('../../audit/report/commonReportingFunctions');
+const { orderBy } = require('lodash');
+const { assignBySeverity } = require('../../scan/formatScanOutput');
+const chalk = require('chalk');
+const { CE_URL } = require('../../constants/constants');
+const common = require('../../common/fail');
+const processAuditReport = (config, results) => {
+    let severityCounts = {};
+    if (results !== undefined) {
+        severityCounts = formatScaServicesReport(config, results);
+    }
+    if (config.fail) {
+        common.processFail(config, severityCounts);
+    }
+};
+const formatScaServicesReport = (config, results) => {
+    const projectOverviewCount = getSeverityCounts(results);
+    if (projectOverviewCount.total === 0) {
+        printNoVulnFoundMsg();
+        return projectOverviewCount;
+    }
+    else {
+        let total = 0;
+        const numberOfCves = results.length;
+        const table = getReportTable();
+        let contrastHeaderNumCounter = 0;
+        let assignPriorityToResults = results.map(result => assignBySeverity(result, result));
+        const numberOfVulns = results
+            .map(result => result.vulnerabilities)
+            .reduce((a, b) => {
+            return (total += b.length);
+        }, 0);
+        const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(assignPriorityToResults, [
+            reportListItem => {
+                return reportListItem.priority;
+            },
+            reportListItem => {
+                return reportListItem.vulnerabilities.length;
+            }
+        ], ['asc', 'desc']);
+        for (const result of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
+            contrastHeaderNumCounter++;
+            const cvesNum = result.vulnerabilities.length;
+            const grammaticallyCorrectVul = result.vulnerabilities.length > 1 ? 'vulnerabilities' : 'vulnerability';
+            const headerColour = chalk.hex(result.colour);
+            const headerRow = [
+                headerColour(`CONTRAST-${contrastHeaderNumCounter.toString().padStart(3, '0')}`),
+                headerColour(`-`),
+                headerColour(`[${result.severity}] `) +
+                    headerColour.bold(`${result.artifactName}`) +
+                    ` introduces ${cvesNum} ${grammaticallyCorrectVul}`
+            ];
+            const adviceRow = [
+                chalk.bold(`Advice`),
+                chalk.bold(`:`),
+                `Change to version ${result.remediationAdvice.latestStableVersion}`
+            ];
+            let assignPriorityToVulns = result.vulnerabilities.map(result => assignBySeverity(result, result));
+            const issueRow = getIssueRow(assignPriorityToVulns);
+            table.push(headerRow, issueRow, adviceRow);
+            console.log();
+        }
+        console.log();
+        createSummaryMessageTop(numberOfCves, numberOfVulns);
+        console.log(table.toString() + '\n');
+        printVulnInfo(projectOverviewCount);
+        if (config.host !== CE_URL) {
+            console.log('\n' + chalk.bold('View your full dependency tree in Contrast:'));
+            console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+        }
+        return projectOverviewCount;
+    }
+};
+module.exports = {
+    formatScaServicesReport,
+    processAuditReport
+};

package/dist/scaAnalysis/common/scaServicesUpload.js

@@ -0,0 +1,53 @@
+"use strict";
+const commonApi = require('../../utils/commonApi');
+const { APP_VERSION } = require('../../constants/constants');
+const requestUtils = require('../../utils/requestUtils');
+const scaTreeUpload = async (analysis, config) => {
+    const requestBody = {
+        applicationId: config.applicationId,
+        dependencyTree: analysis,
+        organizationId: config.organizationId,
+        language: config.language,
+        tool: {
+            name: 'Contrast Codesec',
+            version: APP_VERSION
+        }
+    };
+    const client = commonApi.getHttpClient(config);
+    const reportID = await client
+        .scaServiceIngest(requestBody, config)
+        .then(res => {
+        if (res.statusCode === 201) {
+            return res.body.libraryIngestJobId;
+        }
+        else {
+            throw new Error(res.statusCode + ` error ingesting dependencies`);
+        }
+    })
+        .catch(err => {
+        throw err;
+    });
+    console.log(' polling report');
+    let keepChecking = true;
+    let res;
+    while (keepChecking) {
+        res = await client.scaServiceReportStatus(config, reportID).then(res => {
+            console.log(res.statusCode);
+            console.log(res.body);
+            if (res.body.status == 'COMPLETED') {
+                keepChecking = false;
+                return client.scaServiceReport(config, reportID).then(res => {
+                    return res.body;
+                });
+            }
+        });
+        if (!keepChecking) {
+            return res;
+        }
+        await requestUtils.sleep(5000);
+    }
+    return res;
+};
+module.exports = {
+    scaTreeUpload
+};

package/dist/scaAnalysis/javascript/index.js

@@ -2,6 +2,7 @@
 const analysis = require('./analysis');
 const i18n = require('i18n');
 const formatMessage = require('../common/formatMessage');
+const scaServiceParser = require('./scaServiceParser');
 const jsAnalysis = async (config, languageFiles) => {
     checkForCorrectFiles(languageFiles);
     if (!config.file.endsWith('/')) {
@@ -12,6 +13,9 @@ const jsAnalysis = async (config, languageFiles) => {
 const buildNodeTree = async (config, files) => {
     let analysis = await readFiles(config, files);
     const rawNode = await parseFiles(config, files, analysis);
+    if (config.experimental) {
+        return scaServiceParser.parseJS(rawNode);
+    }
     return formatMessage.createJavaScriptTSMessage(rawNode);
 };
 const readFiles = async (config, files) => {

package/dist/scaAnalysis/javascript/scaServiceParser.js

@@ -0,0 +1,109 @@
+"use strict";
+const parseJS = rawNode => {
+    let dependencyTree = {};
+    let combinedPackageJSONDep = {
+        ...rawNode.packageJSON?.dependencies,
+        ...rawNode.packageJSON?.devDependencies
+    };
+    let analyseLock = chooseLockFile(rawNode);
+    if (analyseLock.type === 'yarn') {
+        dependencyTree = yarnCreateDepTree(dependencyTree, combinedPackageJSONDep, analyseLock.lockFile, rawNode);
+    }
+    if (analyseLock.type === 'npm') {
+        dependencyTree = npmCreateDepTree(dependencyTree, combinedPackageJSONDep, analyseLock.lockFile, rawNode);
+    }
+    return dependencyTree;
+};
+const npmCreateDepTree = (dependencyTree, combinedPackageJSONDep, packageLock, rawNode) => {
+    for (const [key, value] of Object.entries(packageLock)) {
+        dependencyTree[key] = {
+            name: key,
+            version: getResolvedVersion(key, packageLock),
+            group: null,
+            isProduction: checkIfInPackageJSON(rawNode.packageJSON.dependencies, key),
+            directDependency: checkIfInPackageJSON(combinedPackageJSONDep, key),
+            dependencies: createNPMChildDependencies(packageLock, key)
+        };
+    }
+    return dependencyTree;
+};
+const yarnCreateDepTree = (dependencyTree, combinedPackageJSONDep, packageLock, rawNode) => {
+    for (const [key, value] of Object.entries(packageLock)) {
+        let gav = getNameFromGAV(key);
+        let nag = getDepNameWithoutVersion(key);
+        dependencyTree[key] = {
+            name: gav,
+            version: getResolvedVersion(key, packageLock),
+            group: null,
+            isProduction: checkIfInPackageJSON(rawNode.packageJSON.dependencies, nag),
+            directDependency: checkIfInPackageJSON(combinedPackageJSONDep, nag),
+            dependencies: createChildDependencies(packageLock, key)
+        };
+    }
+    return dependencyTree;
+};
+const chooseLockFile = rawNode => {
+    if (rawNode?.yarn?.yarnLockFile !== undefined) {
+        return { lockFile: rawNode?.yarn?.yarnLockFile?.object, type: 'yarn' };
+    }
+    else if (rawNode.npmLockFile !== undefined) {
+        return { lockFile: rawNode?.npmLockFile?.dependencies, type: 'npm' };
+    }
+    else {
+        return undefined;
+    }
+};
+const createKeyName = (dep, version) => {
+    return dep + '@' + version;
+};
+const checkIfInPackageJSON = (list, dep) => {
+    return Object.keys(list).includes(dep);
+};
+const createChildDependencies = (lockFileDep, currentDep) => {
+    let depArray = [];
+    if (lockFileDep[currentDep]?.dependencies) {
+        for (const [key, value] of Object.entries(lockFileDep[currentDep]?.dependencies)) {
+            depArray.push(createKeyName(key, value));
+        }
+    }
+    return depArray;
+};
+const createNPMChildDependencies = (lockFileDep, currentDep) => {
+    let depArray = [];
+    if (lockFileDep[currentDep]?.requires) {
+        for (const [key, value] of Object.entries(lockFileDep[currentDep]?.requires)) {
+            depArray.push(key);
+        }
+    }
+    return depArray;
+};
+const getDepNameWithoutVersion = depKey => {
+    let dependency = depKey.split('@');
+    if (dependency.length - 1 > 1) {
+        return '@' + dependency[1];
+    }
+    return dependency[0];
+};
+const getNameFromGAV = depKey => {
+    let dependency = depKey.split('/');
+    if (dependency.length == 2) {
+        dependency = getDepNameWithoutVersion(dependency[1]);
+        return dependency;
+    }
+    if (dependency.length == 1) {
+        dependency = getDepNameWithoutVersion(depKey);
+        return dependency;
+    }
+    return depKey;
+};
+const getResolvedVersion = (depKey, packageLock) => {
+    return packageLock[depKey]?.version;
+};
+module.exports = {
+    parseJS,
+    checkIfInPackageJSON,
+    getNameFromGAV,
+    getResolvedVersion,
+    chooseLockFile,
+    createNPMChildDependencies
+};

package/dist/scaAnalysis/ruby/analysis.js

@@ -1,6 +1,26 @@
 "use strict";
 const fs = require('fs');
 const i18n = require('i18n');
+const getRubyDeps = (config, languageFiles) => {
+    try {
+        checkForCorrectFiles(languageFiles);
+        const parsedGem = readAndParseGemfile(config.file);
+        const parsedLock = readAndParseGemLockFile(config.file);
+        if (config.experimental) {
+            const rubyArray = removeRedundantAndPopulateDefinedElements(parsedLock.sources);
+            let rubyTree = createRubyTree(rubyArray);
+            findChildrenDependencies(rubyTree);
+            processRootDependencies(parsedLock.dependencies, rubyTree);
+            return rubyTree;
+        }
+        else {
+            return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock };
+        }
+    }
+    catch (err) {
+        throw err;
+    }
+};
 const readAndParseGemfile = file => {
     const gemFile = fs.readFileSync(file + '/Gemfile', 'utf8');
     const rubyArray = gemFile.split('\n');
@@ -189,16 +209,89 @@ const buildSourceDependencyWithVersion = (whitespaceRegx, dependencyRegEx, line,
     }
     return dependencies;
 };
-const getRubyDeps = (config, languageFiles) => {
-    try {
-        checkForCorrectFiles(languageFiles);
-        const parsedGem = readAndParseGemfile(config.file);
-        const parsedLock = readAndParseGemLockFile(config.file);
-        return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock };
+const processRootDependencies = (rootDependencies, rubyTree) => {
+    const getParentObjectByName = queryToken => Object.values(rubyTree).filter(({ name }) => name === queryToken);
+    for (let parent in rootDependencies) {
+        let parentObject = getParentObjectByName(parent);
+        if (parentObject[0]) {
+            let gav = parentObject[0].group +
+                '/' +
+                parentObject[0].name +
+                '@' +
+                parentObject[0].version;
+            rubyTree[gav] = parentObject[0];
+            rubyTree[gav].directDependency = true;
+        }
     }
-    catch (err) {
-        throw err;
+    return rubyTree;
+};
+const createRubyTree = rubyArray => {
+    let rubyTree = {};
+    for (let x in rubyArray) {
+        let version = rubyArray[x].resolved;
+        let gav = rubyArray[x].group + '/' + rubyArray[x].name + '@' + version;
+        rubyTree[gav] = rubyArray[x];
+        rubyTree[gav].directDependency = false;
+        rubyTree[gav].version = version;
+        if (!rubyTree[gav].dependencies) {
+            rubyTree[gav].dependencies = [];
+        }
+        delete rubyTree[gav].resolved;
     }
+    return rubyTree;
+};
+const findChildrenDependencies = rubyTree => {
+    for (let dep in rubyTree) {
+        let unResolvedChildDepsKey = Object.keys(rubyTree[dep].dependencies);
+        rubyTree[dep].dependencies = resolveVersionOfChildDependencies(unResolvedChildDepsKey, rubyTree);
+    }
+};
+const resolveVersionOfChildDependencies = (unResolvedChildDepsKey, rubyObject) => {
+    const getParentObjectByName = queryToken => Object.values(rubyObject).filter(({ name }) => name === queryToken);
+    let resolvedChildrenDependencies = [];
+    for (let childDep in unResolvedChildDepsKey) {
+        let childDependencyName = unResolvedChildDepsKey[childDep];
+        let parent = getParentObjectByName(childDependencyName);
+        resolvedChildrenDependencies.push('null/' + childDependencyName + '@' + parent[0].version);
+    }
+    return resolvedChildrenDependencies;
+};
+const removeRedundantAndPopulateDefinedElements = deps => {
+    return deps.map(element => {
+        if (element.sourceType === 'GIT') {
+            delete element.sourceType;
+            delete element.remote;
+            delete element.platform;
+            element.group = null;
+            element.isProduction = true;
+        }
+        if (element.sourceType === 'GEM') {
+            element.group = null;
+            element.isProduction = true;
+            delete element.sourceType;
+            delete element.remote;
+            delete element.platform;
+        }
+        if (element.sourceType === 'PATH') {
+            element.group = null;
+            element.isProduction = true;
+            delete element.platform;
+            delete element.sourceType;
+            delete element.remote;
+        }
+        if (element.sourceType === 'BUNDLED WITH') {
+            element.group = null;
+            element.isProduction = true;
+            delete element.sourceType;
+            delete element.remote;
+            delete element.branch;
+            delete element.revision;
+            delete element.depthLevel;
+            delete element.specs;
+            delete element.platform;
+        }
+        return element;
+    });
 };
 const checkForCorrectFiles = languageFiles => {
     if (!languageFiles.includes('Gemfile.lock')) {
@@ -224,5 +317,9 @@ module.exports = {
     getPatchLevel,
     formatSourceArr,
     getSourceArray,
-    checkForCorrectFiles
+    checkForCorrectFiles,
+    removeRedundantAndPopulateDefinedElements,
+    createRubyTree,
+    findChildrenDependencies,
+    processRootDependencies
 };

package/dist/scaAnalysis/ruby/index.js

@@ -3,7 +3,12 @@ const analysis = require('./analysis');
 const { createRubyTSMessage } = require('../common/formatMessage');
 const rubyAnalysis = (config, languageFiles) => {
     const rubyDeps = analysis.getRubyDeps(config, languageFiles.RUBY);
-    return createRubyTSMessage(rubyDeps);
+    if (config.experimental) {
+        return rubyDeps;
+    }
+    else {
+        return createRubyTSMessage(rubyDeps);
+    }
 };
 module.exports = {
     rubyAnalysis

package/dist/scan/formatScanOutput.js

@@ -3,16 +3,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.assignBySeverity = exports.stripTags = exports.getCodeFlowInfo = exports.getSourceLineNumber = exports.getLocationsSyncInfo = exports.editVulName = exports.getDefaultView = exports.formatLinks = exports.getProjectOverview = exports.formatScanOutput = void 0;
+exports.assignBySeverity = exports.stripTags = exports.getCodeFlowInfo = exports.getSourceLineNumber = exports.getLocationsSyncInfo = exports.editVulName = exports.getDefaultView = exports.formatLinks = exports.formatScanOutput = void 0;
 const i18n_1 = __importDefault(require("i18n"));
 const chalk_1 = __importDefault(require("chalk"));
 const groupedResultsModel_1 = require("./models/groupedResultsModel");
 const lodash_1 = require("lodash");
 const cli_table3_1 = __importDefault(require("cli-table3"));
 const constants_1 = require("../constants/constants");
+const commonReportingFunctions_1 = require("../audit/report/commonReportingFunctions");
 function formatScanOutput(scanResults) {
     const { scanResultsInstances } = scanResults;
-    const projectOverview = getProjectOverview(scanResultsInstances);
+    const projectOverview = (0, commonReportingFunctions_1.getSeverityCounts)(scanResultsInstances.content);
     if (scanResultsInstances.content.length === 0) {
         console.log(i18n_1.default.__('scanNoVulnerabilitiesFound'));
         console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundSecureCode'));
@@ -89,36 +90,10 @@ function formatScanOutput(scanResults) {
             console.log();
         });
     }
-    printVulnInfo(projectOverview);
+    (0, commonReportingFunctions_1.printVulnInfo)(projectOverview);
     return projectOverview;
 }
 exports.formatScanOutput = formatScanOutput;
-function printVulnInfo(projectOverview) {
-    const totalVulnerabilities = projectOverview.total;
-    const vulMessage = totalVulnerabilities === 1 ? `vulnerability` : `vulnerabilities`;
-    console.log(chalk_1.default.bold(`Found ${totalVulnerabilities} ${vulMessage}`));
-    console.log(i18n_1.default.__('foundDetailedVulnerabilities', String(projectOverview.critical), String(projectOverview.high), String(projectOverview.medium), String(projectOverview.low), String(projectOverview.note)));
-}
-function getProjectOverview(scanResultsInstances) {
-    const acc = {
-        critical: 0,
-        high: 0,
-        medium: 0,
-        low: 0,
-        note: 0,
-        total: 0
-    };
-    if (scanResultsInstances?.content &&
-        scanResultsInstances.content.length > 0) {
-        scanResultsInstances.content.forEach((i) => {
-            acc[i.severity.toLowerCase()] += 1;
-            acc.total += 1;
-            return acc;
-        });
-    }
-    return acc;
-}
-exports.getProjectOverview = getProjectOverview;
 function formatLinks(objName, entry) {
     const line = chalk_1.default.bold(objName + '  : ');
     if (entry.length === 1) {

package/dist/scan/scanResults.js

@@ -66,7 +66,7 @@ const returnScanResults = async (config, codeArtifactId, newProject, timeout, st
             if (requestUtils.millisToSeconds(endTime) > timeout) {
                 oraFunctions.failSpinner(startScanSpinner, 'Contrast Scan timed out at the specified ' + timeout + ' seconds.');
                 const isCI = process.env.CONTRAST_CODESEC_CI
-                    ? JSON.parse(process.env.CONTRAST_CODESEC_CI)
+                    ? JSON.parse(process.env.CONTRAST_CODESEC_CI.toLowerCase())
                     : false;
                 if (!isCI) {
                     const retry = await retryScanPrompt();