npm - @contrast/contrast - Versions diffs - 1.0.12 → 1.0.14 - Mend

@contrast/contrast 1.0.12 → 1.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/dist/audit/report/commonReportingFunctions.js +175 -116
package/dist/audit/report/models/reportSeverityModel.js +3 -3
package/dist/audit/report/reportingFeature.js +1 -10
package/dist/audit/report/utils/reportUtils.js +4 -4
package/dist/commands/audit/processAudit.js +10 -0
package/dist/commands/scan/processScan.js +9 -0
package/dist/commands/scan/sca/scaAnalysis.js +2 -0
package/dist/common/HTTPClient.js +30 -2
package/dist/common/errorHandling.js +1 -2
package/dist/common/fail.js +7 -3
package/dist/common/versionChecker.js +11 -5
package/dist/constants/constants.js +1 -1
package/dist/constants/locales.js +16 -8
package/dist/constants.js +2 -2
package/dist/index.js +5 -3
package/dist/lambda/lambda.js +8 -1
package/dist/scaAnalysis/common/auditReport.js +78 -0
package/dist/scaAnalysis/common/scaServicesUpload.js +53 -0
package/dist/scaAnalysis/javascript/index.js +4 -0
package/dist/scaAnalysis/javascript/scaServiceParser.js +109 -0
package/dist/scaAnalysis/ruby/analysis.js +106 -9
package/dist/scaAnalysis/ruby/index.js +6 -1
package/dist/scan/formatScanOutput.js +4 -29
package/dist/scan/scanResults.js +1 -1
package/dist/{audit/languageAnalysisEngine/util → utils}/capabilities.js +0 -0
package/dist/{audit/languageAnalysisEngine/util → utils}/generalAPI.js +14 -5
package/package.json +4 -1
package/src/audit/report/commonReportingFunctions.js +432 -0
package/src/audit/report/models/reportSeverityModel.ts +6 -6
package/src/audit/report/reportingFeature.ts +2 -16
package/src/audit/report/utils/reportUtils.ts +2 -8
package/src/commands/audit/processAudit.ts +8 -0
package/src/commands/scan/processScan.js +14 -0
package/src/commands/scan/sca/scaAnalysis.js +9 -0
package/src/common/HTTPClient.js +44 -2
package/src/common/errorHandling.ts +1 -2
package/src/common/fail.js +7 -3
package/src/common/versionChecker.ts +16 -6
package/src/constants/constants.js +1 -1
package/src/constants/locales.js +17 -9
package/src/constants.js +2 -2
package/src/index.ts +5 -8
package/src/lambda/lambda.ts +13 -1
package/src/lambda/lambdaUtils.ts +1 -1
package/src/scaAnalysis/common/auditReport.js +108 -0
package/src/scaAnalysis/common/scaServicesUpload.js +56 -0
package/src/scaAnalysis/javascript/index.js +4 -0
package/src/scaAnalysis/javascript/scaServiceParser.js +145 -0
package/src/scaAnalysis/ruby/analysis.js +137 -9
package/src/scaAnalysis/ruby/index.js +6 -1
package/src/scan/formatScanOutput.ts +5 -42
package/src/scan/scanResults.js +1 -1
package/src/{audit/languageAnalysisEngine/util → utils}/capabilities.js +0 -0
package/src/{audit/languageAnalysisEngine/util → utils}/generalAPI.js +16 -6
package/src/audit/report/commonReportingFunctions.ts +0 -355

package/dist/{audit/languageAnalysisEngine/util → utils}/generalAPI.js RENAMED Viewed

@@ -1,12 +1,13 @@
 "use strict";
 const { featuresTeamServer } = require('./capabilities');
 const semver = require('semver');
-const { handleResponseErrors } = require('../../../common/errorHandling');
-const { getHttpClient } = require('../../../utils/commonApi');
+const { handleResponseErrors } = require('../common/errorHandling');
+const commonApi = require('./commonApi');
+const { isNil } = require('lodash');
 const getGlobalProperties = async (config) => {
-    const client = getHttpClient(config);
+    const client = commonApi.getHttpClient(config);
     return client
-        .getGlobalProperties(config)
+        .getGlobalProperties(config.host)
         .then(res => {
         if (res.statusCode === 200) {
             return res.body;
@@ -19,6 +20,13 @@ const getGlobalProperties = async (config) => {
         console.log(err);
     });
 };
+const getMode = async (config) => {
+    const features = await getGlobalProperties(config);
+    if (!isNil(features?.mode)) {
+        return features.mode;
+    }
+    return '';
+};
 const getFeatures = version => {
     const featuresEnabled = [];
     featuresTeamServer.forEach(feature => {
@@ -35,5 +43,6 @@ const isFeatureEnabled = (features, featureName) => {
 module.exports = {
     getGlobalProperties,
     getFeatures,
-    isFeatureEnabled
+    isFeatureEnabled,
+    getMode
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.12",
+  "version": "1.0.14",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -25,7 +25,10 @@
     "test-int-scan": "jest ./test-integration/scan",
     "test-int-audit": "jest test-integration/audit",
     "test-int-audit-reports": "jest test-integration/audit/audit-language-reports.spec.js",
+    "test-int-scan-errors": "jest test-integration/scan/scanLocalErrors.spec.js",
+    "test-int-scan-reports": "jest test-integration/scan/scanReport.spec.js",
     "test-int-audit-features": "jest test-integration/audit/auditFeatures/",
+    "test-int-audit-experimental": "jest test-integration/audit/audit-experimental.spec.js",
     "format": "prettier --write \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "check-format": "prettier --check \"**/*.{ts,tsx,js,json,md,yml}\" .eslintrc.*",
     "coverage-local": "nyc --reporter=text mocha './test/**/*.spec.js'",

package/src/audit/report/commonReportingFunctions.js ADDED Viewed

@@ -0,0 +1,432 @@
+const commonApi = require('../../utils/commonApi')
+const {
+  ReportCompositeKey,
+  ReportList,
+  ReportModelStructure
+} = require('./models/reportListModel')
+const { orderBy } = require('lodash')
+const chalk = require('chalk')
+const {
+  countVulnerableLibrariesBySeverity,
+  orderByHighestPriority,
+  findHighestSeverityCVE,
+  findNameAndVersion,
+  severityCountAllCVEs,
+  findCVESeverity
+} = require('./utils/reportUtils')
+const { SeverityCountModel } = require('./models/severityCountModel')
+const {
+  ReportOutputBodyModel,
+  ReportOutputHeaderModel,
+  ReportOutputModel
+} = require('./models/reportOutputModel')
+const {
+  CE_URL,
+  CRITICAL_COLOUR,
+  HIGH_COLOUR,
+  LOW_COLOUR,
+  MEDIUM_COLOUR,
+  NOTE_COLOUR
+} = require('../../constants/constants')
+const Table = require('cli-table3')
+const { ReportGuidanceModel } = require('./models/reportGuidanceModel')
+const i18n = require('i18n')
+const createSummaryMessageTop = (numberOfVulnerableLibraries, numberOfCves) => {
+  numberOfVulnerableLibraries === 1
+    ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVE`)
+    : console.log(
+        `Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`
+      )
+}
+const createSummaryMessageBottom = numberOfVulnerableLibraries => {
+  numberOfVulnerableLibraries === 1
+    ? console.log(`Found 1 vulnerability`)
+    : console.log(`Found ${numberOfVulnerableLibraries} vulnerabilities`)
+}
+const getReport = async (config, reportId) => {
+  const client = commonApi.getHttpClient(config)
+  return client
+    .getReportById(config, reportId)
+    .then(res => {
+      if (res.statusCode === 200) {
+        return res.body
+      } else {
+        console.log(JSON.stringify(res.statusCode))
+        commonApi.handleResponseErrors(res, 'report')
+      }
+    })
+    .catch(err => {
+      console.log(err)
+    })
+}
+const printVulnerabilityResponse = (
+  config,
+  vulnerableLibraries,
+  numberOfVulnerableLibraries,
+  numberOfCves,
+  guidance
+) => {
+  let hasSomeVulnerabilitiesReported = false
+  printFormattedOutput(
+    config,
+    vulnerableLibraries,
+    numberOfVulnerableLibraries,
+    numberOfCves,
+    guidance
+  )
+  if (Object.keys(vulnerableLibraries).length > 0) {
+    hasSomeVulnerabilitiesReported = true
+  }
+  return hasSomeVulnerabilitiesReported
+}
+const printFormattedOutput = (
+  config,
+  libraries,
+  numberOfVulnerableLibraries,
+  numberOfCves,
+  guidance
+) => {
+  createSummaryMessageTop(numberOfVulnerableLibraries, numberOfCves)
+  console.log()
+  const report = new ReportList()
+  for (const library of libraries) {
+    const { name, version } = findNameAndVersion(library, config)
+    const newOutputModel = new ReportModelStructure(
+      new ReportCompositeKey(
+        name,
+        version,
+        findHighestSeverityCVE(library.cveArray),
+        severityCountAllCVEs(
+          library.cveArray,
+          new SeverityCountModel()
+        ).getTotal
+      ),
+      library.cveArray
+    )
+    report.reportOutputList.push(newOutputModel)
+  }
+  const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(
+    report.reportOutputList,
+    [
+      reportListItem => {
+        return reportListItem.compositeKey.highestSeverity.priority
+      },
+      reportListItem => {
+        return reportListItem.compositeKey.numberOfSeverities
+      }
+    ],
+    ['asc', 'desc']
+  )
+  let contrastHeaderNumCounter = 0
+  for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
+    contrastHeaderNumCounter++
+    const { libraryName, libraryVersion, highestSeverity } =
+      reportModel.compositeKey
+    const numOfCVEs = reportModel.cveArray.length
+    const table = getReportTable()
+    const header = buildHeader(
+      highestSeverity,
+      contrastHeaderNumCounter,
+      libraryName,
+      libraryVersion,
+      numOfCVEs
+    )
+    const advice = gatherRemediationAdvice(
+      guidance,
+      libraryName,
+      libraryVersion
+    )
+    const body = buildBody(reportModel.cveArray, advice)
+    const reportOutputModel = new ReportOutputModel(header, body)
+    table.push(
+      reportOutputModel.body.issueMessage,
+      reportOutputModel.body.adviceMessage
+    )
+    console.log(
+      reportOutputModel.header.vulnMessage,
+      reportOutputModel.header.introducesMessage
+    )
+    console.log(table.toString() + '\n')
+  }
+  createSummaryMessageBottom(numberOfVulnerableLibraries)
+  const {
+    criticalMessage,
+    highMessage,
+    mediumMessage,
+    lowMessage,
+    noteMessage
+  } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst)
+  console.log(
+    `${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`
+  )
+  if (config.host !== CE_URL) {
+    console.log(
+      '\n' + chalk.bold('View your full dependency tree in Contrast:')
+    )
+    console.log(
+      `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`
+    )
+  }
+}
+function getReportTable() {
+  return new Table({
+    chars: {
+      top: '',
+      'top-mid': '',
+      'top-left': '',
+      'top-right': '',
+      bottom: '',
+      'bottom-mid': '',
+      'bottom-left': '',
+      'bottom-right': '',
+      left: '',
+      'left-mid': '',
+      mid: '',
+      'mid-mid': '',
+      right: '',
+      'right-mid': '',
+      middle: ' '
+    },
+    style: { 'padding-left': 0, 'padding-right': 0 },
+    colAligns: ['right'],
+    wordWrap: true,
+    colWidths: [12, 1, 100]
+  })
+}
+function buildHeader(
+  highestSeverity,
+  contrastHeaderNum,
+  libraryName,
+  version,
+  numOfCVEs
+) {
+  const vulnerabilityPluralised =
+    numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability'
+  const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum)
+  const headerColour = chalk.hex(highestSeverity.colour)
+  const headerNumAndSeverity = headerColour(
+    `${formattedHeaderNum} - [${highestSeverity.severity}]`
+  )
+  const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`)
+  const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`
+  const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`
+  return new ReportOutputHeaderModel(vulnMessage, introducesMessage)
+}
+function buildBody(cveArray, advice) {
+  let assignPriorityToVulns = cveArray.map(result => findCVESeverity(result))
+  const issueMessage = getIssueRow(assignPriorityToVulns)
+  //todo different advice based on remediationGuidance being available or now
+  // console.log(advice)
+  const minOrMax = advice.maximum ? advice.maximum : advice.minimum
+  const displayAdvice = minOrMax
+    ? `Change to version ${chalk.bold(minOrMax)}`
+    : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.'
+  const adviceMessage = [chalk.bold('Advice'), ':', displayAdvice]
+  return new ReportOutputBodyModel(issueMessage, adviceMessage)
+}
+function getIssueRow(cveArray) {
+  orderByHighestPriority(cveArray)
+  const cveMessagesList = getIssueCveMsgList(cveArray)
+  const cveNumbers = getSeverityCounts(cveArray)
+  const numAndSeverityTypeDesc = getNumOfAndSeverityType(cveNumbers)
+  return [
+    chalk.bold('Issue'),
+    ':',
+    `${numAndSeverityTypeDesc} ${cveMessagesList.join(', ')}`
+  ]
+}
+function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
+  const guidanceModel = new ReportGuidanceModel()
+  const data = guidance[libraryName + '@' + libraryVersion]
+  if (data) {
+    guidanceModel.minimum = data.minUpgradeVersion
+    guidanceModel.maximum = data.maxUpgradeVersion
+  }
+  return guidanceModel
+}
+function buildFormattedHeaderNum(contrastHeaderNum) {
+  return `CONTRAST-${contrastHeaderNum.toString().padStart(3, '0')}`
+}
+function getNumOfAndSeverityType(cveNumbers) {
+  const { critical, high, medium, low, note } = cveNumbers
+  const criticalMsg = critical > 0 ? `${critical} Critical | ` : ''
+  const highMsg = high > 0 ? `${high} High | ` : ''
+  const mediumMsg = medium > 0 ? `${medium} Medium | ` : ''
+  const lowMsg = low > 0 ? `${low} Low | ` : ''
+  const noteMsg = note > 0 ? `${note} Note` : ''
+  //removes/trims whitespace to single spaces
+  return `${criticalMsg} ${highMsg} ${mediumMsg} ${lowMsg} ${noteMsg}`
+    .replace(/\s+/g, ' ')
+    .trim()
+}
+const buildFooter = reportModelStructure => {
+  const { critical, high, medium, low, note } =
+    countVulnerableLibrariesBySeverity(reportModelStructure)
+  const criticalMessage = chalk
+    .hex(CRITICAL_COLOUR)
+    .bold(`${critical} Critical`)
+  const highMessage = chalk.hex(HIGH_COLOUR).bold(`${high} High`)
+  const mediumMessage = chalk.hex(MEDIUM_COLOUR).bold(`${medium} Medium`)
+  const lowMessage = chalk.hex(LOW_COLOUR).bold(`${low} Low`)
+  const noteMessage = chalk.hex(NOTE_COLOUR).bold(`${note} Note`)
+  return {
+    criticalMessage,
+    highMessage,
+    mediumMessage,
+    lowMessage,
+    noteMessage
+  }
+}
+const getIssueCveMsgList = results => {
+  const cveMessages = []
+  results.forEach(reportSeverityModel => {
+    // @ts-ignore
+    const { colour, severity, name } = reportSeverityModel
+    const severityShorthand = chalk
+      .hex(colour)
+      .bold(`[${severity.charAt(0).toUpperCase()}]`)
+    const builtMessage = severityShorthand + name
+    cveMessages.push(builtMessage)
+  })
+  return cveMessages
+}
+const getSeverityCounts = results => {
+  const acc = {
+    critical: 0,
+    high: 0,
+    medium: 0,
+    low: 0,
+    note: 0,
+    total: 0
+  }
+  if (results && results.length > 0) {
+    results.forEach(i => {
+      acc[i.severity.toLowerCase()] += 1
+      acc.total += 1
+      return acc
+    })
+  }
+  return acc
+}
+const printNoVulnFoundMsg = () => {
+  console.log(i18n.__('scanNoVulnerabilitiesFound'))
+  console.log(i18n.__('scanNoVulnerabilitiesFoundSecureCode'))
+  console.log(i18n.__('scanNoVulnerabilitiesFoundGoodWork'))
+  console.log(chalk.bold(`Found 0 vulnerabilities`))
+  console.log(
+    i18n.__(
+      'foundDetailedVulnerabilities',
+      String(0),
+      String(0),
+      String(0),
+      String(0),
+      String(0)
+    )
+  )
+}
+const printVulnInfo = projectOverview => {
+  const totalVulnerabilities = projectOverview.total
+  createSummaryMessageBottom(totalVulnerabilities)
+  const formattedValues = severityFormatted(projectOverview)
+  console.log(
+    i18n.__(
+      'foundDetailedVulnerabilities',
+      String(formattedValues.criticalFormatted),
+      String(formattedValues.highFormatted),
+      String(formattedValues.mediumFormatted),
+      String(formattedValues.lowFormatted),
+      String(formattedValues.noteFormatted)
+    )
+  )
+}
+const severityFormatted = projectOverview => {
+  const criticalFormatted = chalk
+    .hex(CRITICAL_COLOUR)
+    .bold(`${projectOverview.critical} Critical`)
+  const highFormatted = chalk
+    .hex(HIGH_COLOUR)
+    .bold(`${projectOverview.high} High`)
+  const mediumFormatted = chalk
+    .hex(MEDIUM_COLOUR)
+    .bold(`${projectOverview.medium} Medium`)
+  const lowFormatted = chalk.hex(LOW_COLOUR).bold(`${projectOverview.low} Low`)
+  const noteFormatted = chalk
+    .hex(NOTE_COLOUR)
+    .bold(`${projectOverview.note} Note`)
+  return {
+    criticalFormatted,
+    highFormatted,
+    mediumFormatted,
+    lowFormatted,
+    noteFormatted
+  }
+}
+module.exports = {
+  createSummaryMessageTop,
+  getReport,
+  createSummaryMessageBottom,
+  printVulnerabilityResponse,
+  printFormattedOutput,
+  getReportTable,
+  buildHeader,
+  buildBody,
+  getIssueRow,
+  gatherRemediationAdvice,
+  buildFormattedHeaderNum,
+  getNumOfAndSeverityType,
+  getIssueCveMsgList,
+  getSeverityCounts,
+  printNoVulnFoundMsg,
+  printVulnInfo
+}

package/src/audit/report/models/reportSeverityModel.ts CHANGED Viewed

@@ -1,18 +1,18 @@
 export class ReportSeverityModel {
   severity: string
   priority: number
-  outputColour: string
-  cveName: string
+  colour: string
+  name: string
   constructor(
     severity: string,
     priority: number,
-    outputColour: string,
-    cveName: string
+    colour: string,
+    name: string
   ) {
     this.severity = severity
     this.priority = priority
-    this.outputColour = outputColour
-    this.cveName = cveName
+    this.colour = colour
+    this.name = name
   }
 }

package/src/audit/report/reportingFeature.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import {
   getReport,
+  printNoVulnFoundMsg,
   printVulnerabilityResponse
 } from './commonReportingFunctions'
 import {
@@ -58,22 +59,7 @@ export function formatVulnerabilityOutput(
   const numberOfVulnerableLibraries = vulnerableLibraries.length
   if (numberOfVulnerableLibraries === 0) {
-    console.log(i18n.__('scanNoVulnerabilitiesFound'))
-    console.log(i18n.__('scanNoVulnerabilitiesFoundSecureCode'))
-    console.log(i18n.__('scanNoVulnerabilitiesFoundGoodWork'))
-    console.log(
-      chalk.bold(`Found ${numberOfVulnerableLibraries} vulnerabilities`)
-    )
-    console.log(
-      i18n.__(
-        'foundDetailedVulnerabilities',
-        String(0),
-        String(0),
-        String(0),
-        String(0),
-        String(0)
-      )
-    )
+    printNoVulnFoundMsg()
     return [false, 0, [new SeverityCountModel()]]
   } else {
     let numberOfCves = 0

package/src/audit/report/utils/reportUtils.ts CHANGED Viewed

@@ -30,14 +30,8 @@ export function findHighestSeverityCVE(cveArray: ReportCVEModel[]) {
   return orderBy(mappedToReportSeverityModels, cve => cve?.priority)[0]
 }
-export function findCVESeveritiesAndOrderByHighestPriority(
-  cves: ReportCVEModel[]
-) {
-  return orderBy(
-    cves.map(cve => findCVESeverity(cve)),
-    ['priority'],
-    ['asc']
-  )
+export function orderByHighestPriority(cves: ReportCVEModel[]) {
+  return orderBy(cves, ['priority'], ['asc'])
 }
 export function findCVESeverity(cve: ReportCVEModel) {

package/src/commands/audit/processAudit.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import { auditUsageGuide } from './help'
 import { processSca } from '../scan/sca/scaAnalysis'
 import { sendTelemetryConfigAsObject } from '../../telemetry/telemetry'
 import { ContrastConf } from '../../utils/getConfig'
+import chalk from 'chalk'
 export type parameterInput = string[]
@@ -17,6 +18,7 @@ export const processAudit = async (
   const config = await getAuditConfig(contrastConf, 'audit', argv)
   await processSca(config)
+  postRunMessage()
   await sendTelemetryConfigAsObject(
     config,
     'audit',
@@ -30,3 +32,9 @@ export const processAudit = async (
 const printHelpMessage = () => {
   console.log(auditUsageGuide)
 }
+const postRunMessage = () => {
+  console.log('\n' + chalk.underline.bold('Other Codesec Features:'))
+  console.log("'contrast scan' to run CodeSec’s industry leading SAST scanner")
+  console.log("'contrast lambda' to secure your AWS serverless functions\n")
+}

package/src/commands/scan/processScan.js CHANGED Viewed

@@ -6,10 +6,14 @@ const { formatScanOutput } = require('../../scan/formatScanOutput')
 const { processSca } = require('./sca/scaAnalysis')
 const common = require('../../common/fail')
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry')
+const chalk = require('chalk')
+const generalAPI = require('../../utils/generalAPI')
 const processScan = async (contrastConf, argv) => {
   let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv)
   let output = undefined
+  config.mode = await generalAPI.getMode(config)
   //try SCA analysis first
   if (config.experimental) {
     await processSca(config, argv)
@@ -35,6 +39,16 @@ const processScan = async (contrastConf, argv) => {
   if (config.fail) {
     common.processFail(config, output)
   }
+  postRunMessage()
+}
+const postRunMessage = () => {
+  console.log('\n' + chalk.underline.bold('Other Codesec Features:'))
+  console.log(
+    "'contrast audit' to find vulnerabilities in your open source dependencies"
+  )
+  console.log("'contrast lambda' to secure your AWS serverless functions\n")
 }
 module.exports = {

package/src/commands/scan/sca/scaAnalysis.js CHANGED Viewed

@@ -27,7 +27,11 @@ const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
 const { auditUsageGuide } = require('../../audit/help')
 const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames')
 const path = require('path')
+const generalAPI = require('../../../utils/generalAPI')
 const processSca = async config => {
+  config.mode = await generalAPI.getMode(config)
   const startTime = performance.now()
   let filesFound
@@ -99,6 +103,10 @@ const processSca = async config => {
       config.applicationId = await auditController.dealWithNoAppId(config)
     }
+    // if (config.experimental) {
+    //   // const reports = await scaUpload.scaTreeUpload(messageToSend, config)
+    //   auditReport.processAuditReport(config, 'reports')
+    // } else {
     console.log('') //empty log for space before spinner
     //send message to TS
     const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
@@ -126,6 +134,7 @@ const processSca = async config => {
     console.log(
       `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
     )
+    // }
   } else {
     if (filesFound.length === 0) {
       console.log(i18n.__('languageAnalysisNoLanguage'))