@contrast/contrast 1.0.14 → 1.0.15

package/dist/audit/save.js

@@ -5,7 +5,7 @@ const chalk = require('chalk');
 const save = require('../commands/audit/saveFile');
 const sbom = require('../sbom/generateSbom');
 const { SBOM_CYCLONE_DX_FILE, SBOM_SPDX_FILE } = require('../constants/constants');
-async function auditSave(config) {
+async function auditSave(config, reportId) {
     let fileFormat;
     switch (config.save) {
         case null:
@@ -19,7 +19,12 @@ async function auditSave(config) {
             break;
     }
     if (fileFormat) {
-        save.saveFile(config, fileFormat, await sbom.generateSbom(config, fileFormat));
+        if (config.experimental) {
+            save.saveFile(config, fileFormat, await sbom.generateSCASbom(config, fileFormat, reportId));
+        }
+        else {
+            save.saveFile(config, fileFormat, await sbom.generateSbom(config, fileFormat));
+        }
         const filename = `${config.applicationId}-sbom-${fileFormat}.json`;
         if (fs.existsSync(filename)) {
             console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);

package/dist/commands/audit/help.js

@@ -52,7 +52,9 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             'language',
             'experimental',
             'app-groups',
-            'metadata'
+            'metadata',
+            'track',
+            'branch'
         ]
     },
     (0, commonHelp_1.commonHelpLinks)()

package/dist/commands/scan/processScan.js

@@ -4,18 +4,12 @@ const { startScan } = require('../../scan/scanController');
 const { saveScanFile } = require('../../utils/saveFile');
 const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
 const { formatScanOutput } = require('../../scan/formatScanOutput');
-const { processSca } = require('./sca/scaAnalysis');
 const common = require('../../common/fail');
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
 const chalk = require('chalk');
-const generalAPI = require('../../utils/generalAPI');
 const processScan = async (contrastConf, argv) => {
     let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
     let output = undefined;
-    config.mode = await generalAPI.getMode(config);
-    if (config.experimental) {
-        await processSca(config, argv);
-    }
     let scanResults = new ScanResultsModel(await startScan(config));
     await sendTelemetryConfigAsObject(config, 'scan', argv, 'SUCCESS', scanResults.scanDetail.language);
     if (scanResults.scanResultsInstances !== undefined) {

package/dist/commands/scan/sca/scaAnalysis.js

@@ -18,9 +18,11 @@ const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
 const { auditUsageGuide } = require('../../audit/help');
 const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames');
 const path = require('path');
-const generalAPI = require('../../../utils/generalAPI');
+const auditReport = require('../../../scaAnalysis/common/auditReport');
+const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload');
+const settingsHelper = require('../../../utils/settingsHelper');
 const processSca = async (config) => {
-    config.mode = await generalAPI.getMode(config);
+    config = await settingsHelper.getSettings(config);
     const startTime = performance.now();
     let filesFound;
     if (config.help) {
@@ -75,19 +77,35 @@ const processSca = async (config) => {
         if (!config.applicationId) {
             config.applicationId = await auditController.dealWithNoAppId(config);
         }
-        console.log('');
-        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
-        startSpinner(reportSpinner);
-        const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
-        await pollForSnapshotCompletition(config, snapshotResponse.id, reportSpinner);
-        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
-        await vulnerabilityReportV2(config, snapshotResponse.id);
-        if (config.save !== undefined) {
-            await auditSave.auditSave(config);
+        if (config.experimental) {
+            console.log('');
+            const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+            startSpinner(reportSpinner);
+            const [reports, reportId] = await scaUpload.scaTreeUpload(messageToSend, config);
+            auditReport.processAuditReport(config, reports[0]);
+            succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+            if (config.save !== undefined) {
+                await auditSave.auditSave(config, reportId);
+            }
+            const endTime = performance.now() - startTime;
+            const scanDurationMs = endTime - startTime;
+            console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
+        }
+        else {
+            console.log('');
+            const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+            startSpinner(reportSpinner);
+            const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
+            await pollForSnapshotCompletition(config, snapshotResponse.id, reportSpinner);
+            succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+            await vulnerabilityReportV2(config, snapshotResponse.id);
+            if (config.save !== undefined) {
+                await auditSave.auditSave(config);
+            }
+            const endTime = performance.now() - startTime;
+            const scanDurationMs = endTime - startTime;
+            console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
         }
-        const endTime = performance.now() - startTime;
-        const scanDurationMs = endTime - startTime;
-        console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
     }
     else {
         if (filesFound.length === 0) {

package/dist/common/HTTPClient.js

@@ -185,6 +185,12 @@ HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(config,
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createScaServiceIngestsURL(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
     const options = _.cloneDeep(this.requestOptions);
     if (config.ignoreDev) {
@@ -266,6 +272,11 @@ HTTPClient.prototype.getSbom = function getSbom(config, type) {
     options.url = createSbomUrl(config, type);
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.getSCASbom = function getSbom(config, type, reportId) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createSCASbomUrl(config, type, reportId);
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
     const options = _.cloneDeep(this.requestOptions);
     options.url =
@@ -321,13 +332,18 @@ function createSnapshotURL(config) {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots`;
 }
 function createScaServiceReportURL(config, reportId) {
-    return ``;
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/reports/${reportId}`;
 }
 function createScaServiceReportStatusURL(config, reportId) {
-    return ``;
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/${reportId}/status`;
+}
+function createScaServiceIngestsURL(config) {
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests`;
 }
 function createScaServiceIngestURL(config) {
-    return ``;
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/tree`;
+    baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl;
+    return baseUrl;
 }
 const createAppCreateURL = config => {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/create`;
@@ -353,6 +369,9 @@ function createDataUrl() {
 function createSbomUrl(config, type) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
 }
+function createSCASbomUrl(config, type, reportId) {
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/sbom/${reportId}?toolType=${type}`;
+}
 function createTelemetryEventUrl(config) {
     return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/cli`;
 }

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.14';
+const APP_VERSION = '1.0.15';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
@@ -30,6 +30,10 @@ const SARIF_FILE = 'SARIF';
 const SBOM_CYCLONE_DX_FILE = 'cyclonedx';
 const SBOM_SPDX_FILE = 'spdx';
 const CE_URL = 'https://ce.contrastsecurity.com';
+const SAAS = 'SAAS';
+const EOP = 'EOP';
+const MODE_BUILD = 'BUILD';
+const MODE_REPO = 'REPO';
 module.exports = {
     supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
     supportedLanguagesScan: { JAVASCRIPT, DOTNET, JAVA },
@@ -55,5 +59,9 @@ module.exports = {
     LOW_PRIORITY,
     NOTE_PRIORITY,
     SBOM_CYCLONE_DX_FILE,
-    SBOM_SPDX_FILE
+    SBOM_SPDX_FILE,
+    SAAS,
+    EOP,
+    MODE_BUILD,
+    MODE_REPO
 };

package/dist/constants/locales.js

@@ -213,6 +213,8 @@ const en_locales = () => {
         scanOptionsTimeoutSummary: 'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
         scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
         scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
+        auditOptionsTrackSummary: ' Save the results to the UI.',
+        auditOptionsBranchSummary: ' Set the branch name to associate the library results to.',
         authSuccessMessage: 'Authentication successful',
         runAuthSuccessMessage: chalk.bold('CodeSec by Contrast') +
             '\nScan, secure and ship your code in minutes for FREE. \n' +

package/dist/constants.js

@@ -341,6 +341,35 @@ const auditOptionDefinitions = [
         name: 'help',
         alias: 'h',
         type: Boolean
+    },
+    {
+        name: 'debug',
+        alias: 'd',
+        type: Boolean
+    },
+    {
+        name: 'verbose',
+        alias: 'v',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('scanOptionsVerboseSummary')
+    },
+    {
+        name: 'track',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('auditOptionsTrackSummary')
+    },
+    {
+        name: 'branch',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('auditOptionsBranchSummary')
     }
 ];
 const mainUsageGuide = commandLineUsage([

package/dist/sbom/generateSbom.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateSbom = void 0;
+exports.generateSCASbom = exports.generateSbom = void 0;
 const commonApi_1 = require("../utils/commonApi");
 const generateSbom = (config, type) => {
     const client = (0, commonApi_1.getHttpClient)(config);
@@ -19,3 +19,20 @@ const generateSbom = (config, type) => {
     });
 };
 exports.generateSbom = generateSbom;
+const generateSCASbom = (config, type, reportId) => {
+    const client = (0, commonApi_1.getHttpClient)(config);
+    return client
+        .getSCASbom(config, type, reportId)
+        .then((res) => {
+        if (res.statusCode === 200) {
+            return res.body;
+        }
+        else {
+            console.log('Unable to retrieve Software Bill of Materials (SBOM)');
+        }
+    })
+        .catch((err) => {
+        console.log(err);
+    });
+};
+exports.generateSCASbom = generateSCASbom;

package/dist/scaAnalysis/common/scaServicesUpload.js

@@ -13,6 +13,9 @@ const scaTreeUpload = async (analysis, config) => {
             version: APP_VERSION
         }
     };
+    if (config.branch) {
+        requestBody.branchName = config.branch;
+    }
     const client = commonApi.getHttpClient(config);
     const reportID = await client
         .scaServiceIngest(requestBody, config)
@@ -27,26 +30,30 @@ const scaTreeUpload = async (analysis, config) => {
         .catch(err => {
         throw err;
     });
-    console.log(' polling report');
+    if (config.debug) {
+        console.log(' polling report', reportID);
+    }
     let keepChecking = true;
     let res;
     while (keepChecking) {
         res = await client.scaServiceReportStatus(config, reportID).then(res => {
-            console.log(res.statusCode);
-            console.log(res.body);
-            if (res.body.status == 'COMPLETED') {
+            if (config.debug) {
+                console.log(res.statusCode);
+                console.log(res.body);
+            }
+            if (res.body.status === 'COMPLETED') {
                 keepChecking = false;
                 return client.scaServiceReport(config, reportID).then(res => {
-                    return res.body;
+                    return [res.body, reportID];
                 });
             }
         });
         if (!keepChecking) {
-            return res;
+            return [res, reportID];
         }
         await requestUtils.sleep(5000);
     }
-    return res;
+    return [res, reportID];
 };
 module.exports = {
     scaTreeUpload

package/dist/utils/commonApi.js

@@ -18,6 +18,7 @@ const handleResponseErrors = (res, api) => {
         maxAppError();
     }
     else {
+        console.log(res.statusCode);
         genericError(res);
     }
 };

package/dist/utils/settingsHelper.js

@@ -0,0 +1,24 @@
+"use strict";
+const commonApi = require('./commonApi');
+const { getMode } = require('./generalAPI');
+const { SAAS, MODE_BUILD } = require('../constants/constants');
+const getSettings = async (config) => {
+    config.isEOP = (await getMode(config)).toUpperCase() === SAAS ? false : true;
+    config.mode = MODE_BUILD;
+    config.scaServices = await isSCAServicesAvailable(config);
+    return config;
+};
+const isSCAServicesAvailable = async (config) => {
+    const client = commonApi.getHttpClient(config);
+    return client
+        .scaServiceIngests(config)
+        .then(res => {
+        return res.statusCode !== 403;
+    })
+        .catch(err => {
+        console.log(err);
+    });
+};
+module.exports = {
+    getSettings
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.14",
+  "version": "1.0.15",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {

package/src/audit/save.js

@@ -8,7 +8,7 @@ const {
   SBOM_SPDX_FILE
 } = require('../constants/constants')
 
-async function auditSave(config) {
+async function auditSave(config, reportId) {
   let fileFormat
   switch (config.save) {
     case null:
@@ -23,11 +23,19 @@ async function auditSave(config) {
   }
 
   if (fileFormat) {
-    save.saveFile(
-      config,
-      fileFormat,
-      await sbom.generateSbom(config, fileFormat)
-    )
+    if (config.experimental) {
+      save.saveFile(
+        config,
+        fileFormat,
+        await sbom.generateSCASbom(config, fileFormat, reportId)
+      )
+    } else {
+      save.saveFile(
+        config,
+        fileFormat,
+        await sbom.generateSbom(config, fileFormat)
+      )
+    }
     const filename = `${config.applicationId}-sbom-${fileFormat}.json`
     if (fs.existsSync(filename)) {
       console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`)

package/src/commands/audit/help.ts

@@ -47,7 +47,9 @@ const auditUsageGuide = commandLineUsage([
       'language',
       'experimental',
       'app-groups',
-      'metadata'
+      'metadata',
+      'track',
+      'branch'
     ]
   },
   commonHelpLinks()

package/src/commands/scan/processScan.js

@@ -3,21 +3,13 @@ const { startScan } = require('../../scan/scanController')
 const { saveScanFile } = require('../../utils/saveFile')
 const { ScanResultsModel } = require('../../scan/models/scanResultsModel')
 const { formatScanOutput } = require('../../scan/formatScanOutput')
-const { processSca } = require('./sca/scaAnalysis')
 const common = require('../../common/fail')
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry')
 const chalk = require('chalk')
-const generalAPI = require('../../utils/generalAPI')
 
 const processScan = async (contrastConf, argv) => {
   let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv)
   let output = undefined
-  config.mode = await generalAPI.getMode(config)
-
-  //try SCA analysis first
-  if (config.experimental) {
-    await processSca(config, argv)
-  }
 
   let scanResults = new ScanResultsModel(await startScan(config))
   await sendTelemetryConfigAsObject(

package/src/commands/scan/sca/scaAnalysis.js

@@ -27,10 +27,13 @@ const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
 const { auditUsageGuide } = require('../../audit/help')
 const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames')
 const path = require('path')
-const generalAPI = require('../../../utils/generalAPI')
+const auditReport = require('../../../scaAnalysis/common/auditReport')
+const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload')
+const settingsHelper = require('../../../utils/settingsHelper')
 
 const processSca = async config => {
-  config.mode = await generalAPI.getMode(config)
+  //checks to see whether to use old TS / new SCA path
+  config = await settingsHelper.getSettings(config)
 
   const startTime = performance.now()
   let filesFound
@@ -103,38 +106,56 @@ const processSca = async config => {
       config.applicationId = await auditController.dealWithNoAppId(config)
     }
 
-    // if (config.experimental) {
-    //   // const reports = await scaUpload.scaTreeUpload(messageToSend, config)
-    //   auditReport.processAuditReport(config, 'reports')
-    // } else {
-    console.log('') //empty log for space before spinner
-    //send message to TS
-    const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
-    startSpinner(reportSpinner)
-    const snapshotResponse = await treeUpload.commonSendSnapShot(
-      messageToSend,
-      config
-    )
+    if (config.experimental) {
+      console.log('') //empty log for space before spinner
+      const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+      startSpinner(reportSpinner)
+      const [reports, reportId] = await scaUpload.scaTreeUpload(
+        messageToSend,
+        config
+      )
 
-    //poll for completion
-    await pollForSnapshotCompletition(
-      config,
-      snapshotResponse.id,
-      reportSpinner
-    )
-    succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
+      auditReport.processAuditReport(config, reports[0])
+      succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
 
-    await vulnerabilityReportV2(config, snapshotResponse.id)
-    if (config.save !== undefined) {
-      await auditSave.auditSave(config)
-    }
-    const endTime = performance.now() - startTime
-    const scanDurationMs = endTime - startTime
+      if (config.save !== undefined) {
+        await auditSave.auditSave(config, reportId)
+      }
 
-    console.log(
-      `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
-    )
-    // }
+      const endTime = performance.now() - startTime
+      const scanDurationMs = endTime - startTime
+      console.log(
+        `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+      )
+    } else {
+      console.log('') //empty log for space before spinner
+      //send message to TS
+      const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+      startSpinner(reportSpinner)
+      const snapshotResponse = await treeUpload.commonSendSnapShot(
+        messageToSend,
+        config
+      )
+
+      //poll for completion
+      await pollForSnapshotCompletition(
+        config,
+        snapshotResponse.id,
+        reportSpinner
+      )
+      succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
+
+      await vulnerabilityReportV2(config, snapshotResponse.id)
+      if (config.save !== undefined) {
+        await auditSave.auditSave(config)
+      }
+      const endTime = performance.now() - startTime
+      const scanDurationMs = endTime - startTime
+
+      console.log(
+        `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+      )
+    }
   } else {
     if (filesFound.length === 0) {
       console.log(i18n.__('languageAnalysisNoLanguage'))

package/src/common/HTTPClient.js

@@ -246,6 +246,13 @@ HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createScaServiceIngestsURL(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
   const options = _.cloneDeep(this.requestOptions)
   if (config.ignoreDev) {
@@ -370,6 +377,12 @@ HTTPClient.prototype.getSbom = function getSbom(config, type) {
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.getSCASbom = function getSbom(config, type, reportId) {
+  const options = _.cloneDeep(this.requestOptions)
+  options.url = createSCASbomUrl(config, type, reportId)
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
   const options = _.cloneDeep(this.requestOptions)
   options.url =
@@ -447,15 +460,21 @@ function createSnapshotURL(config) {
 }
 
 function createScaServiceReportURL(config, reportId) {
-  return ``
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/reports/${reportId}`
 }
 
 function createScaServiceReportStatusURL(config, reportId) {
-  return ``
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/${reportId}/status`
+}
+
+function createScaServiceIngestsURL(config) {
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests`
 }
 
 function createScaServiceIngestURL(config) {
-  return ``
+  let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/tree`
+  baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl
+  return baseUrl
 }
 
 const createAppCreateURL = config => {
@@ -492,6 +511,10 @@ function createSbomUrl(config, type) {
   return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`
 }
 
+function createSCASbomUrl(config, type, reportId) {
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/sbom/${reportId}?toolType=${type}`
+}
+
 function createTelemetryEventUrl(config) {
   return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/cli`
 }

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.14'
+const APP_VERSION = '1.0.15'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'
@@ -34,6 +34,12 @@ const SBOM_CYCLONE_DX_FILE = 'cyclonedx'
 const SBOM_SPDX_FILE = 'spdx'
 const CE_URL = 'https://ce.contrastsecurity.com'
 
+//configuration
+const SAAS = 'SAAS'
+const EOP = 'EOP'
+const MODE_BUILD = 'BUILD'
+const MODE_REPO = 'REPO'
+
 module.exports = {
   supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
   supportedLanguagesScan: { JAVASCRIPT, DOTNET, JAVA },
@@ -59,5 +65,9 @@ module.exports = {
   LOW_PRIORITY,
   NOTE_PRIORITY,
   SBOM_CYCLONE_DX_FILE,
-  SBOM_SPDX_FILE
+  SBOM_SPDX_FILE,
+  SAAS,
+  EOP,
+  MODE_BUILD,
+  MODE_REPO
 }

package/src/constants/locales.js

@@ -317,6 +317,9 @@ const en_locales = () => {
     scanOptionsFileNameSummary:
       'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
     scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
+    auditOptionsTrackSummary: ' Save the results to the UI.',
+    auditOptionsBranchSummary:
+      ' Set the branch name to associate the library results to.',
     authSuccessMessage: 'Authentication successful',
     runAuthSuccessMessage:
       chalk.bold('CodeSec by Contrast') +

package/src/constants.js

@@ -384,6 +384,38 @@ const auditOptionDefinitions = [
     name: 'help',
     alias: 'h',
     type: Boolean
+  },
+  {
+    name: 'debug',
+    alias: 'd',
+    type: Boolean
+  },
+  {
+    name: 'verbose',
+    alias: 'v',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('scanOptionsVerboseSummary')
+  },
+  {
+    name: 'track',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('auditOptionsTrackSummary')
+  },
+  {
+    name: 'branch',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('auditOptionsBranchSummary')
   }
 ]
 

package/src/sbom/generateSbom.ts

@@ -15,3 +15,23 @@ export const generateSbom = (config: any, type: string) => {
       console.log(err)
     })
 }
+
+export const generateSCASbom = (
+  config: any,
+  type: string,
+  reportId: string
+) => {
+  const client = getHttpClient(config)
+  return client
+    .getSCASbom(config, type, reportId)
+    .then((res: { statusCode: number; body: any }) => {
+      if (res.statusCode === 200) {
+        return res.body
+      } else {
+        console.log('Unable to retrieve Software Bill of Materials (SBOM)')
+      }
+    })
+    .catch((err: any) => {
+      console.log(err)
+    })
+}

package/src/scaAnalysis/common/scaServicesUpload.js

@@ -14,6 +14,10 @@ const scaTreeUpload = async (analysis, config) => {
     }
   }
 
+  if (config.branch) {
+    requestBody.branchName = config.branch
+  }
+
   const client = commonApi.getHttpClient(config)
   const reportID = await client
     .scaServiceIngest(requestBody, config)
@@ -27,28 +31,32 @@ const scaTreeUpload = async (analysis, config) => {
     .catch(err => {
       throw err
     })
-  console.log(' polling report')
+  if (config.debug) {
+    console.log(' polling report', reportID)
+  }
 
   let keepChecking = true
   let res
   while (keepChecking) {
     res = await client.scaServiceReportStatus(config, reportID).then(res => {
-      console.log(res.statusCode)
-      console.log(res.body)
-      if (res.body.status == 'COMPLETED') {
+      if (config.debug) {
+        console.log(res.statusCode)
+        console.log(res.body)
+      }
+      if (res.body.status === 'COMPLETED') {
         keepChecking = false
         return client.scaServiceReport(config, reportID).then(res => {
-          return res.body
+          return [res.body, reportID]
         })
       }
     })
 
     if (!keepChecking) {
-      return res
+      return [res, reportID]
     }
     await requestUtils.sleep(5000)
   }
-  return res
+  return [res, reportID]
 }
 
 module.exports = {

package/src/utils/commonApi.js

@@ -20,6 +20,7 @@ const handleResponseErrors = (res, api) => {
   } else if (res.statusCode === 412) {
     maxAppError()
   } else {
+    console.log(res.statusCode)
     genericError(res)
   }
 }

package/src/utils/settingsHelper.js

@@ -0,0 +1,26 @@
+const commonApi = require('./commonApi')
+const { getMode } = require('./generalAPI')
+const { SAAS, MODE_BUILD } = require('../constants/constants')
+
+const getSettings = async config => {
+  config.isEOP = (await getMode(config)).toUpperCase() === SAAS ? false : true
+  config.mode = MODE_BUILD
+  config.scaServices = await isSCAServicesAvailable(config)
+  return config
+}
+
+const isSCAServicesAvailable = async config => {
+  const client = commonApi.getHttpClient(config)
+  return client
+    .scaServiceIngests(config)
+    .then(res => {
+      return res.statusCode !== 403
+    })
+    .catch(err => {
+      console.log(err)
+    })
+}
+
+module.exports = {
+  getSettings
+}