@contrast/contrast 1.0.14 → 1.0.16

package/dist/audit/languageAnalysisEngine/sendSnapshot.js

@@ -28,7 +28,7 @@ const getTimeout = config => {
         return 300;
     }
 };
-const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) => {
+const pollForSnapshotCompletion = async (config, snapshotId, reportSpinner) => {
     const client = commonApi.getHttpClient(config);
     const startTime = performance.now();
     const timeout = getTimeout(config);
@@ -63,5 +63,5 @@ const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) =>
     }
 };
 module.exports = {
-    pollForSnapshotCompletition: pollForSnapshotCompletition
+    pollForSnapshotCompletion
 };

package/dist/audit/report/commonReportingFunctions.js

@@ -132,13 +132,7 @@ function buildBody(cveArray, advice) {
 function getIssueRow(cveArray) {
     orderByHighestPriority(cveArray);
     const cveMessagesList = getIssueCveMsgList(cveArray);
-    const cveNumbers = getSeverityCounts(cveArray);
-    const numAndSeverityTypeDesc = getNumOfAndSeverityType(cveNumbers);
-    return [
-        chalk.bold('Issue'),
-        ':',
-        `${numAndSeverityTypeDesc} ${cveMessagesList.join(', ')}`
-    ];
+    return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`];
 }
 function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
     const guidanceModel = new ReportGuidanceModel();
@@ -152,17 +146,6 @@ function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
 function buildFormattedHeaderNum(contrastHeaderNum) {
     return `CONTRAST-${contrastHeaderNum.toString().padStart(3, '0')}`;
 }
-function getNumOfAndSeverityType(cveNumbers) {
-    const { critical, high, medium, low, note } = cveNumbers;
-    const criticalMsg = critical > 0 ? `${critical} Critical | ` : '';
-    const highMsg = high > 0 ? `${high} High | ` : '';
-    const mediumMsg = medium > 0 ? `${medium} Medium | ` : '';
-    const lowMsg = low > 0 ? `${low} Low | ` : '';
-    const noteMsg = note > 0 ? `${note} Note` : '';
-    return `${criticalMsg} ${highMsg} ${mediumMsg} ${lowMsg} ${noteMsg}`
-        .replace(/\s+/g, ' ')
-        .trim();
-}
 const buildFooter = reportModelStructure => {
     const { critical, high, medium, low, note } = countVulnerableLibrariesBySeverity(reportModelStructure);
     const criticalMessage = chalk
@@ -257,7 +240,6 @@ module.exports = {
     getIssueRow,
     gatherRemediationAdvice,
     buildFormattedHeaderNum,
-    getNumOfAndSeverityType,
     getIssueCveMsgList,
     getSeverityCounts,
     printNoVulnFoundMsg,

package/dist/audit/save.js

@@ -5,7 +5,7 @@ const chalk = require('chalk');
 const save = require('../commands/audit/saveFile');
 const sbom = require('../sbom/generateSbom');
 const { SBOM_CYCLONE_DX_FILE, SBOM_SPDX_FILE } = require('../constants/constants');
-async function auditSave(config) {
+async function auditSave(config, reportId) {
     let fileFormat;
     switch (config.save) {
         case null:
@@ -19,7 +19,12 @@ async function auditSave(config) {
             break;
     }
     if (fileFormat) {
-        save.saveFile(config, fileFormat, await sbom.generateSbom(config, fileFormat));
+        if (config.experimental) {
+            save.saveFile(config, fileFormat, await sbom.generateSCASbom(config, fileFormat, reportId));
+        }
+        else {
+            save.saveFile(config, fileFormat, await sbom.generateSbom(config, fileFormat));
+        }
         const filename = `${config.applicationId}-sbom-${fileFormat}.json`;
         if (fs.existsSync(filename)) {
             console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);

package/dist/{constants.js → cliConstants.js}

@@ -10,7 +10,46 @@ i18n.configure({
     },
     defaultLocale: 'en'
 });
+const sharedOptionDefinitions = [
+    {
+        name: 'proxy',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProxyServer')
+    },
+    {
+        name: 'key',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProxyKey')
+    },
+    {
+        name: 'cacert',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProxyCaCert')
+    },
+    {
+        name: 'cert',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('constantsProxyCert')
+    },
+    {
+        name: 'ignore-cert-errors',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('constantsIgnoreCertErrors')
+    }
+];
 const scanOptionDefinitions = [
+    ...sharedOptionDefinitions,
     {
         name: 'name',
         alias: 'n',
@@ -88,13 +127,6 @@ const scanOptionDefinitions = [
             '}: ' +
             i18n.__('constantsHostId')
     },
-    {
-        name: 'proxy',
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('constantsProxyServer')
-    },
     {
         name: 'fail',
         type: Boolean,
@@ -117,15 +149,7 @@ const scanOptionDefinitions = [
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsProxyServer')
-    },
-    {
-        name: 'ignore-cert-errors',
-        type: Boolean,
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}:' +
-            i18n.__('constantsIgnoreCertErrors')
+            i18n.__('constantsDoNotWaitForScan')
     },
     {
         name: 'verbose',
@@ -190,6 +214,7 @@ const configOptionDefinitions = [
     }
 ];
 const auditOptionDefinitions = [
+    ...sharedOptionDefinitions,
     {
         name: 'application-id',
         description: '{bold ' +
@@ -299,21 +324,6 @@ const auditOptionDefinitions = [
             '}: ' +
             i18n.__('constantsHostId')
     },
-    {
-        name: 'proxy',
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}: ' +
-            i18n.__('constantsProxyServer')
-    },
-    {
-        name: 'ignore-cert-errors',
-        type: Boolean,
-        description: '{bold ' +
-            i18n.__('constantsOptional') +
-            '}:' +
-            i18n.__('constantsIgnoreCertErrors')
-    },
     {
         name: 'save',
         alias: 's',
@@ -341,6 +351,35 @@ const auditOptionDefinitions = [
         name: 'help',
         alias: 'h',
         type: Boolean
+    },
+    {
+        name: 'debug',
+        alias: 'd',
+        type: Boolean
+    },
+    {
+        name: 'verbose',
+        alias: 'v',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('scanOptionsVerboseSummary')
+    },
+    {
+        name: 'track',
+        type: Boolean,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('auditOptionsTrackSummary')
+    },
+    {
+        name: 'branch',
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}:' +
+            i18n.__('auditOptionsBranchSummary')
     }
 ];
 const mainUsageGuide = commandLineUsage([

package/dist/commands/audit/auditConfig.js

@@ -5,10 +5,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAuditConfig = void 0;
 const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
-const constants_1 = __importDefault(require("../../constants"));
+const cliConstants_1 = __importDefault(require("../../cliConstants"));
 const parsedCLIOptions_1 = require("../../utils/parsedCLIOptions");
 const getAuditConfig = async (contrastConf, command, argv) => {
-    const auditParameters = await (0, parsedCLIOptions_1.getCommandLineArgsCustom)(contrastConf, command, argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
+    const auditParameters = await (0, parsedCLIOptions_1.getCommandLineArgsCustom)(contrastConf, command, argv, cliConstants_1.default.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
     return { ...paramsAuth, ...auditParameters };
 };

package/dist/commands/audit/help.js

@@ -6,7 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.auditUsageGuide = void 0;
 const command_line_usage_1 = __importDefault(require("command-line-usage"));
 const i18n_1 = __importDefault(require("i18n"));
-const constants_1 = __importDefault(require("../../constants"));
+const cliConstants_1 = __importDefault(require("../../cliConstants"));
 const commonHelp_1 = require("../../common/commonHelp");
 const auditUsageGuide = (0, command_line_usage_1.default)([
     {
@@ -30,7 +30,7 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
     },
     {
         header: i18n_1.default.__('constantsAuditOptions'),
-        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions,
+        optionList: cliConstants_1.default.commandLineDefinitions.auditOptionDefinitions,
         hide: [
             'application-id',
             'application-name',
@@ -52,7 +52,9 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             'language',
             'experimental',
             'app-groups',
-            'metadata'
+            'metadata',
+            'track',
+            'branch'
         ]
     },
     (0, commonHelp_1.commonHelpLinks)()

package/dist/commands/auth/auth.js

@@ -8,7 +8,7 @@ const i18n = require('i18n');
 const { returnOra, startSpinner, failSpinner, succeedSpinner } = require('../../utils/oraWrapper');
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants');
 const parsedCLIOptions = require('../../utils/parsedCLIOptions');
-const constants = require('../../constants');
+const constants = require('../../cliConstants');
 const commandLineUsage = require('command-line-usage');
 const processAuth = async (argv, config) => {
     let authParams = await parsedCLIOptions.getCommandLineArgsCustom(config, 'auth', argv, constants.commandLineDefinitions.authOptionDefinitions);

package/dist/commands/config/config.js

@@ -1,6 +1,6 @@
 "use strict";
 const parsedCLIOptions = require('../../utils/parsedCLIOptions');
-const constants = require('../../constants');
+const constants = require('../../cliConstants');
 const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
 const processConfig = async (argv, config) => {

package/dist/commands/scan/processScan.js

@@ -4,18 +4,12 @@ const { startScan } = require('../../scan/scanController');
 const { saveScanFile } = require('../../utils/saveFile');
 const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
 const { formatScanOutput } = require('../../scan/formatScanOutput');
-const { processSca } = require('./sca/scaAnalysis');
 const common = require('../../common/fail');
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
 const chalk = require('chalk');
-const generalAPI = require('../../utils/generalAPI');
 const processScan = async (contrastConf, argv) => {
     let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv);
     let output = undefined;
-    config.mode = await generalAPI.getMode(config);
-    if (config.experimental) {
-        await processSca(config, argv);
-    }
     let scanResults = new ScanResultsModel(await startScan(config));
     await sendTelemetryConfigAsObject(config, 'scan', argv, 'SUCCESS', scanResults.scanDetail.language);
     if (scanResults.scanResultsInstances !== undefined) {

package/dist/commands/scan/sca/scaAnalysis.js

@@ -1,26 +1,30 @@
 "use strict";
+const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../../../constants/constants');
+const { pollForSnapshotCompletion } = require('../../../audit/languageAnalysisEngine/sendSnapshot');
+const { returnOra, startSpinner, succeedSpinner } = require('../../../utils/oraWrapper');
+const { vulnerabilityReportV2 } = require('../../../audit/report/reportingFeature');
 const autoDetection = require('../../../scan/autoDetection');
-const javaAnalysis = require('../../../scaAnalysis/java');
 const treeUpload = require('../../../scaAnalysis/common/treeUpload');
 const auditController = require('../../audit/auditController');
-const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../../../constants/constants');
-const goAnalysis = require('../../../scaAnalysis/go/goAnalysis');
-const phpAnalysis = require('../../../scaAnalysis/php/index');
-const { rubyAnalysis } = require('../../../scaAnalysis/ruby');
-const { pythonAnalysis } = require('../../../scaAnalysis/python');
-const javascriptAnalysis = require('../../../scaAnalysis/javascript');
-const { pollForSnapshotCompletition } = require('../../../audit/languageAnalysisEngine/sendSnapshot');
-const { returnOra, startSpinner, succeedSpinner } = require('../../../utils/oraWrapper');
+const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames');
+const path = require('path');
 const i18n = require('i18n');
-const { vulnerabilityReportV2 } = require('../../../audit/report/reportingFeature');
 const auditSave = require('../../../audit/save');
-const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
 const { auditUsageGuide } = require('../../audit/help');
-const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames');
-const path = require('path');
-const generalAPI = require('../../../utils/generalAPI');
+const { buildRepo } = require('../../../scaAnalysis/repoMode/index');
+const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
+const { goAnalysis } = require('../../../scaAnalysis/go/goAnalysis');
+const { phpAnalysis } = require('../../../scaAnalysis/php/index');
+const { rubyAnalysis } = require('../../../scaAnalysis/ruby');
+const { pythonAnalysis } = require('../../../scaAnalysis/python');
+const javaAnalysis = require('../../../scaAnalysis/java');
+const jsAnalysis = require('../../../scaAnalysis/javascript');
+const auditReport = require('../../../scaAnalysis/common/auditReport');
+const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload');
+const settingsHelper = require('../../../utils/settingsHelper');
+const chalk = require('chalk');
 const processSca = async (config) => {
-    config.mode = await generalAPI.getMode(config);
+    config = await settingsHelper.getSettings(config);
     const startTime = performance.now();
     let filesFound;
     if (config.help) {
@@ -37,6 +41,15 @@ const processSca = async (config) => {
     if (filesFound.length > 1 && pathWithFile) {
         filesFound = filesFound.filter(i => Object.values(i)[0].includes(path.basename(config.fileName)));
     }
+    if (config.mode === 'repo') {
+        try {
+            return buildRepo(config, filesFound[0]);
+        }
+        catch (e) {
+            console.log('Unable to build in repository mode. Check your project file');
+            process.exit(0);
+        }
+    }
     let messageToSend = undefined;
     if (filesFound.length === 1) {
         switch (Object.keys(filesFound[0])[0]) {
@@ -45,7 +58,7 @@ const processSca = async (config) => {
                 config.language = JAVA;
                 break;
             case JAVASCRIPT:
-                messageToSend = await javascriptAnalysis.jsAnalysis(config, filesFound[0]);
+                messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0]);
                 config.language = NODE;
                 break;
             case PYTHON:
@@ -57,11 +70,11 @@ const processSca = async (config) => {
                 config.language = RUBY;
                 break;
             case PHP:
-                messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0]);
+                messageToSend = phpAnalysis(config, filesFound[0]);
                 config.language = PHP;
                 break;
             case GO:
-                messageToSend = goAnalysis.goAnalysis(config, filesFound[0]);
+                messageToSend = goAnalysis(config, filesFound[0]);
                 config.language = GO;
                 break;
             case DOTNET:
@@ -75,19 +88,35 @@ const processSca = async (config) => {
         if (!config.applicationId) {
             config.applicationId = await auditController.dealWithNoAppId(config);
         }
-        console.log('');
-        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
-        startSpinner(reportSpinner);
-        const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
-        await pollForSnapshotCompletition(config, snapshotResponse.id, reportSpinner);
-        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
-        await vulnerabilityReportV2(config, snapshotResponse.id);
-        if (config.save !== undefined) {
-            await auditSave.auditSave(config);
+        if (config.experimental) {
+            console.log('');
+            const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+            startSpinner(reportSpinner);
+            const [reports, reportId] = await scaUpload.scaTreeUpload(messageToSend, config);
+            auditReport.processAuditReport(config, reports[0]);
+            succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+            if (config.save !== undefined) {
+                await auditSave.auditSave(config, reportId);
+            }
+            const endTime = performance.now() - startTime;
+            const scanDurationMs = endTime - startTime;
+            console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
+        }
+        else {
+            console.log('');
+            const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+            startSpinner(reportSpinner);
+            const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
+            await pollForSnapshotCompletion(config, snapshotResponse.id, reportSpinner);
+            succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+            await vulnerabilityReportV2(config, snapshotResponse.id);
+            if (config.save !== undefined) {
+                await auditSave.auditSave(config);
+            }
+            const endTime = performance.now() - startTime;
+            const scanDurationMs = endTime - startTime;
+            console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
         }
-        const endTime = performance.now() - startTime;
-        const scanDurationMs = endTime - startTime;
-        console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
     }
     else {
         if (filesFound.length === 0) {
@@ -96,9 +125,11 @@ const processSca = async (config) => {
             throw new Error();
         }
         else {
-            throw new Error(`multiple language files detected \n` +
-                JSON.stringify(filesFound) +
-                `\nplease use --file to audit one language only. Example: contrast audit --file package-lock.json`);
+            console.log(chalk.bold(`\nMultiple language files detected \n`));
+            filesFound.forEach(file => {
+                console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0]);
+            });
+            throw new Error(`Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`);
         }
     }
 };

package/dist/common/HTTPClient.js

@@ -34,7 +34,7 @@ HTTPClient.prototype.maybeAddCertsToRequest = function (config) {
     if (caCertFilePath) {
         const caFileContent = fs.readFileSync(caCertFilePath);
         if (caFileContent instanceof Error) {
-            throw new Error(`Unable to read CA from config option contrast.api.certificate.ca_file='${caCertFilePath}', msg: ${caFileContent.message}`);
+            throw new Error(`Unable to read CA from ${caCertFilePath}, msg: ${caFileContent.message}`);
         }
         this.requestOptions.ca = caFileContent;
     }
@@ -185,6 +185,12 @@ HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(config,
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createScaServiceIngestsURL(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
     const options = _.cloneDeep(this.requestOptions);
     if (config.ignoreDev) {
@@ -266,6 +272,11 @@ HTTPClient.prototype.getSbom = function getSbom(config, type) {
     options.url = createSbomUrl(config, type);
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.getSCASbom = function getSbom(config, type, reportId) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createSCASbomUrl(config, type, reportId);
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
     const options = _.cloneDeep(this.requestOptions);
     options.url =
@@ -321,13 +332,20 @@ function createSnapshotURL(config) {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots`;
 }
 function createScaServiceReportURL(config, reportId) {
-    return ``;
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/reports/${reportId}`;
+    baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl;
+    return baseUrl;
 }
 function createScaServiceReportStatusURL(config, reportId) {
-    return ``;
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/${reportId}/status`;
+}
+function createScaServiceIngestsURL(config) {
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests`;
 }
 function createScaServiceIngestURL(config) {
-    return ``;
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/tree`;
+    baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl;
+    return baseUrl;
 }
 const createAppCreateURL = config => {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/create`;
@@ -353,6 +371,9 @@ function createDataUrl() {
 function createSbomUrl(config, type) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
 }
+function createSCASbomUrl(config, type, reportId) {
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/sbom/${reportId}?toolType=${type}`;
+}
 function createTelemetryEventUrl(config) {
     return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/cli`;
 }

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.14';
+const APP_VERSION = '1.0.16';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
@@ -30,6 +30,10 @@ const SARIF_FILE = 'SARIF';
 const SBOM_CYCLONE_DX_FILE = 'cyclonedx';
 const SBOM_SPDX_FILE = 'spdx';
 const CE_URL = 'https://ce.contrastsecurity.com';
+const SAAS = 'SAAS';
+const EOP = 'EOP';
+const MODE_BUILD = 'BUILD';
+const MODE_REPO = 'REPO';
 module.exports = {
     supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
     supportedLanguagesScan: { JAVASCRIPT, DOTNET, JAVA },
@@ -55,5 +59,9 @@ module.exports = {
     LOW_PRIORITY,
     NOTE_PRIORITY,
     SBOM_CYCLONE_DX_FILE,
-    SBOM_SPDX_FILE
+    SBOM_SPDX_FILE,
+    SAAS,
+    EOP,
+    MODE_BUILD,
+    MODE_REPO
 };

package/dist/constants/locales.js

@@ -90,7 +90,7 @@ const en_locales = () => {
         constantsHelp: 'Display this usage guide.',
         constantsGradleMultiProject: 'Specify the sub project within your gradle application.',
         constantsScan: 'Upload java binaries to the static scan service',
-        constantsWaitForScan: 'Waits for the result of the scan',
+        constantsDoNotWaitForScan: 'Do not wait for the result of the scan',
         constantsProjectName: 'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
         constantsProjectId: 'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
         constantsReport: 'Display vulnerability information for this application',
@@ -133,38 +133,15 @@ const en_locales = () => {
         constantsHowToRunDev1: 'Begin with contrast auth to authenticate the CLI to perform actions',
         constantsHowToRunDev2: 'After successful auth try the following command: contrast scan -f "<file>"',
         constantsHowToRunDev3: 'Allowable languages are java (.jar and .war) and javascript (.js or .zip), if the language is not autodetected please use --language to specify',
-        constantsHowToRunContent1: 'You can run the tool on the command line and manually add the parameters, or you can put the parameters in a YAML file.',
-        constantsHowToRunContent2: 'If you are assessing an application that has not been instrumented by a Contrast agent you must first use the tool to register the application (Catalogue command). This will give you an application ID that you can then use in the Run Command.',
-        constantsHowToRunContent3: 'Allowable language values are JAVA, NODE, PYTHON, RUBY and GO.',
-        constantsManualInputHeader: 'Manual Input of Command:',
-        constantsManualInputCatalogue: 'Catalogue Command:',
-        constantsManualInputCatalogueInstruction: 'To analyse a new application not already instrumented by Contrast, run the following command:',
-        constantsManualInputCatalogueRun: 'After you run this command, you are provided a new application ID in the console. Use this ID in the Run command:',
-        constantsManualInputCatalogueRunTitle: 'Run Command:',
-        constantsManualInputCatalogueRunInstruction: 'To analyse an application catalogued by Contrast, run the following command:',
-        constantsYaml: 'Yaml:',
-        constantsYamlRunCommand: 'After you catalogue your application go to Run Command above.',
         constantsOptions: 'Options',
-        constantsCatalogueCommand: '%s YourApiKey %s YourAuthorizationKey %s YourOrganizationId %s YourHost %s YourApplicationName %s YourApplicationLanguage',
-        constantsRunCommand: '%s YourApiKey %s YourAuthorizationKey %s YourOrganizationId %s YourHost %s YourApplicationId',
         constantsSpecialCharacterWarning: 'Please Note: Parameters may need to be quoted to avoid issues with special characters.',
-        yamlCatalogueCommand: '%s PathToYaml',
-        yamlCommand: '%s PathToYaml',
-        agentProxyAndTlsEnabledError: 'Please Note: We currently do not support having a proxy server and TLS enabled at the same time.',
-        TlsHeader: 'TLS',
-        TlsBody: 'To enable TLS please use the YAML file with the following parameters:',
-        TlsKey: 'key: pathToKey',
-        TlsCert: 'cert: pathToCert',
-        TlsCaCert: 'cacert: pathToCaCert',
+        constantsProxyKey: 'Path to the Certificate Key',
+        constantsProxyCert: 'Path to the Cert file',
+        constantsProxyCaCert: 'Path to the CaCert file',
         goReadProjectFile: 'Failed to read the project file @ "%s" because: "%s"',
-        goAnalysisError: 'GO analysis failed because: ',
-        goParseProjectFile: 'Failed to parse go mod graph output because: ',
-        mavenNotInstalledError: "'mvn' is not available. Please ensure you have Maven installed and available on your path.",
         mavenDependencyTreeNonZero: 'Building maven dependancy tree failed with a non 0 exit code',
         gradleWrapperUnavailable: 'Gradle wrapper not found in root of project. Please ensure gradlew or gradlew.bat is in root of the project.',
         gradleDependencyTreeNonZero: "Building gradle dependancy tree failed with a non 0 exit code. \n Please check you have the correct version of Java installed to compile your project? \n If running against a muti module project ensure you are using the '--sub-project' flag",
-        yamlPathCamelCaseError: 'Warning: The "yamlPath" parameter will be deprecated in a future release. Please look at our documentation for further guidance.',
-        constantsSbom: 'Generate the Software Bill of Materials (SBOM) for the given application',
         constantsMetadata: 'Define a set of key=value pairs (which conforms to RFC 2253) for specifying user-defined metadata associated with the application.',
         constantsTags: 'Apply labels to an application. Labels must be formatted as a comma-delimited list. Example - label1,label2,label3',
         constantsCode: 'Add the application code this application should use in the Contrast UI',
@@ -174,9 +151,7 @@ const en_locales = () => {
         constantsIgnoreDev: 'Excludes developer dependencies from the results. All dependencies are included by default.',
         constantsCommands: 'Commands',
         constantsScanOptions: 'Scan Options',
-        sbomError: 'All required parameters are not present.',
         sbomRetrievalError: 'Unable to retrieve Software Bill of Materials (SBOM)',
-        ignoreDevDep: 'No private libraries that are not scoped detected',
         foundExistingProjectScan: 'Found existing project...',
         projectCreatedScan: 'Project created',
         uploadingScan: 'Uploading file to scan.',
@@ -190,7 +165,6 @@ const en_locales = () => {
         specifyFileAuditNotFound: 'No files found for library analysis',
         populateProjectIdMessage: 'project ID is %s',
         genericServiceError: 'returned with status code %s',
-        projectIdError: 'Your project ID is %s please check this is correct',
         permissionsError: 'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
         scanErrorFileMessage: 'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
         helpAuthSummary: 'Authenticate Contrast using your Github or Google account',
@@ -213,6 +187,8 @@ const en_locales = () => {
         scanOptionsTimeoutSummary: 'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
         scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
         scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
+        auditOptionsTrackSummary: ' Save the results to the UI.',
+        auditOptionsBranchSummary: ' Set the branch name to associate the library results to.',
         authSuccessMessage: 'Authentication successful',
         runAuthSuccessMessage: chalk.bold('CodeSec by Contrast') +
             '\nScan, secure and ship your code in minutes for FREE. \n' +
@@ -297,6 +273,7 @@ const en_locales = () => {
         auditSBOMSaveSuccess: '\n Software Bill of Materials (SBOM) saved successfully',
         auditNoFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold('No file type specified for --save option to save audit results to. Use audit --help to see valid --save options.')}`,
         auditBadFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold('Bad file type specified for --save option. Use audit --help to see valid --save options.')}`,
+        auditServicesMessageForTS: 'View your vulnerable library list or full dependency tree in Contrast:',
         auditReportWaiting: 'Waiting for report...',
         auditReportFail: 'Report Retrieval Failed, please try again',
         auditReportSuccessMessage: 'Report successfully retrieved',