@contrast/contrast 1.0.14 → 1.0.16

package/src/{constants.js → cliConstants.js}

@@ -11,8 +11,53 @@ i18n.configure({
   defaultLocale: 'en'
 })
 
+const sharedOptionDefinitions = [
+  {
+    name: 'proxy',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyServer')
+  },
+  {
+    name: 'key',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyKey')
+  },
+  {
+    name: 'cacert',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyCaCert')
+  },
+  {
+    name: 'cert',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyCert')
+  },
+  {
+    name: 'ignore-cert-errors',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('constantsIgnoreCertErrors')
+  }
+]
+
 // CLI options that we will allow and handle
 const scanOptionDefinitions = [
+  ...sharedOptionDefinitions,
   {
     name: 'name',
     alias: 'n',
@@ -100,14 +145,6 @@ const scanOptionDefinitions = [
       '}: ' +
       i18n.__('constantsHostId')
   },
-  {
-    name: 'proxy',
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}: ' +
-      i18n.__('constantsProxyServer')
-  },
   {
     name: 'fail',
     type: Boolean,
@@ -133,16 +170,7 @@ const scanOptionDefinitions = [
       '{bold ' +
       i18n.__('constantsOptional') +
       '}: ' +
-      i18n.__('constantsProxyServer')
-  },
-  {
-    name: 'ignore-cert-errors',
-    type: Boolean,
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}:' +
-      i18n.__('constantsIgnoreCertErrors')
+      i18n.__('constantsDoNotWaitForScan')
   },
   {
     name: 'verbose',
@@ -214,6 +242,7 @@ const configOptionDefinitions = [
 ]
 
 const auditOptionDefinitions = [
+  ...sharedOptionDefinitions,
   {
     name: 'application-id',
     description:
@@ -338,23 +367,6 @@ const auditOptionDefinitions = [
       '}: ' +
       i18n.__('constantsHostId')
   },
-  {
-    name: 'proxy',
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}: ' +
-      i18n.__('constantsProxyServer')
-  },
-  {
-    name: 'ignore-cert-errors',
-    type: Boolean,
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}:' +
-      i18n.__('constantsIgnoreCertErrors')
-  },
   {
     name: 'save',
     alias: 's',
@@ -384,6 +396,38 @@ const auditOptionDefinitions = [
     name: 'help',
     alias: 'h',
     type: Boolean
+  },
+  {
+    name: 'debug',
+    alias: 'd',
+    type: Boolean
+  },
+  {
+    name: 'verbose',
+    alias: 'v',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('scanOptionsVerboseSummary')
+  },
+  {
+    name: 'track',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('auditOptionsTrackSummary')
+  },
+  {
+    name: 'branch',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('auditOptionsBranchSummary')
   }
 ]
 

package/src/commands/audit/auditConfig.ts

@@ -1,5 +1,5 @@
 import paramHandler from '../../utils/paramsUtil/paramHandler'
-import constants from '../../constants'
+import constants from '../../cliConstants'
 import { getCommandLineArgsCustom } from '../../utils/parsedCLIOptions'
 import { ContrastConf } from '../../utils/getConfig'
 

package/src/commands/audit/help.ts

@@ -1,6 +1,6 @@
 import commandLineUsage from 'command-line-usage'
 import i18n from 'i18n'
-import constants from '../../constants'
+import constants from '../../cliConstants'
 import { commonHelpLinks } from '../../common/commonHelp'
 
 const auditUsageGuide = commandLineUsage([
@@ -47,7 +47,9 @@ const auditUsageGuide = commandLineUsage([
       'language',
       'experimental',
       'app-groups',
-      'metadata'
+      'metadata',
+      'track',
+      'branch'
     ]
   },
   commonHelpLinks()

package/src/commands/auth/auth.js

@@ -12,7 +12,7 @@ const {
 } = require('../../utils/oraWrapper')
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants')
 const parsedCLIOptions = require('../../utils/parsedCLIOptions')
-const constants = require('../../constants')
+const constants = require('../../cliConstants')
 const commandLineUsage = require('command-line-usage')
 
 const processAuth = async (argv, config) => {

package/src/commands/config/config.js

@@ -1,5 +1,5 @@
 const parsedCLIOptions = require('../../utils/parsedCLIOptions')
-const constants = require('../../constants')
+const constants = require('../../cliConstants')
 const commandLineUsage = require('command-line-usage')
 const i18n = require('i18n')
 

package/src/commands/scan/processScan.js

@@ -3,21 +3,13 @@ const { startScan } = require('../../scan/scanController')
 const { saveScanFile } = require('../../utils/saveFile')
 const { ScanResultsModel } = require('../../scan/models/scanResultsModel')
 const { formatScanOutput } = require('../../scan/formatScanOutput')
-const { processSca } = require('./sca/scaAnalysis')
 const common = require('../../common/fail')
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry')
 const chalk = require('chalk')
-const generalAPI = require('../../utils/generalAPI')
 
 const processScan = async (contrastConf, argv) => {
   let config = await scanConfig.getScanConfig(contrastConf, 'scan', argv)
   let output = undefined
-  config.mode = await generalAPI.getMode(config)
-
-  //try SCA analysis first
-  if (config.experimental) {
-    await processSca(config, argv)
-  }
 
   let scanResults = new ScanResultsModel(await startScan(config))
   await sendTelemetryConfigAsObject(

package/src/commands/scan/sca/scaAnalysis.js

@@ -1,36 +1,41 @@
-const autoDetection = require('../../../scan/autoDetection')
-const javaAnalysis = require('../../../scaAnalysis/java')
-const treeUpload = require('../../../scaAnalysis/common/treeUpload')
-const auditController = require('../../audit/auditController')
 const {
   supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET }
 } = require('../../../constants/constants')
-const goAnalysis = require('../../../scaAnalysis/go/goAnalysis')
-const phpAnalysis = require('../../../scaAnalysis/php/index')
-const { rubyAnalysis } = require('../../../scaAnalysis/ruby')
-const { pythonAnalysis } = require('../../../scaAnalysis/python')
-const javascriptAnalysis = require('../../../scaAnalysis/javascript')
 const {
-  pollForSnapshotCompletition
+  pollForSnapshotCompletion
 } = require('../../../audit/languageAnalysisEngine/sendSnapshot')
 const {
   returnOra,
   startSpinner,
   succeedSpinner
 } = require('../../../utils/oraWrapper')
-const i18n = require('i18n')
 const {
   vulnerabilityReportV2
 } = require('../../../audit/report/reportingFeature')
-const auditSave = require('../../../audit/save')
-const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
-const { auditUsageGuide } = require('../../audit/help')
+const autoDetection = require('../../../scan/autoDetection')
+const treeUpload = require('../../../scaAnalysis/common/treeUpload')
+const auditController = require('../../audit/auditController')
 const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames')
 const path = require('path')
-const generalAPI = require('../../../utils/generalAPI')
+const i18n = require('i18n')
+const auditSave = require('../../../audit/save')
+const { auditUsageGuide } = require('../../audit/help')
+const { buildRepo } = require('../../../scaAnalysis/repoMode/index')
+const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
+const { goAnalysis } = require('../../../scaAnalysis/go/goAnalysis')
+const { phpAnalysis } = require('../../../scaAnalysis/php/index')
+const { rubyAnalysis } = require('../../../scaAnalysis/ruby')
+const { pythonAnalysis } = require('../../../scaAnalysis/python')
+const javaAnalysis = require('../../../scaAnalysis/java')
+const jsAnalysis = require('../../../scaAnalysis/javascript')
+const auditReport = require('../../../scaAnalysis/common/auditReport')
+const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload')
+const settingsHelper = require('../../../utils/settingsHelper')
+const chalk = require('chalk')
 
 const processSca = async config => {
-  config.mode = await generalAPI.getMode(config)
+  //checks to see whether to use old TS / new SCA path
+  config = await settingsHelper.getSettings(config)
 
   const startTime = performance.now()
   let filesFound
@@ -59,6 +64,15 @@ const processSca = async config => {
   // files found looks like [ { javascript: [ Array ] } ]
   //check we have the language and call the right analyser
   //refactor new analyser and see if we can clean it up
+  if (config.mode === 'repo') {
+    try {
+      return buildRepo(config, filesFound[0])
+    } catch (e) {
+      console.log('Unable to build in repository mode. Check your project file')
+      process.exit(0)
+    }
+  }
+
   let messageToSend = undefined
   if (filesFound.length === 1) {
     switch (Object.keys(filesFound[0])[0]) {
@@ -67,10 +81,7 @@ const processSca = async config => {
         config.language = JAVA
         break
       case JAVASCRIPT:
-        messageToSend = await javascriptAnalysis.jsAnalysis(
-          config,
-          filesFound[0]
-        )
+        messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0])
         config.language = NODE
         break
       case PYTHON:
@@ -82,11 +93,11 @@ const processSca = async config => {
         config.language = RUBY
         break
       case PHP:
-        messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0])
+        messageToSend = phpAnalysis(config, filesFound[0])
         config.language = PHP
         break
       case GO:
-        messageToSend = goAnalysis.goAnalysis(config, filesFound[0])
+        messageToSend = goAnalysis(config, filesFound[0])
         config.language = GO
         break
       case DOTNET:
@@ -103,48 +114,68 @@ const processSca = async config => {
       config.applicationId = await auditController.dealWithNoAppId(config)
     }
 
-    // if (config.experimental) {
-    //   // const reports = await scaUpload.scaTreeUpload(messageToSend, config)
-    //   auditReport.processAuditReport(config, 'reports')
-    // } else {
-    console.log('') //empty log for space before spinner
-    //send message to TS
-    const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
-    startSpinner(reportSpinner)
-    const snapshotResponse = await treeUpload.commonSendSnapShot(
-      messageToSend,
-      config
-    )
+    if (config.experimental) {
+      console.log('') //empty log for space before spinner
+      const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+      startSpinner(reportSpinner)
+      const [reports, reportId] = await scaUpload.scaTreeUpload(
+        messageToSend,
+        config
+      )
 
-    //poll for completion
-    await pollForSnapshotCompletition(
-      config,
-      snapshotResponse.id,
-      reportSpinner
-    )
-    succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
+      auditReport.processAuditReport(config, reports[0])
+      succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
 
-    await vulnerabilityReportV2(config, snapshotResponse.id)
-    if (config.save !== undefined) {
-      await auditSave.auditSave(config)
-    }
-    const endTime = performance.now() - startTime
-    const scanDurationMs = endTime - startTime
+      if (config.save !== undefined) {
+        await auditSave.auditSave(config, reportId)
+      }
 
-    console.log(
-      `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
-    )
-    // }
+      const endTime = performance.now() - startTime
+      const scanDurationMs = endTime - startTime
+      console.log(
+        `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+      )
+    } else {
+      console.log('') //empty log for space before spinner
+      //send message to TS
+      const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'))
+      startSpinner(reportSpinner)
+      const snapshotResponse = await treeUpload.commonSendSnapShot(
+        messageToSend,
+        config
+      )
+
+      // poll for completion
+      await pollForSnapshotCompletion(
+        config,
+        snapshotResponse.id,
+        reportSpinner
+      )
+      succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'))
+
+      await vulnerabilityReportV2(config, snapshotResponse.id)
+      if (config.save !== undefined) {
+        await auditSave.auditSave(config)
+      }
+      const endTime = performance.now() - startTime
+      const scanDurationMs = endTime - startTime
+
+      console.log(
+        `----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`
+      )
+    }
   } else {
     if (filesFound.length === 0) {
       console.log(i18n.__('languageAnalysisNoLanguage'))
       console.log(i18n.__('languageAnalysisNoLanguageHelpLine'))
       throw new Error()
     } else {
+      console.log(chalk.bold(`\nMultiple language files detected \n`))
+      filesFound.forEach(file => {
+        console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0])
+      })
       throw new Error(
-        `multiple language files detected \n` +
-          JSON.stringify(filesFound) +
-          `\nplease use --file to audit one language only. Example: contrast audit --file package-lock.json`
+        `Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`
       )
     }
   }

package/src/common/HTTPClient.js

@@ -41,7 +41,7 @@ HTTPClient.prototype.maybeAddCertsToRequest = function (config) {
     const caFileContent = fs.readFileSync(caCertFilePath)
     if (caFileContent instanceof Error) {
       throw new Error(
-        `Unable to read CA from config option contrast.api.certificate.ca_file='${caCertFilePath}', msg: ${caFileContent.message}`
+        `Unable to read CA from ${caCertFilePath}, msg: ${caFileContent.message}`
       )
     }
     this.requestOptions.ca = caFileContent
@@ -246,6 +246,13 @@ HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createScaServiceIngestsURL(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
   const options = _.cloneDeep(this.requestOptions)
   if (config.ignoreDev) {
@@ -370,6 +377,12 @@ HTTPClient.prototype.getSbom = function getSbom(config, type) {
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.getSCASbom = function getSbom(config, type, reportId) {
+  const options = _.cloneDeep(this.requestOptions)
+  options.url = createSCASbomUrl(config, type, reportId)
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
   const options = _.cloneDeep(this.requestOptions)
   options.url =
@@ -447,15 +460,23 @@ function createSnapshotURL(config) {
 }
 
 function createScaServiceReportURL(config, reportId) {
-  return ``
+  let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/reports/${reportId}`
+  baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl
+  return baseUrl
 }
 
 function createScaServiceReportStatusURL(config, reportId) {
-  return ``
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/${reportId}/status`
+}
+
+function createScaServiceIngestsURL(config) {
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests`
 }
 
 function createScaServiceIngestURL(config) {
-  return ``
+  let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/tree`
+  baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl
+  return baseUrl
 }
 
 const createAppCreateURL = config => {
@@ -492,6 +513,10 @@ function createSbomUrl(config, type) {
   return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`
 }
 
+function createSCASbomUrl(config, type, reportId) {
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/sbom/${reportId}?toolType=${type}`
+}
+
 function createTelemetryEventUrl(config) {
   return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/cli`
 }

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.14'
+const APP_VERSION = '1.0.16'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'
@@ -34,6 +34,12 @@ const SBOM_CYCLONE_DX_FILE = 'cyclonedx'
 const SBOM_SPDX_FILE = 'spdx'
 const CE_URL = 'https://ce.contrastsecurity.com'
 
+//configuration
+const SAAS = 'SAAS'
+const EOP = 'EOP'
+const MODE_BUILD = 'BUILD'
+const MODE_REPO = 'REPO'
+
 module.exports = {
   supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
   supportedLanguagesScan: { JAVASCRIPT, DOTNET, JAVA },
@@ -59,5 +65,9 @@ module.exports = {
   LOW_PRIORITY,
   NOTE_PRIORITY,
   SBOM_CYCLONE_DX_FILE,
-  SBOM_SPDX_FILE
+  SBOM_SPDX_FILE,
+  SAAS,
+  EOP,
+  MODE_BUILD,
+  MODE_REPO
 }

package/src/constants/locales.js

@@ -137,7 +137,7 @@ const en_locales = () => {
     constantsGradleMultiProject:
       'Specify the sub project within your gradle application.',
     constantsScan: 'Upload java binaries to the static scan service',
-    constantsWaitForScan: 'Waits for the result of the scan',
+    constantsDoNotWaitForScan: 'Do not wait for the result of the scan',
     constantsProjectName:
       'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
     constantsProjectId:
@@ -201,56 +201,19 @@ const en_locales = () => {
       'After successful auth try the following command: contrast scan -f "<file>"',
     constantsHowToRunDev3:
       'Allowable languages are java (.jar and .war) and javascript (.js or .zip), if the language is not autodetected please use --language to specify',
-    constantsHowToRunContent1:
-      'You can run the tool on the command line and manually add the parameters, or you can put the parameters in a YAML file.',
-    constantsHowToRunContent2:
-      'If you are assessing an application that has not been instrumented by a Contrast agent you must first use the tool to register the application (Catalogue command). This will give you an application ID that you can then use in the Run Command.',
-    constantsHowToRunContent3:
-      'Allowable language values are JAVA, NODE, PYTHON, RUBY and GO.',
-    constantsManualInputHeader: 'Manual Input of Command:',
-    constantsManualInputCatalogue: 'Catalogue Command:',
-    constantsManualInputCatalogueInstruction:
-      'To analyse a new application not already instrumented by Contrast, run the following command:',
-    constantsManualInputCatalogueRun:
-      'After you run this command, you are provided a new application ID in the console. Use this ID in the Run command:',
-    constantsManualInputCatalogueRunTitle: 'Run Command:',
-    constantsManualInputCatalogueRunInstruction:
-      'To analyse an application catalogued by Contrast, run the following command:',
-    constantsYaml: 'Yaml:',
-    constantsYamlRunCommand:
-      'After you catalogue your application go to Run Command above.',
     constantsOptions: 'Options',
-    constantsCatalogueCommand:
-      '%s YourApiKey %s YourAuthorizationKey %s YourOrganizationId %s YourHost %s YourApplicationName %s YourApplicationLanguage',
-    constantsRunCommand:
-      '%s YourApiKey %s YourAuthorizationKey %s YourOrganizationId %s YourHost %s YourApplicationId',
     constantsSpecialCharacterWarning:
       'Please Note: Parameters may need to be quoted to avoid issues with special characters.',
-    yamlCatalogueCommand: '%s PathToYaml',
-    yamlCommand: '%s PathToYaml',
-    agentProxyAndTlsEnabledError:
-      'Please Note: We currently do not support having a proxy server and TLS enabled at the same time.',
-    TlsHeader: 'TLS',
-    TlsBody:
-      'To enable TLS please use the YAML file with the following parameters:',
-    TlsKey: 'key: pathToKey',
-    TlsCert: 'cert: pathToCert',
-    TlsCaCert: 'cacert: pathToCaCert',
+    constantsProxyKey: 'Path to the Certificate Key',
+    constantsProxyCert: 'Path to the Cert file',
+    constantsProxyCaCert: 'Path to the CaCert file',
     goReadProjectFile: 'Failed to read the project file @ "%s" because: "%s"',
-    goAnalysisError: 'GO analysis failed because: ',
-    goParseProjectFile: 'Failed to parse go mod graph output because: ',
-    mavenNotInstalledError:
-      "'mvn' is not available. Please ensure you have Maven installed and available on your path.",
     mavenDependencyTreeNonZero:
       'Building maven dependancy tree failed with a non 0 exit code',
     gradleWrapperUnavailable:
       'Gradle wrapper not found in root of project. Please ensure gradlew or gradlew.bat is in root of the project.',
     gradleDependencyTreeNonZero:
       "Building gradle dependancy tree failed with a non 0 exit code. \n Please check you have the correct version of Java installed to compile your project? \n If running against a muti module project ensure you are using the '--sub-project' flag",
-    yamlPathCamelCaseError:
-      'Warning: The "yamlPath" parameter will be deprecated in a future release. Please look at our documentation for further guidance.',
-    constantsSbom:
-      'Generate the Software Bill of Materials (SBOM) for the given application',
     constantsMetadata:
       'Define a set of key=value pairs (which conforms to RFC 2253) for specifying user-defined metadata associated with the application.',
     constantsTags:
@@ -266,9 +229,7 @@ const en_locales = () => {
       'Excludes developer dependencies from the results. All dependencies are included by default.',
     constantsCommands: 'Commands',
     constantsScanOptions: 'Scan Options',
-    sbomError: 'All required parameters are not present.',
     sbomRetrievalError: 'Unable to retrieve Software Bill of Materials (SBOM)',
-    ignoreDevDep: 'No private libraries that are not scoped detected',
     foundExistingProjectScan: 'Found existing project...',
     projectCreatedScan: 'Project created',
     uploadingScan: 'Uploading file to scan.',
@@ -284,7 +245,6 @@ const en_locales = () => {
     specifyFileAuditNotFound: 'No files found for library analysis',
     populateProjectIdMessage: 'project ID is %s',
     genericServiceError: 'returned with status code %s',
-    projectIdError: 'Your project ID is %s please check this is correct',
     permissionsError:
       'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
     scanErrorFileMessage:
@@ -317,6 +277,9 @@ const en_locales = () => {
     scanOptionsFileNameSummary:
       'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
     scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
+    auditOptionsTrackSummary: ' Save the results to the UI.',
+    auditOptionsBranchSummary:
+      ' Set the branch name to associate the library results to.',
     authSuccessMessage: 'Authentication successful',
     runAuthSuccessMessage:
       chalk.bold('CodeSec by Contrast') +
@@ -443,6 +406,8 @@ const en_locales = () => {
     auditBadFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold(
       'Bad file type specified for --save option. Use audit --help to see valid --save options.'
     )}`,
+    auditServicesMessageForTS:
+      'View your vulnerable library list or full dependency tree in Contrast:',
     auditReportWaiting: 'Waiting for report...',
     auditReportFail: 'Report Retrieval Failed, please try again',
     auditReportSuccessMessage: 'Report successfully retrieved',

package/src/index.ts

@@ -5,7 +5,7 @@ import { processAudit } from './commands/audit/processAudit'
 import { processAuth } from './commands/auth/auth'
 import { processConfig } from './commands/config/config'
 import { processScan } from './commands/scan/processScan'
-import constants from './constants'
+import constants from './cliConstants'
 import { APP_NAME, APP_VERSION } from './constants/constants'
 import { processLambda } from './lambda/lambda'
 import { localConfig } from './utils/getConfig'

package/src/sbom/generateSbom.ts

@@ -15,3 +15,23 @@ export const generateSbom = (config: any, type: string) => {
       console.log(err)
     })
 }
+
+export const generateSCASbom = (
+  config: any,
+  type: string,
+  reportId: string
+) => {
+  const client = getHttpClient(config)
+  return client
+    .getSCASbom(config, type, reportId)
+    .then((res: { statusCode: number; body: any }) => {
+      if (res.statusCode === 200) {
+        return res.body
+      } else {
+        console.log('Unable to retrieve Software Bill of Materials (SBOM)')
+      }
+    })
+    .catch((err: any) => {
+      console.log(err)
+    })
+}