@contrast/contrast 1.0.15 → 1.0.16

package/dist/scaAnalysis/repoMode/mavenParser.js

@@ -0,0 +1,76 @@
+"use strict";
+const fs = require('fs');
+const xml2js = require('xml2js');
+const readPomFile = project => {
+    const mavenFilePath = project.cwd + '/pom.xml';
+    const projectFile = fs.readFileSync(mavenFilePath);
+    let jsonPomFile;
+    xml2js.parseString(projectFile, (err, result) => {
+        if (err) {
+            throw err;
+        }
+        const json = JSON.stringify(result, null);
+        jsonPomFile = JSON.parse(json);
+    });
+    return jsonPomFile;
+};
+const getFromVersionsTag = (dependencyName, versionIdentifier, jsonPomFile) => {
+    let formattedVersion = versionIdentifier.replace(/[{}]/g, '').replace('$', '');
+    if (jsonPomFile.project.properties[0].hasOwnProperty([formattedVersion])) {
+        return jsonPomFile.project.properties[0][formattedVersion][0];
+    }
+    else {
+        return null;
+    }
+};
+const parsePomFile = jsonPomFile => {
+    let dependencyTree = {};
+    let parsedVersion;
+    let dependencies;
+    jsonPomFile.project.hasOwnProperty('dependencies')
+        ? (dependencies = jsonPomFile.project.dependencies[0].dependency)
+        : (dependencies =
+            jsonPomFile.project.dependencyManagement[0].dependencies[0].dependency);
+    for (let x in dependencies) {
+        let dependencyObject = dependencies[x];
+        if (!dependencyObject.hasOwnProperty('version')) {
+            parsedVersion = getVersion(jsonPomFile, dependencyObject);
+        }
+        else {
+            dependencyObject.version[0].includes('${versions.')
+                ? (parsedVersion = getFromVersionsTag(dependencyObject.artifactId[0], dependencyObject.version[0], jsonPomFile))
+                : (parsedVersion = dependencyObject.version[0]);
+        }
+        let depName = dependencyObject.groupId +
+            '/' +
+            dependencyObject.artifactId +
+            '@' +
+            parsedVersion;
+        let parsedDependency = {
+            name: dependencyObject.artifactId[0],
+            group: dependencyObject.groupId[0],
+            version: parsedVersion,
+            directDependency: true,
+            productionDependency: true,
+            dependencies: []
+        };
+        dependencyTree[depName] = parsedDependency;
+    }
+    return dependencyTree;
+};
+const getVersion = (pomFile, dependencyWithoutVersion) => {
+    let parentVersion = pomFile.project.parent[0].version[0];
+    let parentGroupName = pomFile.project.parent[0].groupId[0];
+    if (parentGroupName === dependencyWithoutVersion.groupId[0]) {
+        return parentVersion;
+    }
+    else {
+        return null;
+    }
+};
+module.exports = {
+    readPomFile,
+    getVersion,
+    parsePomFile,
+    getFromVersionsTag
+};

package/dist/scaAnalysis/ruby/analysis.js

@@ -263,25 +263,25 @@ const removeRedundantAndPopulateDefinedElements = deps => {
             delete element.remote;
             delete element.platform;
             element.group = null;
-            element.isProduction = true;
+            element.productionDependency = true;
         }
         if (element.sourceType === 'GEM') {
             element.group = null;
-            element.isProduction = true;
+            element.productionDependency = true;
             delete element.sourceType;
             delete element.remote;
             delete element.platform;
         }
         if (element.sourceType === 'PATH') {
             element.group = null;
-            element.isProduction = true;
+            element.productionDependency = true;
             delete element.platform;
             delete element.sourceType;
             delete element.remote;
         }
         if (element.sourceType === 'BUNDLED WITH') {
             element.group = null;
-            element.isProduction = true;
+            element.productionDependency = true;
             delete element.sourceType;
             delete element.remote;
             delete element.branch;

package/dist/scan/help.js

@@ -1,7 +1,7 @@
 "use strict";
 const commandLineUsage = require('command-line-usage');
 const i18n = require('i18n');
-const constants = require('../constants');
+const constants = require('../cliConstants');
 const { commonHelpLinks } = require('../common/commonHelp');
 const scanUsageGuide = commandLineUsage([
     {

package/dist/scan/scanConfig.js

@@ -1,6 +1,6 @@
 "use strict";
 const paramHandler = require('../utils/paramsUtil/paramHandler');
-const constants = require('../constants.js');
+const constants = require('../cliConstants.js');
 const path = require('path');
 const { supportedLanguagesScan } = require('../constants/constants');
 const i18n = require('i18n');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.15",
+  "version": "1.0.16",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {
@@ -56,6 +56,7 @@
     "conf": "^10.1.2",
     "dotenv": "^16.0.0",
     "fast-glob": "^3.2.11",
+    "gradle-to-js": "^2.0.1",
     "i18n": "^0.14.2",
     "js-yaml": "^4.1.0",
     "lodash": "^4.17.21",

package/src/audit/languageAnalysisEngine/sendSnapshot.js

@@ -29,11 +29,7 @@ const getTimeout = config => {
   }
 }
 
-const pollForSnapshotCompletition = async (
-  config,
-  snapshotId,
-  reportSpinner
-) => {
+const pollForSnapshotCompletion = async (config, snapshotId, reportSpinner) => {
   const client = commonApi.getHttpClient(config)
   const startTime = performance.now()
   const timeout = getTimeout(config)
@@ -76,5 +72,5 @@ const pollForSnapshotCompletition = async (
 }
 
 module.exports = {
-  pollForSnapshotCompletition: pollForSnapshotCompletition
+  pollForSnapshotCompletion
 }

package/src/audit/report/commonReportingFunctions.js

@@ -256,13 +256,7 @@ function buildBody(cveArray, advice) {
 function getIssueRow(cveArray) {
   orderByHighestPriority(cveArray)
   const cveMessagesList = getIssueCveMsgList(cveArray)
-  const cveNumbers = getSeverityCounts(cveArray)
-  const numAndSeverityTypeDesc = getNumOfAndSeverityType(cveNumbers)
-  return [
-    chalk.bold('Issue'),
-    ':',
-    `${numAndSeverityTypeDesc} ${cveMessagesList.join(', ')}`
-  ]
+  return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`]
 }
 
 function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
@@ -282,21 +276,6 @@ function buildFormattedHeaderNum(contrastHeaderNum) {
   return `CONTRAST-${contrastHeaderNum.toString().padStart(3, '0')}`
 }
 
-function getNumOfAndSeverityType(cveNumbers) {
-  const { critical, high, medium, low, note } = cveNumbers
-
-  const criticalMsg = critical > 0 ? `${critical} Critical | ` : ''
-  const highMsg = high > 0 ? `${high} High | ` : ''
-  const mediumMsg = medium > 0 ? `${medium} Medium | ` : ''
-  const lowMsg = low > 0 ? `${low} Low | ` : ''
-  const noteMsg = note > 0 ? `${note} Note` : ''
-
-  //removes/trims whitespace to single spaces
-  return `${criticalMsg} ${highMsg} ${mediumMsg} ${lowMsg} ${noteMsg}`
-    .replace(/\s+/g, ' ')
-    .trim()
-}
-
 const buildFooter = reportModelStructure => {
   const { critical, high, medium, low, note } =
     countVulnerableLibrariesBySeverity(reportModelStructure)
@@ -424,7 +403,6 @@ module.exports = {
   getIssueRow,
   gatherRemediationAdvice,
   buildFormattedHeaderNum,
-  getNumOfAndSeverityType,
   getIssueCveMsgList,
   getSeverityCounts,
   printNoVulnFoundMsg,

package/src/{constants.js → cliConstants.js}

@@ -11,8 +11,53 @@ i18n.configure({
   defaultLocale: 'en'
 })
 
+const sharedOptionDefinitions = [
+  {
+    name: 'proxy',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyServer')
+  },
+  {
+    name: 'key',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyKey')
+  },
+  {
+    name: 'cacert',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyCaCert')
+  },
+  {
+    name: 'cert',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyCert')
+  },
+  {
+    name: 'ignore-cert-errors',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('constantsIgnoreCertErrors')
+  }
+]
+
 // CLI options that we will allow and handle
 const scanOptionDefinitions = [
+  ...sharedOptionDefinitions,
   {
     name: 'name',
     alias: 'n',
@@ -100,14 +145,6 @@ const scanOptionDefinitions = [
       '}: ' +
       i18n.__('constantsHostId')
   },
-  {
-    name: 'proxy',
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}: ' +
-      i18n.__('constantsProxyServer')
-  },
   {
     name: 'fail',
     type: Boolean,
@@ -133,16 +170,7 @@ const scanOptionDefinitions = [
       '{bold ' +
       i18n.__('constantsOptional') +
       '}: ' +
-      i18n.__('constantsProxyServer')
-  },
-  {
-    name: 'ignore-cert-errors',
-    type: Boolean,
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}:' +
-      i18n.__('constantsIgnoreCertErrors')
+      i18n.__('constantsDoNotWaitForScan')
   },
   {
     name: 'verbose',
@@ -214,6 +242,7 @@ const configOptionDefinitions = [
 ]
 
 const auditOptionDefinitions = [
+  ...sharedOptionDefinitions,
   {
     name: 'application-id',
     description:
@@ -338,23 +367,6 @@ const auditOptionDefinitions = [
       '}: ' +
       i18n.__('constantsHostId')
   },
-  {
-    name: 'proxy',
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}: ' +
-      i18n.__('constantsProxyServer')
-  },
-  {
-    name: 'ignore-cert-errors',
-    type: Boolean,
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}:' +
-      i18n.__('constantsIgnoreCertErrors')
-  },
   {
     name: 'save',
     alias: 's',

package/src/commands/audit/auditConfig.ts

@@ -1,5 +1,5 @@
 import paramHandler from '../../utils/paramsUtil/paramHandler'
-import constants from '../../constants'
+import constants from '../../cliConstants'
 import { getCommandLineArgsCustom } from '../../utils/parsedCLIOptions'
 import { ContrastConf } from '../../utils/getConfig'
 

package/src/commands/audit/help.ts

@@ -1,6 +1,6 @@
 import commandLineUsage from 'command-line-usage'
 import i18n from 'i18n'
-import constants from '../../constants'
+import constants from '../../cliConstants'
 import { commonHelpLinks } from '../../common/commonHelp'
 
 const auditUsageGuide = commandLineUsage([

package/src/commands/auth/auth.js

@@ -12,7 +12,7 @@ const {
 } = require('../../utils/oraWrapper')
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants')
 const parsedCLIOptions = require('../../utils/parsedCLIOptions')
-const constants = require('../../constants')
+const constants = require('../../cliConstants')
 const commandLineUsage = require('command-line-usage')
 
 const processAuth = async (argv, config) => {

package/src/commands/config/config.js

@@ -1,5 +1,5 @@
 const parsedCLIOptions = require('../../utils/parsedCLIOptions')
-const constants = require('../../constants')
+const constants = require('../../cliConstants')
 const commandLineUsage = require('command-line-usage')
 const i18n = require('i18n')
 

package/src/commands/scan/sca/scaAnalysis.js

@@ -1,35 +1,37 @@
-const autoDetection = require('../../../scan/autoDetection')
-const javaAnalysis = require('../../../scaAnalysis/java')
-const treeUpload = require('../../../scaAnalysis/common/treeUpload')
-const auditController = require('../../audit/auditController')
 const {
   supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET }
 } = require('../../../constants/constants')
-const goAnalysis = require('../../../scaAnalysis/go/goAnalysis')
-const phpAnalysis = require('../../../scaAnalysis/php/index')
-const { rubyAnalysis } = require('../../../scaAnalysis/ruby')
-const { pythonAnalysis } = require('../../../scaAnalysis/python')
-const javascriptAnalysis = require('../../../scaAnalysis/javascript')
 const {
-  pollForSnapshotCompletition
+  pollForSnapshotCompletion
 } = require('../../../audit/languageAnalysisEngine/sendSnapshot')
 const {
   returnOra,
   startSpinner,
   succeedSpinner
 } = require('../../../utils/oraWrapper')
-const i18n = require('i18n')
 const {
   vulnerabilityReportV2
 } = require('../../../audit/report/reportingFeature')
-const auditSave = require('../../../audit/save')
-const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
-const { auditUsageGuide } = require('../../audit/help')
+const autoDetection = require('../../../scan/autoDetection')
+const treeUpload = require('../../../scaAnalysis/common/treeUpload')
+const auditController = require('../../audit/auditController')
 const rootFile = require('../../../audit/languageAnalysisEngine/getProjectRootFilenames')
 const path = require('path')
+const i18n = require('i18n')
+const auditSave = require('../../../audit/save')
+const { auditUsageGuide } = require('../../audit/help')
+const { buildRepo } = require('../../../scaAnalysis/repoMode/index')
+const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet')
+const { goAnalysis } = require('../../../scaAnalysis/go/goAnalysis')
+const { phpAnalysis } = require('../../../scaAnalysis/php/index')
+const { rubyAnalysis } = require('../../../scaAnalysis/ruby')
+const { pythonAnalysis } = require('../../../scaAnalysis/python')
+const javaAnalysis = require('../../../scaAnalysis/java')
+const jsAnalysis = require('../../../scaAnalysis/javascript')
 const auditReport = require('../../../scaAnalysis/common/auditReport')
 const scaUpload = require('../../../scaAnalysis/common/scaServicesUpload')
 const settingsHelper = require('../../../utils/settingsHelper')
+const chalk = require('chalk')
 
 const processSca = async config => {
   //checks to see whether to use old TS / new SCA path
@@ -62,6 +64,15 @@ const processSca = async config => {
   // files found looks like [ { javascript: [ Array ] } ]
   //check we have the language and call the right analyser
   //refactor new analyser and see if we can clean it up
+  if (config.mode === 'repo') {
+    try {
+      return buildRepo(config, filesFound[0])
+    } catch (e) {
+      console.log('Unable to build in repository mode. Check your project file')
+      process.exit(0)
+    }
+  }
+
   let messageToSend = undefined
   if (filesFound.length === 1) {
     switch (Object.keys(filesFound[0])[0]) {
@@ -70,10 +81,7 @@ const processSca = async config => {
         config.language = JAVA
         break
       case JAVASCRIPT:
-        messageToSend = await javascriptAnalysis.jsAnalysis(
-          config,
-          filesFound[0]
-        )
+        messageToSend = await jsAnalysis.jsAnalysis(config, filesFound[0])
         config.language = NODE
         break
       case PYTHON:
@@ -85,11 +93,11 @@ const processSca = async config => {
         config.language = RUBY
         break
       case PHP:
-        messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0])
+        messageToSend = phpAnalysis(config, filesFound[0])
         config.language = PHP
         break
       case GO:
-        messageToSend = goAnalysis.goAnalysis(config, filesFound[0])
+        messageToSend = goAnalysis(config, filesFound[0])
         config.language = GO
         break
       case DOTNET:
@@ -137,8 +145,8 @@ const processSca = async config => {
         config
       )
 
-      //poll for completion
-      await pollForSnapshotCompletition(
+      // poll for completion
+      await pollForSnapshotCompletion(
         config,
         snapshotResponse.id,
         reportSpinner
@@ -162,10 +170,12 @@ const processSca = async config => {
       console.log(i18n.__('languageAnalysisNoLanguageHelpLine'))
       throw new Error()
     } else {
+      console.log(chalk.bold(`\nMultiple language files detected \n`))
+      filesFound.forEach(file => {
+        console.log(`${Object.keys(file)[0]} : `, Object.values(file)[0])
+      })
       throw new Error(
-        `multiple language files detected \n` +
-          JSON.stringify(filesFound) +
-          `\nplease use --file to audit one language only. Example: contrast audit --file package-lock.json`
+        `Please use --file to audit one language only. \nExample: contrast audit --file package-lock.json`
       )
     }
   }

package/src/common/HTTPClient.js

@@ -41,7 +41,7 @@ HTTPClient.prototype.maybeAddCertsToRequest = function (config) {
     const caFileContent = fs.readFileSync(caCertFilePath)
     if (caFileContent instanceof Error) {
       throw new Error(
-        `Unable to read CA from config option contrast.api.certificate.ca_file='${caCertFilePath}', msg: ${caFileContent.message}`
+        `Unable to read CA from ${caCertFilePath}, msg: ${caFileContent.message}`
       )
     }
     this.requestOptions.ca = caFileContent
@@ -460,7 +460,9 @@ function createSnapshotURL(config) {
 }
 
 function createScaServiceReportURL(config, reportId) {
-  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/reports/${reportId}`
+  let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/reports/${reportId}`
+  baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl
+  return baseUrl
 }
 
 function createScaServiceReportStatusURL(config, reportId) {

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.15'
+const APP_VERSION = '1.0.16'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'

package/src/constants/locales.js

@@ -137,7 +137,7 @@ const en_locales = () => {
     constantsGradleMultiProject:
       'Specify the sub project within your gradle application.',
     constantsScan: 'Upload java binaries to the static scan service',
-    constantsWaitForScan: 'Waits for the result of the scan',
+    constantsDoNotWaitForScan: 'Do not wait for the result of the scan',
     constantsProjectName:
       'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
     constantsProjectId:
@@ -201,56 +201,19 @@ const en_locales = () => {
       'After successful auth try the following command: contrast scan -f "<file>"',
     constantsHowToRunDev3:
       'Allowable languages are java (.jar and .war) and javascript (.js or .zip), if the language is not autodetected please use --language to specify',
-    constantsHowToRunContent1:
-      'You can run the tool on the command line and manually add the parameters, or you can put the parameters in a YAML file.',
-    constantsHowToRunContent2:
-      'If you are assessing an application that has not been instrumented by a Contrast agent you must first use the tool to register the application (Catalogue command). This will give you an application ID that you can then use in the Run Command.',
-    constantsHowToRunContent3:
-      'Allowable language values are JAVA, NODE, PYTHON, RUBY and GO.',
-    constantsManualInputHeader: 'Manual Input of Command:',
-    constantsManualInputCatalogue: 'Catalogue Command:',
-    constantsManualInputCatalogueInstruction:
-      'To analyse a new application not already instrumented by Contrast, run the following command:',
-    constantsManualInputCatalogueRun:
-      'After you run this command, you are provided a new application ID in the console. Use this ID in the Run command:',
-    constantsManualInputCatalogueRunTitle: 'Run Command:',
-    constantsManualInputCatalogueRunInstruction:
-      'To analyse an application catalogued by Contrast, run the following command:',
-    constantsYaml: 'Yaml:',
-    constantsYamlRunCommand:
-      'After you catalogue your application go to Run Command above.',
     constantsOptions: 'Options',
-    constantsCatalogueCommand:
-      '%s YourApiKey %s YourAuthorizationKey %s YourOrganizationId %s YourHost %s YourApplicationName %s YourApplicationLanguage',
-    constantsRunCommand:
-      '%s YourApiKey %s YourAuthorizationKey %s YourOrganizationId %s YourHost %s YourApplicationId',
     constantsSpecialCharacterWarning:
       'Please Note: Parameters may need to be quoted to avoid issues with special characters.',
-    yamlCatalogueCommand: '%s PathToYaml',
-    yamlCommand: '%s PathToYaml',
-    agentProxyAndTlsEnabledError:
-      'Please Note: We currently do not support having a proxy server and TLS enabled at the same time.',
-    TlsHeader: 'TLS',
-    TlsBody:
-      'To enable TLS please use the YAML file with the following parameters:',
-    TlsKey: 'key: pathToKey',
-    TlsCert: 'cert: pathToCert',
-    TlsCaCert: 'cacert: pathToCaCert',
+    constantsProxyKey: 'Path to the Certificate Key',
+    constantsProxyCert: 'Path to the Cert file',
+    constantsProxyCaCert: 'Path to the CaCert file',
     goReadProjectFile: 'Failed to read the project file @ "%s" because: "%s"',
-    goAnalysisError: 'GO analysis failed because: ',
-    goParseProjectFile: 'Failed to parse go mod graph output because: ',
-    mavenNotInstalledError:
-      "'mvn' is not available. Please ensure you have Maven installed and available on your path.",
     mavenDependencyTreeNonZero:
       'Building maven dependancy tree failed with a non 0 exit code',
     gradleWrapperUnavailable:
       'Gradle wrapper not found in root of project. Please ensure gradlew or gradlew.bat is in root of the project.',
     gradleDependencyTreeNonZero:
       "Building gradle dependancy tree failed with a non 0 exit code. \n Please check you have the correct version of Java installed to compile your project? \n If running against a muti module project ensure you are using the '--sub-project' flag",
-    yamlPathCamelCaseError:
-      'Warning: The "yamlPath" parameter will be deprecated in a future release. Please look at our documentation for further guidance.',
-    constantsSbom:
-      'Generate the Software Bill of Materials (SBOM) for the given application',
     constantsMetadata:
       'Define a set of key=value pairs (which conforms to RFC 2253) for specifying user-defined metadata associated with the application.',
     constantsTags:
@@ -266,9 +229,7 @@ const en_locales = () => {
       'Excludes developer dependencies from the results. All dependencies are included by default.',
     constantsCommands: 'Commands',
     constantsScanOptions: 'Scan Options',
-    sbomError: 'All required parameters are not present.',
     sbomRetrievalError: 'Unable to retrieve Software Bill of Materials (SBOM)',
-    ignoreDevDep: 'No private libraries that are not scoped detected',
     foundExistingProjectScan: 'Found existing project...',
     projectCreatedScan: 'Project created',
     uploadingScan: 'Uploading file to scan.',
@@ -284,7 +245,6 @@ const en_locales = () => {
     specifyFileAuditNotFound: 'No files found for library analysis',
     populateProjectIdMessage: 'project ID is %s',
     genericServiceError: 'returned with status code %s',
-    projectIdError: 'Your project ID is %s please check this is correct',
     permissionsError:
       'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
     scanErrorFileMessage:
@@ -446,6 +406,8 @@ const en_locales = () => {
     auditBadFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold(
       'Bad file type specified for --save option. Use audit --help to see valid --save options.'
     )}`,
+    auditServicesMessageForTS:
+      'View your vulnerable library list or full dependency tree in Contrast:',
     auditReportWaiting: 'Waiting for report...',
     auditReportFail: 'Report Retrieval Failed, please try again',
     auditReportSuccessMessage: 'Report successfully retrieved',

package/src/index.ts

@@ -5,7 +5,7 @@ import { processAudit } from './commands/audit/processAudit'
 import { processAuth } from './commands/auth/auth'
 import { processConfig } from './commands/config/config'
 import { processScan } from './commands/scan/processScan'
-import constants from './constants'
+import constants from './cliConstants'
 import { APP_NAME, APP_VERSION } from './constants/constants'
 import { processLambda } from './lambda/lambda'
 import { localConfig } from './utils/getConfig'

package/src/scaAnalysis/common/auditReport.js

@@ -11,6 +11,7 @@ const { assignBySeverity } = require('../../scan/formatScanOutput')
 const chalk = require('chalk')
 const { CE_URL } = require('../../constants/constants')
 const common = require('../../common/fail')
+const i18n = require('i18n')
 
 const processAuditReport = (config, results) => {
   let severityCounts = {}
@@ -92,11 +93,9 @@ const formatScaServicesReport = (config, results) => {
     printVulnInfo(projectOverviewCount)
 
     if (config.host !== CE_URL) {
+      console.log('\n' + chalk.bold(i18n.__('auditServicesMessageForTS')))
       console.log(
-        '\n' + chalk.bold('View your full dependency tree in Contrast:')
-      )
-      console.log(
-        `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`
+        `${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs`
       )
     }
     return projectOverviewCount

package/src/scaAnalysis/common/scaParserForGoAndJava.js

@@ -12,7 +12,7 @@ const parseDependenciesForSCAServices = dependencyTreeObject => {
         group: unParsedDependencyTree[dependency].group,
         version: unParsedDependencyTree[dependency].version,
         directDependency: unParsedDependencyTree[dependency].type === 'direct',
-        isProduction: true,
+        productionDependency: true,
         dependencies: subDeps
       }
       parsedDependencyTree[dependency] = parsedDependency