@contrast/contrast 1.0.19 → 1.0.21

package/dist/audit/report/commonReportingFunctions.js

@@ -51,7 +51,7 @@ const printFormattedOutput = (config, libraries, numberOfVulnerableLibraries, nu
     const report = new ReportList();
     for (const library of libraries) {
         const { name, version } = findNameAndVersion(library, config);
-        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(name, version, findHighestSeverityCVE(library.cveArray), severityCountAllCVEs(library.cveArray, new SeverityCountModel()).getTotal), library.cveArray);
+        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(name, version, findHighestSeverityCVE(library.cveArray), severityCountAllCVEs(library.cveArray, new SeverityCountModel()).getTotal), library.cveArray, null);
         report.reportOutputList.push(newOutputModel);
     }
     const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(report.reportOutputList, [
@@ -120,8 +120,8 @@ function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, n
     return new ReportOutputHeaderModel(vulnMessage, introducesMessage);
 }
 function buildBody(cveArray, advice) {
-    let assignPriorityToVulns = cveArray.map(result => findCVESeverity(result));
-    const issueMessage = getIssueRow(assignPriorityToVulns);
+    const orderedCvesWithSeverityAssigned = orderByHighestPriority(cveArray.map(cve => findCVESeverity(cve)));
+    const issueMessage = getIssueRow(orderedCvesWithSeverityAssigned);
     const minOrMax = advice.maximum ? advice.maximum : advice.minimum;
     const displayAdvice = minOrMax
         ? `Change to version ${chalk.bold(minOrMax)}`
@@ -130,7 +130,6 @@ function buildBody(cveArray, advice) {
     return new ReportOutputBodyModel(issueMessage, adviceMessage);
 }
 function getIssueRow(cveArray) {
-    orderByHighestPriority(cveArray);
     const cveMessagesList = getIssueCveMsgList(cveArray);
     return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`];
 }

package/dist/audit/report/models/reportListModel.js

@@ -8,9 +8,10 @@ class ReportList {
 }
 exports.ReportList = ReportList;
 class ReportModelStructure {
-    constructor(compositeKey, cveArray) {
+    constructor(compositeKey, cveArray, remediationAdvice) {
         this.compositeKey = compositeKey;
         this.cveArray = cveArray;
+        this.remediationAdvice = remediationAdvice;
     }
 }
 exports.ReportModelStructure = ReportModelStructure;

package/dist/audit/report/reportingFeature.js

@@ -80,7 +80,7 @@ async function vulnerabilityReportV2(config, reportId) {
     console.log();
     const reportResponse = await (0, commonReportingFunctions_1.getReport)(config, reportId);
     if (reportResponse !== undefined) {
-        let output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
+        const output = formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config, reportResponse.remediationGuidance
             ? reportResponse.remediationGuidance
             : {});
         if (config.fail) {

package/dist/audit/report/utils/reportUtils.js

@@ -1,13 +1,32 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.countVulnerableLibrariesBySeverity = exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.orderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
-const constants_1 = __importDefault(require("../../../constants/constants"));
-const constants_2 = require("../../../constants/constants");
+const constants_1 = __importStar(require("../../../constants/constants"));
 const lodash_1 = require("lodash");
 const severityCountModel_1 = require("../models/severityCountModel");
 const { supportedLanguages: { GO } } = constants_1.default;
@@ -16,27 +35,27 @@ function findHighestSeverityCVE(cveArray) {
     return (0, lodash_1.orderBy)(mappedToReportSeverityModels, cve => cve?.priority)[0];
 }
 exports.findHighestSeverityCVE = findHighestSeverityCVE;
-function orderByHighestPriority(cves) {
-    return (0, lodash_1.orderBy)(cves, ['priority'], ['asc']);
+function orderByHighestPriority(severityModels) {
+    return (0, lodash_1.orderBy)(severityModels, ['priority'], ['asc']);
 }
 exports.orderByHighestPriority = orderByHighestPriority;
 function findCVESeverity(cve) {
     const cveName = cve.name;
     if (cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL') {
-        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_2.CRITICAL_PRIORITY, constants_2.CRITICAL_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_1.CRITICAL_PRIORITY, constants_1.CRITICAL_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH') {
-        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_2.HIGH_PRIORITY, constants_2.HIGH_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_1.HIGH_PRIORITY, constants_1.HIGH_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'MEDIUM' ||
         cve.severityCode === 'MEDIUM') {
-        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_2.MEDIUM_PRIORITY, constants_2.MEDIUM_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_1.MEDIUM_PRIORITY, constants_1.MEDIUM_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW') {
-        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_2.LOW_PRIORITY, constants_2.LOW_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_1.LOW_PRIORITY, constants_1.LOW_COLOUR, cveName);
     }
     else if (cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE') {
-        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_2.NOTE_PRIORITY, constants_2.NOTE_COLOUR, cveName);
+        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_1.NOTE_PRIORITY, constants_1.NOTE_COLOUR, cveName);
     }
 }
 exports.findCVESeverity = findCVESeverity;

package/dist/cliConstants.js

@@ -296,10 +296,6 @@ const auditOptionDefinitions = [
             '}: ' +
             i18n.__('constantsIgnoreDev')
     },
-    {
-        name: 'fingerprint',
-        type: Boolean
-    },
     {
         name: 'save',
         alias: 's',
@@ -358,6 +354,14 @@ const auditOptionDefinitions = [
             i18n.__('auditOptionsBranchSummary')
     }
 ];
+const fingerprintOptionDefinitions = [
+    ...auditOptionDefinitions,
+    {
+        name: 'depth',
+        type: Number,
+        description: '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('depthOption')
+    }
+];
 const mainUsageGuide = commandLineUsage([
     {
         header: i18n.__('constantsHeader'),
@@ -379,7 +383,8 @@ const mainUsageGuide = commandLineUsage([
             { name: i18n.__('auditName'), summary: i18n.__('helpAuditSummary') },
             { name: i18n.__('versionName'), summary: i18n.__('helpVersionSummary') },
             { name: i18n.__('configName'), summary: i18n.__('helpConfigSummary') },
-            { name: i18n.__('helpName'), summary: i18n.__('helpSummary') }
+            { name: i18n.__('helpName'), summary: i18n.__('helpSummary') },
+            { name: i18n.__('learnName'), summary: i18n.__('helpLearnSummary') }
         ]
     },
     {
@@ -393,7 +398,8 @@ const mainUsageGuide = commandLineUsage([
         ]
     },
     commonHelpLinks()[0],
-    commonHelpLinks()[1]
+    commonHelpLinks()[1],
+    commonHelpLinks()[2]
 ]);
 const mainDefinition = [{ name: 'command', defaultOption: true }];
 module.exports = {
@@ -401,6 +407,7 @@ module.exports = {
         mainUsageGuide,
         mainDefinition,
         scanOptionDefinitions,
+        fingerprintOptionDefinitions,
         auditOptionDefinitions,
         authOptionDefinitions,
         configOptionDefinitions,

package/dist/commands/audit/auditConfig.js

@@ -5,8 +5,7 @@ const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const getAuditConfig = async (contrastConf, command, argv) => {
     const auditParameters = await getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler.getAuth(auditParameters);
-    const javaAgreement = paramHandler.getAgreement();
-    return { ...paramsAuth, ...auditParameters, ...javaAgreement };
+    return { ...paramsAuth, ...auditParameters };
 };
 module.exports = {
     getAuditConfig

package/dist/commands/audit/help.js

@@ -61,7 +61,8 @@ const auditUsageGuide = commandLineUsage([
         optionList: constants.commandLineDefinitions.auditAdvancedOptionDefinitionsForHelp
     },
     commonHelpLinks()[0],
-    commonHelpLinks()[1]
+    commonHelpLinks()[1],
+    commonHelpLinks()[2]
 ]);
 module.exports = {
     auditUsageGuide

package/dist/commands/audit/processAudit.js

@@ -1,7 +1,7 @@
 "use strict";
 const auditConfig = require('./auditConfig');
 const { auditUsageGuide } = require('./help');
-const scaController = require('../scan/sca/scaAnalysis');
+const scaController = require('../../scaAnalysis/scaAnalysis');
 const { sendTelemetryConfigAsObject } = require('../../telemetry/telemetry');
 const { postRunMessage } = require('../../common/commonHelp');
 const processAudit = async (contrastConf, argvMain) => {

package/dist/commands/fingerprint/fingerprintConfig.js

@@ -0,0 +1,12 @@
+"use strict";
+const parsedCLIOptions = require('../../utils/parsedCLIOptions');
+const constants = require('../../cliConstants');
+const paramHandler = require('../../utils/paramsUtil/paramHandler');
+const getFingerprintConfig = async (contrastConf, command, argv) => {
+    const fingerprintParameters = await parsedCLIOptions.getCommandLineArgsCustom(contrastConf, command, argv, constants.commandLineDefinitions.fingerprintOptionDefinitions);
+    const paramsAuth = paramHandler.getAuth(fingerprintParameters);
+    return { ...paramsAuth, ...fingerprintParameters };
+};
+module.exports = {
+    getFingerprintConfig
+};

package/dist/commands/fingerprint/processFingerprint.js

@@ -0,0 +1,14 @@
+"use strict";
+const fingerprintConfig = require('./fingerprintConfig');
+const autoDetection = require('../../scan/autoDetection');
+const saveResults = require('../../scan/saveResults');
+const processFingerprint = async (contrastConf, argvMain) => {
+    const config = await fingerprintConfig.getFingerprintConfig(contrastConf, 'fingerprint', argvMain);
+    let fingerprint = await autoDetection.autoDetectFingerprintInfo(config.file, config.depth);
+    let idArray = fingerprint.map(x => x.id);
+    await saveResults.writeResultsToFile(fingerprint, 'fingerPrintInfo.json');
+    return console.log(idArray);
+};
+module.exports = {
+    processFingerprint
+};

package/dist/commands/learn/learn.js

@@ -0,0 +1,9 @@
+"use strict";
+const open = require('open');
+async function openLearnPage() {
+    const url = 'https://www.contrastsecurity.com/developer/learn';
+    return open(url);
+}
+module.exports = {
+    openLearnPage
+};

package/dist/commands/learn/processLearn.js

@@ -0,0 +1,10 @@
+"use strict";
+const { openLearnPage } = require('./learn');
+async function processLearn() {
+    console.log('Opening develop central...');
+    console.log('If the page does not open you can open it directly via https://www.contrastsecurity.com/developer/learn');
+    return openLearnPage();
+}
+module.exports = {
+    processLearn
+};

package/dist/common/commonHelp.js

@@ -19,17 +19,24 @@ const commonHelpLinks = () => {
                 i18n.__('commonHelpLearnMoreEnterpriseHeader') +
                     i18n.__('commonHelpLearnMoreEnterpriseText')
             ]
+        },
+        {
+            content: [
+                i18n.__('commonHelpLearnHeader') + i18n.__('commonHelpLearnText')
+            ]
         }
     ];
 };
 const postRunMessage = commandName => {
     console.log('\n' + chalk.underline.bold('Other Features:'));
     if (commandName !== 'scan')
-        console.log("'contrast scan' to run Contrasts’ industry leading SAST scanner");
+        console.log("'contrast scan' to run Contrast's industry leading SAST scanner");
     if (commandName !== 'audit')
         console.log("'contrast audit' to find vulnerabilities in your open source dependencies");
     if (commandName !== 'lambda')
         console.log("'contrast lambda' to secure your AWS serverless functions");
+    if (commandName !== 'learn')
+        console.log("'contrast learn' launches Contrast's Secure Code Learning Hub.");
 };
 module.exports = {
     commonHelpLinks,

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.19';
+const APP_VERSION = '1.0.21';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/constants/locales.js

@@ -121,6 +121,10 @@ const en_locales = () => {
         versionName: 'version',
         configName: 'config',
         helpName: 'help',
+        learnName: 'learn',
+        helpLearnSummary: 'launches Contrast’s Secure Code Learning Hub.',
+        fingerprintName: 'assess repo to see how many languages it can detect. For use in pipeline only.',
+        depthOption: 'can set how deep in the file system the cli looks for language files',
         scanOptionsLanguageSummary: 'Valid values are JAVA, JAVASCRIPT and DOTNET',
         scanOptionsTimeoutSummary: 'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
         scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
@@ -134,7 +138,10 @@ const en_locales = () => {
             chalk.bold('\ncontrast scan') +
             " to run Contrast's industry leading SAST scanner. \nSupports Java, JavaScript and .Net \n" +
             chalk.bold('\ncontrast audit') +
-            ' to find vulnerabilities in your open source dependencies.\nSupports Java, .NET, Node, Ruby, Python, Go and PHP \n' +
+            ' to find vulnerabilities in your open source dependencies.' +
+            '\nSupports Java, .NET, Node, Ruby, Python, Go and PHP.' +
+            '\nOur CLI runs native build tools to generate a complete dependency tree.' +
+            '\nIf you are running on untrusted code, consider running in a sandbox.\n' +
             chalk.bold('\ncontrast lambda') +
             ' to secure your AWS serverless functions. \nSupports Java and Python \n' +
             chalk.bold('\ncontrast help') +
@@ -181,7 +188,8 @@ const en_locales = () => {
         constantsAuditPrerequisitesContentSupportedLanguages: 'Supported languages and their requirements are:',
         constantsAuditPrerequisitesJavaContentMessage: `
     ${chalk.bold('Java:')} pom.xml ${chalk.bold('and')} Maven build platform including the dependency plugin. 
-    ${chalk.bold('Or')} build.gradle ${chalk.bold('and')} gradle dependencies or ./gradlew dependencies must be supported`,
+    ${chalk.bold('Or')} build.gradle ${chalk.bold('and')} gradle dependencies or ./gradlew dependencies must be supported
+    If you are running on untrusted code, consider running in a sandbox.`,
         constantsAuditPrerequisitesContentDotNetMessage: `
     ${chalk.bold('.NET framework and .NET core:')} MSBuild 15.0 or greater and a packages.lock.json file.
     Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
@@ -215,7 +223,10 @@ const en_locales = () => {
         commonHelpLearnMoreText: ' https://www.contrastsecurity.com/developer ',
         commonHelpLearnMoreEnterpriseText: ' https://docs.contrastsecurity.com/en/run-contrast-cli.html ',
         commonHelpJoinDiscussionHeader: chalk.hex('#9DC184')('Join the discussion:'),
-        commonHelpJoinDiscussionText: ' https://dev.to/codesec',
+        commonHelpJoinDiscussionText: ' https://www.contrastsecurity.com/developer/community',
+        commonHelpLearnHeader: chalk.hex('#ffe599')('\rWant to UP your game?') +
+            " type 'contrast learn'",
+        commonHelpLearnText: `\n🎓 Advance your security knowledge and become an ${chalk.hex('#ffd966')('All-star coder')} ⭐  with ${chalk.bold('Contrast Secure Code Learning Hub.')} 😺`,
         authCommand: {
             credentialsAccepted: {
                 title: 'Credentials accepted',

package/dist/index.js

@@ -9,6 +9,7 @@ const processAudit_1 = require("./commands/audit/processAudit");
 const auth_1 = require("./commands/auth/auth");
 const config_1 = require("./commands/config/config");
 const processScan_1 = require("./commands/scan/processScan");
+const processFingerprint_1 = require("./commands/fingerprint/processFingerprint");
 const cliConstants_1 = __importDefault(require("./cliConstants"));
 const constants_1 = require("./constants/constants");
 const lambda_1 = require("./lambda/lambda");
@@ -16,6 +17,7 @@ const getConfig_1 = require("./utils/getConfig");
 const versionChecker_1 = require("./common/versionChecker");
 const errorHandling_1 = require("./common/errorHandling");
 const telemetry_1 = require("./telemetry/telemetry");
+const processLearn_1 = require("./commands/learn/processLearn");
 const { commandLineDefinitions: { mainUsageGuide, mainDefinition } } = cliConstants_1.default;
 const config = (0, getConfig_1.localConfig)(constants_1.APP_NAME, constants_1.APP_VERSION);
 const getMainOption = () => {
@@ -64,6 +66,12 @@ const start = async () => {
             if (command === 'audit') {
                 return await (0, processAudit_1.processAudit)(config, argvMain);
             }
+            if (command === 'learn') {
+                return (0, processLearn_1.processLearn)();
+            }
+            if (command === 'fingerprint') {
+                return await (0, processFingerprint_1.processFingerprint)(config, argvMain);
+            }
             if (command === 'help' ||
                 argvMain.includes('--help') ||
                 Object.keys(mainOptions).length === 0) {

package/dist/lambda/help.js

@@ -82,6 +82,7 @@ const lambdaUsageGuide = (0, command_line_usage_1.default)([
         ]
     },
     (0, commonHelp_1.commonHelpLinks)()[0],
-    (0, commonHelp_1.commonHelpLinks)()[1]
+    (0, commonHelp_1.commonHelpLinks)()[1],
+    (0, commonHelp_1.commonHelpLinks)()[2]
 ]);
 exports.lambdaUsageGuide = lambdaUsageGuide;

package/dist/scaAnalysis/common/auditReport.js

@@ -1,77 +1,33 @@
 "use strict";
-const { getSeverityCounts, createSummaryMessageTop, printVulnInfo, getReportTable, getIssueRow, printNoVulnFoundMsg } = require('../../audit/report/commonReportingFunctions');
-const { orderBy } = require('lodash');
-const { assignBySeverity } = require('../../scan/formatScanOutput');
-const chalk = require('chalk');
-const { CE_URL } = require('../../constants/constants');
+const { getSeverityCounts, printNoVulnFoundMsg } = require('../../audit/report/commonReportingFunctions');
 const common = require('../../common/fail');
-const i18n = require('i18n');
-const processAuditReport = (config, results) => {
+const { printFormattedOutputSca } = require('./commonReportingFunctionsSca');
+const processAuditReport = (config, reportModelList) => {
     let severityCounts = {};
-    if (results !== undefined) {
-        severityCounts = formatScaServicesReport(config, results);
+    if (reportModelList !== undefined) {
+        severityCounts = formatScaServicesReport(config, reportModelList);
     }
     if (config.fail) {
         common.processFail(config, severityCounts);
     }
 };
-const formatScaServicesReport = (config, results) => {
-    const projectOverviewCount = getSeverityCounts(results);
+const formatScaServicesReport = (config, reportModelList) => {
+    const projectOverviewCount = getSeverityCounts(reportModelList);
     if (projectOverviewCount.total === 0) {
         printNoVulnFoundMsg();
-        return projectOverviewCount;
     }
     else {
-        let total = 0;
-        const numberOfCves = results.length;
-        const table = getReportTable();
-        let contrastHeaderNumCounter = 0;
-        let assignPriorityToResults = results.map(result => assignBySeverity(result, result));
-        const numberOfVulns = results
-            .map(result => result.vulnerabilities)
-            .reduce((a, b) => {
-            return (total += b.length);
-        }, 0);
-        const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(assignPriorityToResults, [
-            reportListItem => {
-                return reportListItem.priority;
-            },
-            reportListItem => {
-                return reportListItem.vulnerabilities.length;
+        const numberOfVulnerableLibraries = reportModelList.map(library => {
+            let count = 0;
+            if (library.vulnerabilities.length > 0) {
+                count++;
             }
-        ], ['asc', 'desc']);
-        for (const result of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
-            contrastHeaderNumCounter++;
-            const cvesNum = result.vulnerabilities.length;
-            const grammaticallyCorrectVul = result.vulnerabilities.length > 1 ? 'vulnerabilities' : 'vulnerability';
-            const headerColour = chalk.hex(result.colour);
-            const headerRow = [
-                headerColour(`CONTRAST-${contrastHeaderNumCounter.toString().padStart(3, '0')}`),
-                headerColour(`-`),
-                headerColour(`[${result.severity}] `) +
-                    headerColour.bold(`${result.artifactName}`) +
-                    ` introduces ${cvesNum} ${grammaticallyCorrectVul}`
-            ];
-            const adviceRow = [
-                chalk.bold(`Advice`),
-                chalk.bold(`:`),
-                `Change to version ${result.remediationAdvice.latestStableVersion}`
-            ];
-            let assignPriorityToVulns = result.vulnerabilities.map(result => assignBySeverity(result, result));
-            const issueRow = getIssueRow(assignPriorityToVulns);
-            table.push(headerRow, issueRow, adviceRow);
-            console.log();
-        }
-        console.log();
-        createSummaryMessageTop(numberOfCves, numberOfVulns);
-        console.log(table.toString() + '\n');
-        printVulnInfo(projectOverviewCount);
-        if (config.host !== CE_URL) {
-            console.log('\n' + chalk.bold(i18n.__('auditServicesMessageForTS')));
-            console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs`);
-        }
-        return projectOverviewCount;
+            return count;
+        }).length;
+        let numberOfCves = reportModelList.reduce((count, current) => count + current.vulnerabilities.length, 0);
+        printFormattedOutputSca(config, reportModelList, numberOfVulnerableLibraries, numberOfCves);
     }
+    return projectOverviewCount;
 };
 module.exports = {
     formatScaServicesReport,

package/dist/scaAnalysis/common/commonReportingFunctionsSca.js

@@ -0,0 +1,154 @@
+"use strict";
+const { ReportList, ReportModelStructure, ReportCompositeKey } = require('../../audit/report/models/reportListModel');
+const { countVulnerableLibrariesBySeverity } = require('../../audit/report/utils/reportUtils');
+const { SeverityCountModel } = require('../../audit/report/models/severityCountModel');
+const { orderBy } = require('lodash');
+const { ReportOutputModel, ReportOutputHeaderModel, ReportOutputBodyModel } = require('../../audit/report/models/reportOutputModel');
+const { CE_URL, CRITICAL_COLOUR, HIGH_COLOUR, MEDIUM_COLOUR, LOW_COLOUR, NOTE_COLOUR } = require('../../constants/constants');
+const chalk = require('chalk');
+const Table = require('cli-table3');
+const { findHighestSeverityCVESca, severityCountAllCVEsSca, findCVESeveritySca, orderByHighestPrioritySca } = require('./utils/reportUtilsSca');
+const { buildFormattedHeaderNum } = require('../../audit/report/commonReportingFunctions');
+const createSummaryMessageTop = (numberOfVulnerableLibraries, numberOfCves) => {
+    numberOfVulnerableLibraries === 1
+        ? console.log(`\n\nFound 1 vulnerable library containing ${numberOfCves} CVE`)
+        : console.log(`\n\nFound ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs`);
+};
+const createSummaryMessageBottom = numberOfVulnerableLibraries => {
+    numberOfVulnerableLibraries === 1
+        ? console.log(`Found 1 vulnerability`)
+        : console.log(`Found ${numberOfVulnerableLibraries} vulnerabilities`);
+};
+const printFormattedOutputSca = (config, reportModelList, numberOfVulnerableLibraries, numberOfCves) => {
+    createSummaryMessageTop(numberOfVulnerableLibraries, numberOfCves);
+    console.log();
+    const report = new ReportList();
+    for (const library of reportModelList) {
+        const { artifactName, version, vulnerabilities, remediationAdvice } = library;
+        const newOutputModel = new ReportModelStructure(new ReportCompositeKey(artifactName, version, findHighestSeverityCVESca(vulnerabilities), severityCountAllCVEsSca(vulnerabilities, new SeverityCountModel()).getTotal), vulnerabilities, remediationAdvice);
+        report.reportOutputList.push(newOutputModel);
+    }
+    const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = orderBy(report.reportOutputList, [
+        reportListItem => {
+            return reportListItem.compositeKey.highestSeverity.priority;
+        },
+        reportListItem => {
+            return reportListItem.compositeKey.numberOfSeverities;
+        }
+    ], ['asc', 'desc']);
+    let contrastHeaderNumCounter = 0;
+    for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
+        contrastHeaderNumCounter++;
+        const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
+        const { cveArray, remediationAdvice } = reportModel;
+        const numOfCVEs = reportModel.cveArray.length;
+        const table = getReportTable();
+        const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
+        const body = buildBody(cveArray, remediationAdvice);
+        const reportOutputModel = new ReportOutputModel(header, body);
+        table.push(reportOutputModel.body.issueMessage, reportOutputModel.body.adviceMessage);
+        console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
+        console.log(table.toString() + '\n');
+    }
+    createSummaryMessageBottom(numberOfVulnerableLibraries);
+    const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
+    console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
+    if (config.host !== CE_URL) {
+        console.log('\n' + chalk.bold('View your full dependency tree in Contrast:'));
+        console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    }
+};
+function getReportTable() {
+    return new Table({
+        chars: {
+            top: '',
+            'top-mid': '',
+            'top-left': '',
+            'top-right': '',
+            bottom: '',
+            'bottom-mid': '',
+            'bottom-left': '',
+            'bottom-right': '',
+            left: '',
+            'left-mid': '',
+            mid: '',
+            'mid-mid': '',
+            right: '',
+            'right-mid': '',
+            middle: ' '
+        },
+        style: { 'padding-left': 0, 'padding-right': 0 },
+        colAligns: ['right'],
+        wordWrap: true,
+        colWidths: [12, 1, 100]
+    });
+}
+function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
+    const vulnerabilityPluralised = numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability';
+    const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
+    const headerColour = chalk.hex(highestSeverity.colour);
+    const headerNumAndSeverity = headerColour(`${formattedHeaderNum} - [${highestSeverity.severity}]`);
+    const libraryNameAndVersion = headerColour.bold(`${libraryName}-${version}`);
+    const vulnMessage = `${headerNumAndSeverity} ${libraryNameAndVersion}`;
+    const introducesMessage = `introduces ${numOfCVEs} ${vulnerabilityPluralised}`;
+    return new ReportOutputHeaderModel(vulnMessage, introducesMessage);
+}
+function buildBody(cveArray, advice) {
+    const orderedCvesWithSeverityAssigned = orderByHighestPrioritySca(cveArray.map(cve => findCVESeveritySca(cve)));
+    const issueMessage = getIssueRow(orderedCvesWithSeverityAssigned);
+    const adviceMessage = getAdviceRow(advice);
+    return new ReportOutputBodyModel(issueMessage, adviceMessage);
+}
+function getIssueRow(cveArray) {
+    const cveMessagesList = getIssueCveMsgList(cveArray);
+    return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`];
+}
+function getAdviceRow(advice) {
+    const latestOrClosest = advice.latestStableVersion
+        ? advice.latestStableVersion
+        : advice.closestStableVersion;
+    const displayAdvice = latestOrClosest
+        ? `Change to version ${chalk.bold(latestOrClosest)}`
+        : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.';
+    return [chalk.bold(`Advice`), chalk.bold(`:`), `${displayAdvice}`];
+}
+const buildFooter = reportModelStructure => {
+    const { critical, high, medium, low, note } = countVulnerableLibrariesBySeverity(reportModelStructure);
+    const criticalMessage = chalk
+        .hex(CRITICAL_COLOUR)
+        .bold(`${critical} Critical`);
+    const highMessage = chalk.hex(HIGH_COLOUR).bold(`${high} High`);
+    const mediumMessage = chalk.hex(MEDIUM_COLOUR).bold(`${medium} Medium`);
+    const lowMessage = chalk.hex(LOW_COLOUR).bold(`${low} Low`);
+    const noteMessage = chalk.hex(NOTE_COLOUR).bold(`${note} Note`);
+    return {
+        criticalMessage,
+        highMessage,
+        mediumMessage,
+        lowMessage,
+        noteMessage
+    };
+};
+const getIssueCveMsgList = reportSeverityModels => {
+    const cveMessages = [];
+    reportSeverityModels.forEach(reportSeverityModel => {
+        const { colour, severity, name } = reportSeverityModel;
+        const severityShorthand = chalk
+            .hex(colour)
+            .bold(`[${severity.charAt(0).toUpperCase()}]`);
+        const builtMessage = severityShorthand + name;
+        cveMessages.push(builtMessage);
+    });
+    return cveMessages;
+};
+module.exports = {
+    createSummaryMessageTop,
+    createSummaryMessageBottom,
+    printFormattedOutputSca,
+    getReportTable,
+    buildHeader,
+    buildBody,
+    getIssueRow,
+    buildFormattedHeaderNum,
+    getIssueCveMsgList
+};