@contrast/contrast 1.0.2 → 1.0.5

package/dist/audit/languageAnalysisEngine/report/reportingFeature.js

@@ -1,133 +1,28 @@
 "use strict";
-const i18n = require('i18n');
-const commonApi = require('../commonApi');
-const commonReport = require('./commonReportingFunctions');
-function displaySuccessMessageVulnerabilities() {
-    console.log(i18n.__('vulnerabilitiesSuccessMessage'));
-}
-const vulnerabilityReport = async (analysis, applicationId, config) => {
-    let depRiskReportCount = {};
-    if (analysis.language === 'NODE') {
-        depRiskReportCount = await commonReport.dependencyRiskReport(analysis.node.packageJSON, config);
-    }
-    if (config['report']) {
-        const reportResponse = await commonReport.getReport(applicationId);
-        if (reportResponse !== undefined) {
-            const libraryVulnerabilityInput = createLibraryVulnerabilityInput(reportResponse.reports);
-            const libraryVulnerabilityResponse = await getLibraryVulnerabilities(libraryVulnerabilityInput, applicationId);
-            const severity = config['cve_severity'];
-            const id = applicationId;
-            const name = config.applicationName;
-            const hasSomeVulnerabilitiesReported = formatVulnerabilityOutput(libraryVulnerabilityResponse, severity, id, name, depRiskReportCount, config);
-            commonReport.analyseReportOptions(hasSomeVulnerabilitiesReported);
-        }
-    }
-};
-const createLibraryVulnerabilityInput = report => {
-    const language = Object.keys(report[0].report)[0];
-    const reportTree = report[0].report[language].dependencyTree;
-    const libraries = reportTree[Object.keys(reportTree)[0]];
-    let gav = [];
-    for (const key of Object.keys(libraries)) {
-        gav.push({
-            name: libraries[key].name,
-            group: libraries[key].group,
-            version: libraries[key].resolved
-        });
-    }
-    return {
-        name_group_versions: gav,
-        language: language.toUpperCase()
-    };
-};
-const oldCountSeverity = vulnerableLibraries => {
-    const severityCount = {
-        critical: 0,
-        high: 0,
-        medium: 0,
-        low: 0
-    };
-    vulnerableLibraries.forEach(lib => {
-        lib.vulns.forEach(vuln => {
-            if (vuln.severity_code === 'HIGH') {
-                severityCount['high'] += 1;
-            }
-            else if (vuln.severity_code === 'MEDIUM') {
-                severityCount['medium'] += 1;
-            }
-            else if (vuln.severity_code === 'LOW') {
-                severityCount['low'] += 1;
-            }
-            else if (vuln.severity_code === 'CRITICAL') {
-                severityCount['critical'] += 1;
-            }
-        });
-    });
-    return severityCount;
-};
-const parseVulnerabilites = libraryVulnerabilityResponse => {
-    let parsedVulnerabilites = {};
-    let vulnName = libraryVulnerabilityResponse.libraries;
-    for (let x in vulnName) {
-        let vuln = vulnName[x].vulns;
-        if (vuln.length > 0) {
-            let libname = vulnName[x].group +
-                '/' +
-                vulnName[x].file_name +
-                '@' +
-                vulnName[x].file_version;
-            parsedVulnerabilites[libname] = vulnName[x].vulns;
-        }
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatVulnerabilityOutput = exports.vulnerabilityReport = void 0;
+const commonReportingFunctions_1 = require("./commonReportingFunctions");
+const reportUtils_1 = require("./utils/reportUtils");
+async function vulnerabilityReport(analysis, applicationId, reportId) {
+    const reportResponse = await (0, commonReportingFunctions_1.getReport)(analysis.config, reportId);
+    if (reportResponse !== undefined) {
+        const id = applicationId;
+        const name = analysis.config.applicationName;
+        formatVulnerabilityOutput(reportResponse.vulnerabilities, id, name, analysis.config);
     }
-    return parsedVulnerabilites;
-};
-const formatVulnerabilityOutput = (libraryVulnerabilityResponse, severity, id, name, depRiskReportCount, config) => {
-    let vulnerableLibraries = libraryVulnerabilityResponse.libraries.filter(data => {
-        return data.vulns.length > 0;
-    });
+}
+exports.vulnerabilityReport = vulnerabilityReport;
+function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, name, config) {
+    const vulnerableLibraries = (0, reportUtils_1.convertGenericToTypedLibraries)(libraryVulnerabilityResponse);
     const numberOfVulnerableLibraries = vulnerableLibraries.length;
     let numberOfCves = 0;
-    vulnerableLibraries.forEach(lib => (numberOfCves += lib.vulns.length));
-    commonReport.createLibraryHeader(id, numberOfVulnerableLibraries, numberOfCves, name);
-    const severityCount = oldCountSeverity(vulnerableLibraries);
-    let vulnerabilities = parseVulnerabilites(libraryVulnerabilityResponse);
-    let filteredVulns = commonReport.filterVulnerabilitiesBySeverity(severity, vulnerabilities);
-    let hasSomeVulnerabilitiesReported;
-    hasSomeVulnerabilitiesReported = commonReport.printVulnerabilityResponse(severity, filteredVulns, vulnerabilities);
-    console.log('\n **************************' +
-        ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
-        '************************** ');
-    if (depRiskReportCount && depRiskReportCount.scopedCount === 0) {
-        console.log(' No private libraries that are not scoped detected');
-    }
-    console.log(' \n Please go to the Contrast UI to view your dependency tree: \n' +
-        ` \n ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
-    return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount];
-};
-const getLibraryVulnerabilities = async (input, applicationId) => {
-    const requestBody = input;
-    const addParams = agent.getAdditionalParams();
-    const userParams = await util.getParams(applicationId);
-    const protocol = getValidHost(userParams.host);
-    const client = commonApi.getHttpClient(userParams, protocol, addParams);
-    return client
-        .getLibraryVulnerabilities(requestBody, userParams)
-        .then(res => {
-        if (res.statusCode === 200) {
-            displaySuccessMessageVulnerabilities();
-            return res.body;
-        }
-        else {
-            handleResponseErrors(res, 'vulnerabilities');
-        }
-    })
-        .catch(err => {
-        console.log(err);
-    });
-};
-module.exports = {
-    vulnerabilityReport: vulnerabilityReport,
-    getLibraryVulnerabilities: getLibraryVulnerabilities,
-    formatVulnerabilityOutput: formatVulnerabilityOutput,
-    createLibraryVulnerabilityInput: createLibraryVulnerabilityInput
-};
+    vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
+    (0, commonReportingFunctions_1.createLibraryHeader)(id, numberOfVulnerableLibraries, numberOfCves);
+    const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(vulnerableLibraries, config);
+    return [
+        hasSomeVulnerabilitiesReported,
+        numberOfCves,
+        (0, reportUtils_1.severityCount)(vulnerableLibraries)
+    ];
+}
+exports.formatVulnerabilityOutput = formatVulnerabilityOutput;

package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js

@@ -0,0 +1,85 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findNameAndVersion = exports.severityCount = exports.convertGenericToTypedLibraries = exports.findHighestSeverityCVE = void 0;
+const reportLibraryModel_1 = require("../models/reportLibraryModel");
+const reportSeverityModel_1 = require("../models/reportSeverityModel");
+const constants_1 = __importDefault(require("../../../languageAnalysisEngine/constants"));
+const { supportedLanguages: { GO } } = constants_1.default;
+function findHighestSeverityCVE(cveArray) {
+    if (cveArray.find(cve => cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL')) {
+        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', 1);
+    }
+    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH')) {
+        return new reportSeverityModel_1.ReportSeverityModel('HIGH', 2);
+    }
+    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'MEDIUM' || cve.severityCode === 'MEDIUM')) {
+        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', 3);
+    }
+    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW')) {
+        return new reportSeverityModel_1.ReportSeverityModel('LOW', 4);
+    }
+    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE')) {
+        return new reportSeverityModel_1.ReportSeverityModel('NOTE', 5);
+    }
+}
+exports.findHighestSeverityCVE = findHighestSeverityCVE;
+function convertGenericToTypedLibraries(libraries) {
+    return Object.entries(libraries).map(([name, cveArray]) => {
+        return new reportLibraryModel_1.ReportLibraryModel(name, cveArray);
+    });
+}
+exports.convertGenericToTypedLibraries = convertGenericToTypedLibraries;
+function severityCount(vulnerableLibraries) {
+    const severityCount = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0,
+        note: 0
+    };
+    vulnerableLibraries.forEach(lib => {
+        lib.cveArray.forEach(cve => {
+            if (cve.cvss3SeverityCode === 'CRITICAL' ||
+                cve.severityCode === 'CRITICAL') {
+                severityCount['critical'] += 1;
+            }
+            else if (cve.cvss3SeverityCode === 'HIGH' ||
+                cve.severityCode === 'HIGH') {
+                severityCount['high'] += 1;
+            }
+            else if (cve.cvss3SeverityCode === 'MEDIUM' ||
+                cve.severityCode === 'MEDIUM') {
+                severityCount['medium'] += 1;
+            }
+            else if (cve.cvss3SeverityCode === 'LOW' ||
+                cve.severityCode === 'LOW') {
+                severityCount['low'] += 1;
+            }
+            else if (cve.cvss3SeverityCode === 'NOTE' ||
+                cve.severityCode === 'NOTE') {
+                severityCount['note'] += 1;
+            }
+        });
+    });
+    return severityCount;
+}
+exports.severityCount = severityCount;
+function findNameAndVersion(library, config) {
+    if (config.language.toUpperCase() === GO) {
+        const nameVersion = library.name.split('@');
+        const name = nameVersion[0];
+        const version = nameVersion[1];
+        return { name, version };
+    }
+    else {
+        const splitLibraryName = library.name.split('/');
+        const nameVersion = splitLibraryName[1].split('@');
+        const name = nameVersion[0];
+        const version = nameVersion[1];
+        return { name, version };
+    }
+}
+exports.findNameAndVersion = findNameAndVersion;

package/dist/audit/languageAnalysisEngine/sendSnapshot.js

@@ -1,18 +1,8 @@
 "use strict";
-const prettyjson = require('prettyjson');
-const i18n = require('i18n');
 const { getHttpClient } = require('../../utils/commonApi');
 const { handleResponseErrors } = require('../../common/errorHandling');
 const { APP_VERSION } = require('../../constants/constants');
-function displaySnapshotSuccessMessage(config) {
-    console.log('\n **************************' +
-        i18n.__('successHeader') +
-        '************************** ');
-    console.log('\n' + i18n.__('snapshotSuccessMessage') + '\n');
-    console.log(` ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
-    console.log('\n ***********************************************************');
-}
-const newSendSnapShot = async (analysis, applicationId) => {
+const newSendSnapShot = async (analysis) => {
     const analysisLanguage = analysis.config.language.toLowerCase();
     const requestBody = {
         appID: analysis.config.applicationId,
@@ -24,7 +14,6 @@ const newSendSnapShot = async (analysis, applicationId) => {
         .sendSnapshot(requestBody, analysis.config)
         .then(res => {
         if (res.statusCode === 201) {
-            displaySnapshotSuccessMessage(analysis.config);
             return res.body;
         }
         else {
@@ -36,6 +25,5 @@ const newSendSnapShot = async (analysis, applicationId) => {
     });
 };
 module.exports = {
-    newSendSnapShot: newSendSnapShot,
-    displaySnapshotSuccessMessage: displaySnapshotSuccessMessage
+    newSendSnapShot: newSendSnapShot
 };

package/dist/commands/audit/auditConfig.js

@@ -8,14 +8,20 @@ const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHand
 const constants_1 = __importDefault(require("../../constants"));
 const parsedCLIOptions_1 = __importDefault(require("../../utils/parsedCLIOptions"));
 const constants_2 = __importDefault(require("../../audit/languageAnalysisEngine/constants"));
+const autoDetectLanguage_1 = require("../../audit/autodetection/autoDetectLanguage");
 const { supportedLanguages: { NODE, JAVASCRIPT } } = constants_2.default;
 const getAuditConfig = (argv) => {
     const auditParameters = parsedCLIOptions_1.default.getCommandLineArgsCustom(argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
     if (auditParameters.language === undefined ||
         auditParameters.language === null) {
-        console.log('error, --language parameter is required');
-        process.exit(1);
+        try {
+            auditParameters.language = (0, autoDetectLanguage_1.determineProjectLanguage)((0, autoDetectLanguage_1.identifyLanguages)(auditParameters));
+        }
+        catch (err) {
+            console.log(err.message);
+            process.exit(1);
+        }
     }
     else if (auditParameters.language.toUpperCase() === JAVASCRIPT) {
         auditParameters.language = NODE.toLowerCase();

package/dist/commands/audit/auditController.js

@@ -3,11 +3,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.startAudit = void 0;
+exports.startAudit = exports.dealWithNoAppId = void 0;
 const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
 const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
 const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
-const languageFactory = require('./../../audit/languageAnalysisEngine/langugageAnalysisFactory');
+const languageFactory = require('../../audit/languageAnalysisEngine/languageAnalysisFactory');
+const { v4: uuidv4 } = require('uuid');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
@@ -15,16 +16,24 @@ const dealWithNoAppId = async (config) => {
         if (!appID && config.applicationName) {
             return await (0, catalogueApplication_1.catalogueApplication)(config);
         }
+        if (!appID && !config.applicationName) {
+            config.applicationName = uuidv4();
+            return await (0, catalogueApplication_1.catalogueApplication)(config);
+        }
     }
     catch (e) {
-        console.log(e);
+        if (e.toString().includes('tunneling socket could not be established')) {
+            console.log(e.message);
+            console.log('There seems to be an issue with your proxy, please check and try again');
+        }
+        process.exit(1);
     }
-    console.log(appID);
     return appID;
 };
+exports.dealWithNoAppId = dealWithNoAppId;
 const startAudit = async (config) => {
     if (!config.applicationId) {
-        config.applicationId = await dealWithNoAppId(config);
+        config.applicationId = await (0, exports.dealWithNoAppId)(config);
     }
     identifyLanguageAE(config.projectPath, languageFactory, config.applicationId, config);
 };

package/dist/commands/audit/saveFile.js

@@ -0,0 +1,11 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs_1 = __importDefault(require("fs"));
+function saveFile(config, rawResults) {
+    const fileName = `${config.applicationId}-sbom-cyclonedx.json`;
+    fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
+}
+exports.default = saveFile;

package/dist/commands/auth/auth.js

@@ -7,7 +7,15 @@ const { sleep } = require('../../utils/requestUtils');
 const i18n = require('i18n');
 const { returnOra, startSpinner, failSpinner, succeedSpinner } = require('../../utils/oraWrapper');
 const { TIMEOUT, AUTH_UI_URL } = require('../../constants/constants');
-const processAuth = async (config) => {
+const parsedCLIOptions = require('../../utils/parsedCLIOptions');
+const constants = require('../../constants');
+const commandLineUsage = require('command-line-usage');
+const processAuth = async (argv, config) => {
+    let authParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.authOptionDefinitions);
+    if (authParams.help) {
+        console.log(authUsageGuide);
+        process.exit(0);
+    }
     const token = uuidv4();
     const url = `${AUTH_UI_URL}/?token=${token}`;
     console.log(i18n.__('redirectAuth', url));
@@ -56,6 +64,16 @@ const pollAuthResult = async (token, client) => {
         console.log(err);
     });
 };
+const authUsageGuide = commandLineUsage([
+    {
+        header: i18n.__('authHeader'),
+        content: [i18n.__('constantsAuthHeaderContents')]
+    },
+    {
+        header: i18n.__('constantsAuthUsageHeader'),
+        content: [i18n.__('constantsAuthUsageContents')]
+    }
+]);
 module.exports = {
     processAuth: processAuth
 };

package/dist/commands/config/config.js

@@ -1,14 +1,16 @@
 "use strict";
-const commandLineArgs = require('command-line-args');
+const parsedCLIOptions = require('../../utils/parsedCLIOptions');
+const constants = require('../../constants');
+const commandLineUsage = require('command-line-usage');
+const i18n = require('i18n');
 const processConfig = (argv, config) => {
-    const options = [{ name: 'clear', alias: 'c', type: Boolean }];
     try {
-        const configOptions = commandLineArgs(options, {
-            argv,
-            caseInsensitive: true,
-            camelCase: true
-        });
-        if (configOptions.clear) {
+        let configParams = parsedCLIOptions.getCommandLineArgsCustom(argv, constants.commandLineDefinitions.configOptionDefinitions);
+        if (configParams.help) {
+            console.log(configUsageGuide);
+            process.exit(0);
+        }
+        if (configParams.clear) {
             config.clear();
         }
         else {
@@ -19,6 +21,15 @@ const processConfig = (argv, config) => {
         console.log(e.message.toString());
     }
 };
+const configUsageGuide = commandLineUsage([
+    {
+        header: i18n.__('configHeader')
+    },
+    {
+        content: [i18n.__('constantsConfigUsageContents')],
+        optionList: constants.commandLineDefinitions.configOptionDefinitions
+    }
+]);
 module.exports = {
     processConfig: processConfig
 };

package/dist/commands/scan/processScan.js

@@ -1,37 +1,23 @@
 "use strict";
-const { startScan } = require('../../scan/scanController');
-const { formatScanOutput } = require('../../scan/scan');
-const { scanUsageGuide } = require('../../scan/help');
 const scanConfig = require('../../scan/scanConfig');
-const saveResults = require('../../scan/saveResults');
-const commonApi = require('../../utils/commonApi');
-const i18n = require('i18n');
+const { startScan } = require('../../scan/scanController');
+const { saveScanFile } = require('../../utils/saveFile');
+const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
+const { formatScanOutput } = require('../../scan/formatScanOutput');
+const { processSca } = require('./sca/scaAnalysis');
 const processScan = async (argvMain) => {
-    if (argvMain.indexOf('--help') !== -1) {
-        printHelpMessage();
-        process.exit(1);
-    }
     let config = scanConfig.getScanConfig(argvMain);
-    let scanResults = await startScan(config);
+    if (config.experimental) {
+        await processSca(config);
+    }
+    let scanResults = new ScanResultsModel(await startScan(config));
     if (scanResults) {
-        formatScanOutput(scanResults?.projectOverview, scanResults?.scanResultsInstances);
+        formatScanOutput(scanResults);
     }
-    if (config.save) {
-        if (config.save.toLowerCase() === 'sarif') {
-            const scanId = scanResults.scanDetail.id;
-            const client = commonApi.getHttpClient(config);
-            const rawResults = await client.getSpecificScanResultSarif(config, scanId);
-            saveResults.writeResultsToFile(rawResults?.body);
-        }
-        else {
-            console.log(i18n.__('scanNoFiletypeSpecifiedForSave'));
-        }
+    if (config.save !== undefined) {
+        await saveScanFile(config, scanResults);
     }
 };
-const printHelpMessage = () => {
-    console.log(scanUsageGuide);
-};
 module.exports = {
-    processScan,
-    printHelpMessage
+    processScan
 };

package/dist/commands/scan/sca/scaAnalysis.js

@@ -0,0 +1,44 @@
+"use strict";
+const autoDetection = require('../../../scan/autoDetection');
+const { javaAnalysis } = require('../../../scaAnalysis/java');
+const { commonSendSnapShot } = require('../../../scaAnalysis/common/treeUpload');
+const { manualDetectAuditFilesAndLanguages } = require('../../../scan/autoDetection');
+const { dealWithNoAppId } = require('../../audit/auditController');
+const { supportedLanguages: { JAVA } } = require('../../../audit/languageAnalysisEngine/constants');
+const processSca = async (config) => {
+    let filesFound;
+    if (config.projectPath) {
+        filesFound = await manualDetectAuditFilesAndLanguages(config.projectPath);
+    }
+    else {
+        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config);
+    }
+    let messageToSend = undefined;
+    if (filesFound.length === 1) {
+        switch (Object.keys(filesFound[0])[0]) {
+            case JAVA:
+                messageToSend = await javaAnalysis(config, filesFound[0]);
+                config.language = JAVA;
+                break;
+            default:
+                console.log('language detected not supported');
+                return;
+        }
+        if (!config.applicationId) {
+            config.applicationId = await dealWithNoAppId(config);
+        }
+        console.log('processing dependencies');
+        const response = await commonSendSnapShot(messageToSend, config);
+    }
+    else {
+        if (filesFound.length === 0) {
+            console.log('no compatible dependency files detected. Continuing...');
+        }
+        else {
+            console.log('multiple language files detected, please use --project-path to specify a directory or the file where dependencies are declared');
+        }
+    }
+};
+module.exports = {
+    processSca
+};

package/dist/common/HTTPClient.js

@@ -77,7 +77,9 @@ HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
     options.url = url;
     options.body = {
         codeArtifactId: codeArtifactId,
-        label: `Started by CLI tool at ${new Date().toString()}`
+        label: config.label
+            ? config.label
+            : `Started by CLI tool at ${new Date().toString()}`
     };
     return requestUtils.sendRequest({ method: 'post', options });
 };
@@ -97,6 +99,9 @@ HTTPClient.prototype.createProjectId = function createProjectId(config) {
         name: config.name,
         archived: 'false'
     };
+    if (config.language) {
+        options.body.language = config.language;
+    }
     options.url = createHarmonyProjectsUrl(config);
     return requestUtils.sendRequest({ method: 'post', options });
 };
@@ -140,28 +145,27 @@ HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
     return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
+    if (config.language.toUpperCase() === 'RUBY') {
+    }
     const options = _.cloneDeep(this.requestOptions);
     let url = createSnapshotURL(config);
     options.url = url;
     options.body = requestBody;
     return requestUtils.sendRequest({ method: 'post', options });
 };
-HTTPClient.prototype.getReport = function getReport(config) {
-    const options = _.cloneDeep(this.requestOptions);
-    let url = createReportUrl(config);
-    options.url = url;
-    return requestUtils.sendRequest({ method: 'get', options });
-};
-HTTPClient.prototype.getSpecificReport = function getSpecificReport(config, reportId) {
+HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = createSpecificReportUrl(config, reportId);
-    options.url = url;
+    if (config.ignoreDev) {
+        options.url = createSpecificReportWithProdUrl(config, reportId);
+    }
+    else {
+        options.url = createSpecificReportUrl(config, reportId);
+    }
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(requestBody, config) {
+HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(config, requestBody) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = createLibraryVulnerabilitiesUrl(config);
-    options.url = url;
+    options.url = createLibraryVulnerabilitiesUrl(config);
     options.body = requestBody;
     return requestUtils.sendRequest({ method: 'put', options });
 };
@@ -171,12 +175,6 @@ HTTPClient.prototype.getAppId = function getAppId(config) {
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getDependencyTree = function getReport(orgUuid, appId, reportId) {
-    const options = _.cloneDeep(this.requestOptions);
-    let url = createGetDependencyTree(options.uri, orgUuid, appId, reportId);
-    options.url = url;
-    return requestUtils.sendRequest({ method: 'get', options });
-};
 function getServerlessHost(config = {}) {
     const originalHost = config?.host || config?.get('host');
     const host = originalHost?.endsWith('/')
@@ -224,6 +222,11 @@ HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
     options.body = data;
     return requestUtils.sendRequest({ method: 'post', options });
 };
+HTTPClient.prototype.getSbom = function getSbom(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createSbomCycloneDXUrl(config);
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 const createGetScanIdURL = config => {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`;
 };
@@ -263,18 +266,18 @@ const createAppNameUrl = config => {
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
 }
-function createReportUrl(config) {
-    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports`;
-}
 function createSpecificReportUrl(config, reportId) {
-    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?nodesToInclude=PROD`;
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}`;
+}
+function createSpecificReportWithProdUrl(config, reportId) {
+    return createSpecificReportUrl(config, reportId).concat(`?nodesToInclude=PROD`);
 }
 function createDataUrl() {
     return `https://ardy.contrastsecurity.com/production`;
 }
-const createGetDependencyTree = (protocol, orgUuid, appId, reportId) => {
-    return `${protocol}/Contrast/api/ng/sca/organizations/${orgUuid}/applications/${appId}/reports/${reportId}`;
-};
+function createSbomCycloneDXUrl(config) {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`;
+}
 module.exports = HTTPClient;
 module.exports.pollForAuthUrl = pollForAuthUrl;
 module.exports.getServerlessHost = getServerlessHost;