@contrast/contrast 1.0.22 → 2.0.0

package/dist/common/HTTPClient.js

@@ -171,6 +171,18 @@ HTTPClient.prototype.scaServiceIngest = function scaServiceIngest(requestBody, c
     let url = createScaServiceIngestURL(config);
     options.url = url;
     options.body = requestBody;
+    if (config.debug || config.verbose) {
+        console.log('scaServiceIngest');
+        console.log('url', options.url);
+        console.log('body', options.body);
+    }
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.noProjectIdUpload = function scaServiceIngest(requestBody, config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createScaServiceNoProjectIdURL(config);
+    options.url = url;
+    options.body = requestBody;
     return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.scaServiceReport = function scaServiceReport(config, reportId) {
@@ -179,18 +191,31 @@ HTTPClient.prototype.scaServiceReport = function scaServiceReport(config, report
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(config, reportId) {
+HTTPClient.prototype.scaServiceReportNoProjectId = function scaServiceReport(config, reportId) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = createScaServiceReportStatusURL(config, reportId);
-    options.url = url;
+    options.url = createScaServiceReportNoProjectIdURL(config, reportId);
+    if (config.debug || config.verbose) {
+        console.log('createScaServiceReportNoProjectIdURL', options.url);
+    }
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
+HTTPClient.prototype.scaServiceReportStatus = function scaServiceReport(config, reportId) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = createScaServiceIngestsURL(config);
-    options.url = url;
+    options.url = createScaServiceReportStatusURL(config, reportId);
+    if (config.debug || config.verbose) {
+        console.log('createScaServiceReportStatusURL', options.url);
+    }
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.scaServiceNoProjectIdReportStatus =
+    function scaServiceReport(config, reportId) {
+        const options = _.cloneDeep(this.requestOptions);
+        options.url = createScaServiceReportStatusURL(config, reportId);
+        if (config.debug || config.verbose) {
+            console.log('createScaServiceReportStatusURL', options.url);
+        }
+        return requestUtils.sendRequest({ method: 'get', options });
+    };
 HTTPClient.prototype.scaServiceHealth = function scaServiceIngests(config) {
     const options = _.cloneDeep(this.requestOptions);
     let url = createScaServiceHealthURL(config);
@@ -225,6 +250,80 @@ HTTPClient.prototype.getAppId = function getAppId(config) {
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.registerRepo = function registerRepo(config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createRepositoryUrl(config);
+    options.url = url;
+    options.body = requestBody;
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.registerProjectGroup = function (config, requestBody) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = registerProjectGroupUrl(config);
+    options.url = url;
+    options.body = requestBody;
+    if (config.debug || config.verbose) {
+        console.log('registerProjectGroup');
+        console.log('url', options.url);
+        console.log('body', options.body);
+    }
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.registerProject = function (config, projectGroupId) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = registerProjectUrl(config, projectGroupId);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.retrieveSourcesViaRepositoryId = function (config, repositoryId) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveSourcesUrl(config, repositoryId);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.retrieveRepoByOrgAndGitURL = function (config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveRepoByOrgAndGitURL(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.registerOnCliServices = function (config, project) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveRegisterOnCliServicesUrl(config);
+    options.url = url;
+    options.body = project;
+    if (config.debug || config.verbose) {
+        console.log('registerOnCliServices');
+        console.log('url', options.url);
+        console.log('body', options.body);
+    }
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+HTTPClient.prototype.retrieveProjectByOrganizationId = function registerRepo(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveProjectByOrganizationIdUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.retrieveExistingProjectGroupsByOrg = function registerRepo(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveExistingGroupProjectsByOrgUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.retrieveExistingProjectIdByProjectGroupId =
+    function registerRepo(config, projectGroupId) {
+        const options = _.cloneDeep(this.requestOptions);
+        let url = retrieveExistingGroupProjectsByGroupIdUrl(config, projectGroupId);
+        options.url = url;
+        return requestUtils.sendRequest({ method: 'get', options });
+    };
+HTTPClient.prototype.retrieveExistingRepo = function registerRepo(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = retrieveExistingRepoUrl(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 function getServerlessHost(config = {}) {
     const originalHost = config?.host || config?.get('host');
     const host = originalHost?.endsWith('/')
@@ -338,22 +437,37 @@ function createSnapshotURL(config) {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots`;
 }
 function createScaServiceReportURL(config, reportId) {
-    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/reports/${reportId}`;
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects/${config.projectId}/libraries/reports/${reportId}`;
+    baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl;
+    return baseUrl;
+}
+function createScaServiceReportNoProjectIdURL(config, reportId) {
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/reports/${reportId}`;
     baseUrl = config.ignoreDev ? baseUrl.concat('?nodesToInclude=PROD') : baseUrl;
     return baseUrl;
 }
 function createScaServiceReportStatusURL(config, reportId) {
-    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/${reportId}/status`;
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/${reportId}/status`;
 }
-function createScaServiceIngestsURL(config) {
-    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests`;
+function createScaServiceNoProjectIdURL(config) {
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/ingests/tree${config.repo ? '?incomplete=true' : ''}`;
 }
 function createScaServiceHealthURL(config) {
     return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/health`;
 }
 function createScaServiceIngestURL(config) {
-    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/tree`;
-    baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl;
+    let optionalParams = [];
+    config.repo ? optionalParams.push('incomplete=true') : null;
+    config.track ? optionalParams.push('persist=true') : null;
+    let params = '?';
+    optionalParams.forEach(param => {
+        params = params.concat(param);
+        params = params.concat('&');
+    });
+    let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects/${config.projectId}/libraries/ingests/tree${params}`;
+    if (config.debug) {
+        console.log('createScaServiceIngestURL', baseUrl);
+    }
     return baseUrl;
 }
 const createAppCreateURL = config => {
@@ -362,6 +476,42 @@ const createAppCreateURL = config => {
 const createAppNameUrl = config => {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/name?filterText=${config.applicationName}`;
 };
+const registerProjectGroupUrl = config => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups`;
+};
+const registerProjectUrl = (config, projectGroupId) => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups/${projectGroupId}/projects`;
+};
+const retrieveRegisterOnCliServicesUrl = config => {
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects`;
+};
+const retrieveSourcesUrl = (config, repositoryId) => {
+    return `${config.host}/projects/v1/repositories/${repositoryId}/sources`;
+};
+const retrieveRepoByOrgAndGitURL = config => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/repository`;
+};
+const retrieveProjectByOrganizationIdUrl = config => {
+    let baseUrl = `${config.host}/api/v4/organizations/${config.organizationId}/projects`;
+    baseUrl = config.name ? baseUrl.concat(`?name=${config.name}`) : baseUrl;
+    baseUrl = config.language
+        ? baseUrl.concat(`&language=${config.language}`)
+        : baseUrl;
+    baseUrl = config.language ? baseUrl.concat(`&source=SCA`) : baseUrl;
+    return baseUrl;
+};
+const retrieveExistingGroupProjectsByOrgUrl = config => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/project-groups`;
+};
+const retrieveExistingGroupProjectsByGroupIdUrl = (config, projectGroupId) => {
+    return `${config.host}/api/v4/organizations/${config.organizationId}/projects/${projectGroupId}/projects`;
+};
+const retrieveExistingRepoUrl = config => {
+    return `${config.host}/projects/v4/organizations/${config.organizationId}/repositories`;
+};
+function createRepositoryUrl(config) {
+    return `${config.host}/projects/v1/repositories`;
+}
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
 }
@@ -381,7 +531,9 @@ function createSbomUrl(config, type) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
 }
 function createSCASbomUrl(config, type, reportId) {
-    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/applications/${config.applicationId}/sbom/${reportId}?toolType=${type}`;
+    return config.projectId
+        ? `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/projects/${config.projectId}/libraries/sbom/${reportId}?toolType=${type}`
+        : `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/libraries/sbom/${reportId}?toolType=${type}`;
 }
 function createTelemetryEventUrl(config) {
     return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/cli`;

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.22';
+const APP_VERSION = '2.0.0';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
@@ -27,12 +27,11 @@ const NOTE_PRIORITY = 5;
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com';
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';
 const SARIF_FILE = 'SARIF';
-const SBOM_CYCLONE_DX_FILE = 'cyclonedx';
-const SBOM_SPDX_FILE = 'spdx';
+const SBOM_CYCLONE_DX_FILE = 'CYCLONEDX';
+const SBOM_SPDX_FILE = 'SPDX';
 const CE_URL = 'https://ce.contrastsecurity.com';
 const SAAS = 'SAAS';
 const EOP = 'EOP';
-const MODE_BUILD = 'BUILD';
 const MODE_REPO = 'REPO';
 module.exports = {
     supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
@@ -62,6 +61,5 @@ module.exports = {
     SBOM_SPDX_FILE,
     SAAS,
     EOP,
-    MODE_BUILD,
     MODE_REPO
 };

package/dist/constants/locales.js

@@ -48,7 +48,7 @@ const en_locales = () => {
         constantsProxyServer: 'Allows for connection via a proxy server. If authentication is required please provide the username and password with the protocol, host and port. For instance: "https://username:password@<host>:<port>".',
         constantsGradleMultiProject: 'Specify the sub project within your gradle application.',
         constantsDoNotWaitForScan: 'Fire and forget. Do not wait for the result of the scan.',
-        constantsProjectName: 'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
+        constantsProjectName: 'Contrast project name. If not specified, Contrast uses the file / folder name to identify the project or creates a new project.',
         constantsProjectId: 'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
         failThresholdOptionErrorMessage: 'More than 0 vulnerabilities found',
         failSeverityOptionErrorMessage: ' FAIL - Results detected vulnerabilities over accepted severity level',
@@ -130,8 +130,12 @@ const en_locales = () => {
         scanOptionsTimeoutSummary: 'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
         scanOptionsFileNameSummary: 'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
         scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
-        auditOptionsTrackSummary: ' Save the results to the UI.',
+        auditOptionsTrackSummary: ' Send your dependency audit to Contrast to see results in the UI and start automating security checks. For instance when running local SCA checks you may not need or want to track the results.',
         auditOptionsBranchSummary: ' Set the branch name to associate the library results to.',
+        auditOptionsLegacySummary: ' Creates an application in Contrast (a legacy workflow) - displays a dependency tree for your piece of code, utilizes metatdata.' +
+            '\n' +
+            '.NET is only supported using --legacy\n',
+        auditOptionsRepoSummary: ' Run in repo mode.',
         authSuccessMessage: 'Authentication successful',
         runAuthSuccessMessage: chalk.bold('CodeSec by Contrast') +
             '\nScan, secure and ship your code in minutes for FREE. \n' +
@@ -193,7 +197,7 @@ const en_locales = () => {
     If you are running on untrusted code, consider running in a sandbox.`,
         constantsAuditPrerequisitesContentDotNetMessage: `
     ${chalk.bold('.NET framework and .NET core:')} MSBuild 15.0 or greater and a packages.lock.json file.
-    Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
+    Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build. Only supported with the --legacy flag, an older workflow\n`,
         constantsAuditPrerequisitesContentNodeMessage: `${chalk.bold('Node:')} package.json and a lock file (either .package-lock.json or .yarn.lock.)\n`,
         constantsAuditPrerequisitesContentRubyMessage: `${chalk.bold('Ruby:')} gemfile and gemfile.lock\n`,
         constantsAuditPrerequisitesContentPythonMessage: `${chalk.bold('Python:')} pipfile and pipfile.lock\n`,

package/dist/index.js

@@ -9,7 +9,6 @@ const processAudit_1 = require("./commands/audit/processAudit");
 const auth_1 = require("./commands/auth/auth");
 const config_1 = require("./commands/config/config");
 const processScan_1 = require("./commands/scan/processScan");
-const processFingerprint_1 = require("./commands/fingerprint/processFingerprint");
 const cliConstants_1 = __importDefault(require("./cliConstants"));
 const constants_1 = require("./constants/constants");
 const lambda_1 = require("./lambda/lambda");
@@ -69,9 +68,6 @@ const start = async () => {
             if (command === 'learn') {
                 return (0, processLearn_1.processLearn)();
             }
-            if (command === 'fingerprint') {
-                return await (0, processFingerprint_1.processFingerprint)(config, argvMain);
-            }
             if (command === 'help' ||
                 argvMain.includes('--help') ||
                 Object.keys(mainOptions).length === 0) {

package/dist/lambda/lambda.js

@@ -119,7 +119,9 @@ const processLambda = async (argv) => {
 exports.processLambda = processLambda;
 const getAvailableFunctions = async (lambdaOptions) => {
     const lambdas = await (0, lambdaUtils_1.getAllLambdas)(lambdaOptions);
-    (0, lambdaUtils_1.printAvailableLambdas)(lambdas, { runtimes: ['python', 'java', 'node'] });
+    (0, lambdaUtils_1.printAvailableLambdas)(lambdas, {
+        runtimes: ['python', 'java', 'node', 'dotnet']
+    });
 };
 exports.getAvailableFunctions = getAvailableFunctions;
 const actualProcessLambda = async (lambdaOptions) => {

package/dist/sbom/generateSbom.js

@@ -10,8 +10,14 @@ const generateSbom = (config, type) => {
         if (res.statusCode === 200) {
             return res.body;
         }
+        else if (res.statusCode === 403) {
+            console.log('\nUnable to retrieve Software Bill of Materials (SBOM)');
+            console.log(`Please ensure OSS is enabled for your organization - org-id ${config.organizationId} and app ${config.applicationId}`);
+            return undefined;
+        }
         else {
             console.log('Unable to retrieve Software Bill of Materials (SBOM)');
+            return undefined;
         }
     })
         .catch((err) => {
@@ -29,6 +35,7 @@ const generateSCASbom = (config, type, reportId) => {
         }
         else {
             console.log('Unable to retrieve Software Bill of Materials (SBOM)');
+            return undefined;
         }
     })
         .catch((err) => {

package/dist/scaAnalysis/common/commonReportingFunctionsSca.js

@@ -53,9 +53,9 @@ const printFormattedOutputSca = (config, reportModelList, numberOfVulnerableLibr
     createSummaryMessageBottom(numberOfVulnerableLibraries);
     const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage } = buildFooter(outputOrderedByLowestSeverityAndLowestNumOfCvesFirst);
     console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
-    if (config.host !== CE_URL) {
-        console.log('\n' + chalk.bold('View your full dependency tree in Contrast:'));
-        console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
+    if (config.host !== CE_URL && config.projectId) {
+        console.log('\n' + chalk.bold("Check out your project's results in Contrast"));
+        console.log(`${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/libraries?view=static&projects=${config.name}`);
     }
 };
 function getReportTable() {
@@ -104,9 +104,9 @@ function getIssueRow(cveArray) {
     return [chalk.bold('Issue'), ':', `${cveMessagesList.join(', ')}`];
 }
 function getAdviceRow(advice) {
-    const latestOrClosest = advice.latestStableVersion
-        ? advice.latestStableVersion
-        : advice.closestStableVersion;
+    const latestOrClosest = advice.closestStableVersion
+        ? advice.closestStableVersion
+        : advice.latestStableVersion;
     const displayAdvice = latestOrClosest
         ? `Change to version ${chalk.bold(latestOrClosest)}`
         : 'No recommendation is available according to our data. Upgrade to the latest stable is the best advice we can give.';

package/dist/scaAnalysis/common/scaServicesUpload.js

@@ -2,9 +2,16 @@
 const commonApi = require('../../utils/commonApi');
 const { APP_VERSION } = require('../../constants/constants');
 const requestUtils = require('../../utils/requestUtils');
-const scaTreeUpload = async (analysis, config) => {
+const { performance } = require('perf_hooks');
+const scaTreeUpload = async (analysis, config, reportSpinner) => {
+    if (config.projectId === '') {
+        console.log('We were unable to create/locate a project for this manifest, please try again or run with --debug for more information');
+        process.exit(1);
+    }
+    config.language = config.language === 'JAVASCRIPT' ? 'NODE' : config.language;
+    const startTime = performance.now();
+    const timeout = commonApi.getTimeout(config);
     const requestBody = {
-        applicationId: config.applicationId,
         dependencyTree: analysis,
         organizationId: config.organizationId,
         language: config.language,
@@ -20,7 +27,7 @@ const scaTreeUpload = async (analysis, config) => {
     const reportID = await client
         .scaServiceIngest(requestBody, config)
         .then(res => {
-        if (res.statusCode === 201) {
+        if (res.statusCode === 201 || res.statusCode === 200) {
             return res.body.libraryIngestJobId;
         }
         else {
@@ -38,24 +45,87 @@ const scaTreeUpload = async (analysis, config) => {
     while (keepChecking) {
         res = await client.scaServiceReportStatus(config, reportID).then(res => {
             if (config.debug) {
-                console.log(res.statusCode);
+                console.log('scaServiceReportStatus', res.statusCode);
                 console.log(res.body);
             }
             if (res.body.status === 'COMPLETED') {
                 keepChecking = false;
                 return client.scaServiceReport(config, reportID).then(res => {
                     const reportBody = res.body;
-                    return { reportBody, reportID };
+                    return { reportBody, reportId: reportID };
+                });
+            }
+        });
+        if (!keepChecking) {
+            return { reportArray: res.reportBody, reportId: reportID };
+        }
+        commonApi.handleTimeout(startTime, timeout, reportSpinner);
+        await requestUtils.sleep(5000);
+    }
+    return { reportArray: res, reportID };
+};
+const noProjectUpload = async (analysis, config, reportSpinner) => {
+    config.language = config.language === 'JAVASCRIPT' ? 'NODE' : config.language;
+    const startTime = performance.now();
+    const timeout = commonApi.getTimeout(config);
+    const requestBody = {
+        dependencyTree: analysis,
+        language: config.language,
+        tool: {
+            name: 'Contrast Codesec',
+            version: APP_VERSION
+        }
+    };
+    if (config.branch) {
+        requestBody.branchName = config.branch;
+    }
+    const client = commonApi.getHttpClient(config);
+    const reportID = await client
+        .noProjectIdUpload(requestBody, config)
+        .then(res => {
+        if (res.statusCode === 201 || res.statusCode === 200) {
+            return res.body.libraryIngestJobId;
+        }
+        else {
+            throw new Error(res.statusCode + ` error ingesting dependencies with no project id`);
+        }
+    })
+        .catch(err => {
+        throw err;
+    });
+    if (config.debug) {
+        console.log(' polling report no project', reportID);
+    }
+    let keepChecking = true;
+    let res;
+    while (keepChecking) {
+        res = await client
+            .scaServiceNoProjectIdReportStatus(config, reportID)
+            .then(res => {
+            if (config.debug) {
+                console.log('\nscaServiceReportStatus');
+                console.log(res.statusCode);
+                console.log(res.body);
+            }
+            if (res.body.status === 'COMPLETED') {
+                keepChecking = false;
+                return client
+                    .scaServiceReportNoProjectId(config, reportID)
+                    .then(res => {
+                    const reportBody = res.body;
+                    return { reportBody, reportId: reportID };
                 });
             }
         });
         if (!keepChecking) {
-            return { reportArray: res.reportBody, reportID };
+            return { reportArray: res.reportBody, reportId: reportID };
         }
+        commonApi.handleTimeout(startTime, timeout, reportSpinner);
         await requestUtils.sleep(5000);
     }
     return { reportArray: res, reportID };
 };
 module.exports = {
-    scaTreeUpload
+    scaTreeUpload,
+    noProjectUpload
 };

package/dist/scaAnalysis/common/treeUpload.js

@@ -3,7 +3,7 @@ const commonApi = require('../../utils/commonApi');
 const { APP_VERSION } = require('../../constants/constants');
 const commonSendSnapShot = async (analysis, config) => {
     let requestBody = {};
-    config.experimental === true
+    config.legacy === false
         ? (requestBody = sendToSCAServices(config, analysis))
         : (requestBody = {
             appID: config.applicationId,

package/dist/scaAnalysis/go/goAnalysis.js

@@ -7,7 +7,7 @@ const goAnalysis = config => {
     try {
         const rawGoDependencies = goReadDepFile.getGoDependencies(config);
         const parsedGoDependencies = goParseDeps.parseGoDependencies(rawGoDependencies);
-        if (config.experimental) {
+        if (config.legacy === false) {
             return parseDependenciesForSCAServices(parsedGoDependencies);
         }
         else {

package/dist/scaAnalysis/java/analysis.js

@@ -4,8 +4,6 @@ const spawn = require('cross-spawn');
 const path = require('path');
 const i18n = require('i18n');
 const fs = require('fs');
-const readLine = require('readline');
-const paramHandler = require('../../utils/paramsUtil/paramHandler');
 const MAVEN = 'maven';
 const GRADLE = 'gradle';
 const determineProjectTypeAndCwd = (files, config) => {
@@ -25,26 +23,25 @@ const determineProjectTypeAndCwd = (files, config) => {
     return projectData;
 };
 const buildMaven = (config, projectData, timeout) => {
-    let cmdStdout;
-    try {
-        let command = 'mvn';
-        let args = ['dependency:tree', '-B'];
-        if (config.mavenSettingsPath) {
-            args.push('-s');
-            args.push(config.mavenSettingsPath);
-        }
-        cmdStdout = spawn
-            .sync(command, args, {
-            env: process.env,
-            cwd: projectData.cwd,
-            timeout
-        })
-            .stdout.toString();
-        return cmdStdout.toString();
+    let command = 'mvn';
+    let args = ['dependency:tree', '-B'];
+    if (config.mavenSettingsPath) {
+        args.push('-s');
+        args.push(config.mavenSettingsPath);
     }
-    catch (err) {
-        throw new Error(i18n.__('mavenDependencyTreeNonZero', projectData.cwd, `${err.message}`));
+    const cmdDepTree = spawn.sync(command, args, {
+        env: process.env,
+        cwd: projectData.cwd,
+        timeout
+    });
+    if (cmdDepTree.status !== 0) {
+        if (config.debug && cmdDepTree.error.code === 'ENOENT') {
+            console.log(`ERROR: mvn not found`);
+            console.log('Please make sure mvn is installed and accessible');
+        }
+        throw new Error(i18n.__('mavenDependencyTreeNonZero', projectData.cwd));
     }
+    return cmdDepTree.stdout.toString();
 };
 const buildGradle = (config, projectData, timeout) => {
     let cmdStdout;
@@ -96,20 +93,15 @@ const getJavaBuildDeps = (config, files) => {
         mvnDependancyTreeOutput: undefined,
         projectType: undefined
     };
-    try {
-        const projectData = determineProjectTypeAndCwd(files, config);
-        if (projectData.projectType === MAVEN) {
-            output.mvnDependancyTreeOutput = buildMaven(config, projectData, timeout);
-        }
-        else if (projectData.projectType === GRADLE) {
-            output.mvnDependancyTreeOutput = buildGradle(config, projectData, timeout);
-        }
-        output.projectType = projectData.projectType;
-        return output;
+    const projectData = determineProjectTypeAndCwd(files, config);
+    if (projectData.projectType === MAVEN) {
+        output.mvnDependancyTreeOutput = buildMaven(config, projectData, timeout);
     }
-    catch (err) {
-        console.log(err.message.toString());
+    else if (projectData.projectType === GRADLE) {
+        output.mvnDependancyTreeOutput = buildGradle(config, projectData, timeout);
     }
+    output.projectType = projectData.projectType;
+    return output;
 };
 module.exports = {
     getJavaBuildDeps,

package/dist/scaAnalysis/java/index.js

@@ -8,7 +8,7 @@ const javaAnalysis = async (config, languageFiles) => {
         file.replace('build.gradle.kts', 'build.gradle');
     });
     const javaDeps = buildJavaTree(config, languageFiles.JAVA);
-    if (config.experimental) {
+    if (config.legacy === false) {
         return parseDependenciesForSCAServices(javaDeps);
     }
     else {

package/dist/scaAnalysis/javascript/index.js

@@ -13,7 +13,7 @@ const jsAnalysis = async (config, languageFiles) => {
 const buildNodeTree = async (config, files) => {
     let analysis = await readFiles(config, files);
     const rawNode = await parseFiles(config, files, analysis);
-    if (config.experimental) {
+    if (config.legacy === false) {
         return scaServiceParser.parseJS(rawNode);
     }
     return formatMessage.createJavaScriptTSMessage(rawNode);
@@ -42,8 +42,8 @@ const parseFiles = async (config, files, js) => {
         if (!currentLockFileVersion || !npmLockFile.packages) {
             throw new Error(`package-lock.json needs to be in the NPM v2 or v3 format. \n ${generalRebuildMessage}`);
         }
-        if (currentLockFileVersion === 3 && !config.experimental) {
-            throw new Error(`NPM lockfileVersion 3 is only supported when using the '-e' flag.`);
+        if (currentLockFileVersion === 3 && config.legacy) {
+            throw new Error(`NPM lockfileVersion 3 is not support with --legacy`);
         }
         js.npmLockFile = await analysis.parseNpmLockFile(npmLockFile);
     }