@contrast/contrast 1.0.3 → 1.0.4

package/src/audit/languageAnalysisEngine/report/utils/reportUtils.ts

@@ -0,0 +1,110 @@
+import {
+  ReportCVEModel,
+  ReportLibraryModel
+} from '../models/reportLibraryModel'
+import { ReportSeverityModel } from '../models/reportSeverityModel'
+import languageAnalysisEngine from '../../../languageAnalysisEngine/constants'
+const {
+  supportedLanguages: { GO }
+} = languageAnalysisEngine
+
+export function findHighestSeverityCVE(cveArray: ReportCVEModel[]) {
+  if (
+    cveArray.find(
+      cve =>
+        cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL'
+    )
+  ) {
+    return new ReportSeverityModel('CRITICAL', 1)
+  } else if (
+    cveArray.find(
+      cve => cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH'
+    )
+  ) {
+    return new ReportSeverityModel('HIGH', 2)
+  } else if (
+    cveArray.find(
+      cve => cve.cvss3SeverityCode === 'MEDIUM' || cve.severityCode === 'MEDIUM'
+    )
+  ) {
+    return new ReportSeverityModel('MEDIUM', 3)
+  } else if (
+    cveArray.find(
+      cve => cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW'
+    )
+  ) {
+    return new ReportSeverityModel('LOW', 4)
+  } else if (
+    cveArray.find(
+      cve => cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE'
+    )
+  ) {
+    return new ReportSeverityModel('NOTE', 5)
+  }
+}
+
+export function convertGenericToTypedLibraries(libraries: any) {
+  return Object.entries(libraries).map(([name, cveArray]) => {
+    return new ReportLibraryModel(name, cveArray as ReportCVEModel[])
+  })
+}
+
+export function severityCount(vulnerableLibraries: ReportLibraryModel[]) {
+  const severityCount = {
+    critical: 0,
+    high: 0,
+    medium: 0,
+    low: 0,
+    note: 0
+  }
+
+  vulnerableLibraries.forEach(lib => {
+    lib.cveArray.forEach(cve => {
+      if (
+        cve.cvss3SeverityCode === 'CRITICAL' ||
+        cve.severityCode === 'CRITICAL'
+      ) {
+        severityCount['critical'] += 1
+      } else if (
+        cve.cvss3SeverityCode === 'HIGH' ||
+        cve.severityCode === 'HIGH'
+      ) {
+        severityCount['high'] += 1
+      } else if (
+        cve.cvss3SeverityCode === 'MEDIUM' ||
+        cve.severityCode === 'MEDIUM'
+      ) {
+        severityCount['medium'] += 1
+      } else if (
+        cve.cvss3SeverityCode === 'LOW' ||
+        cve.severityCode === 'LOW'
+      ) {
+        severityCount['low'] += 1
+      } else if (
+        cve.cvss3SeverityCode === 'NOTE' ||
+        cve.severityCode === 'NOTE'
+      ) {
+        severityCount['note'] += 1
+      }
+    })
+  })
+
+  return severityCount
+}
+
+export function findNameAndVersion(library: ReportLibraryModel, config: any) {
+  if (config.language.toUpperCase() === GO) {
+    const nameVersion = library.name.split('@')
+    const name = nameVersion[0]
+    const version = nameVersion[1]
+
+    return { name, version }
+  } else {
+    const splitLibraryName = library.name.split('/')
+    const nameVersion = splitLibraryName[1].split('@')
+    const name = nameVersion[0]
+    const version = nameVersion[1]
+
+    return { name, version }
+  }
+}

package/src/audit/languageAnalysisEngine/sendSnapshot.js

@@ -34,7 +34,9 @@ const newSendSnapShot = async (analysis, applicationId) => {
       //   console.log(prettyjson.render(requestBody))
       // }
       if (res.statusCode === 201) {
-        displaySnapshotSuccessMessage(analysis.config)
+        if (analysis.config.host !== 'https://ce.contrastsecurity.com/') {
+          displaySnapshotSuccessMessage(analysis.config)
+        }
         return res.body
       } else {
         handleResponseErrors(res, 'snapshot')

package/src/commands/audit/auditController.ts

@@ -1,7 +1,8 @@
 import { catalogueApplication } from '../../audit/catalogueApplication/catalogueApplication'
 import commonApi from '../../audit/languageAnalysisEngine/commonApi'
+
 const identifyLanguageAE = require('./../../audit/languageAnalysisEngine')
-const languageFactory = require('./../../audit/languageAnalysisEngine/langugageAnalysisFactory')
+const languageFactory = require('../../audit/languageAnalysisEngine/languageAnalysisFactory')
 
 const dealWithNoAppId = async (config: { [x: string]: string }) => {
   let appID
@@ -10,10 +11,18 @@ const dealWithNoAppId = async (config: { [x: string]: string }) => {
     if (!appID && config.applicationName) {
       return await catalogueApplication(config)
     }
+    // @ts-ignore
   } catch (e) {
-    console.log(e)
+    // @ts-ignore
+    if (e.toString().includes('tunneling socket could not be established')) {
+      // @ts-ignore
+      console.log(e.message)
+      console.log(
+        'There seems to be an issue with your proxy, please check and try again'
+      )
+    }
+    process.exit(1)
   }
-  console.log(appID)
   return appID
 }
 

package/src/commands/scan/processScan.js

@@ -1,18 +1,16 @@
 const { startScan } = require('../../scan/scanController')
-const { formatScanOutput } = require('../../scan/scan')
 const { scanUsageGuide } = require('../../scan/help')
 const scanConfig = require('../../scan/scanConfig')
 const { saveScanFile } = require('../../utils/saveFile')
+const { ScanResultsModel } = require('../../scan/models/scanResultsModel')
+const { formatScanOutput } = require('../../scan/scan')
 
 const processScan = async argvMain => {
   let config = scanConfig.getScanConfig(argvMain)
 
-  let scanResults = await startScan(config)
+  let scanResults = new ScanResultsModel(await startScan(config))
   if (scanResults) {
-    formatScanOutput(
-      scanResults?.projectOverview,
-      scanResults?.scanResultsInstances
-    )
+    formatScanOutput(scanResults)
   }
 
   if (config.save !== undefined) {

package/src/common/HTTPClient.js

@@ -106,7 +106,9 @@ HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
   options.url = url
   options.body = {
     codeArtifactId: codeArtifactId,
-    label: `Started by CLI tool at ${new Date().toString()}`
+    label: config.label
+      ? config.label
+      : `Started by CLI tool at ${new Date().toString()}`
   }
   return requestUtils.sendRequest({ method: 'post', options })
 }
@@ -188,6 +190,9 @@ HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
 }
 
 HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
+  if (config.language.toUpperCase() === 'RUBY') {
+    console.log('sendSnapshot requestBody', requestBody.snapshot.ruby)
+  }
   const options = _.cloneDeep(this.requestOptions)
   let url = createSnapshotURL(config)
   options.url = url
@@ -195,32 +200,22 @@ HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
   return requestUtils.sendRequest({ method: 'post', options })
 }
 
-HTTPClient.prototype.getReport = function getReport(config) {
-  const options = _.cloneDeep(this.requestOptions)
-  let url = createReportUrl(config)
-  options.url = url
-
-  return requestUtils.sendRequest({ method: 'get', options })
-}
-
-HTTPClient.prototype.getSpecificReport = function getSpecificReport(
-  config,
-  reportId
-) {
+HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
   const options = _.cloneDeep(this.requestOptions)
-  let url = createSpecificReportUrl(config, reportId)
-  options.url = url
-
+  if (config.ignoreDev) {
+    options.url = createSpecificReportWithProdUrl(config, reportId)
+  } else {
+    options.url = createSpecificReportUrl(config, reportId)
+  }
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
 HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(
-  requestBody,
-  config
+  config,
+  requestBody
 ) {
   const options = _.cloneDeep(this.requestOptions)
-  let url = createLibraryVulnerabilitiesUrl(config)
-  options.url = url
+  options.url = createLibraryVulnerabilitiesUrl(config)
   options.body = requestBody
 
   return requestUtils.sendRequest({ method: 'put', options })
@@ -233,16 +228,16 @@ HTTPClient.prototype.getAppId = function getAppId(config) {
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
-HTTPClient.prototype.getDependencyTree = function getReport(
-  orgUuid,
-  appId,
-  reportId
-) {
-  const options = _.cloneDeep(this.requestOptions)
-  let url = createGetDependencyTree(options.uri, orgUuid, appId, reportId)
-  options.url = url
-  return requestUtils.sendRequest({ method: 'get', options })
-}
+// HTTPClient.prototype.getDependencyTree = function getReport(
+//   orgUuid,
+//   appId,
+//   reportId
+// ) {
+//   const options = _.cloneDeep(this.requestOptions)
+//   let url = createGetDependencyTree(options.uri, orgUuid, appId, reportId)
+//   options.url = url
+//   return requestUtils.sendRequest({ method: 'get', options })
+// }
 
 // serverless - lambda
 function getServerlessHost(config = {}) {
@@ -379,22 +374,20 @@ function createLibraryVulnerabilitiesUrl(config) {
   return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`
 }
 
-function createReportUrl(config) {
-  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports`
+function createSpecificReportUrl(config, reportId) {
+  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}`
 }
 
-function createSpecificReportUrl(config, reportId) {
-  return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?nodesToInclude=PROD`
+function createSpecificReportWithProdUrl(config, reportId) {
+  return createSpecificReportUrl(config, reportId).concat(
+    `?nodesToInclude=PROD`
+  )
 }
 
 function createDataUrl() {
   return `https://ardy.contrastsecurity.com/production`
 }
 
-const createGetDependencyTree = (protocol, orgUuid, appId, reportId) => {
-  return `${protocol}/Contrast/api/ng/sca/organizations/${orgUuid}/applications/${appId}/reports/${reportId}`
-}
-
 function createSbomCycloneDXUrl(config) {
   return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`
 }

package/src/common/errorHandling.ts

@@ -1,5 +1,4 @@
 import i18n from 'i18n'
-import { sortBy } from 'lodash'
 
 const handleResponseErrors = (res: any, api: string) => {
   if (res.statusCode === 400) {

package/src/common/versionChecker.ts

@@ -4,33 +4,35 @@ import boxen from 'boxen'
 import chalk from 'chalk'
 import semver from 'semver'
 
-export async function findLatestCLIVersion() {
-  const latestCLIVersion = await latestVersion('@contrast/contrast')
+export async function findLatestCLIVersion(updateMessageHidden: boolean) {
+  if (!updateMessageHidden) {
+    const latestCLIVersion = await latestVersion('@contrast/contrast')
 
-  if (semver.lt(APP_VERSION, latestCLIVersion)) {
-    const updateAvailableMessage = `Update available ${chalk.yellow(
-      APP_VERSION
-    )} → ${chalk.green(latestCLIVersion)}`
+    if (semver.lt(APP_VERSION, latestCLIVersion)) {
+      const updateAvailableMessage = `Update available ${chalk.yellow(
+        APP_VERSION
+      )} → ${chalk.green(latestCLIVersion)}`
 
-    const npmUpdateAvailableCommand = `Run ${chalk.cyan(
-      'npm i @contrast/contrast -g'
-    )} to update via npm`
+      const npmUpdateAvailableCommand = `Run ${chalk.cyan(
+        'npm i @contrast/contrast -g'
+      )} to update via npm`
 
-    const homebrewUpdateAvailableCommand = `Run ${chalk.cyan(
-      'brew install contrastsecurity/tap/contrast'
-    )} to update via brew`
+      const homebrewUpdateAvailableCommand = `Run ${chalk.cyan(
+        'brew install contrastsecurity/tap/contrast'
+      )} to update via brew`
 
-    console.log(
-      boxen(
-        `${updateAvailableMessage}\n${npmUpdateAvailableCommand}\n\n${homebrewUpdateAvailableCommand}`,
-        {
-          titleAlignment: 'center',
-          margin: 1,
-          padding: 1,
-          align: 'center'
-        }
+      console.log(
+        boxen(
+          `${updateAvailableMessage}\n${npmUpdateAvailableCommand}\n\n${homebrewUpdateAvailableCommand}`,
+          {
+            titleAlignment: 'center',
+            margin: 1,
+            padding: 1,
+            align: 'center'
+          }
+        )
       )
-    )
+    }
   }
 }
 

package/src/constants/constants.js

@@ -13,7 +13,7 @@ const MEDIUM = 'MEDIUM'
 const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.3'
+const APP_VERSION = '1.0.4'
 const TIMEOUT = 120000
 
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com'

package/src/constants/lambda.js

@@ -36,11 +36,13 @@ const lambda = {
   loadingFunctionList: 'Loading lambda function list',
   functionsFound: '{{count}} functions found',
   noFunctionsFound: 'No functions found',
-  failedToLoadFunctions: 'Faled to load lambda functions',
+  failedToLoadFunctions: 'Failed to load lambda functions',
   availableForScan: '{{icon}} {{count}} available for scan',
   runtimeCount: '----- {{runtime}} ({{count}}) -----',
 
   // ====== print vulnerabilities ===== //
+  gatherResults: 'Gathering results...',
+  doneGatherResults: 'Done gathering results',
   whatHappenedTitle: 'What happened:',
   whatHappenedItem: '{{policy}} have:\n{{comments}}\n',
   recommendation: 'Recommendation:',

package/src/constants/locales.js

@@ -14,8 +14,6 @@ const en_locales = () => {
     vulnerabilitiesSuccessMessage: ' Vulnerability data successfully retrieved',
     vulnerabilitiesFailureMessage:
       ' Unable to retrieve library vulnerabilities from Team Server.',
-    reportSuccessMessage: ' Report successfully retrieved',
-    reportFailureMessage: ' Unable to generate library report.',
     catchErrorMessage: 'Contrast UI error: ',
     dependenciesNote:
       'Please Note: We currently only support projects with one .csproj AND *.package.lock.json',
@@ -175,7 +173,7 @@ const en_locales = () => {
     constantsHeader: 'CodeSec by Contrast Security',
     constantsPrerequisitesContentScanLanguages: 'Java & JavaScript supported',
     constantsContrastContent:
-      'Use the Contrast CLI to run a scan(Java, JavaScript and .NET ) or lambda command (Java and Python) to find your vulnerabilities and start securing your code.',
+      'Use the Contrast CLI to run a scan (Java, JavaScript and .NET ) or lambda command (Java and Python) to find your vulnerabilities and start securing your code.',
     constantsUsageGuideContentRecommendation:
       'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
     constantsPrerequisitesHeader: 'Pre-requisites',
@@ -274,7 +272,9 @@ const en_locales = () => {
       'Add the application code this application should use in the Contrast UI',
     constantsIgnoreCertErrors:
       ' For EOP users with a local Teamserver install, this will bypass the SSL certificate and recognise a self signed certificate.',
-    constantsSave: ' Saves the Scan Results JSON to file.',
+    constantsSave: ' Saves the Scan Results SARIF to file.',
+    scanLabel:
+      "adds a label to the scan - defaults to 'Started by CLI tool at current date'",
     constantsIgnoreDev:
       'Combined with the --report command excludes developer dependencies from the vulnerabilities report. By default all dependencies are included in a report.',
     constantsCommands: 'Commands',
@@ -284,7 +284,7 @@ const en_locales = () => {
     ignoreDevDep: 'No private libraries that are not scoped detected',
     foundExistingProjectScan: 'Found existing project...',
     projectCreatedScan: 'Project created',
-    uploadingScan: 'Uploading...',
+    uploadingScan: 'Uploading file to scan.',
     uploadingScanSuccessful: 'Uploaded file successfully.',
     uploadingScanFail: 'Unable to upload the file.',
     waitingTimedOut: 'Timed out.',
@@ -296,6 +296,7 @@ const en_locales = () => {
       'Java Scan requires a .war or .jar file. Javascript Scan requires a .js or .zip file.\nTo start a Scan enter "contrast scan -f <path-to-file>"',
     populateProjectIdMessage: 'project ID is %s',
     genericServiceError: 'returned with status code %s',
+    projectIdError: 'Your project ID is %s please check this is correct',
     permissionsError:
       'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
     scanErrorFileMessage:
@@ -343,14 +344,19 @@ const en_locales = () => {
     searchingScanFileDirectory: 'Searching for file to scan from %s...',
     scanHeader: 'Contrast Scan CLI',
     authHeader: 'Auth',
-    lambdaHeader: 'Contrast lambda help',
+    lambdaHeader: 'Contrast Lambda CLI',
     lambdaSummary:
       'Performs static security scan on an AWS Lambda Function.\nProduces CVE (Vulnerable Dependencies) and Least Privilege violations/remediation results.',
     lambdaUsage: 'contrast lambda --function-name <function> [options]',
-    lambdaPrerequisitesContent: 'contrast cli',
-    scanFileNameOption: ' -f, --file',
-    lambdaFunctionNameOption: ' -f, --function-name',
-    lambdaListFunctionsOption: ' -l, --list-functions',
+    lambdaPrerequisitesContent: '',
+    lambdaPrerequisitesContentLambdaLanguages:
+      'Supported runtimes: Java & Python',
+    lambdaPrerequisitesContentLambdaDescriptionTitle: 'AWS Requirements\n',
+    lambdaPrerequisitesContentLambdaDescription:
+      'Make sure you have the AWS credentials configured on your local environment. \nYou need the following AWS permissions configured on your IAM user:\n   - Lambda: GetFunction, GetLayerVersionֿ\n   - IAM: GetRolePolicy, GetPolicy, GetPolicyVersion, ListRolePolicies, ListAttachedRolePolicies',
+    scanFileNameOption: '-f, --file',
+    lambdaFunctionNameOption: '-f, --function-name',
+    lambdaListFunctionsOption: '-l, --list-functions',
     lambdaEndpointOption: '-e, --endpoint-url',
     lambdaRegionOption: '-r, --region',
     lambdaProfileOption: '-p, --profile',
@@ -422,6 +428,10 @@ const en_locales = () => {
     auditBadFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold(
       'Bad file type specified for --save option. Use audit --help to see valid --save options.'
     )}`,
+    auditReportWaiting: 'Waiting for report...',
+    auditReportFail: 'Report Retrieval Failed, please try again',
+    auditReportSuccessMessage: ' Report successfully retrieved',
+    auditReportFailureMessage: ' Unable to generate library report.',
     ...lambda
   }
 }

package/src/constants.js

@@ -132,6 +132,11 @@ const scanOptionDefinitions = [
     description:
       '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('constantsSave')
   },
+  {
+    name: 'label',
+    description:
+      '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('scanLabel')
+  },
   {
     name: 'help',
     alias: 'h',
@@ -331,7 +336,8 @@ const mainUsageGuide = commandLineUsage([
     ]
   },
   {
-    content: '{underline https://www.contrastsecurity.com}'
+    content:
+      '{underline https://developer.contrastsecurity.com/} \n For technical support head to {underline https://support.contrastsecurity.com}'
   }
 ])
 

package/src/index.ts

@@ -44,7 +44,7 @@ const start = async () => {
       argvMain.includes('--version')
     ) {
       console.log(APP_VERSION)
-      await findLatestCLIVersion()
+      await findLatestCLIVersion(config.get('updateMessageHidden') as boolean)
       return
     }
 
@@ -53,8 +53,7 @@ const start = async () => {
 
     // @ts-ignore
     if (config.get('numOfRuns') >= 5) {
-      // @ts-ignore
-      await findLatestCLIVersion()
+      await findLatestCLIVersion(config.get('updateMessageHidden') as boolean)
       config.set('numOfRuns', 0)
     }
 

package/src/lambda/help.ts

@@ -8,7 +8,15 @@ const lambdaUsageGuide = commandLineUsage([
   },
   {
     header: i18n.__('constantsPrerequisitesHeader'),
-    content: [i18n.__('lambdaPrerequisitesContent')]
+    content: [
+      '{bold ' +
+        i18n.__('lambdaPrerequisitesContentLambdaLanguages') +
+        '}\n\n' +
+        '{bold ' +
+        i18n.__('lambdaPrerequisitesContentLambdaDescriptionTitle') +
+        '}' +
+        i18n.__('lambdaPrerequisitesContentLambdaDescription')
+    ]
   },
   {
     header: i18n.__('constantsUsage'),
@@ -18,49 +26,49 @@ const lambdaUsageGuide = commandLineUsage([
     header: i18n.__('constantsOptions'),
     content: [
       {
-        name: i18n.__('lambdaFunctionNameOption'),
+        name: '{bold ' + i18n.__('lambdaFunctionNameOption') + '}',
         summary: i18n.__('lambdaFunctionNameSummery')
       },
       {
-        name: i18n.__('lambdaListFunctionsOption'),
+        name: '{bold ' + i18n.__('lambdaListFunctionsOption') + '}',
         summary: i18n.__('lambdaListFunctionsSummery')
       },
       {
-        name: i18n.__('lambdaEndpointOption'),
+        name: '{bold ' + i18n.__('lambdaEndpointOption') + '}',
         summary:
-          '{italic ' +
+          '{bold ' +
           i18n.__('constantsOptional') +
           '}: ' +
           i18n.__('lambdaEndpointSummery')
       },
       {
-        name: i18n.__('lambdaRegionOption'),
+        name: '{bold ' + i18n.__('lambdaRegionOption') + '}',
         summary:
-          '{italic ' +
+          '{bold ' +
           i18n.__('constantsOptional') +
           '}: ' +
           i18n.__('lambdaRegionSummery')
       },
       {
-        name: i18n.__('lambdaProfileOption'),
+        name: '{bold ' + i18n.__('lambdaProfileOption') + '}',
         summary:
-          '{italic ' +
+          '{bold ' +
           i18n.__('constantsOptional') +
           '}: ' +
           i18n.__('lambdaProfileSummery')
       },
       {
-        name: i18n.__('lambdaJsonOption'),
+        name: '{bold ' + i18n.__('lambdaJsonOption') + '}',
         summary:
-          '{italic ' +
+          '{bold ' +
           i18n.__('constantsOptional') +
           '}: ' +
           i18n.__('lambdaJsonSummery')
       },
       {
-        name: i18n.__('lambdaVerboseOption'),
+        name: '{bold ' + i18n.__('lambdaVerboseOption') + '}',
         summary:
-          '{italic ' +
+          '{bold ' +
           i18n.__('constantsOptional') +
           '}: ' +
           i18n.__('lambdaVerbosSummery')
@@ -73,7 +81,7 @@ const lambdaUsageGuide = commandLineUsage([
     ]
   },
   {
-    content: '{underline https://www.contrastsecurity.com}'
+    content: '{underline https://www.contrastsecurity.com/developer/codesec}'
   }
 ])
 

package/src/lambda/lambda.ts

@@ -12,6 +12,8 @@ import { requestScanFunctionPost } from './scanRequest'
 import { getScanResults } from './scanResults'
 import { printResults } from './utils'
 import { getAllLambdas, printAvailableLambdas } from './lambdaUtils'
+import { sleep } from '../utils/requestUtils'
+import ora from '../utils/oraWrapper'
 
 type LambdaOptions = {
   functionName?: string
@@ -123,6 +125,12 @@ const actualProcessLambda = async (lambdaOptions: LambdaOptions) => {
     })
   }
 
+  // Wait to make sure we will have all the results
+  const startGetherResultsSpinner = ora.returnOra(i18n.__('gatherResults'))
+  ora.startSpinner(startGetherResultsSpinner)
+  await sleep(15 * 1000)
+  ora.succeedSpinner(startGetherResultsSpinner, 'Done gathering results')
+
   const resultsResponse = await getScanResults(
     auth,
     params,

package/src/scan/models/groupedResultsModel.ts

@@ -0,0 +1,18 @@
+export class GroupedResultsModel {
+  ruleId: string
+  lineInfoSet: Set<string>
+  cwe?: string[]
+  owasp?: string[]
+  reference?: string[]
+  recommendation?: string
+  severity?: string
+  advice?: string
+  learn?: string[]
+  issue?: string
+  message?: string
+
+  constructor(ruleId: string) {
+    this.ruleId = ruleId
+    this.lineInfoSet = new Set<string>
+  }
+}