@contrast/contrast 1.0.3 → 1.0.6

package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReportOutputBodyModel = exports.ReportOutputHeaderModel = exports.ReportOutputModel = void 0;
+class ReportOutputModel {
+    constructor(header, body) {
+        this.header = header;
+        this.body = body;
+    }
+}
+exports.ReportOutputModel = ReportOutputModel;
+class ReportOutputHeaderModel {
+    constructor(vulnMessage, introducesMessage) {
+        this.vulnMessage = vulnMessage;
+        this.introducesMessage = introducesMessage;
+    }
+}
+exports.ReportOutputHeaderModel = ReportOutputHeaderModel;
+class ReportOutputBodyModel {
+    constructor(bodyIssueMessage, bodyAdviceMessage) {
+        this.issueMessage = bodyIssueMessage;
+        this.adviceMessage = bodyAdviceMessage;
+    }
+}
+exports.ReportOutputBodyModel = ReportOutputBodyModel;

package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReportSeverityModel = void 0;
+class ReportSeverityModel {
+    constructor(severity, priority, outputColour, cveName) {
+        this.severity = severity;
+        this.priority = priority;
+        this.outputColour = outputColour;
+        this.cveName = cveName;
+    }
+}
+exports.ReportSeverityModel = ReportSeverityModel;

package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SeverityCountModel = void 0;
+class SeverityCountModel {
+    constructor() {
+        this.critical = 0;
+        this.high = 0;
+        this.medium = 0;
+        this.low = 0;
+        this.note = 0;
+    }
+}
+exports.SeverityCountModel = SeverityCountModel;

package/dist/audit/languageAnalysisEngine/report/reportingFeature.js

@@ -1,133 +1,28 @@
 "use strict";
-const i18n = require('i18n');
-const commonApi = require('../commonApi');
-const commonReport = require('./commonReportingFunctions');
-function displaySuccessMessageVulnerabilities() {
-    console.log(i18n.__('vulnerabilitiesSuccessMessage'));
-}
-const vulnerabilityReport = async (analysis, applicationId, config) => {
-    let depRiskReportCount = {};
-    if (analysis.language === 'NODE') {
-        depRiskReportCount = await commonReport.dependencyRiskReport(analysis.node.packageJSON, config);
-    }
-    if (config['report']) {
-        const reportResponse = await commonReport.getReport(applicationId);
-        if (reportResponse !== undefined) {
-            const libraryVulnerabilityInput = createLibraryVulnerabilityInput(reportResponse.reports);
-            const libraryVulnerabilityResponse = await getLibraryVulnerabilities(libraryVulnerabilityInput, applicationId);
-            const severity = config['cve_severity'];
-            const id = applicationId;
-            const name = config.applicationName;
-            const hasSomeVulnerabilitiesReported = formatVulnerabilityOutput(libraryVulnerabilityResponse, severity, id, name, depRiskReportCount, config);
-            commonReport.analyseReportOptions(hasSomeVulnerabilitiesReported);
-        }
-    }
-};
-const createLibraryVulnerabilityInput = report => {
-    const language = Object.keys(report[0].report)[0];
-    const reportTree = report[0].report[language].dependencyTree;
-    const libraries = reportTree[Object.keys(reportTree)[0]];
-    let gav = [];
-    for (const key of Object.keys(libraries)) {
-        gav.push({
-            name: libraries[key].name,
-            group: libraries[key].group,
-            version: libraries[key].resolved
-        });
-    }
-    return {
-        name_group_versions: gav,
-        language: language.toUpperCase()
-    };
-};
-const oldCountSeverity = vulnerableLibraries => {
-    const severityCount = {
-        critical: 0,
-        high: 0,
-        medium: 0,
-        low: 0
-    };
-    vulnerableLibraries.forEach(lib => {
-        lib.vulns.forEach(vuln => {
-            if (vuln.severity_code === 'HIGH') {
-                severityCount['high'] += 1;
-            }
-            else if (vuln.severity_code === 'MEDIUM') {
-                severityCount['medium'] += 1;
-            }
-            else if (vuln.severity_code === 'LOW') {
-                severityCount['low'] += 1;
-            }
-            else if (vuln.severity_code === 'CRITICAL') {
-                severityCount['critical'] += 1;
-            }
-        });
-    });
-    return severityCount;
-};
-const parseVulnerabilites = libraryVulnerabilityResponse => {
-    let parsedVulnerabilites = {};
-    let vulnName = libraryVulnerabilityResponse.libraries;
-    for (let x in vulnName) {
-        let vuln = vulnName[x].vulns;
-        if (vuln.length > 0) {
-            let libname = vulnName[x].group +
-                '/' +
-                vulnName[x].file_name +
-                '@' +
-                vulnName[x].file_version;
-            parsedVulnerabilites[libname] = vulnName[x].vulns;
-        }
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatVulnerabilityOutput = exports.vulnerabilityReport = void 0;
+const commonReportingFunctions_1 = require("./commonReportingFunctions");
+const reportUtils_1 = require("./utils/reportUtils");
+async function vulnerabilityReport(analysis, applicationId, reportId) {
+    const reportResponse = await (0, commonReportingFunctions_1.getReport)(analysis.config, reportId);
+    if (reportResponse !== undefined) {
+        const id = applicationId;
+        const name = analysis.config.applicationName;
+        formatVulnerabilityOutput(reportResponse.vulnerabilities, id, name, analysis.config);
     }
-    return parsedVulnerabilites;
-};
-const formatVulnerabilityOutput = (libraryVulnerabilityResponse, severity, id, name, depRiskReportCount, config) => {
-    let vulnerableLibraries = libraryVulnerabilityResponse.libraries.filter(data => {
-        return data.vulns.length > 0;
-    });
+}
+exports.vulnerabilityReport = vulnerabilityReport;
+function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, name, config) {
+    const vulnerableLibraries = (0, reportUtils_1.convertGenericToTypedLibraries)(libraryVulnerabilityResponse);
     const numberOfVulnerableLibraries = vulnerableLibraries.length;
     let numberOfCves = 0;
-    vulnerableLibraries.forEach(lib => (numberOfCves += lib.vulns.length));
-    commonReport.createLibraryHeader(id, numberOfVulnerableLibraries, numberOfCves, name);
-    const severityCount = oldCountSeverity(vulnerableLibraries);
-    let vulnerabilities = parseVulnerabilites(libraryVulnerabilityResponse);
-    let filteredVulns = commonReport.filterVulnerabilitiesBySeverity(severity, vulnerabilities);
-    let hasSomeVulnerabilitiesReported;
-    hasSomeVulnerabilitiesReported = commonReport.printVulnerabilityResponse(severity, filteredVulns, vulnerabilities);
-    console.log('\n **************************' +
-        ` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's ` +
-        '************************** ');
-    if (depRiskReportCount && depRiskReportCount.scopedCount === 0) {
-        console.log(' No private libraries that are not scoped detected');
-    }
-    console.log(' \n Please go to the Contrast UI to view your dependency tree: \n' +
-        ` \n ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
-    return [hasSomeVulnerabilitiesReported, numberOfCves, severityCount];
-};
-const getLibraryVulnerabilities = async (input, applicationId) => {
-    const requestBody = input;
-    const addParams = agent.getAdditionalParams();
-    const userParams = await util.getParams(applicationId);
-    const protocol = getValidHost(userParams.host);
-    const client = commonApi.getHttpClient(userParams, protocol, addParams);
-    return client
-        .getLibraryVulnerabilities(requestBody, userParams)
-        .then(res => {
-        if (res.statusCode === 200) {
-            displaySuccessMessageVulnerabilities();
-            return res.body;
-        }
-        else {
-            handleResponseErrors(res, 'vulnerabilities');
-        }
-    })
-        .catch(err => {
-        console.log(err);
-    });
-};
-module.exports = {
-    vulnerabilityReport: vulnerabilityReport,
-    getLibraryVulnerabilities: getLibraryVulnerabilities,
-    formatVulnerabilityOutput: formatVulnerabilityOutput,
-    createLibraryVulnerabilityInput: createLibraryVulnerabilityInput
-};
+    vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
+    (0, commonReportingFunctions_1.createLibraryHeader)(id, numberOfVulnerableLibraries, numberOfCves);
+    const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(vulnerableLibraries, config);
+    return [
+        hasSomeVulnerabilitiesReported,
+        numberOfCves,
+        (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries)
+    ];
+}
+exports.formatVulnerabilityOutput = formatVulnerabilityOutput;

package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js

@@ -0,0 +1,99 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraries = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
+const reportLibraryModel_1 = require("../models/reportLibraryModel");
+const reportSeverityModel_1 = require("../models/reportSeverityModel");
+const constants_1 = __importDefault(require("../../../languageAnalysisEngine/constants"));
+const constants_2 = require("../../../../constants/constants");
+const lodash_1 = require("lodash");
+const severityCountModel_1 = require("../models/severityCountModel");
+const { supportedLanguages: { GO } } = constants_1.default;
+function findHighestSeverityCVE(cveArray) {
+    const mappedToReportSeverityModels = cveArray.map(cve => findCVESeverity(cve));
+    return (0, lodash_1.orderBy)(mappedToReportSeverityModels, cve => cve?.priority)[0];
+}
+exports.findHighestSeverityCVE = findHighestSeverityCVE;
+function findCVESeveritiesAndOrderByHighestPriority(cves) {
+    return (0, lodash_1.orderBy)(cves.map(cve => findCVESeverity(cve)), ['priority'], ['asc']);
+}
+exports.findCVESeveritiesAndOrderByHighestPriority = findCVESeveritiesAndOrderByHighestPriority;
+function findCVESeverity(cve) {
+    const cveName = cve.name;
+    if (cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL') {
+        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_2.CRITICAL_PRIORITY, constants_2.CRITICAL_COLOUR, cveName);
+    }
+    else if (cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH') {
+        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_2.HIGH_PRIORITY, constants_2.HIGH_COLOUR, cveName);
+    }
+    else if (cve.cvss3SeverityCode === 'MEDIUM' || cve.severityCode === 'MEDIUM') {
+        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_2.MEDIUM_PRIORITY, constants_2.MEDIUM_COLOUR, cveName);
+    }
+    else if (cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW') {
+        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_2.LOW_PRIORITY, constants_2.LOW_COLOUR, cveName);
+    }
+    else if (cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE') {
+        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_2.NOTE_PRIORITY, constants_2.NOTE_COLOUR, cveName);
+    }
+}
+exports.findCVESeverity = findCVESeverity;
+function convertGenericToTypedLibraries(libraries) {
+    return Object.entries(libraries).map(([name, cveArray]) => {
+        return new reportLibraryModel_1.ReportLibraryModel(name, cveArray);
+    });
+}
+exports.convertGenericToTypedLibraries = convertGenericToTypedLibraries;
+function severityCountAllLibraries(vulnerableLibraries) {
+    const severityCount = new severityCountModel_1.SeverityCountModel();
+    vulnerableLibraries.forEach(lib => severityCountAllCVEs(lib.cveArray, severityCount));
+    return severityCount;
+}
+exports.severityCountAllLibraries = severityCountAllLibraries;
+function severityCountAllCVEs(cveArray, severityCount) {
+    const severityCountInner = severityCount;
+    cveArray.forEach(cve => severityCountSingleCVE(cve, severityCountInner));
+    return severityCountInner;
+}
+exports.severityCountAllCVEs = severityCountAllCVEs;
+function severityCountSingleCVE(cve, severityCount) {
+    if (cve.cvss3SeverityCode === 'CRITICAL' ||
+        cve.severityCode === 'CRITICAL') {
+        severityCount.critical += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'HIGH' ||
+        cve.severityCode === 'HIGH') {
+        severityCount.high += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'MEDIUM' ||
+        cve.severityCode === 'MEDIUM') {
+        severityCount.medium += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'LOW' ||
+        cve.severityCode === 'LOW') {
+        severityCount.low += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'NOTE' ||
+        cve.severityCode === 'NOTE') {
+        severityCount.note += 1;
+    }
+    return severityCount;
+}
+exports.severityCountSingleCVE = severityCountSingleCVE;
+function findNameAndVersion(library, config) {
+    if (config.language.toUpperCase() === GO) {
+        const nameVersion = library.name.split('@');
+        const name = nameVersion[0];
+        const version = nameVersion[1];
+        return { name, version };
+    }
+    else {
+        const splitLibraryName = library.name.split('/');
+        const nameVersion = splitLibraryName[1].split('@');
+        const name = nameVersion[0];
+        const version = nameVersion[1];
+        return { name, version };
+    }
+}
+exports.findNameAndVersion = findNameAndVersion;

package/dist/audit/languageAnalysisEngine/sendSnapshot.js

@@ -1,18 +1,8 @@
 "use strict";
-const prettyjson = require('prettyjson');
-const i18n = require('i18n');
 const { getHttpClient } = require('../../utils/commonApi');
 const { handleResponseErrors } = require('../../common/errorHandling');
 const { APP_VERSION } = require('../../constants/constants');
-function displaySnapshotSuccessMessage(config) {
-    console.log('\n **************************' +
-        i18n.__('successHeader') +
-        '************************** ');
-    console.log('\n' + i18n.__('snapshotSuccessMessage') + '\n');
-    console.log(` ${config.host}/Contrast/static/ng/index.html#/${config.organizationId}/applications/${config.applicationId}/libs/dependency-tree`);
-    console.log('\n ***********************************************************');
-}
-const newSendSnapShot = async (analysis, applicationId) => {
+const newSendSnapShot = async (analysis) => {
     const analysisLanguage = analysis.config.language.toLowerCase();
     const requestBody = {
         appID: analysis.config.applicationId,
@@ -24,7 +14,6 @@ const newSendSnapShot = async (analysis, applicationId) => {
         .sendSnapshot(requestBody, analysis.config)
         .then(res => {
         if (res.statusCode === 201) {
-            displaySnapshotSuccessMessage(analysis.config);
             return res.body;
         }
         else {
@@ -36,6 +25,5 @@ const newSendSnapShot = async (analysis, applicationId) => {
     });
 };
 module.exports = {
-    newSendSnapShot: newSendSnapShot,
-    displaySnapshotSuccessMessage: displaySnapshotSuccessMessage
+    newSendSnapShot: newSendSnapShot
 };

package/dist/commands/audit/auditConfig.js

@@ -8,14 +8,20 @@ const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHand
 const constants_1 = __importDefault(require("../../constants"));
 const parsedCLIOptions_1 = __importDefault(require("../../utils/parsedCLIOptions"));
 const constants_2 = __importDefault(require("../../audit/languageAnalysisEngine/constants"));
+const autoDetectLanguage_1 = require("../../audit/autodetection/autoDetectLanguage");
 const { supportedLanguages: { NODE, JAVASCRIPT } } = constants_2.default;
 const getAuditConfig = (argv) => {
     const auditParameters = parsedCLIOptions_1.default.getCommandLineArgsCustom(argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
     if (auditParameters.language === undefined ||
         auditParameters.language === null) {
-        console.log('error, --language parameter is required');
-        process.exit(1);
+        try {
+            auditParameters.language = (0, autoDetectLanguage_1.determineProjectLanguage)((0, autoDetectLanguage_1.identifyLanguages)(auditParameters));
+        }
+        catch (err) {
+            console.log(err.message);
+            process.exit(1);
+        }
     }
     else if (auditParameters.language.toUpperCase() === JAVASCRIPT) {
         auditParameters.language = NODE.toLowerCase();

package/dist/commands/audit/auditController.js

@@ -3,11 +3,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.startAudit = void 0;
+exports.startAudit = exports.dealWithNoAppId = void 0;
 const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
 const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
 const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
-const languageFactory = require('./../../audit/languageAnalysisEngine/langugageAnalysisFactory');
+const languageFactory = require('../../audit/languageAnalysisEngine/languageAnalysisFactory');
+const { v4: uuidv4 } = require('uuid');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
@@ -15,16 +16,24 @@ const dealWithNoAppId = async (config) => {
         if (!appID && config.applicationName) {
             return await (0, catalogueApplication_1.catalogueApplication)(config);
         }
+        if (!appID && !config.applicationName) {
+            config.applicationName = uuidv4();
+            return await (0, catalogueApplication_1.catalogueApplication)(config);
+        }
     }
     catch (e) {
-        console.log(e);
+        if (e.toString().includes('tunneling socket could not be established')) {
+            console.log(e.message.toString());
+            console.log('There seems to be an issue with your proxy, please check and try again');
+        }
+        process.exit(1);
     }
-    console.log(appID);
     return appID;
 };
+exports.dealWithNoAppId = dealWithNoAppId;
 const startAudit = async (config) => {
     if (!config.applicationId) {
-        config.applicationId = await dealWithNoAppId(config);
+        config.applicationId = await (0, exports.dealWithNoAppId)(config);
     }
     identifyLanguageAE(config.projectPath, languageFactory, config.applicationId, config);
 };

package/dist/commands/scan/processScan.js

@@ -1,14 +1,18 @@
 "use strict";
-const { startScan } = require('../../scan/scanController');
-const { formatScanOutput } = require('../../scan/scan');
-const { scanUsageGuide } = require('../../scan/help');
 const scanConfig = require('../../scan/scanConfig');
+const { startScan } = require('../../scan/scanController');
 const { saveScanFile } = require('../../utils/saveFile');
+const { ScanResultsModel } = require('../../scan/models/scanResultsModel');
+const { formatScanOutput } = require('../../scan/formatScanOutput');
+const { processSca } = require('./sca/scaAnalysis');
 const processScan = async (argvMain) => {
     let config = scanConfig.getScanConfig(argvMain);
-    let scanResults = await startScan(config);
-    if (scanResults) {
-        formatScanOutput(scanResults?.projectOverview, scanResults?.scanResultsInstances);
+    if (config.experimental) {
+        await processSca(config);
+    }
+    let scanResults = new ScanResultsModel(await startScan(config));
+    if (scanResults.scanResultsInstances !== undefined) {
+        formatScanOutput(scanResults);
     }
     if (config.save !== undefined) {
         await saveScanFile(config, scanResults);

package/dist/commands/scan/sca/scaAnalysis.js

@@ -0,0 +1,49 @@
+"use strict";
+const autoDetection = require('../../../scan/autoDetection');
+const javaAnalysis = require('../../../scaAnalysis/java');
+const treeUpload = require('../../../scaAnalysis/common/treeUpload');
+const { manualDetectAuditFilesAndLanguages } = require('../../../scan/autoDetection');
+const auditController = require('../../audit/auditController');
+const { supportedLanguages: { JAVA, GO } } = require('../../../audit/languageAnalysisEngine/constants');
+const goAnalysis = require('../../../scaAnalysis/go/goAnalysis');
+const processSca = async (config) => {
+    let filesFound;
+    if (config.projectPath) {
+        filesFound = await manualDetectAuditFilesAndLanguages(config.projectPath);
+    }
+    else {
+        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config);
+    }
+    let messageToSend = undefined;
+    if (filesFound.length === 1) {
+        switch (Object.keys(filesFound[0])[0]) {
+            case JAVA:
+                messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0]);
+                config.language = JAVA;
+                break;
+            case GO:
+                messageToSend = goAnalysis.goAnalysis(config, filesFound[0]);
+                config.language = GO;
+                break;
+            default:
+                console.log('language detected not supported');
+                return;
+        }
+        if (!config.applicationId) {
+            config.applicationId = await auditController.dealWithNoAppId(config);
+        }
+        console.log('processing dependencies');
+        const response = await treeUpload.commonSendSnapShot(messageToSend, config);
+    }
+    else {
+        if (filesFound.length === 0) {
+            console.log('no compatible dependency files detected. Continuing...');
+        }
+        else {
+            console.log('multiple language files detected, please use --project-path to specify a directory or the file where dependencies are declared');
+        }
+    }
+};
+module.exports = {
+    processSca
+};

package/dist/common/HTTPClient.js

@@ -77,7 +77,9 @@ HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
     options.url = url;
     options.body = {
         codeArtifactId: codeArtifactId,
-        label: `Started by CLI tool at ${new Date().toString()}`
+        label: config.label
+            ? config.label
+            : `Started by CLI tool at ${new Date().toString()}`
     };
     return requestUtils.sendRequest({ method: 'post', options });
 };
@@ -143,28 +145,27 @@ HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
     return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
+    if (config.language.toUpperCase() === 'RUBY') {
+    }
     const options = _.cloneDeep(this.requestOptions);
     let url = createSnapshotURL(config);
     options.url = url;
     options.body = requestBody;
     return requestUtils.sendRequest({ method: 'post', options });
 };
-HTTPClient.prototype.getReport = function getReport(config) {
-    const options = _.cloneDeep(this.requestOptions);
-    let url = createReportUrl(config);
-    options.url = url;
-    return requestUtils.sendRequest({ method: 'get', options });
-};
-HTTPClient.prototype.getSpecificReport = function getSpecificReport(config, reportId) {
+HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = createSpecificReportUrl(config, reportId);
-    options.url = url;
+    if (config.ignoreDev) {
+        options.url = createSpecificReportWithProdUrl(config, reportId);
+    }
+    else {
+        options.url = createSpecificReportUrl(config, reportId);
+    }
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(requestBody, config) {
+HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(config, requestBody) {
     const options = _.cloneDeep(this.requestOptions);
-    let url = createLibraryVulnerabilitiesUrl(config);
-    options.url = url;
+    options.url = createLibraryVulnerabilitiesUrl(config);
     options.body = requestBody;
     return requestUtils.sendRequest({ method: 'put', options });
 };
@@ -174,12 +175,6 @@ HTTPClient.prototype.getAppId = function getAppId(config) {
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getDependencyTree = function getReport(orgUuid, appId, reportId) {
-    const options = _.cloneDeep(this.requestOptions);
-    let url = createGetDependencyTree(options.uri, orgUuid, appId, reportId);
-    options.url = url;
-    return requestUtils.sendRequest({ method: 'get', options });
-};
 function getServerlessHost(config = {}) {
     const originalHost = config?.host || config?.get('host');
     const host = originalHost?.endsWith('/')
@@ -271,18 +266,15 @@ const createAppNameUrl = config => {
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
 }
-function createReportUrl(config) {
-    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports`;
-}
 function createSpecificReportUrl(config, reportId) {
-    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?nodesToInclude=PROD`;
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}`;
+}
+function createSpecificReportWithProdUrl(config, reportId) {
+    return createSpecificReportUrl(config, reportId).concat(`?nodesToInclude=PROD`);
 }
 function createDataUrl() {
     return `https://ardy.contrastsecurity.com/production`;
 }
-const createGetDependencyTree = (protocol, orgUuid, appId, reportId) => {
-    return `${protocol}/Contrast/api/ng/sca/organizations/${orgUuid}/applications/${appId}/reports/${reportId}`;
-};
 function createSbomCycloneDXUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`;
 }

package/dist/common/errorHandling.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.findCommandOnError = exports.libraryAnalysisError = exports.handleResponseErrors = exports.getErrorMessage = exports.generalError = exports.hostWarningError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
+exports.reportFailureError = exports.vulnerabilitiesFailureError = exports.snapshotFailureError = exports.findCommandOnError = exports.libraryAnalysisError = exports.handleResponseErrors = exports.getErrorMessage = exports.generalError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
 const i18n_1 = __importDefault(require("i18n"));
 const handleResponseErrors = (res, api) => {
     if (res.statusCode === 400) {
@@ -36,23 +36,17 @@ const libraryAnalysisError = () => {
 };
 exports.libraryAnalysisError = libraryAnalysisError;
 const snapshotFailureError = () => {
-    console.log('\n ******************************** ' +
-        i18n_1.default.__('snapshotFailureHeader') +
-        ' *********************************\n' +
-        i18n_1.default.__('snapshotFailureMessage'));
+    console.log(i18n_1.default.__('snapshotFailureMessage'));
 };
+exports.snapshotFailureError = snapshotFailureError;
 const vulnerabilitiesFailureError = () => {
-    console.log('\n ******************************** ' +
-        i18n_1.default.__('snapshotFailureHeader') +
-        ' *********************************\n' +
-        i18n_1.default.__('vulnerabilitiesFailureMessage'));
+    console.log(i18n_1.default.__('vulnerabilitiesFailureMessage'));
 };
+exports.vulnerabilitiesFailureError = vulnerabilitiesFailureError;
 const reportFailureError = () => {
-    console.log('\n ******************************** ' +
-        i18n_1.default.__('snapshotFailureHeader') +
-        ' *********************************\n' +
-        i18n_1.default.__('reportFailureMessage'));
+    console.log(i18n_1.default.__('auditReportFailureMessage'));
 };
+exports.reportFailureError = reportFailureError;
 const genericError = (missingCliOption) => {
     console.log(`*************************** ${i18n_1.default.__('yamlMissingParametersHeader')} ***************************\n${missingCliOption}`);
     console.error(i18n_1.default.__('yamlMissingParametersMessage'));
@@ -78,10 +72,6 @@ const proxyError = () => {
     generalError('proxyErrorHeader', 'proxyErrorMessage');
 };
 exports.proxyError = proxyError;
-const hostWarningError = () => {
-    console.log(i18n_1.default.__('snapshotHostMessage'));
-};
-exports.hostWarningError = hostWarningError;
 const failOptionError = () => {
     console.log('\n ******************************** ' +
         i18n_1.default.__('snapshotFailureHeader') +