@contrast/contrast 1.0.5 → 1.0.6

package/.prettierignore

@@ -4,3 +4,4 @@ test/errorHandling.spec.ts
 **/models
 **/audit/autodetection/autoDetectLanguage.ts
 **/commands/audit/auditConfig.ts
+**/audit/languageAnalysisEngine/report

package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js

@@ -40,7 +40,11 @@ const deduceLanguageScaAnalysis = filenames => {
         }
         if (isNodeLockFilename(filename)) {
             deducedLanguages.push(filename);
-            language = node;
+            language = NODE;
+        }
+        if (isGoProjectFilename(filename)) {
+            deducedLanguages.push({ language: GO, projectFilename: filename });
+            language = GO;
         }
     });
     let identifiedLanguages = { [language]: deducedLanguages };

package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js

@@ -3,12 +3,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createLibraryHeader = void 0;
+exports.getNumOfAndSeverityType = exports.buildFormattedHeaderNum = exports.buildBody = exports.buildHeader = exports.printFormattedOutput = exports.printVulnerabilityResponse = exports.getReport = exports.createLibraryHeader = void 0;
 const commonApi_1 = require("../../../utils/commonApi");
 const reportListModel_1 = require("./models/reportListModel");
 const lodash_1 = require("lodash");
 const chalk_1 = __importDefault(require("chalk"));
 const reportUtils_1 = require("./utils/reportUtils");
+const severityCountModel_1 = require("./models/severityCountModel");
+const reportOutputModel_1 = require("./models/reportOutputModel");
 const createLibraryHeader = (id, numberOfVulnerableLibraries, numberOfCves) => {
     numberOfVulnerableLibraries === 1
         ? console.log(` Found 1 vulnerable library containing ${numberOfCves} CVE's`)
@@ -53,19 +55,70 @@ const printFormattedOutput = (libraries, config) => {
         const newOutputModel = new reportListModel_1.ReportModelStructure(new reportListModel_1.ReportCompositeKey(name, version, (0, reportUtils_1.findHighestSeverityCVE)(library.cveArray)), library.cveArray);
         report.reportOutputList.push(newOutputModel);
     }
-    const orderedOutputList = (0, lodash_1.orderBy)(report.reportOutputList, reportListItem => reportListItem.compositeKey.highestSeverity.priority);
-    for (const reportModel of orderedOutputList) {
-        const name = reportModel.compositeKey.libraryName;
-        const version = reportModel.compositeKey.libraryVersion;
-        const highestSeverity = reportModel.compositeKey.highestSeverity.severity;
+    const orderedOutputListLowestFirst = (0, lodash_1.orderBy)(report.reportOutputList, reportListItem => reportListItem.compositeKey.highestSeverity.priority, ['desc']);
+    let contrastHeaderNumCounter = 0;
+    for (const reportModel of orderedOutputListLowestFirst) {
+        contrastHeaderNumCounter++;
+        const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
         const numOfCVEs = reportModel.cveArray.length;
-        const cveNames = [];
-        reportModel.cveArray.forEach(cve => cveNames.push(cve.name));
-        const boldHeader = chalk_1.default.bold(`${highestSeverity} | Vulnerable Library`);
-        const cvePluralised = numOfCVEs > 1 ? 'CVEs' : 'CVE';
-        console.log(`\n ${boldHeader} ${name} (${version}) has ${numOfCVEs} known ${cvePluralised}`);
-        console.log(` ${cveNames.join(', ')}`);
-        console.log(chalk_1.default.bold(' How to fix: Update to latest version'));
+        const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
+        const body = buildBody(reportModel.cveArray);
+        const reportOutputModel = new reportOutputModel_1.ReportOutputModel(header, body);
+        console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
+        console.log(reportOutputModel.body.issueMessage);
+        console.log(reportOutputModel.body.adviceMessage);
     }
 };
 exports.printFormattedOutput = printFormattedOutput;
+function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
+    const vulnerabilityPluralised = numOfCVEs > 1 ? 'Vulnerabilities' : 'Vulnerability';
+    const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
+    const vulnMessage = chalk_1.default
+        .hex(highestSeverity.outputColour)
+        .bold(`${formattedHeaderNum} - [${highestSeverity.severity}] ${libraryName}-${version}`);
+    const introducesMessage = chalk_1.default.bold(`introduces ${numOfCVEs} ${vulnerabilityPluralised}`);
+    return new reportOutputModel_1.ReportOutputHeaderModel(vulnMessage, introducesMessage);
+}
+exports.buildHeader = buildHeader;
+function buildBody(cveArray) {
+    const cveMessages = [];
+    (0, reportUtils_1.findCVESeveritiesAndOrderByHighestPriority)(cveArray).forEach(reportSeverityModel => {
+        const { outputColour, severity, cveName } = reportSeverityModel;
+        const severityShorthand = chalk_1.default
+            .hex(outputColour)
+            .bold(`[${severity.charAt(0).toUpperCase()}]`);
+        const builtMessage = `${severityShorthand} ${cveName}`;
+        cveMessages.push(builtMessage);
+    });
+    const numAndSeverityType = getNumOfAndSeverityType(cveArray);
+    const issueMessage = ` ${chalk_1.default.bold('Issue')}  : ${numAndSeverityType} ${cveMessages.join(', ')}.`;
+    const adviceMessage = ` ${chalk_1.default.bold('Advice')} : ${chalk_1.default.bold('Update to latest version')}.`;
+    return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, adviceMessage);
+}
+exports.buildBody = buildBody;
+function buildFormattedHeaderNum(contrastHeaderNum) {
+    let formattedHeaderNum;
+    if (contrastHeaderNum < 10) {
+        formattedHeaderNum = `00${contrastHeaderNum}`;
+    }
+    else if (contrastHeaderNum >= 10 && contrastHeaderNum < 100) {
+        formattedHeaderNum = `0${contrastHeaderNum}`;
+    }
+    else if (contrastHeaderNum >= 100) {
+        formattedHeaderNum = contrastHeaderNum;
+    }
+    return `CONTRAST-${formattedHeaderNum}`;
+}
+exports.buildFormattedHeaderNum = buildFormattedHeaderNum;
+function getNumOfAndSeverityType(cveArray) {
+    const { critical, high, medium, low, note } = (0, reportUtils_1.severityCountAllCVEs)(cveArray, new severityCountModel_1.SeverityCountModel());
+    const criticalMessage = critical > 0 ? `${critical} Critical` : '';
+    const highMessage = high > 0 ? `${high} High` : '';
+    const mediumMessage = medium > 0 ? `${medium} Medium` : '';
+    const lowMessage = low > 0 ? `${low} Low` : '';
+    const noteMessage = note > 0 ? `${note} Note` : '';
+    return `${criticalMessage} ${highMessage} ${mediumMessage} ${lowMessage} ${noteMessage}`
+        .replace(/\s+/g, ' ')
+        .trim();
+}
+exports.getNumOfAndSeverityType = getNumOfAndSeverityType;

package/dist/audit/languageAnalysisEngine/report/models/reportOutputModel.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReportOutputBodyModel = exports.ReportOutputHeaderModel = exports.ReportOutputModel = void 0;
+class ReportOutputModel {
+    constructor(header, body) {
+        this.header = header;
+        this.body = body;
+    }
+}
+exports.ReportOutputModel = ReportOutputModel;
+class ReportOutputHeaderModel {
+    constructor(vulnMessage, introducesMessage) {
+        this.vulnMessage = vulnMessage;
+        this.introducesMessage = introducesMessage;
+    }
+}
+exports.ReportOutputHeaderModel = ReportOutputHeaderModel;
+class ReportOutputBodyModel {
+    constructor(bodyIssueMessage, bodyAdviceMessage) {
+        this.issueMessage = bodyIssueMessage;
+        this.adviceMessage = bodyAdviceMessage;
+    }
+}
+exports.ReportOutputBodyModel = ReportOutputBodyModel;

package/dist/audit/languageAnalysisEngine/report/models/reportSeverityModel.js

@@ -2,9 +2,11 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ReportSeverityModel = void 0;
 class ReportSeverityModel {
-    constructor(severity, priority) {
+    constructor(severity, priority, outputColour, cveName) {
         this.severity = severity;
         this.priority = priority;
+        this.outputColour = outputColour;
+        this.cveName = cveName;
     }
 }
 exports.ReportSeverityModel = ReportSeverityModel;

package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SeverityCountModel = void 0;
+class SeverityCountModel {
+    constructor() {
+        this.critical = 0;
+        this.high = 0;
+        this.medium = 0;
+        this.low = 0;
+        this.note = 0;
+    }
+}
+exports.SeverityCountModel = SeverityCountModel;

package/dist/audit/languageAnalysisEngine/report/reportingFeature.js

@@ -22,7 +22,7 @@ function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, name, confi
     return [
         hasSomeVulnerabilitiesReported,
         numberOfCves,
-        (0, reportUtils_1.severityCount)(vulnerableLibraries)
+        (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries)
     ];
 }
 exports.formatVulnerabilityOutput = formatVulnerabilityOutput;

package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js

@@ -3,70 +3,84 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.findNameAndVersion = exports.severityCount = exports.convertGenericToTypedLibraries = exports.findHighestSeverityCVE = void 0;
+exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraries = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
 const constants_1 = __importDefault(require("../../../languageAnalysisEngine/constants"));
+const constants_2 = require("../../../../constants/constants");
+const lodash_1 = require("lodash");
+const severityCountModel_1 = require("../models/severityCountModel");
 const { supportedLanguages: { GO } } = constants_1.default;
 function findHighestSeverityCVE(cveArray) {
-    if (cveArray.find(cve => cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL')) {
-        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', 1);
+    const mappedToReportSeverityModels = cveArray.map(cve => findCVESeverity(cve));
+    return (0, lodash_1.orderBy)(mappedToReportSeverityModels, cve => cve?.priority)[0];
+}
+exports.findHighestSeverityCVE = findHighestSeverityCVE;
+function findCVESeveritiesAndOrderByHighestPriority(cves) {
+    return (0, lodash_1.orderBy)(cves.map(cve => findCVESeverity(cve)), ['priority'], ['asc']);
+}
+exports.findCVESeveritiesAndOrderByHighestPriority = findCVESeveritiesAndOrderByHighestPriority;
+function findCVESeverity(cve) {
+    const cveName = cve.name;
+    if (cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL') {
+        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_2.CRITICAL_PRIORITY, constants_2.CRITICAL_COLOUR, cveName);
     }
-    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH')) {
-        return new reportSeverityModel_1.ReportSeverityModel('HIGH', 2);
+    else if (cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH') {
+        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_2.HIGH_PRIORITY, constants_2.HIGH_COLOUR, cveName);
     }
-    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'MEDIUM' || cve.severityCode === 'MEDIUM')) {
-        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', 3);
+    else if (cve.cvss3SeverityCode === 'MEDIUM' || cve.severityCode === 'MEDIUM') {
+        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_2.MEDIUM_PRIORITY, constants_2.MEDIUM_COLOUR, cveName);
     }
-    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW')) {
-        return new reportSeverityModel_1.ReportSeverityModel('LOW', 4);
+    else if (cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW') {
+        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_2.LOW_PRIORITY, constants_2.LOW_COLOUR, cveName);
     }
-    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE')) {
-        return new reportSeverityModel_1.ReportSeverityModel('NOTE', 5);
+    else if (cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE') {
+        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_2.NOTE_PRIORITY, constants_2.NOTE_COLOUR, cveName);
     }
 }
-exports.findHighestSeverityCVE = findHighestSeverityCVE;
+exports.findCVESeverity = findCVESeverity;
 function convertGenericToTypedLibraries(libraries) {
     return Object.entries(libraries).map(([name, cveArray]) => {
         return new reportLibraryModel_1.ReportLibraryModel(name, cveArray);
     });
 }
 exports.convertGenericToTypedLibraries = convertGenericToTypedLibraries;
-function severityCount(vulnerableLibraries) {
-    const severityCount = {
-        critical: 0,
-        high: 0,
-        medium: 0,
-        low: 0,
-        note: 0
-    };
-    vulnerableLibraries.forEach(lib => {
-        lib.cveArray.forEach(cve => {
-            if (cve.cvss3SeverityCode === 'CRITICAL' ||
-                cve.severityCode === 'CRITICAL') {
-                severityCount['critical'] += 1;
-            }
-            else if (cve.cvss3SeverityCode === 'HIGH' ||
-                cve.severityCode === 'HIGH') {
-                severityCount['high'] += 1;
-            }
-            else if (cve.cvss3SeverityCode === 'MEDIUM' ||
-                cve.severityCode === 'MEDIUM') {
-                severityCount['medium'] += 1;
-            }
-            else if (cve.cvss3SeverityCode === 'LOW' ||
-                cve.severityCode === 'LOW') {
-                severityCount['low'] += 1;
-            }
-            else if (cve.cvss3SeverityCode === 'NOTE' ||
-                cve.severityCode === 'NOTE') {
-                severityCount['note'] += 1;
-            }
-        });
-    });
+function severityCountAllLibraries(vulnerableLibraries) {
+    const severityCount = new severityCountModel_1.SeverityCountModel();
+    vulnerableLibraries.forEach(lib => severityCountAllCVEs(lib.cveArray, severityCount));
+    return severityCount;
+}
+exports.severityCountAllLibraries = severityCountAllLibraries;
+function severityCountAllCVEs(cveArray, severityCount) {
+    const severityCountInner = severityCount;
+    cveArray.forEach(cve => severityCountSingleCVE(cve, severityCountInner));
+    return severityCountInner;
+}
+exports.severityCountAllCVEs = severityCountAllCVEs;
+function severityCountSingleCVE(cve, severityCount) {
+    if (cve.cvss3SeverityCode === 'CRITICAL' ||
+        cve.severityCode === 'CRITICAL') {
+        severityCount.critical += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'HIGH' ||
+        cve.severityCode === 'HIGH') {
+        severityCount.high += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'MEDIUM' ||
+        cve.severityCode === 'MEDIUM') {
+        severityCount.medium += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'LOW' ||
+        cve.severityCode === 'LOW') {
+        severityCount.low += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'NOTE' ||
+        cve.severityCode === 'NOTE') {
+        severityCount.note += 1;
+    }
     return severityCount;
 }
-exports.severityCount = severityCount;
+exports.severityCountSingleCVE = severityCountSingleCVE;
 function findNameAndVersion(library, config) {
     if (config.language.toUpperCase() === GO) {
         const nameVersion = library.name.split('@');

package/dist/commands/audit/auditController.js

@@ -23,7 +23,7 @@ const dealWithNoAppId = async (config) => {
     }
     catch (e) {
         if (e.toString().includes('tunneling socket could not be established')) {
-            console.log(e.message);
+            console.log(e.message.toString());
             console.log('There seems to be an issue with your proxy, please check and try again');
         }
         process.exit(1);

package/dist/commands/scan/processScan.js

@@ -11,7 +11,7 @@ const processScan = async (argvMain) => {
         await processSca(config);
     }
     let scanResults = new ScanResultsModel(await startScan(config));
-    if (scanResults) {
+    if (scanResults.scanResultsInstances !== undefined) {
         formatScanOutput(scanResults);
     }
     if (config.save !== undefined) {

package/dist/commands/scan/sca/scaAnalysis.js

@@ -1,10 +1,11 @@
 "use strict";
 const autoDetection = require('../../../scan/autoDetection');
-const { javaAnalysis } = require('../../../scaAnalysis/java');
-const { commonSendSnapShot } = require('../../../scaAnalysis/common/treeUpload');
+const javaAnalysis = require('../../../scaAnalysis/java');
+const treeUpload = require('../../../scaAnalysis/common/treeUpload');
 const { manualDetectAuditFilesAndLanguages } = require('../../../scan/autoDetection');
-const { dealWithNoAppId } = require('../../audit/auditController');
-const { supportedLanguages: { JAVA } } = require('../../../audit/languageAnalysisEngine/constants');
+const auditController = require('../../audit/auditController');
+const { supportedLanguages: { JAVA, GO } } = require('../../../audit/languageAnalysisEngine/constants');
+const goAnalysis = require('../../../scaAnalysis/go/goAnalysis');
 const processSca = async (config) => {
     let filesFound;
     if (config.projectPath) {
@@ -17,18 +18,22 @@ const processSca = async (config) => {
     if (filesFound.length === 1) {
         switch (Object.keys(filesFound[0])[0]) {
             case JAVA:
-                messageToSend = await javaAnalysis(config, filesFound[0]);
+                messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0]);
                 config.language = JAVA;
                 break;
+            case GO:
+                messageToSend = goAnalysis.goAnalysis(config, filesFound[0]);
+                config.language = GO;
+                break;
             default:
                 console.log('language detected not supported');
                 return;
         }
         if (!config.applicationId) {
-            config.applicationId = await dealWithNoAppId(config);
+            config.applicationId = await auditController.dealWithNoAppId(config);
         }
         console.log('processing dependencies');
-        const response = await commonSendSnapShot(messageToSend, config);
+        const response = await treeUpload.commonSendSnapShot(messageToSend, config);
     }
     else {
         if (filesFound.length === 0) {

package/dist/constants/constants.js

@@ -12,13 +12,18 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.5';
+const APP_VERSION = '1.0.6';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
 const MEDIUM_COLOUR = '#f1c232';
-const LOW_COLOUR = '#ff9900';
+const LOW_COLOUR = '#b7b7b7';
 const NOTE_COLOUR = '#999999';
+const CRITICAL_PRIORITY = 1;
+const HIGH_PRIORITY = 2;
+const MEDIUM_PRIORITY = 3;
+const LOW_PRIORITY = 4;
+const NOTE_PRIORITY = 5;
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com';
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';
 const SARIF_FILE = 'SARIF';
@@ -40,5 +45,10 @@ module.exports = {
     MEDIUM_COLOUR,
     LOW_COLOUR,
     NOTE_COLOUR,
-    CE_URL
+    CE_URL,
+    CRITICAL_PRIORITY,
+    HIGH_PRIORITY,
+    MEDIUM_PRIORITY,
+    LOW_PRIORITY,
+    NOTE_PRIORITY
 };

package/dist/scaAnalysis/common/formatMessage.js

@@ -6,6 +6,14 @@ const createJavaTSMessage = javaTree => {
         }
     };
 };
+const createGoTSMessage = goTree => {
+    return {
+        go: {
+            goDependencyTrees: goTree
+        }
+    };
+};
 module.exports = {
-    createJavaTSMessage
+    createJavaTSMessage,
+    createGoTSMessage
 };

package/dist/scaAnalysis/common/treeUpload.js

@@ -1,6 +1,5 @@
 "use strict";
 const { getHttpClient } = require('../../utils/commonApi');
-const { handleResponseErrors } = require('../../common/errorHandling');
 const { APP_VERSION } = require('../../constants/constants');
 const commonSendSnapShot = async (analysis, config) => {
     const requestBody = {
@@ -13,12 +12,12 @@ const commonSendSnapShot = async (analysis, config) => {
         .sendSnapshot(requestBody, config)
         .then(res => {
         if (res.statusCode === 201) {
-            console.log('snapshot processed successfully');
+            console.log('dependencies processed successfully');
             return res.body;
         }
         else {
             console.log(res.statusCode);
-            handleResponseErrors(res, 'snapshot');
+            console.log('error processing dependencies');
         }
     })
         .catch(err => {

package/dist/scaAnalysis/go/goAnalysis.js

@@ -0,0 +1,17 @@
+"use strict";
+const { createGoTSMessage } = require('../common/formatMessage');
+const goReadDepFile = require('./goReadDepFile');
+const goParseDeps = require('./goParseDeps');
+const goAnalysis = (config, languageFiles) => {
+    try {
+        const rawGoDependencies = goReadDepFile.getGoDependencies(config);
+        const parsedGoDependencies = goParseDeps.parseGoDependencies(rawGoDependencies);
+        return createGoTSMessage(parsedGoDependencies);
+    }
+    catch (e) {
+        console.log(e.message.toString());
+    }
+};
+module.exports = {
+    goAnalysis
+};

package/dist/scaAnalysis/go/goParseDeps.js

@@ -0,0 +1,158 @@
+"use strict";
+const crypto = require('crypto');
+const parseGoDependencies = goDeps => {
+    return parseGo(goDeps);
+};
+const parseGo = modGraphOutput => {
+    let splitLines = splitAllLinesIntoArray(modGraphOutput);
+    const directDepNames = getDirectDepNames(splitLines);
+    const uniqueTransitiveDepNames = getAllUniqueTransitiveDepNames(splitLines, directDepNames);
+    let rootNodes = createRootNodes(splitLines);
+    createTransitiveDeps(uniqueTransitiveDepNames, splitLines, rootNodes);
+    return rootNodes;
+};
+const splitAllLinesIntoArray = modGraphOutput => {
+    return modGraphOutput.split(/\r\n|\r|\n/);
+};
+const getAllDepsOfADepAsEdge = (dep, deps) => {
+    let edges = {};
+    const depRows = deps.filter(line => {
+        return line.startsWith(dep);
+    });
+    depRows.forEach(dep => {
+        const edgeName = dep.split(' ')[1];
+        edges[edgeName] = edgeName;
+    });
+    return edges;
+};
+const getAllDepsOfADepAsName = (dep, deps) => {
+    let edges = [];
+    const depRows = deps.filter(line => {
+        return line.startsWith(dep);
+    });
+    depRows.forEach(dep => {
+        const edgeName = dep.split(' ')[1];
+        edges.push(edgeName);
+    });
+    return edges;
+};
+const createRootNodes = deps => {
+    let rootDep = {};
+    const rootDeps = getRootDeps(deps);
+    const edges = rootDeps.map(dep => {
+        return dep.split(' ')[1];
+    });
+    rootDep[rootDeps[0].split(' ')[0]] = {};
+    edges.forEach(edge => {
+        const splitEdge = edge.split('@');
+        const splitGroupName = splitEdge[0].split('/');
+        const name = splitGroupName.pop();
+        const lastSlash = splitEdge[0].lastIndexOf('/');
+        let group = splitEdge[0].substring(0, lastSlash);
+        const hash = getHash(splitEdge[0]);
+        group = checkGroupExists(group, name);
+        const edgesOfDep = getAllDepsOfADepAsEdge(edge, deps);
+        rootDep[rootDeps[0].split(' ')[0]][edge] = {
+            artifactID: name,
+            group: group,
+            version: splitEdge[1],
+            scope: '"compile',
+            type: 'direct',
+            hash: hash,
+            edges: edgesOfDep
+        };
+    });
+    return rootDep;
+};
+const getRootDeps = deps => {
+    const rootDeps = deps.filter(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length === 1) {
+            return dep;
+        }
+    });
+    return rootDeps;
+};
+const getHash = library => {
+    let shaSum = crypto.createHash('sha1');
+    shaSum.update(library);
+    return shaSum.digest('hex');
+};
+const getDirectDepNames = deps => {
+    const directDepNames = [];
+    deps.forEach(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length === 1) {
+            dep.split(' ')[1] !== undefined
+                ? directDepNames.push(dep.split(' ')[1])
+                : null;
+        }
+    });
+    return directDepNames;
+};
+const getAllUniqueTransitiveDepNames = (deps, directDepNames) => {
+    let uniqueDeps = [];
+    deps.forEach(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length !== 1) {
+            if (!directDepNames.includes(parentDep)) {
+                if (!uniqueDeps.includes(parentDep)) {
+                    parentDep.length > 1 ? uniqueDeps.push(parentDep) : null;
+                }
+            }
+        }
+    });
+    return uniqueDeps;
+};
+const checkGroupExists = (group, name) => {
+    if (group === null || group === '') {
+        return name;
+    }
+    return group;
+};
+const createTransitiveDeps = (transitiveDeps, splitLines, rootNodes) => {
+    transitiveDeps.forEach(dep => {
+        const splitEdge = dep.split('@');
+        const splitGroupName = splitEdge[0].split('/');
+        const name = splitGroupName.pop();
+        const lastSlash = splitEdge[0].lastIndexOf('/');
+        let group = splitEdge[0].substring(0, lastSlash);
+        const hash = getHash(splitEdge[0]);
+        group = checkGroupExists(group, name);
+        const transitiveDep = {
+            artifactID: name,
+            group: group,
+            version: splitEdge[1],
+            scope: 'compile',
+            type: 'transitive',
+            hash: hash,
+            edges: {}
+        };
+        const edges = getAllDepsOfADepAsEdge(dep, splitLines);
+        transitiveDep.edges = edges;
+        const edgesAsName = getAllDepsOfADepAsName(dep, splitLines);
+        edgesAsName.forEach(dep => {
+            const splitEdge = dep.split('@');
+            const splitGroupName = splitEdge[0].split('/');
+            const name = splitGroupName.pop();
+            const lastSlash = splitEdge[0].lastIndexOf('/');
+            let group = splitEdge[0].substring(0, lastSlash);
+            const hash = getHash(splitEdge[0]);
+            group = checkGroupExists(group, name);
+            const transitiveDep = {
+                artifactID: name,
+                group: group,
+                version: splitEdge[1],
+                scope: 'compile',
+                type: 'transitive',
+                hash: hash,
+                edges: {}
+            };
+            rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep;
+        });
+        rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep;
+    });
+};
+module.exports = {
+    parseGoDependencies
+};

package/dist/scaAnalysis/go/goReadDepFile.js

@@ -0,0 +1,23 @@
+"use strict";
+const child_process = require('child_process');
+const i18n = require('i18n');
+const getGoDependencies = config => {
+    let cmdStdout;
+    let cwd = config.projectPath
+        ? config.projectPath.replace('go.mod', '')
+        : process.cwd();
+    try {
+        cmdStdout = child_process.execSync('go mod graph', { cwd });
+        return cmdStdout.toString();
+    }
+    catch (err) {
+        if (err.message === 'spawnSync /bin/sh ENOENT') {
+            err.message =
+                '\n\n*************** No transitive dependencies ***************\n\nWe are unable to build a dependency tree view from your repository as there were no transitive dependencies found.';
+        }
+        console.log(i18n.__('goReadProjectFile', cwd, `${err.message ? err.message : ''}`));
+    }
+};
+module.exports = {
+    getGoDependencies
+};