@contrast/contrast 1.0.5 → 1.0.8

package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js

@@ -3,70 +3,81 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.findNameAndVersion = exports.severityCount = exports.convertGenericToTypedLibraries = exports.findHighestSeverityCVE = void 0;
+exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
 const constants_1 = __importDefault(require("../../../languageAnalysisEngine/constants"));
+const constants_2 = require("../../../../constants/constants");
+const lodash_1 = require("lodash");
+const severityCountModel_1 = require("../models/severityCountModel");
 const { supportedLanguages: { GO } } = constants_1.default;
 function findHighestSeverityCVE(cveArray) {
-    if (cveArray.find(cve => cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL')) {
-        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', 1);
+    const mappedToReportSeverityModels = cveArray.map(cve => findCVESeverity(cve));
+    return (0, lodash_1.orderBy)(mappedToReportSeverityModels, cve => cve?.priority)[0];
+}
+exports.findHighestSeverityCVE = findHighestSeverityCVE;
+function findCVESeveritiesAndOrderByHighestPriority(cves) {
+    return (0, lodash_1.orderBy)(cves.map(cve => findCVESeverity(cve)), ['priority'], ['asc']);
+}
+exports.findCVESeveritiesAndOrderByHighestPriority = findCVESeveritiesAndOrderByHighestPriority;
+function findCVESeverity(cve) {
+    const cveName = cve.name;
+    if (cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL') {
+        return new reportSeverityModel_1.ReportSeverityModel('CRITICAL', constants_2.CRITICAL_PRIORITY, constants_2.CRITICAL_COLOUR, cveName);
     }
-    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH')) {
-        return new reportSeverityModel_1.ReportSeverityModel('HIGH', 2);
+    else if (cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH') {
+        return new reportSeverityModel_1.ReportSeverityModel('HIGH', constants_2.HIGH_PRIORITY, constants_2.HIGH_COLOUR, cveName);
     }
-    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'MEDIUM' || cve.severityCode === 'MEDIUM')) {
-        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', 3);
+    else if (cve.cvss3SeverityCode === 'MEDIUM' ||
+        cve.severityCode === 'MEDIUM') {
+        return new reportSeverityModel_1.ReportSeverityModel('MEDIUM', constants_2.MEDIUM_PRIORITY, constants_2.MEDIUM_COLOUR, cveName);
     }
-    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW')) {
-        return new reportSeverityModel_1.ReportSeverityModel('LOW', 4);
+    else if (cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW') {
+        return new reportSeverityModel_1.ReportSeverityModel('LOW', constants_2.LOW_PRIORITY, constants_2.LOW_COLOUR, cveName);
     }
-    else if (cveArray.find(cve => cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE')) {
-        return new reportSeverityModel_1.ReportSeverityModel('NOTE', 5);
+    else if (cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE') {
+        return new reportSeverityModel_1.ReportSeverityModel('NOTE', constants_2.NOTE_PRIORITY, constants_2.NOTE_COLOUR, cveName);
     }
 }
-exports.findHighestSeverityCVE = findHighestSeverityCVE;
-function convertGenericToTypedLibraries(libraries) {
+exports.findCVESeverity = findCVESeverity;
+function convertGenericToTypedLibraryVulns(libraries) {
     return Object.entries(libraries).map(([name, cveArray]) => {
         return new reportLibraryModel_1.ReportLibraryModel(name, cveArray);
     });
 }
-exports.convertGenericToTypedLibraries = convertGenericToTypedLibraries;
-function severityCount(vulnerableLibraries) {
-    const severityCount = {
-        critical: 0,
-        high: 0,
-        medium: 0,
-        low: 0,
-        note: 0
-    };
-    vulnerableLibraries.forEach(lib => {
-        lib.cveArray.forEach(cve => {
-            if (cve.cvss3SeverityCode === 'CRITICAL' ||
-                cve.severityCode === 'CRITICAL') {
-                severityCount['critical'] += 1;
-            }
-            else if (cve.cvss3SeverityCode === 'HIGH' ||
-                cve.severityCode === 'HIGH') {
-                severityCount['high'] += 1;
-            }
-            else if (cve.cvss3SeverityCode === 'MEDIUM' ||
-                cve.severityCode === 'MEDIUM') {
-                severityCount['medium'] += 1;
-            }
-            else if (cve.cvss3SeverityCode === 'LOW' ||
-                cve.severityCode === 'LOW') {
-                severityCount['low'] += 1;
-            }
-            else if (cve.cvss3SeverityCode === 'NOTE' ||
-                cve.severityCode === 'NOTE') {
-                severityCount['note'] += 1;
-            }
-        });
-    });
+exports.convertGenericToTypedLibraryVulns = convertGenericToTypedLibraryVulns;
+function severityCountAllLibraries(vulnerableLibraries) {
+    const severityCount = new severityCountModel_1.SeverityCountModel();
+    vulnerableLibraries.forEach(lib => severityCountAllCVEs(lib.cveArray, severityCount));
+    return severityCount;
+}
+exports.severityCountAllLibraries = severityCountAllLibraries;
+function severityCountAllCVEs(cveArray, severityCount) {
+    const severityCountInner = severityCount;
+    cveArray.forEach(cve => severityCountSingleCVE(cve, severityCountInner));
+    return severityCountInner;
+}
+exports.severityCountAllCVEs = severityCountAllCVEs;
+function severityCountSingleCVE(cve, severityCount) {
+    if (cve.cvss3SeverityCode === 'CRITICAL' || cve.severityCode === 'CRITICAL') {
+        severityCount.critical += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'HIGH' || cve.severityCode === 'HIGH') {
+        severityCount.high += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'MEDIUM' ||
+        cve.severityCode === 'MEDIUM') {
+        severityCount.medium += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'LOW' || cve.severityCode === 'LOW') {
+        severityCount.low += 1;
+    }
+    else if (cve.cvss3SeverityCode === 'NOTE' || cve.severityCode === 'NOTE') {
+        severityCount.note += 1;
+    }
     return severityCount;
 }
-exports.severityCount = severityCount;
+exports.severityCountSingleCVE = severityCountSingleCVE;
 function findNameAndVersion(library, config) {
     if (config.language.toUpperCase() === GO) {
         const nameVersion = library.name.split('@');

package/dist/audit/languageAnalysisEngine/sendSnapshot.js

@@ -1,7 +1,13 @@
 "use strict";
-const { getHttpClient } = require('../../utils/commonApi');
 const { handleResponseErrors } = require('../../common/errorHandling');
 const { APP_VERSION } = require('../../constants/constants');
+const commonApi = require('../../utils/commonApi');
+const _ = require('lodash');
+const oraFunctions = require('../../utils/oraWrapper');
+const i18n = require('i18n');
+const oraWrapper = require('../../utils/oraWrapper');
+const requestUtils = require('../../utils/requestUtils');
+const { performance } = require('perf_hooks');
 const newSendSnapShot = async (analysis) => {
     const analysisLanguage = analysis.config.language.toLowerCase();
     const requestBody = {
@@ -9,7 +15,7 @@ const newSendSnapShot = async (analysis) => {
         cliVersion: APP_VERSION,
         snapshot: { [analysisLanguage]: analysis[analysisLanguage] }
     };
-    const client = getHttpClient(analysis.config);
+    const client = commonApi.getHttpClient(analysis.config);
     return client
         .sendSnapshot(requestBody, analysis.config)
         .then(res => {
@@ -24,6 +30,62 @@ const newSendSnapShot = async (analysis) => {
         console.log(err);
     });
 };
+const pollSnapshotResults = async (config, snapshotId, client) => {
+    await requestUtils.sleep(5000);
+    return client
+        .getReportStatusById(config, snapshotId)
+        .then(res => {
+        return res;
+    })
+        .catch(err => {
+        console.log(err);
+    });
+};
+const getTimeout = config => {
+    if (config.timeout) {
+        return config.timeout;
+    }
+    else {
+        if (config.verbose) {
+            console.log('Timeout set to 2 minutes');
+        }
+        return 120;
+    }
+};
+const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) => {
+    const client = commonApi.getHttpClient(config);
+    const startTime = performance.now();
+    const timeout = getTimeout(config);
+    let complete = false;
+    if (!_.isNil(snapshotId)) {
+        while (!complete) {
+            let result = await pollSnapshotResults(config, snapshotId, client);
+            if (result.statusCode === 200) {
+                if (result.body.status === 'PROCESSED') {
+                    complete = true;
+                    return result.body;
+                }
+                if (result.body.status === 'FAILED') {
+                    complete = true;
+                    if (config.debug) {
+                        oraFunctions.failSpinner(reportSpinner, i18n.__('auditNotCompleted'));
+                    }
+                    console.log(result.body.errorMessage);
+                    oraWrapper.stopSpinner(reportSpinner);
+                    console.log('Contrast audit finished');
+                    process.exit(1);
+                }
+            }
+            const endTime = performance.now() - startTime;
+            if (requestUtils.millisToSeconds(endTime) > timeout) {
+                oraFunctions.failSpinner(reportSpinner, 'Contrast audit timed out at the specified ' + timeout + ' seconds.');
+                console.log('Please try again, allowing more time.');
+                process.exit(1);
+            }
+        }
+    }
+};
 module.exports = {
-    newSendSnapShot: newSendSnapShot
+    newSendSnapShot: newSendSnapShot,
+    pollForSnapshotCompletition: pollForSnapshotCompletition
 };

package/dist/audit/save.js

@@ -0,0 +1,29 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+const chalk = require('chalk');
+const save = require('../commands/audit/saveFile');
+const sbom = require('../sbom/generateSbom');
+async function auditSave(config) {
+    if (config.save) {
+        if (config.save.toLowerCase() === 'sbom') {
+            save.saveFile(config, await sbom.generateSbom(config));
+            const filename = `${config.applicationId}-sbom-cyclonedx.json`;
+            if (fs.existsSync(filename)) {
+                console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);
+            }
+            else {
+                console.log(chalk.yellow.bold(`\n Unable to save ${filename} Software Bill of Materials (SBOM)`));
+            }
+        }
+        else {
+            console.log(i18n.__('auditBadFiletypeSpecifiedForSave'));
+        }
+    }
+    else if (config.save === null) {
+        console.log(i18n.__('auditNoFiletypeSpecifiedForSave'));
+    }
+}
+module.exports = {
+    auditSave
+};

package/dist/commands/audit/auditController.js

@@ -3,12 +3,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.startAudit = exports.dealWithNoAppId = void 0;
+exports.getAppName = exports.startAudit = exports.dealWithNoAppId = void 0;
 const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
 const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
 const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
 const languageFactory = require('../../audit/languageAnalysisEngine/languageAnalysisFactory');
-const { v4: uuidv4 } = require('uuid');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
@@ -17,13 +16,16 @@ const dealWithNoAppId = async (config) => {
             return await (0, catalogueApplication_1.catalogueApplication)(config);
         }
         if (!appID && !config.applicationName) {
-            config.applicationName = uuidv4();
-            return await (0, catalogueApplication_1.catalogueApplication)(config);
+            config.applicationName = (0, exports.getAppName)(config.file);
+            appID = await commonApi_1.default.returnAppId(config);
+            if (!appID) {
+                return await (0, catalogueApplication_1.catalogueApplication)(config);
+            }
         }
     }
     catch (e) {
         if (e.toString().includes('tunneling socket could not be established')) {
-            console.log(e.message);
+            console.log(e.message.toString());
             console.log('There seems to be an issue with your proxy, please check and try again');
         }
         process.exit(1);
@@ -35,6 +37,20 @@ const startAudit = async (config) => {
     if (!config.applicationId) {
         config.applicationId = await (0, exports.dealWithNoAppId)(config);
     }
-    identifyLanguageAE(config.projectPath, languageFactory, config.applicationId, config);
+    identifyLanguageAE(config.file, languageFactory, config.applicationId, config);
 };
 exports.startAudit = startAudit;
+const getAppName = (file) => {
+    const last = file.charAt(file.length - 1);
+    if (last !== '/') {
+        return file.split('/').pop();
+    }
+    else {
+        const str = removeLastChar(file);
+        return str.split('/').pop();
+    }
+};
+exports.getAppName = getAppName;
+const removeLastChar = (str) => {
+    return str.substring(0, str.length - 1);
+};

package/dist/commands/audit/help.js

@@ -46,7 +46,30 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
     },
     {
         header: i18n_1.default.__('constantsAuditOptions'),
-        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions
+        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions,
+        hide: [
+            'application-id',
+            'application-name',
+            'organization-id',
+            'api-key',
+            'authorization',
+            'host',
+            'proxy',
+            'help',
+            'ff',
+            'ignore-cert-errors',
+            'verbose',
+            'debug',
+            'experimental',
+            'tags',
+            'sub-project',
+            'code',
+            'maven-settings-path',
+            'language',
+            'experimental',
+            'app-groups',
+            'metadata'
+        ]
     }
 ]);
 exports.auditUsageGuide = auditUsageGuide;

package/dist/commands/audit/processAudit.js

@@ -4,13 +4,19 @@ exports.processAudit = void 0;
 const auditController_1 = require("./auditController");
 const auditConfig_1 = require("./auditConfig");
 const help_1 = require("./help");
+const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
 const processAudit = async (argv) => {
     if (argv.indexOf('--help') != -1) {
         printHelpMessage();
-        process.exit(1);
+        process.exit(0);
     }
     const config = (0, auditConfig_1.getAuditConfig)(argv);
-    const auditResults = await (0, auditController_1.startAudit)(config);
+    if (config.experimental) {
+        await (0, scaAnalysis_1.processSca)(config);
+    }
+    else {
+        await (0, auditController_1.startAudit)(config);
+    }
 };
 exports.processAudit = processAudit;
 const printHelpMessage = () => {

package/dist/commands/audit/saveFile.js

@@ -3,9 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.saveFile = void 0;
 const fs_1 = __importDefault(require("fs"));
-function saveFile(config, rawResults) {
+const saveFile = (config, rawResults) => {
     const fileName = `${config.applicationId}-sbom-cyclonedx.json`;
     fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
-}
-exports.default = saveFile;
+};
+exports.saveFile = saveFile;
+module.exports = {
+    saveFile: exports.saveFile
+};

package/dist/commands/scan/processScan.js

@@ -11,7 +11,7 @@ const processScan = async (argvMain) => {
         await processSca(config);
     }
     let scanResults = new ScanResultsModel(await startScan(config));
-    if (scanResults) {
+    if (scanResults.scanResultsInstances !== undefined) {
         formatScanOutput(scanResults);
     }
     if (config.save !== undefined) {

package/dist/commands/scan/sca/scaAnalysis.js

@@ -1,41 +1,78 @@
 "use strict";
 const autoDetection = require('../../../scan/autoDetection');
-const { javaAnalysis } = require('../../../scaAnalysis/java');
-const { commonSendSnapShot } = require('../../../scaAnalysis/common/treeUpload');
+const javaAnalysis = require('../../../scaAnalysis/java');
+const treeUpload = require('../../../scaAnalysis/common/treeUpload');
 const { manualDetectAuditFilesAndLanguages } = require('../../../scan/autoDetection');
-const { dealWithNoAppId } = require('../../audit/auditController');
-const { supportedLanguages: { JAVA } } = require('../../../audit/languageAnalysisEngine/constants');
+const auditController = require('../../audit/auditController');
+const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP } } = require('../../../audit/languageAnalysisEngine/constants');
+const goAnalysis = require('../../../scaAnalysis/go/goAnalysis');
+const phpAnalysis = require('../../../scaAnalysis/php/index');
+const { rubyAnalysis } = require('../../../scaAnalysis/ruby');
+const { pythonAnalysis } = require('../../../scaAnalysis/python');
+const javascriptAnalysis = require('../../../scaAnalysis/javascript');
+const { pollForSnapshotCompletition } = require('../../../audit/languageAnalysisEngine/sendSnapshot');
+const { returnOra, startSpinner, succeedSpinner } = require('../../../utils/oraWrapper');
+const i18n = require('i18n');
+const { vulnerabilityReportV2 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature');
+const auditSave = require('../../../audit/save');
 const processSca = async (config) => {
     let filesFound;
-    if (config.projectPath) {
-        filesFound = await manualDetectAuditFilesAndLanguages(config.projectPath);
+    if (config.file) {
+        config.file = config.file.concat('/');
+        filesFound = await manualDetectAuditFilesAndLanguages(config.file);
     }
     else {
         filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config);
+        config.file = process.cwd().concat('/');
     }
     let messageToSend = undefined;
     if (filesFound.length === 1) {
         switch (Object.keys(filesFound[0])[0]) {
             case JAVA:
-                messageToSend = await javaAnalysis(config, filesFound[0]);
+                messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0]);
                 config.language = JAVA;
                 break;
+            case JAVASCRIPT:
+                messageToSend = await javascriptAnalysis.jsAnalysis(config, filesFound[0]);
+                config.language = NODE;
+                break;
+            case PYTHON:
+                messageToSend = pythonAnalysis(config, filesFound[0]);
+                config.language = PYTHON;
+                break;
+            case RUBY:
+                messageToSend = rubyAnalysis(config, filesFound[0]);
+                config.language = RUBY;
+                break;
+            case 'PHP':
+                messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0]);
+                config.language = PHP;
+                break;
+            case GO:
+                messageToSend = goAnalysis.goAnalysis(config, filesFound[0]);
+                config.language = GO;
+                break;
             default:
                 console.log('language detected not supported');
                 return;
         }
         if (!config.applicationId) {
-            config.applicationId = await dealWithNoAppId(config);
+            config.applicationId = await auditController.dealWithNoAppId(config);
         }
-        console.log('processing dependencies');
-        const response = await commonSendSnapShot(messageToSend, config);
+        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+        startSpinner(reportSpinner);
+        const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
+        await pollForSnapshotCompletition(config, snapshotResponse.id, reportSpinner);
+        succeedSpinner(reportSpinner, 'Contrast SCA audit complete');
+        await vulnerabilityReportV2(config, snapshotResponse.id);
+        await auditSave.auditSave(config);
     }
     else {
         if (filesFound.length === 0) {
             console.log('no compatible dependency files detected. Continuing...');
         }
         else {
-            console.log('multiple language files detected, please use --project-path to specify a directory or the file where dependencies are declared');
+            console.log('multiple language files detected, please use --file to specify a directory or the file where dependencies are declared');
         }
     }
 };

package/dist/common/HTTPClient.js

@@ -20,7 +20,8 @@ function HTTPClient(config) {
             Authorization: authToken,
             'API-Key': apiKey,
             SuperAuthorization: superAuthToken,
-            'Super-API-Key': superApiKey
+            'Super-API-Key': superApiKey,
+            'User-Agent': 'contrast-cli-v2'
         }
     };
     if (config.proxy) {
@@ -66,10 +67,24 @@ HTTPClient.prototype.getSpecificScanResult = function getSpecificScanResult(conf
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getSpecificScanResultSarif = function getSpecificScanResultSarif(config, scanId) {
+HTTPClient.prototype.getSpecificScanResultSarif =
+    function getSpecificScanResultSarif(config, scanId) {
+        const options = _.cloneDeep(this.requestOptions);
+        options.url = createRawOutputURL(config, scanId);
+        return requestUtils.sendRequest({ method: 'get', options });
+    };
+HTTPClient.prototype.createNewEvent = function createNewEvent(config, scanId, newProject) {
     const options = _.cloneDeep(this.requestOptions);
-    options.url = createRawOutputURL(config, scanId);
-    return requestUtils.sendRequest({ method: 'get', options });
+    options.url = createEventCollectorURL(config, scanId);
+    options.body = {
+        eventSource: process.env.CODESEC_INVOCATION_ENVIRONMENT,
+        trackingProperties: {
+            projectNameSource: config.projectNameSource,
+            waitedForResults: !config.ff,
+            newProject
+        }
+    };
+    return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
     const options = _.cloneDeep(this.requestOptions);
@@ -145,8 +160,6 @@ HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
     return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
-    if (config.language.toUpperCase() === 'RUBY') {
-    }
     const options = _.cloneDeep(this.requestOptions);
     let url = createSnapshotURL(config);
     options.url = url;
@@ -163,12 +176,18 @@ HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
     }
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(config, requestBody) {
+HTTPClient.prototype.getReportStatusById = function getReportStatusById(config, snapshotId) {
     const options = _.cloneDeep(this.requestOptions);
-    options.url = createLibraryVulnerabilitiesUrl(config);
-    options.body = requestBody;
-    return requestUtils.sendRequest({ method: 'put', options });
+    options.url = createSpecificReportStatusURL(config, snapshotId);
+    return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.getLibraryVulnerabilities =
+    function getLibraryVulnerabilities(config, requestBody) {
+        const options = _.cloneDeep(this.requestOptions);
+        options.url = createLibraryVulnerabilitiesUrl(config);
+        options.body = requestBody;
+        return requestUtils.sendRequest({ method: 'put', options });
+    };
 HTTPClient.prototype.getAppId = function getAppId(config) {
     const options = _.cloneDeep(this.requestOptions);
     let url = createAppNameUrl(config);
@@ -210,11 +229,12 @@ HTTPClient.prototype.getScanResources = async function getScanResources(config,
     const options = { ...this.requestOptions, url };
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(config, params, scanId, functionArn) {
-    const url = createScanResultsGetUrl(config, params, scanId, functionArn);
-    const options = { ...this.requestOptions, url };
-    return requestUtils.sendRequest({ method: 'get', options });
-};
+HTTPClient.prototype.getFunctionScanResults =
+    async function getFunctionScanResults(config, params, scanId, functionArn) {
+        const url = createScanResultsGetUrl(config, params, scanId, functionArn);
+        const options = { ...this.requestOptions, url };
+        return requestUtils.sendRequest({ method: 'get', options });
+    };
 HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
     const options = _.cloneDeep(this.requestOptions);
     let url = createDataUrl();
@@ -227,6 +247,21 @@ HTTPClient.prototype.getSbom = function getSbom(config) {
     options.url = createSbomCycloneDXUrl(config);
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url =
+        'https://pkg.contrastsecurity.com/artifactory/cli/latest-version.txt';
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.postAnalyticsFunction = function (config, provider, body) {
+    const url = createAnalyticsFunctionPostUrl(config, provider);
+    const options = { ...this.requestOptions, body, url };
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+const createAnalyticsFunctionPostUrl = (config, provider) => {
+    const url = getServerlessHost(config);
+    return `${url}/organizations/${config.organizationId}/providers/${provider}/analytics`;
+};
 const createGetScanIdURL = config => {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`;
 };
@@ -248,6 +283,9 @@ function createHarmonyProjectsUrl(config) {
 function createScanProjectUrl(config) {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}`;
 }
+const createEventCollectorURL = (config, scanId) => {
+    return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/events`;
+};
 const createGlobalPropertiesUrl = protocol => {
     return `${protocol}/Contrast/api/ng/global/properties`;
 };
@@ -272,6 +310,9 @@ function createSpecificReportUrl(config, reportId) {
 function createSpecificReportWithProdUrl(config, reportId) {
     return createSpecificReportUrl(config, reportId).concat(`?nodesToInclude=PROD`);
 }
+function createSpecificReportStatusURL(config, reportId) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots/${reportId}/status`;
+}
 function createDataUrl() {
     return `https://ardy.contrastsecurity.com/production`;
 }

package/dist/common/errorHandling.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.reportFailureError = exports.vulnerabilitiesFailureError = exports.snapshotFailureError = exports.findCommandOnError = exports.libraryAnalysisError = exports.handleResponseErrors = exports.getErrorMessage = exports.generalError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
+exports.maxAppError = exports.reportFailureError = exports.vulnerabilitiesFailureError = exports.snapshotFailureError = exports.findCommandOnError = exports.libraryAnalysisError = exports.handleResponseErrors = exports.getErrorMessage = exports.generalError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
 const i18n_1 = __importDefault(require("i18n"));
 const handleResponseErrors = (res, api) => {
     if (res.statusCode === 400) {
@@ -72,6 +72,11 @@ const proxyError = () => {
     generalError('proxyErrorHeader', 'proxyErrorMessage');
 };
 exports.proxyError = proxyError;
+const maxAppError = () => {
+    generalError('No applications remaining', 'You have reached the maximum number of application you can create.');
+    process.exit(1);
+};
+exports.maxAppError = maxAppError;
 const failOptionError = () => {
     console.log('\n ******************************** ' +
         i18n_1.default.__('snapshotFailureHeader') +