@contrast/contrast 1.0.5 → 1.0.8

package/dist/common/versionChecker.js

@@ -4,14 +4,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isCorrectNodeVersion = exports.findLatestCLIVersion = void 0;
-const latest_version_1 = __importDefault(require("latest-version"));
 const constants_1 = require("../constants/constants");
 const boxen_1 = __importDefault(require("boxen"));
 const chalk_1 = __importDefault(require("chalk"));
 const semver_1 = __importDefault(require("semver"));
-async function findLatestCLIVersion(updateMessageHidden) {
-    if (!updateMessageHidden) {
-        const latestCLIVersion = await (0, latest_version_1.default)('@contrast/contrast');
+const commonApi_1 = __importDefault(require("../utils/commonApi"));
+const http2_1 = require("http2");
+const getLatestVersion = async (config) => {
+    const client = commonApi_1.default.getHttpClient(config);
+    try {
+        const res = await client.getLatestVersion();
+        if (res.statusCode === http2_1.constants.HTTP_STATUS_OK) {
+            return res.body;
+        }
+    }
+    catch (e) {
+        return;
+    }
+};
+async function findLatestCLIVersion(config) {
+    const messageHidden = config.get('updateMessageHidden');
+    if (!messageHidden) {
+        let latestCLIVersion = await getLatestVersion(config);
+        latestCLIVersion = latestCLIVersion.substring(8);
         if (semver_1.default.lt(constants_1.APP_VERSION, latestCLIVersion)) {
             const updateAvailableMessage = `Update available ${chalk_1.default.yellow(constants_1.APP_VERSION)} → ${chalk_1.default.green(latestCLIVersion)}`;
             const npmUpdateAvailableCommand = `Run ${chalk_1.default.cyan('npm i @contrast/contrast -g')} to update via npm`;
@@ -27,6 +42,6 @@ async function findLatestCLIVersion(updateMessageHidden) {
 }
 exports.findLatestCLIVersion = findLatestCLIVersion;
 async function isCorrectNodeVersion(currentVersion) {
-    return semver_1.default.satisfies(currentVersion, '>=16.13.2 <17');
+    return semver_1.default.satisfies(currentVersion, '>=16');
 }
 exports.isCorrectNodeVersion = isCorrectNodeVersion;

package/dist/constants/constants.js

@@ -12,13 +12,18 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.5';
+const APP_VERSION = '1.0.8';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
 const MEDIUM_COLOUR = '#f1c232';
-const LOW_COLOUR = '#ff9900';
+const LOW_COLOUR = '#b7b7b7';
 const NOTE_COLOUR = '#999999';
+const CRITICAL_PRIORITY = 1;
+const HIGH_PRIORITY = 2;
+const MEDIUM_PRIORITY = 3;
+const LOW_PRIORITY = 4;
+const NOTE_PRIORITY = 5;
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com';
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';
 const SARIF_FILE = 'SARIF';
@@ -40,5 +45,10 @@ module.exports = {
     MEDIUM_COLOUR,
     LOW_COLOUR,
     NOTE_COLOUR,
-    CE_URL
+    CE_URL,
+    CRITICAL_PRIORITY,
+    HIGH_PRIORITY,
+    MEDIUM_PRIORITY,
+    LOW_PRIORITY,
+    NOTE_PRIORITY
 };

package/dist/constants/locales.js

@@ -12,7 +12,7 @@ const en_locales = () => {
         vulnerabilitiesFailureMessage: 'Unable to retrieve library vulnerabilities',
         catchErrorMessage: 'Contrast UI error: ',
         dependenciesNote: 'Please Note: We currently only support projects with one .csproj AND *.package.lock.json',
-        languageAnalysisFailureMessage: 'SCA Analysis Failure',
+        languageAnalysisFailureMessage: 'SCA audit Failure',
         languageAnalysisFactoryFailureHeader: 'FAIL',
         libraryAnalysisError: 'Please ensure the language parameter is set in accordance to the language specified on the project path.\nContrast CLI must be run in the same directory as the project manifest file OR the project_path parameter must be used to identify the directory containing the project manifest file.\n\nFor further information please read our usage guide, which can be accessed with the following command:\n\ncontrast-cli --help',
         yamlMissingParametersHeader: 'Missing Parameters',
@@ -78,7 +78,7 @@ const en_locales = () => {
         constantsApplicationName: 'The name of the application cataloged by Contrast UI',
         constantsCatalogueApplication: 'Provide this if you want to catalogue an application',
         constantsLanguage: 'Valid values are JAVA, DOTNET, NODE, PYTHON and RUBY. If there are multiple project configuration files in the project_path, language is also required.  Also, provide this when cataloguing an application',
-        constantsProjectPath: 'The directory root of a project/application that you would like analyzed. Defaults to current directory.',
+        constantsFilePath: 'The directory root of a project/application that you would like analyzed. Defaults to current directory.',
         constantsSilent: 'Silences JSON output.',
         constantsAppGroups: 'Assign your application to one or more pre-existing groups when using the catalogue command. Group lists should be comma separated.',
         constantsVersion: 'Displays CLI Version you are currently on.',
@@ -90,13 +90,13 @@ const en_locales = () => {
         constantsProjectName: 'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
         constantsProjectId: 'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
         constantsReport: 'Display vulnerability information for this application',
-        constantsFail: 'Set the process to fail if this option is set in combination with the --report and --cve_severity.',
-        failOptionErrorMessage: " FAIL - CVE's have been detected that match at least the cve_severity or cve_threshold option specified.",
-        constantsSeverity: 'Combined with the --report command, allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
-        constantsCount: "The number of CVE's that must be exceeded to fail a build",
+        constantsFail: 'Set the process to fail if this option is set in combination with --cve_severity.',
+        failOptionErrorMessage: ' FAIL - CVEs have been detected that match at least the cve_severity or cve_threshold option specified.',
+        constantsSeverity: 'Allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
+        constantsCount: 'The number of CVEs that must be exceeded to fail a build',
         constantsHeader: 'CodeSec by Contrast Security',
         constantsPrerequisitesContentScanLanguages: 'Java & JavaScript supported',
-        constantsContrastContent: 'Use the Contrast CLI to run a scan (Java, JavaScript and .NET ) or lambda command (Java and Python) to find your vulnerabilities and start securing your code.',
+        constantsContrastContent: "Use the 'contrast' command for fast and accurate security analysis of your applications and APIs (Java, JavaScript and .NET ) as well as serverless functions (AWS lambda, Java and Python).",
         constantsUsageGuideContentRecommendation: 'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
         constantsPrerequisitesHeader: 'Pre-requisites',
         constantsAuthUsageHeader: 'Usage',
@@ -162,7 +162,7 @@ const en_locales = () => {
         constantsIgnoreCertErrors: 'For EOP users with a local Teamserver install, this will bypass the SSL certificate and recognise a self signed certificate.',
         constantsSave: 'Saves the Scan Results SARIF to file.',
         scanLabel: "adds a label to the scan - defaults to 'Started by CLI tool at current date'",
-        constantsIgnoreDev: 'Combined with the --report command excludes developer dependencies from the vulnerabilities report. By default all dependencies are included in a report.',
+        constantsIgnoreDev: 'Excludes developer dependencies from the output. By default all dependencies are included.',
         constantsCommands: 'Commands',
         constantsScanOptions: 'Scan Options',
         sbomError: 'All required parameters are not present.',
@@ -247,6 +247,7 @@ const en_locales = () => {
         redirectAuth: '\nOpening the authentication page in your web browser.\nSign in and complete the steps.\nReturn here to start using Contrast.\n\nIf your browser has trouble loading, try this:\n%s \n',
         scanZipError: 'A .zip archive can be used for Javascript Scan. Archive found %s does not contain .JS files for Scan.',
         fileNotExist: 'File specified does not exist, please check and try again.',
+        scanFileIsEmpty: 'File specified is empty. Please choose another.',
         fileHasWhiteSpacesError: 'File cannot have spaces, please rename or choose another file to Scan.',
         zipFileException: 'Error reading zip file',
         connectionError: 'An error has occurred when trying to get the Project Id please check your internet connection or provide the Project Id manually',
@@ -276,11 +277,12 @@ const en_locales = () => {
         auditOptionsIgnoreDevDependencies: '-igd, --ignore-dev',
         auditOptionsIgnoreDevDependenciesDescription: 'ignores DevDependencies',
         auditOptionsSave: '-s, --save',
-        auditOptionsSaveDescription: 'saves the output in specified format Txt text, sbom',
+        auditOptionsSaveDescription: 'saves the output in specified format, options: sbom',
         scanNotCompleted: 'Scan not completed. Check for framework and language support here: %s',
-        scanNoVulnerabilitiesFound: '👏 No vulnerabilities found',
+        auditNotCompleted: 'audit not completed.  Please try again',
+        scanNoVulnerabilitiesFound: '🎉 No vulnerabilities found.',
         scanNoVulnerabilitiesFoundSecureCode: '👍 Your code looks secure.',
-        scanNoVulnerabilitiesFoundGoodWork: '👏 Keep up the good work.',
+        scanNoVulnerabilitiesFoundGoodWork: '   Keep up the good work.',
         scanNoFiletypeSpecifiedForSave: 'Please specify file type to save results to, accepted value is SARIF',
         auditSBOMSaveSuccess: '\n Software Bill of Materials (SBOM) saved successfully',
         auditNoFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold('No file type specified for --save option to save audit results to. Use audit --help to see valid --save options.')}`,
@@ -289,7 +291,8 @@ const en_locales = () => {
         auditReportFail: 'Report Retrieval Failed, please try again',
         auditReportSuccessMessage: 'Report successfully retrieved',
         auditReportFailureMessage: 'Unable to generate library report',
-        auditSCAAnalysisBegins: 'Contrast SCA analysis begins',
+        auditSCAAnalysisBegins: 'Contrast SCA audit started',
+        auditSCAAnalysisComplete: 'Contrast SCA audit complete',
         ...lambda
     };
 };

package/dist/constants.js

@@ -43,7 +43,6 @@ const scanOptionDefinitions = [
     },
     {
         name: 'project-path',
-        alias: 'i',
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
@@ -188,12 +187,13 @@ const auditOptionDefinitions = [
             i18n.__('constantsApplicationName')
     },
     {
-        name: 'project-path',
-        defaultValue: process.env.PWD,
+        name: 'file',
+        alias: 'f',
+        defaultValue: process.cwd(),
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('constantsProjectPath')
+            i18n.__('constantsFilePath')
     },
     {
         name: 'app-groups',
@@ -295,6 +295,11 @@ const auditOptionDefinitions = [
             i18n.__('constantsOptional') +
             '}: ' +
             i18n.__('auditOptionsSaveDescription')
+    },
+    {
+        name: 'experimental',
+        alias: 'e',
+        type: Boolean
     }
 ];
 const mainUsageGuide = commandLineUsage([

package/dist/index.js

@@ -1,3 +1,4 @@
+#!/usr/bin/env node
 "use strict";
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
@@ -36,12 +37,12 @@ const start = async () => {
             argvMain.includes('--v') ||
             argvMain.includes('--version')) {
             console.log(constants_2.APP_VERSION);
-            await (0, versionChecker_1.findLatestCLIVersion)(config.get('updateMessageHidden'));
+            await (0, versionChecker_1.findLatestCLIVersion)(config);
             return;
         }
         config.set('numOfRuns', config.get('numOfRuns') + 1);
-        if (config.get('numOfRuns') >= 5) {
-            await (0, versionChecker_1.findLatestCLIVersion)(config.get('updateMessageHidden'));
+        if (config.get('numOfRuns') >= 1) {
+            await (0, versionChecker_1.findLatestCLIVersion)(config);
             config.set('numOfRuns', 0);
         }
         if (command === 'config') {

package/dist/lambda/analytics.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.postAnalytics = void 0;
+const commonApi_1 = require("../utils/commonApi");
+const paramHandler_1 = require("../utils/paramsUtil/paramHandler");
+const postAnalytics = (data, provider = 'aws') => {
+    const config = (0, paramHandler_1.getAuth)();
+    const client = (0, commonApi_1.getHttpClient)(config);
+    return client.postAnalyticsFunction(config, provider, data);
+};
+exports.postAnalytics = postAnalytics;

package/dist/lambda/lambda.js

@@ -20,6 +20,8 @@ const utils_1 = require("./utils");
 const lambdaUtils_1 = require("./lambdaUtils");
 const requestUtils_1 = require("../utils/requestUtils");
 const oraWrapper_1 = __importDefault(require("../utils/oraWrapper"));
+const analytics_1 = require("./analytics");
+const types_1 = require("./types");
 const failedStates = [
     'UNSUPPORTED',
     'EXCLUDED',
@@ -57,9 +59,19 @@ const getLambdaOptions = (argv) => {
     }
 };
 const processLambda = async (argv) => {
+    let errorMsg;
+    let scanInfo;
+    const commandSessionId = Date.now().toString(36);
     try {
         const lambdaOptions = getLambdaOptions(argv);
         const { help } = lambdaOptions;
+        const startCommandAnalytics = {
+            arguments: lambdaOptions,
+            sessionId: commandSessionId,
+            eventType: types_1.EventType.START
+        };
+        (0, analytics_1.postAnalytics)(startCommandAnalytics).catch((error) => {
+        });
         if (help) {
             return handleLambdaHelp();
         }
@@ -68,17 +80,35 @@ const processLambda = async (argv) => {
             await getAvailableFunctions(lambdaOptions);
         }
         else {
-            await actualProcessLambda(lambdaOptions);
+            scanInfo = await actualProcessLambda(lambdaOptions);
         }
     }
     catch (error) {
         if (error instanceof cliError_1.CliError) {
-            console.error(error.getErrorMessage());
+            errorMsg = error.getErrorMessage();
         }
         else if (error instanceof Error) {
-            console.error(error.message);
+            errorMsg = error.message;
+        }
+    }
+    finally {
+        const endCommandAnalytics = {
+            sessionId: commandSessionId,
+            eventType: types_1.EventType.END,
+            status: errorMsg ? types_1.StatusType.FAILED : types_1.StatusType.SUCCESS
+        };
+        if (errorMsg) {
+            endCommandAnalytics.errorMsg = errorMsg;
+            console.error(errorMsg);
+        }
+        if (scanInfo) {
+            endCommandAnalytics.scanFunctionData = scanInfo;
+        }
+        await (0, analytics_1.postAnalytics)(endCommandAnalytics).catch((error) => {
+        });
+        if (errorMsg) {
+            process.exit(1);
         }
-        process.exit(1);
     }
 };
 exports.processLambda = processLambda;
@@ -127,6 +157,7 @@ const actualProcessLambda = async (lambdaOptions) => {
     if (results?.length) {
         (0, utils_1.printResults)(results);
     }
+    return { functionArn, scanId };
 };
 const validateRequiredLambdaParams = (options) => {
     if (options._unknown?.length) {

package/dist/lambda/types.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EventType = exports.StatusType = void 0;
+var StatusType;
+(function (StatusType) {
+    StatusType["FAILED"] = "failed";
+    StatusType["SUCCESS"] = "success";
+})(StatusType = exports.StatusType || (exports.StatusType = {}));
+var EventType;
+(function (EventType) {
+    EventType["START"] = "start_command_session";
+    EventType["END"] = "end_command_session";
+})(EventType = exports.EventType || (exports.EventType = {}));

package/dist/sbom/generateSbom.js

@@ -1,7 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateSbom = void 0;
 const commonApi_1 = require("../utils/commonApi");
-function generateSbom(config) {
+const generateSbom = (config) => {
     const client = (0, commonApi_1.getHttpClient)(config);
     return client
         .getSbom(config)
@@ -16,5 +17,5 @@ function generateSbom(config) {
         .catch((err) => {
         console.log(err);
     });
-}
-exports.default = generateSbom;
+};
+exports.generateSbom = generateSbom;

package/dist/scaAnalysis/common/formatMessage.js

@@ -6,6 +6,51 @@ const createJavaTSMessage = javaTree => {
         }
     };
 };
+const createJavaScriptTSMessage = js => {
+    let message = {
+        node: {
+            packageJSON: js.packageJSON
+        }
+    };
+    if (js.yarn !== undefined) {
+        message.node.yarnLockFile = js.yarn.yarnLockFile;
+        message.node.yarnVersion = js.yarn.yarnVersion;
+    }
+    else {
+        message.node.npmLockFile = js.npmLockFile;
+    }
+    return message;
+};
+const createGoTSMessage = goTree => {
+    return {
+        go: {
+            goDependencyTrees: goTree
+        }
+    };
+};
+const createRubyTSMessage = rubyTree => {
+    return {
+        ruby: rubyTree
+    };
+};
+const createPythonTSMessage = pythonTree => {
+    return {
+        python: pythonTree
+    };
+};
+const createPhpTSMessage = phpTree => {
+    return {
+        php: {
+            composerJSON: phpTree.composerJSON,
+            lockFile: phpTree.lockFile
+        }
+    };
+};
 module.exports = {
-    createJavaTSMessage
+    createJavaScriptTSMessage,
+    createJavaTSMessage,
+    createGoTSMessage,
+    createPhpTSMessage,
+    createRubyTSMessage,
+    createPythonTSMessage
 };

package/dist/scaAnalysis/common/treeUpload.js

@@ -1,6 +1,5 @@
 "use strict";
 const { getHttpClient } = require('../../utils/commonApi');
-const { handleResponseErrors } = require('../../common/errorHandling');
 const { APP_VERSION } = require('../../constants/constants');
 const commonSendSnapShot = async (analysis, config) => {
     const requestBody = {
@@ -13,12 +12,11 @@ const commonSendSnapShot = async (analysis, config) => {
         .sendSnapshot(requestBody, config)
         .then(res => {
         if (res.statusCode === 201) {
-            console.log('snapshot processed successfully');
             return res.body;
         }
         else {
             console.log(res.statusCode);
-            handleResponseErrors(res, 'snapshot');
+            console.log('error processing dependencies');
         }
     })
         .catch(err => {

package/dist/scaAnalysis/go/goAnalysis.js

@@ -0,0 +1,17 @@
+"use strict";
+const { createGoTSMessage } = require('../common/formatMessage');
+const goReadDepFile = require('./goReadDepFile');
+const goParseDeps = require('./goParseDeps');
+const goAnalysis = (config, languageFiles) => {
+    try {
+        const rawGoDependencies = goReadDepFile.getGoDependencies(config);
+        const parsedGoDependencies = goParseDeps.parseGoDependencies(rawGoDependencies);
+        return createGoTSMessage(parsedGoDependencies);
+    }
+    catch (e) {
+        console.log(e.message.toString());
+    }
+};
+module.exports = {
+    goAnalysis
+};

package/dist/scaAnalysis/go/goParseDeps.js

@@ -0,0 +1,158 @@
+"use strict";
+const crypto = require('crypto');
+const parseGoDependencies = goDeps => {
+    return parseGo(goDeps);
+};
+const parseGo = modGraphOutput => {
+    let splitLines = splitAllLinesIntoArray(modGraphOutput);
+    const directDepNames = getDirectDepNames(splitLines);
+    const uniqueTransitiveDepNames = getAllUniqueTransitiveDepNames(splitLines, directDepNames);
+    let rootNodes = createRootNodes(splitLines);
+    createTransitiveDeps(uniqueTransitiveDepNames, splitLines, rootNodes);
+    return rootNodes;
+};
+const splitAllLinesIntoArray = modGraphOutput => {
+    return modGraphOutput.split(/\r\n|\r|\n/);
+};
+const getAllDepsOfADepAsEdge = (dep, deps) => {
+    let edges = {};
+    const depRows = deps.filter(line => {
+        return line.startsWith(dep);
+    });
+    depRows.forEach(dep => {
+        const edgeName = dep.split(' ')[1];
+        edges[edgeName] = edgeName;
+    });
+    return edges;
+};
+const getAllDepsOfADepAsName = (dep, deps) => {
+    let edges = [];
+    const depRows = deps.filter(line => {
+        return line.startsWith(dep);
+    });
+    depRows.forEach(dep => {
+        const edgeName = dep.split(' ')[1];
+        edges.push(edgeName);
+    });
+    return edges;
+};
+const createRootNodes = deps => {
+    let rootDep = {};
+    const rootDeps = getRootDeps(deps);
+    const edges = rootDeps.map(dep => {
+        return dep.split(' ')[1];
+    });
+    rootDep[rootDeps[0].split(' ')[0]] = {};
+    edges.forEach(edge => {
+        const splitEdge = edge.split('@');
+        const splitGroupName = splitEdge[0].split('/');
+        const name = splitGroupName.pop();
+        const lastSlash = splitEdge[0].lastIndexOf('/');
+        let group = splitEdge[0].substring(0, lastSlash);
+        const hash = getHash(splitEdge[0]);
+        group = checkGroupExists(group, name);
+        const edgesOfDep = getAllDepsOfADepAsEdge(edge, deps);
+        rootDep[rootDeps[0].split(' ')[0]][edge] = {
+            artifactID: name,
+            group: group,
+            version: splitEdge[1],
+            scope: '"compile',
+            type: 'direct',
+            hash: hash,
+            edges: edgesOfDep
+        };
+    });
+    return rootDep;
+};
+const getRootDeps = deps => {
+    const rootDeps = deps.filter(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length === 1) {
+            return dep;
+        }
+    });
+    return rootDeps;
+};
+const getHash = library => {
+    let shaSum = crypto.createHash('sha1');
+    shaSum.update(library);
+    return shaSum.digest('hex');
+};
+const getDirectDepNames = deps => {
+    const directDepNames = [];
+    deps.forEach(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length === 1) {
+            dep.split(' ')[1] !== undefined
+                ? directDepNames.push(dep.split(' ')[1])
+                : null;
+        }
+    });
+    return directDepNames;
+};
+const getAllUniqueTransitiveDepNames = (deps, directDepNames) => {
+    let uniqueDeps = [];
+    deps.forEach(dep => {
+        const parentDep = dep.split(' ')[0];
+        if (parentDep.split('@v').length !== 1) {
+            if (!directDepNames.includes(parentDep)) {
+                if (!uniqueDeps.includes(parentDep)) {
+                    parentDep.length > 1 ? uniqueDeps.push(parentDep) : null;
+                }
+            }
+        }
+    });
+    return uniqueDeps;
+};
+const checkGroupExists = (group, name) => {
+    if (group === null || group === '') {
+        return name;
+    }
+    return group;
+};
+const createTransitiveDeps = (transitiveDeps, splitLines, rootNodes) => {
+    transitiveDeps.forEach(dep => {
+        const splitEdge = dep.split('@');
+        const splitGroupName = splitEdge[0].split('/');
+        const name = splitGroupName.pop();
+        const lastSlash = splitEdge[0].lastIndexOf('/');
+        let group = splitEdge[0].substring(0, lastSlash);
+        const hash = getHash(splitEdge[0]);
+        group = checkGroupExists(group, name);
+        const transitiveDep = {
+            artifactID: name,
+            group: group,
+            version: splitEdge[1],
+            scope: 'compile',
+            type: 'transitive',
+            hash: hash,
+            edges: {}
+        };
+        const edges = getAllDepsOfADepAsEdge(dep, splitLines);
+        transitiveDep.edges = edges;
+        const edgesAsName = getAllDepsOfADepAsName(dep, splitLines);
+        edgesAsName.forEach(dep => {
+            const splitEdge = dep.split('@');
+            const splitGroupName = splitEdge[0].split('/');
+            const name = splitGroupName.pop();
+            const lastSlash = splitEdge[0].lastIndexOf('/');
+            let group = splitEdge[0].substring(0, lastSlash);
+            const hash = getHash(splitEdge[0]);
+            group = checkGroupExists(group, name);
+            const transitiveDep = {
+                artifactID: name,
+                group: group,
+                version: splitEdge[1],
+                scope: 'compile',
+                type: 'transitive',
+                hash: hash,
+                edges: {}
+            };
+            rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep;
+        });
+        rootNodes[Object.keys(rootNodes)[0]][dep] = transitiveDep;
+    });
+};
+module.exports = {
+    parseGoDependencies
+};

package/dist/scaAnalysis/go/goReadDepFile.js

@@ -0,0 +1,21 @@
+"use strict";
+const child_process = require('child_process');
+const i18n = require('i18n');
+const getGoDependencies = config => {
+    let cmdStdout;
+    let cwd = config.file ? config.file.replace('go.mod', '') : process.cwd();
+    try {
+        cmdStdout = child_process.execSync('go mod graph', { cwd });
+        return cmdStdout.toString();
+    }
+    catch (err) {
+        if (err.message === 'spawnSync /bin/sh ENOENT') {
+            err.message =
+                '\n\n*************** No transitive dependencies ***************\n\nWe are unable to build a dependency tree view from your repository as there were no transitive dependencies found.';
+        }
+        console.log(i18n.__('goReadProjectFile', cwd, `${err.message ? err.message : ''}`));
+    }
+};
+module.exports = {
+    getGoDependencies
+};