@contrast/contrast 1.0.6 → 1.0.9

package/dist/audit/languageAnalysisEngine/sendSnapshot.js

@@ -1,29 +1,67 @@
 "use strict";
-const { getHttpClient } = require('../../utils/commonApi');
-const { handleResponseErrors } = require('../../common/errorHandling');
-const { APP_VERSION } = require('../../constants/constants');
-const newSendSnapShot = async (analysis) => {
-    const analysisLanguage = analysis.config.language.toLowerCase();
-    const requestBody = {
-        appID: analysis.config.applicationId,
-        cliVersion: APP_VERSION,
-        snapshot: { [analysisLanguage]: analysis[analysisLanguage] }
-    };
-    const client = getHttpClient(analysis.config);
+const commonApi = require('../../utils/commonApi');
+const _ = require('lodash');
+const oraFunctions = require('../../utils/oraWrapper');
+const i18n = require('i18n');
+const oraWrapper = require('../../utils/oraWrapper');
+const requestUtils = require('../../utils/requestUtils');
+const { performance } = require('perf_hooks');
+const pollSnapshotResults = async (config, snapshotId, client) => {
+    await requestUtils.sleep(5000);
     return client
-        .sendSnapshot(requestBody, analysis.config)
+        .getReportStatusById(config, snapshotId)
         .then(res => {
-        if (res.statusCode === 201) {
-            return res.body;
-        }
-        else {
-            handleResponseErrors(res, 'snapshot');
-        }
+        return res;
     })
         .catch(err => {
         console.log(err);
     });
 };
+const getTimeout = config => {
+    if (config.timeout) {
+        return config.timeout;
+    }
+    else {
+        if (config.verbose) {
+            console.log('Timeout set to 5 minutes');
+        }
+        return 300;
+    }
+};
+const pollForSnapshotCompletition = async (config, snapshotId, reportSpinner) => {
+    const client = commonApi.getHttpClient(config);
+    const startTime = performance.now();
+    const timeout = getTimeout(config);
+    let complete = false;
+    if (!_.isNil(snapshotId)) {
+        while (!complete) {
+            let result = await pollSnapshotResults(config, snapshotId, client);
+            if (result.statusCode === 200) {
+                if (result.body.status === 'PROCESSED') {
+                    complete = true;
+                    return result.body;
+                }
+                if (result.body.status === 'FAILED') {
+                    complete = true;
+                    if (config.debug) {
+                        oraFunctions.failSpinner(reportSpinner, i18n.__('auditNotCompleted'));
+                    }
+                    console.log(result.body.errorMessage);
+                    oraWrapper.stopSpinner(reportSpinner);
+                    console.log('Contrast audit finished');
+                    process.exit(1);
+                }
+            }
+            const endTime = performance.now() - startTime;
+            if (requestUtils.millisToSeconds(endTime) > timeout) {
+                oraFunctions.failSpinner(reportSpinner, 'Contrast audit timed out at the specified timeout of ' +
+                    timeout +
+                    ' seconds.');
+                throw new Error('You can update the timeout using --timeout');
+            }
+        }
+    }
+};
 module.exports = {
-    newSendSnapShot: newSendSnapShot
+    pollForSnapshotCompletition: pollForSnapshotCompletition
 };

package/dist/audit/save.js

@@ -0,0 +1,37 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+const chalk = require('chalk');
+const save = require('../commands/audit/saveFile');
+const sbom = require('../sbom/generateSbom');
+const { SBOM_CYCLONE_DX_FILE, SBOM_SPDX_FILE } = require('../constants/constants');
+async function auditSave(config) {
+    let fileFormat;
+    switch (config.save) {
+        case null:
+        case SBOM_CYCLONE_DX_FILE:
+            fileFormat = SBOM_CYCLONE_DX_FILE;
+            break;
+        case SBOM_SPDX_FILE:
+            fileFormat = SBOM_SPDX_FILE;
+            break;
+        default:
+            break;
+    }
+    if (fileFormat) {
+        save.saveFile(config, fileFormat, await sbom.generateSbom(config, fileFormat));
+        const filename = `${config.applicationId}-sbom-${fileFormat}.json`;
+        if (fs.existsSync(filename)) {
+            console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);
+        }
+        else {
+            console.log(chalk.yellow.bold(`\n Unable to save ${filename} Software Bill of Materials (SBOM)`));
+        }
+    }
+    else {
+        console.log(i18n.__('auditBadFiletypeSpecifiedForSave'));
+    }
+}
+module.exports = {
+    auditSave
+};

package/dist/commands/audit/auditConfig.js

@@ -7,25 +7,9 @@ exports.getAuditConfig = void 0;
 const paramHandler_1 = __importDefault(require("../../utils/paramsUtil/paramHandler"));
 const constants_1 = __importDefault(require("../../constants"));
 const parsedCLIOptions_1 = __importDefault(require("../../utils/parsedCLIOptions"));
-const constants_2 = __importDefault(require("../../audit/languageAnalysisEngine/constants"));
-const autoDetectLanguage_1 = require("../../audit/autodetection/autoDetectLanguage");
-const { supportedLanguages: { NODE, JAVASCRIPT } } = constants_2.default;
 const getAuditConfig = (argv) => {
     const auditParameters = parsedCLIOptions_1.default.getCommandLineArgsCustom(argv, constants_1.default.commandLineDefinitions.auditOptionDefinitions);
     const paramsAuth = paramHandler_1.default.getAuth(auditParameters);
-    if (auditParameters.language === undefined ||
-        auditParameters.language === null) {
-        try {
-            auditParameters.language = (0, autoDetectLanguage_1.determineProjectLanguage)((0, autoDetectLanguage_1.identifyLanguages)(auditParameters));
-        }
-        catch (err) {
-            console.log(err.message);
-            process.exit(1);
-        }
-    }
-    else if (auditParameters.language.toUpperCase() === JAVASCRIPT) {
-        auditParameters.language = NODE.toLowerCase();
-    }
     return { ...paramsAuth, ...auditParameters };
 };
 exports.getAuditConfig = getAuditConfig;

package/dist/commands/audit/auditController.js

@@ -3,12 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.startAudit = exports.dealWithNoAppId = void 0;
+exports.getAppName = exports.dealWithNoAppId = void 0;
 const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
 const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
-const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
-const languageFactory = require('../../audit/languageAnalysisEngine/languageAnalysisFactory');
-const { v4: uuidv4 } = require('uuid');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
@@ -17,8 +14,11 @@ const dealWithNoAppId = async (config) => {
             return await (0, catalogueApplication_1.catalogueApplication)(config);
         }
         if (!appID && !config.applicationName) {
-            config.applicationName = uuidv4();
-            return await (0, catalogueApplication_1.catalogueApplication)(config);
+            config.applicationName = (0, exports.getAppName)(config.file);
+            appID = await commonApi_1.default.returnAppId(config);
+            if (!appID) {
+                return await (0, catalogueApplication_1.catalogueApplication)(config);
+            }
         }
     }
     catch (e) {
@@ -31,10 +31,17 @@ const dealWithNoAppId = async (config) => {
     return appID;
 };
 exports.dealWithNoAppId = dealWithNoAppId;
-const startAudit = async (config) => {
-    if (!config.applicationId) {
-        config.applicationId = await (0, exports.dealWithNoAppId)(config);
+const getAppName = (file) => {
+    const last = file.charAt(file.length - 1);
+    if (last !== '/') {
+        return file.split('/').pop();
+    }
+    else {
+        const str = removeLastChar(file);
+        return str.split('/').pop();
     }
-    identifyLanguageAE(config.projectPath, languageFactory, config.applicationId, config);
 };
-exports.startAudit = startAudit;
+exports.getAppName = getAppName;
+const removeLastChar = (str) => {
+    return str.substring(0, str.length - 1);
+};

package/dist/commands/audit/help.js

@@ -18,35 +18,41 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
             '{bold ' +
                 i18n_1.default.__('constantsAuditPrerequisitesContentSupportedLanguages') +
                 '}',
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentJava') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentMessage'),
-            '',
-            '{italic ' + i18n_1.default.__('constantsJavaNote') + '}',
-            '{italic ' + i18n_1.default.__('constantsJavaNoteGradle') + '}',
-            '',
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentDotNet') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNode') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageNodeMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRuby') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguageRubyMessage'),
-            '{bold ' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePython') +
-                '}' +
-                i18n_1.default.__('constantsAuditPrerequisitesContentLanguagePythonMessage')
+            i18n_1.default.__('constantsAuditPrerequisitesJavaContentMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentDotNetMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentNodeMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentRubyMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentPythonMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentGoMessage'),
+            i18n_1.default.__('constantsAuditPrerequisitesContentPHPMessage')
         ]
     },
     {
         header: i18n_1.default.__('constantsAuditOptions'),
-        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions
+        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions,
+        hide: [
+            'application-id',
+            'application-name',
+            'organization-id',
+            'api-key',
+            'authorization',
+            'host',
+            'proxy',
+            'help',
+            'ff',
+            'ignore-cert-errors',
+            'verbose',
+            'debug',
+            'experimental',
+            'tags',
+            'sub-project',
+            'code',
+            'maven-settings-path',
+            'language',
+            'experimental',
+            'app-groups',
+            'metadata'
+        ]
     }
 ]);
 exports.auditUsageGuide = auditUsageGuide;

package/dist/commands/audit/processAudit.js

@@ -1,16 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.processAudit = void 0;
-const auditController_1 = require("./auditController");
 const auditConfig_1 = require("./auditConfig");
 const help_1 = require("./help");
+const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
 const processAudit = async (argv) => {
     if (argv.indexOf('--help') != -1) {
         printHelpMessage();
-        process.exit(1);
+        process.exit(0);
     }
     const config = (0, auditConfig_1.getAuditConfig)(argv);
-    const auditResults = await (0, auditController_1.startAudit)(config);
+    await (0, scaAnalysis_1.processSca)(config);
 };
 exports.processAudit = processAudit;
 const printHelpMessage = () => {

package/dist/commands/audit/saveFile.js

@@ -3,9 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.saveFile = void 0;
 const fs_1 = __importDefault(require("fs"));
-function saveFile(config, rawResults) {
-    const fileName = `${config.applicationId}-sbom-cyclonedx.json`;
+const saveFile = (config, type, rawResults) => {
+    const fileName = `${config.applicationId}-sbom-${type}.json`;
     fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
-}
-exports.default = saveFile;
+};
+exports.saveFile = saveFile;
+module.exports = {
+    saveFile: exports.saveFile
+};

package/dist/commands/scan/sca/scaAnalysis.js

@@ -2,17 +2,29 @@
 const autoDetection = require('../../../scan/autoDetection');
 const javaAnalysis = require('../../../scaAnalysis/java');
 const treeUpload = require('../../../scaAnalysis/common/treeUpload');
-const { manualDetectAuditFilesAndLanguages } = require('../../../scan/autoDetection');
 const auditController = require('../../audit/auditController');
-const { supportedLanguages: { JAVA, GO } } = require('../../../audit/languageAnalysisEngine/constants');
+const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../../../constants/constants');
 const goAnalysis = require('../../../scaAnalysis/go/goAnalysis');
+const phpAnalysis = require('../../../scaAnalysis/php/index');
+const { rubyAnalysis } = require('../../../scaAnalysis/ruby');
+const { pythonAnalysis } = require('../../../scaAnalysis/python');
+const javascriptAnalysis = require('../../../scaAnalysis/javascript');
+const { pollForSnapshotCompletition } = require('../../../audit/languageAnalysisEngine/sendSnapshot');
+const { returnOra, startSpinner, succeedSpinner } = require('../../../utils/oraWrapper');
+const i18n = require('i18n');
+const { vulnerabilityReportV2 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature');
+const auditSave = require('../../../audit/save');
+const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
 const processSca = async (config) => {
+    const startTime = performance.now();
     let filesFound;
-    if (config.projectPath) {
-        filesFound = await manualDetectAuditFilesAndLanguages(config.projectPath);
+    if (config.file) {
+        config.file = config.file.concat('/');
+        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
     }
     else {
-        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config);
+        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(undefined);
+        config.file = process.cwd().concat('/');
     }
     let messageToSend = undefined;
     if (filesFound.length === 1) {
@@ -21,26 +33,59 @@ const processSca = async (config) => {
                 messageToSend = javaAnalysis.javaAnalysis(config, filesFound[0]);
                 config.language = JAVA;
                 break;
+            case JAVASCRIPT:
+                messageToSend = await javascriptAnalysis.jsAnalysis(config, filesFound[0]);
+                config.language = NODE;
+                break;
+            case PYTHON:
+                messageToSend = pythonAnalysis(config, filesFound[0]);
+                config.language = PYTHON;
+                break;
+            case RUBY:
+                messageToSend = rubyAnalysis(config, filesFound[0]);
+                config.language = RUBY;
+                break;
+            case 'PHP':
+                messageToSend = phpAnalysis.phpAnalysis(config, filesFound[0]);
+                config.language = PHP;
+                break;
             case GO:
                 messageToSend = goAnalysis.goAnalysis(config, filesFound[0]);
                 config.language = GO;
                 break;
+            case DOTNET:
+                messageToSend = dotNetAnalysis(config, filesFound[0]);
+                config.language = DOTNET;
+                break;
             default:
-                console.log('language detected not supported');
+                console.log('No supported language detected in project path');
                 return;
         }
         if (!config.applicationId) {
             config.applicationId = await auditController.dealWithNoAppId(config);
         }
-        console.log('processing dependencies');
-        const response = await treeUpload.commonSendSnapShot(messageToSend, config);
+        console.log('');
+        const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
+        startSpinner(reportSpinner);
+        const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
+        await pollForSnapshotCompletition(config, snapshotResponse.id, reportSpinner);
+        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
+        await vulnerabilityReportV2(config, snapshotResponse.id);
+        if (config.save !== undefined) {
+            await auditSave.auditSave(config);
+        }
+        const endTime = performance.now() - startTime;
+        const scanDurationMs = endTime - startTime;
+        console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
     }
     else {
         if (filesFound.length === 0) {
-            console.log('no compatible dependency files detected. Continuing...');
+            console.log(i18n.__('languageAnalysisNoLanguage'));
+            console.log(i18n.__('languageAnalysisNoLanguageHelpLine'));
+            throw new Error();
         }
         else {
-            console.log('multiple language files detected, please use --project-path to specify a directory or the file where dependencies are declared');
+            throw new Error('multiple language files detected, please use --file to specify a directory or the file where dependencies are declared');
         }
     }
 };

package/dist/common/HTTPClient.js

@@ -20,7 +20,8 @@ function HTTPClient(config) {
             Authorization: authToken,
             'API-Key': apiKey,
             SuperAuthorization: superAuthToken,
-            'Super-API-Key': superApiKey
+            'Super-API-Key': superApiKey,
+            'User-Agent': 'contrast-cli-v2'
         }
     };
     if (config.proxy) {
@@ -66,10 +67,24 @@ HTTPClient.prototype.getSpecificScanResult = function getSpecificScanResult(conf
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getSpecificScanResultSarif = function getSpecificScanResultSarif(config, scanId) {
+HTTPClient.prototype.getSpecificScanResultSarif =
+    function getSpecificScanResultSarif(config, scanId) {
+        const options = _.cloneDeep(this.requestOptions);
+        options.url = createRawOutputURL(config, scanId);
+        return requestUtils.sendRequest({ method: 'get', options });
+    };
+HTTPClient.prototype.createNewEvent = function createNewEvent(config, scanId, newProject) {
     const options = _.cloneDeep(this.requestOptions);
-    options.url = createRawOutputURL(config, scanId);
-    return requestUtils.sendRequest({ method: 'get', options });
+    options.url = createEventCollectorURL(config, scanId);
+    options.body = {
+        eventSource: process.env.CODESEC_INVOCATION_ENVIRONMENT,
+        trackingProperties: {
+            projectNameSource: config.projectNameSource,
+            waitedForResults: !config.ff,
+            newProject
+        }
+    };
+    return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.getScanId = function getScanId(config, codeArtifactId) {
     const options = _.cloneDeep(this.requestOptions);
@@ -145,8 +160,6 @@ HTTPClient.prototype.catalogueCommand = function catalogueCommand(config) {
     return requestUtils.sendRequest({ method: 'post', options });
 };
 HTTPClient.prototype.sendSnapshot = function sendSnapshot(requestBody, config) {
-    if (config.language.toUpperCase() === 'RUBY') {
-    }
     const options = _.cloneDeep(this.requestOptions);
     let url = createSnapshotURL(config);
     options.url = url;
@@ -163,12 +176,18 @@ HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
     }
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getLibraryVulnerabilities = function getLibraryVulnerabilities(config, requestBody) {
+HTTPClient.prototype.getReportStatusById = function getReportStatusById(config, snapshotId) {
     const options = _.cloneDeep(this.requestOptions);
-    options.url = createLibraryVulnerabilitiesUrl(config);
-    options.body = requestBody;
-    return requestUtils.sendRequest({ method: 'put', options });
+    options.url = createSpecificReportStatusURL(config, snapshotId);
+    return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.getLibraryVulnerabilities =
+    function getLibraryVulnerabilities(config, requestBody) {
+        const options = _.cloneDeep(this.requestOptions);
+        options.url = createLibraryVulnerabilitiesUrl(config);
+        options.body = requestBody;
+        return requestUtils.sendRequest({ method: 'put', options });
+    };
 HTTPClient.prototype.getAppId = function getAppId(config) {
     const options = _.cloneDeep(this.requestOptions);
     let url = createAppNameUrl(config);
@@ -210,11 +229,12 @@ HTTPClient.prototype.getScanResources = async function getScanResources(config,
     const options = { ...this.requestOptions, url };
     return requestUtils.sendRequest({ method: 'get', options });
 };
-HTTPClient.prototype.getFunctionScanResults = async function getFunctionScanResults(config, params, scanId, functionArn) {
-    const url = createScanResultsGetUrl(config, params, scanId, functionArn);
-    const options = { ...this.requestOptions, url };
-    return requestUtils.sendRequest({ method: 'get', options });
-};
+HTTPClient.prototype.getFunctionScanResults =
+    async function getFunctionScanResults(config, params, scanId, functionArn) {
+        const url = createScanResultsGetUrl(config, params, scanId, functionArn);
+        const options = { ...this.requestOptions, url };
+        return requestUtils.sendRequest({ method: 'get', options });
+    };
 HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
     const options = _.cloneDeep(this.requestOptions);
     let url = createDataUrl();
@@ -222,11 +242,26 @@ HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
     options.body = data;
     return requestUtils.sendRequest({ method: 'post', options });
 };
-HTTPClient.prototype.getSbom = function getSbom(config) {
+HTTPClient.prototype.getSbom = function getSbom(config, type) {
+    const options = _.cloneDeep(this.requestOptions);
+    options.url = createSbomUrl(config, type);
+    return requestUtils.sendRequest({ method: 'get', options });
+};
+HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
     const options = _.cloneDeep(this.requestOptions);
-    options.url = createSbomCycloneDXUrl(config);
+    options.url =
+        'https://pkg.contrastsecurity.com/artifactory/cli/latest-version.txt';
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.postAnalyticsFunction = function (config, provider, body) {
+    const url = createAnalyticsFunctionPostUrl(config, provider);
+    const options = { ...this.requestOptions, body, url };
+    return requestUtils.sendRequest({ method: 'post', options });
+};
+const createAnalyticsFunctionPostUrl = (config, provider) => {
+    const url = getServerlessHost(config);
+    return `${url}/organizations/${config.organizationId}/providers/${provider}/analytics`;
+};
 const createGetScanIdURL = config => {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}/scans/`;
 };
@@ -248,6 +283,9 @@ function createHarmonyProjectsUrl(config) {
 function createScanProjectUrl(config) {
     return `${config.host}/Contrast/api/sast/v1/organizations/${config.organizationId}/projects/${config.projectId}`;
 }
+const createEventCollectorURL = (config, scanId) => {
+    return `${config.host}/Contrast/api/sast/organizations/${config.organizationId}/projects/${config.projectId}/scans/${scanId}/events`;
+};
 const createGlobalPropertiesUrl = protocol => {
     return `${protocol}/Contrast/api/ng/global/properties`;
 };
@@ -266,17 +304,20 @@ const createAppNameUrl = config => {
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
 }
-function createSpecificReportUrl(config, reportId) {
-    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}`;
+function createSpecificReportUrl(config, reportId, includeTree = false) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?&includeTree=${includeTree}`;
+}
+function createSpecificReportWithProdUrl(config, reportId, includeTree) {
+    return createSpecificReportUrl(config, reportId, includeTree).concat(`&nodesToInclude=PROD`);
 }
-function createSpecificReportWithProdUrl(config, reportId) {
-    return createSpecificReportUrl(config, reportId).concat(`?nodesToInclude=PROD`);
+function createSpecificReportStatusURL(config, reportId) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots/${reportId}/status`;
 }
 function createDataUrl() {
     return `https://ardy.contrastsecurity.com/production`;
 }
-function createSbomCycloneDXUrl(config) {
-    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`;
+function createSbomUrl(config, type) {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
 }
 module.exports = HTTPClient;
 module.exports.pollForAuthUrl = pollForAuthUrl;

package/dist/common/errorHandling.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.reportFailureError = exports.vulnerabilitiesFailureError = exports.snapshotFailureError = exports.findCommandOnError = exports.libraryAnalysisError = exports.handleResponseErrors = exports.getErrorMessage = exports.generalError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
+exports.maxAppError = exports.reportFailureError = exports.vulnerabilitiesFailureError = exports.snapshotFailureError = exports.findCommandOnError = exports.libraryAnalysisError = exports.handleResponseErrors = exports.getErrorMessage = exports.generalError = exports.failOptionError = exports.proxyError = exports.forbiddenError = exports.badRequestError = exports.unauthenticatedError = exports.genericError = void 0;
 const i18n_1 = __importDefault(require("i18n"));
 const handleResponseErrors = (res, api) => {
     if (res.statusCode === 400) {
@@ -72,6 +72,11 @@ const proxyError = () => {
     generalError('proxyErrorHeader', 'proxyErrorMessage');
 };
 exports.proxyError = proxyError;
+const maxAppError = () => {
+    generalError('No applications remaining', 'You have reached the maximum number of application you can create.');
+    process.exit(1);
+};
+exports.maxAppError = maxAppError;
 const failOptionError = () => {
     console.log('\n ******************************** ' +
         i18n_1.default.__('snapshotFailureHeader') +

package/dist/common/versionChecker.js

@@ -4,14 +4,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isCorrectNodeVersion = exports.findLatestCLIVersion = void 0;
-const latest_version_1 = __importDefault(require("latest-version"));
 const constants_1 = require("../constants/constants");
 const boxen_1 = __importDefault(require("boxen"));
 const chalk_1 = __importDefault(require("chalk"));
 const semver_1 = __importDefault(require("semver"));
-async function findLatestCLIVersion(updateMessageHidden) {
-    if (!updateMessageHidden) {
-        const latestCLIVersion = await (0, latest_version_1.default)('@contrast/contrast');
+const commonApi_1 = __importDefault(require("../utils/commonApi"));
+const http2_1 = require("http2");
+const getLatestVersion = async (config) => {
+    const client = commonApi_1.default.getHttpClient(config);
+    try {
+        const res = await client.getLatestVersion();
+        if (res.statusCode === http2_1.constants.HTTP_STATUS_OK) {
+            return res.body;
+        }
+    }
+    catch (e) {
+        return;
+    }
+};
+async function findLatestCLIVersion(config) {
+    const messageHidden = config.get('updateMessageHidden');
+    if (!messageHidden) {
+        let latestCLIVersion = await getLatestVersion(config);
+        latestCLIVersion = latestCLIVersion.substring(8);
         if (semver_1.default.lt(constants_1.APP_VERSION, latestCLIVersion)) {
             const updateAvailableMessage = `Update available ${chalk_1.default.yellow(constants_1.APP_VERSION)} → ${chalk_1.default.green(latestCLIVersion)}`;
             const npmUpdateAvailableCommand = `Run ${chalk_1.default.cyan('npm i @contrast/contrast -g')} to update via npm`;
@@ -27,6 +42,6 @@ async function findLatestCLIVersion(updateMessageHidden) {
 }
 exports.findLatestCLIVersion = findLatestCLIVersion;
 async function isCorrectNodeVersion(currentVersion) {
-    return semver_1.default.satisfies(currentVersion, '>=16.13.2 <17');
+    return semver_1.default.satisfies(currentVersion, '>=16');
 }
 exports.isCorrectNodeVersion = isCorrectNodeVersion;