@contrast/contrast 1.0.7 → 1.0.8

package/dist/audit/autodetection/autoDetectLanguage.js

@@ -8,14 +8,14 @@ const i18n_1 = __importDefault(require("i18n"));
 const reduceIdentifiedLanguages_1 = require("../languageAnalysisEngine/reduceIdentifiedLanguages");
 const getProjectRootFilenames_1 = require("../languageAnalysisEngine/getProjectRootFilenames");
 function identifyLanguages(config) {
-    const { projectPath } = config;
-    const projectRootFilenames = (0, getProjectRootFilenames_1.getProjectRootFilenames)(projectPath);
+    const { file } = config;
+    const projectRootFilenames = (0, getProjectRootFilenames_1.getProjectRootFilenames)(file);
     const identifiedLanguages = projectRootFilenames.reduce((accumulator, filename) => {
         const deducedLanguages = (0, reduceIdentifiedLanguages_1.deduceLanguage)(filename);
         return [...accumulator, ...deducedLanguages];
     }, []);
     if (Object.keys(identifiedLanguages).length === 0) {
-        throw new Error(i18n_1.default.__('languageAnalysisNoLanguage', projectPath));
+        throw new Error(i18n_1.default.__('languageAnalysisNoLanguage', file));
     }
     return (0, reduceIdentifiedLanguages_1.reduceIdentifiedLanguages)(identifiedLanguages);
 }

package/dist/audit/catalogueApplication/catalogueApplication.js

@@ -1,9 +1,5 @@
 "use strict";
-const i18n = require('i18n');
 const { getHttpClient, handleResponseErrors } = require('../../utils/commonApi');
-const displaySuccessMessage = () => {
-    console.log(i18n.__('catalogueSuccessCommand'));
-};
 const catalogueApplication = async (config) => {
     const client = getHttpClient(config);
     let appId;
@@ -13,6 +9,9 @@ const catalogueApplication = async (config) => {
         if (res.statusCode === 201) {
             appId = res.body.application.app_id;
         }
+        else if (doesMessagesContainAppId(res)) {
+            appId = tryRetrieveAppIdFromMessages(res.body.messages);
+        }
         else {
             handleResponseErrors(res, 'catalogue');
         }
@@ -22,6 +21,25 @@ const catalogueApplication = async (config) => {
     });
     return appId;
 };
+const doesMessagesContainAppId = res => {
+    const regex = /(Application ID =)/;
+    if (res.statusCode === 400 &&
+        res.body.messages.filter(message => regex.exec(message))[0]) {
+        return true;
+    }
+    return false;
+};
+const tryRetrieveAppIdFromMessages = messages => {
+    let appId;
+    messages.forEach(message => {
+        if (message.includes('Application ID')) {
+            appId = message.split('=')[1].replace(/\s+/g, '');
+        }
+    });
+    return appId;
+};
 module.exports = {
-    catalogueApplication: catalogueApplication
+    catalogueApplication: catalogueApplication,
+    doesMessagesContainAppId,
+    tryRetrieveAppIdFromMessages
 };

package/dist/audit/languageAnalysisEngine/getIdentifiedLanguageInfo.js

@@ -1,23 +1,23 @@
 "use strict";
 const path = require('path');
 module.exports = exports = (analysis, next) => {
-    const { projectPath, languageAnalysis } = analysis;
-    languageAnalysis.identifiedLanguageInfo = getIdentifiedLanguageInfo(projectPath, languageAnalysis.identifiedLanguages);
+    const { file, languageAnalysis } = analysis;
+    languageAnalysis.identifiedLanguageInfo = getIdentifiedLanguageInfo(file, languageAnalysis.identifiedLanguages);
     next();
 };
-const getIdentifiedLanguageInfo = (projectPath, identifiedLanguages) => {
+const getIdentifiedLanguageInfo = (file, identifiedLanguages) => {
     const [language] = Object.keys(identifiedLanguages);
     const { projectFilenames: [projectFilename], lockFilenames: [lockFilename] } = Object.values(identifiedLanguages)[0];
     let identifiedLanguageInfo = {
         language,
         projectFilename,
-        projectFilePath: path.join(projectPath, projectFilename)
+        projectFilePath: path.join(file, projectFilename)
     };
     if (lockFilename) {
         identifiedLanguageInfo = {
             ...identifiedLanguageInfo,
             lockFilename,
-            lockFilePath: path.join(projectPath, lockFilename)
+            lockFilePath: path.join(file, lockFilename)
         };
     }
     return identifiedLanguageInfo;

package/dist/audit/languageAnalysisEngine/getProjectRootFilenames.js

@@ -3,9 +3,9 @@ const fs = require('fs');
 const path = require('path');
 const i18n = require('i18n');
 module.exports = exports = (analysis, next) => {
-    const { projectPath, languageAnalysis } = analysis;
+    const { file, languageAnalysis } = analysis;
     try {
-        languageAnalysis.projectRootFilenames = getProjectRootFilenames(projectPath);
+        languageAnalysis.projectRootFilenames = getProjectRootFilenames(file);
     }
     catch (err) {
         next(err);
@@ -13,27 +13,27 @@ module.exports = exports = (analysis, next) => {
     }
     next();
 };
-const getProjectRootFilenames = projectPath => {
+const getProjectRootFilenames = file => {
     let projectStats = null;
     try {
-        projectStats = fs.statSync(projectPath);
+        projectStats = fs.statSync(file);
     }
     catch (err) {
-        throw new Error(i18n.__('languageAnalysisProjectRootFileNameFailure', projectPath) +
+        throw new Error(i18n.__('languageAnalysisProjectRootFileNameFailure', file) +
             `${err.message}`);
     }
     if (projectStats.isDirectory()) {
         try {
-            return fs.readdirSync(projectPath);
+            return fs.readdirSync(file);
         }
         catch (err) {
-            throw new Error(i18n.__('languageAnalysisProjectRootFileNameReadError', projectPath) +
+            throw new Error(i18n.__('languageAnalysisProjectRootFileNameReadError', file) +
                 `${err.message}`);
         }
     }
     if (projectStats.isFile()) {
-        return [path.basename(projectPath)];
+        return [path.basename(file)];
     }
-    throw new Error(i18n.__('languageAnalysisProjectRootFileNameMissingError'), projectPath);
+    throw new Error(i18n.__('languageAnalysisProjectRootFileNameMissingError'), file);
 };
 exports.getProjectRootFilenames = getProjectRootFilenames;

package/dist/audit/languageAnalysisEngine/index.js

@@ -9,9 +9,9 @@ const checkIdentifiedLanguageHasProjectFile = require('./checkIdentifiedLanguage
 const checkIdentifiedLanguageHasLockFile = require('./checkIdentifiedLanguageHasLockFile');
 const getIdentifiedLanguageInfo = require('./getIdentifiedLanguageInfo');
 const { libraryAnalysisError } = require('../../common/errorHandling');
-module.exports = exports = (projectPath, callback, appId, config) => {
+module.exports = exports = (file, callback, appId, config) => {
     const ae = new AnalysisEngine({
-        projectPath,
+        file,
         appId,
         languageAnalysis: { appId: appId },
         config

package/dist/audit/languageAnalysisEngine/languageAnalysisFactory.js

@@ -10,12 +10,9 @@ const phpAE = require('../phpAnalysisEngine');
 const goAE = require('../goAnalysisEngine');
 const { vulnerabilityReport } = require('./report/reportingFeature');
 const { newSendSnapShot } = require('../languageAnalysisEngine/sendSnapshot');
-const fs = require('fs');
-const chalk = require('chalk');
-const saveFile = require('../../commands/audit/saveFile').default;
-const generateSbom = require('../../sbom/generateSbom').default;
-const { failSpinner, returnOra, startSpinner, succeedSpinner } = require('../../utils/oraWrapper');
+const { returnOra, startSpinner, succeedSpinner } = require('../../utils/oraWrapper');
 const { pollForSnapshotCompletition } = require('./sendSnapshot');
+const auditSave = require('../save');
 module.exports = exports = (err, analysis) => {
     const { identifiedLanguageInfo } = analysis.languageAnalysis;
     const catalogueAppId = analysis.languageAnalysis.appId;
@@ -40,10 +37,10 @@ module.exports = exports = (err, analysis) => {
         const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
         startSpinner(reportSpinner);
         const snapshotResponse = await newSendSnapShot(analysis, catalogueAppId);
-        const pollResult = await pollForSnapshotCompletition(analysis.config, snapshotResponse.id, reportSpinner);
-        succeedSpinner(reportSpinner, 'Contrast SCA analysis complete');
+        await pollForSnapshotCompletition(analysis.config, snapshotResponse.id, reportSpinner);
+        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
         await vulnerabilityReport(analysis, catalogueAppId, snapshotResponse.id);
-        await auditSave(config);
+        await auditSave.auditSave(config);
     };
     if (identifiedLanguageInfo.language === DOTNET) {
         dotnetAE(identifiedLanguageInfo, analysis.config, langCallback);
@@ -67,23 +64,3 @@ module.exports = exports = (err, analysis) => {
         goAE(identifiedLanguageInfo, analysis.config, langCallback);
     }
 };
-async function auditSave(config) {
-    if (config.save) {
-        if (config.save.toLowerCase() === 'sbom') {
-            saveFile(config, await generateSbom(config));
-            const filename = `${config.applicationId}-sbom-cyclonedx.json`;
-            if (fs.existsSync(filename)) {
-                console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);
-            }
-            else {
-                console.log(chalk.yellow.bold(`\n Unable to save ${filename} Software Bill of Materials (SBOM)`));
-            }
-        }
-        else {
-            console.log(i18n.__('auditBadFiletypeSpecifiedForSave'));
-        }
-    }
-    else if (config.save === null) {
-        console.log(i18n.__('auditNoFiletypeSpecifiedForSave'));
-    }
-}

package/dist/audit/languageAnalysisEngine/reduceIdentifiedLanguages.js

@@ -36,7 +36,7 @@ const deduceLanguageScaAnalysis = filenames => {
         }
         if (isNodeProjectFilename(filename)) {
             deducedLanguages.push(filename);
-            language = NODE;
+            language = JAVASCRIPT;
         }
         if (isRubyProjectFilename(filename)) {
             deducedLanguages.push(filename);
@@ -46,9 +46,16 @@ const deduceLanguageScaAnalysis = filenames => {
             deducedLanguages.push(filename);
             language = PYTHON;
         }
+        if (isPhpProjectFilename(filename)) {
+            deducedLanguages.push({ language: PHP, projectFilename: filename });
+            language = PHP;
+        }
         if (isNodeLockFilename(filename)) {
             deducedLanguages.push(filename);
-            language = NODE;
+            language = JAVASCRIPT;
+        }
+        if (isPhpLockFilename(filename)) {
+            deducedLanguages.push({ language: PHP, lockFilename: filename });
         }
         if (isGoProjectFilename(filename)) {
             deducedLanguages.push({ language: GO, projectFilename: filename });
@@ -115,13 +122,13 @@ const reduceIdentifiedLanguages = identifiedLanguages => identifiedLanguages.red
     return accumulator;
 }, {});
 module.exports = exports = (analysis, next) => {
-    const { projectPath, languageAnalysis, config } = analysis;
+    const { file, languageAnalysis, config } = analysis;
     let identifiedLanguages = languageAnalysis.projectRootFilenames.reduce((accumulator, filename) => {
         const deducedLanguages = deduceLanguage(filename);
         return [...accumulator, ...deducedLanguages];
     }, []);
     if (Object.keys(identifiedLanguages).length === 0) {
-        next(new Error(i18n.__('languageAnalysisNoLanguage', projectPath)));
+        next(new Error(i18n.__('languageAnalysisNoLanguage', file)));
         return;
     }
     let language = config.language;

package/dist/audit/languageAnalysisEngine/report/commonReportingFunctions.js

@@ -11,10 +11,11 @@ const chalk_1 = __importDefault(require("chalk"));
 const reportUtils_1 = require("./utils/reportUtils");
 const severityCountModel_1 = require("./models/severityCountModel");
 const reportOutputModel_1 = require("./models/reportOutputModel");
+const constants_1 = require("../../../constants/constants");
 const createLibraryHeader = (id, numberOfVulnerableLibraries, numberOfCves) => {
     numberOfVulnerableLibraries === 1
-        ? console.log(` Found 1 vulnerable library containing ${numberOfCves} CVE's`)
-        : console.log(` Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVE's `);
+        ? console.log(`Found 1 vulnerable library containing ${numberOfCves} CVEs`)
+        : console.log(`Found ${numberOfVulnerableLibraries} vulnerable libraries containing ${numberOfCves} CVEs `);
 };
 exports.createLibraryHeader = createLibraryHeader;
 const getReport = async (config, reportId) => {
@@ -26,10 +27,6 @@ const getReport = async (config, reportId) => {
             return res.body;
         }
         else {
-            console.log('config-------------------');
-            console.log(config);
-            console.log('reportId----------------');
-            console.log(reportId);
             console.log(JSON.stringify(res));
             (0, commonApi_1.handleResponseErrors)(res, 'report');
         }
@@ -52,13 +49,20 @@ const printFormattedOutput = (libraries, config) => {
     const report = new reportListModel_1.ReportList();
     for (const library of libraries) {
         const { name, version } = (0, reportUtils_1.findNameAndVersion)(library, config);
-        const newOutputModel = new reportListModel_1.ReportModelStructure(new reportListModel_1.ReportCompositeKey(name, version, (0, reportUtils_1.findHighestSeverityCVE)(library.cveArray)), library.cveArray);
+        const newOutputModel = new reportListModel_1.ReportModelStructure(new reportListModel_1.ReportCompositeKey(name, version, (0, reportUtils_1.findHighestSeverityCVE)(library.cveArray), (0, reportUtils_1.severityCountAllCVEs)(library.cveArray, new severityCountModel_1.SeverityCountModel()).getTotal), library.cveArray);
         report.reportOutputList.push(newOutputModel);
     }
-    const orderedOutputListLowestFirst = (0, lodash_1.orderBy)(report.reportOutputList, reportListItem => reportListItem.compositeKey.highestSeverity.priority, ['desc']);
-    let contrastHeaderNumCounter = 0;
-    for (const reportModel of orderedOutputListLowestFirst) {
-        contrastHeaderNumCounter++;
+    const outputOrderedByLowestSeverityAndLowestNumOfCvesFirst = (0, lodash_1.orderBy)(report.reportOutputList, [
+        (reportListItem) => {
+            return reportListItem.compositeKey.highestSeverity.priority;
+        },
+        (reportListItem) => {
+            return reportListItem.compositeKey.numberOfSeverities;
+        }
+    ], ['desc']);
+    let contrastHeaderNumCounter = outputOrderedByLowestSeverityAndLowestNumOfCvesFirst.length + 1;
+    for (const reportModel of outputOrderedByLowestSeverityAndLowestNumOfCvesFirst) {
+        contrastHeaderNumCounter--;
         const { libraryName, libraryVersion, highestSeverity } = reportModel.compositeKey;
         const numOfCVEs = reportModel.cveArray.length;
         const header = buildHeader(highestSeverity, contrastHeaderNumCounter, libraryName, libraryVersion, numOfCVEs);
@@ -66,12 +70,16 @@ const printFormattedOutput = (libraries, config) => {
         const reportOutputModel = new reportOutputModel_1.ReportOutputModel(header, body);
         console.log(reportOutputModel.header.vulnMessage, reportOutputModel.header.introducesMessage);
         console.log(reportOutputModel.body.issueMessage);
-        console.log(reportOutputModel.body.adviceMessage);
+        console.log(reportOutputModel.body.adviceMessage + '\n');
+    }
+    const { criticalMessage, highMessage, mediumMessage, lowMessage, noteMessage, total } = buildFooter(libraries);
+    if (total > 1) {
+        console.log(`${criticalMessage} | ${highMessage} | ${mediumMessage} | ${lowMessage} | ${noteMessage}`);
     }
 };
 exports.printFormattedOutput = printFormattedOutput;
 function buildHeader(highestSeverity, contrastHeaderNum, libraryName, version, numOfCVEs) {
-    const vulnerabilityPluralised = numOfCVEs > 1 ? 'Vulnerabilities' : 'Vulnerability';
+    const vulnerabilityPluralised = numOfCVEs > 1 ? 'vulnerabilities' : 'vulnerability';
     const formattedHeaderNum = buildFormattedHeaderNum(contrastHeaderNum);
     const vulnMessage = chalk_1.default
         .hex(highestSeverity.outputColour)
@@ -96,6 +104,24 @@ function buildBody(cveArray) {
     return new reportOutputModel_1.ReportOutputBodyModel(issueMessage, adviceMessage);
 }
 exports.buildBody = buildBody;
+const buildFooter = (libraries) => {
+    const { critical, high, medium, low, note, getTotal } = (0, reportUtils_1.severityCountAllLibraries)(libraries);
+    const criticalMessage = chalk_1.default
+        .hex(constants_1.CRITICAL_COLOUR)
+        .bold(`${critical} Critical`);
+    const highMessage = chalk_1.default.hex(constants_1.HIGH_COLOUR).bold(`${high} High`);
+    const mediumMessage = chalk_1.default.hex(constants_1.MEDIUM_COLOUR).bold(`${medium} Medium`);
+    const lowMessage = chalk_1.default.hex(constants_1.LOW_COLOUR).bold(`${low} Low`);
+    const noteMessage = chalk_1.default.hex(constants_1.NOTE_COLOUR).bold(`${note} Note`);
+    return {
+        criticalMessage,
+        highMessage,
+        mediumMessage,
+        lowMessage,
+        noteMessage,
+        total: getTotal
+    };
+};
 function buildFormattedHeaderNum(contrastHeaderNum) {
     let formattedHeaderNum;
     if (contrastHeaderNum < 10) {

package/dist/audit/languageAnalysisEngine/report/models/reportListModel.js

@@ -15,10 +15,11 @@ class ReportModelStructure {
 }
 exports.ReportModelStructure = ReportModelStructure;
 class ReportCompositeKey {
-    constructor(libraryName, libraryVersion, highestSeverity) {
+    constructor(libraryName, libraryVersion, highestSeverity, numberOfSeverities) {
         this.libraryName = libraryName;
         this.libraryVersion = libraryVersion;
         this.highestSeverity = highestSeverity;
+        this.numberOfSeverities = numberOfSeverities;
     }
 }
 exports.ReportCompositeKey = ReportCompositeKey;

package/dist/audit/languageAnalysisEngine/report/models/severityCountModel.js

@@ -9,5 +9,8 @@ class SeverityCountModel {
         this.low = 0;
         this.note = 0;
     }
+    get getTotal() {
+        return this.critical + this.high + this.medium + this.low + this.note;
+    }
 }
 exports.SeverityCountModel = SeverityCountModel;

package/dist/audit/languageAnalysisEngine/report/reportingFeature.js

@@ -1,28 +1,49 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.formatVulnerabilityOutput = exports.vulnerabilityReport = void 0;
+exports.vulnerabilityReportV2 = exports.formatVulnerabilityOutput = exports.vulnerabilityReport = void 0;
 const commonReportingFunctions_1 = require("./commonReportingFunctions");
 const reportUtils_1 = require("./utils/reportUtils");
+const i18n_1 = __importDefault(require("i18n"));
+const chalk_1 = __importDefault(require("chalk"));
 async function vulnerabilityReport(analysis, applicationId, reportId) {
     const reportResponse = await (0, commonReportingFunctions_1.getReport)(analysis.config, reportId);
     if (reportResponse !== undefined) {
         const id = applicationId;
-        const name = analysis.config.applicationName;
-        formatVulnerabilityOutput(reportResponse.vulnerabilities, id, name, analysis.config);
+        formatVulnerabilityOutput(reportResponse.vulnerabilities, id, analysis.config);
     }
 }
 exports.vulnerabilityReport = vulnerabilityReport;
-function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, name, config) {
-    const vulnerableLibraries = (0, reportUtils_1.convertGenericToTypedLibraries)(libraryVulnerabilityResponse);
+function formatVulnerabilityOutput(libraryVulnerabilityResponse, id, config) {
+    const vulnerableLibraries = (0, reportUtils_1.convertGenericToTypedLibraryVulns)(libraryVulnerabilityResponse);
     const numberOfVulnerableLibraries = vulnerableLibraries.length;
-    let numberOfCves = 0;
-    vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
-    (0, commonReportingFunctions_1.createLibraryHeader)(id, numberOfVulnerableLibraries, numberOfCves);
-    const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(vulnerableLibraries, config);
-    return [
-        hasSomeVulnerabilitiesReported,
-        numberOfCves,
-        (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries)
-    ];
+    if (numberOfVulnerableLibraries === 0) {
+        console.log(i18n_1.default.__('scanNoVulnerabilitiesFound'));
+        console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundSecureCode'));
+        console.log(i18n_1.default.__('scanNoVulnerabilitiesFoundGoodWork'));
+        console.log(chalk_1.default.bold(`Found ${numberOfVulnerableLibraries} vulnerabilities`));
+        console.log(i18n_1.default.__('foundDetailedVulnerabilities', String(0), String(0), String(0), String(0), String(0)));
+    }
+    else {
+        let numberOfCves = 0;
+        vulnerableLibraries.forEach(lib => (numberOfCves += lib.cveArray.length));
+        (0, commonReportingFunctions_1.createLibraryHeader)(id, numberOfVulnerableLibraries, numberOfCves);
+        const hasSomeVulnerabilitiesReported = (0, commonReportingFunctions_1.printVulnerabilityResponse)(vulnerableLibraries, config);
+        return [
+            hasSomeVulnerabilitiesReported,
+            numberOfCves,
+            (0, reportUtils_1.severityCountAllLibraries)(vulnerableLibraries)
+        ];
+    }
 }
 exports.formatVulnerabilityOutput = formatVulnerabilityOutput;
+async function vulnerabilityReportV2(config, reportId) {
+    const reportResponse = await (0, commonReportingFunctions_1.getReport)(config, reportId);
+    if (reportResponse !== undefined) {
+        const name = config.applicationName;
+        formatVulnerabilityOutput(reportResponse.vulnerabilities, config.applicationId, config);
+    }
+}
+exports.vulnerabilityReportV2 = vulnerabilityReportV2;

package/dist/audit/languageAnalysisEngine/report/utils/reportUtils.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraries = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
+exports.findNameAndVersion = exports.severityCountSingleCVE = exports.severityCountAllCVEs = exports.severityCountAllLibraries = exports.convertGenericToTypedLibraryVulns = exports.findCVESeverity = exports.findCVESeveritiesAndOrderByHighestPriority = exports.findHighestSeverityCVE = void 0;
 const reportLibraryModel_1 = require("../models/reportLibraryModel");
 const reportSeverityModel_1 = require("../models/reportSeverityModel");
 const constants_1 = __importDefault(require("../../../languageAnalysisEngine/constants"));
@@ -40,12 +40,12 @@ function findCVESeverity(cve) {
     }
 }
 exports.findCVESeverity = findCVESeverity;
-function convertGenericToTypedLibraries(libraries) {
+function convertGenericToTypedLibraryVulns(libraries) {
     return Object.entries(libraries).map(([name, cveArray]) => {
         return new reportLibraryModel_1.ReportLibraryModel(name, cveArray);
     });
 }
-exports.convertGenericToTypedLibraries = convertGenericToTypedLibraries;
+exports.convertGenericToTypedLibraryVulns = convertGenericToTypedLibraryVulns;
 function severityCountAllLibraries(vulnerableLibraries) {
     const severityCount = new severityCountModel_1.SeverityCountModel();
     vulnerableLibraries.forEach(lib => severityCountAllCVEs(lib.cveArray, severityCount));

package/dist/audit/save.js

@@ -0,0 +1,29 @@
+"use strict";
+const fs = require('fs');
+const i18n = require('i18n');
+const chalk = require('chalk');
+const save = require('../commands/audit/saveFile');
+const sbom = require('../sbom/generateSbom');
+async function auditSave(config) {
+    if (config.save) {
+        if (config.save.toLowerCase() === 'sbom') {
+            save.saveFile(config, await sbom.generateSbom(config));
+            const filename = `${config.applicationId}-sbom-cyclonedx.json`;
+            if (fs.existsSync(filename)) {
+                console.log(i18n.__('auditSBOMSaveSuccess') + ` - ${filename}`);
+            }
+            else {
+                console.log(chalk.yellow.bold(`\n Unable to save ${filename} Software Bill of Materials (SBOM)`));
+            }
+        }
+        else {
+            console.log(i18n.__('auditBadFiletypeSpecifiedForSave'));
+        }
+    }
+    else if (config.save === null) {
+        console.log(i18n.__('auditNoFiletypeSpecifiedForSave'));
+    }
+}
+module.exports = {
+    auditSave
+};

package/dist/commands/audit/auditController.js

@@ -3,12 +3,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.startAudit = exports.dealWithNoAppId = void 0;
+exports.getAppName = exports.startAudit = exports.dealWithNoAppId = void 0;
 const catalogueApplication_1 = require("../../audit/catalogueApplication/catalogueApplication");
 const commonApi_1 = __importDefault(require("../../audit/languageAnalysisEngine/commonApi"));
 const identifyLanguageAE = require('./../../audit/languageAnalysisEngine');
 const languageFactory = require('../../audit/languageAnalysisEngine/languageAnalysisFactory');
-const { v4: uuidv4 } = require('uuid');
 const dealWithNoAppId = async (config) => {
     let appID;
     try {
@@ -17,8 +16,11 @@ const dealWithNoAppId = async (config) => {
             return await (0, catalogueApplication_1.catalogueApplication)(config);
         }
         if (!appID && !config.applicationName) {
-            config.applicationName = uuidv4();
-            return await (0, catalogueApplication_1.catalogueApplication)(config);
+            config.applicationName = (0, exports.getAppName)(config.file);
+            appID = await commonApi_1.default.returnAppId(config);
+            if (!appID) {
+                return await (0, catalogueApplication_1.catalogueApplication)(config);
+            }
         }
     }
     catch (e) {
@@ -35,6 +37,20 @@ const startAudit = async (config) => {
     if (!config.applicationId) {
         config.applicationId = await (0, exports.dealWithNoAppId)(config);
     }
-    identifyLanguageAE(config.projectPath, languageFactory, config.applicationId, config);
+    identifyLanguageAE(config.file, languageFactory, config.applicationId, config);
 };
 exports.startAudit = startAudit;
+const getAppName = (file) => {
+    const last = file.charAt(file.length - 1);
+    if (last !== '/') {
+        return file.split('/').pop();
+    }
+    else {
+        const str = removeLastChar(file);
+        return str.split('/').pop();
+    }
+};
+exports.getAppName = getAppName;
+const removeLastChar = (str) => {
+    return str.substring(0, str.length - 1);
+};

package/dist/commands/audit/help.js

@@ -46,7 +46,30 @@ const auditUsageGuide = (0, command_line_usage_1.default)([
     },
     {
         header: i18n_1.default.__('constantsAuditOptions'),
-        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions
+        optionList: constants_1.default.commandLineDefinitions.auditOptionDefinitions,
+        hide: [
+            'application-id',
+            'application-name',
+            'organization-id',
+            'api-key',
+            'authorization',
+            'host',
+            'proxy',
+            'help',
+            'ff',
+            'ignore-cert-errors',
+            'verbose',
+            'debug',
+            'experimental',
+            'tags',
+            'sub-project',
+            'code',
+            'maven-settings-path',
+            'language',
+            'experimental',
+            'app-groups',
+            'metadata'
+        ]
     }
 ]);
 exports.auditUsageGuide = auditUsageGuide;

package/dist/commands/audit/processAudit.js

@@ -4,13 +4,19 @@ exports.processAudit = void 0;
 const auditController_1 = require("./auditController");
 const auditConfig_1 = require("./auditConfig");
 const help_1 = require("./help");
+const scaAnalysis_1 = require("../scan/sca/scaAnalysis");
 const processAudit = async (argv) => {
     if (argv.indexOf('--help') != -1) {
         printHelpMessage();
         process.exit(0);
     }
     const config = (0, auditConfig_1.getAuditConfig)(argv);
-    const auditResults = await (0, auditController_1.startAudit)(config);
+    if (config.experimental) {
+        await (0, scaAnalysis_1.processSca)(config);
+    }
+    else {
+        await (0, auditController_1.startAudit)(config);
+    }
 };
 exports.processAudit = processAudit;
 const printHelpMessage = () => {

package/dist/commands/audit/saveFile.js

@@ -3,9 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.saveFile = void 0;
 const fs_1 = __importDefault(require("fs"));
-function saveFile(config, rawResults) {
+const saveFile = (config, rawResults) => {
     const fileName = `${config.applicationId}-sbom-cyclonedx.json`;
     fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
-}
-exports.default = saveFile;
+};
+exports.saveFile = saveFile;
+module.exports = {
+    saveFile: exports.saveFile
+};