@contrast/contrast 1.0.7 → 1.0.8

package/src/constants/locales.js

@@ -15,7 +15,7 @@ const en_locales = () => {
     catchErrorMessage: 'Contrast UI error: ',
     dependenciesNote:
       'Please Note: We currently only support projects with one .csproj AND *.package.lock.json',
-    languageAnalysisFailureMessage: 'SCA Analysis Failure',
+    languageAnalysisFailureMessage: 'SCA audit Failure',
     languageAnalysisFactoryFailureHeader: 'FAIL',
     libraryAnalysisError:
       'Please ensure the language parameter is set in accordance to the language specified on the project path.\nContrast CLI must be run in the same directory as the project manifest file OR the project_path parameter must be used to identify the directory containing the project manifest file.\n\nFor further information please read our usage guide, which can be accessed with the following command:\n\ncontrast-cli --help',
@@ -118,7 +118,7 @@ const en_locales = () => {
       'Provide this if you want to catalogue an application',
     constantsLanguage:
       'Valid values are JAVA, DOTNET, NODE, PYTHON and RUBY. If there are multiple project configuration files in the project_path, language is also required.  Also, provide this when cataloguing an application',
-    constantsProjectPath:
+    constantsFilePath:
       'The directory root of a project/application that you would like analyzed. Defaults to current directory.',
     constantsSilent: 'Silences JSON output.',
     constantsAppGroups:
@@ -137,12 +137,12 @@ const en_locales = () => {
       'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
     constantsReport: 'Display vulnerability information for this application',
     constantsFail:
-      'Set the process to fail if this option is set in combination with the --report and --cve_severity.',
+      'Set the process to fail if this option is set in combination with --cve_severity.',
     failOptionErrorMessage:
-      " FAIL - CVE's have been detected that match at least the cve_severity or cve_threshold option specified.",
+      ' FAIL - CVEs have been detected that match at least the cve_severity or cve_threshold option specified.',
     constantsSeverity:
-      'Combined with the --report command, allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
-    constantsCount: "The number of CVE's that must be exceeded to fail a build",
+      'Allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
+    constantsCount: 'The number of CVEs that must be exceeded to fail a build',
     constantsHeader: 'CodeSec by Contrast Security',
     constantsPrerequisitesContentScanLanguages: 'Java & JavaScript supported',
     constantsContrastContent:
@@ -249,7 +249,7 @@ const en_locales = () => {
     scanLabel:
       "adds a label to the scan - defaults to 'Started by CLI tool at current date'",
     constantsIgnoreDev:
-      'Combined with the --report command excludes developer dependencies from the vulnerabilities report. By default all dependencies are included in a report.',
+      'Excludes developer dependencies from the output. By default all dependencies are included.',
     constantsCommands: 'Commands',
     constantsScanOptions: 'Scan Options',
     sbomError: 'All required parameters are not present.',
@@ -393,13 +393,13 @@ const en_locales = () => {
     auditOptionsIgnoreDevDependenciesDescription: 'ignores DevDependencies',
     auditOptionsSave: '-s, --save',
     auditOptionsSaveDescription:
-      'saves the output in specified format Txt text, sbom',
+      'saves the output in specified format, options: sbom',
     scanNotCompleted:
       'Scan not completed. Check for framework and language support here: %s',
     auditNotCompleted: 'audit not completed.  Please try again',
-    scanNoVulnerabilitiesFound: '👏 No vulnerabilities found',
+    scanNoVulnerabilitiesFound: '🎉 No vulnerabilities found.',
     scanNoVulnerabilitiesFoundSecureCode: '👍 Your code looks secure.',
-    scanNoVulnerabilitiesFoundGoodWork: '👏 Keep up the good work.',
+    scanNoVulnerabilitiesFoundGoodWork: '   Keep up the good work.',
     scanNoFiletypeSpecifiedForSave:
       'Please specify file type to save results to, accepted value is SARIF',
     auditSBOMSaveSuccess:
@@ -414,7 +414,8 @@ const en_locales = () => {
     auditReportFail: 'Report Retrieval Failed, please try again',
     auditReportSuccessMessage: 'Report successfully retrieved',
     auditReportFailureMessage: 'Unable to generate library report',
-    auditSCAAnalysisBegins: 'Contrast SCA analysis begins',
+    auditSCAAnalysisBegins: 'Contrast SCA audit started',
+    auditSCAAnalysisComplete: 'Contrast SCA audit complete',
     ...lambda
   }
 }

package/src/constants.js

@@ -49,7 +49,6 @@ const scanOptionDefinitions = [
   },
   {
     name: 'project-path',
-    alias: 'i',
     description:
       '{bold ' +
       i18n.__('constantsOptional') +
@@ -212,13 +211,14 @@ const auditOptionDefinitions = [
       i18n.__('constantsApplicationName')
   },
   {
-    name: 'project-path',
-    defaultValue: process.env.PWD,
+    name: 'file',
+    alias: 'f',
+    defaultValue: process.cwd(),
     description:
       '{bold ' +
       i18n.__('constantsOptional') +
       '}: ' +
-      i18n.__('constantsProjectPath')
+      i18n.__('constantsFilePath')
   },
   {
     name: 'app-groups',
@@ -334,6 +334,11 @@ const auditOptionDefinitions = [
       i18n.__('constantsOptional') +
       '}: ' +
       i18n.__('auditOptionsSaveDescription')
+  },
+  {
+    name: 'experimental',
+    alias: 'e',
+    type: Boolean
   }
 ]
 

package/src/index.ts

@@ -1,3 +1,5 @@
+#!/usr/bin/env node
+
 import commandLineArgs from 'command-line-args'
 import { processAudit } from './commands/audit/processAudit'
 import { processAuth } from './commands/auth/auth'
@@ -44,7 +46,7 @@ const start = async () => {
       argvMain.includes('--version')
     ) {
       console.log(APP_VERSION)
-      await findLatestCLIVersion(config.get('updateMessageHidden') as boolean)
+      await findLatestCLIVersion(config)
       return
     }
 
@@ -52,8 +54,8 @@ const start = async () => {
     config.set('numOfRuns', config.get('numOfRuns') + 1)
 
     // @ts-ignore
-    if (config.get('numOfRuns') >= 5) {
-      await findLatestCLIVersion(config.get('updateMessageHidden') as boolean)
+    if (config.get('numOfRuns') >= 1) {
+      await findLatestCLIVersion(config)
       config.set('numOfRuns', 0)
     }
 

package/src/sbom/generateSbom.ts

@@ -1,6 +1,6 @@
 import { getHttpClient } from '../utils/commonApi'
 
-export default function generateSbom(config: any) {
+export const generateSbom = (config: any) => {
   const client = getHttpClient(config)
   return client
     .getSbom(config)

package/src/scaAnalysis/common/formatMessage.js

@@ -6,6 +6,21 @@ const createJavaTSMessage = javaTree => {
   }
 }
 
+const createJavaScriptTSMessage = js => {
+  let message = {
+    node: {
+      packageJSON: js.packageJSON
+    }
+  }
+  if (js.yarn !== undefined) {
+    message.node.yarnLockFile = js.yarn.yarnLockFile
+    message.node.yarnVersion = js.yarn.yarnVersion
+  } else {
+    message.node.npmLockFile = js.npmLockFile
+  }
+  return message
+}
+
 const createGoTSMessage = goTree => {
   return {
     go: {
@@ -16,23 +31,30 @@ const createGoTSMessage = goTree => {
 
 const createRubyTSMessage = rubyTree => {
   return {
-    ruby: {
-      rubyDependencyTrees: rubyTree
-    }
+    ruby: rubyTree
   }
 }
 
 const createPythonTSMessage = pythonTree => {
   return {
-    python: {
-      pythonDependencyTrees: pythonTree
+    python: pythonTree
+  }
+}
+
+const createPhpTSMessage = phpTree => {
+  return {
+    php: {
+      composerJSON: phpTree.composerJSON,
+      lockFile: phpTree.lockFile
     }
   }
 }
 
 module.exports = {
+  createJavaScriptTSMessage,
   createJavaTSMessage,
   createGoTSMessage,
+  createPhpTSMessage,
   createRubyTSMessage,
   createPythonTSMessage
 }

package/src/scaAnalysis/common/treeUpload.js

@@ -13,7 +13,6 @@ const commonSendSnapShot = async (analysis, config) => {
     .sendSnapshot(requestBody, config)
     .then(res => {
       if (res.statusCode === 201) {
-        console.log('dependencies processed successfully')
         return res.body
       } else {
         console.log(res.statusCode)

package/src/scaAnalysis/go/goReadDepFile.js

@@ -3,9 +3,7 @@ const i18n = require('i18n')
 
 const getGoDependencies = config => {
   let cmdStdout
-  let cwd = config.projectPath
-    ? config.projectPath.replace('go.mod', '')
-    : process.cwd()
+  let cwd = config.file ? config.file.replace('go.mod', '') : process.cwd()
 
   try {
     // A sample of this output can be found

package/src/scaAnalysis/java/analysis.js

@@ -6,7 +6,7 @@ const fs = require('fs')
 const MAVEN = 'maven'
 const GRADLE = 'gradle'
 
-const determineProjectTypeAndCwd = (files, projectPath) => {
+const determineProjectTypeAndCwd = (files, file) => {
   const projectData = {}
 
   if (files[0].includes('pom.xml')) {
@@ -16,9 +16,9 @@ const determineProjectTypeAndCwd = (files, projectPath) => {
   }
 
   //clean up the path to be a folder not a file
-  projectData.cwd = projectPath
-    ? projectPath.replace('pom.xml', '').replace('build.gradle', '')
-    : projectPath
+  projectData.cwd = file
+    ? file.replace('pom.xml', '').replace('build.gradle', '')
+    : file
 
   return projectData
 }
@@ -124,7 +124,7 @@ const getJavaBuildDeps = (config, files) => {
   }
 
   try {
-    const projectData = determineProjectTypeAndCwd(files, config.projectPath)
+    const projectData = determineProjectTypeAndCwd(files, config.file)
     if (projectData.projectType === MAVEN) {
       output.mvnDependancyTreeOutput = buildMaven(config, projectData, timeout)
     } else if (projectData.projectType === GRADLE) {

package/src/scaAnalysis/javascript/analysis.js

@@ -0,0 +1,127 @@
+const fs = require('fs')
+const yarnParser = require('@yarnpkg/lockfile')
+const yaml = require('js-yaml')
+const i18n = require('i18n')
+const {
+  formatKey
+} = require('../../audit/nodeAnalysisEngine/parseYarn2LockFileContents')
+
+const readFile = async (config, languageFiles, nameOfFile) => {
+  const index = languageFiles.findIndex(v => v.includes(nameOfFile))
+
+  if (config.file) {
+    return fs.readFileSync(config.file.concat(languageFiles[index]), 'utf8')
+  } else {
+    console.log('could not find file')
+  }
+}
+
+const readYarn = async (config, languageFiles, nameOfFile) => {
+  let yarn = {
+    yarnVersion: 1,
+    rawYarnLockFileContents: ''
+  }
+
+  try {
+    let rawYarnLockFileContents = await readFile(
+      config,
+      languageFiles,
+      nameOfFile
+    )
+    yarn.rawYarnLockFileContents = rawYarnLockFileContents
+
+    if (
+      !yarn.rawYarnLockFileContents.includes('lockfile v1') ||
+      yarn.rawYarnLockFileContents.includes('__metadata')
+    ) {
+      yarn.rawYarnLockFileContents = yaml.load(rawYarnLockFileContents)
+      yarn.yarnVersion = 2
+    }
+
+    return yarn
+  } catch (err) {
+    console.log(i18n.__('nodeReadYarnLockFileError') + `${err.message}`)
+    return
+  }
+}
+
+const parseNpmLockFile = async js => {
+  try {
+    js.npmLockFile = JSON.parse(js.rawLockFileContents)
+    if (js.npmLockFile && js.npmLockFile.lockfileVersion > 1) {
+      const listOfTopDep = Object.keys(js.npmLockFile.dependencies)
+      Object.entries(js.npmLockFile.dependencies).forEach(([objKey, value]) => {
+        if (value.requires) {
+          const listOfRequiresDep = Object.keys(value.requires)
+          listOfRequiresDep.forEach(dep => {
+            if (!listOfTopDep.includes(dep)) {
+              addDepToLockFile(js, value['requires'], dep)
+            }
+          })
+        }
+
+        if (value.dependencies) {
+          Object.entries(value.dependencies).forEach(
+            ([objChildKey, childValue]) => {
+              if (childValue.requires) {
+                const listOfRequiresDep = Object.keys(childValue.requires)
+                listOfRequiresDep.forEach(dep => {
+                  if (!listOfTopDep.includes(dep)) {
+                    addDepToLockFile(js, childValue['requires'], dep)
+                  }
+                })
+              }
+            }
+          )
+        }
+      })
+      return js.npmLockFile
+    } else {
+      return js.npmLockFile
+    }
+  } catch (err) {
+    console.log(i18n.__('NodeParseNPM') + `${err.message}`)
+    return
+  }
+}
+
+const addDepToLockFile = (js, depObj, key) => {
+  return (js.npmLockFile.dependencies[key] = { version: depObj[key] })
+}
+const parseYarnLockFile = async js => {
+  try {
+    js.yarn.yarnLockFile = {}
+    if (js.yarn.yarnVersion === 1) {
+      js.yarn.yarnLockFile = yarnParser.parse(js.yarn.rawYarnLockFileContents)
+      delete js.yarn.rawYarnLockFileContents
+      return js
+    } else {
+      js.yarn.yarnLockFile['object'] = js.yarn.rawYarnLockFileContents
+      delete js.yarn.yarnLockFile['object'].__metadata
+      js.yarn.yarnLockFile['type'] = 'success'
+
+      Object.entries(js.yarn.rawYarnLockFileContents).forEach(
+        ([key, value]) => {
+          const rawKeyNames = key.split(',')
+          const keyNames = formatKey(rawKeyNames)
+
+          keyNames.forEach(name => {
+            js.yarn.yarnLockFile.object[name] = value
+          })
+        }
+      )
+      return js
+    }
+  } catch (err) {
+    console.log(i18n.__('NodeParseYarn') + `${err.message}`)
+    return
+  }
+}
+
+module.exports = {
+  readYarn,
+  parseYarnLockFile,
+  parseNpmLockFile,
+  readFile,
+  formatKey
+}

package/src/scaAnalysis/javascript/index.js

@@ -0,0 +1,56 @@
+const analysis = require('./analysis')
+const i18n = require('i18n')
+const formatMessage = require('../common/formatMessage')
+
+const jsAnalysis = async (config, languageFiles) => {
+  if (
+    languageFiles.JAVASCRIPT.includes('package-lock.json') &&
+    languageFiles.JAVASCRIPT.includes('yarn.lock')
+  ) {
+    console.log(i18n.__('languageAnalysisMultipleLanguages1'))
+    return
+  }
+  return buildNodeTree(config, languageFiles.JAVASCRIPT)
+}
+const buildNodeTree = async (config, files) => {
+  let analysis = await readFiles(config, files)
+  const rawNode = await parseFiles(config, files, analysis)
+  return formatMessage.createJavaScriptTSMessage(rawNode)
+}
+
+const readFiles = async (config, files) => {
+  let js = {}
+
+  js.packageJSON = JSON.parse(
+    await analysis.readFile(config, files, 'package.json')
+  )
+
+  if (files.includes('package-lock.json')) {
+    js.rawLockFileContents = await analysis.readFile(
+      config,
+      files,
+      'package-lock.json'
+    )
+  }
+  if (files.includes('yarn.lock')) {
+    js.yarn = {}
+    js.yarn = await analysis.readYarn(config, files, 'yarn.lock')
+  }
+
+  return js
+}
+
+const parseFiles = async (config, files, js) => {
+  if (files.includes('package-lock.json')) {
+    js.npmLockFile = await analysis.parseNpmLockFile(js)
+  }
+  if (files.includes('yarn.lock')) {
+    js = await analysis.parseYarnLockFile(js)
+  }
+
+  return js
+}
+
+module.exports = {
+  jsAnalysis
+}

package/src/scaAnalysis/php/analysis.js

@@ -0,0 +1,98 @@
+const fs = require('fs')
+const i18n = require('i18n')
+const _ = require('lodash')
+
+let php = {}
+
+const readProjectFile = (projectPath, customFile) => {
+  const filePath = filePathForWindows(projectPath + customFile)
+  try {
+    php.composerJSON = JSON.parse(fs.readFileSync(filePath, 'utf8')) //wrong here
+    php.composerJSON.dependencies = php.composerJSON.require
+    php.composerJSON.devDependencies = php.composerJSON['require-dev']
+    return php
+  } catch (err) {
+    console.log(err.message.toString())
+  }
+}
+
+const readAndParseLockFile = (projectPath, customFile) => {
+  const filePath = filePathForWindows(projectPath + customFile)
+  try {
+    php.rawLockFileContents = JSON.parse(fs.readFileSync(filePath, 'utf8'))
+    php.lockFile = php.rawLockFileContents
+    let packages = _.keyBy(php.lockFile.packages, 'name')
+    let packagesDev = _.keyBy(php.lockFile['packages-dev'], 'name')
+    php.lockFile.dependencies = _.merge(packages, packagesDev)
+
+    const listOfTopDep = Object.keys(php.lockFile.dependencies)
+
+    Object.entries(php.lockFile.dependencies).forEach(([key, value]) => {
+      if (value.require) {
+        const listOfRequiresDep = Object.keys(value.require)
+        listOfRequiresDep.forEach(dep => {
+          if (!listOfTopDep.includes(dep)) {
+            addChildDepToLockFileAsOwnObj(php, value['require'], dep)
+          }
+        })
+      }
+
+      if (value['require-dev']) {
+        const listOfRequiresDep = Object.keys(value['require-dev'])
+        listOfRequiresDep.forEach(dep => {
+          if (!listOfTopDep.includes(dep)) {
+            addChildDepToLockFileAsOwnObj(php, value['require-dev'], dep)
+          }
+        })
+      }
+    })
+    formatParentDepToLockFile(php)
+    delete php.rawLockFileContents
+    return php
+  } catch (err) {
+    return console.log(i18n.__('phpParseComposerLock', php) + `${err.message}`) // not sure on this
+  }
+}
+
+const getPhpDeps = (config, files) => {
+  try {
+    return (
+      readProjectFile(config.file, files[0].projectFilename),
+      readAndParseLockFile(config.file, files[1].lockFilename)
+    )
+  } catch (err) {
+    console.log(err.message.toString())
+    process.exit(1)
+  }
+}
+
+const filePathForWindows = path => {
+  if (process.platform === 'win32') {
+    path = path.replace(/\//g, '\\')
+  }
+  return path
+}
+
+function addChildDepToLockFileAsOwnObj(php, depObj, key) {
+  php.lockFile.dependencies[key] = { version: depObj[key] }
+}
+
+function formatParentDepToLockFile(php) {
+  for (const [key, value] of Object.entries(php.lockFile.dependencies)) {
+    let requires = {}
+    for (const [childKey, childValue] of Object.entries(value)) {
+      if (childKey === 'require' || childKey === 'require-dev') {
+        requires = _.merge(requires, childValue)
+        php.lockFile.dependencies[key].requires = requires
+        delete php.lockFile.dependencies[key].require
+        delete php.lockFile.dependencies[key]['require-dev']
+      }
+    }
+  }
+}
+
+module.exports = {
+  getPhpDeps,
+  readAndParseLockFile,
+  readProjectFile
+}

package/src/scaAnalysis/php/index.js

@@ -0,0 +1,11 @@
+const { getPhpDeps } = require('./analysis')
+const { createPhpTSMessage } = require('../common/formatMessage')
+
+const phpAnalysis = (config, languageFiles) => {
+  const phpDeps = getPhpDeps(config, languageFiles.PHP)
+  return createPhpTSMessage(phpDeps)
+}
+
+module.exports = {
+  phpAnalysis
+}

package/src/scaAnalysis/python/analysis.js

@@ -1,8 +1,8 @@
 const multiReplace = require('string-multiple-replace')
 const fs = require('fs')
 
-const readAndParseProjectFile = projectPath => {
-  const filePath = filePathForWindows(projectPath + '/Pipfile')
+const readAndParseProjectFile = file => {
+  const filePath = filePathForWindows(file + '/Pipfile')
   const pipFile = fs.readFileSync(filePath, 'utf8')
 
   const matcherObj = { '"': '' }
@@ -14,20 +14,21 @@ const readAndParseProjectFile = projectPath => {
   return pythonArray.filter(element => element !== '' && !element.includes('#'))
 }
 
-const readAndParseLockFile = projectPath => {
-  const filePath = filePathForWindows(projectPath + '/Pipfile.lock')
+const readAndParseLockFile = file => {
+  const filePath = filePathForWindows(file + '/Pipfile.lock')
   const lockFile = fs.readFileSync(filePath, 'utf8')
   let parsedPipLock = JSON.parse(lockFile)
   parsedPipLock['defaults'] = parsedPipLock['default']
+  delete parsedPipLock['default']
   return parsedPipLock
 }
 
 const getPythonDeps = config => {
   try {
-    const parseProject = readAndParseProjectFile(config.projectPath)
-    const parsePip = readAndParseLockFile(config.projectPath)
+    const parseProject = readAndParseProjectFile(config.file)
+    const parsePip = readAndParseLockFile(config.file)
 
-    return { pipfileLock: parseProject, pipfilDependanceies: parsePip }
+    return { pipfileLock: parsePip, pipfilDependanceies: parseProject }
   } catch (err) {
     console.log(err.message.toString())
     process.exit(1)

package/src/scaAnalysis/ruby/analysis.js

@@ -1,7 +1,7 @@
 const fs = require('fs')
 
-const readAndParseGemfile = projectPath => {
-  const fileName = filePathForWindows(projectPath + '/Gemfile')
+const readAndParseGemfile = file => {
+  const fileName = filePathForWindows(file + '/Gemfile')
   const gemFile = fs.readFileSync(fileName, 'utf8')
   const rubyArray = gemFile.split('\n')
 
@@ -20,8 +20,8 @@ const readAndParseGemfile = projectPath => {
   return filteredRubyDep
 }
 
-const readAndParseGemLockFile = projectPath => {
-  const fileName = filePathForWindows(projectPath + '/Gemfile.lock')
+const readAndParseGemLockFile = file => {
+  const fileName = filePathForWindows(file + '/Gemfile.lock')
   const lockFile = fs.readFileSync(fileName, 'utf8')
   const dependencyRegEx = /^\s*([A-Za-z0-9.!@#$%\-^&*_+]*)\s*(\((.*?)\))/
 
@@ -35,7 +35,7 @@ const readAndParseGemLockFile = projectPath => {
 }
 
 const nonDependencyKeys = (line, sourceObject) => {
-  const GEMFILE_KEY_VALUE = /^\s*([^:(]*)\s*\s*(.*)/
+  const GEMFILE_KEY_VALUE = /^\s*([^:(]*)\s*\:*\s*(.*)/
   let parts = GEMFILE_KEY_VALUE.exec(line)
   let key = parts[1].trim()
   let value = parts[2] || ''
@@ -206,7 +206,7 @@ const getSourceArray = (lines, dependencyRegEx) => {
         if (
           (currentWS === 4 && nexlineWS === 4) ||
           (currentWS === 6 && nexlineWS === 4) ||
-          nexlineWS === ''
+          nexlineWS == ''
         ) {
           let newObj = {}
           newObj = JSON.parse(JSON.stringify(sourceObject))
@@ -245,8 +245,8 @@ const buildSourceDependencyWithVersion = (
 
 const getRubyDeps = config => {
   try {
-    const parsedGem = readAndParseGemfile(config.projectPath)
-    const parsedLock = readAndParseGemLockFile(config.projectPath)
+    const parsedGem = readAndParseGemfile(config.file)
+    const parsedLock = readAndParseGemLockFile(config.file)
 
     return { gemfilesDependanceies: parsedGem, gemfileLock: parsedLock }
   } catch (err) {

package/src/scaAnalysis/ruby/index.js

@@ -1,8 +1,8 @@
-const { getRubyDeps } = require('./analysis')
+const analysis = require('./analysis')
 const { createRubyTSMessage } = require('../common/formatMessage')
 
 const rubyAnalysis = (config, languageFiles) => {
-  const rubyDeps = getRubyDeps(config, languageFiles.RUBY)
+  const rubyDeps = analysis.getRubyDeps(config, languageFiles.RUBY)
   return createRubyTSMessage(rubyDeps)
 }
 

package/src/scan/autoDetection.js

@@ -43,18 +43,18 @@ const autoDetectAuditFilesAndLanguages = async () => {
     return languagesFound
   } else {
     console.log(
-      'found multiple languages, please specify one using --file to run SCA analysis'
+      'found multiple languages, please specify one using --file to run SCA audit'
     )
   }
 }
 
-const manualDetectAuditFilesAndLanguages = projectPath => {
-  let projectRootFilenames = rootFile.getProjectRootFilenames(projectPath)
+const manualDetectAuditFilesAndLanguages = file => {
+  let projectRootFilenames = rootFile.getProjectRootFilenames(file)
   let identifiedLanguages =
     languageResolver.deduceLanguageScaAnalysis(projectRootFilenames)
 
   if (Object.keys(identifiedLanguages).length === 0) {
-    console.log(i18n.__('languageAnalysisNoLanguage', projectPath))
+    console.log(i18n.__('languageAnalysisNoLanguage', file))
     return []
   }
   return [identifiedLanguages]