@contrast/contrast 1.0.8 → 1.0.9

package/dist/commands/audit/saveFile.js

@@ -5,8 +5,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.saveFile = void 0;
 const fs_1 = __importDefault(require("fs"));
-const saveFile = (config, rawResults) => {
-    const fileName = `${config.applicationId}-sbom-cyclonedx.json`;
+const saveFile = (config, type, rawResults) => {
+    const fileName = `${config.applicationId}-sbom-${type}.json`;
     fs_1.default.writeFileSync(fileName, JSON.stringify(rawResults));
 };
 exports.saveFile = saveFile;

package/dist/commands/scan/sca/scaAnalysis.js

@@ -2,9 +2,8 @@
 const autoDetection = require('../../../scan/autoDetection');
 const javaAnalysis = require('../../../scaAnalysis/java');
 const treeUpload = require('../../../scaAnalysis/common/treeUpload');
-const { manualDetectAuditFilesAndLanguages } = require('../../../scan/autoDetection');
 const auditController = require('../../audit/auditController');
-const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP } } = require('../../../audit/languageAnalysisEngine/constants');
+const { supportedLanguages: { JAVA, GO, PYTHON, RUBY, JAVASCRIPT, NODE, PHP, DOTNET } } = require('../../../constants/constants');
 const goAnalysis = require('../../../scaAnalysis/go/goAnalysis');
 const phpAnalysis = require('../../../scaAnalysis/php/index');
 const { rubyAnalysis } = require('../../../scaAnalysis/ruby');
@@ -15,14 +14,16 @@ const { returnOra, startSpinner, succeedSpinner } = require('../../../utils/oraW
 const i18n = require('i18n');
 const { vulnerabilityReportV2 } = require('../../../audit/languageAnalysisEngine/report/reportingFeature');
 const auditSave = require('../../../audit/save');
+const { dotNetAnalysis } = require('../../../scaAnalysis/dotnet');
 const processSca = async (config) => {
+    const startTime = performance.now();
     let filesFound;
     if (config.file) {
         config.file = config.file.concat('/');
-        filesFound = await manualDetectAuditFilesAndLanguages(config.file);
+        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config.file);
     }
     else {
-        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(config);
+        filesFound = await autoDetection.autoDetectAuditFilesAndLanguages(undefined);
         config.file = process.cwd().concat('/');
     }
     let messageToSend = undefined;
@@ -52,27 +53,39 @@ const processSca = async (config) => {
                 messageToSend = goAnalysis.goAnalysis(config, filesFound[0]);
                 config.language = GO;
                 break;
+            case DOTNET:
+                messageToSend = dotNetAnalysis(config, filesFound[0]);
+                config.language = DOTNET;
+                break;
             default:
-                console.log('language detected not supported');
+                console.log('No supported language detected in project path');
                 return;
         }
         if (!config.applicationId) {
             config.applicationId = await auditController.dealWithNoAppId(config);
         }
+        console.log('');
         const reportSpinner = returnOra(i18n.__('auditSCAAnalysisBegins'));
         startSpinner(reportSpinner);
         const snapshotResponse = await treeUpload.commonSendSnapShot(messageToSend, config);
         await pollForSnapshotCompletition(config, snapshotResponse.id, reportSpinner);
-        succeedSpinner(reportSpinner, 'Contrast SCA audit complete');
+        succeedSpinner(reportSpinner, i18n.__('auditSCAAnalysisComplete'));
         await vulnerabilityReportV2(config, snapshotResponse.id);
-        await auditSave.auditSave(config);
+        if (config.save !== undefined) {
+            await auditSave.auditSave(config);
+        }
+        const endTime = performance.now() - startTime;
+        const scanDurationMs = endTime - startTime;
+        console.log(`----- completed in ${(scanDurationMs / 1000).toFixed(2)}s -----`);
     }
     else {
         if (filesFound.length === 0) {
-            console.log('no compatible dependency files detected. Continuing...');
+            console.log(i18n.__('languageAnalysisNoLanguage'));
+            console.log(i18n.__('languageAnalysisNoLanguageHelpLine'));
+            throw new Error();
         }
         else {
-            console.log('multiple language files detected, please use --file to specify a directory or the file where dependencies are declared');
+            throw new Error('multiple language files detected, please use --file to specify a directory or the file where dependencies are declared');
         }
     }
 };

package/dist/common/HTTPClient.js

@@ -242,9 +242,9 @@ HTTPClient.prototype.checkLibrary = function checkLibrary(data) {
     options.body = data;
     return requestUtils.sendRequest({ method: 'post', options });
 };
-HTTPClient.prototype.getSbom = function getSbom(config) {
+HTTPClient.prototype.getSbom = function getSbom(config, type) {
     const options = _.cloneDeep(this.requestOptions);
-    options.url = createSbomCycloneDXUrl(config);
+    options.url = createSbomUrl(config, type);
     return requestUtils.sendRequest({ method: 'get', options });
 };
 HTTPClient.prototype.getLatestVersion = function getLatestVersion() {
@@ -304,11 +304,11 @@ const createAppNameUrl = config => {
 function createLibraryVulnerabilitiesUrl(config) {
     return `${config.host}/Contrast/api/ng/${config.organizationId}/libraries/artifactsByGroupNameVersion`;
 }
-function createSpecificReportUrl(config, reportId) {
-    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}`;
+function createSpecificReportUrl(config, reportId, includeTree = false) {
+    return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/reports/${reportId}?&includeTree=${includeTree}`;
 }
-function createSpecificReportWithProdUrl(config, reportId) {
-    return createSpecificReportUrl(config, reportId).concat(`?nodesToInclude=PROD`);
+function createSpecificReportWithProdUrl(config, reportId, includeTree) {
+    return createSpecificReportUrl(config, reportId, includeTree).concat(`&nodesToInclude=PROD`);
 }
 function createSpecificReportStatusURL(config, reportId) {
     return `${config.host}/Contrast/api/ng/sca/organizations/${config.organizationId}/applications/${config.applicationId}/snapshots/${reportId}/status`;
@@ -316,8 +316,8 @@ function createSpecificReportStatusURL(config, reportId) {
 function createDataUrl() {
     return `https://ardy.contrastsecurity.com/production`;
 }
-function createSbomCycloneDXUrl(config) {
-    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/cyclonedx`;
+function createSbomUrl(config, type) {
+    return `${config.host}/Contrast/api/ng/${config.organizationId}/applications/${config.applicationId}/libraries/sbom/${type}`;
 }
 module.exports = HTTPClient;
 module.exports.pollForAuthUrl = pollForAuthUrl;

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.8';
+const APP_VERSION = '1.0.9';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';
@@ -27,9 +27,12 @@ const NOTE_PRIORITY = 5;
 const AUTH_UI_URL = 'https://cli-auth.contrastsecurity.com';
 const AUTH_CALLBACK_URL = 'https://cli-auth-api.contrastsecurity.com';
 const SARIF_FILE = 'SARIF';
+const SBOM_CYCLONE_DX_FILE = 'cyclonedx';
+const SBOM_SPDX_FILE = 'spdx';
 const CE_URL = 'https://ce.contrastsecurity.com/';
 module.exports = {
     supportedLanguages: { NODE, DOTNET, JAVA, RUBY, PYTHON, GO, PHP, JAVASCRIPT },
+    supportedLanguagesScan: { JAVASCRIPT, DOTNET, JAVA },
     LOW,
     MEDIUM,
     HIGH,
@@ -50,5 +53,7 @@ module.exports = {
     HIGH_PRIORITY,
     MEDIUM_PRIORITY,
     LOW_PRIORITY,
-    NOTE_PRIORITY
+    NOTE_PRIORITY,
+    SBOM_CYCLONE_DX_FILE,
+    SBOM_SPDX_FILE
 };

package/dist/constants/locales.js

@@ -38,20 +38,22 @@ const en_locales = () => {
         languageAnalysisMultipleLanguages2: 'Please specify which project file you would like analyzed with the %s CLI option.',
         languageAnalysisProjectFiles: "Identified project language as '%s' but found multiple project files: %s. Please specify which project file you would like analyzed with the %s CLI option.",
         languageAnalysisHasNoLockFile: "Identified project language as '%s' but no project lock file was found.",
-        languageAnalysisHasMultipleLockFiles: "Identified project language as '%s' but multiple project lock files were found: %s \n",
+        languageAnalysisHasNoPackageJsonFile: 'Identified project language as javascript but no package.json file was found.',
+        languageAnalysisHasMultipleLockFiles: "Identified project language as '%s' but multiple project lock files were found.",
         languageAnalysisProjectFileError: "Identified project language as '%s' but no project file was found.",
         languageAnalysisProjectRootFileNameReadError: 'Failed to read the contents of the directory @ %s because: ',
         languageAnalysisProjectRootFileNameMissingError: "%s isn't a file or directory",
         languageAnalysisProjectRootFileNameFailure: 'Failed to get information about the file or directory @ %s because: ',
         languageAnalysisFailure: ' analysis failed because: ',
-        languageAnalysisNoLanguage: 'No language detected in project path @ %s',
+        languageAnalysisNoLanguage: 'We cannot detect a project, use --f <path> to specify a file or folder to analyze.',
+        languageAnalysisNoLanguageHelpLine: `${chalk.bold('contrast audit --help')} for more information.`,
         NodeAnalysisFailure: 'NODE analysis failed because: ',
         phpAnalysisFailure: 'PHP analysis failed because: ',
-        NodeParseNPM: "Failed to parse NODE package-lock.json file @ '%s' because: ",
+        NodeParseNPM: 'Failed to parse NODE package-lock.json file because: ',
         phpParseComposerLock: "Failed to parse PHP composer.lock file @ '%s' because: ",
         NodeReadNpmError: 'Failed to read the package-lock.json file @ "%s" because: ',
         phpReadError: 'Failed to read the composer.lock file @ "%s" because: ',
-        NodeParseYarn: "Failed to parse Node yarn.lock version 1 @ '%s' because: ",
+        NodeParseYarn: 'Failed to parse yarn.lock version %s because: ',
         NodeParseYarn2: "Failed to parse Node yarn.lock version 2 @ '%s' because: ",
         nodeReadProjectFileError: 'Failed to read the NODE project file @ "%s" because: ',
         phpReadProjectFileError: 'Failed to read the PHP project file @ "%s" because: ',
@@ -78,7 +80,7 @@ const en_locales = () => {
         constantsApplicationName: 'The name of the application cataloged by Contrast UI',
         constantsCatalogueApplication: 'Provide this if you want to catalogue an application',
         constantsLanguage: 'Valid values are JAVA, DOTNET, NODE, PYTHON and RUBY. If there are multiple project configuration files in the project_path, language is also required.  Also, provide this when cataloguing an application',
-        constantsFilePath: 'The directory root of a project/application that you would like analyzed. Defaults to current directory.',
+        constantsFilePath: `Path of the file you want to perform an SCA audit on. If no folder is specified, Contrast searches for dependency files in the working directory.`,
         constantsSilent: 'Silences JSON output.',
         constantsAppGroups: 'Assign your application to one or more pre-existing groups when using the catalogue command. Group lists should be comma separated.',
         constantsVersion: 'Displays CLI Version you are currently on.',
@@ -95,7 +97,7 @@ const en_locales = () => {
         constantsSeverity: 'Allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
         constantsCount: 'The number of CVEs that must be exceeded to fail a build',
         constantsHeader: 'CodeSec by Contrast Security',
-        constantsPrerequisitesContentScanLanguages: 'Java & JavaScript supported',
+        constantsPrerequisitesContentScanLanguages: 'Java, Javascript and .NET supported',
         constantsContrastContent: "Use the 'contrast' command for fast and accurate security analysis of your applications and APIs (Java, JavaScript and .NET ) as well as serverless functions (AWS lambda, Java and Python).",
         constantsUsageGuideContentRecommendation: 'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
         constantsPrerequisitesHeader: 'Pre-requisites',
@@ -162,7 +164,7 @@ const en_locales = () => {
         constantsIgnoreCertErrors: 'For EOP users with a local Teamserver install, this will bypass the SSL certificate and recognise a self signed certificate.',
         constantsSave: 'Saves the Scan Results SARIF to file.',
         scanLabel: "adds a label to the scan - defaults to 'Started by CLI tool at current date'",
-        constantsIgnoreDev: 'Excludes developer dependencies from the output. By default all dependencies are included.',
+        constantsIgnoreDev: 'Excludes developer dependencies from the results. All dependencies are included by default.',
         constantsCommands: 'Commands',
         constantsScanOptions: 'Scan Options',
         sbomError: 'All required parameters are not present.',
@@ -253,31 +255,23 @@ const en_locales = () => {
         connectionError: 'An error has occurred when trying to get the Project Id please check your internet connection or provide the Project Id manually',
         internalServerErrorHeader: '500 error - Internal server error',
         resourceLockedErrorHeader: '423 error - Resource is locked',
-        auditHeader: 'Contrast Audit',
-        auditHeaderMessage: `
-    Performs software composition analysis (SCA) on your application/code time to show you the dependencies between open source libraries, including where vulnerabilities were introduced.\n
-    Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.`,
+        auditHeader: 'Contrast audit help',
+        auditHeaderMessage: "Use 'contrast audit' to analyze a project’s dependencies for vulnerabilities.",
         constantsAuditPrerequisitesContentSupportedLanguages: 'Supported languages and their requirements are:',
-        constantsAuditPrerequisitesContentJava: 'Java: ',
-        constantsAuditPrerequisitesContentMessage: `
-       pom.xml AND Maven build platform, including the dependency plugin. 
-       For a Gradle project (v4.8+) use build.gradle. A gradle-wrapper.properties file is also required.
-       Kotlin is also supported requiring a build.gradle.kts file.`,
-        constantsAuditPrerequisitesContentDotNet: '.NET framework and .NET core: ',
+        constantsAuditPrerequisitesJavaContentMessage: `
+    ${chalk.bold('Java:')} pom.xml ${chalk.bold('and')} Maven build platform including the dependency plugin. 
+    ${chalk.bold('Or')} build.gradle ${chalk.bold('and')} gradle dependencies or ./gradlew dependencies must be supported`,
         constantsAuditPrerequisitesContentDotNetMessage: `
-       MSBuild 15.0 or greater and have a packages.lock.json file are supported.\n
-       Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
-        constantsAuditPrerequisitesContentLanguageNode: 'Node: ',
-        constantsAuditPrerequisitesContentLanguageRuby: 'Ruby: ',
-        constantsAuditPrerequisitesContentLanguagePython: 'Python: ',
-        constantsAuditPrerequisitesContentLanguageNodeMessage: '*.package.json AND a lock file either *.package-lock.json or *.yarn.lock',
-        constantsAuditPrerequisitesContentLanguageRubyMessage: 'gemfile AND gemfile.lock',
-        constantsAuditPrerequisitesContentLanguagePythonMessage: 'pipfile AND pipfile.lock',
+    ${chalk.bold('.NET framework and .NET core:')} MSBuild 15.0 or greater and a packages.lock.json file.
+    Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
+        constantsAuditPrerequisitesContentNodeMessage: `${chalk.bold('Node:')} package.json and a lock file (either .package-lock.json or .yarn.lock.)\n`,
+        constantsAuditPrerequisitesContentRubyMessage: `${chalk.bold('Ruby:')} gemfile and gemfile.lock\n`,
+        constantsAuditPrerequisitesContentPythonMessage: `${chalk.bold('Python:')} pipfile and pipfile.lock\n`,
+        constantsAuditPrerequisitesContentGoMessage: `${chalk.bold('Go:')} go.mod\n`,
+        constantsAuditPrerequisitesContentPHPMessage: `${chalk.bold('PHP:')} composer.json and composer.lock\n`,
         constantsAuditOptions: 'Audit Options',
-        auditOptionsIgnoreDevDependencies: '-igd, --ignore-dev',
-        auditOptionsIgnoreDevDependenciesDescription: 'ignores DevDependencies',
-        auditOptionsSave: '-s, --save',
-        auditOptionsSaveDescription: 'saves the output in specified format, options: sbom',
+        auditOptionsSaveDescription: 'Generate and save an SBOM (Software Bill of Materials)\n',
+        auditOptionsSaveOptionsDescription: 'Valid options are: spdx, cyclonedx (cycloneDX is the default format)',
         scanNotCompleted: 'Scan not completed. Check for framework and language support here: %s',
         auditNotCompleted: 'audit not completed.  Please try again',
         scanNoVulnerabilitiesFound: '🎉 No vulnerabilities found.',
@@ -292,7 +286,7 @@ const en_locales = () => {
         auditReportSuccessMessage: 'Report successfully retrieved',
         auditReportFailureMessage: 'Unable to generate library report',
         auditSCAAnalysisBegins: 'Contrast SCA audit started',
-        auditSCAAnalysisComplete: 'Contrast SCA audit complete',
+        auditSCAAnalysisComplete: 'Contrast audit complete',
         ...lambda
     };
 };

package/dist/constants.js

@@ -235,14 +235,6 @@ const auditOptionDefinitions = [
     {
         name: 'maven-settings-path'
     },
-    {
-        name: 'language',
-        alias: 'l',
-        description: '{bold ' +
-            i18n.__('constantsRequiredCatalogue') +
-            '}: ' +
-            i18n.__('constantsLanguage')
-    },
     {
         name: 'organization-id',
         alias: 'o',
@@ -294,12 +286,22 @@ const auditOptionDefinitions = [
         description: '{bold ' +
             i18n.__('constantsOptional') +
             '}: ' +
-            i18n.__('auditOptionsSaveDescription')
+            i18n.__('auditOptionsSaveDescription') +
+            i18n.__('auditOptionsSaveOptionsDescription')
     },
     {
         name: 'experimental',
         alias: 'e',
         type: Boolean
+    },
+    {
+        name: 'timeout',
+        alias: 't',
+        type: Number,
+        description: '{bold ' +
+            i18n.__('constantsOptional') +
+            '}: ' +
+            i18n.__('scanOptionsTimeoutSummary')
     }
 ];
 const mainUsageGuide = commandLineUsage([

package/dist/index.js

@@ -30,55 +30,64 @@ const getMainOption = () => {
     };
 };
 const start = async () => {
-    if (await (0, versionChecker_1.isCorrectNodeVersion)(process.version)) {
-        const { mainOptions, argv: argvMain } = getMainOption();
-        const command = mainOptions.command != undefined ? mainOptions.command.toLowerCase() : '';
-        if (command === 'version' ||
-            argvMain.includes('--v') ||
-            argvMain.includes('--version')) {
-            console.log(constants_2.APP_VERSION);
-            await (0, versionChecker_1.findLatestCLIVersion)(config);
-            return;
-        }
-        config.set('numOfRuns', config.get('numOfRuns') + 1);
-        if (config.get('numOfRuns') >= 1) {
-            await (0, versionChecker_1.findLatestCLIVersion)(config);
-            config.set('numOfRuns', 0);
-        }
-        if (command === 'config') {
-            return (0, config_1.processConfig)(argvMain, config);
-        }
-        if (command === 'auth') {
-            return await (0, auth_1.processAuth)(argvMain, config);
-        }
-        if (command === 'lambda') {
-            return await (0, lambda_1.processLambda)(argvMain);
-        }
-        if (command === 'scan') {
-            return await (0, processScan_1.processScan)(argvMain);
-        }
-        if (command === 'audit') {
-            return await (0, processAudit_1.processAudit)(argvMain);
-        }
-        if (command === 'help' ||
-            argvMain.includes('--help') ||
-            Object.keys(mainOptions).length === 0) {
-            console.log(mainUsageGuide);
-        }
-        else if (mainOptions._unknown !== undefined) {
-            const foundCommand = (0, errorHandling_1.findCommandOnError)(mainOptions._unknown);
-            foundCommand
-                ? console.log(`Unknown Command: Did you mean "${foundCommand}"? \nUse "${foundCommand} --help" for the full list of options`)
-                : console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+    try {
+        if (await (0, versionChecker_1.isCorrectNodeVersion)(process.version)) {
+            const { mainOptions, argv: argvMain } = getMainOption();
+            const command = mainOptions.command != undefined
+                ? mainOptions.command.toLowerCase()
+                : '';
+            if (command === 'version' ||
+                argvMain.includes('--v') ||
+                argvMain.includes('--version')) {
+                console.log(constants_2.APP_VERSION);
+                await (0, versionChecker_1.findLatestCLIVersion)(config);
+                return;
+            }
+            config.set('numOfRuns', config.get('numOfRuns') + 1);
+            if (config.get('numOfRuns') >= 1) {
+                await (0, versionChecker_1.findLatestCLIVersion)(config);
+                config.set('numOfRuns', 0);
+            }
+            if (command === 'config') {
+                return (0, config_1.processConfig)(argvMain, config);
+            }
+            if (command === 'auth') {
+                return await (0, auth_1.processAuth)(argvMain, config);
+            }
+            if (command === 'lambda') {
+                return await (0, lambda_1.processLambda)(argvMain);
+            }
+            if (command === 'scan') {
+                return await (0, processScan_1.processScan)(argvMain);
+            }
+            if (command === 'audit') {
+                return await (0, processAudit_1.processAudit)(argvMain);
+            }
+            if (command === 'help' ||
+                argvMain.includes('--help') ||
+                Object.keys(mainOptions).length === 0) {
+                console.log(mainUsageGuide);
+            }
+            else if (mainOptions._unknown !== undefined) {
+                const foundCommand = (0, errorHandling_1.findCommandOnError)(mainOptions._unknown);
+                foundCommand
+                    ? console.log(`Unknown Command: Did you mean "${foundCommand}"? \nUse "${foundCommand} --help" for the full list of options`)
+                    : console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+            }
+            else {
+                console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+            }
+            process.exit(9);
         }
         else {
-            console.log(`Unknown Command: ${command} \nUse --help for the full list`);
+            console.log('Contrast supports Node versions >=16.13.2 <17. Please use one of those versions.');
+            process.exit(9);
         }
-        process.exit(9);
     }
-    else {
-        console.log('Contrast supports Node versions >=16.13.2 <17. Please use one of those versions.');
-        process.exit(9);
+    catch (err) {
+        console.log();
+        console.log(err.message.toString());
+        process.exit(1);
     }
 };
 start();

package/dist/lambda/lambda.js

@@ -22,6 +22,7 @@ const requestUtils_1 = require("../utils/requestUtils");
 const oraWrapper_1 = __importDefault(require("../utils/oraWrapper"));
 const analytics_1 = require("./analytics");
 const types_1 = require("./types");
+const constants_2 = require("../constants/constants");
 const failedStates = [
     'UNSUPPORTED',
     'EXCLUDED',
@@ -68,7 +69,8 @@ const processLambda = async (argv) => {
         const startCommandAnalytics = {
             arguments: lambdaOptions,
             sessionId: commandSessionId,
-            eventType: types_1.EventType.START
+            eventType: types_1.EventType.START,
+            packageVersion: constants_2.APP_VERSION
         };
         (0, analytics_1.postAnalytics)(startCommandAnalytics).catch((error) => {
         });
@@ -95,7 +97,8 @@ const processLambda = async (argv) => {
         const endCommandAnalytics = {
             sessionId: commandSessionId,
             eventType: types_1.EventType.END,
-            status: errorMsg ? types_1.StatusType.FAILED : types_1.StatusType.SUCCESS
+            status: errorMsg ? types_1.StatusType.FAILED : types_1.StatusType.SUCCESS,
+            packageVersion: constants_2.APP_VERSION
         };
         if (errorMsg) {
             endCommandAnalytics.errorMsg = errorMsg;

package/dist/sbom/generateSbom.js

@@ -2,10 +2,10 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.generateSbom = void 0;
 const commonApi_1 = require("../utils/commonApi");
-const generateSbom = (config) => {
+const generateSbom = (config, type) => {
     const client = (0, commonApi_1.getHttpClient)(config);
     return client
-        .getSbom(config)
+        .getSbom(config, type)
         .then((res) => {
         if (res.statusCode === 200) {
             return res.body;

package/dist/scaAnalysis/common/formatMessage.js

@@ -46,11 +46,17 @@ const createPhpTSMessage = phpTree => {
         }
     };
 };
+const createDotNetTSMessage = dotnetTree => {
+    return {
+        dotnet: dotnetTree
+    };
+};
 module.exports = {
     createJavaScriptTSMessage,
     createJavaTSMessage,
     createGoTSMessage,
     createPhpTSMessage,
     createRubyTSMessage,
-    createPythonTSMessage
+    createPythonTSMessage,
+    createDotNetTSMessage
 };

package/dist/scaAnalysis/common/treeUpload.js

@@ -1,5 +1,5 @@
 "use strict";
-const { getHttpClient } = require('../../utils/commonApi');
+const commonApi = require('../../utils/commonApi');
 const { APP_VERSION } = require('../../constants/constants');
 const commonSendSnapShot = async (analysis, config) => {
     const requestBody = {
@@ -7,7 +7,7 @@ const commonSendSnapShot = async (analysis, config) => {
         cliVersion: APP_VERSION,
         snapshot: analysis
     };
-    const client = getHttpClient(config);
+    const client = commonApi.getHttpClient(config);
     return client
         .sendSnapshot(requestBody, config)
         .then(res => {
@@ -15,12 +15,11 @@ const commonSendSnapShot = async (analysis, config) => {
             return res.body;
         }
         else {
-            console.log(res.statusCode);
-            console.log('error processing dependencies');
+            throw new Error(res.statusCode + ` error processing dependencies`);
         }
     })
         .catch(err => {
-        console.log(err);
+        throw err;
     });
 };
 module.exports = {

package/dist/scaAnalysis/dotnet/analysis.js

@@ -0,0 +1,43 @@
+"use strict";
+const fs = require('fs');
+const xml2js = require('xml2js');
+const i18n = require('i18n');
+const readAndParseProjectFile = projectFilePath => {
+    const projectFile = fs.readFileSync(projectFilePath);
+    return new xml2js.Parser({
+        explicitArray: false,
+        mergeAttrs: true
+    }).parseString(projectFile);
+};
+const readAndParseLockFile = lockFilePath => {
+    const lockFile = JSON.parse(fs.readFileSync(lockFilePath).toString());
+    let count = 0;
+    for (const dependenciesNode in lockFile.dependencies) {
+        for (const innerNode in lockFile.dependencies[dependenciesNode]) {
+            const nodeValidation = JSON.stringify(lockFile.dependencies[dependenciesNode][innerNode]);
+            if (nodeValidation.includes('"type":"Project"')) {
+                count += 1;
+                delete lockFile.dependencies[dependenciesNode][innerNode];
+                lockFile.additionalInfo = 'dependenciesNote';
+            }
+        }
+    }
+    if (count > 0) {
+        const multiLevelProjectWarning = () => {
+            console.log('');
+            console.log(i18n.__('dependenciesNote'));
+        };
+        setTimeout(multiLevelProjectWarning, 7000);
+    }
+    return lockFile;
+};
+const getDotNetDeps = (filePath, languageFiles) => {
+    const projectFile = readAndParseProjectFile(filePath + `/${languageFiles[0]}`);
+    const lockFile = readAndParseLockFile(filePath + `/${languageFiles[1]}`);
+    return { projectFile, lockFile };
+};
+module.exports = {
+    getDotNetDeps,
+    readAndParseProjectFile,
+    readAndParseLockFile
+};

package/dist/scaAnalysis/dotnet/index.js

@@ -0,0 +1,10 @@
+"use strict";
+const { getDotNetDeps } = require('./analysis');
+const { createDotNetTSMessage } = require('../common/formatMessage');
+const dotNetAnalysis = (config, languageFiles) => {
+    const dotNetDeps = getDotNetDeps(config.file, languageFiles.DOTNET);
+    return createDotNetTSMessage(dotNetDeps);
+};
+module.exports = {
+    dotNetAnalysis
+};

package/dist/scaAnalysis/javascript/analysis.js

@@ -10,7 +10,7 @@ const readFile = async (config, languageFiles, nameOfFile) => {
         return fs.readFileSync(config.file.concat(languageFiles[index]), 'utf8');
     }
     else {
-        console.log('could not find file');
+        throw new Error('could not find file');
     }
 };
 const readYarn = async (config, languageFiles, nameOfFile) => {
@@ -29,8 +29,7 @@ const readYarn = async (config, languageFiles, nameOfFile) => {
         return yarn;
     }
     catch (err) {
-        console.log(i18n.__('nodeReadYarnLockFileError') + `${err.message}`);
-        return;
+        throw new Error(i18n.__('nodeReadYarnLockFileError') + `${err.message}`);
     }
 };
 const parseNpmLockFile = async (js) => {
@@ -67,8 +66,7 @@ const parseNpmLockFile = async (js) => {
         }
     }
     catch (err) {
-        console.log(i18n.__('NodeParseNPM') + `${err.message}`);
-        return;
+        throw new Error(i18n.__('NodeParseNPM') + `${err.message}`);
     }
 };
 const addDepToLockFile = (js, depObj, key) => {
@@ -97,8 +95,7 @@ const parseYarnLockFile = async (js) => {
         }
     }
     catch (err) {
-        console.log(i18n.__('NodeParseYarn') + `${err.message}`);
-        return;
+        throw new Error(i18n.__('NodeParseYarn', js.yarn.yarnVersion) + `${err.message}`);
     }
 };
 module.exports = {