regscale-cli 6.23.0.1__py3-none-any.whl → 6.24.0.1__py3-none-any.whl

regscale/_version.py

@@ -33,7 +33,7 @@ def get_version_from_pyproject() -> str:
                     return match.group(1)
     except Exception:
         pass
-    return "6.23.0.1"  # fallback version
+    return "6.24.0.1"  # fallback version
 
 
 __version__ = get_version_from_pyproject()

regscale/core/app/application.py

@@ -214,6 +214,7 @@ class Application(metaclass=Singleton):
                     "low": 365,
                     "medium": 90,
                     "status": "Open",
+                    "minimumSeverity": "low",
                 },
                 "xray": {
                     "critical": 30,
@@ -264,6 +265,7 @@ class Application(metaclass=Singleton):
             "token": DEFAULT_POPULATED,
             "userId": "enter RegScale user id here",
             "useMilestones": False,
+            "preventAutoClose": True,
             "otx": "enter AlienVault API key here",
             "wizAccessToken": DEFAULT_POPULATED,
             "wizAuthUrl": "https://auth.wiz.io/oauth/token",

regscale/integrations/commercial/__init__.py

@@ -491,6 +491,7 @@ show_mapping(veracode, "veracode")
         "vulnerabilities": "regscale.integrations.commercial.wizv2.click.vulnerabilities",
         "add_report_evidence": "regscale.integrations.commercial.wizv2.click.add_report_evidence",
         "sync_compliance": "regscale.integrations.commercial.wizv2.click.sync_compliance",
+        "compliance_report": "regscale.integrations.commercial.wizv2.click.compliance_report",
     },
     name="wiz",
 )

regscale/integrations/commercial/jira.py

@@ -719,10 +719,7 @@ def create_and_update_regscale_issues(args: Tuple, thread: int) -> None:
                 parent_module=parent_module,
             )
             # create the issue in RegScale
-            if regscale_issue := Issue.insert_issue(
-                app=app,
-                issue=issue,
-            ):
+            if regscale_issue := issue.create():
                 logger.debug(
                     "Created issue #%i-%s in RegScale.",
                     regscale_issue.id,
@@ -812,7 +809,7 @@ def fetch_jira_objects(
     jira_client: JIRA, jira_project: str, jira_issue_type: str, jql_str: str = None, sync_tasks_only: bool = False
 ) -> list[jiraIssue]:
     """
-    Fetch all issues from Jira for the provided project
+    Fetch all issues from Jira for the provided project using the enhanced search API.
 
     :param JIRA jira_client: Jira client to use for the request
     :param str jira_project: Name of the project in Jira
@@ -822,15 +819,77 @@ def fetch_jira_objects(
     :return: List of Jira issues
     :rtype: list[jiraIssue]
     """
-    start_pointer = 0
-    page_size = 100
-    jira_objects = []
     if sync_tasks_only:
         validate_issue_type(jira_client, jira_issue_type)
         output_str = "task"
     else:
         output_str = "issue"
     logger.info("Fetching %s(s) from Jira...", output_str.lower())
+    try:
+        max_results = 100  # 100 is the max allowed by Jira
+        jira_issues = []
+        issue_response = jira_client.enhanced_search_issues(
+            jql_str=jql_str or f"project = {jira_project}",
+            maxResults=max_results,
+        )
+        jira_issues.extend(issue_response)
+        logger.info(
+            "%i Jira %s(s) retrieved.",
+            len(jira_issues),
+            output_str.lower(),
+        )
+        # Handle pagination if there are more issues to fetch
+        while issue_response.nextPageToken:
+            issue_response = jira_client.enhanced_search_issues(
+                jql_str=jql_str, maxResults=max_results, nextPageToken=issue_response.nextPageToken
+            )
+            jira_issues.extend(issue_response)
+            logger.info(
+                "%i Jira %s(s) retrieved.",
+                len(jira_issues),
+                output_str.lower(),
+            )
+        # Save artifacts file and log final result if we have issues
+        if jira_issues:
+            save_jira_issues(jira_issues, jira_project, jira_issue_type)
+        logger.info("%i %s(s) retrieved from Jira.", len(jira_issues), output_str.lower())
+        return jira_issues
+    except Exception as e:
+        logger.warning(
+            "An error occurred while fetching Jira issues using the enhanced_search_issues method: %s", str(e)
+        )
+        logger.info("Falling back to the deprecated fetch method...")
+
+    try:
+        return deprecated_fetch_jira_objects(
+            jira_client=jira_client,
+            jira_project=jira_project,
+            jira_issue_type=jira_issue_type,
+            jql_str=jql_str,
+            output_str=output_str,
+        )
+    except JIRAError as e:
+        error_and_exit(f"Unable to fetch issues from Jira: {e}")
+
+
+def deprecated_fetch_jira_objects(
+    jira_client: JIRA, jira_project: str, jira_issue_type: str, jql_str: str = None, output_str: str = "issue"
+) -> list[jiraIssue]:
+    """
+    Fetch all issues from Jira for the provided project using the old API method, used as a fallback method.
+
+    :param JIRA jira_client: Jira client to use for the request
+    :param str jira_project: Name of the project in Jira
+    :param str jira_issue_type: Type of issue to fetch from Jira
+    :param str jql_str: JQL string to use for the request, default None
+    :param str output_str: String to use for logging, either "issue" or "task"
+    :return: List of Jira issues
+    :rtype: list[jiraIssue]
+    """
+    start_pointer = 0
+    page_size = 100
+    jira_objects = []
+    logger.info("Fetching %s(s) from Jira...", output_str.lower())
     # get all issues for the Jira project
     while True:
         start = start_pointer * page_size
@@ -851,24 +910,36 @@ def fetch_jira_objects(
             output_str.lower(),
         )
     if jira_objects:
-        check_file_path("artifacts")
-        file_name = f"{jira_project.lower()}_existingJira{jira_issue_type}.json"
-        file_path = Path(f"./artifacts/{file_name}")
-        save_data_to(
-            file=file_path,
-            data=[issue.raw for issue in jira_objects],
-            output_log=False,
-        )
-        logger.info(
-            "Saved %i Jira %s(s), see %s",
-            len(jira_objects),
-            jira_issue_type.lower(),
-            str(file_path.absolute()),
-        )
+        save_jira_issues(jira_objects, jira_project, jira_issue_type)
     logger.info("%i %s(s) retrieved from Jira.", len(jira_objects), output_str.lower())
     return jira_objects
 
 
+def save_jira_issues(jira_issues: list[jiraIssue], jira_project: str, jira_issue_type: str) -> None:
+    """
+    Save Jira issues to a JSON file in the artifacts directory
+
+    :param list[jiraIssue] jira_issues: List of Jira issues to save
+    :param str jira_project: Name of the project in Jira
+    :param str jira_issue_type: Type of issue to fetch from Jira
+    :rtype: None
+    """
+    check_file_path("artifacts")
+    file_name = f"{jira_project.lower()}_existingJira{jira_issue_type}.json"
+    file_path = Path(f"./artifacts/{file_name}")
+    save_data_to(
+        file=file_path,
+        data=[issue.raw for issue in jira_issues],
+        output_log=False,
+    )
+    logger.info(
+        "Saved %i Jira %s(s), see %s",
+        len(jira_issues),
+        jira_issue_type.lower(),
+        str(file_path.absolute()),
+    )
+
+
 def map_jira_to_regscale_issue(jira_issue: jiraIssue, config: dict, parent_id: int, parent_module: str) -> Issue:
     """
     Map Jira issues to RegScale issues
@@ -893,6 +964,8 @@ def map_jira_to_regscale_issue(jira_issue: jiraIssue, config: dict, parent_id: i
         ),
         status=("Closed" if jira_issue.fields.status.name.lower() == "done" else config["issues"]["jira"]["status"]),
         jiraId=jira_issue.key,
+        identification="Jira Sync",
+        sourceReport="Jira",
         parentId=parent_id,
         parentModule=parent_module,
         dateCreated=get_current_datetime(),

regscale/integrations/commercial/sarif/sarif_converter.py

@@ -44,7 +44,7 @@ def sarif():
     type=click.DateTime(formats=["%Y-%m-%d"]),
     help="The scan date of the file.",
     required=False,
-    default=get_current_datetime(),
+    default=get_current_datetime("%Y-%m-%d"),
 )
 def import_sarif(file_path: Path, asset_id: int, scan_date: Optional[datetime.datetime] = None) -> None:
     """Convert a SARIF file(s) to OCSF format using an API converter."""

regscale/integrations/commercial/wizv2/click.py

@@ -154,7 +154,7 @@ def issues(
     scanner = WizIssue(plan_id=regscale_ssp_id)
     scanner.sync_findings(
         plan_id=regscale_ssp_id,
-        filter_by_override=filter_by_override,  # type: ignore
+        filter_by_override=filter_by,  # Pass the processed dict with project ID
         client_id=client_id,  # type: ignore
         client_secret=client_secret,  # type: ignore
         wiz_project_id=wiz_project_id,
@@ -328,7 +328,11 @@ def add_report_evidence(
     )
 
 
-@wiz.command("sync_compliance")
+@wiz.command(
+    "sync_compliance",
+    deprecated=True,
+    help="[BETA] This command shows an experimental feature. Use with caution. Use compliance report instead for Compliance sync from Wiz.",
+)
 @click.option(  # type: ignore
     "--wiz_project_id",
     "-p",
@@ -476,3 +480,129 @@ def sync_compliance(
         create_issues=create_issues,
         update_control_status=update_control_status,
     )
+
+
+@wiz.command(name="compliance_report")
+@click.option(
+    "--wiz_project_id",
+    "-p",
+    prompt="Enter the Wiz project ID",
+    help="Enter the Wiz Project ID for compliance report processing.",
+    required=True,
+)
+@regscale_id(help="RegScale will create and update control assessments as children of this record.")
+@regscale_module(required=True, default="securityplans", prompt=False)
+@click.option(
+    "--client_id",
+    "-i",
+    help="Wiz Client ID, or can be set as environment variable wizClientId",
+    default="",
+    hide_input=False,
+    required=False,
+)
+@click.option(
+    "--client_secret",
+    "-s",
+    help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
+    default="",
+    hide_input=True,
+    required=False,
+)
+@click.option(
+    "--report_file_path",
+    "-f",
+    help="Path to existing CSV compliance report file (optional - will create new report if not provided)",
+    default=None,
+    required=False,
+)
+@click.option(
+    "--create-issues/--no-create-issues",
+    "-ci/-ni",
+    default=True,
+    help="Create issues for failed compliance assessments (default: enabled)",
+)
+@click.option(
+    "--update-control-status/--no-update-control-status",
+    "-ucs/-nucs",
+    default=True,
+    help="Update control implementation status based on assessment results (default: enabled)",
+)
+@click.option(
+    "--create-poams/--no-create-poams",
+    "-cp/-ncp",
+    default=False,
+    help="Mark created issues as POAMs (default: disabled)",
+)
+@click.option(
+    "--reuse-existing-reports/--no-reuse-existing-reports",
+    "-rer/-nrer",
+    default=True,
+    help="Reuse existing Wiz compliance reports instead of creating new ones (default: enabled)",
+)
+@click.option(
+    "--force-fresh-report/--no-force-fresh-report",
+    "-ffr/-nffr",
+    default=False,
+    help="Force creation of a fresh compliance report, ignoring existing reports (default: disabled)",
+)
+def compliance_report(
+    wiz_project_id,
+    regscale_id,
+    regscale_module,
+    client_id,
+    client_secret,
+    report_file_path,
+    create_issues,
+    update_control_status,
+    create_poams,
+    reuse_existing_reports,
+    force_fresh_report,
+):
+    """
+    Process Wiz compliance reports and create assessments in RegScale.
+
+    This command can either:
+    1. Create a new compliance report from Wiz and process it
+    2. Process an existing compliance report CSV file
+
+    The command will:
+    - Parse compliance assessment data from CSV format
+    - Create control assessments based on compliance results
+    - Create issues for failed compliance assessments (if --create-issues enabled)
+    - Update control implementation status (if --update-control-status enabled)
+    - Support POAM creation for compliance issues
+
+    REPORT MANAGEMENT:
+    By default, the command will look for existing compliance reports in Wiz for the
+    specified project and rerun them instead of creating new ones. This prevents the
+    accumulation of duplicate reports in Wiz. Use --no-reuse-existing-reports to
+    always create new reports, or --force-fresh-report to force a new report even
+    when reuse is enabled.
+    """
+    from regscale.integrations.commercial.wizv2.compliance_report import WizComplianceReportProcessor
+
+    # Use environment variables if not provided
+    if not client_secret:
+        client_secret = WizVariables.wizClientSecret
+    if not client_id:
+        client_id = WizVariables.wizClientId
+
+    # Create and run the compliance report processor
+    # Enable bypass_control_filtering by default for performance with large control sets
+    processor = WizComplianceReportProcessor(
+        plan_id=regscale_id,
+        wiz_project_id=wiz_project_id,
+        client_id=client_id,
+        client_secret=client_secret,
+        regscale_module=regscale_module,
+        create_poams=create_poams,
+        create_issues=create_issues,
+        update_control_status=update_control_status,
+        report_file_path=report_file_path,
+        bypass_control_filtering=True,  # Bypass filtering for performance with large control sets
+        reuse_existing_reports=reuse_existing_reports,
+        force_fresh_report=force_fresh_report,
+    )
+
+    # Process the compliance report using new ComplianceIntegration pattern
+    processor.process_compliance_sync()