regscale-cli 6.24.0.0__py3-none-any.whl → 6.24.0.1__py3-none-any.whl

regscale/_version.py

@@ -33,7 +33,7 @@ def get_version_from_pyproject() -> str:
                     return match.group(1)
     except Exception:
         pass
-    return "6.24.0.0"  # fallback version
+    return "6.24.0.1"  # fallback version
 
 
 __version__ = get_version_from_pyproject()

regscale/integrations/commercial/jira.py

@@ -719,10 +719,7 @@ def create_and_update_regscale_issues(args: Tuple, thread: int) -> None:
                 parent_module=parent_module,
             )
             # create the issue in RegScale
-            if regscale_issue := Issue.insert_issue(
-                app=app,
-                issue=issue,
-            ):
+            if regscale_issue := issue.create():
                 logger.debug(
                     "Created issue #%i-%s in RegScale.",
                     regscale_issue.id,
@@ -812,7 +809,7 @@ def fetch_jira_objects(
     jira_client: JIRA, jira_project: str, jira_issue_type: str, jql_str: str = None, sync_tasks_only: bool = False
 ) -> list[jiraIssue]:
     """
-    Fetch all issues from Jira for the provided project
+    Fetch all issues from Jira for the provided project using the enhanced search API.
 
     :param JIRA jira_client: Jira client to use for the request
     :param str jira_project: Name of the project in Jira
@@ -822,15 +819,77 @@ def fetch_jira_objects(
     :return: List of Jira issues
     :rtype: list[jiraIssue]
     """
-    start_pointer = 0
-    page_size = 100
-    jira_objects = []
     if sync_tasks_only:
         validate_issue_type(jira_client, jira_issue_type)
         output_str = "task"
     else:
         output_str = "issue"
     logger.info("Fetching %s(s) from Jira...", output_str.lower())
+    try:
+        max_results = 100  # 100 is the max allowed by Jira
+        jira_issues = []
+        issue_response = jira_client.enhanced_search_issues(
+            jql_str=jql_str or f"project = {jira_project}",
+            maxResults=max_results,
+        )
+        jira_issues.extend(issue_response)
+        logger.info(
+            "%i Jira %s(s) retrieved.",
+            len(jira_issues),
+            output_str.lower(),
+        )
+        # Handle pagination if there are more issues to fetch
+        while issue_response.nextPageToken:
+            issue_response = jira_client.enhanced_search_issues(
+                jql_str=jql_str, maxResults=max_results, nextPageToken=issue_response.nextPageToken
+            )
+            jira_issues.extend(issue_response)
+            logger.info(
+                "%i Jira %s(s) retrieved.",
+                len(jira_issues),
+                output_str.lower(),
+            )
+        # Save artifacts file and log final result if we have issues
+        if jira_issues:
+            save_jira_issues(jira_issues, jira_project, jira_issue_type)
+        logger.info("%i %s(s) retrieved from Jira.", len(jira_issues), output_str.lower())
+        return jira_issues
+    except Exception as e:
+        logger.warning(
+            "An error occurred while fetching Jira issues using the enhanced_search_issues method: %s", str(e)
+        )
+        logger.info("Falling back to the deprecated fetch method...")
+
+    try:
+        return deprecated_fetch_jira_objects(
+            jira_client=jira_client,
+            jira_project=jira_project,
+            jira_issue_type=jira_issue_type,
+            jql_str=jql_str,
+            output_str=output_str,
+        )
+    except JIRAError as e:
+        error_and_exit(f"Unable to fetch issues from Jira: {e}")
+
+
+def deprecated_fetch_jira_objects(
+    jira_client: JIRA, jira_project: str, jira_issue_type: str, jql_str: str = None, output_str: str = "issue"
+) -> list[jiraIssue]:
+    """
+    Fetch all issues from Jira for the provided project using the old API method, used as a fallback method.
+
+    :param JIRA jira_client: Jira client to use for the request
+    :param str jira_project: Name of the project in Jira
+    :param str jira_issue_type: Type of issue to fetch from Jira
+    :param str jql_str: JQL string to use for the request, default None
+    :param str output_str: String to use for logging, either "issue" or "task"
+    :return: List of Jira issues
+    :rtype: list[jiraIssue]
+    """
+    start_pointer = 0
+    page_size = 100
+    jira_objects = []
+    logger.info("Fetching %s(s) from Jira...", output_str.lower())
     # get all issues for the Jira project
     while True:
         start = start_pointer * page_size
@@ -851,24 +910,36 @@ def fetch_jira_objects(
             output_str.lower(),
         )
     if jira_objects:
-        check_file_path("artifacts")
-        file_name = f"{jira_project.lower()}_existingJira{jira_issue_type}.json"
-        file_path = Path(f"./artifacts/{file_name}")
-        save_data_to(
-            file=file_path,
-            data=[issue.raw for issue in jira_objects],
-            output_log=False,
-        )
-        logger.info(
-            "Saved %i Jira %s(s), see %s",
-            len(jira_objects),
-            jira_issue_type.lower(),
-            str(file_path.absolute()),
-        )
+        save_jira_issues(jira_objects, jira_project, jira_issue_type)
     logger.info("%i %s(s) retrieved from Jira.", len(jira_objects), output_str.lower())
     return jira_objects
 
 
+def save_jira_issues(jira_issues: list[jiraIssue], jira_project: str, jira_issue_type: str) -> None:
+    """
+    Save Jira issues to a JSON file in the artifacts directory
+
+    :param list[jiraIssue] jira_issues: List of Jira issues to save
+    :param str jira_project: Name of the project in Jira
+    :param str jira_issue_type: Type of issue to fetch from Jira
+    :rtype: None
+    """
+    check_file_path("artifacts")
+    file_name = f"{jira_project.lower()}_existingJira{jira_issue_type}.json"
+    file_path = Path(f"./artifacts/{file_name}")
+    save_data_to(
+        file=file_path,
+        data=[issue.raw for issue in jira_issues],
+        output_log=False,
+    )
+    logger.info(
+        "Saved %i Jira %s(s), see %s",
+        len(jira_issues),
+        jira_issue_type.lower(),
+        str(file_path.absolute()),
+    )
+
+
 def map_jira_to_regscale_issue(jira_issue: jiraIssue, config: dict, parent_id: int, parent_module: str) -> Issue:
     """
     Map Jira issues to RegScale issues
@@ -893,6 +964,8 @@ def map_jira_to_regscale_issue(jira_issue: jiraIssue, config: dict, parent_id: i
         ),
         status=("Closed" if jira_issue.fields.status.name.lower() == "done" else config["issues"]["jira"]["status"]),
         jiraId=jira_issue.key,
+        identification="Jira Sync",
+        sourceReport="Jira",
         parentId=parent_id,
         parentModule=parent_module,
         dateCreated=get_current_datetime(),

regscale/integrations/commercial/wizv2/click.py

@@ -533,6 +533,18 @@ def sync_compliance(
     default=False,
     help="Mark created issues as POAMs (default: disabled)",
 )
+@click.option(
+    "--reuse-existing-reports/--no-reuse-existing-reports",
+    "-rer/-nrer",
+    default=True,
+    help="Reuse existing Wiz compliance reports instead of creating new ones (default: enabled)",
+)
+@click.option(
+    "--force-fresh-report/--no-force-fresh-report",
+    "-ffr/-nffr",
+    default=False,
+    help="Force creation of a fresh compliance report, ignoring existing reports (default: disabled)",
+)
 def compliance_report(
     wiz_project_id,
     regscale_id,
@@ -543,6 +555,8 @@ def compliance_report(
     create_issues,
     update_control_status,
     create_poams,
+    reuse_existing_reports,
+    force_fresh_report,
 ):
     """
     Process Wiz compliance reports and create assessments in RegScale.
@@ -557,6 +571,13 @@ def compliance_report(
     - Create issues for failed compliance assessments (if --create-issues enabled)
     - Update control implementation status (if --update-control-status enabled)
     - Support POAM creation for compliance issues
+
+    REPORT MANAGEMENT:
+    By default, the command will look for existing compliance reports in Wiz for the
+    specified project and rerun them instead of creating new ones. This prevents the
+    accumulation of duplicate reports in Wiz. Use --no-reuse-existing-reports to
+    always create new reports, or --force-fresh-report to force a new report even
+    when reuse is enabled.
     """
     from regscale.integrations.commercial.wizv2.compliance_report import WizComplianceReportProcessor
 
@@ -579,6 +600,8 @@ def compliance_report(
         update_control_status=update_control_status,
         report_file_path=report_file_path,
         bypass_control_filtering=True,  # Bypass filtering for performance with large control sets
+        reuse_existing_reports=reuse_existing_reports,
+        force_fresh_report=force_fresh_report,
     )
 
     # Process the compliance report using new ComplianceIntegration pattern

regscale/integrations/commercial/wizv2/compliance_report.py

@@ -103,27 +103,42 @@ class WizComplianceReportItem(ComplianceItem):
         return control_ids[0] if control_ids else ""
 
     def get_all_control_ids(self) -> list:
-        """Extract all control IDs from compliance check name."""
+        """Extract all control IDs from compliance check name and normalize leading zeros."""
         if not self.compliance_check_name:
             return []
 
-        # Parse control IDs from compliance check name
-        # Format: "AC-2(4) Account Management | Automated Audit Actions, AC-6(9) Least Privilege | Log Use of Privileged Functions"
-        # Use a regex that can find control IDs anywhere in the text
         control_id_pattern = r"([A-Za-z]{2}-\d+)(?:\s*\(\s*(\d+)\s*\))?"
-
         control_ids = []
+
         for part in self.compliance_check_name.split(", "):
             matches = re.findall(control_id_pattern, part.strip())
             for match in matches:
                 base_control, enhancement = match
-                if enhancement:
-                    control_ids.append(f"{base_control}({enhancement})")
-                else:
-                    control_ids.append(base_control)
+                normalized_control = self._normalize_base_control(base_control)
+                formatted_control = self._format_control_id(normalized_control, enhancement)
+                control_ids.append(formatted_control)
 
         return control_ids
 
+    def _normalize_base_control(self, base_control: str) -> str:
+        """Normalize leading zeros in base control number (e.g., AC-01 -> AC-1)."""
+        if "-" in base_control:
+            prefix, number = base_control.split("-", 1)
+            try:
+                normalized_number = str(int(number))
+                return f"{prefix.upper()}-{normalized_number}"
+            except ValueError:
+                return base_control.upper()
+        else:
+            return base_control.upper()
+
+    def _format_control_id(self, base_control: str, enhancement: str) -> str:
+        """Format control ID with optional enhancement."""
+        if enhancement:
+            return f"{base_control}({enhancement})"
+        else:
+            return base_control
+
     @property
     def affected_controls(self) -> str:
         """Get affected controls as comma-separated string for issues."""
@@ -217,6 +232,7 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         bypass_control_filtering: bool = False,
         max_report_age_days: int = 7,
         force_fresh_report: bool = False,
+        reuse_existing_reports: bool = True,
         **kwargs,
     ):
         """
@@ -232,6 +248,7 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         :param bool bypass_control_filtering: Skip control filtering for performance with large control sets
         :param int max_report_age_days: Maximum age in days for reusing existing reports (default: 7 days)
         :param bool force_fresh_report: Force creation of fresh report, ignoring existing reports
+        :param bool reuse_existing_reports: Whether to reuse existing Wiz reports instead of creating new ones (default: True)
         """
         # Call parent constructor with ComplianceIntegration parameters
         super().__init__(
@@ -250,6 +267,7 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         self.bypass_control_filtering = bypass_control_filtering
         self.max_report_age_days = max_report_age_days
         self.force_fresh_report = force_fresh_report
+        self.reuse_existing_reports = reuse_existing_reports
         self.title = "Wiz Compliance"  # Required by ScannerIntegration
 
         # Initialize Wiz authentication
@@ -698,7 +716,7 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         # Handle force fresh report request
         if self.force_fresh_report:
             logger.info("Force fresh report requested, creating new compliance report...")
-            return self._create_and_download_report()
+            return self._create_and_download_report(force_new=True)
 
         # Use instance variable max_report_age_days or legacy max_age_hours
         if max_age_hours is not None:
@@ -756,23 +774,82 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         logger.info(f"Found recent report (age: {age_hours:.1f}h): {most_recent[0]}")
         return most_recent[0]
 
-    def _create_and_download_report(self) -> Optional[str]:
+    def _find_existing_compliance_report(self) -> Optional[str]:
         """
-        Create and download a new compliance report.
+        Find existing compliance report for the current project.
 
-        :return: Path to downloaded report file
+        :return: Report ID if found, None otherwise
         :rtype: Optional[str]
         """
-        logger.info(f"Creating compliance report for project: {self.wiz_project_id}")
+        try:
+            # Filter for compliance reports for this specific project
+            filter_by = {"project": [self.wiz_project_id], "type": ["COMPLIANCE_ASSESSMENTS"]}
+
+            logger.debug(f"Searching for existing compliance reports with filter: {filter_by}")
+            reports = self.report_manager.list_reports(filter_by=filter_by)
+
+            if not reports:
+                logger.info("No existing compliance reports found for this project")
+                return None
+
+            # Look for reports named "Compliance Report" (the default name)
+            compliance_reports = [report for report in reports if report.get("name", "").strip() == "Compliance Report"]
+
+            if not compliance_reports:
+                logger.info("No compliance reports with standard name found")
+                return None
+
+            # Return the first matching report (most recent will be used)
+            selected_report = compliance_reports[0]
+            report_id = selected_report.get("id")
+            report_name = selected_report.get("name", "Unknown")
+
+            logger.info(f"Found existing compliance report: '{report_name}' (ID: {report_id})")
+            return report_id
 
-        # Create report
-        report_id = self.report_manager.create_compliance_report(self.wiz_project_id)
-        if not report_id:
-            logger.error("Failed to create compliance report")
+        except Exception as e:
+            logger.error(f"Error searching for existing compliance reports: {e}")
             return None
 
-        # Wait for completion and get download URL
-        download_url = self.report_manager.wait_for_report_completion(report_id)
+    def _create_and_download_report(self, force_new: bool = False) -> Optional[str]:
+        """
+        Find existing compliance report and rerun it, or create a new one if none exists.
+
+        :param bool force_new: Force creation of new report, skip reuse logic
+        :return: Path to downloaded report file
+        :rtype: Optional[str]
+        """
+        if force_new or not self.reuse_existing_reports:
+            logger.info("Creating new compliance report (reuse disabled or forced)")
+            # Create new report
+            report_id = self.report_manager.create_compliance_report(self.wiz_project_id)
+            if not report_id:
+                logger.error("Failed to create compliance report")
+                return None
+
+            # Wait for completion and get download URL
+            download_url = self.report_manager.wait_for_report_completion(report_id)
+        else:
+            logger.info(f"Looking for existing compliance report for project: {self.wiz_project_id}")
+
+            # Try to find existing compliance report for this project
+            if existing_report_id := self._find_existing_compliance_report():
+                logger.info(
+                    f"Found existing compliance report {existing_report_id}, rerunning instead of creating new one"
+                )
+                # Rerun existing report
+                download_url = self.report_manager.rerun_report(existing_report_id)
+            else:
+                logger.info("No existing compliance report found, creating new one")
+                # Create new report
+                report_id = self.report_manager.create_compliance_report(self.wiz_project_id)
+                if not report_id:
+                    logger.error("Failed to create compliance report")
+                    return None
+
+                # Wait for completion and get download URL
+                download_url = self.report_manager.wait_for_report_completion(report_id)
+
         if not download_url:
             logger.error("Failed to get download URL for report")
             return None
@@ -825,6 +902,10 @@ class WizComplianceReportProcessor(ComplianceIntegration):
             # Prepare batch updates for passing controls
             implementations_to_update = []
 
+            # Debug: Show what keys are actually in the control_impl_map
+            if control_impl_map:
+                logger.debug(f"Control implementation map keys: {list(control_impl_map.keys())[:20]}")
+
             for control_id in passing_control_ids:
                 control_id_lower = control_id.lower()
                 logger.debug(f"Looking for control '{control_id_lower}' in implementation map")
@@ -836,8 +917,10 @@ class WizComplianceReportProcessor(ComplianceIntegration):
                     # Get the ControlImplementation object
                     impl = ControlImplementation.get_object(object_id=impl_id)
                     if impl:
-                        # Update status to Implemented
-                        impl.status = ControlImplementationStatus.Implemented.value
+                        # Update status using compliance settings
+                        new_status = self._get_implementation_status_from_result("Pass")
+                        logger.debug(f"Setting control {control_id} status from 'Pass' result to: {new_status}")
+                        impl.status = new_status
                         impl.dateLastAssessed = get_current_datetime()
                         impl.lastAssessmentResult = "Pass"
                         impl.bStatusImplemented = True
@@ -849,7 +932,7 @@ class WizComplianceReportProcessor(ComplianceIntegration):
                             impl.dateLastUpdated = get_current_datetime()
 
                         implementations_to_update.append(impl.dict())
-                        logger.info(f"Marking control {control_id} as Implemented")
+                        logger.info(f"Marking control {control_id} as {new_status}")
 
             # Batch update all implementations
             if implementations_to_update:
@@ -908,6 +991,10 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         implementations_to_update = []
         controls_not_found = []
 
+        # Debug: Show what keys are actually in the control_impl_map for comparison
+        if control_impl_map:
+            logger.debug(f"Control implementation map keys (first 20): {list(control_impl_map.keys())[:20]}")
+
         for control_id in control_ids:
             control_id_normalized = control_id.lower()
             logger.debug(f"Looking for control '{control_id_normalized}' in implementation map")
@@ -946,8 +1033,10 @@ class WizComplianceReportProcessor(ComplianceIntegration):
             logger.warning(f"Could not retrieve implementation object for ID {impl_id}")
             return None
 
-        # Update status to In Remediation
-        impl.status = ControlImplementationStatus.InRemediation.value
+        # Update status using compliance settings
+        new_status = self._get_implementation_status_from_result("Fail")
+        logger.debug(f"Setting control {control_id} status from 'Fail' result to: {new_status}")
+        impl.status = new_status
         impl.dateLastAssessed = get_current_datetime()
         impl.lastAssessmentResult = "Fail"
         impl.bStatusImplemented = False
@@ -958,7 +1047,7 @@ class WizComplianceReportProcessor(ComplianceIntegration):
             impl.lastUpdatedById = user_id
             impl.dateLastUpdated = get_current_datetime()
 
-        logger.info(f"Marking control {control_id} as In Remediation")
+        logger.info(f"Marking control {control_id} as {new_status}")
         return impl.dict()
 
     def _log_update_summary(self, implementations_to_update: list, controls_not_found: list) -> None: