Adding Xray Source Control Service

.github/workflows/xrayTests.yml

@@ -19,6 +19,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        suite: [ xray,xsc ]
         os: [ ubuntu, windows, macos ]
     runs-on: ${{ matrix.os }}-latest
     env:

CONTRIBUTING.md

@@ -110,6 +110,7 @@ The available test types are:
 | `-test.distribution` | Distribution tests |
 | `-test.transfer`     | Transfer tests     |
 | `-test.xray`         | Xray tests         |
+| `-test.xsc`          | Xsc tests          |
 
 When running the tests, builds and repositories with timestamps will be created, for example: `cli-rt1-1592990748` and `cli-rt2-1592990748`. The content of these repositories will be deleted once the tests are completed.
 

general/cisetup/utils.go

@@ -6,7 +6,7 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-client-go/artifactory/services"
 	"github.com/jfrog/jfrog-client-go/config"
-	"github.com/jfrog/jfrog-client-go/xray"
+	services2 "github.com/jfrog/jfrog-client-go/xray/services"
 )
 
 const (
@@ -24,7 +24,7 @@ var buildCmdByTech = map[coreutils.Technology]string{
 	coreutils.Npm:    npmDefaultBuildCmd,
 }
 
-func CreateXrayServiceManager(serviceDetails *utilsconfig.ServerDetails) (*xray.XrayServicesManager, error) {
+func CreateXrayServiceManager(serviceDetails *utilsconfig.ServerDetails) (services2.SecurityServiceManager, error) {
 	xrayDetails, err := serviceDetails.CreateXrayAuthConfig()
 	if err != nil {
 		return nil, err
@@ -35,7 +35,7 @@ func CreateXrayServiceManager(serviceDetails *utilsconfig.ServerDetails) (*xray.
 	if err != nil {
 		return nil, err
 	}
-	return xray.New(serviceConfig)
+	return services2.New(serviceConfig)
 }
 
 func GetAllRepos(serviceDetails *utilsconfig.ServerDetails, repoType, packageType string) (*[]services.RepositoryDetails, error) {

go.mod

@@ -125,10 +125,10 @@ require (
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344
 
-replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230907095444-fd00f19be95d
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230908125357-1a8083ec27d6
 
 // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27
 
-replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6
+replace github.com/jfrog/jfrog-client-go => github.com/eyaldelarea/jfrog-client-go v1.28.4-0.20230908125028-d74eec0e77cf
 
 replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38

go.sum

@@ -133,6 +133,10 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230908125357-1a8083ec27d6 h1:oX4BNcFKH6cuMhVV+/0fZJMQPZaMLkL5PYr1yBqzj80=
+github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20230908125357-1a8083ec27d6/go.mod h1:SYqc9qeU7PcYBX+FjN3McE1N9rZQkEewOs7K+JRK7dQ=
+github.com/eyaldelarea/jfrog-client-go v1.28.4-0.20230908125028-d74eec0e77cf h1:uh8eJRKBAY8MtCt5pPC8Wer6KZMnaid0f+pYIh6anA8=
+github.com/eyaldelarea/jfrog-client-go v1.28.4-0.20230908125028-d74eec0e77cf/go.mod h1:soD5VL3X+G+0KKUNSlb0CSdF9nwHsQZCr0xqOGedAHM=
 github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ=
 github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
@@ -239,10 +243,6 @@ github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38 h1:XyAcwWP2a
 github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38/go.mod h1:QEskae5fQpjeY2PBzsjWtUQVskYSNDF2sSmw/Gx44dQ=
 github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk=
 github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230907095444-fd00f19be95d h1:7Qlsj5PkqSfayuNaM07L8W+H0bBqEGd+iPusoJOU6w8=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230907095444-fd00f19be95d/go.mod h1:PCRqGSz6tKQNtiITSk9WZGflJjno/Vg4DvXPLkH6xO8=
-github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6 h1:9mNCAUu/uHx80s4rMc9PeI1lllrZ1MOPUesIMglFoTY=
-github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6/go.mod h1:soD5VL3X+G+0KKUNSlb0CSdF9nwHsQZCr0xqOGedAHM=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jszwec/csvutil v1.8.0 h1:G7vS2LGdpZZDH1HmHeNbxOaJ/ZnJlpwGFvOkTkJzzNk=

inttestutils/buildinfo.go

@@ -2,6 +2,7 @@ package inttestutils
 
 import (
 	"fmt"
+	"github.com/jfrog/jfrog-client-go/utils"
 	"net/http"
 	"path"
 	"testing"
@@ -12,7 +13,6 @@ import (
 	coreutils "github.com/jfrog/jfrog-cli-core/v2/artifactory/utils"
 
 	"github.com/jfrog/jfrog-client-go/http/httpclient"
-	"github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/io/httputils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/stretchr/testify/assert"

main_test.go

@@ -67,7 +67,7 @@ func setupIntegrationTests() {
 	if *tests.TestPlugins {
 		InitPluginsTests()
 	}
-	if *tests.TestXray {
+	if *tests.TestXray || *tests.TestXsc {
 		InitXrayTests()
 	}
 	if *tests.TestAccess {

scan/cli.go

@@ -1,6 +1,7 @@
 package scan
 
 import (
+	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/audit"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/curation"
 	xrutils "github.com/jfrog/jfrog-cli-core/v2/xray/utils"
 	curationdocs "github.com/jfrog/jfrog-cli/docs/scan/curation"
@@ -15,7 +16,6 @@ import (
 	corecommondocs "github.com/jfrog/jfrog-cli-core/v2/docs/common"
 	coreconfig "github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
-	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/audit"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/scan"
 	"github.com/jfrog/jfrog-cli/docs/common"
 	auditdocs "github.com/jfrog/jfrog-cli/docs/scan/audit"

utils/cliutils/utils.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/jfrog/gofrog/version"
+	"github.com/jfrog/jfrog-cli/utils/tests"
 	"io"
 	"net/http"
 	"os"
@@ -364,6 +365,7 @@ func ShouldOfferConfig() (bool, error) {
 func CreateServerDetailsFromFlags(c *cli.Context) (details *coreConfig.ServerDetails, err error) {
 	details = new(coreConfig.ServerDetails)
 	details.Url = clientutils.AddTrailingSlashIfNeeded(c.String(url))
+	details.XscUrl = clientutils.ReplaceXraySuffixWithXsc(details.Url)
 	details.ArtifactoryUrl = clientutils.AddTrailingSlashIfNeeded(c.String(configRtUrl))
 	details.DistributionUrl = clientutils.AddTrailingSlashIfNeeded(c.String(configDistUrl))
 	details.XrayUrl = clientutils.AddTrailingSlashIfNeeded(c.String(configXrUrl))
@@ -506,6 +508,7 @@ func CreateServerDetailsWithConfigOffer(c *cli.Context, excludeRefreshableTokens
 	// Take insecureTls value from options since it is not saved in config.
 	confDetails.InsecureTls = details.InsecureTls
 	confDetails.Url = clientutils.AddTrailingSlashIfNeeded(confDetails.Url)
+	confDetails.XscUrl = clientutils.AddTrailingSlashIfNeeded(confDetails.Url + tests.XscEndpoint)
 	confDetails.DistributionUrl = clientutils.AddTrailingSlashIfNeeded(confDetails.DistributionUrl)
 
 	// Create initial access token if needed.

utils/tests/consts.go

@@ -148,6 +148,7 @@ const (
 	DockerRemoteRepositoryConfig                          = "docker_remote_repository_config.json"
 	DockerVirtualRepositoryConfig                         = "docker_virtual_repository_config.json"
 	XrayEndpoint                                          = "xray/"
+	XscEndpoint                                           = "xsc/"
 	DevRepoRepositoryConfig                               = "dev_repo_repository_config.json"
 	ProdRepoRepositoryConfig                              = "prod_repo_repository_config.json"
 	UploadDevSpecA                                        = "upload_dev_spec_a.json"

utils/tests/utils.go

@@ -7,6 +7,7 @@ import (
 	"errors"
 	"flag"
 	"fmt"
+	"github.com/jfrog/jfrog-client-go/utils/tests"
 	"io"
 	"math/rand"
 	"os"
@@ -36,7 +37,6 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
-	"github.com/jfrog/jfrog-client-go/utils/tests"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -68,6 +68,7 @@ var (
 	TestPoetry                *bool
 	TestPlugins               *bool
 	TestXray                  *bool
+	TestXsc                   *bool
 	TestAccess                *bool
 	TestTransfer              *bool
 	TestLifecycle             *bool
@@ -104,6 +105,7 @@ func init() {
 	TestPoetry = flag.Bool("test.poetry", false, "Test Poetry")
 	TestPlugins = flag.Bool("test.plugins", false, "Test Plugins")
 	TestXray = flag.Bool("test.xray", false, "Test Xray")
+	TestXsc = flag.Bool("test.xsc", false, "Test Xsc")
 	TestAccess = flag.Bool("test.access", false, "Test Access")
 	TestTransfer = flag.Bool("test.transfer", false, "Test files transfer")
 	TestLifecycle = flag.Bool("test.lifecycle", false, "Test lifecycle")
@@ -403,6 +405,7 @@ func GetNonVirtualRepositories() map[*string]string {
 		TestPoetry:             {&PoetryRemoteRepo},
 		TestPlugins:            {&RtRepo1},
 		TestXray:               {},
+		TestXsc:                {},
 		TestAccess:             {&RtRepo1},
 		TestTransfer:           {&RtRepo1, &RtRepo2, &MvnRepo1, &MvnRemoteRepo, &DockerRemoteRepo},
 		TestLifecycle:          {&RtDevRepo, &RtProdRepo},
@@ -428,6 +431,7 @@ func GetVirtualRepositories() map[*string]string {
 		TestPoetry:       {&PoetryVirtualRepo},
 		TestPlugins:      {},
 		TestXray:         {},
+		TestXsc:          {},
 		TestAccess:       {},
 	}
 	return getNeededRepositories(virtualReposMap)

xray_test.go

@@ -6,7 +6,9 @@ import (
 	"flag"
 	"fmt"
 	biutils "github.com/jfrog/build-info-go/utils"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/scangraph"
+	"github.com/jfrog/jfrog-client-go/xray/services"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -27,7 +29,6 @@ import (
 	coreCmd "github.com/jfrog/jfrog-cli-core/v2/common/commands"
 	commontests "github.com/jfrog/jfrog-cli-core/v2/common/tests"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
-	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	coretests "github.com/jfrog/jfrog-cli-core/v2/utils/tests"
 	coreCuration "github.com/jfrog/jfrog-cli-core/v2/xray/commands/curation"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/scan"
@@ -40,7 +41,6 @@ import (
 	clientUtils "github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	clientTestUtils "github.com/jfrog/jfrog-client-go/utils/tests"
-	"github.com/jfrog/jfrog-client-go/xray/services"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -60,7 +60,7 @@ func InitXrayTests() {
 
 func authenticateXray() string {
 	*tests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*tests.JfrogUrl)
-	xrayDetails = &config.ServerDetails{XrayUrl: *tests.JfrogUrl + tests.XrayEndpoint}
+	xrayDetails = &config.ServerDetails{Url: *tests.JfrogUrl, XrayUrl: *tests.JfrogUrl + tests.XrayEndpoint, XscUrl: *tests.JfrogUrl + tests.XscEndpoint}
 	cred := fmt.Sprintf("--url=%s", xrayDetails.XrayUrl)
 	if *tests.JfrogAccessToken != "" {
 		xrayDetails.AccessToken = *tests.JfrogAccessToken
@@ -76,6 +76,7 @@ func authenticateXray() string {
 		coreutils.ExitOnErr(errors.New("Failed while attempting to authenticate with Xray: " + err.Error()))
 	}
 	xrayDetails.XrayUrl = xrayAuth.GetUrl()
+	xrayDetails.XscUrl = xrayAuth.GetXscUrl()
 	return cred
 }
 
@@ -138,16 +139,19 @@ func TestXrayBinaryScanWithBypassArchiveLimits(t *testing.T) {
 
 // Tests npm audit by providing simple npm project and asserts any error.
 func TestXrayAuditNpmJson(t *testing.T) {
-	output := testXrayAuditNpm(t, string(utils.Json))
+	output := testXrayAuditNpm(t, string(utils.Json), false)
 	verifyJsonScanResults(t, output, 0, 1, 1)
 }
 
 func TestXrayAuditNpmSimpleJson(t *testing.T) {
-	output := testXrayAuditNpm(t, string(utils.SimpleJson))
+	output := testXrayAuditNpm(t, string(utils.SimpleJson), false)
 	verifySimpleJsonScanResults(t, output, 1, 1)
 }
 
-func testXrayAuditNpm(t *testing.T, format string) string {
+func testXrayAuditNpm(t *testing.T, format string, isXsc bool) string {
+	if !isXsc {
+		initXrayTest(t, scangraph.GraphScanMinXrayVersion)
+	}
 	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()

xsc_test.go

@@ -0,0 +1,25 @@
+package main
+
+import (
+	"github.com/jfrog/jfrog-cli-core/v2/xray/scangraph"
+	"github.com/jfrog/jfrog-cli/utils/tests"
+	clientutils "github.com/jfrog/jfrog-client-go/utils"
+	"testing"
+)
+
+func initXscTest(t *testing.T, minVersion string) {
+	if !*tests.TestXsc {
+		t.Skip("Skipping Xsc test. To run xsc test add the '-test.xsc=true' option.")
+	}
+	validateXscVersion(t, minVersion)
+}
+func validateXscVersion(t *testing.T, minVersion string) {
+	err := clientutils.ValidateMinimumVersion(clientutils.Xray, xrayDetails.XscVersion, minVersion)
+	if err != nil {
+		t.Skip(err)
+	}
+}
+func TestXSCAudit(t *testing.T) {
+	initXscTest(t, scangraph.XscMinVersion)
+	testXrayAuditNpm(t, "json", true)
+}