Merge remote-tracking branch 'upstream/dev' into add_pnpm_log_if_err_…

…install

commands/enrich/enrich.go

@@ -1,10 +1,10 @@
 package enrich
 
 import (
-	"encoding/json"
 	"encoding/xml"
 	"errors"
 	"fmt"
+	"github.com/jfrog/jfrog-cli-security/utils/results/output"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -17,7 +17,6 @@ import (
 	"github.com/jfrog/jfrog-cli-security/commands/enrich/enrichgraph"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-cli-security/utils/results"
-	"github.com/jfrog/jfrog-cli-security/utils/results/output"
 	"github.com/jfrog/jfrog-cli-security/utils/techutils"
 	"github.com/jfrog/jfrog-cli-security/utils/xray"
 	"github.com/jfrog/jfrog-client-go/artifactory/services/fspatterns"
@@ -27,6 +26,7 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/jfrog/jfrog-client-go/xray/services"
+	orderedJson "github.com/virtuald/go-ordered-json"
 )
 
 type FileContext func(string) parallel.TaskFunc
@@ -75,8 +75,8 @@ func AppendVulnsToJson(cmdResults *results.SecurityCommandResults) error {
 	if err != nil {
 		return fmt.Errorf("error reading file: %s", err.Error())
 	}
-	var data map[string]interface{}
-	err = json.Unmarshal(fileContent, &data)
+	var data orderedJson.OrderedObject
+	err = orderedJson.Unmarshal(fileContent, &data)
 	if err != nil {
 		return fmt.Errorf("error parsing JSON: %s", err.Error())
 	}
@@ -93,7 +93,7 @@ func AppendVulnsToJson(cmdResults *results.SecurityCommandResults) error {
 			vulnerabilities = append(vulnerabilities, vulnerability)
 		}
 	}
-	data["vulnerabilities"] = vulnerabilities
+	data = append(data, orderedJson.Member{Key: "vulnerabilities", Value: vulnerabilities})
 	return output.PrintJson(data)
 }
 

go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/owenrumney/go-sarif/v2 v2.3.0
 	github.com/stretchr/testify v1.9.0
 	github.com/urfave/cli v1.22.16
+	github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74
 	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
 	golang.org/x/sync v0.9.0
 	golang.org/x/text v0.20.0

go.sum

@@ -257,6 +257,8 @@ github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ=
 github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po=
 github.com/vbauerster/mpb/v8 v8.8.3 h1:dTOByGoqwaTJYPubhVz3lO5O6MK553XVgUo33LdnNsQ=
 github.com/vbauerster/mpb/v8 v8.8.3/go.mod h1:JfCCrtcMsJwP6ZwMn9e5LMnNyp3TVNpUWWkN+nd4EWk=
+github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo=
+github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
 github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc=

scans_test.go

@@ -42,6 +42,7 @@ import (
 // Binary scan tests
 
 func TestXrayBinaryScanJson(t *testing.T) {
+	integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion)
 	output := testXrayBinaryScan(t, string(format.Json), false)
 	validations.VerifyJsonResults(t, output, validations.ValidationParams{
 		Vulnerabilities: 1,
@@ -50,6 +51,7 @@ func TestXrayBinaryScanJson(t *testing.T) {
 }
 
 func TestXrayBinaryScanSimpleJson(t *testing.T) {
+	integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion)
 	output := testXrayBinaryScan(t, string(format.SimpleJson), true)
 	validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
 		Vulnerabilities:    1,
@@ -59,6 +61,7 @@ func TestXrayBinaryScanSimpleJson(t *testing.T) {
 }
 
 func TestXrayBinaryScanJsonWithProgress(t *testing.T) {
+	integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion)
 	callback := commonTests.MockProgressInitialization()
 	defer callback()
 	output := testXrayBinaryScan(t, string(format.Json), false)
@@ -69,6 +72,7 @@ func TestXrayBinaryScanJsonWithProgress(t *testing.T) {
 }
 
 func TestXrayBinaryScanSimpleJsonWithProgress(t *testing.T) {
+	integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion)
 	callback := commonTests.MockProgressInitialization()
 	defer callback()
 	output := testXrayBinaryScan(t, string(format.SimpleJson), true)
@@ -80,7 +84,6 @@ func TestXrayBinaryScanSimpleJsonWithProgress(t *testing.T) {
 }
 
 func testXrayBinaryScan(t *testing.T, format string, withViolation bool) string {
-	integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion)
 	binariesPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "binaries", "*")
 	args := []string{"scan", binariesPath, "--licenses", "--format=" + format}
 	if withViolation {

utils/results/output/resultwriter.go

@@ -106,12 +106,17 @@ func (rw *ResultsWriter) PrintScanResults() error {
 		// Don't print if there are no results and only errors.
 		return nil
 	}
+	// Helper for Debugging purposes, print the raw results to the log
+	if err := rw.printRawResultsLog(); err != nil {
+		return err
+	}
+
 	switch rw.format {
 	case format.Table:
 		return rw.printTables()
 	case format.SimpleJson:
 		// Helper for Debugging purposes, print the raw results to the log
-		if err := rw.printOrSaveRawResults(false); err != nil {
+		if err := rw.printRawResultsLog(); err != nil {
 			return err
 		}
 		simpleJson, err := rw.createResultsConvertor(false).ConvertToSimpleJson(rw.commandResults)
@@ -123,7 +128,7 @@ func (rw *ResultsWriter) PrintScanResults() error {
 		return PrintJson(rw.commandResults.GetScaScansXrayResults())
 	case format.Sarif:
 		// Helper for Debugging purposes, print the raw results to the log
-		if err := rw.printOrSaveRawResults(false); err != nil {
+		if err := rw.printRawResultsLog(); err != nil {
 			return err
 		}
 		return rw.printSarif()
@@ -166,22 +171,12 @@ func PrintJson(output interface{}) (err error) {
 	return nil
 }
 
-// If "CI" env var is true, print raw JSON of the results. Otherwise, save it as a file and print a link to it.
-// If printMsg is true, print it to the console. Otherwise, print the message to the log.
-func (rw *ResultsWriter) printOrSaveRawResults(printMsg bool) (err error) {
+// Log (Debug) the inner results.SecurityCommandResults object object as a JSON string.
+func (rw *ResultsWriter) printRawResultsLog() (err error) {
 	if !rw.commandResults.HasInformation() {
 		log.Debug("No information to print")
 		return
 	}
-	if printMsg && !utils.IsCI() {
-		// Save the results to a file and print a link to it.
-		var resultsPath string
-		if resultsPath, err = WriteJsonResults(rw.commandResults); err != nil {
-			return
-		}
-		printMessage(coreutils.PrintTitle("The full scan results are available here: ") + coreutils.PrintLink(resultsPath))
-		return
-	}
 	// Print the raw results to console.
 	var msg string
 	if msg, err = utils.GetAsJsonString(rw.commandResults, false, true); err != nil {
@@ -197,9 +192,6 @@ func (rw *ResultsWriter) printTables() (err error) {
 		return
 	}
 	printMessages(rw.messages)
-	if err = rw.printOrSaveRawResults(true); err != nil {
-		return
-	}
 	if utils.IsScanRequested(rw.commandResults.CmdType, utils.ScaScan, rw.subScansPreformed...) {
 		if rw.hasViolationContext {
 			if err = PrintViolationsTable(tableContent, rw.commandResults.CmdType, rw.printExtended); err != nil {

utils/utils.go

@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	orderedJson "github.com/virtuald/go-ordered-json"
 	"os"
 	"path/filepath"
 	"strings"
@@ -112,7 +113,7 @@ func UniqueUnion[T comparable](arr []T, elements ...T) []T {
 
 func GetAsJsonBytes(output interface{}, escapeValues, indent bool) (results []byte, err error) {
 	if escapeValues {
-		if results, err = json.Marshal(output); errorutils.CheckError(err) != nil {
+		if results, err = orderedJson.Marshal(output); errorutils.CheckError(err) != nil {
 			return
 		}
 	} else {