Show only requested scanners in SARIF format (#185)

commands/scan/dockerscan.go

@@ -106,7 +106,7 @@ func (dsc *DockerScanCommand) Run() (err error) {
 			}
 		}
 		dsc.analyticsMetricsService.UpdateGeneralEvent(dsc.analyticsMetricsService.CreateXscAnalyticsGeneralEventFinalizeFromAuditResults(scanResults))
-		if err = utils.RecordSarifOutput(scanResults); err != nil {
+		if err = utils.RecordSarifOutput(scanResults, utils.GetAllSupportedScans()); err != nil {
 			return
 		}
 		return utils.RecordSecurityCommandSummary(utils.NewDockerScanSummary(

commands/scan/scan.go

@@ -201,7 +201,7 @@ func (scanCmd *ScanCommand) indexFile(filePath string) (*xrayUtils.BinaryGraphNo
 
 func (scanCmd *ScanCommand) Run() (err error) {
 	return scanCmd.RunAndRecordResults(utils.Binary, func(scanResults *utils.Results) (err error) {
-		if err = utils.RecordSarifOutput(scanResults); err != nil {
+		if err = utils.RecordSarifOutput(scanResults, utils.GetAllSupportedScans()); err != nil {
 			return
 		}
 		return utils.RecordSecurityCommandSummary(utils.NewBinaryScanSummary(

utils/resultwriter.go

@@ -141,7 +141,7 @@ func (rw *ResultsWriter) PrintScanResults() error {
 	case format.Json:
 		return PrintJson(rw.results.GetScaScansXrayResults())
 	case format.Sarif:
-		return PrintSarif(rw.results, rw.isMultipleRoots, rw.includeLicenses)
+		return PrintSarif(rw.results, rw.isMultipleRoots, rw.includeLicenses, rw.subScansPreformed)
 	}
 	return nil
 }
@@ -157,7 +157,7 @@ func (rw *ResultsWriter) printScanResultsTables() (err error) {
 		printMessage(coreutils.PrintTitle("The full scan results are available here: ") + coreutils.PrintLink(resultsPath))
 	}
 	log.Output()
-	if shouldPrintTable(rw.subScansPreformed, ScaScan, rw.results.ResultType) {
+	if shouldScannerBeCalled(rw.subScansPreformed, ScaScan, rw.results.ResultType) {
 		if rw.hasViolationContext {
 			if err = PrintViolationsTable(violations, rw.results, rw.isMultipleRoots, rw.printExtended); err != nil {
 				return
@@ -174,23 +174,23 @@ func (rw *ResultsWriter) printScanResultsTables() (err error) {
 			}
 		}
 	}
-	if shouldPrintTable(rw.subScansPreformed, SecretsScan, rw.results.ResultType) {
+	if shouldScannerBeCalled(rw.subScansPreformed, SecretsScan, rw.results.ResultType) {
 		if err = PrintSecretsTable(rw.results.ExtendedScanResults.SecretsScanResults, rw.results.ExtendedScanResults.EntitledForJas, rw.results.ExtendedScanResults.SecretValidation); err != nil {
 			return
 		}
 	}
-	if shouldPrintTable(rw.subScansPreformed, IacScan, rw.results.ResultType) {
+	if shouldScannerBeCalled(rw.subScansPreformed, IacScan, rw.results.ResultType) {
 		if err = PrintIacTable(rw.results.ExtendedScanResults.IacScanResults, rw.results.ExtendedScanResults.EntitledForJas); err != nil {
 			return
 		}
 	}
-	if !shouldPrintTable(rw.subScansPreformed, SastScan, rw.results.ResultType) {
+	if !shouldScannerBeCalled(rw.subScansPreformed, SastScan, rw.results.ResultType) {
 		return nil
 	}
 	return PrintSastTable(rw.results.ExtendedScanResults.SastScanResults, rw.results.ExtendedScanResults.EntitledForJas)
 }
 
-func shouldPrintTable(requestedScans []SubScanType, subScan SubScanType, scanType CommandType) bool {
+func shouldScannerBeCalled(requestedScans []SubScanType, subScan SubScanType, scanType CommandType) bool {
 	if scanType.IsTargetBinary() && (subScan == IacScan || subScan == SastScan) {
 		return false
 	}
@@ -210,7 +210,14 @@ func printMessage(message string) {
 	log.Output("💬" + message)
 }
 
-func GenerateSarifReportFromResults(results *Results, isMultipleRoots, includeLicenses bool, allowedLicenses []string) (report *sarif.Report, err error) {
+func filterAndPatchRunsIfRequired(requestedScans []SubScanType, subScan SubScanType, results *Results, scanResults []*sarif.Run) (filtered []*sarif.Run) {
+	if !shouldScannerBeCalled(requestedScans, subScan, results.ResultType) {
+		return
+	}
+	return patchRunsToPassIngestionRules(subScan, results, scanResults...)
+}
+
+func GenerateSarifReportFromResults(results *Results, isMultipleRoots, includeLicenses bool, allowedLicenses []string, requestedScans []SubScanType) (report *sarif.Report, err error) {
 	report, err = sarifutils.NewReport()
 	if err != nil {
 		return
@@ -220,10 +227,10 @@ func GenerateSarifReportFromResults(results *Results, isMultipleRoots, includeLi
 		return
 	}
 
-	report.Runs = append(report.Runs, patchRunsToPassIngestionRules(ScaScan, results, xrayRun)...)
-	report.Runs = append(report.Runs, patchRunsToPassIngestionRules(IacScan, results, results.ExtendedScanResults.IacScanResults...)...)
-	report.Runs = append(report.Runs, patchRunsToPassIngestionRules(SecretsScan, results, results.ExtendedScanResults.SecretsScanResults...)...)
-	report.Runs = append(report.Runs, patchRunsToPassIngestionRules(SastScan, results, results.ExtendedScanResults.SastScanResults...)...)
+	report.Runs = append(report.Runs, filterAndPatchRunsIfRequired(requestedScans, ScaScan, results, []*sarif.Run{xrayRun})...)
+	report.Runs = append(report.Runs, filterAndPatchRunsIfRequired(requestedScans, IacScan, results, results.ExtendedScanResults.IacScanResults)...)
+	report.Runs = append(report.Runs, filterAndPatchRunsIfRequired(requestedScans, SecretsScan, results, results.ExtendedScanResults.SecretsScanResults)...)
+	report.Runs = append(report.Runs, filterAndPatchRunsIfRequired(requestedScans, SastScan, results, results.ExtendedScanResults.SastScanResults)...)
 
 	return
 }
@@ -927,8 +934,8 @@ func PrintJson(output interface{}) error {
 	return nil
 }
 
-func PrintSarif(results *Results, isMultipleRoots, includeLicenses bool) error {
-	sarifReport, err := GenerateSarifReportFromResults(results, isMultipleRoots, includeLicenses, nil)
+func PrintSarif(results *Results, isMultipleRoots, includeLicenses bool, subScans []SubScanType) error {
+	sarifReport, err := GenerateSarifReportFromResults(results, isMultipleRoots, includeLicenses, nil, subScans)
 	if err != nil {
 		return err
 	}

utils/securityJobSummary.go

@@ -173,7 +173,7 @@ func RecordSecurityCommandSummary(content ScanCommandResultSummary) (err error)
 	return manager.Record(content)
 }
 
-func RecordSarifOutput(cmdResults *Results) (err error) {
+func RecordSarifOutput(cmdResults *Results, supportedScans []SubScanType) (err error) {
 	manager, err := getRecordManager()
 	if err != nil || manager == nil {
 		return
@@ -187,7 +187,7 @@ func RecordSarifOutput(cmdResults *Results) (err error) {
 		log.Info("Results can be uploaded to Github security tab automatically by upgrading your JFrog subscription.")
 		return
 	}
-	sarifReport, err := GenerateSarifReportFromResults(cmdResults, true, false, nil)
+	sarifReport, err := GenerateSarifReportFromResults(cmdResults, true, false, nil, supportedScans)
 	if err != nil {
 		return err
 	}

utils/securityJobSummary_test.go

@@ -2,11 +2,6 @@ package utils
 
 import (
 	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
-
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/commandsummary"
 	coreUtils "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests"
@@ -15,6 +10,10 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	clientTests "github.com/jfrog/jfrog-client-go/utils/tests"
 	"github.com/stretchr/testify/assert"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
 )
 
 var (
@@ -62,7 +61,7 @@ func TestSaveSarifOutputOnlyForJasEntitled(t *testing.T) {
 			cleanUp := clientTests.SetEnvWithCallbackAndAssert(t, coreUtils.SummaryOutputDirPathEnv, tempDir)
 			defer cleanUp()
 
-			assert.NoError(t, RecordSarifOutput(createDummyJasResult(testCase.isJasEntitled)))
+			assert.NoError(t, RecordSarifOutput(createDummyJasResult(testCase.isJasEntitled), GetAllSupportedScans()))
 			assert.Equal(t, testCase.isJasEntitled, hasFilesInDir(t, filepath.Join(tempDir, commandsummary.OutputDirName, "security", string(commandsummary.SarifReport))))
 		})
 	}