jfrog · eyalk007 · Sep 22, 2024 · Sep 22, 2024 · Sep 22, 2024
diff --git a/utils/resultstable.go b/utils/resultstable.go
@@ -392,16 +392,12 @@ func prepareSecrets(secrets []*sarif.Run, isTable bool) []formats.SourceCodeRow
 	return secretsRows
 }
 
-func PrintSecretsTable(secrets []*sarif.Run, entitledForSecretsScan bool, tokenValidationEnabled bool) error {
+func PrintSecretsTable(secrets []*sarif.Run, entitledForSecretsScan bool) error {
 	if entitledForSecretsScan {
 		secretsRows := prepareSecrets(secrets, true)
 		log.Output()
-		err := coreutils.PrintTable(formats.ConvertToSecretsTableRow(secretsRows), "Secret Detection",
+		return coreutils.PrintTable(formats.ConvertToSecretsTableRow(secretsRows), "Secret Detection",
 			"✨ No secrets were found ✨", false)
-		if err == nil && tokenValidationEnabled {
-			log.Output("This table contains multiple secret types, such as tokens, generic password, ssh keys and more, token validation is only supported on tokens.")
-		}
-		return err
 	}
 	return nil
 }

diff --git a/utils/resultwriter.go b/utils/resultwriter.go
@@ -141,7 +141,7 @@
 	case format.Json:
 		return PrintJson(rw.results.GetScaScansXrayResults())
 	case format.Sarif:
-		return PrintSarif(rw.results, rw.isMultipleRoots, rw.includeLicenses)
+		return PrintSarif(rw.results, rw.isMultipleRoots, rw.includeLicenses, rw.subScansPreformed, rw.results.ResultType)
 	}
 	return nil
 }
@@ -157,7 +157,7 @@
 		printMessage(coreutils.PrintTitle("The full scan results are available here: ") + coreutils.PrintLink(resultsPath))
 	}
 	log.Output()
-	if shouldPrintTable(rw.subScansPreformed, ScaScan, rw.results.ResultType) {
+	if isScanRequested(rw.subScansPreformed, ScaScan, rw.results.ResultType) {
 		if rw.hasViolationContext {
 			if err = PrintViolationsTable(violations, rw.results, rw.isMultipleRoots, rw.printExtended); err != nil {
 				return
@@ -174,23 +174,23 @@
 			}
 		}
 	}
-	if shouldPrintTable(rw.subScansPreformed, SecretsScan, rw.results.ResultType) {
-		if err = PrintSecretsTable(rw.results.ExtendedScanResults.SecretsScanResults, rw.results.ExtendedScanResults.EntitledForJas, rw.results.ExtendedScanResults.SecretValidation); err != nil {
+	if isScanRequested(rw.subScansPreformed, SecretsScan, rw.results.ResultType) {
+		if err = PrintSecretsTable(rw.results.ExtendedScanResults.SecretsScanResults, rw.results.ExtendedScanResults.EntitledForJas); err != nil {
 			return
 		}
 	}
-	if shouldPrintTable(rw.subScansPreformed, IacScan, rw.results.ResultType) {
+	if isScanRequested(rw.subScansPreformed, IacScan, rw.results.ResultType) {
 		if err = PrintIacTable(rw.results.ExtendedScanResults.IacScanResults, rw.results.ExtendedScanResults.EntitledForJas); err != nil {
 			return
 		}
 	}
-	if !shouldPrintTable(rw.subScansPreformed, SastScan, rw.results.ResultType) {
+	if !isScanRequested(rw.subScansPreformed, SastScan, rw.results.ResultType) {
 		return nil
 	}
 	return PrintSastTable(rw.results.ExtendedScanResults.SastScanResults, rw.results.ExtendedScanResults.EntitledForJas)
 }
 
-func shouldPrintTable(requestedScans []SubScanType, subScan SubScanType, scanType CommandType) bool {
+func isScanRequested(requestedScans []SubScanType, subScan SubScanType, scanType CommandType) bool {
 	if scanType.IsTargetBinary() && (subScan == IacScan || subScan == SastScan) {
 		return false
 	}
@@ -210,20 +210,27 @@
 	log.Output("💬" + message)
 }
 
-func GenerateSarifReportFromResults(results *Results, isMultipleRoots, includeLicenses bool, allowedLicenses []string) (report *sarif.Report, err error) {
+func appendRunsIfRequired(requestedScans []SubScanType, subScan SubScanType, scanType CommandType, results *Results, scanResults []*sarif.Run, report *sarif.Report) {
+	if isScanRequested(requestedScans, subScan, scanType) {
+		report.Runs = append(report.Runs, patchRunsToPassIngestionRules(subScan, results, scanResults...)...)
+	}
+}
+
+func GenerateSarifReportFromResults(results *Results, isMultipleRoots, includeLicenses bool, allowedLicenses []string, requestedScans []SubScanType, scanType CommandType) (report *sarif.Report, err error) {
 	report, err = sarifutils.NewReport()
 	if err != nil {
 		return
 	}
+
 	xrayRun, err := convertXrayResponsesToSarifRun(results, isMultipleRoots, includeLicenses, allowedLicenses)
 	if err != nil {
 		return
 	}
 
-	report.Runs = append(report.Runs, patchRunsToPassIngestionRules(ScaScan, results, xrayRun)...)
-	report.Runs = append(report.Runs, patchRunsToPassIngestionRules(IacScan, results, results.ExtendedScanResults.IacScanResults...)...)
-	report.Runs = append(report.Runs, patchRunsToPassIngestionRules(SecretsScan, results, results.ExtendedScanResults.SecretsScanResults...)...)
-	report.Runs = append(report.Runs, patchRunsToPassIngestionRules(SastScan, results, results.ExtendedScanResults.SastScanResults...)...)
+	appendRunsIfRequired(requestedScans, ScaScan, scanType, results, []*sarif.Run{xrayRun}, report)
+	appendRunsIfRequired(requestedScans, IacScan, scanType, results, results.ExtendedScanResults.IacScanResults, report)
+	appendRunsIfRequired(requestedScans, SecretsScan, scanType, results, results.ExtendedScanResults.SecretsScanResults, report)
+	appendRunsIfRequired(requestedScans, SastScan, scanType, results, results.ExtendedScanResults.SastScanResults, report)
 
 	return
 }
@@ -766,7 +773,7 @@
 // * Layer: <HASH>
 // * Filepath: <PATH>
 // * Evidence: <Snippet>
 func getBinaryLocationMarkdownString(commandType CommandType, subScanType SubScanType, location *sarif.Location, result *sarif.Result) (content string) {
 	if location == nil {
 		return ""
 	}
@@ -788,9 +795,6 @@
 	if snippet := sarifutils.GetLocationSnippet(location); snippet != "" {
 		content += fmt.Sprintf("\nEvidence: %s", snippet)
 	}
-	if tokenValidation := GetResultPropertyTokenValidation(result); tokenValidation != "" {
-		content += fmt.Sprintf("\nToken Validation %s", tokenValidation)
-	}
 	return
 }
 
@@ -927,8 +931,8 @@
 	return nil
 }
 
-func PrintSarif(results *Results, isMultipleRoots, includeLicenses bool) error {
-	sarifReport, err := GenerateSarifReportFromResults(results, isMultipleRoots, includeLicenses, nil)
+func PrintSarif(results *Results, isMultipleRoots, includeLicenses bool, subScans []SubScanType, commandType CommandType) error {
+	sarifReport, err := GenerateSarifReportFromResults(results, isMultipleRoots, includeLicenses, nil, subScans, commandType)
 	if err != nil {
 		return err
 	}

diff --git a/utils/securityJobSummary.go b/utils/securityJobSummary.go
@@ -187,10 +187,9 @@
 		log.Info("Results can be uploaded to Github security tab automatically by upgrading your JFrog subscription.")
 		return
 	}
-	sarifReport, err := GenerateSarifReportFromResults(cmdResults, true, false, nil)
-	if err != nil {
-		return err
-	}
+
+	sarifReport, err := GenerateSarifReportFromResults(cmdResults, true, false, nil, []SubScanType{}, cmdResults.ResultType)
+
 	out, err := JSONMarshalNotEscaped(sarifReport)
 	if err != nil {
 		return errorutils.CheckError(err)