Support uploading code scanning sarif

general/summary/cli.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/commandsummary"
 	"github.com/jfrog/jfrog-cli/utils/cliutils"
+	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"os"
 	"path/filepath"
 	"strings"
@@ -27,8 +28,8 @@ const (
 )
 
 const (
-	JfrogCliSummaryDir = "jfrog-command-summary"
-	MarkdownFileName   = "markdown.md"
+	markdownFileName   = "markdown.md"
+	finalSarifFileName = "final.sarif"
 )
 
 var markdownSections = []MarkdownSection{Security, BuildInfo, Upload}
@@ -37,13 +38,21 @@ func (ms MarkdownSection) String() string {
 	return string(ms)
 }
 
-// GenerateSummaryMarkdown creates a summary of recorded CLI commands in Markdown format.
-func GenerateSummaryMarkdown(c *cli.Context) error {
+func FinalizeCommandSummaries(c *cli.Context) error {
 	if !shouldGenerateSummary() {
 		return fmt.Errorf("unable to generate the command summary because the output directory is not specified."+
 			" Please ensure that the environment variable '%s' is set before running your commands to enable summary generation", coreutils.SummaryOutputDirPathEnv)
 	}
 
+	if err := generateSummaryMarkdown(c); err != nil {
+		return err
+	}
+
+	return aggregatedCodeScanningSarifs()
+}
+
+// generateSummaryMarkdown creates a summary of recorded CLI commands in Markdown format.
+func generateSummaryMarkdown(c *cli.Context) error {
 	// Get URL and Version to generate summary links
 	serverUrl, majorVersion, err := extractServerUrlAndVersion(c)
 	if err != nil {
@@ -71,6 +80,26 @@ func GenerateSummaryMarkdown(c *cli.Context) error {
 	return saveMarkdownToFileSystem(finalMarkdown)
 }
 
+func aggregatedCodeScanningSarifs() error {
+	files, err := getSarifFiles()
+	if err != nil {
+		return err
+	}
+	if len(files) == 0 {
+		log.Debug("No sarif reports were found")
+		return nil
+	}
+	finalSarif, err := securityUtils.CombineSarifOutputFiles(files)
+	if err != nil {
+		return err
+	}
+	return saveFinalSarifToFileSystem(string(finalSarif))
+}
+
+func getSarifReportsDir() string {
+	return filepath.Join(os.Getenv(coreutils.SummaryOutputDirPathEnv), commandsummary.OutputDirName, string(Security), string(commandsummary.SarifReport))
+}
+
 // The CLI generates summaries in sections, with each section as a separate Markdown file.
 // This function merges all sections into a single Markdown file and saves it in the root of the
 // command summary output directory.
@@ -93,23 +122,29 @@ func saveMarkdownToFileSystem(finalMarkdown string) (err error) {
 	if finalMarkdown == "" {
 		return nil
 	}
-	filePath := filepath.Join(os.Getenv(coreutils.SummaryOutputDirPathEnv), JfrogCliSummaryDir, MarkdownFileName)
+	filePath := filepath.Join(os.Getenv(coreutils.SummaryOutputDirPathEnv), commandsummary.OutputDirName, markdownFileName)
+	return saveFile(finalMarkdown, filePath)
+}
+
+func saveFile(content, filePath string) (err error) {
+	if content == "" {
+		return nil
+	}
 	file, err := os.Create(filePath)
 	if err != nil {
-		return fmt.Errorf("error creating markdown file: %w", err)
+		return err
 	}
 	defer func() {
 		err = errors.Join(err, file.Close())
 	}()
-	// Write to file
-	if _, err := file.WriteString(finalMarkdown); err != nil {
-		return fmt.Errorf("error writing to markdown file: %w", err)
+	if _, err = file.WriteString(content); err != nil {
+		return err
 	}
 	return nil
 }
 
 func getSectionMarkdownContent(section MarkdownSection) (string, error) {
-	sectionFilepath := filepath.Join(os.Getenv(coreutils.SummaryOutputDirPathEnv), JfrogCliSummaryDir, string(section), MarkdownFileName)
+	sectionFilepath := filepath.Join(os.Getenv(coreutils.SummaryOutputDirPathEnv), commandsummary.OutputDirName, string(section), markdownFileName)
 	if _, err := os.Stat(sectionFilepath); os.IsNotExist(err) {
 		return "", nil
 	}
@@ -124,6 +159,28 @@ func getSectionMarkdownContent(section MarkdownSection) (string, error) {
 	return string(contentBytes), nil
 }
 
+func getSarifFiles() (files []string, err error) {
+	sarifsDir := getSarifReportsDir()
+	exists, err := fileutils.IsDirExists(sarifsDir, false)
+	if err != nil || !exists {
+		return
+	}
+	entries, err := os.ReadDir(sarifsDir)
+	if err != nil {
+		return
+	}
+
+	for _, entry := range entries {
+		files = append(files, filepath.Join(sarifsDir, entry.Name()))
+	}
+	return
+}
+
+func saveFinalSarifToFileSystem(finalSarif string) (err error) {
+	filePath := filepath.Join(getSarifReportsDir(), finalSarifFileName)
+	return saveFile(finalSarif, filePath)
+}
+
 // Initiate the desired command summary implementation and invoke its Markdown generation.
 func invokeSectionMarkdownGeneration(section MarkdownSection) error {
 	switch section {
@@ -216,7 +273,7 @@ func processScan(index commandsummary.Index, filePath string, scannedName string
 
 // shouldGenerateUploadSummary checks if upload summary should be generated.
 func shouldGenerateUploadSummary() (bool, error) {
-	buildInfoPath := filepath.Join(os.Getenv(coreutils.SummaryOutputDirPathEnv), JfrogCliSummaryDir, string(BuildInfo))
+	buildInfoPath := filepath.Join(os.Getenv(coreutils.SummaryOutputDirPathEnv), commandsummary.OutputDirName, string(BuildInfo))
 	if _, err := os.Stat(buildInfoPath); os.IsNotExist(err) {
 		return true, nil
 	}

go.mod

@@ -173,7 +173,7 @@ require (
 
 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eyaldelarea/jfrog-cli-core/v2 v2.0.0-20240829171158-7b0f89df2c0c
 
-// replace github.com/jfrog/jfrog-cli-security => github.com/attiasas/jfrog-cli-security v0.0.0-20240829151632-3a7a90969eca
+replace github.com/jfrog/jfrog-cli-security => github.com/attiasas/jfrog-cli-security v0.0.0-20240903164907-0f3299bf4919
 
 // replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240806162439-01bb7dcd43fc
 

go.sum

@@ -641,6 +641,8 @@ github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/attiasas/jfrog-cli-security v0.0.0-20240903164907-0f3299bf4919 h1:cZU6b0oBq9olw4jZ+n5eoPEhhubZCdjKaZqoMbPNPCA=
+github.com/attiasas/jfrog-cli-security v0.0.0-20240903164907-0f3299bf4919/go.mod h1:4eztJ+gBb7Xtq/TtnOvIodBOMZutPIAZOuLxqHWXrOo=
 github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs=
 github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA=
 github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
@@ -945,8 +947,6 @@ github.com/jfrog/jfrog-cli-core/v2 v2.55.6 h1:3tQuEdYgS2q7fkrrSG66OnO0S998FXGaY9
 github.com/jfrog/jfrog-cli-core/v2 v2.55.6/go.mod h1:DPO5BfWAeOByahFMMy+PcjmbPlcyoRy7Bf2C5sGKVi0=
 github.com/jfrog/jfrog-cli-platform-services v1.3.0 h1:IblSDZFBjL7WLRi37Ni2DmHrXJJ6ysSMxx7t41AvyDA=
 github.com/jfrog/jfrog-cli-platform-services v1.3.0/go.mod h1:Ky4SDXuMeaiNP/5zMT1YSzIuXG+cNYYOl8BaEA7Awbc=
-github.com/jfrog/jfrog-cli-security v1.7.2 h1:Kvabj/6LhM+WEb6woIqqbv2VmIj69IFwz859Sys1Tgs=
-github.com/jfrog/jfrog-cli-security v1.7.2/go.mod h1:4eztJ+gBb7Xtq/TtnOvIodBOMZutPIAZOuLxqHWXrOo=
 github.com/jfrog/jfrog-client-go v1.46.1 h1:ExqOF8ClOG9LO3vbm6jTIwQHHhprbu8lxB2RrM6mMI0=
 github.com/jfrog/jfrog-client-go v1.46.1/go.mod h1:UCu2JNBfMp9rypEmCL84DCooG79xWIHVadZQR3Ab+BQ=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=

main.go

@@ -300,7 +300,7 @@ func getCommands() ([]cli.Command, error) {
 			Usage:    summaryDocs.GetDescription(),
 			HelpName: corecommon.CreateUsage("gsm", summaryDocs.GetDescription(), summaryDocs.Usage),
 			Category: otherCategory,
-			Action:   summary.GenerateSummaryMarkdown,
+			Action:   summary.FinalizeCommandSummaries,
 		},
 	}