From 5bc1f9a7d24858d74385c2f7b578c06b943d2935 Mon Sep 17 00:00:00 2001 From: attiasas Date: Tue, 4 Nov 2025 15:32:10 +0200 Subject: [PATCH 1/2] Add validation error if required package not installed for the AM --- cli/gitcommands.go | 3 +++ cli/scancommands.go | 4 ++++ cli/utils.go | 10 ++++++++++ jas/analyzermanager.go | 13 +++++++++++++ 4 files changed, 30 insertions(+) diff --git a/cli/gitcommands.go b/cli/gitcommands.go index f79292002..bb2290e9e 100644 --- a/cli/gitcommands.go +++ b/cli/gitcommands.go @@ -64,6 +64,9 @@ func GitAuditCmd(c *components.Context) error { if subScans, err := getSubScansToPreform(c); err != nil { return err } else if len(subScans) > 0 { + if err := validateAnalyzerManagerRequirements(subScans); err != nil { + return err + } gitAuditCmd.SetScansToPerform(subScans) } if threads, err := pluginsCommon.GetThreadsCount(c); err != nil { diff --git a/cli/scancommands.go b/cli/scancommands.go index f6319d935..d95db4302 100644 --- a/cli/scancommands.go +++ b/cli/scancommands.go @@ -415,6 +415,10 @@ func AuditCmd(c *components.Context) error { auditCmd.SetScansToPerform(subScans) } + if err := validateAnalyzerManagerRequirements(auditCmd.ScansToPerform()); err != nil { + return err + } + // Validate that there is a sast scan before setting the sast rules if sastRulesFile := c.GetStringFlagValue(flags.AddSastRules); sastRulesFile != "" { // Check if file exists diff --git a/cli/utils.go b/cli/utils.go index 2f57276a2..6835c30c2 100644 --- a/cli/utils.go +++ b/cli/utils.go @@ -3,6 +3,7 @@ package cli import ( "fmt" "os" + "slices" "strings" "github.com/jfrog/jfrog-cli-core/v2/common/cliutils" @@ -16,6 +17,7 @@ import ( "github.com/jfrog/jfrog-client-go/utils/io/fileutils" "github.com/jfrog/jfrog-client-go/utils/log" + "github.com/jfrog/jfrog-cli-security/jas" "github.com/jfrog/jfrog-cli-security/sca/bom" "github.com/jfrog/jfrog-cli-security/sca/bom/buildinfo" "github.com/jfrog/jfrog-cli-security/sca/bom/xrayplugin" @@ -85,6 +87,14 @@ func getSubScansToPreform(c *components.Context) (subScans []utils.SubScanType, return } +func validateAnalyzerManagerRequirements(subScans []utils.SubScanType) error { + if len(subScans) != 0 && (!slices.Contains(subScans, utils.SecretsScan) && !slices.Contains(subScans, utils.ContextualAnalysisScan) && !slices.Contains(subScans, utils.IacScan) && !slices.Contains(subScans, utils.SastScan)) { + // No analyzer manager related sub-scan is requested + return nil + } + return jas.ValidateRequiredInstalledSoftware() +} + func shouldAddSubScan(subScan utils.SubScanType, c *components.Context) bool { return c.GetBoolFlagValue(subScan.String()) || (subScan == utils.ContextualAnalysisScan && c.GetBoolFlagValue(flags.Sca) && !c.GetBoolFlagValue(flags.WithoutCA)) || (subScan == utils.SecretTokenValidationScan && c.GetBoolFlagValue(flags.Secrets) && c.GetBoolFlagValue(flags.SecretValidation)) diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index e8f78bafe..07c0e1307 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -57,6 +57,10 @@ const ( type JasDiffScanEnvValue string +var scannersRequiredInstalledSoftwares = []string{ + "git", "unzip", "curl", +} + var exitCodeErrorsMap = map[int]string{ notEntitledExitCode: "got not entitled error from analyzer manager", unsupportedCommandExitCode: "got unsupported scan command error from analyzer manager", @@ -212,3 +216,12 @@ func DownloadAnalyzerManagerIfNeeded(threadId int) error { } return utils.DownloadResourceFromPlatformIfNeeded("Analyzer Manager", downloadPath, analyzerManagerDir, AnalyzerManagerZipName, true, threadId) } + +func ValidateRequiredInstalledSoftware() (err error) { + for _, software := range scannersRequiredInstalledSoftwares { + if softwarePath, e := exec.LookPath(software); e != nil || softwarePath == "" { + err = errors.Join(err, fmt.Errorf("could not find the required '%s' executable in the system PATH to run the Advanced Security Scans", software)) + } + } + return +} From 1acba2de3d9e0c02d5f3b0b3cbf124b4cd38efc0 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 23 Nov 2025 12:01:35 +0200 Subject: [PATCH 2/2] fix static tests --- go.mod | 3 --- go.sum | 4 ++-- jas/analyzermanager.go | 4 ++-- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 9ed9ea9cf..681a1c414 100644 --- a/go.mod +++ b/go.mod @@ -2,9 +2,6 @@ module github.com/jfrog/jfrog-cli-security go 1.24.6 -// TODO: update xray-scan lib to latest version that supports CycloneDX v0.9.3 (not yet released) -replace github.com/CycloneDX/cyclonedx-go => github.com/CycloneDX/cyclonedx-go v0.9.2 - require ( github.com/CycloneDX/cyclonedx-go v0.9.3 github.com/beevik/etree v1.4.0 diff --git a/go.sum b/go.sum index 1454a6be4..ac4c57e7a 100644 --- a/go.sum +++ b/go.sum @@ -4,8 +4,8 @@ dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= -github.com/CycloneDX/cyclonedx-go v0.9.2 h1:688QHn2X/5nRezKe2ueIVCt+NRqf7fl3AVQk+vaFcIo= -github.com/CycloneDX/cyclonedx-go v0.9.2/go.mod h1:vcK6pKgO1WanCdd61qx4bFnSsDJQ6SbM2ZuMIgq86Jg= +github.com/CycloneDX/cyclonedx-go v0.9.3 h1:Pyk/lwavPz7AaZNvugKFkdWOm93MzaIyWmBwmBo3aUI= +github.com/CycloneDX/cyclonedx-go v0.9.3/go.mod h1:vcK6pKgO1WanCdd61qx4bFnSsDJQ6SbM2ZuMIgq86Jg= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index 07c0e1307..1c493b573 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -57,7 +57,7 @@ const ( type JasDiffScanEnvValue string -var scannersRequiredInstalledSoftwares = []string{ +var scannersRequiredInstalledSoftware = []string{ "git", "unzip", "curl", } @@ -218,7 +218,7 @@ func DownloadAnalyzerManagerIfNeeded(threadId int) error { } func ValidateRequiredInstalledSoftware() (err error) { - for _, software := range scannersRequiredInstalledSoftwares { + for _, software := range scannersRequiredInstalledSoftware { if softwarePath, e := exec.LookPath(software); e != nil || softwarePath == "" { err = errors.Join(err, fmt.Errorf("could not find the required '%s' executable in the system PATH to run the Advanced Security Scans", software)) }