Checkmarx · checkmarx-kobi-hagmi · Apr 7, 2024 · Apr 8, 2024 · Apr 8, 2024 · Apr 8, 2024
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -30,7 +30,7 @@ permissions:
 
 jobs:
   build:
-    runs-on: macos-latest
+    runs-on: macos-13
     env:
       AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
       APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
@@ -62,12 +62,9 @@ jobs:
       - name: Install gon
         run: |
           brew install Bearer/tap/gon
-      - name: Install and start docker
+      - name: Setup Docker on macOS
         if: inputs.dev == false
-        run: |
-          brew install docker
-          colima start
-          sudo ln -sf $HOME/.colima/default/docker.sock /var/run/docker.sock
+        uses: douglascamata/setup-docker-macos-action@v1-alpha
       - name: Test docker
         if: inputs.dev == false
         run: |

diff --git a/.gitignore b/.gitignore
@@ -55,4 +55,8 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*dist/
-/dist
+/dist
+
+# Ignore CLI configuration files and installation log files
+**/colima-Darwin-x86_64
+**/install.log
diff --git a/Makefile b/Makefile
@@ -0,0 +1,11 @@
+.DEFAULT_GOAL := vet
+
+.PHONY:fmt vet build lint
+fmt:
+	go fmt ./...
+vet: fmt
+	go vet ./...
+build: vet
+	go build -o bin/cx.exe ./cmd
+lint: fmt
+	golangci-lint run -c .golangci.yml
diff --git a/README.md b/README.md
@@ -91,6 +91,15 @@ export GOOS=darwin
 export GOARCH=amd64
 go build -o ./bin/cx-mac ./cmd
 ```
+### Makefile
+For ease of use, a Makefile is provided to build the project for all platforms.
+
+Install Make for Mac: https://formulae.brew.sh/formula/make
+
+Install Make for Windows: https://sourceforge.net/projects/gnuwin32/files/make/3.81/make-3.81.exe/download
+
+Run the following command to build the project:
+``` make build ``` 
 
 ## Contribution
 We appreciate feedback and contribution to the CLI! Before you get started, please see the following:

diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/viper v1.18.2
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
 	golang.org/x/crypto v0.22.0
 	golang.org/x/text v0.14.0

diff --git a/go.sum b/go.sum
@@ -69,8 +69,9 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 h1:nrZ3ySNYwJbSpD6ce9duiP+QkD3JuLCcWkdaehUS/3Y=

diff --git a/internal/commands/.scripts/integration_up.sh b/internal/commands/.scripts/integration_up.sh
@@ -13,7 +13,7 @@ rm -rf ScaResolver-linux64.tar.gz
 go test \
   -tags integration \
   -v \
-  -timeout 90m \
+  -timeout 210m \
   -coverpkg github.com/checkmarx/ast-cli/internal/commands,github.com/checkmarx/ast-cli/internal/wrappers \
   -coverprofile cover.out \
   github.com/checkmarx/ast-cli/test/integration

diff --git a/internal/commands/.scripts/up.sh b/internal/commands/.scripts/up.sh
@@ -4,4 +4,4 @@ wget https://sca-downloads.s3.amazonaws.com/cli/latest/ScaResolver-linux64.tar.g
 tar -xzvf ScaResolver-linux64.tar.gz -C /tmp
 rm -rf ScaResolver-linux64.tar.gz
 # ignore mock and wrappers packages, as they checked by integration tests
-go test $(go list ./... | grep -v "mock" | grep -v "wrappers" | grep -v "bitbucketserver" | grep -v "logger") -coverprofile cover.out
+go test $(go list ./... | grep -v "mock" | grep -v "wrappers" | grep -v "bitbucketserver" | grep -v "logger") -timeout 940.000s -coverprofile cover.out
diff --git a/internal/commands/groups.go b/internal/commands/groups.go
@@ -74,7 +74,7 @@ func getGroupIds(groups []*wrappers.Group) []string {
 	return groupIds
 }
 
-func assignGroupsToProject(projectID string, projectName string, groups []*wrappers.Group,
+func assignGroupsToProjectNewAccessManagement(projectID string, projectName string, groups []*wrappers.Group,
 	accessManagement wrappers.AccessManagementWrapper) error {
 	if !wrappers.FeatureFlags[accessManagementEnabled] {
 		return nil

diff --git a/internal/commands/project.go b/internal/commands/project.go
@@ -22,18 +22,18 @@ import (
 )
 
 const (
-	failedCreatingProj = "Failed creating a project"
-	failedUpdatingProj = "Failed updating a project"
-
-	failedGettingProj     = "Failed getting a project"
-	failedDeletingProj    = "Failed deleting a project"
-	failedGettingBranches = "Failed getting branches for project"
-	failedFindingGroup    = "Failed finding groups"
-	projOriginLevel       = "Project"
-	repoConfKey           = "scan.handler.git.repository"
-	sshConfKey            = "scan.handler.git.sshKey"
-	mandatoryRepoURLError = "flag --repo-url is mandatory when --ssh-key is provided"
-	invalidRepoURL        = "provided repository url doesn't need a key. Make sure you are defining the right repository or remove the flag --ssh-key"
+	failedCreatingProj                  = "Failed creating a project"
+	failedUpdatingProj                  = "Failed updating a project"
+	failedProjectApplicationAssociation = "Failed association project to application"
+	failedGettingProj                   = "Failed getting a project"
+	failedDeletingProj                  = "Failed deleting a project"
+	failedGettingBranches               = "Failed getting branches for project"
+	failedFindingGroup                  = "Failed finding groups"
+	projOriginLevel                     = "Project"
+	repoConfKey                         = "scan.handler.git.repository"
+	sshConfKey                          = "scan.handler.git.sshKey"
+	mandatoryRepoURLError               = "flag --repo-url is mandatory when --ssh-key is provided"
+	invalidRepoURL                      = "provided repository url doesn't need a key. Make sure you are defining the right repository or remove the flag --ssh-key"
 )
 
 var (
@@ -291,7 +291,7 @@ func runCreateProjectCommand(
 				return errors.Wrapf(err, "%s", failedCreatingProj)
 			}
 		}
-		err = assignGroupsToProject(projResponseModel.ID, projResponseModel.Name, groups, accessManagementWrapper)
+		err = assignGroupsToProjectNewAccessManagement(projResponseModel.ID, projResponseModel.Name, groups, accessManagementWrapper)
 		if err != nil {
 			return err
 		}

diff --git a/internal/commands/result.go b/internal/commands/result.go
@@ -17,6 +17,7 @@ import (
 	"github.com/checkmarx/ast-cli/internal/commands/policymanagement"
 	"github.com/checkmarx/ast-cli/internal/commands/util"
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
+	applicationErrors "github.com/checkmarx/ast-cli/internal/errors"
 	"github.com/checkmarx/ast-cli/internal/logger"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
@@ -163,12 +164,32 @@ func NewResultsCommand(
 	showResultCmd := resultShowSubCommand(resultsWrapper, scanWrapper, resultsSbomWrapper, resultsPdfReportsWrapper, risksOverviewWrapper, policyWrapper)
 	codeBashingCmd := resultCodeBashing(codeBashingWrapper)
 	bflResultCmd := resultBflSubCommand(bflWrapper)
+	exitCodeSubcommand := exitCodeSubCommand(scanWrapper)
 	resultCmd.AddCommand(
-		showResultCmd, bflResultCmd, codeBashingCmd,
+		showResultCmd, bflResultCmd, codeBashingCmd, exitCodeSubcommand,
 	)
 	return resultCmd
 }
 
+func exitCodeSubCommand(scanWrapper wrappers.ScansWrapper) *cobra.Command {
+	exitCodeCmd := &cobra.Command{
+		Use:   "exit-code",
+		Short: "Get exit code and details of a scan",
+		Long:  "The exit-code command enables you to get the exit code and failure details of a requested scan in Checkmarx One.",
+		Example: heredoc.Doc(
+			`
+			$ cx results exit-code --scan-id <scan Id> --scan-types <sast | sca | iac-security | apisec>
+		`,
+		),
+		RunE: runGetExitCodeCommand(scanWrapper),
+	}
+
+	exitCodeCmd.PersistentFlags().String(commonParams.ScanIDFlag, "", "Scan ID")
+	exitCodeCmd.PersistentFlags().String(commonParams.ScanTypes, "", "Scan types")
+
+	return exitCodeCmd
+}
+
 func resultShowSubCommand(
 	resultsWrapper wrappers.ResultsWrapper,
 	scanWrapper wrappers.ScansWrapper,
@@ -252,6 +273,110 @@ func resultBflSubCommand(bflWrapper wrappers.BflWrapper) *cobra.Command {
 	return resultBflCmd
 }
 
+func runGetExitCodeCommand(scanWrapper wrappers.ScansWrapper) func(cmd *cobra.Command, args []string) error {
+	return func(cmd *cobra.Command, args []string) error {
+		scanID, _ := cmd.Flags().GetString(commonParams.ScanIDFlag)
+		if scanID == "" {
+			return errors.New(applicationErrors.ScanIDRequired)
+		}
+		scanTypesFlagValue, _ := cmd.Flags().GetString(commonParams.ScanTypes)
+		results, err := GetScannerResults(scanWrapper, scanID, scanTypesFlagValue)
+		if err != nil {
+			return err
+		}
+
+		if len(results) == 0 {
+			return nil
+		}
+
+		return printer.Print(cmd.OutOrStdout(), results, printer.FormatIndentedJSON)
+	}
+}
+
+func GetScannerResults(scanWrapper wrappers.ScansWrapper, scanID, scanTypesFlagValue string) ([]ScannerResponse, error) {
+	scanResponseModel, errorModel, err := scanWrapper.GetByID(scanID)
+	if err != nil {
+		return nil, errors.Wrapf(err, "%s", failedGetting)
+	}
+	if errorModel != nil {
+		return nil, errors.Errorf("%s: CODE: %d, %s", failedGettingScan, errorModel.Code, errorModel.Message)
+	}
+	results := getScannerResponse(scanTypesFlagValue, scanResponseModel)
+	return results, nil
+}
+
+func getScannerResponse(scanTypesFlagValue string, scanResponseModel *wrappers.ScanResponseModel) []ScannerResponse {
+	var results []ScannerResponse
+
+	if scanResponseModel.Status == wrappers.ScanCanceled ||
+		scanResponseModel.Status == wrappers.ScanRunning ||
+		scanResponseModel.Status == wrappers.ScanQueued ||
+		scanResponseModel.Status == wrappers.ScanCompleted {
+		result := ScannerResponse{
+			ScanID: scanResponseModel.ID,
+			Status: string(scanResponseModel.Status),
+		}
+		results = append(results, result)
+		return results
+	}
+
+	if scanTypesFlagValue == "" {
+		results = createAllFailedScannersResponse(scanResponseModel)
+	} else {
+		scanTypes := sanitizeScannerNames(scanTypesFlagValue)
+		results = createRequestedScannersResponse(scanTypes, scanResponseModel)
+	}
+
+	return results
+}
+
+func createRequestedScannersResponse(scanTypes map[string]string, scanResponseModel *wrappers.ScanResponseModel) []ScannerResponse {
+	var results []ScannerResponse
+	for i := range scanResponseModel.StatusDetails {
+		if _, ok := scanTypes[scanResponseModel.StatusDetails[i].Name]; ok {
+			results = append(results, createScannerResponse(&scanResponseModel.StatusDetails[i]))
+		}
+	}
+	return results
+}
+
+func createAllFailedScannersResponse(scanResponseModel *wrappers.ScanResponseModel) []ScannerResponse {
+	var results []ScannerResponse
+	for i := range scanResponseModel.StatusDetails {
+		if scanResponseModel.StatusDetails[i].Status == wrappers.ScanFailed {
+			results = append(results, createScannerResponse(&scanResponseModel.StatusDetails[i]))
+		}
+	}
+	return results
+}
+
+func sanitizeScannerNames(scanTypes string) map[string]string {
+	scanTypeSlice := strings.Split(scanTypes, ",")
+	scanTypeMap := make(map[string]string)
+	for i := range scanTypeSlice {
+		lowered := strings.ToLower(scanTypeSlice[i])
+		scanTypeMap[lowered] = lowered
+	}
+
+	return scanTypeMap
+}
+
+func createScannerResponse(statusDetails *wrappers.StatusInfo) ScannerResponse {
+	return ScannerResponse{
+		Name:      statusDetails.Name,
+		Status:    statusDetails.Status,
+		Details:   statusDetails.Details,
+		ErrorCode: stringifyErrorCode(statusDetails.ErrorCode),
+	}
+}
+
+func stringifyErrorCode(errorCode int) string {
+	if errorCode == 0 {
+		return ""
+	}
+	return strconv.Itoa(errorCode)
+}
+
 func runGetBestFixLocationCommand(bflWrapper wrappers.BflWrapper) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		var bflResponseModel *wrappers.BFLResponseModel
@@ -901,6 +1026,9 @@ func createReport(format,
 	resultsPdfReportsWrapper wrappers.ResultsPdfWrapper,
 	useSCALocalFlow bool,
 	retrySBOM int) error {
+	if printer.IsFormat(format, printer.FormatIndentedJSON) {
+		return nil
+	}
 	if printer.IsFormat(format, printer.FormatSarif) && isValidScanStatus(summary.Status, printer.FormatSarif) {
 		sarifRpt := createTargetName(targetFile, targetPath, printer.FormatSarif)
 		return exportSarifResults(sarifRpt, results)
@@ -1862,3 +1990,11 @@ func filterViolatedRules(policyModel wrappers.PolicyResponseModel) *wrappers.Pol
 	policyModel.Policies = policyModel.Policies[:i]
 	return &policyModel
 }
+
+type ScannerResponse struct {
+	ScanID    string `json:"ScanID,omitempty"`
+	Name      string `json:"Name,omitempty"`
+	Status    string `json:"Status,omitempty"`
+	Details   string `json:"Details,omitempty"`
+	ErrorCode string `json:"ErrorCode,omitempty"`
+}