CM-32031 - Add Open-source Threats (SCA) support

CHANGELOG.md

@@ -4,6 +4,10 @@
 
 ## [Unreleased]
 
+## [1.2.0] - 2024-02-01
+
+- Add Open-source Threats (SCA) support
+
 ## [1.1.5] - 2024-02-01
 
 - Fix external annotator for registered languages
@@ -39,6 +43,8 @@
 
 The first public release of the plugin.
 
+[1.2.0]: https://github.com/cycodehq/intellij-platform-plugin/releases/tag/v1.2.0
+
 [1.1.5]: https://github.com/cycodehq/intellij-platform-plugin/releases/tag/v1.1.5
 
 [1.1.4]: https://github.com/cycodehq/intellij-platform-plugin/releases/tag/v1.1.4
@@ -55,4 +61,4 @@ The first public release of the plugin.
 
 [1.0.0]: https://github.com/cycodehq/intellij-platform-plugin/releases/tag/v1.0.0
 
-[Unreleased]: https://github.com/cycodehq/intellij-platform-plugin/compare/v1.1.5...HEAD
+[Unreleased]: https://github.com/cycodehq/intellij-platform-plugin/compare/v1.2.0...HEAD

README.md

@@ -9,31 +9,36 @@ significantly help businesses avoid costly repairs and potential complications d
 ## Features
 
 Cycode IntelliJ Platform Plugin scans your code for exposed secrets, passwords, tokens, keys, and other credentials, as
-well as open-source packages' vulnerabilities. The extension provides functionalities such as:
+well as open-source package`s vulnerabilities.
+The extension provides functionalities such as:
 
-* Cycode IntelliJ Platform Plugin scans your code for exposed secrets, passwords, tokens, keys, and other credentials.
-    * Coming soon: Open-source Threats (SCA), Code Security (SAST), and Infrastructure as Code).
+* Scanning your code for exposed secrets, passwords, tokens, keys, and other credentials.
+* Scanning your code for open-source package`s vulnerabilities.
 * Running a new scan from your IDE even before committing the code.
 * Triggering a scan automatically whenever a file is saved.
 * Highlighting vulnerable code in the editor - syntax highlighting for Cycode-specific code and configuration files,
   making it easy for users to identify and work with these files in their projects.
 * Removing a detected secret or ignoring it by secret value, rule (type) or by path.
+* Upgrading a detected vulnerable package or ignoring it by rule (type) or by path.
+
+Coming soon: Code Security (SAST), and Infrastructure as Code (IaC).
 
 ## Installation
 
 To install the Cycode IntelliJ Platform Plugin, follow these steps:
 
 1. Open the editor.
 2. Navigate to the Plugins Section:
-    1. In the left-hand sidebar of the Settings/Preferences dialog, select “Plugins”.
+    1. In the left-hand sidebar of the Settings/Preferences dialog, select "Plugins".
 3. Search for "Cycode" in the search bar:
-    1. In the “Plugins” section, you'll see a “Marketplace” tab. Click on this tab, and then use the search bar at the
-       top
-       to search for the plugin you wish to install.
+    1. In the "Plugins" section, you'll see a "Marketplace" tab.
+       Click on this tab, and then use the search bar at the top to search for the plugin you wish to install.
 4. Click on the "Install" button next to the Cycode plugin.
 5. Wait for the installation to complete.
 6. Restart the JetBrains editor.
 
+Alternatively, you can install the plugin from the plugin page: https://plugins.jetbrains.com/plugin/23079-cycode
+
 ## Authentication
 
 To authenticate the Cycode IntelliJ Platform Plugin, follow these steps:
@@ -44,7 +49,7 @@ To authenticate the Cycode IntelliJ Platform Plugin, follow these steps:
 
 ## Configuring the Plugin
 
-To configure the plugin go to the plugin settings to change the default settings:
+To configure the plugin, go to the plugin settings to change the default settings:
 
 1. In the Additional Parameters field, you can submit additional CLI parameters, such as `--verbose` mode for debugging
    purposes.
@@ -55,8 +60,8 @@ To configure the plugin go to the plugin settings to change the default settings
 5. Clear the Scan on Save option to prevent Cycode from scanning your code every time you save your work. Instead, use
    the Scan on-Demand option.
 
-Note: If the "Scan on Save File" option is enabled in the extension settings, Cycode will scan the file in focus (
-including manifest files, such as package.json and dockerfile) for hardcoded secrets.
+Note: If the "Scan on Save" option is enabled in the extension settings, Cycode will scan the file in focus
+(including manifest files, such as package.json and dockerfile) for hardcoded secrets.
 
 ## Usage
 
@@ -66,8 +71,8 @@ To use the Cycode IntelliJ Platform Plugin, follow these steps:
 2. Open a project that uses the Cycode platform.
 3. Open a file to scan.
     1. Press Ctrl+S or Cmd+S on Mac to save a file → A scan will automatically be triggered.
-    2. If the "Scan on Save File" option is enabled in the plugin settings, Cycode will scan the file in focus (
-       including manifest files, such as package.json and dockerfile) for hardcoded secrets.
+    2. If the "Scan on Save File" option is enabled in the plugin settings, Cycode will scan the file in focus
+       (including manifest files, such as package.json and dockerfile) for hardcoded secrets.
 4. Also applies for auto-save.
 5. Wait for the scan to complete and to display a success message.
 
@@ -81,8 +86,9 @@ To use the Cycode IntelliJ Platform Plugin, follow these steps:
 3. Hover over the violation to see the violation summary.
 4. To view the details of the violation, select it in the list.
 5. Next, choose how to address the detected violation(s) by selecting the Quick Fix button.
-6. If the violation is a secret, you can choose to ignore it - either by secret value, secret rule (i.e. secret type) or
-   the specific file. Note that Ignore occurs locally on the developer’s machine.
+6. If the violation is a secret, you can choose to ignore it — either by secret value,
+   secret rule (i.e., secret type) or the specific file.
+   Note that Ignore occurs locally on the developer’s machine.
 7. Go back to viewing the problem in the main window by clicking View problem.
 8. You can also view a summary of all the problems by selecting the Problems tab.
 
@@ -93,6 +99,7 @@ Cycode support team at support@cycode.com.
 
 ## License
 
-The Cycode IntelliJ Platform Plugin is released under the MIT license. See the LICENSE file for more details.
+The Cycode IntelliJ Platform Plugin is released under the MIT license.
+See the [LICENSE](https://github.com/cycodehq/intellij-platform-plugin/blob/main/LICENSE) file for more details.
 
 <!-- Plugin description end -->

gradle.properties

@@ -4,7 +4,7 @@ pluginGroup = com.cycode.plugin
 pluginName = Cycode
 pluginRepositoryUrl = https://github.com/cycodehq/intellij-platform-plugin
 # SemVer format -> https://semver.org
-pluginVersion = 1.1.5
+pluginVersion = 1.2.0
 
 # Supported build number ranges and IntelliJ Platform versions -> https://plugins.jetbrains.com/docs/intellij/build-number-ranges.html
 pluginSinceBuild = 211.1

src/main/kotlin/com/cycode/plugin/Consts.kt

@@ -27,7 +27,5 @@ class Consts {
         const val CLI_CHECK_NEW_VERSION_EVERY_SEC = 24 * 60 * 60 // 24 hours
         const val PLUGIN_AUTO_SAVE_FLUSH_INITIAL_DELAY_SEC = 0L
         const val PLUGIN_AUTO_SAVE_FLUSH_DELAY_SEC = 5L
-
-        const val EXPERIMENTAL_SCA_SUPPORT = false
     }
 }

src/main/kotlin/com/cycode/plugin/components/toolWindow/components/scanContentTab/ScanContentTab.kt

@@ -40,6 +40,15 @@ class ScanContentTab : Component<CycodeService>() {
                 insets = JBUI.insetsBottom(10)
                 fill = GridBagConstraints.HORIZONTAL
             })
+            add(JButton(CycodeBundle.message("scanTabScaBtn")).apply {
+                addActionListener {
+                    service.startScaScanForCurrentProject()
+                }
+            }, GridBagConstraints().apply {
+                gridy = 3
+                insets = JBUI.insetsBottom(10)
+                fill = GridBagConstraints.HORIZONTAL
+            })
             add(add(JPanel().apply {
                 add(createClickableLabel(CycodeBundle.message("scanTabOnSaveTip")))
             }), GridBagConstraints().apply {
@@ -56,20 +65,6 @@ class ScanContentTab : Component<CycodeService>() {
             })
         }
 
-        if (Consts.EXPERIMENTAL_SCA_SUPPORT) {
-            panel.apply {
-                add(JButton(CycodeBundle.message("scanTabScaBtn")).apply {
-                    addActionListener {
-                        service.startScaScanForCurrentProject()
-                    }
-                }, GridBagConstraints().apply {
-                    gridy = 3
-                    insets = JBUI.insetsBottom(10)
-                    fill = GridBagConstraints.HORIZONTAL
-                })
-            }
-        }
-
         return BorderedPanel().apply {
             add(panel, BorderLayout.NORTH)
         }

src/main/kotlin/com/cycode/plugin/listeners/FileSaveListener.kt

@@ -63,7 +63,7 @@ class FileSaveListener(private val project: Project) : FileDocumentManagerListen
         }
 
         val scaPathsToScan = excludeNonScaRelatedPaths(pathsToScan)
-        if (Consts.EXPERIMENTAL_SCA_SUPPORT && scaPathsToScan.isNotEmpty()) {
+        if (scaPathsToScan.isNotEmpty()) {
             scanScaFlush(scaPathsToScan)
         }
     }

src/main/kotlin/com/cycode/plugin/services/scanResultsFilters/ScaScanResultsFilter.kt

@@ -14,7 +14,7 @@ class ScaScanResultsFilter(scanResults: ScaScanResult) : ScanResultsFilterBase<S
     }
 
     override fun excludeByValue(value: String) {
-        throw NotImplementedError("ScaScanResultsFilter.excludeByValue is not supported")
+        // do nothing because we don't have a value field in SCA
     }
 
     override fun excludeByPath(path: String) {