1. save osa dependencies json to workspace instead of temp dir

2. change the title and tooltip of  osaInstallBeforeScan property

src/main/java/com/checkmarx/jenkins/opensourceanalysis/OsaScannerCallable.java

@@ -1,12 +1,16 @@
 package com.checkmarx.jenkins.opensourceanalysis;
 
+import com.checkmarx.jenkins.CxScanBuilder;
 import hudson.FilePath;
+import hudson.model.TaskListener;
 import hudson.remoting.VirtualChannel;
+import org.apache.commons.io.FileUtils;
 import org.whitesource.fs.ComponentScan;
 
 import java.io.File;
 import java.io.IOException;
 import java.io.Serializable;
+import java.nio.charset.Charset;
 import java.util.Properties;
 
 
@@ -15,14 +19,26 @@ public class OsaScannerCallable implements FilePath.FileCallable<String>, Serial
     private static final long serialVersionUID = 1L;
 
     private Properties scannerProperties;
+    private  TaskListener listener;
 
-    public OsaScannerCallable(Properties scannerProperties){
-        this.scannerProperties = scannerProperties;}
+    public OsaScannerCallable(Properties scannerProperties, TaskListener listener){
+        this.scannerProperties = scannerProperties;
+        this.listener = listener;
+    }
 
     @Override
     public String invoke(File file, VirtualChannel channel) throws IOException, InterruptedException {
-            scannerProperties.put("d", file.getAbsolutePath());
-            ComponentScan componentScan = new ComponentScan(scannerProperties);
-            return componentScan.scan();
+        scannerProperties.put("d", file.getAbsolutePath());
+        ComponentScan componentScan = new ComponentScan(scannerProperties);
+        String dependenciesJson = componentScan.scan();
+        File dependenciesFile = new File(file.getAbsolutePath(), CxScanBuilder.REPORTS_FOLDER + "/OSADependencies.json");
+        try {
+            FileUtils.writeStringToFile(dependenciesFile, dependenciesJson, Charset.defaultCharset());
+            listener.getLogger().println("OSA dependencies saved to file: ["+dependenciesFile.getAbsolutePath()+"]");
+        } catch (Exception e) {
+            listener.getLogger().println("Failed to write osa dependencies json to file: " + e.getMessage());
+        }
+
+        return dependenciesJson;
     }
 }

src/main/java/com/checkmarx/jenkins/opensourceanalysis/ScanService.java

@@ -5,12 +5,8 @@
 import com.checkmarx.jenkins.filesystem.FolderPattern;
 import com.checkmarx.jenkins.logger.CxPluginLogger;
 import hudson.FilePath;
-import hudson.model.TaskListener;
-import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang3.StringUtils;
 
-import java.io.File;
-import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
@@ -35,8 +31,10 @@ public class ScanService {
     private ScanSender scanSender;
     private LibrariesAndCVEsExtractor librariesAndCVEsExtractor;
     private boolean runInstallBeforeScan;
+    private ScanServiceTools scanServiceTools;
 
     public ScanService(ScanServiceTools scanServiceTools) {
+        this.scanServiceTools = scanServiceTools;
         this.dependencyFolder = scanServiceTools.getDependencyFolder();
         this.webServiceClient = scanServiceTools.getWebServiceClient();
         this.workspace = scanServiceTools.getWorkspace();
@@ -62,10 +60,9 @@ public OsaScanResult scan(boolean asynchronousScan) {
 
             String combinedFilterPattern = folderPattern.generatePattern(dependencyFolder.getInclude(), dependencyFolder.getExclude());
             Properties scannerProperties = generateOSAScanConfiguration(combinedFilterPattern, dependencyFolder.getArchiveIncludePatterns(), runInstallBeforeScan);
-            OsaScannerCallable scannerCallable = new OsaScannerCallable(scannerProperties);
+            OsaScannerCallable scannerCallable = new OsaScannerCallable(scannerProperties, scanServiceTools.getListener());
             logger.info("Scanning for OSA compatible files");
             String osaDependenciesJson = workspace.act(scannerCallable);
-            writeToOsaListToTemp(osaDependenciesJson);
 
             if (asynchronousScan) {
                 logger.info(OSA_RUN_SUBMITTED);
@@ -87,16 +84,6 @@ public OsaScanResult scan(boolean asynchronousScan) {
         return osaScanResult;
     }
 
-    private void writeToOsaListToTemp(String osaDependenciesJson) {
-        try {
-            File temp = new File(FileUtils.getTempDirectory(), "CxOSAFileList.json");
-            FileUtils.writeStringToFile(temp, osaDependenciesJson, Charset.defaultCharset());
-            logger.info("OSA file list saved to file: ["+temp.getAbsolutePath()+"]");
-        } catch (Exception e) {
-            logger.info("Failed to write OSA file list to temp directory: " + e.getMessage());
-        }
-    }
-
     private boolean validLicense() {
         return webServiceClient.isOsaLicenseValid();
     }

src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly

@@ -123,7 +123,7 @@
             <f:entry title="Archive extract patterns" field="osaArchiveIncludePatterns">
                 <f:textbox default="${descriptor.DEFAULT_OSA_ARCHIVE_INCLUDE_PATTERNS}"/>
             </f:entry>
-            <f:optionalBlock title="Install NPM and Bower before scan" inline="true" field="osaInstallBeforeScan" />
+            <f:optionalBlock title="Run NPM and Bower Install command before OSA scan" inline="true" field="osaInstallBeforeScan" />
         </f:optionalBlock>
       </f:section>
 

src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-osaInstallBeforeScan.html

@@ -1,3 +1,3 @@
 <div>
-    Checked in order to perform install command for NPM and Bower before initiate OSA scan
+    Recommended if scanning Node or Bower projects. Enable this option in order to execute npm install and bower install before OSA scan
 </div>