Skip to content

Commit

Permalink
Add filters for Audit, Scan & Docker Scan (#1926)
Browse files Browse the repository at this point in the history
  • Loading branch information
@omerzi
omerzi committed May 3, 2023
1 parent 5a8d97a commit a8065da
Show file tree
Hide file tree
Showing 5 changed files with 81 additions and 52 deletions.
54 changes: 28 additions & 26 deletions documentation/CLI-for-JFrog-Xray.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -374,32 +374,34 @@ The command will detect the package manager used by the project automatically. I
> * The _**jf audit**_ command does not extract the internal content of the scanned depedencies. This means that if a package includes other vulnerable components, they may not be shown as part of the results. This is contrary to the _**jf scan**_ command, which drills down into the package content.
---

| | |
| --- | --- |
| **Command name** | audit |
| **Abbreviation** | aud |
| **Command options** | |
| --server-id | \[Optional\]<br><br>Server ID configured using the _jf c add_ command. If not specified, the default configured server is used. |
| --project | \[Optional\]<br><br>JFrog project key, to enable Xray to determine security violations accordingly. The command accepts this option only if the --repo-path and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities |
| --repo-path | \[Optional\]<br><br>Artifactory repository path in the form of &lt;repository&gt;/&lt;path in the repository&gt;, to enable Xray to determine violations accordingly. The command accepts this option only if the --project and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities |
| --watches | \[Optional\]<br><br>A comma separated list of Xray watches, to enable Xray to determine violations accordingly. The command accepts this option only if the --repo-path and --repo-path options are not provided. If none of the three options are provided, the command will show all known vulnerabilities |
| --licenses | \[Default: false\]<br><br>Set if you'd also like the list of licenses to be displayed. |
| --format | \[Default: table\]<br><br>Defines the output format of the command. Acceptable values are: table and json. |
| --fail | \[Default: true\]<br><br>Set to false if you do not wish the command to return exit code 3, even if the 'Fail Build' rule is matched by Xray. |
| --use-wrapper | \[Default: false\] \[Gradle\]<br><br>Set to true if you'd like to use the Gradle wrapper. |
| --dep-type | \[Default: all\] \[npm\]<br><br>Defines npm dependencies type. Possible values are: all, devOnly and prodOnly |
| --exclude-test-deps | \[Default: false\] \[Gradle\]<br><br>Set to true if you'd like to exclude Gradle test dependencies from Xray scanning. |
| --requirements-file | \[Optional\] \[Pip\]<br><br>Defines pip requirements file name. For example: 'requirements.txt' |
| --working-dirs | \[Optional\]<br><br>A comma separated list of relative working directories, to determine the audit targets locations. |
| --go | \[Default: false\]<br><br>Set to true to request audit for a Go project. |
| --gradle | \[Default: false\]<br><br>Set to true to request audit for a Gradle project. |
| --mvn | \[Default: false\]<br><br>Set to true to request audit for a Maven project. |
| --npm | \[Default: false\]<br><br>Set to true to request audit for a npm project. |
| --nuget | \[Default: false\]<br><br>Set to true to request audit for a .Net project. |
| --pip | \[Default: false\]<br><br>Set to true to request audit for a Pip project. |
| --pipenv | \[Default: false\]<br><br>Set to true to request audit for a Pipenv project. |
| --yarn | \[Default: false\]<br><br>Set to true to request audit for a Yarn 2+ project. |
| **Command arguments** | The command accepts no arguments |
| | |
|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Command name** | audit |
| **Abbreviation** | aud |
| **Command options** | |
| --server-id | \[Optional\]<br><br>Server ID configured using the _jf c add_ command. If not specified, the default configured server is used. |
| --project | \[Optional\]<br><br>JFrog project key, to enable Xray to determine security violations accordingly. The command accepts this option only if the --repo-path and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities |
| --repo-path | \[Optional\]<br><br>Artifactory repository path in the form of &lt;repository&gt;/&lt;path in the repository&gt;, to enable Xray to determine violations accordingly. The command accepts this option only if the --project and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities |
| --watches | \[Optional\]<br><br>A comma separated list of Xray watches, to enable Xray to determine violations accordingly. The command accepts this option only if the --repo-path and --repo-path options are not provided. If none of the three options are provided, the command will show all known vulnerabilities |
| --licenses | \[Default: false\]<br><br>Set if you'd also like the list of licenses to be displayed. |
| --format | \[Default: table\]<br><br>Defines the output format of the command. Acceptable values are: table and json. |
| --fail | \[Default: true\]<br><br>Set to false if you do not wish the command to return exit code 3, even if the 'Fail Build' rule is matched by Xray. |
| --use-wrapper | \[Default: false\] \[Gradle\]<br><br>Set to true if you'd like to use the Gradle wrapper. |
| --dep-type | \[Default: all\] \[npm\]<br><br>Defines npm dependencies type. Possible values are: all, devOnly and prodOnly |
| --exclude-test-deps | \[Default: false\] \[Gradle\]<br><br>Set to true if you'd like to exclude Gradle test dependencies from Xray scanning. |
| --requirements-file | \[Optional\] \[Pip\]<br><br>Defines pip requirements file name. For example: 'requirements.txt' |
| --working-dirs | \[Optional\]<br><br>A comma separated list of relative working directories, to determine the audit targets locations. |
| --fixable-only | \[Optional\]<br><br>Set to true if you wish to display issues which have a fix version only. |
| --min-severity | \[Optional\]<br><br>Set the minimum severity of issues to display. The following values are accepted: Low, Medium, High or Critical |
| --go | \[Default: false\]<br><br>Set to true to request audit for a Go project. |
| --gradle | \[Default: false\]<br><br>Set to true to request audit for a Gradle project. |
| --mvn | \[Default: false\]<br><br>Set to true to request audit for a Maven project. |
| --npm | \[Default: false\]<br><br>Set to true to request audit for a npm project. |
| --nuget | \[Default: false\]<br><br>Set to true to request audit for a .Net project. |
| --pip | \[Default: false\]<br><br>Set to true to request audit for a Pip project. |
| --pipenv | \[Default: false\]<br><br>Set to true to request audit for a Pipenv project. |
| --yarn | \[Default: false\]<br><br>Set to true to request audit for a Yarn 2+ project. |
| **Command arguments** | The command accepts no arguments |

#### **Output Example**

Expand Down
16 changes: 8 additions & 8 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ require (
github.com/buger/jsonparser v1.1.1
github.com/go-git/go-git/v5 v5.6.1
github.com/gocarina/gocsv v0.0.0-20230406101422-6445c2b15027
github.com/jfrog/build-info-go v1.9.2
github.com/jfrog/gofrog v1.2.5
github.com/jfrog/jfrog-cli-core/v2 v2.31.2
github.com/jfrog/jfrog-client-go v1.28.2
github.com/jfrog/build-info-go v1.9.3
github.com/jfrog/gofrog v1.3.0
github.com/jfrog/jfrog-cli-core/v2 v2.32.1
github.com/jfrog/jfrog-client-go v1.28.3
github.com/jszwec/csvutil v1.8.0
github.com/mholt/archiver/v3 v3.5.1
github.com/pkg/errors v0.9.1
Expand All @@ -32,7 +32,7 @@ require (
github.com/VividCortex/ewma v1.2.0 // indirect
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
github.com/acomagu/bufpipe v1.0.4 // indirect
github.com/andybalholm/brotli v1.0.1 // indirect
github.com/andybalholm/brotli v1.0.5 // indirect
github.com/c-bata/go-prompt v0.2.5 // indirect
github.com/cenkalti/backoff/v4 v4.2.0 // indirect
github.com/chzyer/readline v1.5.1 // indirect
Expand Down Expand Up @@ -121,8 +121,8 @@ require (

// replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230316095417-a9f6b73206d7

replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230430083747-590ae14f9dca
// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230430083747-590ae14f9dca

replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230501144900-694655cd7157
// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.15.3-0.20230503062157-2e0bc1df604c

replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27
//replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27
19 changes: 10 additions & 9 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,9 @@ github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ
github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=
github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
github.com/andybalholm/brotli v1.0.1 h1:KqhlKozYbRtJvsPrrEeXcO+N2l6NYT5A2QAFmSULpEc=
github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
Expand Down Expand Up @@ -238,14 +239,14 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i
github.com/jedib0t/go-pretty/v6 v6.4.6 h1:v6aG9h6Uby3IusSSEjHaZNXpHFhzqMmjXcPq1Rjl9Jw=
github.com/jedib0t/go-pretty/v6 v6.4.6/go.mod h1:Ndk3ase2CkQbXLLNf5QDHoYb6J9WtVfmHZu9n8rk2xs=
github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
github.com/jfrog/build-info-go v1.9.2 h1:gSX9PH3whFcAMtM9dlPxRE7u9YuYcx8IkfVXQKRjWw0=
github.com/jfrog/build-info-go v1.9.2/go.mod h1:hHXyLsG0SW1jQa4g6q8x2LGAvvX/MMqWVFTcIUAF2PI=
github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27 h1:jX3UD9qVfj9cuyOe7pN7LlB9JKH5A/3vctjnBpWCKsU=
github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230501144900-694655cd7157 h1:sLU1V+0DgFaacrWttIGPEQMYawpGR55M11uMO9N56no=
github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230501144900-694655cd7157/go.mod h1:pkkh6sYQkWgQTHwzLvfvrz+mBpBW3XCplumRGjAI5Vg=
github.com/jfrog/jfrog-client-go v1.28.1-0.20230430083747-590ae14f9dca h1:khI87cFWk8NKf8pJ2rs81V80KLN8Ex3EqEGbMP3VJG8=
github.com/jfrog/jfrog-client-go v1.28.1-0.20230430083747-590ae14f9dca/go.mod h1:X5LKqXKQByyxVvP/MpqYQZdR5eIvdoC6uyn6EtKw8H0=
github.com/jfrog/build-info-go v1.9.3 h1:ZpVcNM4hH+r6dK0ERdSNaizuZALPgSdE29Da1Iki1fo=
github.com/jfrog/build-info-go v1.9.3/go.mod h1:GbuFS+viHCKZYx9nWHYu7ab1DgQkFdtVN3BJPUNb2D4=
github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk=
github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
github.com/jfrog/jfrog-cli-core/v2 v2.32.1 h1:dsCMMX5H2J1/VcCqogWJjLqy+hlKpTEi4gy55w0etDw=
github.com/jfrog/jfrog-cli-core/v2 v2.32.1/go.mod h1:humz/0YFeD9P0T50QP2812AIKy8UNQ8OsWIfiHbdPM8=
github.com/jfrog/jfrog-client-go v1.28.3 h1:r/p1tZzaW0afLAk5LBbrcaW4nuL1fcQXpxr9BKfxrNc=
github.com/jfrog/jfrog-client-go v1.28.3/go.mod h1:xX+2RY7AZn9LtNOFlp5pEkWy/e0oCtCq/T/RNQ+dVIg=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/jszwec/csvutil v1.8.0 h1:G7vS2LGdpZZDH1HmHeNbxOaJ/ZnJlpwGFvOkTkJzzNk=
Expand Down

0 comments on commit a8065da

Please sign in to comment.