diff --git a/go.mod b/go.mod index 0bd474cf8..871454841 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -// replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security dev +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240909104247-15299a2d33cd // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index ba1dca8ef..c4d1ac8c3 100644 --- a/go.sum +++ b/go.sum @@ -901,8 +901,6 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-core/v2 v2.55.7 h1:V4dO2FMNIH49lov3dMj3jYRg8KBTG7hyhHI8ftYByf8= github.com/jfrog/jfrog-cli-core/v2 v2.55.7/go.mod h1:DPO5BfWAeOByahFMMy+PcjmbPlcyoRy7Bf2C5sGKVi0= -github.com/jfrog/jfrog-cli-security v1.8.0 h1:jp/AVaQcItUNXRCud5PMyl8VVjPuzfrNHJWQvWAMnms= -github.com/jfrog/jfrog-cli-security v1.8.0/go.mod h1:DjufYZpsTwILOFJlx7tR/y63oLBRmtPtFIz1WgiP/X4= github.com/jfrog/jfrog-client-go v1.46.1 h1:ExqOF8ClOG9LO3vbm6jTIwQHHhprbu8lxB2RrM6mMI0= github.com/jfrog/jfrog-client-go v1.46.1/go.mod h1:UCu2JNBfMp9rypEmCL84DCooG79xWIHVadZQR3Ab+BQ= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA= @@ -978,6 +976,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= +github.com/orz25/jfrog-cli-security v0.0.0-20240909104247-15299a2d33cd h1:e3W26K/1izEmV2qCKT8EDIZ9yeXu6ov9Yj5CUQRhOGs= +github.com/orz25/jfrog-cli-security v0.0.0-20240909104247-15299a2d33cd/go.mod h1:XwKj88I0ftqVlmnH/CyycD3ZDymg/KCSqC4SS/7//jQ= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= diff --git a/integrationutils.go b/integrationutils.go index 230fb93c4..c8538f0e5 100644 --- a/integrationutils.go +++ b/integrationutils.go @@ -229,7 +229,7 @@ func validateGitHubComments(t *testing.T, ctx context.Context, client *vcsclient reviewComments, err := client.ListPullRequestReviewComments(ctx, testDetails.RepoOwner, testDetails.RepoName, prID) assert.NoError(t, err) - assert.GreaterOrEqual(t, len(reviewComments), 9) + assert.GreaterOrEqual(t, len(reviewComments), 11) } func validateAzureComments(t *testing.T, comments []vcsclient.CommentInfo) { diff --git a/scanpullrequest/scanpullrequest.go b/scanpullrequest/scanpullrequest.go index 7d41082e0..ecc1634cb 100644 --- a/scanpullrequest/scanpullrequest.go +++ b/scanpullrequest/scanpullrequest.go @@ -287,11 +287,15 @@ func getNewlyAddedIssues(targetResults, sourceResults *securityutils.Results, al func createNewSourceCodeRows(targetResults, sourceResults []formats.SourceCodeRow) []formats.SourceCodeRow { targetSourceCodeVulnerabilitiesKeys := datastructures.MakeSet[string]() for _, row := range targetResults { - targetSourceCodeVulnerabilitiesKeys.Add(row.File + row.Snippet) + if row.Fingerprint != "" { + targetSourceCodeVulnerabilitiesKeys.Add(row.Fingerprint) + } else { + targetSourceCodeVulnerabilitiesKeys.Add(row.File + row.Snippet) + } } var addedSourceCodeVulnerabilities []formats.SourceCodeRow for _, row := range sourceResults { - if !targetSourceCodeVulnerabilitiesKeys.Exists(row.File + row.Snippet) { + if !targetSourceCodeVulnerabilitiesKeys.Exists(row.File+row.Snippet) && !targetSourceCodeVulnerabilitiesKeys.Exists(row.Fingerprint) { addedSourceCodeVulnerabilities = append(addedSourceCodeVulnerabilities, row) } }