-
Notifications
You must be signed in to change notification settings - Fork 44
Expand file tree
/
Copy pathflags.go
More file actions
373 lines (350 loc) · 24.5 KB
/
flags.go
File metadata and controls
373 lines (350 loc) · 24.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
package docs
import (
"fmt"
"strings"
"github.com/jfrog/jfrog-cli-core/v2/common/cliutils"
pluginsCommon "github.com/jfrog/jfrog-cli-core/v2/plugins/common"
"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
"github.com/jfrog/jfrog-cli-security/commands/git/contributors"
"github.com/jfrog/jfrog-cli-security/commands/xray/offlineupdate"
"github.com/jfrog/jfrog-cli-security/utils"
)
const (
// Security Commands Keys
XrCurl = "xr-curl"
OfflineUpdate = "offline-update"
XrScan = "xr-scan"
BuildScan = "build-scan"
DockerScan = "docker scan"
Audit = "audit"
CurationAudit = "curation-audit"
GitAudit = "git-audit"
GitCountContributors = "count-contributors"
Enrich = "sbom-enrich"
UploadCdx = "upload-cdx"
MaliciousScan = "malicious-scan"
SastServer = "sast-server"
// TODO: Deprecated commands (remove at next CLI major version)
AuditMvn = "audit-maven"
AuditGradle = "audit-gradle"
AuditNpm = "audit-npm"
AuditGo = "audit-go"
AuditPip = "audit-pip"
AuditPipenv = "audit-pipenv"
)
const (
Mvn = "mvn"
Gradle = "gradle"
Npm = "npm"
Pnpm = "pnpm"
Yarn = "yarn"
Nuget = "nuget"
Go = "go"
Pip = "pip"
Pipenv = "pipenv"
Poetry = "poetry"
Swift = "swift"
Cocoapods = "cocoapods"
)
const (
Sca = "sca"
Iac = "iac"
Sast = "sast"
Secrets = "secrets"
WithoutCA = "without-contextual-analysis"
auditSca = auditPrefix + Sca
auditIac = auditPrefix + Iac
auditSast = auditPrefix + Sast
auditSecrets = auditPrefix + Secrets
auditWithoutCA = auditPrefix + WithoutCA
binarySca = scanPrefix + Sca
binarySecrets = scanPrefix + Secrets
binaryWithoutCA = scanPrefix + WithoutCA
// Sast related flags
AddSastRules = "add-sast-rules"
Port = "port"
)
const (
// Base flags keys
ServerId = "server-id"
Url = "url"
XrayUrl = "xray-url"
user = "user"
password = "password"
accessToken = "access-token"
// Client certification flags
InsecureTls = "insecure-tls"
// Generic command flags
SpecFlag = "spec"
Threads = "threads"
Recursive = "recursive"
RegexpFlag = "regexp"
AntFlag = "ant"
Project = "project"
Exclusions = "exclusions"
IncludeDirs = "include-dirs"
UseWrapper = "use-wrapper"
UseIncludedBuilds = "use-included-builds"
)
const (
// Unique offline-update flags keys
LicenseId = "license-id"
From = "from"
To = "to"
Version = "version"
Target = "target"
Stream = "stream"
Periodic = "periodic"
// Unique scan and audit flags
scanPrefix = "scan-"
scanRecursive = scanPrefix + Recursive
scanRegexp = scanPrefix + RegexpFlag
scanAnt = scanPrefix + AntFlag
OutputFormat = "format"
BypassArchiveLimits = "bypass-archive-limits"
Watches = "watches"
RepoPath = "repo-path"
UploadRepoPath = "rt-" + RepoPath
UploadRtRepoPath = "upload-" + UploadRepoPath
Licenses = "licenses"
Sbom = "sbom"
Snippet = "snippet"
Fail = "fail"
ExtendedTable = "extended-table"
MinSeverity = "min-severity"
FixableOnly = "fixable-only"
Rescan = "rescan"
TriggerScanRetries = "trigger-scan-retries"
Vuln = "vuln"
buildPrefix = "build-"
BuildVuln = buildPrefix + Vuln
ScanVuln = scanPrefix + Vuln
SecretValidation = "validate-secrets"
StaticSca = "static-sca"
malProjectKey = Project
scanProjectKey = scanPrefix + Project
uploadProjectKey = UploadCdx + "-" + Project
// Unique audit flags
auditPrefix = "audit-"
ExclusionsAudit = auditPrefix + Exclusions
useWrapperAudit = auditPrefix + UseWrapper
ExcludeTestDeps = "exclude-test-deps"
DepType = "dep-type"
MaxTreeDepth = "max-tree-depth"
ThirdPartyContextualAnalysis = "third-party-contextual-analysis"
RequirementsFile = "requirements-file"
WorkingDirs = "working-dirs"
OutputDir = "output-dir"
SkipAutoInstall = "skip-auto-install"
AllowPartialResults = "allow-partial-results"
XrayLibPluginBinaryCustomPath = "xray-lib-plugin-path"
AnalyzerManagerCustomPath = "analyzer-manager-path"
// Unique curation flags
CurationOutput = "curation-format"
DockerImageName = "image"
SolutionPath = "solution-path"
IncludeCachedPackages = "include-cached-packages"
// Unique git flags
InputFile = "input-file"
ScmType = "scm-type"
ScmApiUrl = "scm-api-url"
Token = "token"
Owner = "owner"
RepoName = "repo-name"
Months = "months"
DetailedSummary = "detailed-summary"
)
// Mapping between security commands (key) and their flags (key).
var commandFlags = map[string][]string{
XrCurl: {ServerId},
OfflineUpdate: {LicenseId, From, To, Version, Target, Stream, Periodic},
XrScan: {
Url, XrayUrl, user, password, accessToken, ServerId, SpecFlag, Threads, scanRecursive, scanRegexp, scanAnt,
scanProjectKey, Watches, RepoPath, Licenses, Sbom, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, InsecureTls,
binarySca, binarySecrets, binaryWithoutCA, SecretValidation, OutputDir, AnalyzerManagerCustomPath,
},
Enrich: {
Url, XrayUrl, user, password, accessToken, ServerId, Threads, InsecureTls,
},
MaliciousScan: {
Url, XrayUrl, user, password, accessToken, ServerId, Threads, InsecureTls, OutputFormat, MinSeverity, AnalyzerManagerCustomPath, WorkingDirs, malProjectKey,
},
BuildScan: {
Url, XrayUrl, user, password, accessToken, ServerId, scanProjectKey, BuildVuln, OutputFormat, Fail, ExtendedTable, Rescan, InsecureTls, TriggerScanRetries,
},
DockerScan: {
Url, XrayUrl, user, password, accessToken, ServerId, scanProjectKey, Watches, RepoPath, Licenses, Sbom, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, InsecureTls,
binarySca, binarySecrets, binaryWithoutCA, SecretValidation, OutputDir, AnalyzerManagerCustomPath,
},
Audit: {
Url, XrayUrl, user, password, accessToken, ServerId, InsecureTls, scanProjectKey, Watches, RepoPath, Snippet, Sbom, Licenses, OutputFormat, ExcludeTestDeps,
useWrapperAudit, DepType, RequirementsFile, Fail, ExtendedTable, WorkingDirs, ExclusionsAudit, Mvn, Gradle, Npm,
Pnpm, Yarn, Go, Swift, Cocoapods, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, Threads,
auditSca, auditIac, auditSast, auditSecrets, auditWithoutCA, SecretValidation, ScanVuln, OutputDir, SkipAutoInstall, AllowPartialResults, MaxTreeDepth,
StaticSca, XrayLibPluginBinaryCustomPath, AnalyzerManagerCustomPath, UploadRtRepoPath, UseIncludedBuilds, AddSastRules,
},
UploadCdx: {
UploadRepoPath, uploadProjectKey,
},
GitAudit: {
// Connection params
Url, XrayUrl, user, password, accessToken, ServerId, InsecureTls,
// Violations params
scanProjectKey, Watches, Snippet, ScanVuln, Fail,
// Scan params
Threads, ExclusionsAudit,
auditSca, auditIac, auditSast, auditSecrets, auditWithoutCA, SecretValidation, Sbom,
// Output params
Licenses, OutputFormat, ExtendedTable, OutputDir, UploadRtRepoPath,
// Scan Logic params
StaticSca, XrayLibPluginBinaryCustomPath, AnalyzerManagerCustomPath, AddSastRules,
},
CurationAudit: {
CurationOutput, WorkingDirs, Threads, RequirementsFile, InsecureTls, useWrapperAudit, UseIncludedBuilds, SolutionPath, DockerImageName, IncludeCachedPackages,
},
GitCountContributors: {
InputFile, ScmType, ScmApiUrl, Token, Owner, RepoName, Months, DetailedSummary, InsecureTls,
},
SastServer: {
Port,
},
// TODO: Deprecated commands (remove at next CLI major version)
AuditMvn: {
Url, user, password, accessToken, ServerId, InsecureTls, scanProjectKey, ExclusionsAudit, Watches, RepoPath, Licenses, OutputFormat, Fail, ExtendedTable, useWrapperAudit,
},
AuditGradle: {
Url, user, password, accessToken, ServerId, ExcludeTestDeps, ExclusionsAudit, useWrapperAudit, scanProjectKey, Watches, RepoPath, Licenses, OutputFormat, Fail, ExtendedTable,
},
AuditNpm: {
Url, user, password, accessToken, ServerId, DepType, scanProjectKey, ExclusionsAudit, Watches, RepoPath, Licenses, OutputFormat, Fail, ExtendedTable,
},
AuditGo: {
Url, user, password, accessToken, ServerId, scanProjectKey, ExclusionsAudit, Watches, RepoPath, Licenses, OutputFormat, Fail, ExtendedTable,
},
AuditPip: {
Url, user, password, accessToken, ServerId, RequirementsFile, scanProjectKey, ExclusionsAudit, Watches, RepoPath, Licenses, OutputFormat, Fail, ExtendedTable,
},
AuditPipenv: {
Url, user, password, accessToken, ServerId, scanProjectKey, ExclusionsAudit, Watches, RepoPath, Licenses, OutputFormat, ExtendedTable,
},
}
// Security Flag keys mapped to their corresponding components.Flag definition.
var flagsMap = map[string]components.Flag{
// Common commands flags
ServerId: components.NewStringFlag(ServerId, "Server ID configured using the config command."),
Url: components.NewStringFlag(Url, "Specifies the URL of the JFrog platform."),
XrayUrl: components.NewStringFlag(XrayUrl, "Specifies the URL of your Xray server."),
user: components.NewStringFlag(user, "Specifies the user name of your JFrog platform."),
password: components.NewStringFlag(password, "Specifies the user password of your JFrog platform."),
accessToken: components.NewStringFlag(accessToken, "Specifies the access token of your JFrog platform."),
Threads: components.NewStringFlag(Threads, "The number of parallel threads used to scan the source code project.", components.WithIntDefaultValue(cliutils.Threads)),
// Xray flags
LicenseId: components.NewStringFlag(LicenseId, "Xray license ID.", components.SetMandatory(), components.WithHelpValue("Xray license ID")),
From: components.NewStringFlag(From, "From update date in YYYY-MM-DD format."),
To: components.NewStringFlag(To, "To update date in YYYY-MM-DD format."),
Version: components.NewStringFlag(Version, "Xray API version."),
Target: components.NewStringFlag(Target, "Target directory to download the updates to.", components.WithStrDefaultValue("./")),
Stream: components.NewStringFlag(Stream, fmt.Sprintf("Xray DBSync V3 stream, Possible values are: %s.", offlineupdate.NewValidStreams().GetValidStreamsString())),
Periodic: components.NewBoolFlag(Periodic, fmt.Sprintf("Set to true to get the Xray DBSync V3 Periodic Package (Use with %s flag).", Stream)),
// Scan flags
SpecFlag: components.NewStringFlag(SpecFlag, "Path to a File Spec."),
scanRecursive: components.NewBoolFlag(Recursive, "Set to false if you do not wish to collect artifacts in sub-folders to be scanned by Xray.", components.WithBoolDefaultValue(true)),
scanRegexp: components.NewBoolFlag(RegexpFlag, "Set to true to use a regular expression instead of wildcards expression to collect files to scan."),
scanAnt: components.NewBoolFlag(AntFlag, "Set to true to use an ant pattern instead of wildcards expression to collect files to scan."),
scanProjectKey: components.NewStringFlag(Project, "JFrog project key, to enable Xray to determine security violations accordingly. The command accepts this option only if the --repo-path and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities."),
malProjectKey: components.NewStringFlag(Project, "JFrog project key"),
uploadProjectKey: components.NewStringFlag(Project, "JFrog project key to upload the file to."),
Watches: components.NewStringFlag(Watches, "Comma-separated list of Xray watches to determine violations. Supported violations are CVEs, operational risk, and Licenses. Incompatible with --project and --repo-path."),
RepoPath: components.NewStringFlag(RepoPath, "Artifactory repository path, to enable Xray to determine violations accordingly. The command accepts this option only if the --project and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities."),
Snippet: components.NewBoolFlag(Snippet, "Set to true if you'd like to enables snippet-level detection to identify copied code from third-party components and surface related license violations.", components.SetHiddenBoolFlag()),
Licenses: components.NewBoolFlag(Licenses, "Set if you'd also like the list of licenses to be displayed."),
Sbom: components.NewBoolFlag(Sbom, "Set if you'd like all the SBOM (Software Bill of Materials) components to be displayed and not only the affected. Ignored if provided 'format' is not 'table' or 'cyclonedx'."),
OutputFormat: components.NewStringFlag(
OutputFormat,
"Defines the output format of the command. Acceptable values are: table, json, simple-json, sarif and cyclonedx. Note: the json format doesn't include information about scans that are included as part of the Advanced Security package. Note: cycloneDx format does support information about violations, only vulnerabilities are currently supported",
components.WithStrDefaultValue("table"),
),
Fail: components.NewBoolFlag(Fail, fmt.Sprintf("When using one of the flags --%s, --%s or --%s and a 'Fail build' rule is matched, the command will return exit code 3. Set to false if you'd like to see violations with exit code 0.", Watches, Project, RepoPath), components.WithBoolDefaultValue(true)),
ExtendedTable: components.NewBoolFlag(ExtendedTable, "Set to true if you'd like the table to include extended fields such as 'CVSS' & 'Xray Issue Id'. Ignored if provided 'format' is not 'table'."),
BypassArchiveLimits: components.NewBoolFlag(BypassArchiveLimits, "Set to true to bypass the indexer-app archive limits."),
MinSeverity: components.NewStringFlag(MinSeverity, "Set the minimum severity of issues to display. Acceptable values: Low, Medium, High, or Critical."),
FixableOnly: components.NewBoolFlag(FixableOnly, "Set to true if you wish to display issues that have a fix version only."),
Rescan: components.NewBoolFlag(Rescan, "Set to true when scanning an already successfully scanned build, for example after adding an ignore rule."),
TriggerScanRetries: components.NewStringFlag(TriggerScanRetries, "Defines how many times Xray retries triggering the build scan after a failure.", components.WithIntDefaultValue(12)), // 5 seconds * 12 = 1 minute
BuildVuln: components.NewBoolFlag(Vuln, "Set to true if you'd like to receive all vulnerabilities, regardless of the policy configured in Xray. Ignored if provided 'format' is 'sarif'."),
ScanVuln: components.NewBoolFlag(Vuln, "Set to true if you'd like to receive all vulnerabilities, regardless of the policy configured in Xray."),
InsecureTls: components.NewBoolFlag(InsecureTls, "Set to true to skip TLS certificates verification."),
ExcludeTestDeps: components.NewBoolFlag(ExcludeTestDeps, "[Gradle] Set to true if you'd like to exclude Gradle test dependencies from Xray scanning."),
useWrapperAudit: components.NewBoolFlag(
UseWrapper,
"[Gradle, Maven] Set to true if you'd like to use the Gradle or Maven wrapper.",
components.WithBoolDefaultValue(true),
),
UseIncludedBuilds: components.NewBoolFlag(
UseIncludedBuilds,
"[Gradle] Set to true if you'd like to take into account included builds (composite builds) of gradle projects, in addition to including subprojects",
),
WorkingDirs: components.NewStringFlag(WorkingDirs, "A comma-separated(,) list of relative working directories, to determine the audit targets locations. If flag isn't provided, a recursive scan is triggered from the root directory of the project."),
OutputDir: components.NewStringFlag(OutputDir, "Target directory to save partial results to.", components.SetHiddenStrFlag()),
UploadRepoPath: components.NewStringFlag(UploadRepoPath, "Artifactory repository name or path to upload the cyclonedx file to. If no name or path are provided, a local generic repository will be created which will automatically be indexed by Xray.", components.WithStrDefaultValue("import-cdx-scan-results")),
SkipAutoInstall: components.NewBoolFlag(SkipAutoInstall, "Set to true to skip auto-install of dependencies in un-built modules. Currently supported only for some package managers.", components.SetHiddenBoolFlag()),
AllowPartialResults: components.NewBoolFlag(AllowPartialResults, "Set to true to allow partial results and continuance of the scan in case of certain errors.", components.SetHiddenBoolFlag()),
ExclusionsAudit: components.NewStringFlag(
Exclusions,
"List of semicolon-separated(;) exclusions, utilized to skip sub-projects from undergoing an audit. These exclusions may incorporate the * and ? wildcards.",
components.WithStrDefaultValue(strings.Join(utils.DefaultScaExcludePatterns, ";")),
),
Mvn: components.NewBoolFlag(Mvn, "Set to true to request audit for a Maven project."),
Gradle: components.NewBoolFlag(Gradle, "Set to true to request audit for a Gradle project."),
Npm: components.NewBoolFlag(Npm, "Set to true to request audit for a npm project."),
Pnpm: components.NewBoolFlag(Pnpm, "Set to true to request audit for a Pnpm project."),
Yarn: components.NewBoolFlag(Yarn, "Set to true to request audit for a Yarn project."),
Nuget: components.NewBoolFlag(Nuget, "Set to true to request audit for a .NET project."),
Pip: components.NewBoolFlag(Pip, "Set to true to request audit for a Pip project."),
Pipenv: components.NewBoolFlag(Pipenv, "Set to true to request audit for a Pipenv project."),
Poetry: components.NewBoolFlag(Poetry, "Set to true to request audit for a Poetry project."),
Go: components.NewBoolFlag(Go, "Set to true to request audit for a Go project."),
Swift: components.NewBoolFlag(Swift, "Set to true to request audit for a Swift project."),
Cocoapods: components.NewBoolFlag(Cocoapods, "Set to true to request audit for a Cocoapods project."),
DepType: components.NewStringFlag(DepType, "[npm] Defines npm dependencies type. Possible values are: all, devOnly and prodOnly."),
MaxTreeDepth: components.NewStringFlag(MaxTreeDepth, "[pnpm] Max depth of the generated dependencies tree for SCA scan.", components.WithStrDefaultValue("Infinity")),
ThirdPartyContextualAnalysis: components.NewBoolFlag(
ThirdPartyContextualAnalysis,
"[npm] when set, the Contextual Analysis scan also uses the code of the project dependencies to determine the applicability of the vulnerability.",
components.SetHiddenBoolFlag(),
),
RequirementsFile: components.NewStringFlag(RequirementsFile, "[Pip] Defines pip requirements file name. For example: 'requirements.txt'."),
AnalyzerManagerCustomPath: components.NewStringFlag(AnalyzerManagerCustomPath, "Defines the custom path to the analyzer-manager binary.", components.SetHiddenStrFlag()),
XrayLibPluginBinaryCustomPath: components.NewStringFlag(XrayLibPluginBinaryCustomPath, "Defines the custom path to the xray-lib-plugin binary.", components.SetHiddenStrFlag()),
StaticSca: components.NewBoolFlag(StaticSca, "Set to true to use the new SCA engine which is based on lock files.", components.SetHiddenBoolFlag()),
UploadRtRepoPath: components.NewStringFlag(UploadRtRepoPath, fmt.Sprintf("Artifactory repository name or path to upload the scan results to. If no name or path are provided, a local generic repository will be created which will automatically be indexed by Xray. only relevant when using --%s", StaticSca), components.WithStrDefaultValue("cli-scan-results"), components.SetHiddenStrFlag()),
CurationOutput: components.NewStringFlag(OutputFormat, "Defines the output format of the command. Acceptable values are: table, json.", components.WithStrDefaultValue("table")),
SolutionPath: components.NewStringFlag(SolutionPath, "Path to the .NET solution file (.sln) to use when multiple solution files are present in the directory."),
IncludeCachedPackages: components.NewBoolFlag(IncludeCachedPackages, "When set to true, the system will audit cached packages. This configuration is mandatory for Curation on-demand workflows, which rely on package caching."),
binarySca: components.NewBoolFlag(Sca, fmt.Sprintf("Selective scanners mode: Execute SCA (Software Composition Analysis) sub-scan. Use --%s to run both SCA and Contextual Analysis. Use --%s --%s to to run SCA. Can be combined with --%s.", Sca, Sca, WithoutCA, Secrets)),
binarySecrets: components.NewBoolFlag(Secrets, fmt.Sprintf("Selective scanners mode: Execute Secrets sub-scan. Can be combined with --%s.", Sca)),
binaryWithoutCA: components.NewBoolFlag(WithoutCA, fmt.Sprintf("Selective scanners mode: Disable Contextual Analysis scanner after SCA. Relevant only with --%s flag.", Sca)),
auditSca: components.NewBoolFlag(Sca, fmt.Sprintf("Selective scanners mode: Execute SCA (Software Composition Analysis) sub-scan. Use --%s to run both SCA and Contextual Analysis. Use --%s --%s to to run SCA. Can be combined with --%s, --%s, --%s.", Sca, Sca, WithoutCA, Secrets, Sast, Iac)),
auditIac: components.NewBoolFlag(Iac, fmt.Sprintf("Selective scanners mode: Execute IaC sub-scan. Can be combined with --%s, --%s and --%s.", Sca, Secrets, Sast)),
auditSast: components.NewBoolFlag(Sast, fmt.Sprintf("Selective scanners mode: Execute SAST sub-scan. Can be combined with --%s, --%s and --%s.", Sca, Secrets, Iac)),
auditSecrets: components.NewBoolFlag(Secrets, fmt.Sprintf("Selective scanners mode: Execute Secrets sub-scan. Can be combined with --%s, --%s and --%s.", Sca, Sast, Iac)),
auditWithoutCA: components.NewBoolFlag(WithoutCA, fmt.Sprintf("Selective scanners mode: Disable Contextual Analysis scanner after SCA. Relevant only with --%s flag.", Sca)),
SecretValidation: components.NewBoolFlag(SecretValidation, fmt.Sprintf("Selective scanners mode: Triggers token validation on found secrets. Relevant only with --%s flag.", Secrets)),
AddSastRules: components.NewStringFlag(AddSastRules, "Incorporate any additional SAST rules (in JSON format, with absolute path) into this local scan."),
Port: components.NewStringFlag(Port, "Specifies the port to run the SAST server on.", components.SetMandatory()),
// Docker flags
DockerImageName: components.NewStringFlag(DockerImageName, "Specifies the Docker image name to audit. Uses the same format as the Docker CLI, including Artifactory-hosted images."),
// Git flags
InputFile: components.NewStringFlag(InputFile, "Path to an input file in YAML format contains multiple git providers. With this option, all other scm flags will be ignored and only git servers mentioned in the file will be examined.."),
ScmType: components.NewStringFlag(ScmType, fmt.Sprintf("SCM type. Possible values are: %s.", contributors.NewScmType().GetValidScmTypeString())),
ScmApiUrl: components.NewStringFlag(ScmApiUrl, "SCM API URL. For example: 'https://api.github.com'."),
// jfrog-ignore: false positive, not hardcoded credentials
Token: components.NewStringFlag(Token, fmt.Sprintf("SCM API token. In the absence of a flag, tokens should be passed in the %s environment variable, or in the corresponding environment variables '%s'.", contributors.GenericGitTokenEnvVar, contributors.NewScmType().GetOptionalScmTypeTokenEnvVars())),
Owner: components.NewStringFlag(Owner, "The format of the owner key depends on the Git provider: On GitHub and GitLab, the owner is typically an individual or an organization, On Bitbucket, the owner can also be a project. In the case of a private instance on Bitbucket, the individual or organization name should be prefixed with '~'."),
RepoName: components.NewStringFlag(RepoName, "List of semicolon-separated(;) repositories names to analyze, If not provided all repositories related to the provided owner will be analyzed."),
Months: components.NewStringFlag(Months, "Number of months to analyze.", components.WithIntDefaultValue(contributors.DefaultContContributorsMonths)),
DetailedSummary: components.NewBoolFlag(DetailedSummary, "Set to true to get a contributors detailed summary."),
}
func GetCommandFlags(cmdKey string) []components.Flag {
return pluginsCommon.GetCommandFlags(cmdKey, commandFlags, flagsMap)
}