From 02c0644b8df6757a7664472655c3e9ca197d7165 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 10:06:20 +0300 Subject: [PATCH 1/6] Update AnalyzerManager default version to 1.34.1 --- jas/analyzermanager.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index 7e92083a4..6a09d3bab 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -25,7 +25,7 @@ import ( const ( ApplicabilityFeatureId = "contextual_analysis" AnalyzerManagerZipName = "analyzerManager.zip" - defaultAnalyzerManagerVersion = "1.33.0" + defaultAnalyzerManagerVersion = "1.34.1" analyzerManagerDownloadPath = "xsc-gen-exe-analyzer-manager-local/v1" analyzerManagerDirName = "analyzerManager" analyzerManagerExecutableName = "analyzerManager" From 7c8fbe0865a7002852e3d3da9b763aee2d613bae Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 10:37:48 +0300 Subject: [PATCH 2/6] fix tests after update --- audit_test.go | 12 ++++++------ git_test.go | 8 ++++---- sca/bom/buildinfo/technologies/pnpm/pnpm_test.go | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/audit_test.go b/audit_test.go index 6c196e8d3..5e4e71f82 100644 --- a/audit_test.go +++ b/audit_test.go @@ -1166,11 +1166,11 @@ func TestAuditNewScaCycloneDxPipenv(t *testing.T) { assert.NoError(t, err) validations.VerifyCycloneDxResults(t, output, validations.ValidationParams{ ExactResultsMatch: true, - Total: &validations.TotalCount{Vulnerabilities: 10, BomComponents: 4 /* components */ + 1 /* root */, Licenses: 1}, + Total: &validations.TotalCount{Vulnerabilities: 11, BomComponents: 4 /* components */ + 1 /* root */, Licenses: 1}, SbomComponents: &validations.SbomCount{Root: 1, Direct: 4}, Vulnerabilities: &validations.VulnerabilityCount{ - ValidateScan: &validations.ScanCount{Sca: 10}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 4, NotApplicable: 6}, + ValidateScan: &validations.ScanCount{Sca: 11}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 5, NotApplicable: 6}, }, }) } @@ -1184,11 +1184,11 @@ func TestAuditNewScaCycloneDxUV(t *testing.T) { assert.NoError(t, err) validations.VerifyCycloneDxResults(t, output, validations.ValidationParams{ ExactResultsMatch: true, - Total: &validations.TotalCount{Vulnerabilities: 18, BomComponents: 1 /* root */ + 8 /* direct */ + 1 /* file (secret)*/, Licenses: 5}, + Total: &validations.TotalCount{Vulnerabilities: 19, BomComponents: 1 /* root */ + 8 /* direct */ + 1 /* file (secret)*/, Licenses: 5}, SbomComponents: &validations.SbomCount{Root: 1, Direct: 8}, Vulnerabilities: &validations.VulnerabilityCount{ - ValidateScan: &validations.ScanCount{Sca: 16, Sast: 1, Secrets: 1}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 7, NotApplicable: 9}, + ValidateScan: &validations.ScanCount{Sca: 17, Sast: 1, Secrets: 1}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 8, NotApplicable: 9}, }, }) } diff --git a/git_test.go b/git_test.go index 51a76da00..7407136f5 100644 --- a/git_test.go +++ b/git_test.go @@ -271,8 +271,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 12, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 10, NotCovered: 2, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 19, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 10, NotCovered: 9, Inactive: 2}, }, ExactResultsMatch: true, }, @@ -299,8 +299,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 2, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 2, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 10, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 10, Inactive: 2}, }, ExactResultsMatch: true, }, diff --git a/sca/bom/buildinfo/technologies/pnpm/pnpm_test.go b/sca/bom/buildinfo/technologies/pnpm/pnpm_test.go index 96d5adbd4..eaf3d8c3c 100644 --- a/sca/bom/buildinfo/technologies/pnpm/pnpm_test.go +++ b/sca/bom/buildinfo/technologies/pnpm/pnpm_test.go @@ -43,7 +43,7 @@ func TestBuildDependencyTreeLimitedDepth(t *testing.T) { name: "With transitive dependencies", treeDepth: "1", expectedUniqueDeps: []string{ - "npm://axios:1.16.0", + "npm://axios:1.16.1", "npm://balaganjs:1.0.0", "npm://yargs:13.3.0", "npm://zen-website:1.0.0", @@ -53,7 +53,7 @@ func TestBuildDependencyTreeLimitedDepth(t *testing.T) { Nodes: []*xrayUtils.GraphNode{ { Id: "npm://balaganjs:1.0.0", - Nodes: []*xrayUtils.GraphNode{{Id: "npm://axios:1.16.0"}, {Id: "npm://yargs:13.3.0"}}, + Nodes: []*xrayUtils.GraphNode{{Id: "npm://axios:1.16.1"}, {Id: "npm://yargs:13.3.0"}}, }, }, }, From 57d3198ead8eef77e21f1f1114d3319c71e3134c Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 10:45:23 +0300 Subject: [PATCH 3/6] add jfrog ignore --- sca/bom/buildinfo/technologies/java/deptreemanager.go | 1 + 1 file changed, 1 insertion(+) diff --git a/sca/bom/buildinfo/technologies/java/deptreemanager.go b/sca/bom/buildinfo/technologies/java/deptreemanager.go index 5b11857cb..52fd914e6 100644 --- a/sca/bom/buildinfo/technologies/java/deptreemanager.go +++ b/sca/bom/buildinfo/technologies/java/deptreemanager.go @@ -106,6 +106,7 @@ func parseDepTreeFiles(jsonFilePaths string) ([]*moduleDepTree, error) { } func parseDepTreeFile(path string) (results *moduleDepTree, err error) { + // jfrog-ignore: The file is a JSON file that contains the dependency tree of a module in a Gradle/Maven project. depTreeJson, err := os.ReadFile(strings.TrimSpace(path)) if errorutils.CheckError(err) != nil { return From 7f7d3dc585b973b7bf7ab726678dffe155c83e91 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 11:05:47 +0300 Subject: [PATCH 4/6] try to fix skip not applicable test --- git_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/git_test.go b/git_test.go index 7407136f5..f7cd67ca3 100644 --- a/git_test.go +++ b/git_test.go @@ -271,8 +271,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 19, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 10, NotCovered: 9, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 20, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotApplicable: 10, NotCovered: 10, Inactive: 2}, }, ExactResultsMatch: true, }, @@ -299,8 +299,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 10, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 10, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 8, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 8, Inactive: 2}, }, ExactResultsMatch: true, }, From c47d8e2fba2b5ad787de2f0c9cbd493ae016f74b Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 11:07:37 +0300 Subject: [PATCH 5/6] update dummy repo name to isolate --- git_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_test.go b/git_test.go index f7cd67ca3..7ef9b781a 100644 --- a/git_test.go +++ b/git_test.go @@ -67,7 +67,7 @@ func testGitAuditCommand(t *testing.T, params auditCommandTestParams) (string, e } func getDummyGitRepoUrl() string { - return fmt.Sprintf("https://github.com/jfrog/dummy-repo-url%s.git", securityTests.GetUniqueSuffix()) + return fmt.Sprintf("https://test.git.provider.com/jfrog/dummy-repo-url%s.git", securityTests.GetUniqueSuffix()) } func createTestProjectRunGitAuditAndValidate(t *testing.T, projectPath string, gitAuditParams gitAuditCommandTestParams, xrayVersion, xscVersion, expectError string, validationParams validations.ValidationParams) { From d33e029766668fcf65c964f247ed7961bbac214b Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 14 May 2026 17:16:32 +0300 Subject: [PATCH 6/6] fix tests --- git_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/git_test.go b/git_test.go index 7ef9b781a..03646c6fc 100644 --- a/git_test.go +++ b/git_test.go @@ -299,8 +299,8 @@ func TestGitAuditJasSkipNotApplicableCvesViolations(t *testing.T) { xrayVersion, xscVersion, "", validations.ValidationParams{ Violations: &validations.ViolationCount{ - ValidateScan: &validations.ScanCount{Sca: 8, Sast: 2, Secrets: 2}, - ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 8, Inactive: 2}, + ValidateScan: &validations.ScanCount{Sca: 10, Sast: 2, Secrets: 2}, + ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{NotCovered: 10, Inactive: 2}, }, ExactResultsMatch: true, },