jfrog · attiasas · Jan 29, 2025 · Dec 25, 2024 · Jan 5, 2025 · Jan 5, 2025
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -234,8 +234,31 @@ jobs:
 
       # Test
       - name: Run tests
-        run:  go test ${{ env.GO_COMMON_TEST_ARGS }} --test.curation --test.enrich --test.git
+        run:  go test ${{ env.GO_COMMON_TEST_ARGS }} --test.curation --test.enrich
 
+
+  Git_Commands_Integration_Tests:
+    name: "[${{ matrix.os }}] Git Commands Integration Tests"
+    needs: Pretest
+    runs-on: ${{ matrix.os }}-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu, windows, macos ]
+    steps:
+      # Prepare the environment
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Install and Setup Dependencies
+        uses: ./.github/actions/install-and-setup
+
+      # Test
+      - name: Run tests
+        run: go test ${{ env.GO_COMMON_TEST_ARGS }} --test.git
+
   Code_Coverage:
     name: Generate Code Coverage Report
     if: github.event_name == 'pull_request_target'

diff --git a/audit_test.go b/audit_test.go
@@ -786,9 +786,7 @@ type auditCommandTestParams struct {
 	WithLicense bool
 }
 
-// run audit command with different flags and params for integration tests
-func testAuditCommand(t *testing.T, testCli *coreTests.JfrogCli, params auditCommandTestParams) (string, error) {
-	args := []string{"audit"}
+func getAuditCmdArgs(params auditCommandTestParams) (args []string) {
 	if len(params.WorkingDirsToScan) > 0 {
 		args = append(args, "--working-dirs="+strings.Join(params.WorkingDirsToScan, ","))
 	}
@@ -814,5 +812,5 @@ func testAuditCommand(t *testing.T, testCli *coreTests.JfrogCli, params auditCom
 	if params.WithVuln {
 		args = append(args, "--vuln")
 	}
-	return testCli.RunCliCmdWithOutputs(t, args...)
+	return args
 }
diff --git a/cli/docs/flags.go b/cli/docs/flags.go
@@ -4,11 +4,10 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/jfrog/jfrog-cli-security/commands/git"
-
 	"github.com/jfrog/jfrog-cli-core/v2/common/cliutils"
 	pluginsCommon "github.com/jfrog/jfrog-cli-core/v2/plugins/common"
 	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
+	"github.com/jfrog/jfrog-cli-security/commands/git/contributors"
 	"github.com/jfrog/jfrog-cli-security/commands/xray/offlineupdate"
 	"github.com/jfrog/jfrog-cli-security/utils"
 )
@@ -22,6 +21,7 @@ const (
 	DockerScan           = "docker scan"
 	Audit                = "audit"
 	CurationAudit        = "curation-audit"
+	GitAudit             = "git-audit"
 	GitCountContributors = "count-contributors"
 	Enrich               = "sbom-enrich"
 
@@ -59,6 +59,7 @@ const (
 	// Base flags keys
 	ServerId    = "server-id"
 	url         = "url"
+	xrayUrl     = "xray-url"
 	user        = "user"
 	password    = "password"
 	accessToken = "access-token"
@@ -155,11 +156,22 @@ var commandFlags = map[string][]string{
 		ServerId, Project, Watches, RepoPath, Licenses, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, SecretValidation,
 	},
 	Audit: {
-		url, user, password, accessToken, ServerId, InsecureTls, Project, Watches, RepoPath, Licenses, OutputFormat, ExcludeTestDeps,
+		url, xrayUrl, user, password, accessToken, ServerId, InsecureTls, Project, Watches, RepoPath, Licenses, OutputFormat, ExcludeTestDeps,
 		useWrapperAudit, DepType, RequirementsFile, Fail, ExtendedTable, WorkingDirs, ExclusionsAudit, Mvn, Gradle, Npm,
 		Pnpm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, Threads,
 		Sca, Iac, Sast, Secrets, WithoutCA, ScanVuln, SecretValidation, OutputDir, SkipAutoInstall, AllowPartialResults, MaxTreeDepth,
 	},
+	GitAudit: {
+		// Connection params
+		url, xrayUrl, user, password, accessToken, ServerId, InsecureTls,
+		// Violations params
+		Project, Watches, ScanVuln, Fail,
+		// Scan params
+		Threads, ExclusionsAudit,
+		Sca, Iac, Sast, Secrets, WithoutCA, SecretValidation,
+		// Output params
+		Licenses, OutputFormat, ExtendedTable,
+	},
 	CurationAudit: {
 		CurationOutput, WorkingDirs, Threads, RequirementsFile,
 	},
@@ -191,7 +203,8 @@ var commandFlags = map[string][]string{
 var flagsMap = map[string]components.Flag{
 	// Common commands flags
 	ServerId:    components.NewStringFlag(ServerId, "Server ID configured using the config command."),
-	url:         components.NewStringFlag(url, "JFrog Xray URL."),
+	url:         components.NewStringFlag(url, "JFrog URL."),
+	xrayUrl:     components.NewStringFlag(xrayUrl, "JFrog Xray URL."),
 	user:        components.NewStringFlag(user, "JFrog username."),
 	password:    components.NewStringFlag(password, "JFrog password."),
 	accessToken: components.NewStringFlag(accessToken, "JFrog access token."),
@@ -270,12 +283,12 @@ var flagsMap = map[string]components.Flag{
 
 	// Git flags
 	InputFile:       components.NewStringFlag(InputFile, "Path to an input file in YAML format contains multiple git providers. With this option, all other scm flags will be ignored and only git servers mentioned in the file will be examined.."),
-	ScmType:         components.NewStringFlag(ScmType, fmt.Sprintf("SCM type. Possible values are: %s.", git.NewScmType().GetValidScmTypeString()), components.SetMandatory()),
+	ScmType:         components.NewStringFlag(ScmType, fmt.Sprintf("SCM type. Possible values are: %s.", contributors.NewScmType().GetValidScmTypeString()), components.SetMandatory()),
 	ScmApiUrl:       components.NewStringFlag(ScmApiUrl, "SCM API URL. For example: 'https://api.github.com'.", components.SetMandatory()),
-	Token:           components.NewStringFlag(Token, fmt.Sprintf("SCM API token. In the absence of a flag, tokens should be passed in the %s environment variable, or in the corresponding environment variables '%s'.", git.GenericGitTokenEnvVar, git.NewScmType().GetOptionalScmTypeTokenEnvVars()), components.SetMandatory()),
+	Token:           components.NewStringFlag(Token, fmt.Sprintf("SCM API token. In the absence of a flag, tokens should be passed in the %s environment variable, or in the corresponding environment variables '%s'.", contributors.GenericGitTokenEnvVar, contributors.NewScmType().GetOptionalScmTypeTokenEnvVars()), components.SetMandatory()),
 	Owner:           components.NewStringFlag(Owner, "The format of the owner key depends on the Git provider: On GitHub and GitLab, the owner is typically an individual or an organization, On Bitbucket, the owner can also be a project. In the case of a private instance on Bitbucket, the individual or organization name should be prefixed with '~'.", components.SetMandatory()),
 	RepoName:        components.NewStringFlag(RepoName, "List of semicolon-separated(;) repositories names to analyze, If not provided all repositories related to the provided owner will be analyzed."),
-	Months:          components.NewStringFlag(Months, "Number of months to analyze.", components.WithIntDefaultValue(git.DefaultContContributorsMonths)),
+	Months:          components.NewStringFlag(Months, "Number of months to analyze.", components.WithIntDefaultValue(contributors.DefaultContContributorsMonths)),
 	DetailedSummary: components.NewBoolFlag(DetailedSummary, "Set to true to get a contributors detailed summary."),
 }
 

diff --git a/cli/docs/git/audit/help.go b/cli/docs/git/audit/help.go
@@ -0,0 +1,5 @@
+package audit
+
+func GetDescription() string {
+	return "Audit your local git repository project for security issues."
+}
diff --git a/cli/docs/git/help.go → cli/docs/git/contributors/help.go b/cli/docs/git/help.go → cli/docs/git/contributors/help.go
@@ -1,4 +1,4 @@
-package git
+package contributors
 
 func GetContContributorsDescription() string {
 	return "List all GIT providers' contributing developers."

diff --git a/cli/gitcommands.go b/cli/gitcommands.go
@@ -1,36 +1,93 @@
 package cli
 
 import (
+	"os"
+	"strings"
+
 	"github.com/jfrog/froggit-go/vcsutils"
+	outputFormat "github.com/jfrog/jfrog-cli-core/v2/common/format"
 	"github.com/jfrog/jfrog-cli-core/v2/common/progressbar"
+	pluginsCommon "github.com/jfrog/jfrog-cli-core/v2/plugins/common"
 	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
 	flags "github.com/jfrog/jfrog-cli-security/cli/docs"
-	gitDocs "github.com/jfrog/jfrog-cli-security/cli/docs/git"
-	"github.com/jfrog/jfrog-cli-security/commands/git"
+	gitAuditDocs "github.com/jfrog/jfrog-cli-security/cli/docs/git/audit"
+	gitContributorsDocs "github.com/jfrog/jfrog-cli-security/cli/docs/git/contributors"
+	"github.com/jfrog/jfrog-cli-security/commands/git/audit"
+	"github.com/jfrog/jfrog-cli-security/commands/git/contributors"
+	"github.com/jfrog/jfrog-cli-security/utils/xsc"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
-	"os"
-	"strings"
 )
 
 func getGitNameSpaceCommands() []components.Command {
 	return []components.Command{
+		{
+			Name:        "audit",
+			Aliases:     []string{"a"},
+			Description: gitAuditDocs.GetDescription(),
+			Flags:       flags.GetCommandFlags(flags.GitAudit),
+			Hidden:      true,
+			Action:      GitAuditCmd,
+		},
+		// TODO: Move cc cmd to Frogbot/Script
 		{
 			Name:        "count-contributors",
 			Aliases:     []string{"cc"},
 			Flags:       flags.GetCommandFlags(flags.GitCountContributors),
-			Description: gitDocs.GetContContributorsDescription(),
+			Description: gitContributorsDocs.GetContContributorsDescription(),
 			Hidden:      true,
 			Action:      GitCountContributorsCmd,
 		},
 	}
 }
 
-func GetCountContributorsParams(c *components.Context) (*git.CountContributorsParams, error) {
-	params := git.CountContributorsParams{}
+func GitAuditCmd(c *components.Context) error {
+	gitAuditCmd := audit.NewGitAuditCommand()
+	// Set connection params
+	serverDetails, err := createServerDetailsWithConfigOffer(c)
+	if err != nil {
+		return err
+	}
+	xrayVersion, xscVersion, err := xsc.GetJfrogServicesVersion(serverDetails)
+	if err != nil {
+		return err
+	}
+	gitAuditCmd.SetServerDetails(serverDetails).SetXrayVersion(xrayVersion).SetXscVersion(xscVersion)
+	// Set violations params
+	if err = validateConnectionAndViolationContextInputs(c, serverDetails); err != nil {
+		return err
+	}
+	if c.IsFlagSet(flags.Watches) {
+		gitAuditCmd.SetWatches(splitByCommaAndTrim(c.GetStringFlagValue(flags.Watches)))
+	}
+	gitAuditCmd.SetProjectKey(getProject(c)).SetIncludeVulnerabilities(c.GetBoolFlagValue(flags.Vuln))
+	// Set Scan params
+	if subScans, err := getSubScansToPreform(c); err != nil {
+		return err
+	} else if len(subScans) > 0 {
+		gitAuditCmd.SetScansToPerform(subScans)
+	}
+	if threads, err := pluginsCommon.GetThreadsCount(c); err != nil {
+		return err
+	} else {
+		gitAuditCmd.SetThreads(threads)
+	}
+	gitAuditCmd.SetExclusions(pluginsCommon.GetStringsArrFlagValue(c, flags.Exclusions))
+	// Set output params
+	format, err := outputFormat.GetOutputFormat(c.GetStringFlagValue(flags.OutputFormat))
+	if err != nil {
+		return err
+	}
+	gitAuditCmd.SetOutputFormat(format).SetIncludeLicenses(c.GetBoolFlagValue(flags.Licenses)).SetFailBuild(c.GetBoolFlagValue(flags.Fail))
+	// Run the command with progress bar if needed, Reporting error if Xsc service is enabled
+	return reportErrorIfExists(xrayVersion, xscVersion, serverDetails, progressbar.ExecWithProgress(gitAuditCmd))
+}
+
+func GetCountContributorsParams(c *components.Context) (*contributors.CountContributorsParams, error) {
+	params := contributors.CountContributorsParams{}
 	params.InputFile = c.GetStringFlagValue(flags.InputFile)
 	if params.InputFile == "" {
 		// Mandatory flags in case no input file was provided.
-		scmTypes := git.NewScmType()
+		scmTypes := contributors.NewScmType()
 		// ScmType
 		scmType := c.GetStringFlagValue(flags.ScmType)
 		if scmType == "" {
@@ -48,22 +105,22 @@ func GetCountContributorsParams(c *components.Context) (*git.CountContributorsPa
 			var envVarToken string
 			switch params.ScmType {
 			case vcsutils.BitbucketServer:
-				envVarToken = os.Getenv(git.BitbucketTokenEnvVar)
+				envVarToken = os.Getenv(contributors.BitbucketTokenEnvVar)
 			case vcsutils.GitLab:
-				envVarToken = os.Getenv(git.GitlabTokenEnvVar)
+				envVarToken = os.Getenv(contributors.GitlabTokenEnvVar)
 			case vcsutils.GitHub:
-				envVarToken = os.Getenv(git.GithubTokenEnvVar)
+				envVarToken = os.Getenv(contributors.GithubTokenEnvVar)
 			default:
 				return nil, errorutils.CheckErrorf("Unsupported SCM type: %s, Possible values are: %v", scmType, scmTypes.GetValidScmTypeString())
 			}
 			if envVarToken != "" {
 				params.Token = envVarToken
 			} else {
-				envVarToken = os.Getenv(git.GenericGitTokenEnvVar)
+				envVarToken = os.Getenv(contributors.GenericGitTokenEnvVar)
 				if envVarToken != "" {
 					params.Token = envVarToken
 				} else {
-					return nil, errorutils.CheckErrorf("Providing a token is mandatory. should use --%s flag, the token environment variable %s, or corresponding provider environment variable %s.", flags.Token, git.GenericGitTokenEnvVar, scmTypes.GetOptionalScmTypeTokenEnvVars())
+					return nil, errorutils.CheckErrorf("Providing a token is mandatory. should use --%s flag, the token environment variable %s, or corresponding provider environment variable %s.", flags.Token, contributors.GenericGitTokenEnvVar, scmTypes.GetOptionalScmTypeTokenEnvVars())
 				}
 			}
 		}
@@ -84,7 +141,7 @@ func GetCountContributorsParams(c *components.Context) (*git.CountContributorsPa
 	// Optional flags
 	// Months
 	if !c.IsFlagSet(flags.Months) {
-		params.MonthsNum = git.DefaultContContributorsMonths
+		params.MonthsNum = contributors.DefaultContContributorsMonths
 	} else {
 		months, err := c.GetIntFlagValue(flags.Months)
 		if err != nil {
@@ -118,7 +175,7 @@ func GitCountContributorsCmd(c *components.Context) error {
 	if err != nil {
 		return err
 	}
-	gitContributionCommand, err := git.NewCountContributorsCommand(gitContrParams)
+	gitContributionCommand, err := contributors.NewCountContributorsCommand(gitContrParams)
 	if err != nil {
 		return err
 	}