From cc8b9f3d19624bdb4bcd412b8265e1a2d7cc16d7 Mon Sep 17 00:00:00 2001
From: Assaf Attias <49212512+attiasas@users.noreply.github.com>
Date: Sun, 25 Feb 2024 16:14:39 +0200
Subject: [PATCH] Use exclude pattern when building dotnet dependency tree
 (#24)

---
 cli/docs/flags.go                      |  4 +-
 cli/scancommands.go                    |  6 +--
 commands/audit/audit.go                |  5 +--
 commands/audit/auditparams.go          | 16 --------
 commands/audit/sca/common.go           | 12 ++++++
 commands/audit/sca/common_test.go      | 48 +++++++++++++++++++++-
 commands/audit/sca/nuget/nuget.go      | 21 ++++++----
 commands/audit/sca/nuget/nuget_test.go |  4 +-
 commands/audit/scarunner.go            | 13 +-----
 commands/audit/scarunner_test.go       | 57 +++-----------------------
 go.mod                                 |  6 ++-
 go.sum                                 | 12 +++---
 utils/auditbasicparams.go              | 25 +++++++++++
 13 files changed, 121 insertions(+), 108 deletions(-)

diff --git a/cli/docs/flags.go b/cli/docs/flags.go
index 8f47c0a4..8c285c48 100644
--- a/cli/docs/flags.go
+++ b/cli/docs/flags.go
@@ -7,7 +7,7 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/common/cliutils"
 	pluginsCommon "github.com/jfrog/jfrog-cli-core/v2/plugins/common"
 	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
-	"github.com/jfrog/jfrog-cli-security/commands/audit"
+	"github.com/jfrog/jfrog-cli-security/commands/audit/sca"
 	"github.com/jfrog/jfrog-cli-security/commands/curation"
 	"github.com/jfrog/jfrog-cli-security/commands/xray/offlineupdate"
 )
@@ -200,7 +200,7 @@ var flagsMap = map[string]components.Flag{
 	ExclusionsAudit: components.NewStringFlag(
 		Exclusions,
 		"List of exclusions separated by semicolons, utilized to skip sub-projects from undergoing an audit. These exclusions may incorporate the * and ? wildcards.",
-		components.WithStrDefaultValue(strings.Join(audit.DefaultExcludePatterns, ";")),
+		components.WithStrDefaultValue(strings.Join(sca.DefaultExcludePatterns, ";")),
 	),
 	Mvn:     components.NewBoolFlag(Mvn, "Set to true to request audit for a Maven project."),
 	Gradle:  components.NewBoolFlag(Gradle, "Set to true to request audit for a Gradle project."),
diff --git a/cli/scancommands.go b/cli/scancommands.go
index dd1ac526..ebc6aee6 100644
--- a/cli/scancommands.go
+++ b/cli/scancommands.go
@@ -357,8 +357,7 @@ func createAuditCmd(c *components.Context) (*audit.AuditCommand, error) {
 		SetPrintExtendedTable(c.GetBoolFlagValue(flags.ExtendedTable)).
 		SetMinSeverityFilter(minSeverity).
 		SetFixableOnly(c.GetBoolFlagValue(flags.FixableOnly)).
-		SetThirdPartyApplicabilityScan(c.GetBoolFlagValue(flags.ThirdPartyContextualAnalysis)).
-		SetExclusions(pluginsCommon.GetStringsArrFlagValue(c, flags.Exclusions))
+		SetThirdPartyApplicabilityScan(c.GetBoolFlagValue(flags.ThirdPartyContextualAnalysis))
 
 	if c.GetStringFlagValue(flags.Watches) != "" {
 		auditCmd.SetWatches(splitByCommaAndTrim(c.GetStringFlagValue(flags.Watches)))
@@ -373,7 +372,8 @@ func createAuditCmd(c *components.Context) (*audit.AuditCommand, error) {
 		SetUseWrapper(c.GetBoolFlagValue(flags.UseWrapper)).
 		SetInsecureTls(c.GetBoolFlagValue(flags.InsecureTls)).
 		SetNpmScope(c.GetStringFlagValue(flags.DepType)).
-		SetPipRequirementsFile(c.GetStringFlagValue(flags.RequirementsFile))
+		SetPipRequirementsFile(c.GetStringFlagValue(flags.RequirementsFile)).
+		SetExclusions(pluginsCommon.GetStringsArrFlagValue(c, flags.Exclusions))
 	return auditCmd, err
 }
 
diff --git a/commands/audit/audit.go b/commands/audit/audit.go
index 4b9d5f4b..4d57bd26 100644
--- a/commands/audit/audit.go
+++ b/commands/audit/audit.go
@@ -96,9 +96,8 @@ func (auditCmd *AuditCommand) Run() (err error) {
 		SetMinSeverityFilter(auditCmd.minSeverityFilter).
 		SetFixableOnly(auditCmd.fixableOnly).
 		SetGraphBasicParams(auditCmd.AuditBasicParams).
-		SetThirdPartyApplicabilityScan(auditCmd.thirdPartyApplicabilityScan).
-		SetExclusions(auditCmd.exclusions).
-		SetIsRecursiveScan(isRecursiveScan)
+		SetThirdPartyApplicabilityScan(auditCmd.thirdPartyApplicabilityScan)
+	auditParams.SetIsRecursiveScan(isRecursiveScan).SetExclusions(auditCmd.Exclusions())
 	auditResults, err := RunAudit(auditParams)
 	if err != nil {
 		return
diff --git a/commands/audit/auditparams.go b/commands/audit/auditparams.go
index 7e944f31..aaa5a2b5 100644
--- a/commands/audit/auditparams.go
+++ b/commands/audit/auditparams.go
@@ -8,7 +8,6 @@ import (
 type AuditParams struct {
 	xrayGraphScanParams *services.XrayGraphScanParams
 	workingDirs         []string
-	exclusions          []string
 	installFunc         func(tech string) error
 	fixableOnly         bool
 	minSeverityFilter   string
@@ -16,7 +15,6 @@ type AuditParams struct {
 	xrayVersion string
 	// Include third party dependencies source code in the applicability scan.
 	thirdPartyApplicabilityScan bool
-	isRecursiveScan             bool
 }
 
 func NewAuditParams() *AuditParams {
@@ -42,20 +40,6 @@ func (params *AuditParams) XrayVersion() string {
 	return params.xrayVersion
 }
 
-func (params *AuditParams) Exclusions() []string {
-	return params.exclusions
-}
-
-func (params *AuditParams) SetExclusions(exclusions []string) *AuditParams {
-	params.exclusions = exclusions
-	return params
-}
-
-func (params *AuditParams) SetIsRecursiveScan(isRecursiveScan bool) *AuditParams {
-	params.isRecursiveScan = isRecursiveScan
-	return params
-}
-
 func (params *AuditParams) SetXrayGraphScanParams(xrayGraphScanParams *services.XrayGraphScanParams) *AuditParams {
 	params.xrayGraphScanParams = xrayGraphScanParams
 	return params
diff --git a/commands/audit/sca/common.go b/commands/audit/sca/common.go
index 9b71d8b6..ff93b280 100644
--- a/commands/audit/sca/common.go
+++ b/commands/audit/sca/common.go
@@ -11,6 +11,8 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/utils/tests"
 	"github.com/jfrog/jfrog-cli-security/scangraph"
 	"github.com/jfrog/jfrog-cli-security/utils"
+	"github.com/jfrog/jfrog-client-go/artifactory/services/fspatterns"
+	clientutils "github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	ioUtils "github.com/jfrog/jfrog-client-go/utils/io"
 	"github.com/jfrog/jfrog-client-go/utils/log"
@@ -18,6 +20,16 @@ import (
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 )
 
+var DefaultExcludePatterns = []string{"*.git*", "*node_modules*", "*target*", "*venv*", "*test*"}
+
+func GetExcludePattern(params utils.AuditParams) string {
+	exclusions := params.Exclusions()
+	if len(exclusions) == 0 {
+		exclusions = append(exclusions, DefaultExcludePatterns...)
+	}
+	return fspatterns.PrepareExcludePathPattern(exclusions, clientutils.WildCardPattern, params.IsRecursiveScan())
+}
+
 func RunXrayDependenciesTreeScanGraph(dependencyTree *xrayUtils.GraphNode, progress ioUtils.ProgressMgr, technology coreutils.Technology, scanGraphParams *scangraph.ScanGraphParams) (results []services.ScanResponse, err error) {
 	scanGraphParams.XrayGraphScanParams().DependenciesGraph = dependencyTree
 	xscGitInfoContext := scanGraphParams.XrayGraphScanParams().XscGitInfoContext
diff --git a/commands/audit/sca/common_test.go b/commands/audit/sca/common_test.go
index a99117f4..22a65a4e 100644
--- a/commands/audit/sca/common_test.go
+++ b/commands/audit/sca/common_test.go
@@ -1,17 +1,63 @@
 package sca
 
 import (
-	"golang.org/x/exp/maps"
 	"reflect"
 	"testing"
 
+	"golang.org/x/exp/maps"
+
 	"github.com/jfrog/jfrog-cli-core/v2/utils/tests"
 	coreXray "github.com/jfrog/jfrog-cli-core/v2/utils/xray"
+	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/xray/services"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"github.com/stretchr/testify/assert"
 )
 
+func TestGetExcludePattern(t *testing.T) {
+	tests := []struct {
+		name     string
+		params   func() *utils.AuditBasicParams
+		expected string
+	}{
+		{
+			name: "Test exclude pattern recursive",
+			params: func() *utils.AuditBasicParams {
+				param := &utils.AuditBasicParams{}
+				param.SetExclusions([]string{"exclude1", "exclude2"}).SetIsRecursiveScan(true)
+				return param
+			},
+			expected: "(^exclude1$)|(^exclude2$)",
+		},
+		{
+			name:     "Test no exclude pattern recursive",
+			params:   func() *utils.AuditBasicParams { return (&utils.AuditBasicParams{}).SetIsRecursiveScan(true) },
+			expected: "(^.*\\.git.*$)|(^.*node_modules.*$)|(^.*target.*$)|(^.*venv.*$)|(^.*test.*$)",
+		},
+		{
+			name: "Test exclude pattern not recursive",
+			params: func() *utils.AuditBasicParams {
+				param := &utils.AuditBasicParams{}
+				param.SetExclusions([]string{"exclude1", "exclude2"})
+				return param
+			},
+			expected: "(^exclude1$)|(^exclude2$)",
+		},
+		{
+			name:     "Test no exclude pattern",
+			params:   func() *utils.AuditBasicParams { return &utils.AuditBasicParams{} },
+			expected: "(^.*\\.git.*$)|(^.*node_modules.*$)|(^.*target.*$)|(^.*venv.*$)|(^.*test.*$)",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			result := GetExcludePattern(test.params())
+			assert.Equal(t, test.expected, result)
+		})
+	}
+}
+
 func TestBuildXrayDependencyTree(t *testing.T) {
 	treeHelper := make(map[string]coreXray.DepTreeNode)
 	rootDep := coreXray.DepTreeNode{Children: []string{"topDep1", "topDep2", "topDep3"}}
diff --git a/commands/audit/sca/nuget/nuget.go b/commands/audit/sca/nuget/nuget.go
index 63cae11f..c3da7bc8 100644
--- a/commands/audit/sca/nuget/nuget.go
+++ b/commands/audit/sca/nuget/nuget.go
@@ -3,6 +3,12 @@ package nuget
 import (
 	"errors"
 	"fmt"
+	"io/fs"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
 	bidotnet "github.com/jfrog/build-info-go/build/utils/dotnet"
 	"github.com/jfrog/build-info-go/build/utils/dotnet/solution"
 	"github.com/jfrog/build-info-go/entities"
@@ -11,17 +17,13 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/commands/dotnet"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	coreXray "github.com/jfrog/jfrog-cli-core/v2/utils/xray"
+	"github.com/jfrog/jfrog-cli-security/commands/audit/sca"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"golang.org/x/exp/maps"
-	"io/fs"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
 )
 
 const (
@@ -40,7 +42,8 @@ func BuildDependencyTree(params utils.AuditParams) (dependencyTree []*xrayUtils.
 	if err != nil {
 		return
 	}
-	sol, err := solution.Load(wd, "", log.Logger)
+	exclusionPattern := sca.GetExcludePattern(params)
+	sol, err := solution.Load(wd, "", exclusionPattern, log.Logger)
 	if err != nil && !strings.Contains(err.Error(), globalPackagesNotFoundErrorMessage) {
 		// In older NuGet projects that utilize NuGet Cli and package.config, if the project is not installed, the solution.Load function raises an error because it cannot find global package paths.
 		// This issue is resolved by executing the 'nuget restore' command followed by running solution.Load again. Therefore, in this scenario, we need to proceed with this process.
@@ -49,7 +52,7 @@ func BuildDependencyTree(params utils.AuditParams) (dependencyTree []*xrayUtils.
 
 	if isInstallRequired(params, sol) {
 		log.Info("Dependencies sources were not detected nor 'install' command provided. Running 'restore' command")
-		sol, err = runDotnetRestoreAndLoadSolution(params, wd)
+		sol, err = runDotnetRestoreAndLoadSolution(params, wd, exclusionPattern)
 		if err != nil {
 			return
 		}
@@ -74,7 +77,7 @@ func isInstallRequired(params utils.AuditParams, sol solution.Solution) bool {
 
 // Generates a temporary duplicate of the project to execute the 'install' command without impacting the original directory and establishing the JFrog configuration file for Artifactory resolution
 // Additionally, re-loads the project's Solution so the dependencies sources will be identified
-func runDotnetRestoreAndLoadSolution(params utils.AuditParams, originalWd string) (sol solution.Solution, err error) {
+func runDotnetRestoreAndLoadSolution(params utils.AuditParams, originalWd, exclusionPattern string) (sol solution.Solution, err error) {
 	// Creating a temporary copy of the project in order to run 'install' command without effecting the original directory + creating the jfrog config for artifactory resolution
 	tmpWd, err := fileutils.CreateTempDir()
 	if err != nil {
@@ -129,7 +132,7 @@ func runDotnetRestoreAndLoadSolution(params utils.AuditParams, originalWd string
 	if err != nil {
 		return
 	}
-	sol, err = solution.Load(tmpWd, "", log.Logger)
+	sol, err = solution.Load(tmpWd, "", exclusionPattern, log.Logger)
 	return
 }
 
diff --git a/commands/audit/sca/nuget/nuget_test.go b/commands/audit/sca/nuget/nuget_test.go
index 078df7aa..0ab6aba9 100644
--- a/commands/audit/sca/nuget/nuget_test.go
+++ b/commands/audit/sca/nuget/nuget_test.go
@@ -134,13 +134,13 @@ func TestRunDotnetRestoreAndLoadSolution(t *testing.T) {
 		dotnetProjectPath := filepath.Join(testDataDir, "dotnet", projectName)
 		assert.NoError(t, utils.CopyDir(dotnetProjectPath, tempDirPath, true, nil))
 
-		sol, err := solution.Load(tempDirPath, "", log.Logger)
+		sol, err := solution.Load(tempDirPath, "", "", log.Logger)
 		assert.NoError(t, err)
 		assert.Empty(t, sol.GetProjects())
 		assert.Empty(t, sol.GetDependenciesSources())
 
 		params := &xrayUtils2.AuditBasicParams{}
-		sol, err = runDotnetRestoreAndLoadSolution(params, tempDirPath)
+		sol, err = runDotnetRestoreAndLoadSolution(params, tempDirPath, "")
 		assert.NoError(t, err)
 		assert.NotEmpty(t, sol.GetProjects())
 		assert.NotEmpty(t, sol.GetDependenciesSources())
diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go
index 7e2952f0..8efb3b18 100644
--- a/commands/audit/scarunner.go
+++ b/commands/audit/scarunner.go
@@ -22,7 +22,6 @@ import (
 	"github.com/jfrog/jfrog-cli-security/commands/audit/sca/yarn"
 	"github.com/jfrog/jfrog-cli-security/scangraph"
 	xrayutils "github.com/jfrog/jfrog-cli-security/utils"
-	"github.com/jfrog/jfrog-client-go/artifactory/services/fspatterns"
 	clientutils "github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
@@ -30,8 +29,6 @@ import (
 	xrayCmdUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 )
 
-var DefaultExcludePatterns = []string{"*.git*", "*node_modules*", "*target*", "*venv*", "*test*"}
-
 func runScaScan(params *AuditParams, results *xrayutils.Results) (err error) {
 	// Prepare
 	currentWorkingDir, err := os.Getwd()
@@ -75,7 +72,7 @@ func runScaScan(params *AuditParams, results *xrayutils.Results) (err error) {
 func getScaScansToPreform(params *AuditParams) (scansToPreform []*xrayutils.ScaScanResult) {
 	for _, requestedDirectory := range params.workingDirs {
 		// Detect descriptors and technologies in the requested directory.
-		techToWorkingDirs, err := coreutils.DetectTechnologiesDescriptors(requestedDirectory, params.isRecursiveScan, params.Technologies(), getRequestedDescriptors(params), getExcludePattern(params, params.isRecursiveScan))
+		techToWorkingDirs, err := coreutils.DetectTechnologiesDescriptors(requestedDirectory, params.IsRecursiveScan(), params.Technologies(), getRequestedDescriptors(params), sca.GetExcludePattern(params.AuditBasicParams))
 		if err != nil {
 			log.Warn("Couldn't detect technologies in", requestedDirectory, "directory.", err.Error())
 			continue
@@ -108,14 +105,6 @@ func getRequestedDescriptors(params *AuditParams) map[coreutils.Technology][]str
 	return requestedDescriptors
 }
 
-func getExcludePattern(params *AuditParams, recursive bool) string {
-	exclusions := params.Exclusions()
-	if len(exclusions) == 0 {
-		exclusions = append(exclusions, DefaultExcludePatterns...)
-	}
-	return fspatterns.PrepareExcludePathPattern(exclusions, clientutils.WildCardPattern, recursive)
-}
-
 // Preform the SCA scan for the given scan information.
 // This method will change the working directory to the scan's working directory.
 func executeScaScan(serverDetails *config.ServerDetails, params *AuditParams, scan *xrayutils.ScaScanResult) (err error) {
diff --git a/commands/audit/scarunner_test.go b/commands/audit/scarunner_test.go
index 7f2cfc0c..68162094 100644
--- a/commands/audit/scarunner_test.go
+++ b/commands/audit/scarunner_test.go
@@ -117,55 +117,6 @@ func createEmptyFile(t *testing.T, path string) {
 	assert.NoError(t, file.Close())
 }
 
-func TestGetExcludePattern(t *testing.T) {
-	tests := []struct {
-		name      string
-		params    func() *AuditParams
-		recursive bool
-		expected  string
-	}{
-		{
-			name: "Test exclude pattern recursive",
-			params: func() *AuditParams {
-				param := NewAuditParams()
-				param.SetExclusions([]string{"exclude1", "exclude2"})
-				return param
-			},
-			recursive: true,
-			expected:  "(^exclude1$)|(^exclude2$)",
-		},
-		{
-			name:      "Test no exclude pattern recursive",
-			params:    NewAuditParams,
-			recursive: true,
-			expected:  "(^.*\\.git.*$)|(^.*node_modules.*$)|(^.*target.*$)|(^.*venv.*$)|(^.*test.*$)",
-		},
-		{
-			name: "Test exclude pattern not recursive",
-			params: func() *AuditParams {
-				param := NewAuditParams()
-				param.SetExclusions([]string{"exclude1", "exclude2"})
-				return param
-			},
-			recursive: false,
-			expected:  "(^exclude1$)|(^exclude2$)",
-		},
-		{
-			name:      "Test no exclude pattern",
-			params:    NewAuditParams,
-			recursive: false,
-			expected:  "(^.*\\.git.*$)|(^.*node_modules.*$)|(^.*target.*$)|(^.*venv.*$)|(^.*test.*$)",
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			result := getExcludePattern(test.params(), test.recursive)
-			assert.Equal(t, test.expected, result)
-		})
-	}
-}
-
 func TestGetScaScansToPreform(t *testing.T) {
 
 	dir, cleanUp := createTestDir(t)
@@ -180,8 +131,8 @@ func TestGetScaScansToPreform(t *testing.T) {
 			name: "Test specific technologies",
 			wd:   dir,
 			params: func() *AuditParams {
-				param := NewAuditParams().SetIsRecursiveScan(true).SetWorkingDirs([]string{dir})
-				param.SetTechnologies([]string{"maven", "npm", "go"})
+				param := NewAuditParams().SetWorkingDirs([]string{dir})
+				param.SetTechnologies([]string{"maven", "npm", "go"}).SetIsRecursiveScan(true)
 				return param
 			},
 			expected: []*xrayutils.ScaScanResult{
@@ -210,7 +161,9 @@ func TestGetScaScansToPreform(t *testing.T) {
 			name: "Test all",
 			wd:   dir,
 			params: func() *AuditParams {
-				return NewAuditParams().SetIsRecursiveScan(true).SetWorkingDirs([]string{dir})
+				param := NewAuditParams().SetWorkingDirs([]string{dir})
+				param.SetIsRecursiveScan(true)
+				return param
 			},
 			expected: []*xrayutils.ScaScanResult{
 				{
diff --git a/go.mod b/go.mod
index 46fe9bec..8b95af78 100644
--- a/go.mod
+++ b/go.mod
@@ -98,6 +98,8 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240225124040-0941c5ce1007
 
-// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev
+replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240222155638-e55c7d7acbee
+
+replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20240225113943-096bf22ca54c
diff --git a/go.sum b/go.sum
index ce0623bc..c4211bb8 100644
--- a/go.sum
+++ b/go.sum
@@ -96,16 +96,16 @@ github.com/jedib0t/go-pretty/v6 v6.5.4 h1:gOGo0613MoqUcf0xCj+h/V3sHDaZasfv152G6/
 github.com/jedib0t/go-pretty/v6 v6.5.4/go.mod h1:5LQIxa52oJ/DlDSLv0HEkWOFMDGoWkJb9ss5KqPpJBg=
 github.com/jfrog/archiver/v3 v3.6.0 h1:OVZ50vudkIQmKMgA8mmFF9S0gA47lcag22N13iV3F1w=
 github.com/jfrog/archiver/v3 v3.6.0/go.mod h1:fCAof46C3rAXgZurS8kNRNdSVMKBbZs+bNNhPYxLldI=
-github.com/jfrog/build-info-go v1.9.23 h1:+TwUIBEJwRvz9skR8xBfY5ti8Vl4Z6iMCkFbkclnEN0=
-github.com/jfrog/build-info-go v1.9.23/go.mod h1:QHcKuesY4MrBVBuEwwBz4uIsX6mwYuMEDV09ng4AvAU=
+github.com/jfrog/build-info-go v1.8.9-0.20240225113943-096bf22ca54c h1:M1QiuCYGCYN1IiGyxogrLzfetYGkkhE2pgDh5K4Wo9A=
+github.com/jfrog/build-info-go v1.8.9-0.20240225113943-096bf22ca54c/go.mod h1:QHcKuesY4MrBVBuEwwBz4uIsX6mwYuMEDV09ng4AvAU=
 github.com/jfrog/gofrog v1.6.0 h1:jOwb37nHY2PnxePNFJ6e6279Pgkr3di05SbQQw47Mq8=
 github.com/jfrog/gofrog v1.6.0/go.mod h1:SZ1EPJUruxrVGndOzHd+LTiwWYKMlHqhKD+eu+v5Hqg=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-core/v2 v2.48.1 h1:rRqI82btSFKFStGd7uEiheeBAuEjrw+ZZbE1abaKUBU=
-github.com/jfrog/jfrog-cli-core/v2 v2.48.1/go.mod h1:9aZHtR9x7s9VUa5AalOjJkxMMPSgxXgQ5hdU3vzMwcs=
-github.com/jfrog/jfrog-client-go v1.37.1 h1:BqIWGPajC5vhUo5dcQ9KEJr0EVANr/O4cfEqRYvzvRg=
-github.com/jfrog/jfrog-client-go v1.37.1/go.mod h1:y+zeO0LeT2uHoHs4/fXHrm5dfF02bg6Dw3cNJxgJ5LY=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240225124040-0941c5ce1007 h1:0KxG3eFY5Ky9UJDpEtDjAKWJ9Nv3FC+JfLy3HlzOkJo=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240225124040-0941c5ce1007/go.mod h1:WBLFp8yLZMaJiQtY9updnh0zj9kfxRFpY4Y9zCiggtk=
+github.com/jfrog/jfrog-client-go v1.28.1-0.20240222155638-e55c7d7acbee h1:IrM+wE8WmsSm95vpYSEYle2mPAOVn1FrRTeScSNxgrw=
+github.com/jfrog/jfrog-client-go v1.28.1-0.20240222155638-e55c7d7acbee/go.mod h1:jcZYTyo9H4GtZ6eAYIfKm1ulxeTbshcBBA+YUbWlHNc=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
diff --git a/utils/auditbasicparams.go b/utils/auditbasicparams.go
index fee9e5c5..e66a618f 100644
--- a/utils/auditbasicparams.go
+++ b/utils/auditbasicparams.go
@@ -36,6 +36,10 @@ type AuditParams interface {
 	SetIsMavenDepTreeInstalled(isMavenDepTreeInstalled bool) *AuditBasicParams
 	IsCurationCmd() bool
 	SetIsCurationCmd(bool) *AuditBasicParams
+	SetExclusions(exclusions []string) *AuditBasicParams
+	Exclusions() []string
+	SetIsRecursiveScan(isRecursiveScan bool) *AuditBasicParams
+	IsRecursiveScan() bool
 }
 
 type AuditBasicParams struct {
@@ -55,6 +59,8 @@ type AuditBasicParams struct {
 	args                             []string
 	installCommandArgs               []string
 	dependenciesForApplicabilityScan []string
+	exclusions                       []string
+	isRecursiveScan                  bool
 }
 
 func (abp *AuditBasicParams) DirectDependencies() []string {
@@ -199,7 +205,26 @@ func (abp *AuditBasicParams) SetIsMavenDepTreeInstalled(isMavenDepTreeInstalled
 func (abp *AuditBasicParams) IsCurationCmd() bool {
 	return abp.isCurationCmd
 }
+
 func (abp *AuditBasicParams) SetIsCurationCmd(isCurationCmd bool) *AuditBasicParams {
 	abp.isCurationCmd = isCurationCmd
 	return abp
 }
+
+func (abp *AuditBasicParams) Exclusions() []string {
+	return abp.exclusions
+}
+
+func (abp *AuditBasicParams) SetExclusions(exclusions []string) *AuditBasicParams {
+	abp.exclusions = exclusions
+	return abp
+}
+
+func (abp *AuditBasicParams) SetIsRecursiveScan(isRecursiveScan bool) *AuditBasicParams {
+	abp.isRecursiveScan = isRecursiveScan
+	return abp
+}
+
+func (abp *AuditBasicParams) IsRecursiveScan() bool {
+	return abp.isRecursiveScan
+}