Merge remote-tracking branch 'upstream/dev' into curation-overide-pac…

…kage-lock

.github/RELEASE_LINK_TEMPLATE.md

@@ -0,0 +1,23 @@
+<details>
+    <summary>Downloads JFrog CLI</summary>
+
+### Linux
+
+[386](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-386/jf)
+[AMD-64](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-amd64/jf)
+[ARM-32](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-arm/jf)
+[ARM-64](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-arm64/jf)
+[PPC-64](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-ppc64/jf)
+[PPC-64-LE](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-ppc64le/jf)
+[S390X](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-s390x/jf)
+
+### MacOS
+
+[AMD-64](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-mac-386/jf)
+[ARM-64](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-mac-arm64/jf)
+
+### Windows
+
+[ARM-64](https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-windows-amd64/jf.exe)
+
+</details>

.github/workflows/addReleaseLinks.yml

@@ -0,0 +1,27 @@
+name: Add links on release
+on:
+  release:
+    types: [created]
+
+jobs:
+  add-links-on-release:
+    name: Add links on release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v2
+
+      - name: Create markdown download links
+        run: |
+          # Remove the prefix 'v' from version.
+          RELEASE_VERSION=$(echo "${{ github.event.release.tag_name }}" | sed 's/^v//')
+
+          # Replace the place-holders '{version}' with the actual release version.
+          sed "s/{version}/$RELEASE_VERSION/g" ./.github/releaseLinkTemplate.md > ./temp_releaseLinkTemplate.md
+
+      - name: Add links to release notes
+        uses: softprops/action-gh-release@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          body_path: "temp_releaseLinkTemplate.md"
+          append_body: true

build/npm/v2-jf/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jfrog-cli-v2-jf",
-  "version": "2.46.2",
+  "version": "2.46.3",
   "description": "🐸 Command-line interface for JFrog Artifactory, Xray, Distribution, Pipelines and Mission Control 🐸",
   "homepage": "https://github.com/jfrog/jfrog-cli",
   "preferGlobal": true,

build/npm/v2/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jfrog-cli-v2",
-  "version": "2.46.2",
+  "version": "2.46.3",
   "description": "🐸 Command-line interface for JFrog Artifactory, Xray, Distribution, Pipelines and Mission Control 🐸",
   "homepage": "https://github.com/jfrog/jfrog-cli",
   "preferGlobal": true,

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/gocarina/gocsv v0.0.0-20230616125104-99d496ca653d
 	github.com/jfrog/build-info-go v1.9.10
 	github.com/jfrog/gofrog v1.3.0
-	github.com/jfrog/jfrog-cli-core/v2 v2.41.4
+	github.com/jfrog/jfrog-cli-core/v2 v2.41.5
 	github.com/jfrog/jfrog-client-go v1.32.1
 	github.com/jszwec/csvutil v1.8.0
 	github.com/mholt/archiver/v3 v3.5.1
@@ -129,6 +129,5 @@ replace github.com/jfrog/jfrog-cli-core/v2 => github.com/asafambar/jfrog-cli-cor
 
 // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27
 
-replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6
+// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6
 
-//replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38

go.sum

@@ -239,8 +239,14 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jedib0t/go-pretty/v6 v6.4.7 h1:lwiTJr1DEkAgzljsUsORmWsVn5MQjt1BPJdPCtJ6KXE=
 github.com/jedib0t/go-pretty/v6 v6.4.7/go.mod h1:Ndk3ase2CkQbXLLNf5QDHoYb6J9WtVfmHZu9n8rk2xs=
+github.com/jfrog/build-info-go v1.9.10 h1:uXnDLVxpqxoAMpXcki00QaBB+M2BoGMMpHODPkmmYOY=
+github.com/jfrog/build-info-go v1.9.10/go.mod h1:ujJ8XQZMdT2tMkLSMJNyDd1pCY+duwHdjV+9or9FLIg=
 github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk=
 github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
+github.com/jfrog/jfrog-cli-core/v2 v2.41.5 h1:+hQs69dXhNrDIDsBlEPcmLgywfkzyKrIsCZtBW486PU=
+github.com/jfrog/jfrog-cli-core/v2 v2.41.5/go.mod h1:HCMfdtCy2B81EF8YiQlsfbG3CsLk/VeqoWGNYoSUz8Q=
+github.com/jfrog/jfrog-client-go v1.32.1 h1:RQmuPSLsF5222vZJzwkgHSZMMJF83ExS7SwIvh4P+H8=
+github.com/jfrog/jfrog-client-go v1.32.1/go.mod h1:362+oa7uTTYurzBs1L0dmUTlLo7uhpAU/pwM5Zb9clg=
 github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6 h1:9mNCAUu/uHx80s4rMc9PeI1lllrZ1MOPUesIMglFoTY=
 github.com/jfrog/jfrog-client-go v1.28.1-0.20230906115540-2c3c91d271d6/go.mod h1:soD5VL3X+G+0KKUNSlb0CSdF9nwHsQZCr0xqOGedAHM=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=

testdata/xray/nuget/single5.0/ClassLibrary1/ClassLibrary1.csproj

@@ -0,0 +1,22 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+    <Platforms>AnyCPU;x64</Platforms>
+    <Company>Some Compnay</Company>
+    <Product>Some product</Product>
+    <Copyright>Copyright © 2020 by Foobar.</Copyright>
+    <Version>1.0.0</Version>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
+    <PackageReference Include="System.IO.FileSystem.AccessControl" Version="4.7.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="2.1.0" />
+    <PackageReference Include="Serilog.AspNetCore" Version="2.1.1" />
+    <PackageReference Include="Serilog.Formatting.Compact" Version="1.0.0" />
+    <PackageReference Include="Serilog.Settings.Configuration" Version="3.0.1" />
+    <PackageReference Include="Serilog.Sinks.Console" Version="3.1.1" />
+    <PackageReference Include="Serilog.Sinks.EventLog" Version="3.1.0" />
+    <PackageReference Include="Serilog.Sinks.File" Version="4.0.0" />
+  </ItemGroup>
+</Project>

testdata/xray/nuget/single5.0/TestSolution.sln

@@ -0,0 +1,29 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.32106.194
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ClassLibrary1", "ClassLibrary1\ClassLibrary1.csproj", "{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{757C1D5A-BAA9-453F-B612-A0571390976B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{757C1D5A-BAA9-453F-B612-A0571390976B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{757C1D5A-BAA9-453F-B612-A0571390976B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{757C1D5A-BAA9-453F-B612-A0571390976B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {D8547989-C4F7-4FCC-95BB-F7478F7D2484}
+	EndGlobalSection
+EndGlobal

utils/cliutils/cli_consts.go

@@ -4,7 +4,7 @@ import "time"
 
 const (
 	// General CLI constants
-	CliVersion  = "2.46.2"
+	CliVersion  = "2.46.3"
 	ClientAgent = "jfrog-cli-go"
 
 	// CLI base commands constants:

xray_test.go

@@ -210,24 +210,102 @@ func runXrayAuditYarnWithOutput(t *testing.T, format string) string {
 	return xrayCli.RunCliCmdWithOutput(t, "audit", "--yarn", "--licenses", "--format="+format)
 }
 
-// Tests NuGet audit by providing simple NuGet project and asserts any error.
+// Tests NuGet audit by providing simple NuGet project + multi-project NuGet project and asserts any error.
 func TestXrayAuditNugetJson(t *testing.T) {
-	output := testXrayAuditNuget(t, "single", string(utils.Json))
-	verifyJsonScanResults(t, output, 0, 2, 0)
+	var testdata = []struct {
+		projectName        string
+		format             string
+		restoreTech        string
+		minVulnerabilities int
+		minLicences        int
+	}{
+		{
+			projectName:        "single4.0",
+			format:             string(utils.Json),
+			restoreTech:        "nuget",
+			minVulnerabilities: 2,
+			minLicences:        0,
+		},
+		{
+			projectName:        "single5.0",
+			format:             string(utils.Json),
+			restoreTech:        "dotnet",
+			minVulnerabilities: 3,
+			minLicences:        2,
+		},
+		{
+			projectName:        "single5.0",
+			format:             string(utils.Json),
+			restoreTech:        "",
+			minVulnerabilities: 3,
+			minLicences:        2,
+		},
+		{
+			projectName:        "multi",
+			format:             string(utils.Json),
+			restoreTech:        "dotnet",
+			minVulnerabilities: 5,
+			minLicences:        3,
+		},
+		{
+			projectName:        "multi",
+			format:             string(utils.Json),
+			restoreTech:        "",
+			minVulnerabilities: 5,
+			minLicences:        3,
+		},
+	}
+	for _, test := range testdata {
+		runInstallCommand := test.restoreTech != ""
+		t.Run(fmt.Sprintf("projectName:%s,runInstallCommand:%t", test.projectName, runInstallCommand),
+			func(t *testing.T) {
+				output := testXrayAuditNuget(t, test.projectName, test.format, test.restoreTech)
+				verifyJsonScanResults(t, output, 0, test.minVulnerabilities, test.minLicences)
+			})
+	}
 }
 
 func TestXrayAuditNugetSimpleJson(t *testing.T) {
-	output := testXrayAuditNuget(t, "single", string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 2, 0)
-}
-
-// Tests NuGet audit by providing a multi-project NuGet project and asserts any error.
-func TestXrayAuditNugetMultiProject(t *testing.T) {
-	output := testXrayAuditNuget(t, "multi", string(utils.Json))
-	verifyJsonScanResults(t, output, 0, 5, 0)
+	var testdata = []struct {
+		projectName        string
+		format             string
+		restoreTech        string
+		minVulnerabilities int
+		minLicences        int
+	}{
+		{
+			projectName:        "single4.0",
+			format:             string(utils.SimpleJson),
+			restoreTech:        "nuget",
+			minVulnerabilities: 2,
+			minLicences:        0,
+		},
+		{
+			projectName:        "single5.0",
+			format:             string(utils.SimpleJson),
+			restoreTech:        "dotnet",
+			minVulnerabilities: 3,
+			minLicences:        2,
+		},
+		{
+			projectName:        "single5.0",
+			format:             string(utils.SimpleJson),
+			restoreTech:        "",
+			minVulnerabilities: 3,
+			minLicences:        2,
+		},
+	}
+	for _, test := range testdata {
+		runInstallCommand := test.restoreTech != ""
+		t.Run(fmt.Sprintf("projectName:%s,runInstallCommand:%t", test.projectName, runInstallCommand),
+			func(t *testing.T) {
+				output := testXrayAuditNuget(t, test.projectName, test.format, test.restoreTech)
+				verifySimpleJsonScanResults(t, output, test.minVulnerabilities, test.minLicences)
+			})
+	}
 }
 
-func testXrayAuditNuget(t *testing.T, projectName, format string) string {
+func testXrayAuditNuget(t *testing.T, projectName, format string, restoreTech string) string {
 	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
@@ -238,9 +316,12 @@ func testXrayAuditNuget(t *testing.T, projectName, format string) string {
 	defer clientTestUtils.ChangeDirAndAssert(t, prevWd)
 	// Add dummy descriptor file to check that we run only specific audit
 	addDummyPackageDescriptor(t, false)
-	// Run NuGet restore before executing jfrog xr audit (NuGet)
-	assert.NoError(t, exec.Command("nuget", "restore").Run())
-	return xrayCli.RunCliCmdWithOutput(t, "audit", "--nuget", "--format="+format)
+	// Run NuGet/Dotnet restore before executing jfrog xr audit (NuGet)
+	if restoreTech != "" {
+		_, err := exec.Command(restoreTech, "restore").CombinedOutput()
+		assert.NoError(t, err)
+	}
+	return xrayCli.RunCliCmdWithOutput(t, "audit", "--nuget", "--format="+format, "--licenses")
 }
 
 func TestXrayAuditGradleJson(t *testing.T) {
@@ -328,7 +409,7 @@ func TestXrayAuditMultiProjects(t *testing.T) {
 	// Copy the multi project from the testdata to a temp dir
 	assert.NoError(t, biutils.CopyDir(multiProject, tempDirPath, true, nil))
 	workingDirsFlag := fmt.Sprintf("--working-dirs=%s, %s ,%s, %s",
-		filepath.Join(tempDirPath, "maven"), filepath.Join(tempDirPath, "nuget", "single"),
+		filepath.Join(tempDirPath, "maven"), filepath.Join(tempDirPath, "nuget", "single4.0"),
 		filepath.Join(tempDirPath, "python", "pip"), filepath.Join(tempDirPath, "jas-test"))
 	// Configure a new server named "default"
 	createJfrogHomeConfig(t, true)