jfrog · attiasas · May 23, 2024 · May 26, 2024 · Jun 25, 2024 · Jun 26, 2024
diff --git a/cli/cli.go b/cli/cli.go
@@ -16,5 +16,12 @@ func GetJfrogCliSecurityApp() components.App {
 		Commands:    getXrayNameSpaceCommands(),
 		Category:    "Command Namespaces",
 	})
+	// TOOD: make namespace hidden?
+	app.Subcommands = append(app.Subcommands, components.Namespace{
+		Name:        "git",
+		Description: "Git integration commands.",
+		Commands:    getGitNameSpaceCommands(),
+		Category:    "Command Namespaces",
+	})
 	return app
 }
diff --git a/cli/docs/flags.go b/cli/docs/flags.go
@@ -20,6 +20,7 @@ const (
 	DockerScan    = "docker scan"
 	Audit         = "audit"
 	CurationAudit = "curation-audit"
+	GitAudit 	= "git-audit"
 
 	// TODO: Deprecated commands (remove at next CLI major version)
 	AuditMvn    = "audit-maven"
@@ -81,6 +82,7 @@ const (
 	To        = "to"
 	Version   = "version"
 	Target    = "target"
+	Source    = "source"
 	Stream    = "stream"
 	Periodic  = "periodic"
 
@@ -129,15 +131,11 @@ var commandFlags = map[string][]string{
 	DockerScan: {
 		ServerId, Project, Watches, RepoPath, Licenses, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly,
 	},
-	Audit: {
-		url, user, password, accessToken, ServerId, InsecureTls, Project, Watches, RepoPath, Licenses, OutputFormat, ExcludeTestDeps,
-		useWrapperAudit, DepType, RequirementsFile, Fail, ExtendedTable, WorkingDirs, ExclusionsAudit, Mvn, Gradle, Npm,
-		Pnpm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, Threads,
-		Sca, Iac, Sast, Secrets, WithoutCA,
-	},
 	CurationAudit: {
 		CurationOutput, WorkingDirs, Threads, RequirementsFile,
 	},
+	Audit: getAuditFlags(),
+	GitAudit: getAuditFlags(),
 	// TODO: Deprecated commands (remove at next CLI major version)
 	AuditMvn: {
 		url, user, password, accessToken, ServerId, InsecureTls, Project, ExclusionsAudit, Watches, RepoPath, Licenses, OutputFormat, Fail, ExtendedTable, useWrapperAudit,
@@ -159,6 +157,15 @@ var commandFlags = map[string][]string{
 	},
 }
 
+func getAuditFlags() []string {
+	return []string{
+		url, user, password, accessToken, ServerId, InsecureTls, Project, Watches, RepoPath, Licenses, OutputFormat, ExcludeTestDeps,
+		useWrapperAudit, DepType, RequirementsFile, Fail, ExtendedTable, WorkingDirs, ExclusionsAudit, Mvn, Gradle, Npm,
+		Pnpm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, Threads,
+		Sca, Iac, Sast, Secrets, WithoutCA,
+	}
+}
+
 // Security Flag keys mapped to their corresponding components.Flag definition.
 var flagsMap = map[string]components.Flag{
 	// Common commands flags

diff --git a/cli/docs/git/audit/help.go b/cli/docs/git/audit/help.go
@@ -0,0 +1,14 @@
+package audit
+
+import "github.com/jfrog/jfrog-cli-core/v2/plugins/components"
+
+func GetDescription() string {
+	return "Audit a git repository. This command will compare the sourceCommit against the targetCommit and return the security vulnerabilities added by the sourceCommit against the targetCommit."
+}
+
+func GetArguments() []components.Argument {
+	return []components.Argument{
+		{Name: "sourceCommit", Description: "sourceCommit to compare against."},
+		{Name: "targetCommit", Description: "targetCommit to compare against."},
+	}
+}
diff --git a/cli/gitcommands.go b/cli/gitcommands.go
@@ -0,0 +1,39 @@
+package cli
+
+import (
+	"github.com/jfrog/jfrog-cli-core/v2/common/progressbar"
+	pluginsCommon "github.com/jfrog/jfrog-cli-core/v2/plugins/common"
+	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
+	flags "github.com/jfrog/jfrog-cli-security/cli/docs"
+	auditDocs "github.com/jfrog/jfrog-cli-security/cli/docs/git/audit"
+	"github.com/jfrog/jfrog-cli-security/commands/git/audit"
+	"github.com/jfrog/jfrog-cli-security/utils"
+)
+
+func getGitNameSpaceCommands() []components.Command {
+	return []components.Command{
+		{
+			Name:        "audit",
+			Aliases:     []string{"gita"},
+			Flags:       flags.GetCommandFlags(flags.Audit),
+			Description: auditDocs.GetDescription(),
+			Arguments:  auditDocs.GetArguments(),
+			Category:    auditScanCategory,
+			Hidden: 	 true,
+			Action:      GitAuditCmd,
+		},
+	}
+}
+
+func GitAuditCmd(c *components.Context) error {
+	if len(c.Arguments) < 2 {
+		return pluginsCommon.WrongNumberOfArgumentsHandler(c)
+	}
+	auditCmd, err := CreateAuditCmd(c)
+	if err != nil {
+		return err
+	}
+	cmd := audit.NewGitAuditCommand(auditCmd)
+	cmd.SetSource(c.Arguments[0]).SetTarget(c.Arguments[1])
+	return utils.ReportErrorIfExists(progressbar.ExecWithProgress(cmd), cmd.ServerDetails)
+}
diff --git a/cli/scancommands.go b/cli/scancommands.go
@@ -448,11 +448,7 @@ func AuditSpecificCmd(c *components.Context, technology techutils.Technology) er
 	}
 	technologies := []string{string(technology)}
 	auditCmd.SetTechnologies(technologies)
-	err = progressbar.ExecWithProgress(auditCmd)
-
-	// Reporting error if Xsc service is enabled
-	reportErrorIfExists(err, auditCmd)
-	return err
+	return utils.ReportErrorIfExists(progressbar.ExecWithProgress(auditCmd), auditCmd.ServerDetails)
 }
 
 func CurationCmd(c *components.Context) error {

diff --git a/commands/audit/audit.go b/commands/audit/audit.go
@@ -113,13 +113,17 @@ func (auditCmd *AuditCommand) CreateCommonGraphScanParams() *scangraph.CommonGra
 }
 
 func (auditCmd *AuditCommand) Run() (err error) {
+	_, err = auditCmd.RunAuditCommand(true)
+	return
+}
+
+func (auditCmd *AuditCommand) RunAuditCommand(printResults bool) (auditResults *xrayutils.Results, err error) {
 	// If no workingDirs were provided by the user, we apply a recursive scan on the root repository
 	isRecursiveScan := len(auditCmd.workingDirs) == 0
 	workingDirs, err := coreutils.GetFullPathsWorkingDirs(auditCmd.workingDirs)
 	if err != nil {
 		return
 	}
-
 	// Should be called before creating the audit params, so the params will contain XSC information.
 	auditCmd.analyticsMetricsService.AddGeneralEvent(auditCmd.analyticsMetricsService.CreateGeneralEvent(xscservices.CliProduct, xscservices.CliEventType))
 	auditParams := NewAuditParams().
@@ -132,7 +136,7 @@ func (auditCmd *AuditCommand) Run() (err error) {
 		SetThreads(auditCmd.Threads)
 	auditParams.SetIsRecursiveScan(isRecursiveScan).SetExclusions(auditCmd.Exclusions())
 
-	auditResults, err := RunAudit(auditParams)
+	auditResults, err = RunAudit(auditParams)
 	if err != nil {
 		return
 	}
@@ -142,29 +146,39 @@ func (auditCmd *AuditCommand) Run() (err error) {
 			return
 		}
 	}
-	var messages []string
-	if !auditResults.ExtendedScanResults.EntitledForJas {
-		messages = []string{coreutils.PrintTitle("The ‘jf audit’ command also supports JFrog Advanced Security features, such as 'Contextual Analysis', 'Secret Detection', 'IaC Scan' and ‘SAST’.\nThis feature isn't enabled on your system. Read more - ") + coreutils.PrintLink("https://jfrog.com/xray/")}
+	if !printResults {
+		return
 	}
-	if err = xrayutils.NewResultsWriter(auditResults).
-		SetIsMultipleRootProject(auditResults.IsMultipleProject()).
-		SetIncludeVulnerabilities(auditCmd.IncludeVulnerabilities).
-		SetIncludeLicenses(auditCmd.IncludeLicenses).
-		SetOutputFormat(auditCmd.OutputFormat()).
-		SetPrintExtendedTable(auditCmd.PrintExtendedTable).
-		SetExtraMessages(messages).
-		SetScanType(services.Dependency).
-		SetSubScansPreformed(auditCmd.ScansToPerform()).
-		PrintScanResults(); err != nil {
+	if err = auditCmd.PrintAuditResults(auditResults); err != nil {
 		return
 	}
+	err = auditCmd.GetResultsError(auditResults)
+	return
+}
 
-	if auditResults.ScansErr != nil {
-		return auditResults.ScansErr
+func (auditCmd *AuditCommand) PrintAuditResults(auditResults *xrayutils.Results) (err error) {
+	var messages []string
+	if !auditResults.ExtendedScanResults.EntitledForJas {
+		messages = []string{coreutils.PrintTitle("The ‘jf audit’ command also supports JFrog Advanced Security features, such as 'Contextual Analysis', 'Secret Detection', 'IaC Scan' and ‘SAST’.\nThis feature isn't enabled on your system. Read more - ") + coreutils.PrintLink("https://jfrog.com/xray/")}
 	}
+	return xrayutils.NewResultsWriter(auditResults).
+	SetIsMultipleRootProject(auditResults.IsMultipleProject()).
+	SetIncludeVulnerabilities(auditCmd.IncludeVulnerabilities).
+	SetIncludeLicenses(auditCmd.IncludeLicenses).
+	SetOutputFormat(auditCmd.OutputFormat()).
+	SetPrintExtendedTable(auditCmd.PrintExtendedTable).
+	SetExtraMessages(messages).
+	SetScanType(services.Dependency).
+	SetSubScansPreformed(auditCmd.ScansToPerform()).
+	PrintScanResults()
+}
 
+func (auditCmd *AuditCommand) GetResultsError(results *xrayutils.Results) (err error) {
+	if results.ScansErr != nil {
+		return results.ScansErr
+	}
 	// Only in case Xray's context was given (!auditCmd.IncludeVulnerabilities), and the user asked to fail the build accordingly, do so.
-	if auditCmd.Fail && !auditCmd.IncludeVulnerabilities && xrayutils.CheckIfFailBuild(auditResults.GetScaScansXrayResults()) {
+	if auditCmd.Fail && !auditCmd.IncludeVulnerabilities && xrayutils.CheckIfFailBuild(results.GetScaScansXrayResults()) {
 		err = xrayutils.NewFailBuildError()
 	}
 	return