SCAN-5649 : Use version 2.0.0 of local scanner.

Author: steviemul

.gitignore

@@ -1,2 +1,7 @@
 node_modules
+target
+log
+results.sarif
+scan-summary.json
+.contrast-scan/
 .vscode

Dockerfile

@@ -1,12 +1,12 @@
 FROM alpine:3.21.3
 
 RUN apk upgrade && \
-  apk add nodejs npm openjdk11-jre-headless tar zstd
+  apk add nodejs npm openjdk21-jre-headless tar zstd
 
 COPY package.json /contrast-local-scanner/package.json
 RUN cd /contrast-local-scanner && npm i --production
 
-ENV ACTIONS_CACHE_SERVICE_V2 true
+ENV ACTIONS_CACHE_SERVICE_V2=true
 
 COPY src /contrast-local-scanner/src
 

package-lock.json

@@ -19,7 +19,7 @@
     "eslint-plugin-import": "^2.28.1",
     "eslint-plugin-prettier": "^5.1.3",
     "prettier": "^3.1.1",
-    "release-it": "^18.1.2"
+    "release-it": "^19.0.3"
   },
   "scripts": {
     "lint": "eslint src",

package.json

@@ -0,0 +1,6 @@
+{
+  "ref": "refs/local/test",
+  "repository": {
+    "default_branch": "test"
+  }
+}

scripts/github-event.json

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# INPUT_${var} where var corresponds to those defined in action.yml uppercased
+#
+# Other env vars are those normally passed in by the github actions runner
+# as defined here https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+
+file=.
+project=contrast-local-scan-action-test
+
+while getopts "f:p:" opt; do
+  case $opt in
+	  f) file="$OPTARG" ;;
+	  p) project="$OPTARG" ;;
+  esac
+done
+
+docker run \
+  -e INPUT_APIURL=$CONTRAST__API__URL \
+  -e INPUT_APIUSERNAME=$CONTRAST__API__USER_NAME \
+  -e INPUT_APIKEY=$CONTRAST__API__API_KEY \
+  -e INPUT_APISERVICEKEY=$CONTRAST__API__SERVICE_KEY \
+  -e INPUT_APIORGID=$CONTRAST__API__ORGANIZATION \
+  -e INPUT_DEFAULTBRANCH=false \
+  -e INPUT_CHECKS=false \
+  -e INPUT_CODEQUALITY=false \
+  -e INPUT_LABEL="local-test" \
+  -e INPUT_TOKEN=unknown \
+  -e INPUT_PROJECTNAME=$project \
+  -e INPUT_RESOURCEGROUP=scan \
+  -e ACTIONS_RUNTIME_TOKEN=unknown \
+  -e RUNNER_TEMP=/tmp \
+  -e GITHUB_JOB="local-test" \
+  -e GITHUB_REF="refs/local/test" \
+  -e GITHUB_SHA=c9f043b \
+  -e GITHUB_EVENT_NAME="push" \
+  -e GITHUB_REPOSITORY=contrast-local-scan-action-test \
+  -e GITHUB_REPOSITORY_OWNER=Contrast-Security-OSS \
+  -e GITHUB_REPOSITORY_OWNER_ID=1 \
+  -e GITHUB_RUN_ID=1 \
+  -e GITHUB_RUN_NUMBER=1 \
+  -e GITHUB_WORKSPACE=/workspace \
+  -e GITHUB_EVENT_PATH=/github/github-event.json \
+  -w /workspace \
+  -v ./target:/root/contrast-local-scanner/ \
+  -v ./scripts/github-event.json:/github/github-event.json \
+  -v $file:/workspace \
+  $(docker build -q .)
+  

scripts/run-container-locally.sh

@@ -36,6 +36,14 @@ async function startCheck() {
 }
 
 function getOutputModel(details) {
+
+  if (!details) {
+    return {
+      conclusion: "action_required",
+      report: "Local scan completed with error, please see logs for details"
+    };
+  }
+
   return {
     conclusion: details.thresholdResults > 0 ? "action_required" : "success",
     report: buildReport(details),

src/checks.js

@@ -89,7 +89,7 @@ const ref = getRef();
 const label = core.getInput("label") || ref;
 
 // Pinning the local scanner version
-const localScannerVersion = "1.1.8";
+const localScannerVersion = "2.0.0";
 
 const memory = core.getInput("memory");
 const path = core.getInput("path") || process.env.GITHUB_WORKSPACE;

src/config.js

@@ -9,6 +9,8 @@ const { localScannerVersion } = require("./config");
 const CONTRAST_LOCAL_SCANNER = "contrast-local-scanner";
 const LOCAL_SCANNER_PATH = `${process.env.HOME}/${CONTRAST_LOCAL_SCANNER}`;
 const LOCAL_SCANNER_CACHE_KEY = `${CONTRAST_LOCAL_SCANNER}-${localScannerVersion}`;
+const JAR_NAME = `sast-local-scan-runner-${localScannerVersion}.jar`;
+const JAR_FULL_PATH = path.join(LOCAL_SCANNER_PATH, JAR_NAME);
 
 async function getLocalScannerArtifact(version) {
   const artifacts = await getArtifacts(version);
@@ -48,7 +50,13 @@ async function saveCache() {
 }
 
 async function getLocalScannerPath() {
-  core.info(`Checking if ${CONTRAST_LOCAL_SCANNER} previously cached.`);
+
+  if (fs.existsSync(JAR_FULL_PATH)) {
+    core.info(`${CONTRAST_LOCAL_SCANNER} exists locally`);
+    return JAR_FULL_PATH;
+  }
+
+  core.info(`${JAR_FULL_PATH} not found locally, checking if exists in cache.`);
 
   const cacheKey = await restoreCache();
 

src/local-scanner.js

@@ -3,7 +3,13 @@ const core = require("@actions/core");
 
 const { apiApiKey, apiAuthHeader, apiBaseUrl } = require("./config");
 
-const httpClient = new httpm.HttpClient();
+const httpClient = new httpm.HttpClient(
+  'contrast-local-scan-action', // Sets user-agent
+  [],
+  {
+    allowRedirects: false
+  }
+);
 
 async function request(path) {
   const response = await httpClient.getJson(`${apiBaseUrl}/${path}`, {