Merge branch 'main' into fix/AST-105531

cx-anurag-dalke · web-flow · commit 218533e9294d · 2025-08-06T15:36:48.000+05:30
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -51,6 +51,29 @@ jobs:
           chmod +x ./.github/scripts/update_cli.sh
           ./.github/scripts/update_cli.sh ${{ inputs.cliTag }}
 
+      - name: Extract CLI version
+        id: extract_cli_version
+        run: |
+          CLI_VERSION=$(./src/main/resources/cx-linux version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+')
+          echo "CLI version being packed is $CLI_VERSION"
+          echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV
+          echo "::set-output name=CLI_VERSION::$CLI_VERSION"
+
+      - name: Check if CLI version is latest
+        if: ${{ github.event.inputs.dev == 'false' && !github.event.inputs.cliTag && github.ref == 'refs/heads/main' }}
+        id: check_latest_cli_version
+        run: |
+          LATEST_CLI_VERSION=$(curl -s https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+          echo "CLI_VERSION=[$CLI_VERSION]"
+          echo "LATEST_CLI_VERSION=[$LATEST_CLI_VERSION]"
+          echo "Latest CLI version from GitHub: $LATEST_CLI_VERSION"
+          if [ "$CLI_VERSION" = "$LATEST_CLI_VERSION" ]; then
+            echo "CLI_VERSION ($CLI_VERSION) matches the latest released version ($LATEST_CLI_VERSION). Proceeding."
+          else
+            echo "CLI_VERSION ($CLI_VERSION) does not match the latest released version ($LATEST_CLI_VERSION). Failing workflow."
+            exit 1
+          fi    
+
       - name: Tag
         id: set_tag_name
         run: |
@@ -77,7 +100,7 @@ jobs:
         with:
           java-version: '11'
           distribution: 'temurin'
-          server-id: ossrh
+          server-id: central
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
           gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
@@ -94,14 +117,6 @@ jobs:
           fi
           echo "AID_PROP=${prop}" >> $GITHUB_ENV
 
-      - name: Extract CLI version
-        id: extract_cli_version
-        run: |
-          CLI_VERSION=$(./src/main/resources/cx-linux version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+')
-          echo "CLI version being packed is $CLI_VERSION"
-          echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV
-          echo "::set-output name=CLI_VERSION::$CLI_VERSION"
-
       - name: Publish package
         run: mvn --batch-mode deploy -DskipTests ${{ env.AID_PROP }}
         env:
@@ -138,4 +153,4 @@ jobs:
       cli_version: ${{ needs.release.outputs.CLI_VERSION }}
       is_cli_release: false
       is_java_release: true
-    secrets: inherit
+    secrets: inherit
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -2,4 +2,4 @@
 # Each line is a file pattern followed by one or more owners
 
 # Specify the default owners for the entire repository
-*       @greensd4 @AlvoBen @pedrompflopes
+*       @cx-anurag-dalke @cx-anand-nandeshwar @cx-atish-jadhav
diff --git a/checkmarx-ast-cli.version b/checkmarx-ast-cli.version
@@ -1 +1 @@
-2.3.19
+2.3.28
diff --git a/pom.xml b/pom.xml
@@ -165,17 +165,17 @@
                 </executions>
             </plugin>
             <plugin>
-                <groupId>org.sonatype.plugins</groupId>
-                <artifactId>nexus-staging-maven-plugin</artifactId>
-                <version>1.6.13</version>
+                <groupId>org.sonatype.central</groupId>
+                <artifactId>central-publishing-maven-plugin</artifactId>
+                <version>0.8.0</version>
                 <extensions>true</extensions>
                 <configuration>
-                    <serverId>ossrh</serverId>
-                    <nexusUrl>https://oss.sonatype.org/</nexusUrl>
-                    <autoReleaseAfterClose>true</autoReleaseAfterClose>
-                    <stagingProgressTimeoutMinutes>10</stagingProgressTimeoutMinutes>
+                    <publishingServerId>central</publishingServerId>
+                    <autoPublish>true</autoPublish> <!-- Optional -->
                 </configuration>
             </plugin>
+
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
@@ -199,17 +199,15 @@
         </plugins>
     </build>
 
+
     <distributionManagement>
-        <snapshotRepository>
-            <id>ossrh</id>
-            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-        </snapshotRepository>
         <repository>
-            <id>ossrh</id>
-            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+            <id>central</id>
+            <url>https://central.sonatype.com/api/v1/publish</url>
         </repository>
     </distributionManagement>
 
+
     <licenses>
         <license>
             <name>MIT License</name>
@@ -230,8 +228,8 @@
 
     <developers>
         <developer>
-            <name>Jay Nanduri</name>
-            <email>jay.nanduri@checkmarx.com</email>
+            <name>Anand Nandeshwar</name>
+            <email>anand.nandeshwar@checkmarx.com</email>
             <organization>Checkmarx</organization>
             <organizationUrl>https://www.checkmarx.com/</organizationUrl>
         </developer>
diff --git a/src/main/java/com/checkmarx/ast/results/result/ScaPackageData.java b/src/main/java/com/checkmarx/ast/results/result/ScaPackageData.java
@@ -20,20 +20,26 @@ public class ScaPackageData {
     boolean outdated;
     boolean supportsQuickFix;
     String typeOfDependency;
+    boolean isDevelopmentDependency;
+    boolean isTestDependency;
 
 
     public ScaPackageData(@JsonProperty("Id") String id,
                           @JsonProperty("fixLink") String fixLink,
                           @JsonProperty("dependencyPaths") List<List<DependencyPath>> dependencyPaths,
                           @JsonProperty("outdated") boolean outdated,
                           @JsonProperty("supportsQuickFix") boolean supportsQuickFix,
-                          @JsonProperty("typeOfDependency") String typeOfDependency) {
+                          @JsonProperty("typeOfDependency") String typeOfDependency,
+                          @JsonProperty("isDevelopmentDependency") boolean isDevelopmentDependency,
+                          @JsonProperty("isTestDependency") boolean isTestDependency) {
 
         Id = id;
         this.fixLink = fixLink;
         this.dependencyPaths = dependencyPaths;
         this.outdated = outdated;
         this.supportsQuickFix = supportsQuickFix;
         this.typeOfDependency = typeOfDependency;
+        this.isDevelopmentDependency = isDevelopmentDependency;
+        this.isTestDependency = isTestDependency;
     }
 }
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxConfig.java b/src/main/java/com/checkmarx/ast/wrapper/CxConfig.java
@@ -5,6 +5,7 @@
 import lombok.Data;
 import lombok.Setter;
 import org.apache.commons.lang3.StringUtils;
+
 import java.util.ArrayList;
 import java.util.List;
 import java.util.regex.Matcher;
@@ -33,7 +34,15 @@ public void setAdditionalParameters(String additionalParameters) {
     List<String> toArguments() {
         List<String> commands = new ArrayList<>();
 
-        if (StringUtils.isNotBlank(getApiKey())) {
+        if (StringUtils.isNotBlank(getClientId()) && StringUtils.isNotBlank(getApiKey())) {
+            /*
+             * Added dynamic client-id support for refresh_token grant flow
+             */
+            commands.add(CxConstants.CLIENT_ID);
+            commands.add(getClientId());
+            commands.add(CxConstants.API_KEY);
+            commands.add(getApiKey());
+        } else if (StringUtils.isNotBlank(getApiKey())) {
             commands.add(CxConstants.API_KEY);
             commands.add(getApiKey());
         } else if (StringUtils.isNotBlank(getClientId()) && StringUtils.isNotBlank(getClientSecret())) {
diff --git a/src/main/resources/cx-linux b/src/main/resources/cx-linux
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:9eae11d84cb766a5df14ce5e9d57013268f3d687484cf2a4d67595c419a4a762
-size 73937080
+oid sha256:1d2436e1fef7dd4841a003697702e52e2cdc3f3fba74e2196cebe5d7992f9d4f
+size 76206264
diff --git a/src/main/resources/cx-linux-arm b/src/main/resources/cx-linux-arm
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:d8aadaf3d739ad13957ec37b5afe462fd824283adb53cf8e4c2c4b1b048348d9
-size 70582456
+oid sha256:e41b066ccc5dd4281a134518b3ece5ac6c17f229c9a7844493371ac3936a94a4
+size 72745144
diff --git a/src/main/resources/cx-mac b/src/main/resources/cx-mac
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:68cb8baeb6eb68cff07440c2dd142b5a3cf53b2d12c4ca98dd01d0a95a4f9370
-size 148816000
+oid sha256:4764f25769b820906cf09c6b3281f2b1df7c021f9063aef983f2aac0c48e39bc
+size 153324992
diff --git a/src/main/resources/cx.exe b/src/main/resources/cx.exe
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b073010a1e360028fcc2eee56d1a7376be36459a2ea1a27c0a516a227a334943
-size 75835264
+oid sha256:7968c2c1ec4e6264e91324f649f2bb44db04e53ce20f90f3a77c56abf2525664
+size 78184384
