Add Third party contextual analysis flag (#2196)

go.mod

@@ -130,5 +130,3 @@ replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2
 // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27
 
 replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230913143831-14d189a3280f
-
-// replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38

scan/cli.go

@@ -258,7 +258,8 @@ func createAuditCmd(c *cli.Context) (*audit.AuditCommand, error) {
 		SetFail(c.BoolT("fail")).
 		SetPrintExtendedTable(c.Bool(cliutils.ExtendedTable)).
 		SetMinSeverityFilter(minSeverity).
-		SetFixableOnly(c.Bool(cliutils.FixableOnly))
+		SetFixableOnly(c.Bool(cliutils.FixableOnly)).
+		SetThirdPartyApplicabilityScan(c.Bool(cliutils.ThirdPartyContextualAnalysis))
 
 	if c.String("watches") != "" {
 		auditCmd.SetWatches(splitByCommaAndTrim(c.String("watches")))

utils/cliutils/commandsflags.go

@@ -458,19 +458,20 @@ const (
 	BypassArchiveLimits = "bypass-archive-limits"
 
 	// Audit commands
-	auditPrefix      = "audit-"
-	useWrapperAudit  = auditPrefix + UseWrapper
-	ExcludeTestDeps  = "exclude-test-deps"
-	DepType          = "dep-type"
-	RequirementsFile = "requirements-file"
-	watches          = "watches"
-	workingDirs      = "working-dirs"
-	repoPath         = "repo-path"
-	licenses         = "licenses"
-	vuln             = "vuln"
-	ExtendedTable    = "extended-table"
-	MinSeverity      = "min-severity"
-	FixableOnly      = "fixable-only"
+	auditPrefix                  = "audit-"
+	useWrapperAudit              = auditPrefix + UseWrapper
+	ExcludeTestDeps              = "exclude-test-deps"
+	DepType                      = "dep-type"
+	ThirdPartyContextualAnalysis = "third-party-contextual-analysis"
+	RequirementsFile             = "requirements-file"
+	watches                      = "watches"
+	workingDirs                  = "working-dirs"
+	repoPath                     = "repo-path"
+	licenses                     = "licenses"
+	vuln                         = "vuln"
+	ExtendedTable                = "extended-table"
+	MinSeverity                  = "min-severity"
+	FixableOnly                  = "fixable-only"
 	// *** Mission Control Commands' flags ***
 	missionControlPrefix = "mc-"
 	curationThreads      = "curation-threads"
@@ -1634,6 +1635,11 @@ var flagsMap = map[string]cli.Flag{
 		Name:  dryRun,
 		Usage: "[Default: false] Set to true to only simulate the distribution of the release bundle.` `",
 	},
+	ThirdPartyContextualAnalysis: cli.BoolFlag{
+		Name:   ThirdPartyContextualAnalysis,
+		Usage:  "Default: false] [npm] when set, the Contextual Analysis scan also uses the code of the project dependencies to determine the applicability of the vulnerability.",
+		Hidden: true,
+	},
 }
 
 var commandFlags = map[string][]string{
@@ -1934,7 +1940,7 @@ var commandFlags = map[string][]string{
 	},
 	Audit: {
 		xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, ExcludeTestDeps,
-		useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly,
+		useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis,
 	},
 	AuditMvn: {
 		xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, useWrapperAudit,