Recursive scan integration test (#2416)

go.mod

@@ -128,7 +128,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240110073910-2461fe7e7b4f
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240116074500-2653d8805fcc
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20231220102935-c8776c613ad8
 

go.sum

@@ -135,8 +135,8 @@ github.com/jfrog/gofrog v1.5.0 h1:OLaXpNaEniliE4Kq8lJ5evVYzzt3zdYtpMIBu6TO++c=
 github.com/jfrog/gofrog v1.5.0/go.mod h1:wQqagqq2VpuCWRPlq/65GbH9gsRz+7Bgc1Q+PKD4Y+k=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240110073910-2461fe7e7b4f h1:UETEUtFCOm0bhd7AeRgaf9QxPsSgnPgHgjfo7OHOOXQ=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240110073910-2461fe7e7b4f/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240116074500-2653d8805fcc h1:YAW8UfyS3lKchgXgPMSYIIrUu0q4FM3ovpNc3Mc0/1A=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240116074500-2653d8805fcc/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII=
 github.com/jfrog/jfrog-client-go v1.35.6 h1:nVS94x6cwSRkhtj8OM3elbUcGgQhqsK8YMPvC/gf5sk=
 github.com/jfrog/jfrog-client-go v1.35.6/go.mod h1:V+XKC27k6GA5OcWIAItpnxZAZnCigg8xCkpXKP905Fk=
 github.com/jszwec/csvutil v1.9.0 h1:iTmq9G1P0e+AUq/MkFg6tetJ+1BH3fOX8Xi0RAcwiGc=

xray_test.go

@@ -1123,3 +1123,40 @@ func clearOrRedirectLocalCacheIfNeeded(t *testing.T, projectType project.Project
 	}
 	return
 }
+
+func TestXrayRecursiveScan(t *testing.T) {
+	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
+
+	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
+	defer createTempDirCallback()
+
+	// Creating an inner NPM project
+	npmDirPath, err := os.MkdirTemp(tempDirPath, "npm-project")
+	assert.NoError(t, err)
+	npmProjectToCopyPath := filepath.Join("testdata", "npm", "npmproject")
+	assert.NoError(t, biutils.CopyDir(npmProjectToCopyPath, npmDirPath, true, nil))
+
+	// Creating an inner .NET project
+	dotnetDirPath, err := os.MkdirTemp(tempDirPath, "dotnet-project")
+	assert.NoError(t, err)
+	dotnetProjectToCopyPath := filepath.Join("testdata", "nuget", "simple-dotnet")
+	assert.NoError(t, biutils.CopyDir(dotnetProjectToCopyPath, dotnetDirPath, true, nil))
+
+	curWd, err := os.Getwd()
+	assert.NoError(t, err)
+
+	chDirCallback := clientTestUtils.ChangeDirWithCallback(t, curWd, tempDirPath)
+	defer chDirCallback()
+
+	// We anticipate the execution of a recursive scan to encompass both the inner NPM project and the inner .NET project.
+	output := xrayCli.RunCliCmdWithOutput(t, "audit", "--format=json")
+
+	// We anticipate the identification of five vulnerabilities: four originating from the .NET project and one from the NPM project.
+	verifyJsonScanResults(t, output, 0, 5, 0)
+
+	var results []services.ScanResponse
+	err = json.Unmarshal([]byte(output), &results)
+	assert.NoError(t, err)
+	// We anticipate receiving an array with a length of 2 to confirm that we have obtained results from two distinct inner projects.
+	assert.Len(t, results, 2)
+}