send commit info, send evaluate

go.mod

@@ -118,13 +118,15 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-//replace github.com/jfrog/jfrog-cli-security => github.com/orto17/jfrog-cli-security v0.0.0-20250106071330-575521ecca16
+replace github.com/jfrog/jfrog-cli-security => github.com/orto17/jfrog-cli-security v0.0.0-20250106071330-575521ecca16
+//replace github.com/jfrog/jfrog-cli-security => ../jfrog-cli-security
 
 replace github.com/jfrog/jfrog-cli-core/v2 => github.com/orto17/jfrog-cli-core/v2 v2.0.0-20250106064835-4987fc040d3d
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev
 
-replace github.com/jfrog/jfrog-client-go => github.com/orto17/jfrog-client-go v0.0.0-20250105135705-d0d16a2c04fa
+replace github.com/jfrog/jfrog-client-go => /github.com/orto17/jfrog-client-go v0.0.0-20250105135705-d0d16a2c04fa
+//replace github.com/jfrog/jfrog-client-go => ../jfrog-client-go //github.com/orto17/jfrog-client-go v0.0.0-20250105135705-d0d16a2c04fa
 
 replace github.com/jfrog/froggit-go => github.com/orto17/froggit-go v0.0.0-20250113090427-0a3d80025d0c
 

go.sum

@@ -190,6 +190,7 @@ github.com/orto17/froggit-go v0.0.0-20250113090427-0a3d80025d0c h1:cy2uZ2sQTRxaV
 github.com/orto17/froggit-go v0.0.0-20250113090427-0a3d80025d0c/go.mod h1:5VpdQfAcbuyFl9x/x8HGm7kVk719kEtW/8YJFvKcHPA=
 github.com/orto17/jfrog-cli-core/v2 v2.0.0-20250106064835-4987fc040d3d h1:FS4HhBj3d8qFmLcIqMUsqpWUFJ800919w7aJA3yprLM=
 github.com/orto17/jfrog-cli-core/v2 v2.0.0-20250106064835-4987fc040d3d/go.mod h1:LfKvCRXbvwgE0V6aX3/GabkzCedghXq0Y6lmsEuxr44=
+github.com/orto17/jfrog-cli-security v0.0.0-20250106071330-575521ecca16/go.mod h1:L0NSfgYh8GPpI7upJXQ5lxl8MDhORj+9r+r4aC+vz5I=
 github.com/orto17/jfrog-client-go v0.0.0-20250105135705-d0d16a2c04fa h1:1gfSR4cS3AngC3PPC5YQRh2cdjaoWy7vKLZwdb6O7YU=
 github.com/orto17/jfrog-client-go v0.0.0-20250105135705-d0d16a2c04fa/go.mod h1:2ySOMva54L3EYYIlCBYBTcTgqfrrQ19gtpA/MWfA/ec=
 github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U=

scanpullrequest/scanpullrequest.go

@@ -4,8 +4,8 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"github.com/jfrog/frogbot/v2/utils/application"
 	"os"
+	"strconv"
 
 	"github.com/jfrog/frogbot/v2/utils"
 	"github.com/jfrog/frogbot/v2/utils/issues"
@@ -16,7 +16,9 @@ import (
 	"github.com/jfrog/jfrog-cli-security/utils/jasutils"
 	"github.com/jfrog/jfrog-cli-security/utils/results"
 	"github.com/jfrog/jfrog-cli-security/utils/results/conversion"
+	"github.com/jfrog/jfrog-cli-security/utils/unifiedpolicy"
 	"github.com/jfrog/jfrog-cli-security/utils/xsc"
+	evaluate "github.com/jfrog/jfrog-client-go/unifiedpolicy/services"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/jfrog/jfrog-client-go/xray/services"
 )
@@ -153,8 +155,7 @@ func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient)
 		utils.CreateScanEvent(scanDetails.ServerDetails, nil, analyticsScanPrScanType),
 	)
 
-	applicationService := application.NewApplicationManager(client, repoConfig.Git)
-	commitInfo, err := applicationService.CreateApplicationCommitInfo()
+	err = utils.SendCommitInfo(scanDetails)
 	if err != nil {
 		return
 	}
@@ -177,9 +178,30 @@ func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient)
 		issuesCollection.Append(projectIssues)
 	}
 	resultContext = scanDetails.ResultContext
+
+	err = sendUnifiedPolicyEvaluationRequest(scanDetails, err)
 	return
 }
 
+func sendUnifiedPolicyEvaluationRequest(scanDetails *utils.ScanDetails, err error) error {
+	evaluateRequest := &evaluate.EvaluateRequest{
+		Action: "application:pr",
+		Context: evaluate.Context{
+			Stage: "development",
+		},
+		Resource: evaluate.Resource{
+			ApplicationKey: scanDetails.ApplicationKey,
+			Type:           "pr",
+			MultiScanId:    scanDetails.MultiScanId,
+			GitRepoUrl:     scanDetails.Git.RepositoryCloneUrl,
+			PullRequestId:  strconv.FormatInt(scanDetails.Git.PullRequestDetails.ID, 10),
+		},
+	}
+	// currently we will not be using the unified policy decision, as we are still running the traditional policies and watches flow.
+	_, err = unifiedpolicy.Evaluate(scanDetails.ServerDetails, evaluateRequest)
+	return err
+}
+
 func auditPullRequestInProject(repoConfig *utils.Repository, scanDetails *utils.ScanDetails) (auditIssues *issues.ScansIssuesCollection, err error) {
 	// Download source branch
 	sourcePullRequestInfo := scanDetails.PullRequestDetails.Source

utils/application.go

@@ -0,0 +1,37 @@
+package utils
+
+import (
+	"context"
+	"github.com/jfrog/jfrog-cli-security/utils/application"
+	"github.com/jfrog/jfrog-client-go/application/services"
+	"strings"
+)
+
+func SendCommitInfo(scanDetails *ScanDetails) (err error) {
+	latestCommit, err := scanDetails.client.GetLatestCommit(context.Background(), scanDetails.Git.PullRequestDetails.Source.Owner,
+		scanDetails.Git.PullRequestDetails.Source.Repository, scanDetails.Git.PullRequestDetails.Source.Name)
+	if err != nil {
+		return
+	}
+	changedFiles, err := scanDetails.client.GetModifiedFiles(context.Background(), scanDetails.Git.PullRequestDetails.Source.Owner,
+		scanDetails.Git.PullRequestDetails.Source.Repository, latestCommit.Hash, latestCommit.ParentHashes[0])
+	if err != nil {
+		return
+	}
+	commitInfo := services.CreateApplicationCommitInfo{
+		GitRepoUrl:     scanDetails.Git.RepositoryCloneUrl,
+		CommitHash:     latestCommit.Hash,
+		ParentHash:     latestCommit.ParentHashes[0],
+		Branch:         scanDetails.Git.PullRequestDetails.Source.Name,
+		AuthorEmail:    latestCommit.AuthorEmail,
+		AuthorName:     latestCommit.AuthorName,
+		AuthorDate:     latestCommit.AuthorDate,
+		CommitterDate:  latestCommit.Timestamp,
+		CommitterName:  latestCommit.CommitterName,
+		CommitterEmail: latestCommit.CommitterEmail,
+		MessageSubject: latestCommit.Message,
+		ChangedFiles:   []byte(strings.Join(changedFiles, ",")),
+	}
+
+	return application.SendCommitInfo(scanDetails.ApplicationKey, scanDetails.ServerDetails, commitInfo)
+}