Update Xray lib to 1.3.0 (#707)

Author: attiasas

git_test.go

@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/jfrog/jfrog-cli-core/v2/common/format"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-security/commands/git/contributors"
 	"github.com/jfrog/jfrog-cli-security/policy"
 	securityTests "github.com/jfrog/jfrog-cli-security/tests"
@@ -109,6 +110,10 @@ func TestGitAuditSimpleJson(t *testing.T) {
 func TestGitAuditStaticScaSimpleJson(t *testing.T) {
 	// XRAY-136444 will be fixed in 3.141.7
 	integration.InitAuditNewScaTests(t, "3.141.7")
+	if coreutils.IsWindows() {
+		// On windows tests are failing due to the bug in Xray Server, should be fixed at XRAY-138079
+		securityTestUtils.SkipTestIfDurationNotPassed(t, "26-03-2026", 14, "Bug in Xray Server, should be fixed at XRAY-138079")
+	}
 
 	xrayVersion := integration.GetAndValidateXrayVersion(t, securityUtils.StaticScanMinVersion)
 

sca/bom/xrayplugin/plugin/plugin.go

@@ -24,7 +24,7 @@ import (
 
 const (
 	xrayLibPluginVersionEnvVariable = "JFROG_CLI_XRAY_LIB_PLUGIN_VERSION"
-	defaultXrayLibPluginVersion     = "1.2.0"
+	defaultXrayLibPluginVersion     = "1.3.0"
 
 	SnippetDetectionEnvVariable = "JFROG_XRAY_SNIPPET_SCAN_ENABLE"
 
@@ -76,11 +76,12 @@ type ScannerRPCServer struct {
 }
 
 // CreateScannerPluginClient creates a plugin client. When not in CI and log level is DEBUG, plugin stderr is written
-// to a log file under JFrog home (logs/xrayPluginLogs/)
-func CreateScannerPluginClient(scangBinary string, envVars map[string]string) (scanner Scanner, logPath string, err error) {
+// to a log file under JFrog home (logs/xrayPluginLogs/).
+// The returned cleanup function must be called when the scanner is no longer needed to terminate the plugin subprocess.
+func CreateScannerPluginClient(scangBinary string, envVars map[string]string) (scanner Scanner, logPath string, cleanup func(), err error) {
 	stderrWriter, logPath, err := getPluginLogger()
 	if err != nil {
-		return nil, "", err
+		return nil, "", nil, err
 	}
 	clientConfig := &goplugin.ClientConfig{
 		HandshakeConfig: PluginHandshakeConfig,
@@ -103,19 +104,19 @@ func CreateScannerPluginClient(scangBinary string, envVars map[string]string) (s
 	}()
 	rpcClient, err := client.Client()
 	if err != nil {
-		return nil, "", err
+		return nil, "", nil, err
 	}
 	// Wait for the plugin to complete the handshake
 	raw, err := rpcClient.Dispense(pluginName)
 	if err != nil {
-		return nil, "", err
+		return nil, "", nil, err
 	}
 	// Assert that the plugin is of type Scanner
 	scanPlugin, ok := raw.(Scanner)
 	if !ok {
-		return nil, "", fmt.Errorf("plugin is not of type of Xray-Lib plugin, expected Scanner, got %T", raw)
+		return nil, "", nil, fmt.Errorf("plugin is not of type of Xray-Lib plugin, expected Scanner, got %T", raw)
 	}
-	return scanPlugin, logPath, nil
+	return scanPlugin, logPath, client.Kill, nil
 }
 
 func getPluginLogger() (writer io.Writer, logPath string, err error) {

sca/bom/xrayplugin/xraylibbom.go

@@ -104,10 +104,11 @@ func (sbg *XrayLibBomGenerator) GenerateSbom(target results.ScanTarget) (sbom *c
 	log.Debug(fmt.Sprintf("Using Xray-Lib executable at: %s", binaryPath))
 	startTime := time.Now()
 	envVars := sbg.getPluginEnvVars()
-	scanner, logPath, err := plugin.CreateScannerPluginClient(binaryPath, envVars)
+	scanner, logPath, killPlugin, err := plugin.CreateScannerPluginClient(binaryPath, envVars)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create Xray-Lib plugin client: %w", err)
 	}
+	defer killPlugin()
 	startLog := "Generating SBOM"
 	if sbg.totalTargets > 1 {
 		startLog += fmt.Sprintf(" for target: %s", target.Target)