Add configuration parameter for checking remote only repositories

Author: samsnyk

core/src/main/groovy/io/snyk/plugins/artifactory/snykSecurityPlugin.properties

@@ -68,9 +68,14 @@ snyk.api.organization=
 
 # A delay in number of days since the package was last modified in Artifactory. Any packages that were modified more recently
 # than the current time minus the number of days in this configuration will be blocked from download. The use case is to prevent
-# packages that may contain zero-day vulnerabilities from being introduced to a consumer.
+# packages that may contain zero-day vulnerabilities from being introduced to a consumer. 
+# Default: 0
 #snyk.scanner.lastModified.days
 
+# If remoteOnly is set to true, only check lastModified for packages contained in remote repositories.
+# Default: true
+#snyk.scanner.lastModified.remoteOnly
+
 # By default, if Snyk API fails while scanning an artifact for any reason, the download will be allowed.
 # Setting this property to "true" will block downloads when Snyk API fails.
 # Accepts: "true", "false"

core/src/main/java/io/snyk/plugins/artifactory/configuration/PluginConfiguration.java

@@ -33,7 +33,8 @@ public enum PluginConfiguration implements Configuration {
   TEST_CONTINUOUSLY("snyk.scanner.test.continuously","false"),
   TEST_FREQUENCY_HOURS("snyk.scanner.frequency.hours", "168"),
   EXTEND_TEST_DEADLINE_HOURS("snyk.scanner.extendTestDeadline.hours", "24"),
-  SCANNER_LAST_MODIFIED_DELAY_DAYS("snyk.scanner.lastModified.days", "0");
+  SCANNER_LAST_MODIFIED_DELAY_DAYS("snyk.scanner.lastModified.days", "0"),
+  SCANNER_LAST_MODIFIED_CHECK_ONLY_REMOTE("snyk.scanner.lastModified.remoteOnly", "true");
 
   private final String propertyKey;
   private final String defaultValue;

core/src/main/java/io/snyk/plugins/artifactory/scanner/ScannerModule.java

@@ -100,7 +100,7 @@ private void filter(MonitoredArtifact artifact) {
     Instant lastModifiedDate = getLastModifiedDate(repoPath);
 
     // Only apply lastModifiedDate to packages from remote repositories.
-    if(!isRemoteRepository(repoPath)) {
+    if(lastModifiedDateRemoteOnly() && !isRemoteRepository(repoPath)) {
       lastModifiedDate = null;
     }
     return new MonitoredArtifact(repoPath.toString(), testResult, ignores, lastModifiedDate);
@@ -133,6 +133,10 @@ private boolean shouldTestContinuously() {
     return configurationModule.getPropertyOrDefault(PluginConfiguration.TEST_CONTINUOUSLY).equals("true");
   }
 
+  private boolean lastModifiedDateRemoteOnly() {
+    return configurationModule.getPropertyOrDefault(PluginConfiguration.SCANNER_LAST_MODIFIED_CHECK_ONLY_REMOTE).equals("true");
+  }
+
   private Duration durationHoursProperty(PluginConfiguration property, ConfigurationModule configurationModule) {
     return Duration.ofHours(Integer.parseInt(configurationModule.getPropertyOrDefault(property)));
   }