From eb80dca126a530a3769c2c93ebc971f8fcbcdb23 Mon Sep 17 00:00:00 2001
From: Sven Dolderer <sven.dolderer@mercedes-benz.com>
Date: Thu, 26 Sep 2024 17:37:48 +0200
Subject: [PATCH 1/7] client: label functionality added #3459

For these actions:
- listJobs
- getReport
- getStatus
---
 .../mercedes-benz.com/sechub/cli/config.go    |  2 +-
 .../sechub/cli/context-initializer.go         | 12 ++++---
 .../src/mercedes-benz.com/sechub/cli/job.go   |  8 ++++-
 .../mercedes-benz.com/sechub/cli/labels.go    |  4 ---
 .../sechub/cli/labels_test.go                 | 34 +++++++++++++++++++
 .../sechub/cli/urlbuilder.go                  | 12 +++++++
 .../sechub/cli/urlbuilder_test.go             | 25 ++++++++++++++
 7 files changed, 87 insertions(+), 10 deletions(-)

diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/config.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/config.go
index 2849f1da65..6a5e0c60cd 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/config.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/config.go
@@ -85,7 +85,7 @@ func prepareOptionsFromCommandline(config *Config) {
 		fileOption, "", "Defines file to read from for actions '"+defineFalsePositivesAction+"', '"+markFalsePositivesAction+"', '"+interactiveMarkFalsePositivesAction+"', '"+unmarkFalsePositivesAction+"'")
 	flag.StringVar(&config.secHubJobUUID,
 		jobUUIDOption, "", "SecHub job uuid - Optional for actions '"+getStatusAction+"' or '"+getReportAction+"'")
-	flag.Func(labelOption, "Define a `SecHub label` for the scan job. (Example: \"key1=value1\") Repeat to define multiple labels.", func(s string) error {
+	flag.Func(labelOption, "Define a `SecHub label` for scan or for list filtering. (Example: \"key1=value1\") Repeat to define multiple labels.", func(s string) error {
 		var err error
 		config.labels, err = addLabelToList(config.labels, s, true)
 		if err != nil {
diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/context-initializer.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/context-initializer.go
index 965c608672..7891d7a281 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/context-initializer.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/context-initializer.go
@@ -20,13 +20,17 @@ func InitializeContext() *Context {
 	printLogoWithVersion(context)
 
 	/* load configuration file - maybe there are some settings normally done by cli arguments too */
-	if context.config.action != showHelpAction {
+	if context.config.action != showHelpAction && context.config.action != showVersionAction {
 		loadConfigFile(context)
 	}
 
-	// Add labels defined via cmdline args or env var to config JSON (only for scan jobs)
-	if len(context.config.labels) > 0 && (context.config.action == scanAction || context.config.action == scanAsynchronAction) {
-		err := applyLabelsToConfigJson(context)
+	// Add labels defined via cmdline args or env var to config JSON (only for job related client actions)
+	if context.config.action == scanAction ||
+	   context.config.action == scanAsynchronAction ||
+		 context.config.action == listJobsAction ||
+		 context.config.action == getReportAction ||
+		 context.config.action == getStatusAction {
+			err := applyLabelsToConfigJson(context)
 		if err != nil {
 			sechubUtil.LogError("Error while processing labels: " + err.Error())
 		}
diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/job.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/job.go
index e30e874d13..86542f90d3 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/job.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/job.go
@@ -164,7 +164,12 @@ func printSecHubJobSummaryAndFailOnTrafficLight(context *Context) {
 }
 
 func getSecHubJobList(context *Context, size int) {
-	// request SecHub job state from server
+	// Print filtering labels if defined
+	for key, value := range context.config.labels {
+		sechubUtil.LogNotice("Label match "+key+"="+value)
+	}	
+
+	// Request SecHub job list from server
 	response := sendWithDefaultHeader("GET", buildGetSecHubJobListAPICall(context, size), context)
 
 	data, err := io.ReadAll(response.Body)
@@ -213,6 +218,7 @@ func printLatestJobsOfProject(context *Context) {
 	// get latest jobs into context.jobList
 	getSecHubJobList(context, SizeOfJobList)
 
+	// Print result table
 	printFormat := "%-36s | %-6s | %-8s | %-6s | %-19s | %-19s\n"
 	fmt.Printf(printFormat, "SecHub JobUUID", "Status", "Stage", "Result", "Created", "Ended")
 	fmt.Println("-------------------------------------+--------+----------+--------+---------------------+--------------------")
diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/labels.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/labels.go
index c87bc61c3e..7afee5aedd 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/labels.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/labels.go
@@ -38,10 +38,6 @@ func addLabelToList(list map[string]string, labelDefinition string, overrideIfEx
 // in the sechub config JSON (context.contentToSend) by context.config.labels
 func applyLabelsToConfigJson(context *Context) error {
 	var err error
-	if len(context.config.labels) == 0 {
-		// Nothing to do when context.config.labels is empty
-		return err
-	}
 
 	// Unmarshal the JSON into a map structure
 	// because when using SecHubConfig struct then all new serverside json options have to be added to the client struct
diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/labels_test.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/labels_test.go
index 0b619f5cdb..0014c3ed7a 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/labels_test.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/labels_test.go
@@ -145,6 +145,40 @@ func Example_applyLabelsToConfigJson_with_labels_section_in_json() {
 	// context.contentToSend: {"apiVersion":"1.0","metaData":{"labels":{"key1":"value1x","key2":"value2"}},"project":"myproject"}
 }
 
+func Example_applyLabelsToConfigJson_with_labels_section_only_in_json() {
+	// PREPARE
+	var context Context
+	var config Config
+	context.config = &config
+
+	sechubJSON := `
+  {
+    "apiVersion": "1.0",
+    "project": "myproject",
+    "metaData": {
+      "labels": {
+        "key1": "value1",
+        "key2": "value2"
+      }
+    }
+  }
+  `
+	context.contentToSend = []byte(sechubJSON)
+
+	// Lables are empty
+	labels := map[string]string{}
+	context.config.labels = labels
+
+	// EXECUTE
+	applyLabelsToConfigJson(&context)
+
+	// TEST
+	fmt.Printf("labels: %+v\n", context.config.labels)
+
+	// Output:
+	// labels: map[key1:value1 key2:value2]
+}
+
 func Example_applyLabelsToConfigJson_without_labels_section_in_json() {
 	// PREPARE
 	var context Context
diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder.go
index 07ee3877a0..d577edb1d3 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder.go
@@ -4,6 +4,7 @@ package cli
 
 import (
 	"fmt"
+	"net/url"
 )
 
 // https://localhost:8443/api/project/testproject/job/
@@ -60,6 +61,17 @@ func buildGetSecHubJobListAPICall(context *Context, size int) string {
 	context.contentToSend = nil // Do not send content
 	context.inputForContentProcessing = nil
 	apiPart := fmt.Sprintf("project/%s/jobs?size=%d&page=0", context.config.projectID, size)
+
+	// Add filtering by labels if defined
+	metadata_set:=false
+	for key, value := range context.config.labels {
+		if ! metadata_set {
+			apiPart += "&withMetaData=true"
+			metadata_set = true
+		}
+		apiPart += "&metadata.labels."+key+"="+url.QueryEscape(value)
+	}
+
 	return buildAPIUrl(&context.config.server, &apiPart)
 }
 
diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder_test.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder_test.go
index 0edbcd3ba4..e3e3a155f3 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder_test.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder_test.go
@@ -184,3 +184,28 @@ func Example_buildGetSecHubJobListAPICall() {
 	// Output:
 	// https://localhost:8443/api/project/testproject/jobs?size=10&page=0
 }
+
+func Example_buildGetSecHubJobListAPICallWithLabels() {
+	/* prepare */
+	context := new(Context)
+	config := new(Config)
+
+	context.config = config
+	config.projectID = "testproject"
+	config.server = "https://localhost:8443"
+
+	labels := map[string]string{
+		"key1": "value1",
+		"key2": "Non alphnumeric character$ !",
+	}
+	context.config.labels = labels
+	
+
+	/* execute */
+	result := buildGetSecHubJobListAPICall(context, 10)
+
+	/* test*/
+	fmt.Println(result)
+	// Output:
+	// https://localhost:8443/api/project/testproject/jobs?size=10&page=0&withMetaData=true&metadata.labels.key1=value1&metadata.labels.key2=Non+alphnumeric+character%24+%21
+}

From 40479ec7d0004f400d3711c8785a97f48b5e6e67 Mon Sep 17 00:00:00 2001
From: Sven Dolderer <sven.dolderer@mercedes-benz.com>
Date: Thu, 26 Sep 2024 17:55:09 +0200
Subject: [PATCH 2/7] client: label functionality docs updated #3459

---
 .../src/mercedes-benz.com/sechub/cli/config.go     |  2 +-
 .../documents/client/02_sechub_client.adoc         | 14 +++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/config.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/config.go
index 6a5e0c60cd..8483ced80b 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/config.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/config.go
@@ -85,7 +85,7 @@ func prepareOptionsFromCommandline(config *Config) {
 		fileOption, "", "Defines file to read from for actions '"+defineFalsePositivesAction+"', '"+markFalsePositivesAction+"', '"+interactiveMarkFalsePositivesAction+"', '"+unmarkFalsePositivesAction+"'")
 	flag.StringVar(&config.secHubJobUUID,
 		jobUUIDOption, "", "SecHub job uuid - Optional for actions '"+getStatusAction+"' or '"+getReportAction+"'")
-	flag.Func(labelOption, "Define a `SecHub label` for scan or for list filtering. (Example: \"key1=value1\") Repeat to define multiple labels.", func(s string) error {
+	flag.Func(labelOption, "Define a `SecHub label` for scan or filtering. (Example: \"key1=value1\") Repeat to define multiple labels.", func(s string) error {
 		var err error
 		config.labels, err = addLabelToList(config.labels, s, true)
 		if err != nil {
diff --git a/sechub-doc/src/docs/asciidoc/documents/client/02_sechub_client.adoc b/sechub-doc/src/docs/asciidoc/documents/client/02_sechub_client.adoc
index 7721c524a8..37d84c3ac0 100644
--- a/sechub-doc/src/docs/asciidoc/documents/client/02_sechub_client.adoc
+++ b/sechub-doc/src/docs/asciidoc/documents/client/02_sechub_client.adoc
@@ -155,7 +155,8 @@ sechub getStatus
 ----
 
 TIP: Defaults to latest job. +
-     You can select the job by providing the wanted job UUID by adding `-jobUUID ${jobUUID}`
+     You can select the job by providing the wanted job UUID by adding `-jobUUID ${jobUUID}` +
+     This action respects defined <<client-configuration-overview,label definitions>> as filter criteria.
 
 ===== getReport
 Will fetch the report as json. (result will only exist when job is done)
@@ -166,7 +167,8 @@ sechub getReport
 ----
 
 TIP: Defaults to latest finished job. +
-     You can select the job by providing the wanted job UUID by adding `-jobUUID ${jobUUID}`
+     You can select the job by providing the wanted job UUID by adding `-jobUUID ${jobUUID}` +
+     This action respects defined <<client-configuration-overview,label definitions>> as filter criteria.
 
 TIP: With `-output ${file-or-directory}` you can define where to place the report. +
      Can be a directory, a file name or a file path. +
@@ -182,7 +184,8 @@ sechub listJobs
 
 TIP: This might be useful for an overview or +
      when you want to see your project's scan job queue or +
-     to find out the job UUID of a certain job.
+     to find out the job UUID of a certain job. +
+     This action respects defined <<client-configuration-overview,label definitions>> as filter criteria.
 
 
 ===== defineFalsePositives
@@ -296,6 +299,7 @@ include::sechub_client_falsepositive_list_example_unmark_jobData+projectData.jso
 TIP: <<interactiveUnmarkFalsePositives,interactiveMarkFalsePositives>> might be easier to use
 
 
+[[client-configuration-overview]]
 ==== Configuration overview
 Basically parameters can be passed to the `{sechub}` client in three ways:
 
@@ -349,7 +353,7 @@ In below table, there is an overview of what can be defined where.
 - `-jobUUID <string>` +
   `{sechub}` job uuid. Optional for actions <<getStatus>> or <<getReport>>
 - `-label <label definition>` +
-  Define a SecHub label for the scan job. (Example: "key1=value1") Repeat to define multiple labels.
+  Define a SecHub label for scan or filtering. (Example: "key1=value1") Repeat to define multiple labels.
 - `-output <path to folder or file>` +
   Where to place reports, false-positive files etc. Can be a directory, a file name or a file path (defaults to current working directory and default file names)
 - `-project <string>` +
@@ -381,7 +385,7 @@ Additionally to above cmdline options, you can set some values also via environm
 - `SECHUB_APITOKEN` +
   The SecHub api token for `SECHUB_USERID`. (same as `-apitoken` option)
 - `SECHUB_LABELS` +
-  Define one or more labels for the scan job. The labels will appear in your SecHub report. Separate multiple labels with ",". (see also `-label` option) +
+  Define one or more labels for scan or filtering. The labels will appear in your SecHub report. Separate multiple labels with ",". (see also `-label` option) +
   Example: `export SECHUB_LABELS="key1=test 1,key2=test 2"`
 - `SECHUB_PROJECT` +
   The SecHub project id. (same as `-project` option)

From 7f9978f34b12384e2c77b10521f3bc5e90b12adb Mon Sep 17 00:00:00 2001
From: Sven Dolderer <sven.dolderer@mercedes-benz.com>
Date: Fri, 27 Sep 2024 10:05:35 +0200
Subject: [PATCH 3/7] fixed flaky test #3459

---
 .../src/mercedes-benz.com/sechub/cli/urlbuilder_test.go   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder_test.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder_test.go
index e3e3a155f3..2b035d5bc1 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder_test.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/urlbuilder_test.go
@@ -185,7 +185,7 @@ func Example_buildGetSecHubJobListAPICall() {
 	// https://localhost:8443/api/project/testproject/jobs?size=10&page=0
 }
 
-func Example_buildGetSecHubJobListAPICallWithLabels() {
+func TestBuildGetSecHubJobListAPICallWithLabels(t *testing.T) {
 	/* prepare */
 	context := new(Context)
 	config := new(Config)
@@ -205,7 +205,7 @@ func Example_buildGetSecHubJobListAPICallWithLabels() {
 	result := buildGetSecHubJobListAPICall(context, 10)
 
 	/* test*/
-	fmt.Println(result)
-	// Output:
-	// https://localhost:8443/api/project/testproject/jobs?size=10&page=0&withMetaData=true&metadata.labels.key1=value1&metadata.labels.key2=Non+alphnumeric+character%24+%21
+	sechubTestUtil.AssertStringContains(result, "&withMetaData=true", t)
+	sechubTestUtil.AssertStringContains(result, "&metadata.labels.key1=value1", t)
+	sechubTestUtil.AssertStringContains(result, "&metadata.labels.key2=Non+alphnumeric+character%24+%21", t)
 }

From 7810e5e9b7e21f587f8388a97e1620a86d4f24b1 Mon Sep 17 00:00:00 2001
From: Sven Dolderer <sven.dolderer@mercedes-benz.com>
Date: Fri, 27 Sep 2024 10:15:35 +0200
Subject: [PATCH 4/7] code indentation improved #3459

tabs vs. blanks
---
 .../src/mercedes-benz.com/sechub/cli/context-initializer.go  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/context-initializer.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/context-initializer.go
index 7891d7a281..91a9906f8a 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/context-initializer.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/context-initializer.go
@@ -26,11 +26,12 @@ func InitializeContext() *Context {
 
 	// Add labels defined via cmdline args or env var to config JSON (only for job related client actions)
 	if context.config.action == scanAction ||
-	   context.config.action == scanAsynchronAction ||
+		 context.config.action == scanAsynchronAction ||
 		 context.config.action == listJobsAction ||
 		 context.config.action == getReportAction ||
 		 context.config.action == getStatusAction {
-			err := applyLabelsToConfigJson(context)
+
+		err := applyLabelsToConfigJson(context)
 		if err != nil {
 			sechubUtil.LogError("Error while processing labels: " + err.Error())
 		}

From 659f2f7df023d02a6104729299a1764ab65a5503 Mon Sep 17 00:00:00 2001
From: Sven Dolderer <sven.dolderer@mercedes-benz.com>
Date: Fri, 27 Sep 2024 14:58:41 +0200
Subject: [PATCH 5/7] getting started guide updated #3464

---
 .../docs/asciidoc/sechub-getting-started.adoc | 116 ++++--------------
 .../sechub-getting-started/clone-repo.sh      |   2 +-
 .../sechub-getting-started/run-all-steps.sh   |   2 +-
 .../sechub-getting-started/start-pds-gosec.sh |   2 +-
 .../sechub-getting-started/start-sechub.sh    |   2 +-
 .../sechub-getting-started/stop-pds-gosec.sh  |   2 +-
 .../sechub-getting-started/stop-sechub.sh     |   2 +-
 7 files changed, 29 insertions(+), 99 deletions(-)

diff --git a/sechub-doc/src/docs/asciidoc/sechub-getting-started.adoc b/sechub-doc/src/docs/asciidoc/sechub-getting-started.adoc
index 8e16be9b12..bfc703cf73 100644
--- a/sechub-doc/src/docs/asciidoc/sechub-getting-started.adoc
+++ b/sechub-doc/src/docs/asciidoc/sechub-getting-started.adoc
@@ -30,7 +30,7 @@ This tutorial is tested on Debian/Ubuntu! +
 It should also work on different Linux distributions.
 --
 
-=== Prerequisites
+== Prerequisites
 
 You are going to need: 
 
@@ -45,9 +45,9 @@ Optional:
 * https://vscodium.com/[VSCodium]
 * https://open-vsx.org/extension/mercedes-benz/sechub[SecHub Extension] for VSCodium
 
-=== Instructions
+== Setup server environment
 
-==== Clone the repository
+=== Clone the repository
 
 In your terminal type:
 
@@ -58,7 +58,7 @@ include::sechub-getting-started/clone-repo.sh[lines=2;3]
 This makes a local copy of the SecHub project on your computer and goes to the project's folder
 
 
-==== Start SecHub Server
+=== Start SecHub Server
 
 The SecHub server is responsible for taking jobs and passing them to the PDS server for processing. Once the job finishes on the PDS side, they are fetched and processed by SecHub +
 
@@ -69,7 +69,7 @@ include::sechub-getting-started/start-sechub.sh[lines=2]
 
 This starts the server.
 
-==== Start GoSec+PDS Server
+=== Start GoSec+PDS Server
 The PDS server, which contains the security tool https://securego.io/[GoSec], will check the actual code for vulnerabilities and output a result of them.
 
 Start another terminal in the root directory of SecHub and type: 
@@ -82,7 +82,7 @@ include::sechub-getting-started/start-pds-gosec.sh[lines=2]
 This will prepare some environment files and will start a container based on SecHub's custom PDS+GoSec image. In the container, GoLang and GoSec will be installed and the server will be started.
 
 
-==== Setup Project
+=== Setup Project
 
 After starting all servers, some environment variables have to be set. Specifically `SECHUB_SERVER`, `SECHUB_USERID`, `SECHUB_APITOKEN`, `SECHUB_TRUSTALL` and SecHub's CLI tools have to be added to the `PATH` variable to be able to do scans.
 In another, we set local credentials because everything is hosted locally:
@@ -186,7 +186,8 @@ Setup of GoSec complete:
 
 Now you are ready to do scans!
 
-==== Install SecHub client 
+== Scan using SecHub client
+=== Install SecHub client
 The SecHub client is needed to scan. In later sections of this guide, the client is used to scan an example. The command below, will download the latest version and put it in your `/usr/local/bin` folder.
 
 [source, bash]
@@ -211,12 +212,11 @@ sudo cp platform/linux-amd64/sechub /usr/local/bin
 # For linux arm-64
 sudo cp platform/linux-arm64/sechub /usr/local/bin
 
-
 # Cleanup
 rm -rf sechub-cli.zip.sha256 sechub-cli.zip platform/
 --
 
-==== Scanning
+=== Scan
 
 Now you can go to another project's directory and do a scan for vulnerabilities.
 In this example, we will use https://github.com/Jeeppler/vulnerable-go[vulnerable-go], but you are free to use any other project!
@@ -231,98 +231,28 @@ Here's a bare-bones example:
 echo '
 {
   "apiVersion": "1.0",
-  "codeScan": {
-    "fileSystem": {
-      "folders": [
-        "."
-      ]
-    },
-    "excludes": []
+  "project": "test-gosec",
+  "codeScan": { "use": [ "sourcecode" ] },
+  "data": {
+    "sources": [
+      {
+        "name": "sourcecode",
+        "fileSystem": { "folders": [ "." ] }
+      }
+    ]
   }
 }
 ' > sechub.json
 --
 
-And to do a scan, type `sechub -project test-gosec scan`, this will create a JSON file, which contains a report of the findings from the scan. If you want HTML output, add `-reportformat html` as an option: `sechub -project test-gosec -reportformat html scan`
-
-The output you get, should be simillar to this(if you choose JSON output):
-
-[source]
---
-{
-   "result": {
-      "count": 4,
-      "findings": [
-         {
-            "id": 3,
-            "description": "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.",
-            "name": "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.",
-            "severity": "HIGH",
-            "code": {
-               "location": "source/app/app.go",
-               "line": 17,
-               "column": 13,
-               "source": "return template.HTML(s)"
-            },
-            "type": "codeScan",
-            "cweId": 79
-         },
-         {
-            "id": 2,
-            "description": "Use of weak cryptographic primitive",
-            "name": "Use of weak cryptographic primitive",
-            "severity": "HIGH",
-            "code": {
-               "location": "source/app/app.go",
-               "line": 90,
-               "column": 13,
-               "source": "hash := md5.Sum([]byte(password)) // CWE-327"
-            },
-            "type": "codeScan",
-            "cweId": 326
-         },
-         {
-            "id": 4,
-            "description": "Blocklisted import crypto/md5: weak cryptographic primitive",
-            "name": "Blocklisted import crypto/md5: weak cryptographic primitive",
-            "severity": "HIGH",
-            "code": {
-               "location": "source/app/app.go",
-               "line": 7,
-               "column": 5,
-               "source": "\"crypto/md5\""
-            },
-            "type": "codeScan",
-            "cweId": 327
-         },
-         {
-            "id": 1,
-            "description": "Potential hardcoded credentials",
-            "name": "Potential hardcoded credentials",
-            "severity": "HIGH",
-            "code": {
-               "location": "source/app/app.go",
-               "line": 76,
-               "column": 5,
-               "source": "loginPassword := \"21232f297a57a5a743894a0e4a801fc3\" // CWE-257"
-            },
-            "type": "codeScan",
-            "cweId": 798
-         }
-      ]
-   },
-   "jobUUID": "3368defe-7a45-448f-bee1-b069e754ca52",
-   "reportVersion": "1.0",
-   "messages": [],
-   "trafficLight": "RED",
-   "status": "SUCCESS"
-}
---
+Now you can do a scan, type `sechub scan`, this will create a file which contains a report of the findings from the scan (JSON format).
+If you want the report in HTML format instead, add `-reportformat html` as an option: `sechub -reportformat html scan`
 
-==== Install SecHub's VSCodium Plugin (OPTIONAL)
+== Optional
+=== Install SecHub's VSCodium Plugin (OPTIONAL)
 SecHub's VSCodium Plugin helps you to work faster with the SecHub report.
 You can go to the exact code line and fix the problem.
 
 You can get the plugin from https://open-vsx.org/extension/mercedes-benz/sechub[here].
 
-And to install it, open VSCodium and in the `Command Pallete` (Usually can be opened with `Ctrl+Shift+P`) type `install vsix`, and in the pop-up menu, choose the plugin.
\ No newline at end of file
+And to install it, open VSCodium and in the `Command Palette` (Usually can be opened with `Ctrl+Shift+P`) type `install vsix`, and in the pop-up menu, choose the plugin.
diff --git a/sechub-doc/src/docs/asciidoc/sechub-getting-started/clone-repo.sh b/sechub-doc/src/docs/asciidoc/sechub-getting-started/clone-repo.sh
index c1ff9885af..e977e05bc1 100644
--- a/sechub-doc/src/docs/asciidoc/sechub-getting-started/clone-repo.sh
+++ b/sechub-doc/src/docs/asciidoc/sechub-getting-started/clone-repo.sh
@@ -1,3 +1,3 @@
 # SPDX-License-Identifier: MIT
 git clone https://github.com/mercedes-benz/sechub.git
-cd sechub
\ No newline at end of file
+cd sechub
diff --git a/sechub-doc/src/docs/asciidoc/sechub-getting-started/run-all-steps.sh b/sechub-doc/src/docs/asciidoc/sechub-getting-started/run-all-steps.sh
index 687353ead6..3118f531d9 100755
--- a/sechub-doc/src/docs/asciidoc/sechub-getting-started/run-all-steps.sh
+++ b/sechub-doc/src/docs/asciidoc/sechub-getting-started/run-all-steps.sh
@@ -58,4 +58,4 @@ echo "Press Ctrl+C to stop all servers"
 # Wait for the user to press Ctrl+C
 while true; do
     sleep 1
-done
\ No newline at end of file
+done
diff --git a/sechub-doc/src/docs/asciidoc/sechub-getting-started/start-pds-gosec.sh b/sechub-doc/src/docs/asciidoc/sechub-getting-started/start-pds-gosec.sh
index dbd7e5bd46..4f9c09f93a 100644
--- a/sechub-doc/src/docs/asciidoc/sechub-getting-started/start-pds-gosec.sh
+++ b/sechub-doc/src/docs/asciidoc/sechub-getting-started/start-pds-gosec.sh
@@ -1,2 +1,2 @@
 # SPDX-License-Identifier: MIT
-./sechub-pds-solutions/gosec/05-start-single-sechub-network-docker-compose.sh
\ No newline at end of file
+./sechub-pds-solutions/gosec/05-start-single-sechub-network-docker-compose.sh
diff --git a/sechub-doc/src/docs/asciidoc/sechub-getting-started/start-sechub.sh b/sechub-doc/src/docs/asciidoc/sechub-getting-started/start-sechub.sh
index abe5a501c5..2def21b4a9 100644
--- a/sechub-doc/src/docs/asciidoc/sechub-getting-started/start-sechub.sh
+++ b/sechub-doc/src/docs/asciidoc/sechub-getting-started/start-sechub.sh
@@ -1,2 +1,2 @@
 # SPDX-License-Identifier: MIT
-./sechub-solution/01-start-single-docker-compose.sh
\ No newline at end of file
+./sechub-solution/01-start-single-docker-compose.sh
diff --git a/sechub-doc/src/docs/asciidoc/sechub-getting-started/stop-pds-gosec.sh b/sechub-doc/src/docs/asciidoc/sechub-getting-started/stop-pds-gosec.sh
index 4363c2ef14..1c154634c7 100644
--- a/sechub-doc/src/docs/asciidoc/sechub-getting-started/stop-pds-gosec.sh
+++ b/sechub-doc/src/docs/asciidoc/sechub-getting-started/stop-pds-gosec.sh
@@ -1,2 +1,2 @@
 # SPDX-License-Identifier: MIT
-./sechub-pds-solutions/gosec/05-stop-single-sechub-network-docker-compose.sh
\ No newline at end of file
+./sechub-pds-solutions/gosec/05-stop-single-sechub-network-docker-compose.sh
diff --git a/sechub-doc/src/docs/asciidoc/sechub-getting-started/stop-sechub.sh b/sechub-doc/src/docs/asciidoc/sechub-getting-started/stop-sechub.sh
index 2852ddac01..4b60fcdc51 100644
--- a/sechub-doc/src/docs/asciidoc/sechub-getting-started/stop-sechub.sh
+++ b/sechub-doc/src/docs/asciidoc/sechub-getting-started/stop-sechub.sh
@@ -1,2 +1,2 @@
 # SPDX-License-Identifier: MIT
-./sechub-solution/01-stop-single-docker-compose.sh
\ No newline at end of file
+./sechub-solution/01-stop-single-docker-compose.sh

From 96acbf5c25986c279616906b5e55be56d7ac45a5 Mon Sep 17 00:00:00 2001
From: Sven Dolderer <sven.dolderer@mercedes-benz.com>
Date: Fri, 27 Sep 2024 15:19:11 +0200
Subject: [PATCH 6/7] fix case when no config json exists #3459

---
 .../mercedes-benz.com/sechub/cli/labels.go    | 58 ++++++++++---------
 .../sechub/cli/labels_test.go                 | 30 ++++++++++
 2 files changed, 60 insertions(+), 28 deletions(-)

diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/labels.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/labels.go
index 7afee5aedd..ee40a8f6a4 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/labels.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/labels.go
@@ -39,40 +39,42 @@ func addLabelToList(list map[string]string, labelDefinition string, overrideIfEx
 func applyLabelsToConfigJson(context *Context) error {
 	var err error
 
-	// Unmarshal the JSON into a map structure
-	// because when using SecHubConfig struct then all new serverside json options have to be added to the client struct
-	var data map[string]interface{}
-	err = json.Unmarshal(context.contentToSend, &data)
-	if err != nil {
-		sechubUtil.LogError(fmt.Sprintf("Could not unmarshal json: %s", err))
-		return err
-	}
+	if context.config.configFileRead {
+		var data map[string]interface{}
+		// Unmarshal the JSON into a map structure
+		// because when using SecHubConfig struct then all new serverside json options have to be added to the client struct
+		err = json.Unmarshal(context.contentToSend, &data)
+		if err != nil {
+			sechubUtil.LogError(fmt.Sprintf("Could not unmarshal json: %s", err))
+			return err
+		}
 
-	metaData := data["metaData"]
-	m, ok := metaData.(map[string]interface{})
-	if ok {
-		labels := m["labels"]
-		var l map[string]interface{}
-		l, ok = labels.(map[string]interface{})
+		metaData := data["metaData"]
+		m, ok := metaData.(map[string]interface{})
 		if ok {
-			// Add labels from JSON to context.config.labels (no override)
-			for key, value := range l {
-				context.config.labels, err = addLabelToList(context.config.labels, fmt.Sprintf("%v=%v", key, value), false)
-				if err != nil {
-					return err
+			labels := m["labels"]
+			var l map[string]interface{}
+			l, ok = labels.(map[string]interface{})
+			if ok {
+				// Add labels from JSON to context.config.labels (no override)
+				for key, value := range l {
+					context.config.labels, err = addLabelToList(context.config.labels, fmt.Sprintf("%v=%v", key, value), false)
+					if err != nil {
+						return err
+					}
 				}
 			}
+		} else {
+			// initialize m
+			m = map[string]interface{}{}
 		}
-	} else {
-		// initialize m
-		m = map[string]interface{}{}
-	}
 
-	// Create/update labels in `data` map
-	m["labels"] = context.config.labels
-	data["metaData"] = m
+		// Create/update labels in `data` map
+		m["labels"] = context.config.labels
+		data["metaData"] = m
 
-	// Build JSON
-	context.contentToSend, err = json.Marshal(data)
+		// Build JSON
+		context.contentToSend, err = json.Marshal(data)
+	}
 	return err
 }
diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/labels_test.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/labels_test.go
index 0014c3ed7a..389c637230 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/labels_test.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/labels_test.go
@@ -113,6 +113,7 @@ func Example_applyLabelsToConfigJson_with_labels_section_in_json() {
 	var config Config
 	context.config = &config
 
+	context.config.configFileRead = true
 	sechubJSON := `
   {
     "apiVersion": "1.0",
@@ -151,6 +152,7 @@ func Example_applyLabelsToConfigJson_with_labels_section_only_in_json() {
 	var config Config
 	context.config = &config
 
+	context.config.configFileRead = true
 	sechubJSON := `
   {
     "apiVersion": "1.0",
@@ -185,6 +187,7 @@ func Example_applyLabelsToConfigJson_without_labels_section_in_json() {
 	var config Config
 	context.config = &config
 
+	context.config.configFileRead = true
 	sechubJSON := `
   {
     "apiVersion": "1.0",
@@ -220,6 +223,7 @@ func Example_applyLabelsToConfigJson_without_metadata_section_in_json() {
 	var config Config
 	context.config = &config
 
+	context.config.configFileRead = true
 	sechubJSON := `
   {
     "apiVersion": "1.0",
@@ -245,3 +249,29 @@ func Example_applyLabelsToConfigJson_without_metadata_section_in_json() {
 	// labels: map[key1:value1x]
 	// context.contentToSend: {"apiVersion":"1.0","metaData":{"labels":{"key1":"value1x"}},"project":"myproject"}
 }
+
+func Example_applyLabelsToConfigJson_with_no_config_file() {
+	// PREPARE
+	var context Context
+	var config Config
+	context.config = &config
+
+	context.config.configFileRead = false
+
+	// These lables must override the above defined ones
+	labels := map[string]string{
+		"key1": "value1",
+	}
+	context.config.labels = labels
+
+	// EXECUTE
+	applyLabelsToConfigJson(&context)
+
+	// TEST
+	fmt.Printf("labels: %+v\n", context.config.labels)
+	fmt.Println("context.contentToSend:", string(context.contentToSend))
+
+	// Output:
+	// labels: map[key1:value1]
+	// context.contentToSend:
+}

From 6b95e10bedfa100fd50191903e2fbf498ab97b1f Mon Sep 17 00:00:00 2001
From: Sven Dolderer <sven.dolderer@mercedes-benz.com>
Date: Fri, 27 Sep 2024 15:51:36 +0200
Subject: [PATCH 7/7] empty list handling improved #3459

---
 sechub-cli/src/mercedes-benz.com/sechub/cli/job.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sechub-cli/src/mercedes-benz.com/sechub/cli/job.go b/sechub-cli/src/mercedes-benz.com/sechub/cli/job.go
index 86542f90d3..5026250176 100644
--- a/sechub-cli/src/mercedes-benz.com/sechub/cli/job.go
+++ b/sechub-cli/src/mercedes-benz.com/sechub/cli/job.go
@@ -166,7 +166,7 @@ func printSecHubJobSummaryAndFailOnTrafficLight(context *Context) {
 func getSecHubJobList(context *Context, size int) {
 	// Print filtering labels if defined
 	for key, value := range context.config.labels {
-		sechubUtil.LogNotice("Label match "+key+"="+value)
+		sechubUtil.LogNotice("Filtered by label "+key+"="+value)
 	}	
 
 	// Request SecHub job list from server
@@ -202,7 +202,9 @@ func getLatestSecHubJobUUID(context *Context, expectedState ...string) string {
 	getSecHubJobList(context, 5)
 
 	if len(context.jobList.List) == 0 {
-		sechubUtil.LogError("No SecHub jobs found. Have you started a scan?")
+		sechubUtil.LogWarning("No SecHub jobs found for "+context.config.projectID+". Have you started a scan?")
+		// Return 0 because we do not regard this as an error
+		os.Exit(ExitCodeOK)
 	}
 
 	// If not provided: accept any job state