Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions internal/commands/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ const (
containerVolumeFlag = "-v"
containerNameFlag = "--name"
containerRemove = "--rm"
containerImage = "checkmarx/kics:v2.1.20"
containerImage = "checkmarx/kics@sha256:643071cf0c1657eaea695a48b49d2d61b7e625bb87c51505530e624e0c0a1ad1" // v2.1.20
containerScan = "scan"
containerScanPathFlag = "-p"
containerScanPath = "/path"
Expand Down Expand Up @@ -1184,9 +1184,8 @@ func overrideSastConfigValue(sastFastScanChanged, sastIncrementalChanged, sastLi

func addAiscScan(featureFlagWrapper wrappers.FeatureFlagsWrapper, resubmitConfig []wrappers.Config) map[string]interface{} {
// Add the aisc resubmit config, currently no value is passed in config
aiSupplyChainEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagWrapper, wrappers.AISupplyChainEnabled)
aiSupplyChainGAEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagWrapper, wrappers.AISupplyChainGAEnabled)
if scanTypeEnabled(commonParams.AiscType) && aiSupplyChainEnabled.Status && aiSupplyChainGAEnabled.Status {
if scanTypeEnabled(commonParams.AiscType) && aiSupplyChainGAEnabled.Status {
aiscMapConfig := make(map[string]interface{})
aiscConfig := wrappers.AISCConfig{}
aiscMapConfig[resultsMapType] = commonParams.AiscType
Expand Down
10 changes: 5 additions & 5 deletions internal/commands/scan_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -836,7 +836,7 @@ func TestAddAiscScan_WhenAiscEnabledAndFeatureFlagEnabled_ShouldReturnConfig(t *
var resubmitConfig []wrappers.Config

mock.Flag = wrappers.FeatureFlagResponseModel{
Name: wrappers.AISupplyChainEnabled,
Name: wrappers.AISupplyChainGAEnabled,
Status: true,
}
defer clearFlags()
Expand All @@ -862,7 +862,7 @@ func TestAddAiscScan_WhenAiscDisabled_ShouldReturnNil(t *testing.T) {
wrappers.ClearCache()
var resubmitConfig []wrappers.Config
mock.Flag = wrappers.FeatureFlagResponseModel{
Name: wrappers.AISupplyChainEnabled,
Name: wrappers.AISupplyChainGAEnabled,
Status: true,
}
defer clearFlags()
Expand All @@ -878,7 +878,7 @@ func TestAddAiscScan_WhenFeatureFlagDisabled_ShouldReturnNil(t *testing.T) {
wrappers.ClearCache()
var resubmitConfig []wrappers.Config
mock.Flag = wrappers.FeatureFlagResponseModel{
Name: wrappers.AISupplyChainEnabled,
Name: wrappers.AISupplyChainGAEnabled,
Status: false,
}
defer clearFlags()
Expand All @@ -900,7 +900,7 @@ func TestAddAiscScan_WithResubmitConfig_ShouldHandleCorrectly(t *testing.T) {
},
}
mock.Flag = wrappers.FeatureFlagResponseModel{
Name: wrappers.AISupplyChainEnabled,
Name: wrappers.AISupplyChainGAEnabled,
Status: true,
}
defer clearFlags()
Expand All @@ -919,7 +919,7 @@ func TestAddAiscScan_ConfigStructure_ShouldHaveCorrectFormat(t *testing.T) {
wrappers.ClearCache()
var resubmitConfig []wrappers.Config
mock.Flag = wrappers.FeatureFlagResponseModel{
Name: wrappers.AISupplyChainEnabled,
Name: wrappers.AISupplyChainGAEnabled,
Status: true,
}
defer clearFlags()
Expand Down
3 changes: 2 additions & 1 deletion internal/commands/util/remediation.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ const (
filesContainerVolume = ":/files"
resultsContainerLocation = "/kics/"
containerRemove = "--rm"
ContainerImage = "checkmarx/kics:v2.1.20"
// ContainerImage is the KICS container image with pinned SHA256 digest.
ContainerImage = "checkmarx/kics@sha256:643071cf0c1657eaea695a48b49d2d61b7e625bb87c51505530e624e0c0a1ad1" // v2.1.20
containerNameFlag = "--name"
remediateCommand = "remediate"
resultsFlag = "--results"
Expand Down
1 change: 0 additions & 1 deletion internal/services/projects.go
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,6 @@ func updateProject(project *wrappers.ProjectResponseModel,
} else {
projModel.MainBranch = project.MainBranch
}
projModel.RepoURL = project.RepoURL

if projectTags == "" && projectPrivatePackage == "" && isBranchPrimary == false {
logger.PrintIfVerbose("No tags or branch to update. Skipping project update.")
Expand Down
13 changes: 13 additions & 0 deletions internal/wrappers/feature-flags-http.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,11 @@ import (
"encoding/json"
"fmt"
"net/http"
"strconv"
"strings"
"time"

"github.com/checkmarx/ast-cli/internal/logger"
"github.com/pkg/errors"
"github.com/spf13/viper"

Expand Down Expand Up @@ -87,6 +90,16 @@ func (f FeatureFlagsHTTPWrapper) GetSpecificFlag(flagName string) (*FeatureFlagR
return &model, nil
case http.StatusNotFound:
return nil, errors.New("feature flags not found")
case http.StatusTooManyRequests:
waitSeconds := defaultRateLimitWaitSeconds
if retryAfter := resp.Header.Get("Retry-After"); retryAfter != "" {
if parsed, parseErr := strconv.Atoi(retryAfter); parseErr == nil && parsed > 0 {
waitSeconds = parsed
}
}
logger.PrintIfVerbose(fmt.Sprintf("Feature flags rate limited (429). Waiting %d seconds before retry.", waitSeconds))
time.Sleep(time.Duration(waitSeconds) * time.Second)
return nil, errors.New("failed to load feature flags for tenant")
default:
return nil, errors.New("failed to load feature flags for tenant")
}
Expand Down
9 changes: 4 additions & 5 deletions internal/wrappers/feature-flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,6 @@ const maxRetries = 3
const IncreaseFileUploadLimit = "INCREASE_FILE_UPLOAD_LIMIT"
const ScaDeltaScanEnabled = "SCA_DELTASCAN_ENABLED"

// AISupplyChainEnabled is the feature flag for AI Supply Chain Engine.
const AISupplyChainEnabled = "AI_SUPPLY_CHAIN_ENGINE_ENABLED"

// AISupplyChainGAEnabled is the feature flag for AI Supply Chain Engine GA.
const AISupplyChainGAEnabled = "AI_SUPPLY_CHAIN_ENGINE_GA_ENABLED"

Expand Down Expand Up @@ -113,8 +110,10 @@ func GetSpecificFeatureFlag(featureFlagsWrapper FeatureFlagsWrapper, flagName st
if len(featureFlags) == 0 || DefaultFFLoad {
_ = HandleFeatureFlags(featureFlagsWrapper)
}
// Take the value from FeatureFlags
return &FeatureFlagResponseModel{Name: flagName, Status: featureFlags[flagName]}, nil
defaultValue := featureFlags[flagName]
featureFlagsCache[flagName] = defaultValue // prevent re-fetch on next call
return &FeatureFlagResponseModel{Name: flagName, Status: defaultValue}, nil

}

UpdateSpecificFeatureFlagMap(flagName, *specificFlag)
Expand Down
Loading