CM-48559 - Add commit history scan and pre-commit hook for SAST (#314)

Author: MarshalX

.pre-commit-hooks.yaml

@@ -10,3 +10,9 @@
   language_version: python3
   entry: cycode
   args: [ '-o', 'text', '--no-progress-meter', 'scan', '-t', 'sca', 'pre-commit' ]
+- id: cycode-sast
+  name: Cycode SAST pre-commit defender
+  language: python
+  language_version: python3
+  entry: cycode
+  args: [ '-o', 'text', '--no-progress-meter', 'scan', '-t', 'sast', 'pre-commit' ]

README.md

@@ -8,7 +8,7 @@
 from cycode.cli.apps.report.sbom.common import create_sbom_report, send_report_feedback
 from cycode.cli.exceptions.handle_report_sbom_errors import handle_report_exception
 from cycode.cli.files_collector.path_documents import get_relevant_documents
-from cycode.cli.files_collector.sca.sca_code_scanner import perform_pre_scan_documents_actions
+from cycode.cli.files_collector.sca.sca_file_collector import add_sca_dependencies_tree_documents_if_needed
 from cycode.cli.files_collector.zip_documents import zip_documents
 from cycode.cli.utils.get_api_client import get_report_cycode_client
 from cycode.cli.utils.progress_bar import SbomReportProgressBarSection
@@ -41,7 +41,7 @@ def path_command(
         )
         # TODO(MarshalX): combine perform_pre_scan_documents_actions with get_relevant_document.
         #  unhardcode usage of context in perform_pre_scan_documents_actions
-        perform_pre_scan_documents_actions(ctx, consts.SCA_SCAN_TYPE, documents)
+        add_sca_dependencies_tree_documents_if_needed(ctx, consts.SCA_SCAN_TYPE, documents)
 
         zipped_documents = zip_documents(consts.SCA_SCAN_TYPE, documents)
         report_execution = client.request_sbom_report_execution(report_parameters, zip_file=zipped_documents)

cycode/cli/apps/report/sbom/path/path_command.py

@@ -0,0 +1,42 @@
+from typing import TYPE_CHECKING, Optional
+
+import typer
+
+from cycode.logger import get_logger
+
+if TYPE_CHECKING:
+    from cycode.cyclient.scan_client import ScanClient
+
+logger = get_logger('Aggregation Report URL')
+
+
+def _set_aggregation_report_url(ctx: typer.Context, aggregation_report_url: Optional[str] = None) -> None:
+    ctx.obj['aggregation_report_url'] = aggregation_report_url
+
+
+def try_get_aggregation_report_url_if_needed(
+    scan_parameters: dict, cycode_client: 'ScanClient', scan_type: str
+) -> Optional[str]:
+    if not scan_parameters.get('report', False):
+        return None
+
+    aggregation_id = scan_parameters.get('aggregation_id')
+    if aggregation_id is None:
+        return None
+
+    try:
+        report_url_response = cycode_client.get_scan_aggregation_report_url(aggregation_id, scan_type)
+        return report_url_response.report_url
+    except Exception as e:
+        logger.debug('Failed to get aggregation report url: %s', str(e))
+
+
+def try_set_aggregation_report_url_if_needed(
+    ctx: typer.Context, scan_parameters: dict, cycode_client: 'ScanClient', scan_type: str
+) -> None:
+    aggregation_report_url = try_get_aggregation_report_url_if_needed(scan_parameters, cycode_client, scan_type)
+    if aggregation_report_url:
+        _set_aggregation_report_url(ctx, aggregation_report_url)
+        logger.debug('Aggregation report URL set successfully', {'aggregation_report_url': aggregation_report_url})
+    else:
+        logger.debug('No aggregation report URL found or report generation is disabled')