From 3281578844e8d19bee053d35dec1ac576d7f7ea1 Mon Sep 17 00:00:00 2001 From: omerr-cycode Date: Wed, 16 Jul 2025 17:42:05 +0300 Subject: [PATCH 1/2] added --maven-settings-file parameter --- cycode/cli/apps/scan/scan_command.py | 12 ++++++ .../sca/maven/restore_maven_dependencies.py | 37 ++++++++++++------- 2 files changed, 35 insertions(+), 14 deletions(-) diff --git a/cycode/cli/apps/scan/scan_command.py b/cycode/cli/apps/scan/scan_command.py index 363c409a..78d195f8 100644 --- a/cycode/cli/apps/scan/scan_command.py +++ b/cycode/cli/apps/scan/scan_command.py @@ -88,6 +88,17 @@ def scan_command( rich_help_panel=_SCA_RICH_HELP_PANEL, ), ] = False, + maven_settings_file: Annotated[ + Optional[Path], + typer.Option( + '--maven-settings-file', + show_default=False, + help='When specified, Cycode will use this settings.xml file ' + 'when building the maven dependency tree.', + dir_okay=False, + rich_help_panel=_SCA_RICH_HELP_PANEL, + ), + ] = None, export_type: Annotated[ ExportTypeOption, typer.Option( @@ -143,6 +154,7 @@ def scan_command( ctx.obj['sync'] = sync ctx.obj['severity_threshold'] = severity_threshold ctx.obj['monitor'] = monitor + ctx.obj['maven_settings_file'] = maven_settings_file ctx.obj['report'] = report scan_client = get_scan_cycode_client(ctx) diff --git a/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py b/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py index 589a0a2c..a6d5b20f 100644 --- a/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py +++ b/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py @@ -24,7 +24,12 @@ def is_project(self, document: Document) -> bool: return path.basename(document.path).split('/')[-1] == BUILD_MAVEN_FILE_NAME def get_commands(self, manifest_file_path: str) -> list[list[str]]: - return [['mvn', 'org.cyclonedx:cyclonedx-maven-plugin:2.7.4:makeAggregateBom', '-f', manifest_file_path]] + command = ['mvn', 'org.cyclonedx:cyclonedx-maven-plugin:2.7.4:makeAggregateBom', '-f', manifest_file_path] + + maven_settings_file = self.ctx.obj.get('maven_settings_file') + if maven_settings_file: + command += ['-s', str(maven_settings_file)] + return [command] def get_lock_file_name(self) -> str: return join_paths('target', MAVEN_CYCLONE_DEP_TREE_FILE_NAME) @@ -46,7 +51,7 @@ def try_restore_dependencies(self, document: Document) -> Optional[Document]: def restore_from_secondary_command(self, document: Document, manifest_file_path: str) -> Optional[Document]: restore_content = execute_commands( - commands=create_secondary_restore_commands(manifest_file_path), + commands=self.create_secondary_restore_commands(manifest_file_path), timeout=self.command_timeout, working_directory=self.get_working_directory(document), ) @@ -62,15 +67,19 @@ def restore_from_secondary_command(self, document: Document, manifest_file_path: ) -def create_secondary_restore_commands(manifest_file_path: str) -> list[list[str]]: - return [ - [ - 'mvn', - 'dependency:tree', - '-B', - '-DoutputType=text', - '-f', - manifest_file_path, - f'-DoutputFile={MAVEN_DEP_TREE_FILE_NAME}', - ] - ] + def create_secondary_restore_commands(self,manifest_file_path: str) -> list[list[str]]: + command = [ + 'mvn', + 'dependency:tree', + '-B', + '-DoutputType=text', + '-f', + manifest_file_path, + f'-DoutputFile={MAVEN_DEP_TREE_FILE_NAME}', + ] + + maven_settings_file = self.ctx.obj.get('maven_settings_file') + if maven_settings_file: + command += ['-s', str(maven_settings_file)] + + return [command] From 3a42545bc3727dd724f9c8db5b5502def072cc89 Mon Sep 17 00:00:00 2001 From: omerr-cycode Date: Thu, 17 Jul 2025 07:47:09 +0300 Subject: [PATCH 2/2] ruff format amendments --- cycode/cli/apps/scan/scan_command.py | 3 +-- .../sca/maven/restore_maven_dependencies.py | 19 +++++++++---------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/cycode/cli/apps/scan/scan_command.py b/cycode/cli/apps/scan/scan_command.py index 78d195f8..9b6f9e8b 100644 --- a/cycode/cli/apps/scan/scan_command.py +++ b/cycode/cli/apps/scan/scan_command.py @@ -93,8 +93,7 @@ def scan_command( typer.Option( '--maven-settings-file', show_default=False, - help='When specified, Cycode will use this settings.xml file ' - 'when building the maven dependency tree.', + help='When specified, Cycode will use this settings.xml file when building the maven dependency tree.', dir_okay=False, rich_help_panel=_SCA_RICH_HELP_PANEL, ), diff --git a/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py b/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py index a6d5b20f..51c91aa9 100644 --- a/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py +++ b/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py @@ -66,17 +66,16 @@ def restore_from_secondary_command(self, document: Document, manifest_file_path: absolute_path=restore_file_path, ) - - def create_secondary_restore_commands(self,manifest_file_path: str) -> list[list[str]]: + def create_secondary_restore_commands(self, manifest_file_path: str) -> list[list[str]]: command = [ - 'mvn', - 'dependency:tree', - '-B', - '-DoutputType=text', - '-f', - manifest_file_path, - f'-DoutputFile={MAVEN_DEP_TREE_FILE_NAME}', - ] + 'mvn', + 'dependency:tree', + '-B', + '-DoutputType=text', + '-f', + manifest_file_path, + f'-DoutputFile={MAVEN_DEP_TREE_FILE_NAME}', + ] maven_settings_file = self.ctx.obj.get('maven_settings_file') if maven_settings_file: