Checkmarx · cx-leonardo-fontes · Jan 23, 2026 · Jan 23, 2026 · Jan 23, 2026
@@ -37,7 +37,7 @@ func processFlags(rootCmd *cobra.Command) error {
 	}
 
 	// Apply all flag mappings immediately
-	engineConfigVar.ScanConfig.WithValidation = validateVar
+	engineConfigVar.WithValidation = validateVar
 	if len(customRegexRuleVar) > 0 {
 		engineConfigVar.CustomRegexPatterns = customRegexRuleVar
 	}

@@ -126,7 +126,7 @@ func TestProcessFlags(t *testing.T) {
 	t.Run("ValidateVarMapping", func(t *testing.T) {
 		// Reset global variables
 		validateVar = false
-		engineConfigVar.ScanConfig.WithValidation = false
+		engineConfigVar.WithValidation = false
 
 		// Set test value
 		validateVar = true
@@ -137,7 +137,7 @@ func TestProcessFlags(t *testing.T) {
 		processFlags(rootCmd)
 
 		// Verify mapping
-		assert.Equal(t, validateVar, engineConfigVar.ScanConfig.WithValidation, "validateVar should be mapped to engineConfigVar.ScanConfig.WithValidation")
+		assert.Equal(t, validateVar, engineConfigVar.WithValidation, "validateVar should be mapped to engineConfigVar.WithValidation")
 	})
 
 	t.Run("IgnoreListProcessing", func(t *testing.T) {
@@ -170,7 +170,7 @@ func TestProcessFlags(t *testing.T) {
 
 		// Verify all mappings
 		assert.Equal(t, customRegexRuleVar, engineConfigVar.CustomRegexPatterns, "Custom regex patterns should be mapped")
-		assert.Equal(t, validateVar, engineConfigVar.ScanConfig.WithValidation, "Validation flag should be mapped")
+		assert.Equal(t, validateVar, engineConfigVar.WithValidation, "Validation flag should be mapped")
 		assert.Equal(t, []string{"ignored-rule"}, engineConfigVar.IgnoreList, "IgnoreList should be preserved")
 		assert.Equal(t, 50, engineConfigVar.MaxTargetMegabytes, "MaxTargetMegabytes should be preserved")
 	})
@@ -181,7 +181,7 @@ func TestProcessFlags(t *testing.T) {
 		validateVar = false
 		engineConfigVar.IgnoreList = []string{}
 		engineConfigVar.CustomRegexPatterns = []string{}
-		engineConfigVar.ScanConfig.WithValidation = false
+		engineConfigVar.WithValidation = false
 
 		// Process flags
 		rootCmd := &cobra.Command{Use: "test"}
@@ -190,7 +190,7 @@ func TestProcessFlags(t *testing.T) {
 
 		// Verify empty values are handled correctly
 		assert.Empty(t, engineConfigVar.CustomRegexPatterns, "Empty custom regex patterns should remain empty")
-		assert.False(t, engineConfigVar.ScanConfig.WithValidation, "Validation should be false by default")
+		assert.False(t, engineConfigVar.WithValidation, "Validation should be false by default")
 		assert.Empty(t, engineConfigVar.IgnoreList, "Empty ignore list should remain empty")
 	})
 }
@@ -220,7 +220,7 @@ max-target-megabytes: 10`
 		processFlags(rootCmd)
 
 		// Verify CLI values take precedence
-		assert.True(t, engineConfigVar.ScanConfig.WithValidation, "CLI validate flag should override config file")
+		assert.True(t, engineConfigVar.WithValidation, "CLI validate flag should override config file")
 		assert.Equal(t, zerolog.DebugLevel, log.Logger.GetLevel(), "CLI log level should override config file")
 	})
 }

@@ -8,7 +8,6 @@ import (
 
 	"github.com/checkmarx/2ms/v5/engine"
 	"github.com/checkmarx/2ms/v5/engine/rules/ruledefine"
-	"github.com/checkmarx/2ms/v5/internal/resources"
 	"github.com/spf13/cobra"
 	"github.com/stretchr/testify/assert"
 )
@@ -44,9 +43,7 @@ func TestPreRun(t *testing.T) {
 			stdoutFormatVar: "json",
 			reportPath:      []string{"mock.json"},
 			engineConfigVar: engine.EngineConfig{
-				ScanConfig: resources.ScanConfig{
-					WithValidation: true,
-				},
+				WithValidation: true,
 			},
 			expectedPreRunErr: nil,
 		},

@@ -27,7 +27,6 @@ import (
 	"github.com/checkmarx/2ms/v5/engine/score"
 	"github.com/checkmarx/2ms/v5/engine/semaphore"
 	"github.com/checkmarx/2ms/v5/engine/validation"
-	"github.com/checkmarx/2ms/v5/internal/resources"
 	"github.com/checkmarx/2ms/v5/internal/workerpool"
 	"github.com/checkmarx/2ms/v5/lib/reporting"
 	"github.com/checkmarx/2ms/v5/lib/secrets"
@@ -88,7 +87,7 @@ type Engine struct {
 
 	Report reporting.IReport
 
-	ScanConfig resources.ScanConfig
+	WithValidation bool
 
 	wg conc.WaitGroup
 
@@ -151,7 +150,7 @@ type EngineConfig struct {
 
 	CustomRules []*ruledefine.Rule
 
-	ScanConfig resources.ScanConfig
+	WithValidation bool
 }
 
 type EngineOption func(*Engine)
@@ -185,7 +184,7 @@ func initEngine(engineConfig *EngineConfig, opts ...EngineOption) (*Engine, erro
 		return nil, ErrNoRulesSelected
 	}
 
-	scorer := score.NewScorer(finalRules, engineConfig.ScanConfig.WithValidation)
+	scorer := score.NewScorer(finalRules, engineConfig.WithValidation)
 
 	fileWalkerWorkerPoolSize := defaultDetectorWorkerPoolSize
 	if engineConfig.DetectorWorkerPoolSize > 0 {
@@ -217,7 +216,7 @@ func initEngine(engineConfig *EngineConfig, opts ...EngineOption) (*Engine, erro
 		ignoredIds:    &engineConfig.IgnoredIds,
 		allowedValues: &engineConfig.AllowedValues,
 
-		ScanConfig: engineConfig.ScanConfig,
+		WithValidation: engineConfig.WithValidation,
 
 		secretsChan:                    make(chan *secrets.Secret, runtime.GOMAXPROCS(0)),
 		secretsExtrasChan:              make(chan *secrets.Secret, runtime.GOMAXPROCS(0)),
@@ -703,7 +702,7 @@ func (e *Engine) consumeItems(pluginName string) {
 }
 
 func (e *Engine) processSecrets() {
-	if e.ScanConfig.WithValidation {
+	if e.WithValidation {
 		e.processSecretsWithValidation()
 	} else {
 		e.processSecretsWithoutValidation()
@@ -756,7 +755,7 @@ func (e *Engine) processEvaluationWithoutValidation() {
 
 // processSecretsEvaluation evaluates the secret's validationStatus, Severity and CVSS score
 func (e *Engine) processSecretsEvaluation() {
-	if e.ScanConfig.WithValidation {
+	if e.WithValidation {
 		e.processEvaluationWithValidation()
 	} else {
 		e.processEvaluationWithoutValidation()

@@ -21,7 +21,6 @@ import (
 	"github.com/checkmarx/2ms/v5/engine/chunk"
 	"github.com/checkmarx/2ms/v5/engine/rules"
 	"github.com/checkmarx/2ms/v5/engine/semaphore"
-	"github.com/checkmarx/2ms/v5/internal/resources"
 	"github.com/checkmarx/2ms/v5/lib/secrets"
 	"github.com/checkmarx/2ms/v5/plugins"
 	"github.com/rs/zerolog"
@@ -939,9 +938,7 @@ func TestProcessItems(t *testing.T) {
 func TestProcessSecrets(t *testing.T) {
 	t.Run("Validate flag is enabled", func(t *testing.T) {
 		instance, err := initEngine(&EngineConfig{
-			ScanConfig: resources.ScanConfig{
-				WithValidation: true,
-			},
+			WithValidation: true,
 		})
 		assert.NoError(t, err)
 		secretsChan := instance.secretsChan
@@ -993,9 +990,7 @@ func TestProcessSecrets(t *testing.T) {
 	})
 	t.Run("Validate flag is disabled", func(t *testing.T) {
 		instance, err := initEngine(&EngineConfig{
-			ScanConfig: resources.ScanConfig{
-				WithValidation: false,
-			},
+			WithValidation: false,
 		})
 		assert.NoError(t, err)
 		secretsChan := instance.secretsChan
@@ -1207,8 +1202,8 @@ func TestProcessEvaluationWithValidation(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			instance, err := initEngine(
 				&EngineConfig{
-					ScanConfig:  resources.ScanConfig{WithValidation: true},
-					CustomRules: tt.customRules},
+					WithValidation: true,
+					CustomRules:    tt.customRules},
 			)
 			assert.NoError(t, err)
 			validationChan := instance.GetValidationCh()

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"sync"
 
-	"github.com/checkmarx/2ms/v5/internal/resources"
 	"github.com/checkmarx/2ms/v5/plugins"
 	"github.com/rs/zerolog/log"
 	"github.com/sourcegraph/conc"
@@ -17,7 +16,7 @@ import (
 
 type scanner struct {
 	engineInstance engine.IEngine
-	scanConfig     resources.ScanConfig
+	scanConfig     ScanConfig
 	mu             sync.RWMutex
 }
 
@@ -33,7 +32,7 @@ func NewScanner() Scanner {
 	return &scanner{}
 }
 
-func (s *scanner) Reset(scanConfig *resources.ScanConfig, opts ...engine.EngineOption) error {
+func (s *scanner) Reset(scanConfig *ScanConfig, opts ...engine.EngineOption) error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
@@ -45,7 +44,7 @@ func (s *scanner) Reset(scanConfig *resources.ScanConfig, opts ...engine.EngineO
 		MaxFindings:               scanConfig.MaxFindings,
 		MaxRuleMatchesPerFragment: scanConfig.MaxRuleMatchesPerFragment,
 		MaxSecretSize:             scanConfig.MaxSecretSize,
-		ScanConfig:                *scanConfig,
+		WithValidation:            scanConfig.WithValidation,
 	}, opts...)
 	if err != nil {
 		return fmt.Errorf("error initializing engine: %w", err)
@@ -57,7 +56,7 @@ func (s *scanner) Reset(scanConfig *resources.ScanConfig, opts ...engine.EngineO
 	return nil
 }
 
-func (s *scanner) Scan(scanItems []ScanItem, scanConfig *resources.ScanConfig, opts ...engine.EngineOption) (reporting.IReport, error) {
+func (s *scanner) Scan(scanItems []ScanItem, scanConfig *ScanConfig, opts ...engine.EngineOption) (reporting.IReport, error) {
 	var wg conc.WaitGroup
 	err := s.Reset(scanConfig, opts...)
 	if err != nil {
@@ -109,7 +108,7 @@ func (s *scanner) Scan(scanItems []ScanItem, scanConfig *resources.ScanConfig, o
 
 func (s *scanner) ScanDynamic(
 	itemsIn <-chan ScanItem,
-	scanConfig *resources.ScanConfig,
+	scanConfig *ScanConfig,
 	opts ...engine.EngineOption,
 ) (reporting.IReport, error) {
 	var wg conc.WaitGroup