Merge branch 'main' into bug/alex-fix-sca-configurations

Author: cx-alex-cohen

.github/workflows/ci.yml

@@ -45,6 +45,10 @@ jobs:
         run: go build -o ./bin/cx ./cmd
       - name: Install gocovmerge
         run: go install github.com/wadey/gocovmerge@latest
+      - name: Install pre-commit
+        run: |
+         pip install pre-commit
+         pre-commit install
       - name: Go Integration test
         shell: bash
         env:

.github/workflows/issue_automation.yml

@@ -2,15 +2,25 @@ name: Issue automation
 
 on:
   issues:
-    types: [opened]
+    types: [opened, closed]
 
 jobs:
   notify_jira:
+    if: github.event.action == 'opened'
     name: Notify Jira
     uses: Checkmarx/plugins-release-workflow/.github/workflows/jira_notify.yml@main
     with:
       title: ${{ github.event.issue.title }}
       body: ${{ github.event.issue.body }}
       html_url: ${{ github.event.issue.html_url }}
       repo: ${{ github.event.repository.full_name }}
-    secrets: inherit
+    secrets: inherit
+
+  close_jira:
+    if: github.event.action == 'closed'
+    name: Close Jira
+    uses: Checkmarx/plugins-release-workflow/.github/workflows/jira_close.yml@main
+    with:
+      issue_number: ${{ github.event.issue.number }}
+      repo: ${{ github.event.repository.full_name }}
+    secrets: inherit

.github/workflows/jira_notify.yml

@@ -85,7 +85,7 @@ func main() {
 	scaRealTimeWrapper := wrappers.NewHTTPScaRealTimeWrapper()
 	chatWrapper := wrappers.NewChatWrapper()
 	featureFlagsWrapper := wrappers.NewFeatureFlagsHTTPWrapper(featureFlagsPath)
-	policyWrapper := wrappers.NewHTTPPolicyWrapper(policyEvaluationPath)
+	policyWrapper := wrappers.NewHTTPPolicyWrapper(policyEvaluationPath, featureFlagsWrapper)
 	sastMetadataWrapper := wrappers.NewSastIncrementalHTTPWrapper(sastMetadataPath)
 	accessManagementWrapper := wrappers.NewAccessManagementHTTPWrapper(accessManagementPath)
 	byorWrapper := wrappers.NewByorHTTPWrapper(byorPath)

.github/workflows/manual-integration-test.yml

@@ -6,7 +6,7 @@ require (
 	github.com/Checkmarx/containers-resolver v1.0.6-0.20250130184119-42af4015f216
 	github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63
 	github.com/Checkmarx/gen-ai-wrapper v1.0.2
-	github.com/Checkmarx/secret-detection v0.0.3-0.20250227154803-c62fe8ce1523
+	github.com/Checkmarx/secret-detection v0.0.3-0.20250327150305-31c2c3be9edf
 	github.com/MakeNowJust/heredoc v1.0.0
 	github.com/bouk/monkey v1.0.0
 	github.com/gofrs/flock v0.12.1
@@ -28,6 +28,7 @@ require (
 	golang.org/x/text v0.22.0
 	google.golang.org/grpc v1.67.3
 	google.golang.org/protobuf v1.36.3
+	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools v2.2.0+incompatible
 )
@@ -82,7 +83,7 @@ require (
 	github.com/chai2010/gettext-go v1.0.3 // indirect
 	github.com/charmbracelet/lipgloss v1.0.0 // indirect
 	github.com/charmbracelet/x/ansi v0.4.5 // indirect
-	github.com/checkmarx/2ms v1.4.1-0.20250227102300-e162a8629579 // indirect
+	github.com/checkmarx/2ms v1.4.1-0.20250327145719-b78804cb08c7 // indirect
 	github.com/cloudflare/circl v1.3.8 // indirect
 	github.com/containerd/cgroups/v3 v3.0.3 // indirect
 	github.com/containerd/containerd v1.7.24 // indirect
@@ -285,7 +286,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	helm.sh/helm/v3 v3.17.0 // indirect
 	k8s.io/api v0.32.0 // indirect
 	k8s.io/apiextensions-apiserver v0.32.0 // indirect

cmd/main.go

@@ -75,8 +75,8 @@ github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE
 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63/go.mod h1:MI6lfLerXU+5eTV/EPTDavgnV3owz3GPT4g/msZBWPo=
 github.com/Checkmarx/gen-ai-wrapper v1.0.2 h1:T6X40+4hYnwfDsvkjWs9VIcE6s1O+8DUu0+sDdCY3GI=
 github.com/Checkmarx/gen-ai-wrapper v1.0.2/go.mod h1:xwRLefezwNNnRGu1EjGS6wNiR9FVV/eP9D+oXwLViVM=
-github.com/Checkmarx/secret-detection v0.0.3-0.20250227154803-c62fe8ce1523 h1:F2aOPKbcCZPZBxfsJ1c7pNK0rjA8P9wPxBZ48YnZuw0=
-github.com/Checkmarx/secret-detection v0.0.3-0.20250227154803-c62fe8ce1523/go.mod h1:lLVCf7AT8v2LV+up7yIcj8aValbOSIJ+f453015/1P4=
+github.com/Checkmarx/secret-detection v0.0.3-0.20250327150305-31c2c3be9edf h1:lKiogedU3WzWBc/xI6Xj1BhX2Gp1QBJj8C+czY7CcaE=
+github.com/Checkmarx/secret-detection v0.0.3-0.20250327150305-31c2c3be9edf/go.mod h1:mtAHOm1mHGh7MVu6JdYUyitANsLcHNLUTBIh9pTERNI=
 github.com/CycloneDX/cyclonedx-go v0.9.2 h1:688QHn2X/5nRezKe2ueIVCt+NRqf7fl3AVQk+vaFcIo=
 github.com/CycloneDX/cyclonedx-go v0.9.2/go.mod h1:vcK6pKgO1WanCdd61qx4bFnSsDJQ6SbM2ZuMIgq86Jg=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
@@ -216,8 +216,8 @@ github.com/charmbracelet/x/ansi v0.4.5 h1:LqK4vwBNaXw2AyGIICa5/29Sbdq58GbGdFngSe
 github.com/charmbracelet/x/ansi v0.4.5/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw=
 github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=
 github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
-github.com/checkmarx/2ms v1.4.1-0.20250227102300-e162a8629579 h1:zfbP8DzU00h1bm7PhTBNQglr47qXV+5PdUY6+iJkvRI=
-github.com/checkmarx/2ms v1.4.1-0.20250227102300-e162a8629579/go.mod h1:Bnd2YSh8LQSc4fHAFN0BKz8LYThB6qHg3Wn/+H+WZ4I=
+github.com/checkmarx/2ms v1.4.1-0.20250327145719-b78804cb08c7 h1:COsC3skOJeJaSoCPuhLZ0byRGKm+ZHlyw5qm9ydlab0=
+github.com/checkmarx/2ms v1.4.1-0.20250327145719-b78804cb08c7/go.mod h1:Bnd2YSh8LQSc4fHAFN0BKz8LYThB6qHg3Wn/+H+WZ4I=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=

go.mod

@@ -110,12 +110,11 @@ func isPolicyEvaluated(
 			log.Println("Policy status: ", policyResponseModel.Status)
 			return false, nil, nil
 		}
-	}
-	// Case the policy is evaluated or None
-	logger.PrintIfVerbose("Policy evaluation finished with status: " + policyResponseModel.Status)
-	if policyResponseModel.Status == completedPolicy || policyResponseModel.Status == nonePolicy {
-		logger.PrintIfVerbose("Policy status: " + policyResponseModel.Status)
-		return true, policyResponseModel, nil
+		logger.PrintIfVerbose("Policy evaluation finished with status: " + policyResponseModel.Status)
+		if policyResponseModel.Status == completedPolicy || policyResponseModel.Status == nonePolicy {
+			logger.PrintIfVerbose("Policy status: " + policyResponseModel.Status)
+			return true, policyResponseModel, nil
+		}
 	}
 	return true, nil, nil
 }

go.sum

@@ -51,6 +51,7 @@ func PreCommitCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Command {
         `,
 		),
 	}
+	preCommitCmd.PersistentFlags().Bool("global", false, "Install the hook globally for all repositories")
 
 	preCommitCmd.AddCommand(secretsInstallGitHookCommand(jwtWrapper))
 	preCommitCmd.AddCommand(secretsUninstallGitHookCommand(jwtWrapper))
@@ -89,7 +90,8 @@ func secretsInstallGitHookCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Command
 			return validateLicense(jwtWrapper)
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return precommit.Install()
+			global, _ := cmd.Flags().GetBool("global")
+			return precommit.Install(global)
 		},
 	}
 
@@ -106,11 +108,9 @@ func secretsUninstallGitHookCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Comma
             $ cx hooks pre-commit secrets-uninstall-git-hook
         `,
 		),
-		PreRunE: func(cmd *cobra.Command, args []string) error {
-			return validateLicense(jwtWrapper)
-		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return precommit.Uninstall()
+			global, _ := cmd.Flags().GetBool("global")
+			return precommit.Uninstall(global)
 		},
 	}
 
@@ -131,7 +131,8 @@ func secretsUpdateGitHookCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Command
 			return validateLicense(jwtWrapper)
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return precommit.Update()
+			global, _ := cmd.Flags().GetBool("global")
+			return precommit.Update(global)
 		},
 	}
 

internal/commands/policymanagement/policy.go

@@ -338,4 +338,3 @@ func TestDetermineSystemOrCustomState(t *testing.T) {
 		})
 	}
 }
-