Support DA_MIGRATION and configuration for direct association of application(AST-139430) (#1451)

cx-anjali-deore · cx-sumit-morchhale · commit 3626dfd1d68b · 2026-03-18T10:19:34.000+05:30
* - Added DA_MIGRATION FLAG implementation for direct association
diff --git a/.golangci.yml b/.golangci.yml
@@ -1,5 +1,6 @@
 # .golangci.yml
 
+
 run:
   timeout: 5m
   issues:
@@ -37,7 +38,7 @@ linters:
     - unused             # covers deadcode/varcheck/structcheck
     - whitespace
 
-linters-settings:
+linters.settings:
   depguard:
     list-type: blacklist
     rules:
diff --git a/go.mod b/go.mod
@@ -2,6 +2,7 @@ module github.com/checkmarx/ast-cli
 
 go 1.24.13
 
+
 require (
 	github.com/Checkmarx/containers-resolver v1.0.33
 	github.com/Checkmarx/containers-types v1.0.9
diff --git a/internal/commands/root.go b/internal/commands/root.go
@@ -197,6 +197,7 @@ func NewAstCLI(
 		featureFlagsWrapper,
 		containerResolverWrapper,
 		realTimeWrapper,
+		tenantWrapper,
 	)
 	projectCmd := NewProjectCommand(applicationsWrapper, projectsWrapper, groupsWrapper, accessManagementWrapper, featureFlagsWrapper)
 	dastEnvironmentsCmd := dast.NewDastEnvironmentsCommand(dastEnvironmentsWrapper)
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
@@ -187,6 +187,7 @@ func NewScanCommand(
 	featureFlagsWrapper wrappers.FeatureFlagsWrapper,
 	containerResolverWrapper wrappers.ContainerResolverWrapper,
 	realtimeScannerWrapper wrappers.RealtimeScannerWrapper,
+	tenantWrapper wrappers.TenantConfigurationWrapper,
 ) *cobra.Command {
 	scanCmd := &cobra.Command{
 		Use:   "scan",
@@ -217,6 +218,7 @@ func NewScanCommand(
 		accessManagementWrapper,
 		applicationsWrapper,
 		featureFlagsWrapper,
+		tenantWrapper,
 	)
 	containerResolver = containerResolverWrapper
 
@@ -674,6 +676,7 @@ func scanCreateSubCommand(
 	accessManagementWrapper wrappers.AccessManagementWrapper,
 	applicationsWrapper wrappers.ApplicationsWrapper,
 	featureFlagsWrapper wrappers.FeatureFlagsWrapper,
+	tenantWrapper wrappers.TenantConfigurationWrapper,
 ) *cobra.Command {
 	createScanCmd := &cobra.Command{
 		Use:   "create",
@@ -707,6 +710,7 @@ func scanCreateSubCommand(
 			accessManagementWrapper,
 			applicationsWrapper,
 			featureFlagsWrapper,
+			tenantWrapper,
 		),
 	}
 	createScanCmd.PersistentFlags().Bool(commonParams.AsyncFlag, false, "Do not wait for scan completion")
@@ -945,6 +949,7 @@ func setupScanTypeProjectAndConfig(
 	accessManagementWrapper wrappers.AccessManagementWrapper,
 	featureFlagsWrapper wrappers.FeatureFlagsWrapper,
 	jwtWrapper wrappers.JWTWrapper,
+	tenantWrapper wrappers.TenantConfigurationWrapper,
 ) error {
 	userAllowedEngines, _ := jwtWrapper.GetAllowedEngines(featureFlagsWrapper)
 	var info map[string]interface{}
@@ -973,6 +978,7 @@ func setupScanTypeProjectAndConfig(
 		accessManagementWrapper,
 		applicationsWrapper,
 		featureFlagsWrapper,
+		tenantWrapper,
 	)
 	if findProjectErr != nil {
 		return findProjectErr
@@ -2413,6 +2419,7 @@ func runCreateScanCommand(
 	accessManagementWrapper wrappers.AccessManagementWrapper,
 	applicationsWrapper wrappers.ApplicationsWrapper,
 	featureFlagsWrapper wrappers.FeatureFlagsWrapper,
+	tenantWrapper wrappers.TenantConfigurationWrapper,
 ) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		err := validateScanTypes(cmd, jwtWrapper, featureFlagsWrapper)
@@ -2462,6 +2469,7 @@ func runCreateScanCommand(
 			applicationsWrapper,
 			featureFlagsWrapper,
 			jwtWrapper,
+			tenantWrapper,
 		)
 		logger.PrintIfVerbose(fmt.Sprintf("Scan model: %v", scanModel))
 		defer cleanUpTempZip(zipFilePath)
@@ -2561,11 +2569,12 @@ func createScanModel(
 	applicationsWrapper wrappers.ApplicationsWrapper,
 	featureFlagsWrapper wrappers.FeatureFlagsWrapper,
 	jwtWrapper wrappers.JWTWrapper,
+	tenantWrapper wrappers.TenantConfigurationWrapper,
 ) (*wrappers.Scan, string, error) {
 	var input = []byte("{}")
 
 	// Define type, project and config in scan model
-	err := setupScanTypeProjectAndConfig(&input, cmd, projectsWrapper, groupsWrapper, scansWrapper, applicationsWrapper, accessManagementWrapper, featureFlagsWrapper, jwtWrapper)
+	err := setupScanTypeProjectAndConfig(&input, cmd, projectsWrapper, groupsWrapper, scansWrapper, applicationsWrapper, accessManagementWrapper, featureFlagsWrapper, jwtWrapper, tenantWrapper)
 	if err != nil {
 		return nil, "", err
 	}
diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go
@@ -4472,7 +4472,7 @@ func Test_CreateScanWithExistingProjectAssign_to_Application_FF_DirectAssociatio
 	file := createOutputFile(t, outputFileName)
 	defer deleteOutputFile(file)
 	defer logger.SetOutput(os.Stdout)
-
+	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.DaMigrationEnabled, Status: false}
 	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.DirectAssociationEnabled, Status: true}
 	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", ".", "--branch", "main", "--debug", "--application-name", mock.ExistingApplication}
 	execCmdNilAssertion(
@@ -4486,6 +4486,24 @@ func Test_CreateScanWithExistingProjectAssign_to_Application_FF_DirectAssociatio
 	assert.Equal(t, strings.Contains(stdoutString, "Successfully updated the application"), true, "Expected output: %s", "Successfully updated the application")
 }
 
+func Test_Create_Scan_With_DA_MIGRATION_And_ConfigurationEnabled_ShouldPass(t *testing.T) {
+	file := createOutputFile(t, outputFileName)
+	defer deleteOutputFile(file)
+	defer logger.SetOutput(os.Stdout)
+
+	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.DaMigrationEnabled, Status: true}
+	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", ".", "--branch", "main", "--debug", "--application-name", mock.ExistingApplication}
+	execCmdNilAssertion(
+		t,
+		baseArgs...,
+	)
+	stdoutString, err := util.ReadFileAsString(file.Name())
+	if err != nil {
+		t.Fatalf("Failed to read log file: %v", err)
+	}
+	assert.Equal(t, strings.Contains(stdoutString, "Successfully updated the application"), true, "Expected output: %s", "Successfully updated the application")
+}
+
 // TestIsTarFileReference tests the tar file detection logic.
 // Container-security scan-type related test function.
 func TestIsTarFileReference(t *testing.T) {
diff --git a/internal/commands/util/import.go b/internal/commands/util/import.go
@@ -21,7 +21,7 @@ func NewImportCommand(
 	accessManagementWrapper wrappers.AccessManagementWrapper,
 	byorWrapper wrappers.ByorWrapper,
 	applicationsWrapper wrappers.ApplicationsWrapper,
-	featureFlagsWrapper wrappers.FeatureFlagsWrapper) *cobra.Command {
+	featureFlagsWrapper wrappers.FeatureFlagsWrapper, tenantWrapper wrappers.TenantConfigurationWrapper) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "import",
 		Short: "Import SAST scan results",
@@ -37,7 +37,7 @@ func NewImportCommand(
 			`,
 			),
 		},
-		RunE: runImportCommand(projectsWrapper, uploadsWrapper, groupsWrapper, accessManagementWrapper, applicationsWrapper, byorWrapper, featureFlagsWrapper),
+		RunE: runImportCommand(projectsWrapper, uploadsWrapper, groupsWrapper, accessManagementWrapper, applicationsWrapper, byorWrapper, featureFlagsWrapper, tenantWrapper),
 	}
 
 	cmd.PersistentFlags().String(commonParams.ImportFilePath, "", "Path to the import file (sarif file or zip archive containing sarif files)")
@@ -53,7 +53,7 @@ func runImportCommand(
 	accessManagementWrapper wrappers.AccessManagementWrapper,
 	applicationsWrapper wrappers.ApplicationsWrapper,
 	byorWrapper wrappers.ByorWrapper,
-	featureFlagsWrapper wrappers.FeatureFlagsWrapper) func(cmd *cobra.Command, args []string) error {
+	featureFlagsWrapper wrappers.FeatureFlagsWrapper, tenantWrapper wrappers.TenantConfigurationWrapper) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		importFilePath, err := validateFilePath(cmd)
 		if err != nil {
@@ -65,7 +65,7 @@ func runImportCommand(
 			return errors.Errorf(errorConstants.ProjectNameIsRequired)
 		}
 
-		projectID, err := services.FindProject(projectName, cmd, projectsWrapper, groupsWrapper, accessManagementWrapper, applicationsWrapper, featureFlagsWrapper)
+		projectID, err := services.FindProject(projectName, cmd, projectsWrapper, groupsWrapper, accessManagementWrapper, applicationsWrapper, featureFlagsWrapper, tenantWrapper)
 		if err != nil {
 			return err
 		}
diff --git a/internal/commands/util/import_test.go b/internal/commands/util/import_test.go
@@ -20,6 +20,7 @@ func TestImport_ImportSarifFileWithCorrectFlags_CreateImportSuccessfully(t *test
 		&mock.ByorMockWrapper{},
 		mock.ApplicationsMockWrapper{},
 		&mock.FeatureFlagsMockWrapper{},
+		&mock.TenantConfigurationMockWrapper{},
 	)
 	cmd.SetArgs([]string{"utils", "import", "--project-name", "my-project", "--import-file-path", "my-path.sarif"})
 	err := cmd.Execute()
@@ -36,6 +37,7 @@ func TestImport_ImportSarifFileProjectDoesntExist_CreateImportWithProvidedNewNam
 		&mock.ByorMockWrapper{},
 		mock.ApplicationsMockWrapper{},
 		&mock.FeatureFlagsMockWrapper{},
+		&mock.TenantConfigurationMockWrapper{},
 	)
 	cmd.SetArgs([]string{"utils", "import", "--project-name", "MOCK-PROJECT-NOT-EXIST", "--import-file-path", "my-path.sarif"})
 	err := cmd.Execute()
@@ -52,6 +54,7 @@ func TestImport_ImportSarifFileMissingImportFilePath_CreateImportReturnsErrorWit
 		&mock.ByorMockWrapper{},
 		mock.ApplicationsMockWrapper{},
 		&mock.FeatureFlagsMockWrapper{},
+		&mock.TenantConfigurationMockWrapper{},
 	)
 	cmd.SetArgs([]string{"utils", "import", "--project-name", "my-project"})
 	err := cmd.Execute()
@@ -67,6 +70,7 @@ func TestImport_ImportSarifFileEmptyImportFilePathValue_CreateImportReturnsError
 		&mock.ByorMockWrapper{},
 		mock.ApplicationsMockWrapper{},
 		&mock.FeatureFlagsMockWrapper{},
+		&mock.TenantConfigurationMockWrapper{},
 	)
 	cmd.SetArgs([]string{"utils", "import", "--project-name", "my-project", "--import-file-path", ""})
 	err := cmd.Execute()
@@ -82,6 +86,7 @@ func TestImport_ImportSarifFileMissingImportProjectName_CreateImportReturnsError
 		&mock.ByorMockWrapper{},
 		mock.ApplicationsMockWrapper{},
 		&mock.FeatureFlagsMockWrapper{},
+		&mock.TenantConfigurationMockWrapper{},
 	)
 	cmd.SetArgs([]string{"utils", "import", "--import-file-path", "my-path.zip"})
 	err := cmd.Execute()
@@ -97,6 +102,7 @@ func TestImport_ImportSarifFileProjectNameNotProvided_CreateImportWithProvidedNe
 		&mock.ByorMockWrapper{},
 		mock.ApplicationsMockWrapper{},
 		&mock.FeatureFlagsMockWrapper{},
+		&mock.TenantConfigurationMockWrapper{},
 	)
 	cmd.SetArgs([]string{"utils", "import", "--project-name", "", "--import-file-path", "my-path.sarif"})
 	err := cmd.Execute()
@@ -112,6 +118,7 @@ func TestImport_ImportSarifFileUnacceptedFileExtension_CreateImportReturnsErrorW
 		&mock.ByorMockWrapper{},
 		mock.ApplicationsMockWrapper{},
 		&mock.FeatureFlagsMockWrapper{},
+		&mock.TenantConfigurationMockWrapper{},
 	)
 	cmd.SetArgs([]string{"utils", "import", "--project-name", "MOCK-PROJECT-NOT-EXIST", "--import-file-path", "my-path.txt"})
 	err := cmd.Execute()
@@ -127,6 +134,7 @@ func TestImport_ImportSarifFileMissingExtension_CreateImportReturnsErrorWithCorr
 		&mock.ByorMockWrapper{},
 		mock.ApplicationsMockWrapper{},
 		&mock.FeatureFlagsMockWrapper{},
+		&mock.TenantConfigurationMockWrapper{},
 	)
 	cmd.SetArgs([]string{"utils", "import", "--project-name", "MOCK-PROJECT-NOT-EXIST", "--import-file-path", "some/path/no/extension/my-path"})
 	err := cmd.Execute()
diff --git a/internal/commands/util/utils.go b/internal/commands/util/utils.go
@@ -65,7 +65,7 @@ func NewUtilsCommand(
 		},
 	}
 
-	importCmd := NewImportCommand(projectsWrapper, uploadsWrapper, groupsWrapper, accessManagementWrapper, byorWrapper, applicationsWrapper, featureFlagsWrapper)
+	importCmd := NewImportCommand(projectsWrapper, uploadsWrapper, groupsWrapper, accessManagementWrapper, byorWrapper, applicationsWrapper, featureFlagsWrapper, tenantWrapper)
 
 	envCheckCmd := NewEnvCheckCommand()
 
diff --git a/internal/services/applications.go b/internal/services/applications.go
@@ -9,7 +9,9 @@ import (
 )
 
 const (
-	ApplicationRuleType = "project.name.in"
+	ApplicationRuleType  = "project.name.in"
+	DirectAssociationKey = "scan.config.applications.directAssociations"
+	trueString           = "true"
 )
 
 func createApplicationIds(applicationID, existingApplicationIds []string) []string {
@@ -64,7 +66,7 @@ func verifyApplicationNameExactMatch(applicationName string, resp *wrappers.Appl
 	return application
 }
 
-func findApplicationAndUpdate(applicationName string, applicationsWrapper wrappers.ApplicationsWrapper, projectName, projectID string, featureFlagsWrapper wrappers.FeatureFlagsWrapper) error {
+func findApplicationAndUpdate(applicationName string, applicationsWrapper wrappers.ApplicationsWrapper, projectName, projectID string, featureFlagsWrapper wrappers.FeatureFlagsWrapper, tenantWrapper wrappers.TenantConfigurationWrapper) error {
 	if applicationName == "" {
 		logger.PrintfIfVerbose("No application name provided. Skipping application update")
 		return nil
@@ -77,8 +79,11 @@ func findApplicationAndUpdate(applicationName string, applicationsWrapper wrappe
 		return errors.Errorf("%s: %s", errorConstants.ApplicationNotFound, applicationName)
 	}
 
-	directAssociationEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagsWrapper, wrappers.DirectAssociationEnabled)
-	if directAssociationEnabled.Status {
+	isEnabled, err := checkDirectAssociationEnabled(featureFlagsWrapper, tenantWrapper)
+	if err != nil {
+		return errors.Wrap(err, "error while checking if direct association is enabled")
+	}
+	if isEnabled {
 		err = associateProjectToApplication(applicationResp.ID, projectID, applicationResp.ProjectIds, applicationsWrapper)
 		if err != nil {
 			return err
@@ -107,6 +112,28 @@ func findApplicationAndUpdate(applicationName string, applicationsWrapper wrappe
 	return nil
 }
 
+func checkDirectAssociationEnabled(featureFlagsWrapper wrappers.FeatureFlagsWrapper, tenantWrapper wrappers.TenantConfigurationWrapper) (bool, error) {
+	directAssociationEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagsWrapper, wrappers.DirectAssociationEnabled)
+	daMigrationEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagsWrapper, wrappers.DaMigrationEnabled)
+	var isDAConfigurationEnabled bool
+	if daMigrationEnabled.Status {
+		tenantConfigurationResponse, errorModel, err := tenantWrapper.GetTenantConfiguration()
+		if err != nil {
+			return false, err
+		}
+		if errorModel != nil {
+			return false, errors.New(errorModel.Message)
+		}
+		if tenantConfigurationResponse != nil {
+			for _, resp := range *tenantConfigurationResponse {
+				if resp.Key == DirectAssociationKey && resp.Value == trueString {
+					isDAConfigurationEnabled = true
+				}
+			}
+		}
+	}
+	return (daMigrationEnabled.Status && isDAConfigurationEnabled) || directAssociationEnabled.Status, nil
+}
 func updateApplication(applicationModel *wrappers.ApplicationConfiguration, applicationWrapper wrappers.ApplicationsWrapper, applicationID string) error {
 	errorModel, err := applicationWrapper.Update(applicationID, applicationModel)
 	return handleApplicationUpdateResponse(errorModel, err)
diff --git a/internal/services/projects.go b/internal/services/projects.go
@@ -32,6 +32,7 @@ func FindProject(
 	accessManagementWrapper wrappers.AccessManagementWrapper,
 	applicationWrapper wrappers.ApplicationsWrapper,
 	featureFlagsWrapper wrappers.FeatureFlagsWrapper,
+	tenantWrapper wrappers.TenantConfigurationWrapper,
 ) (string, error) {
 	var isBranchPrimary bool
 	resp, err := GetProjectsCollectionByProjectName(projectName, projectsWrapper)
@@ -44,7 +45,7 @@ func FindProject(
 	for i := 0; i < len(resp.Projects); i++ {
 		project := resp.Projects[i]
 		if project.Name == projectName {
-			err = findApplicationAndUpdate(applicationName, applicationWrapper, projectName, project.ID, featureFlagsWrapper)
+			err = findApplicationAndUpdate(applicationName, applicationWrapper, projectName, project.ID, featureFlagsWrapper, tenantWrapper)
 			if err != nil {
 				return "", err
 			}
diff --git a/internal/services/projects_test.go b/internal/services/projects_test.go
@@ -19,6 +19,7 @@ func TestFindProject(t *testing.T) {
 		accessManagementWrapper wrappers.AccessManagementWrapper
 		applicationsWrapper     wrappers.ApplicationsWrapper
 		featureFlagsWrapper     wrappers.FeatureFlagsWrapper
+		tenantWrapper           wrappers.TenantConfigurationWrapper
 	}
 	tests := []struct {
 		name    string
@@ -37,6 +38,7 @@ func TestFindProject(t *testing.T) {
 				accessManagementWrapper: &mock.AccessManagementMockWrapper{},
 				applicationsWrapper:     &mock.ApplicationsMockWrapper{},
 				featureFlagsWrapper:     &mock.FeatureFlagsMockWrapper{},
+				tenantWrapper:           &mock.TenantConfigurationMockWrapper{},
 			},
 			want:    "MOCK",
 			wantErr: false,
@@ -51,6 +53,7 @@ func TestFindProject(t *testing.T) {
 				accessManagementWrapper: &mock.AccessManagementMockWrapper{},
 				applicationsWrapper:     &mock.ApplicationsMockWrapper{},
 				featureFlagsWrapper:     &mock.FeatureFlagsMockWrapper{},
+				tenantWrapper:           &mock.TenantConfigurationMockWrapper{},
 			},
 			want:    "ID-new-MOCK",
 			wantErr: false,
@@ -66,7 +69,8 @@ func TestFindProject(t *testing.T) {
 				ttt.args.groupsWrapper,
 				ttt.args.accessManagementWrapper,
 				ttt.args.applicationsWrapper,
-				ttt.args.featureFlagsWrapper)
+				ttt.args.featureFlagsWrapper,
+				ttt.args.tenantWrapper)
 			if (err != nil) != ttt.wantErr {
 				t.Errorf("FindProject() error = %v, wantErr %v", err, ttt.wantErr)
 				return
diff --git a/internal/wrappers/feature-flags.go b/internal/wrappers/feature-flags.go
@@ -17,6 +17,7 @@ const OssRealtimeEnabled = "OSS_REALTIME_ENABLED"
 const ScsLicensingV2Enabled = "SSCS_NEW_LICENSING_ENABLED"
 const SscsCommitHistoryEnabled = "SSCS_COMMIT_HISTORY_ENABLED"
 const DirectAssociationEnabled = "DIRECT_APP_ASSOCIATION_ENABLED"
+const DaMigrationEnabled = "DA_MIGRATION_ENABLED"
 const maxRetries = 3
 const IncreaseFileUploadLimit = "INCREASE_FILE_UPLOAD_LIMIT"
 const ScaDeltaScanEnabled = "SCA_DELTASCAN_ENABLED"
diff --git a/internal/wrappers/mock/tenant-mock.go b/internal/wrappers/mock/tenant-mock.go
@@ -26,6 +26,10 @@ func (t TenantConfigurationMockWrapper) GetTenantConfiguration() (
 				Key:   "scan.config.plugins.aiGuidedRemediationAiEngine",
 				Value: "azureai",
 			},
+			{
+				Key:   "scan.config.applications.directAssociations",
+				Value: "true",
+			},
 		}
 	}
 	return &TenantConfiguration, nil, nil

Original file line number	Diff line number	Diff line change
`@@ -197,6 +197,7 @@ func NewAstCLI(`
`197`	`197`	`featureFlagsWrapper,`
`198`	`198`	`containerResolverWrapper,`
`199`	`199`	`realTimeWrapper,`
	`200`	`+ tenantWrapper,`
`200`	`201`	`)`
`201`	`202`	`projectCmd := NewProjectCommand(applicationsWrapper, projectsWrapper, groupsWrapper, accessManagementWrapper, featureFlagsWrapper)`
`202`	`203`	`dastEnvironmentsCmd := dast.NewDastEnvironmentsCommand(dastEnvironmentsWrapper)`
Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ func NewUtilsCommand(`
`65`	`65`	`},`
`66`	`66`	`}`
`67`	`67`
`68`		`- importCmd := NewImportCommand(projectsWrapper, uploadsWrapper, groupsWrapper, accessManagementWrapper, byorWrapper, applicationsWrapper, featureFlagsWrapper)`
	`68`	`+ importCmd := NewImportCommand(projectsWrapper, uploadsWrapper, groupsWrapper, accessManagementWrapper, byorWrapper, applicationsWrapper, featureFlagsWrapper, tenantWrapper)`
`69`	`69`
`70`	`70`	`envCheckCmd := NewEnvCheckCommand()`
`71`	`71`