Merge branch 'main' into feature/update-secrets-licensing-pre-commit-and-pre-receive

cx-leonardo-fontes · web-flow · commit 67152c537da3 · 2025-09-15T09:27:59.000+01:00
diff --git a/.github/workflows/ai-code-review.yml b/.github/workflows/ai-code-review.yml
@@ -1,4 +1,4 @@
-name: Code Review with OpenAI
+name: AI Code Review
 
 on:
   pull_request:
diff --git a/.github/workflows/checkmarx-one-scan.yml b/.github/workflows/checkmarx-one-scan.yml
@@ -22,4 +22,4 @@ jobs:
           cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
           cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
           cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
-          additional_params: --tags phoenix --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1"
+          additional_params: --tags sypher --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1"
diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml
@@ -1,4 +1,4 @@
-name: Checkmarx One CLI
+name: Continuous Integration Tests
 
 on:
   pull_request:
diff --git a/.github/workflows/pr-add-reviewers.yml b/.github/workflows/pr-add-reviewers.yml
@@ -1,4 +1,4 @@
-name: PR Automation
+name: PR add reviewers
 on:
   pull_request_target:
     types: [ready_for_review, opened, reopened]
@@ -19,4 +19,4 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PRNUM: ${{ github.event.pull_request.number }}
           PRAUTHOR: ${{ github.event.pull_request.user.login }}
-        run: gh pr edit $PRNUM --add-reviewer cx-anurag-dalke
+        run: gh pr edit $PRNUM --add-reviewer cx-plugins-releases
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -146,7 +146,7 @@ jobs:
       product_name: CLI
       release_version: ${{ inputs.tag }}
       cli_release_version: ""
-      release_author: "Phoenix Team"
+      release_author: "Sypher Team"
       release_url: https://github.com/Checkmarx/ast-cli/releases/tag/${{ inputs.tag }}
       jira_product_name: ASTCLI
     secrets: inherit
diff --git a/go.mod b/go.mod
@@ -35,12 +35,6 @@ require (
 )
 
 require (
-	github.com/ncruces/go-strftime v0.1.9 // indirect
-	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	modernc.org/libc v1.66.3 // indirect
-	modernc.org/mathutil v1.7.1 // indirect
-	modernc.org/memory v1.11.0 // indirect
-	modernc.org/sqlite v1.38.2 // indirect
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20240914100643-eb91380d8434 // indirect
@@ -209,6 +203,7 @@ require (
 	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/nwaples/rardecode v1.1.3 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
@@ -223,6 +218,7 @@ require (
 	github.com/pjbgf/sha1cd v0.3.2 // indirect
 	github.com/pkg/profile v1.7.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/zerolog v1.34.0 // indirect
 	github.com/rubenv/sql-migrate v1.8.0 // indirect
@@ -251,7 +247,7 @@ require (
 	github.com/sylabs/sif/v2 v2.21.1 // indirect
 	github.com/sylabs/squashfs v1.0.6 // indirect
 	github.com/therootcompany/xz v1.0.1 // indirect
-	github.com/ulikunitz/xz v0.5.12 // indirect
+	github.com/ulikunitz/xz v0.5.15 // indirect
 	github.com/vbatts/go-mtree v0.5.4 // indirect
 	github.com/vbatts/tar-split v0.12.1 // indirect
 	github.com/vifraa/gopom v1.0.0 // indirect
@@ -304,6 +300,10 @@ require (
 	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
 	k8s.io/kubectl v0.33.3 // indirect
 	k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e // indirect
+	modernc.org/libc v1.66.3 // indirect
+	modernc.org/mathutil v1.7.1 // indirect
+	modernc.org/memory v1.11.0 // indirect
+	modernc.org/sqlite v1.38.2 // indirect
 	oras.land/oras-go/v2 v2.6.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/kustomize/api v0.19.0 // indirect
diff --git a/go.sum b/go.sum
@@ -960,8 +960,8 @@ github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 h1:nrZ3ySNYwJ
 github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80/go.mod h1:iFyPdL66DjUD96XmzVL3ZntbzcflLnznH0fr99w5VqE=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
-github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
+github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/vbatts/go-mtree v0.5.4 h1:OMAb8jaCyiFA7zXj0Zc/oARcxBDBoeu2LizjB8BVJl0=
 github.com/vbatts/go-mtree v0.5.4/go.mod h1:5GqJbVhm9BBiCc4K5uc/c42FPgXulHaQs4sFUEfIWMo=
 github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo=
diff --git a/internal/commands/result.go b/internal/commands/result.go
@@ -1158,7 +1158,7 @@ func filterResultsByType(results *wrappers.ScanResultsCollection, excludedTypes
 func filterScsResultsByAgent(results *wrappers.ScanResultsCollection, agent string) *wrappers.ScanResultsCollection {
 	unsupportedTypesByAgent := map[string][]string{
 		commonParams.VSCodeAgent:       {commonParams.SCSScorecardType},
-		commonParams.JetbrainsAgent:    {commonParams.SCSScorecardType, commonParams.SCSSecretDetectionType},
+		commonParams.JetbrainsAgent:    {commonParams.SCSScorecardType},
 		commonParams.EclipseAgent:      {commonParams.SCSScorecardType, commonParams.SCSSecretDetectionType},
 		commonParams.VisualStudioAgent: {commonParams.SCSScorecardType, commonParams.SCSSecretDetectionType},
 	}
@@ -1211,7 +1211,7 @@ func CreateScanReport(
 		return nil, err
 	}
 	if !scanPending {
-		results, err = ReadResults(resultsWrapper, exportWrapper, scan, resultsParams, agent)
+		results, err = ReadResults(resultsWrapper, exportWrapper, scan, resultsParams, agent, featureFlagsWrapper)
 		if err != nil {
 			return nil, err
 		}
@@ -1498,8 +1498,7 @@ func ReadResults(
 	exportWrapper wrappers.ExportWrapper,
 	scan *wrappers.ScanResponseModel,
 	resultsParams map[string]string,
-	agent string,
-) (results *wrappers.ScanResultsCollection, err error) {
+	agent string, featureflagsWrappers wrappers.FeatureFlagsWrapper) (results *wrappers.ScanResultsCollection, err error) {
 	var resultsModel *wrappers.ScanResultsCollection
 	var errorModel *wrappers.WebError
 
@@ -1522,7 +1521,7 @@ func ReadResults(
 			// Compute SAST results redundancy
 			resultsModel = ComputeRedundantSastResults(resultsModel)
 		}
-		resultsModel, err = enrichScaResults(exportWrapper, scan, resultsModel, scaHideDevAndTestDep)
+		resultsModel, err = enrichScaResults(exportWrapper, scan, resultsModel, scaHideDevAndTestDep, featureflagsWrappers)
 		if err != nil {
 			return nil, err
 		}
@@ -1545,10 +1544,9 @@ func enrichScaResults(
 	exportWrapper wrappers.ExportWrapper,
 	scan *wrappers.ScanResponseModel,
 	resultsModel *wrappers.ScanResultsCollection,
-	scaHideDevAndTestDep bool,
-) (*wrappers.ScanResultsCollection, error) {
+	scaHideDevAndTestDep bool, featureflagWrapper wrappers.FeatureFlagsWrapper) (*wrappers.ScanResultsCollection, error) {
 	if slices.Contains(scan.Engines, commonParams.ScaType) {
-		scaExportDetails, err := services.GetExportPackage(exportWrapper, scan.ID, scaHideDevAndTestDep)
+		scaExportDetails, err := services.GetExportPackage(exportWrapper, scan.ID, scaHideDevAndTestDep, featureflagWrapper)
 		if err != nil {
 			return nil, errors.Wrapf(err, "%s", failedListingResults)
 		}
diff --git a/internal/commands/result_test.go b/internal/commands/result_test.go
@@ -197,7 +197,7 @@ func TestRunScsResultsShow_VSCode_AgentShouldNotShowScorecardResults(t *testing.
 	mock.SetScsMockVarsToDefault()
 }
 
-func TestRunScsResultsShow_Other_AgentsShouldNotShowScsResults(t *testing.T) {
+func TestRunScsResultsShow_Jetbrains_AgentShouldShowScsResults(t *testing.T) {
 	clearFlags()
 	mock.HasScs = true
 	mock.ScsScanPartial = false
@@ -206,8 +206,8 @@ func TestRunScsResultsShow_Other_AgentsShouldNotShowScsResults(t *testing.T) {
 
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "SCS_ONLY", "--report-format", "json", "--agent", params.JetbrainsAgent)
 	assertTypePresentJSON(t, params.SCSScorecardType, 0)
-	assertTypePresentJSON(t, params.SCSSecretDetectionType, 0)
-	assertTotalCountJSON(t, 0)
+	assertTypePresentJSON(t, params.SCSSecretDetectionType, 2)
+	assertTotalCountJSON(t, 2)
 
 	removeFileBySuffix(t, printer.FormatJSON)
 	mock.SetScsMockVarsToDefault()
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
@@ -1030,6 +1030,7 @@ func getResubmitConfiguration(scansWrapper wrappers.ScansWrapper, projectID, use
 
 	if len(allScansModel.Scans) > 0 {
 		scanModelResponse := allScansModel.Scans[0]
+		scanModelResponse.ReplaceMicroEnginesWithSCS()
 		config = scanModelResponse.Metadata.Configs
 		engines := scanModelResponse.Engines
 		// Check if there are no scan types sent using the flags, and use the latest scan engine types
diff --git a/internal/commands/telemetry.go b/internal/commands/telemetry.go
@@ -40,6 +40,9 @@ func telemetryAISubCommand(telemetryAIWrapper wrappers.TelemetryWrapper) *cobra.
 	telemetryAICmd.PersistentFlags().String(params.SubTypeFlag, "", "Sub Type")
 	telemetryAICmd.PersistentFlags().String(params.EngineFlag, "", "Engine")
 	telemetryAICmd.PersistentFlags().String(params.AgentFlag, "", "Agent")
+	telemetryAICmd.PersistentFlags().String(params.ScanTypeFlag, "", "Scan Type")
+	telemetryAICmd.PersistentFlags().String(params.StatusFlag, "", "Status")
+	telemetryAICmd.PersistentFlags().Int(params.TotalCountFlag, 0, "Total Count")
 
 	return telemetryAICmd
 }
@@ -52,6 +55,9 @@ func runTelemetryAI(telemetryWrapper wrappers.TelemetryWrapper) func(*cobra.Comm
 		subType, _ := cmd.Flags().GetString("sub-type")
 		agent, _ := cmd.Flags().GetString("agent")
 		engine, _ := cmd.Flags().GetString("engine")
+		scanType, _ := cmd.Flags().GetString("scan-type")
+		status, _ := cmd.Flags().GetString("status")
+		totalCount, _ := cmd.Flags().GetInt("total-count")
 
 		err := telemetryWrapper.SendAIDataToLog(&wrappers.DataForAITelemetry{
 			AIProvider:      aiProvider,
@@ -60,6 +66,9 @@ func runTelemetryAI(telemetryWrapper wrappers.TelemetryWrapper) func(*cobra.Comm
 			SubType:         subType,
 			Agent:           agent,
 			Engine:          engine,
+			ScanType:        scanType,
+			Status:          status,
+			TotalCount:      totalCount,
 		})
 
 		if err != nil {
diff --git a/internal/params/filters.go b/internal/params/filters.go
@@ -141,6 +141,10 @@ var BaseIncludeFilters = []string{
 	"*.bicepparam",
 	"*.bicep",
 	"Gemfile",
+	"*.cjs",
+	"*.mjs",
+	"*.mts",
+	"*.cts",
 }
 
 var BaseExcludeFilters = []string{
diff --git a/internal/params/flags.go b/internal/params/flags.go
@@ -9,6 +9,9 @@ const (
 	TypeFlag                       = "type"
 	SubTypeFlag                    = "sub-type"
 	EngineFlag                     = "engine"
+	StatusFlag                     = "status"
+	scanTypeFlag                   = "scan-type"
+	TotalCountFlag                 = "total-count"
 	OriginFlag                     = "origin"
 	AgentFlagUsage                 = "Scan origin name"
 	ApplicationName                = "application-name"
diff --git a/internal/services/export.go b/internal/services/export.go
@@ -20,7 +20,7 @@ const (
 	pollingTimeout      = 15 // minutes
 )
 
-func GetExportPackage(exportWrapper wrappers.ExportWrapper, scanID string, scaHideDevAndTestDep bool) (*wrappers.ScaPackageCollectionExport, error) {
+func GetExportPackage(exportWrapper wrappers.ExportWrapper, scanID string, scaHideDevAndTestDep bool, featureflagWrappers wrappers.FeatureFlagsWrapper) (*wrappers.ScaPackageCollectionExport, error) {
 	var scaPackageCollection = &wrappers.ScaPackageCollectionExport{
 		Packages: []wrappers.ScaPackage{},
 		ScaTypes: []wrappers.ScaType{},
@@ -44,9 +44,16 @@ func GetExportPackage(exportWrapper wrappers.ExportWrapper, scanID string, scaHi
 	if err != nil {
 		return nil, err
 	}
+	minioEnabled, _ := wrappers.GetSpecificFeatureFlag(featureflagWrappers, wrappers.MinioEnabled)
 
 	if exportResponse != nil && strings.EqualFold(exportResponse.ExportStatus, completedStatus) && exportResponse.FileURL != "" {
-		scaPackageCollection, err = exportWrapper.GetScaPackageCollectionExport(exportResponse.FileURL)
+		filePath := ""
+		if minioEnabled.Status {
+			filePath = exportResponse.FileURL
+		} else {
+			filePath = exportID.ExportID
+		}
+		scaPackageCollection, err = exportWrapper.GetScaPackageCollectionExport(filePath, minioEnabled.Status)
 		if err != nil {
 			return nil, err
 		}
diff --git a/internal/wrappers/export-http.go b/internal/wrappers/export-http.go
@@ -176,23 +176,27 @@ func (e *ExportHTTPWrapper) DownloadExportReport(reportID, targetFile string) er
 	return nil
 }
 
-func (e *ExportHTTPWrapper) GetScaPackageCollectionExport(fileURL string) (*ScaPackageCollectionExport, error) {
+func (e *ExportHTTPWrapper) GetScaPackageCollectionExport(fileURL string, auth bool) (*ScaPackageCollectionExport, error) {
 	const bomPrefix = "\xef\xbb\xbf"
-
-	accessToken, err := GetAccessToken()
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to get access token")
-	}
-
 	start := time.Now()
 	var resp *http.Response
+	var err error
+	var accessToken string
 
 	for {
 		if time.Since(start) > timeout {
 			return nil, errors.New(errorTimeoutMsg)
 		}
-
-		resp, err = SendHTTPRequestByFullURL(http.MethodGet, fileURL, http.NoBody, true, viper.GetUint(commonParams.ClientTimeoutKey), accessToken, true)
+		if !auth {
+			customURL := fmt.Sprintf("%s/requests/%s/download", e.path, fileURL)
+			resp, err = SendHTTPRequest(http.MethodGet, customURL, http.NoBody, true, viper.GetUint(commonParams.ClientTimeoutKey))
+		} else {
+			accessToken, err = GetAccessToken()
+			if err != nil {
+				return nil, errors.Wrap(err, "failed to get access token")
+			}
+			resp, err = SendHTTPRequestByFullURL(http.MethodGet, fileURL, http.NoBody, true, viper.GetUint(commonParams.ClientTimeoutKey), accessToken, true)
+		}
 		if err == nil && resp.StatusCode == http.StatusOK {
 			break
 		}
diff --git a/internal/wrappers/export.go b/internal/wrappers/export.go
@@ -4,7 +4,7 @@ type ExportWrapper interface {
 	InitiateExportRequest(payload *ExportRequestPayload) (*ExportResponse, error)
 	GetExportReportStatus(reportID string) (*ExportPollingResponse, error)
 	DownloadExportReport(reportID, targetFile string) error
-	GetScaPackageCollectionExport(fileURL string) (*ScaPackageCollectionExport, error)
+	GetScaPackageCollectionExport(fileURL string, auth bool) (*ScaPackageCollectionExport, error)
 }
 
 type ScaPackageCollectionExport struct {
diff --git a/internal/wrappers/mock/export-mock.go b/internal/wrappers/mock/export-mock.go
@@ -43,6 +43,6 @@ func (*ExportMockWrapper) DownloadExportReport(_, targetFile string) error {
 	return nil
 }
 
-func (e *ExportMockWrapper) GetScaPackageCollectionExport(fileURL string) (*wrappers.ScaPackageCollectionExport, error) {
+func (e *ExportMockWrapper) GetScaPackageCollectionExport(fileURL string, auth bool) (*wrappers.ScaPackageCollectionExport, error) {
 	return &wrappers.ScaPackageCollectionExport{}, nil
 }
diff --git a/internal/wrappers/realtime-scanner-http.go b/internal/wrappers/realtime-scanner-http.go
@@ -34,7 +34,7 @@ func (r RealtimeScannerHTTPWrapper) ScanPackages(packages *RealtimeScannerPackag
 	}
 
 	fn := func() (*http.Response, error) {
-		return SendHTTPRequest(http.MethodPost, fmt.Sprint(r.path, "/analyze-manifest"), bytes.NewBuffer(jsonBytes), true, clientTimeout)
+		return SendHTTPRequest(http.MethodPost, fmt.Sprint(r.path, "/scan/packages"), bytes.NewBuffer(jsonBytes), true, clientTimeout)
 	}
 	resp, err := retryHTTPRequest(fn, retryAttempts, retryDelay*time.Millisecond)
 	if err != nil {
diff --git a/internal/wrappers/telemetry.go b/internal/wrappers/telemetry.go
@@ -7,6 +7,9 @@ type DataForAITelemetry struct {
 	SubType         string `json:"subType"`
 	Agent           string `json:"agent"`
 	Engine          string `json:"engine"`
+	ScanType        string `json:"scanType"`
+	Status          string `json:"status"`
+	TotalCount      int    `json:"totalCount"`
 }
 
 type TelemetryWrapper interface {
diff --git a/test/integration/logs_test.go b/test/integration/logs_test.go
@@ -0,0 +1,36 @@
+//go:build integration
+
+package integration
+
+import (
+	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
+	commonParams "github.com/checkmarx/ast-cli/internal/params"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func Test_DownloadScan_Logs_Success(t *testing.T) {
+	args := []string{
+		"scan", "create",
+		flag(commonParams.ProjectName), GenerateRandomProjectNameForScan(),
+		flag(commonParams.SourcesFlag), "data/sources.zip",
+		flag(commonParams.ScanTypes), commonParams.SastType,
+		flag(commonParams.BranchFlag), "dummy_branch",
+		flag(commonParams.ScanInfoFormatFlag), printer.FormatJSON,
+	}
+	scanID, _ := executeCreateScan(t, args)
+	args1 := []string{
+		"scan", "logs", flag(commonParams.ScanIDFlag), scanID, flag(commonParams.ScanTypeFlag), commonParams.SastType,
+	}
+	err, _ := executeCommand(t, args1...)
+	assert.Nil(t, err)
+
+}
+
+func Test_DownloadScan_Logs_Failed(t *testing.T) {
+	args1 := []string{
+		"scan", "logs", flag(commonParams.ScanIDFlag), "fake-scan-id", flag(commonParams.ScanTypeFlag), commonParams.SastType,
+	}
+	err, _ := executeCommand(t, args1...)
+	assert.Error(t, err, "failed to download log")
+}
diff --git a/test/integration/pre_commit_test.go b/test/integration/pre_commit_test.go
@@ -39,6 +39,15 @@ func TestHooksPreCommitUpdatePreCommitHook(t *testing.T) {
 	_ = executeCmdNilAssertion(t, "Uninstalling cx-secret-detection hook", "hooks", "pre-commit", "secrets-uninstall-git-hook")
 }
 
+func TestHooksPreCommitSecretsIgnore(t *testing.T) {
+	tmpDir, cleanup := setupTempDir(t)
+	defer cleanup()
+	// Initialize Git repository
+	execCmd(t, tmpDir, "git", "init")
+	// Ignore precommit hook command
+	_ = executeCmdNilAssertion(t, "precommit secrets Ignore", "hooks", "pre-commit", "secrets-ignore", "--all")
+}
+
 // Helper functions
 func execCmd(t *testing.T, dir string, name string, args ...string) {
 	cmd := exec.Command(name, args...)
diff --git a/test/integration/predicate_test.go b/test/integration/predicate_test.go
diff --git a/test/integration/project_test.go b/test/integration/project_test.go
diff --git a/test/integration/scan_test.go b/test/integration/scan_test.go
diff --git a/test/integration/secrets-realtime_test.go b/test/integration/secrets-realtime_test.go

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-name: Code Review with OpenAI`
	`1`	`+name: AI Code Review`
`2`	`2`
`3`	`3`	`on:`
`4`	`4`	`pull_request:`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-name: Checkmarx One CLI`
	`1`	`+name: Continuous Integration Tests`
`2`	`2`
`3`	`3`	`on:`
`4`	`4`	`pull_request:`