search

Checkmarx / ast-cli

A CLI project wrapping application security testing (AST) APIs
Apache License 2.0
37 stars 26 forks source link

[BUG] poetry toml files are not handled properly #753

Closed ArnaudLacroix closed 2 months ago

ArnaudLacroix commented 4 months ago

Describe the bug

When scanning a Python project using poetry for dependency management, the pyproject.toml file is not scanned therefore no packages are detected.

Expected behavior

pyproject.toml and poetry.lock files should be scanned when the scan is trigger from the CLI. This is already the case when the scan is done manually from the Checkmarx UI.

Actual behavior

Poetry files are not scanned, which means no python dependency is detected.

Steps to reproduce

  1. Pick a python project using poetry
  2. run a scan using the CLI
  3. run a manual scan from Checkmarx UI with a zip of the same project
  4. compare the SCA results : there will be no package detected in the scan report from the CLI
tamarleviCm commented 2 months ago

This is strange, this is not the defined behavior Check if you are using flags: --file-include / -i --file-filter / -f

ArnaudLacroix commented 2 months ago

Hi, This bug was fixed in mid-June, by https://github.com/Checkmarx/ast-cli/pull/760