Support SCS Vulnerabilities in json report when Agent is VSCode/AST-CLI (AST-63907) #850

[sarahCx]

By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Added full support for SCS engine results when scanning from the CLI. Added partial support (only Secret Detection results) when scanning is done from VS Code No other case SCS results are supported

References

https://checkmarx.atlassian.net/browse/AST-63907

Testing

Adding unit tests to test the following scenarios: Scan from CLI - expect to receive all SCS engine results. Scan from VS Code - expect to get only Secret Detection results. Scan from another engine - expect to get no results from the SCS engine. Scan without results from SCS. Scan with NULL results.

Checklist

• [ ] I have added documentation for new/changed functionality in this PR (if applicable).
• [ ] I have updated the CLI help for new/changed functionality in this PR (if applicable).
• [ ] All active GitHub checks for tests, formatting, and security are passing
• [ ] The correct base branch is being used

[github-actions[bot]]

Checkmarx One – Scan Summary & Details – a6f7d084-c462-43aa-a963-38c5d50a0cb4

Policy Management Violations

Policy Name	Rule(s)	Break Build
[SAST-ML0] Not allowed NEW Sast vulnerabilities	true

No New Or Fixed Issues Found