Closed rsenden closed 10 months ago
Based on email discussions:
--entitlement-id
from scan start-sast
and related commands--purchase-entitlement
from scan start-sast
and related commands--entitlement-preference
from scan start-sast
and related commandsstart-xxxx
commands will therefore be ReleaseMixin
, --notes
, --file
, --remediation-preference
, --in-progress-action
and --start-date
for DAST?scan-config setup-sast
and related commands (when we have the functionality!)scan start-sast
command will check to see if --entitlement-id
is set and fail if not (as currently)From testing, entitlement-id
is automatically set when "Assessment Type" and “Entitlement” (Static/Subscription) is set from the UI so the scan-config setup-sast
needs to mimic this. This requires the following:
--technology-stack
, --language-level
--audit-preference
, --assessment-type
and --entitlement-frequency
FoDScanHelper.getEntitlementToUse
to find and set the entitlement-id
to use - we need to confirm this logic is correct.--assessment-type
to be a String on scan-config setup-sast
and check it is valid for supplied --entitlement-frequency
.
Current code is difficult to understand/maintain, thereby (potentially) causing bugs like trying to load Mobile assessment types when configuring regular SAST scans. Also based on some incorrect assumptions, like assessment types having predefined, fixed names.