Merge branch 'main' into CM-59792-read-file-hook-save-file-path

Ilanlido · web-flow · commit 895de2fdbfe8 · 2026-02-18T16:19:33.000+02:00
diff --git a/.github/workflows/build_executable.yml b/.github/workflows/build_executable.yml
@@ -61,10 +61,10 @@ jobs:
           git checkout $LATEST_TAG
           echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV
 
-      - name: Set up Python 3.12
+      - name: Set up Python 3.13
         uses: actions/setup-python@v4
         with:
-          python-version: '3.12'
+          python-version: '3.13'
 
       - name: Load cached Poetry setup
         id: cached-poetry
diff --git a/.github/workflows/tests_full.yml b/.github/workflows/tests_full.yml
@@ -66,8 +66,7 @@ jobs:
 
       - name: Run executable test
         # we care about the one Python version that will be used to build the executable
-        # TODO(MarshalX): upgrade to Python 3.13
-        if: matrix.python-version == '3.12'
+        if: matrix.python-version == '3.13'
         run: |
           poetry run pyinstaller pyinstaller.spec
           ./dist/cycode-cli version
diff --git a/README.md b/README.md
@@ -62,7 +62,7 @@ This guide walks you through both installation and usage.
 
 # Prerequisites
 
-- The Cycode CLI application requires Python version 3.9 or later.
+- The Cycode CLI application requires Python version 3.9 or later. The MCP command is available only for Python 3.10 and above. If you're using an earlier Python version, this command will not be available.
 - Use the [`cycode auth` command](#using-the-auth-command) to authenticate to Cycode with the CLI
   - Alternatively, you can get a Cycode Client ID and Client Secret Key by following the steps detailed in the [Service Account Token](https://docs.cycode.com/docs/en/service-accounts) and [Personal Access Token](https://docs.cycode.com/v1/docs/managing-personal-access-tokens) pages, which contain details on getting these values.
 
@@ -1307,6 +1307,12 @@ To create an SBOM report for a path:\
 For example:\
 `cycode report sbom --format spdx-2.3 --include-vulnerabilities --include-dev-dependencies path /path/to/local/project`
 
+The `path` subcommand supports the following additional options:
+
+| Option                  | Description                                                                                                                      |
+|-------------------------|----------------------------------------------------------------------------------------------------------------------------------|
+| `--maven-settings-file` | For Maven only, allows using a custom [settings.xml](https://maven.apache.org/settings.html) file when building the dependency tree |
+
 # Import Command
 
 ## Importing SBOM
diff --git a/cycode/cli/apps/report/sbom/path/path_command.py b/cycode/cli/apps/report/sbom/path/path_command.py
@@ -1,6 +1,6 @@
 import time
 from pathlib import Path
-from typing import Annotated
+from typing import Annotated, Optional
 
 import typer
 
@@ -14,14 +14,28 @@
 from cycode.cli.utils.progress_bar import SbomReportProgressBarSection
 from cycode.cli.utils.scan_utils import is_cycodeignore_allowed_by_scan_config
 
+_SCA_RICH_HELP_PANEL = 'SCA options'
+
 
 def path_command(
     ctx: typer.Context,
     path: Annotated[
         Path,
         typer.Argument(exists=True, resolve_path=True, help='Path to generate SBOM report for.', show_default=False),
     ],
+    maven_settings_file: Annotated[
+        Optional[Path],
+        typer.Option(
+            '--maven-settings-file',
+            show_default=False,
+            help='When specified, Cycode will use this settings.xml file when building the maven dependency tree.',
+            dir_okay=False,
+            rich_help_panel=_SCA_RICH_HELP_PANEL,
+        ),
+    ] = None,
 ) -> None:
+    ctx.obj['maven_settings_file'] = maven_settings_file
+
     client = get_report_cycode_client(ctx)
     report_parameters = ctx.obj['report_parameters']
     output_format = report_parameters.output_format
diff --git a/cycode/cli/apps/scan/scan_result.py b/cycode/cli/apps/scan/scan_result.py
@@ -88,7 +88,7 @@ def _get_file_name_from_detection(scan_type: str, raw_detection: dict) -> str:
     if scan_type == consts.SECRET_SCAN_TYPE:
         return _get_secret_file_name_from_detection(raw_detection)
 
-    return raw_detection['detection_details']['file_name']
+    return raw_detection['detection_details']['file_path']
 
 
 def _get_secret_file_name_from_detection(raw_detection: dict) -> str:
diff --git a/cycode/cli/exceptions/custom_exceptions.py b/cycode/cli/exceptions/custom_exceptions.py
@@ -47,12 +47,9 @@ class ReportAsyncError(CycodeError):
     pass
 
 
-class HttpUnauthorizedError(RequestError):
+class HttpUnauthorizedError(RequestHttpError):
     def __init__(self, error_message: str, response: Response) -> None:
-        self.status_code = 401
-        self.error_message = error_message
-        self.response = response
-        super().__init__(self.error_message)
+        super().__init__(401, error_message, response)
 
     def __str__(self) -> str:
         return f'HTTP unauthorized error occurred during the request. Message: {self.error_message}'
diff --git a/cycode/cli/printers/tables/sca_table_printer.py b/cycode/cli/printers/tables/sca_table_printer.py
@@ -86,7 +86,7 @@ def _enrich_table_with_values(table: Table, detection: Detection) -> None:
             table.add_cell(SEVERITY_COLUMN, 'N/A')
 
         table.add_cell(REPOSITORY_COLUMN, detection_details.get('repository_name'))
-        table.add_file_path_cell(CODE_PROJECT_COLUMN, detection_details.get('file_name'))
+        table.add_file_path_cell(CODE_PROJECT_COLUMN, detection_details.get('file_path'))
         table.add_cell(ECOSYSTEM_COLUMN, detection_details.get('ecosystem'))
         table.add_cell(PACKAGE_COLUMN, detection_details.get('package_name'))
 
diff --git a/cycode/cli/printers/utils/detection_data.py b/cycode/cli/printers/utils/detection_data.py
@@ -105,4 +105,4 @@ def get_detection_file_path(scan_type: str, detection: 'Detection') -> Path:
 
         return Path(file_path)
 
-    return Path(detection.detection_details.get('file_name', ''))
+    return Path(detection.detection_details.get('file_path', ''))
diff --git a/cycode/cli/printers/utils/detection_ordering/sca_ordering.py b/cycode/cli/printers/utils/detection_ordering/sca_ordering.py
@@ -49,7 +49,7 @@ def sort_and_group_detections(detections: list['Detection']) -> tuple[list['Dete
 
     grouped_by_repository = __group_by(sorted_detections, 'repository_name')
     for repository_group in grouped_by_repository.values():
-        grouped_by_code_project = __group_by(repository_group, 'file_name')
+        grouped_by_code_project = __group_by(repository_group, 'file_path')
         for code_project_group in grouped_by_code_project.values():
             grouped_by_package = __group_by(code_project_group, 'package_name')
             for package_group in grouped_by_package.values():
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyinstaller.spec b/pyinstaller.spec
@@ -23,10 +23,10 @@ with open(_INIT_FILE_PATH, 'w', encoding='UTF-8') as file:
 
 a = Analysis(
     scripts=['cycode/cli/main.py'],
-    excludes=['tests'],
+    excludes=['tests', 'setuptools', 'pkg_resources'],
 )
 
-exe_args = [PYZ(a.pure, a.zipped_data), a.scripts, a.binaries, a.zipfiles, a.datas]
+exe_args = [PYZ(a.pure), a.scripts, a.binaries, a.datas]
 if _ONEDIR_MODE:
     exe_args = [PYZ(a.pure), a.scripts]
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -60,7 +60,7 @@ responses = ">=0.23.1,<0.24.0"
 pyfakefs = ">=5.7.2,<5.8.0"
 
 [tool.poetry.group.executable.dependencies]
-pyinstaller = {version=">=5.13.2,<5.14.0", python=">=3.8,<3.13"}
+pyinstaller = {version=">=6.0.0,<7.0.0", python=">=3.9,<3.15"}
 dunamai = ">=1.18.0,<1.22.0"
 
 [tool.poetry.group.dev.dependencies]
diff --git a/tests/cli/commands/scan/test_scan_result.py b/tests/cli/commands/scan/test_scan_result.py
@@ -0,0 +1,47 @@
+import os
+
+from cycode.cli.apps.scan.scan_result import _get_file_name_from_detection
+from cycode.cli.consts import IAC_SCAN_TYPE, SAST_SCAN_TYPE, SCA_SCAN_TYPE, SECRET_SCAN_TYPE
+
+
+def test_get_file_name_from_detection_sca_uses_file_path() -> None:
+    raw_detection = {
+        'detection_details': {
+            'file_name': 'package.json',
+            'file_path': '/repo/path/package.json',
+        },
+    }
+    result = _get_file_name_from_detection(SCA_SCAN_TYPE, raw_detection)
+    assert result == '/repo/path/package.json'
+
+
+def test_get_file_name_from_detection_iac_uses_file_path() -> None:
+    raw_detection = {
+        'detection_details': {
+            'file_name': 'main.tf',
+            'file_path': '/repo/infra/main.tf',
+        },
+    }
+    result = _get_file_name_from_detection(IAC_SCAN_TYPE, raw_detection)
+    assert result == '/repo/infra/main.tf'
+
+
+def test_get_file_name_from_detection_sast_uses_file_path() -> None:
+    raw_detection = {
+        'detection_details': {
+            'file_path': '/repo/src/app.py',
+        },
+    }
+    result = _get_file_name_from_detection(SAST_SCAN_TYPE, raw_detection)
+    assert result == '/repo/src/app.py'
+
+
+def test_get_file_name_from_detection_secret_uses_file_path_and_file_name() -> None:
+    raw_detection = {
+        'detection_details': {
+            'file_path': '/repo/src',
+            'file_name': '.env',
+        },
+    }
+    result = _get_file_name_from_detection(SECRET_SCAN_TYPE, raw_detection)
+    assert result == os.path.join('/repo/src', '.env')
diff --git a/tests/cli/printers/utils/test_detection_data.py b/tests/cli/printers/utils/test_detection_data.py
@@ -0,0 +1,41 @@
+from pathlib import Path
+from unittest.mock import MagicMock
+
+from cycode.cli.consts import IAC_SCAN_TYPE, SAST_SCAN_TYPE, SCA_SCAN_TYPE, SECRET_SCAN_TYPE
+from cycode.cli.printers.utils.detection_data import get_detection_file_path
+
+
+def _make_detection(**details: str) -> MagicMock:
+    detection = MagicMock()
+    detection.detection_details = dict(details)
+    return detection
+
+
+def test_get_detection_file_path_sca_uses_file_path() -> None:
+    detection = _make_detection(file_name='package.json', file_path='/repo/path/package.json')
+    result = get_detection_file_path(SCA_SCAN_TYPE, detection)
+    assert result == Path('/repo/path/package.json')
+
+
+def test_get_detection_file_path_iac_uses_file_path() -> None:
+    detection = _make_detection(file_name='main.tf', file_path='/repo/infra/main.tf')
+    result = get_detection_file_path(IAC_SCAN_TYPE, detection)
+    assert result == Path('/repo/infra/main.tf')
+
+
+def test_get_detection_file_path_sca_fallback_empty() -> None:
+    detection = _make_detection()
+    result = get_detection_file_path(SCA_SCAN_TYPE, detection)
+    assert result == Path('')
+
+
+def test_get_detection_file_path_secret() -> None:
+    detection = _make_detection(file_path='/repo/src', file_name='.env')
+    result = get_detection_file_path(SECRET_SCAN_TYPE, detection)
+    assert result == Path('/repo/src/.env')
+
+
+def test_get_detection_file_path_sast() -> None:
+    detection = _make_detection(file_path='repo/src/app.py')
+    result = get_detection_file_path(SAST_SCAN_TYPE, detection)
+    assert result == Path('/repo/src/app.py')

Original file line number	Diff line number	Diff line change
`@@ -105,4 +105,4 @@ def get_detection_file_path(scan_type: str, detection: 'Detection') -> Path:`
`105`	`105`
`106`	`106`	`return Path(file_path)`
`107`	`107`
`108`		`- return Path(detection.detection_details.get('file_name', ''))`
	`108`	`+ return Path(detection.detection_details.get('file_path', ''))`