cycode 3.5.2__tar.gz → 3.6.1.dev4__tar.gz

cycode-3.5.2/README.md → cycode-3.6.1.dev4/PKG-INFO

@@ -1,3 +1,46 @@
+Metadata-Version: 2.4
+Name: cycode
+Version: 3.6.1.dev4
+Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
+License-Expression: MIT
+License-File: LICENCE
+Keywords: secret-scan,cycode,devops,token,secret,security,code
+Author: Cycode
+Author-email: support@cycode.com
+Requires-Python: >=3.9
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Natural Language :: English
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Requires-Dist: arrow (>=1.0.0,<1.4.0)
+Requires-Dist: binaryornot (>=0.4.4,<0.5.0)
+Requires-Dist: click (>=8.1.0,<8.2.0)
+Requires-Dist: colorama (>=0.4.3,<0.5.0)
+Requires-Dist: gitpython (>=3.1.30,<3.2.0)
+Requires-Dist: marshmallow (>=3.15.0,<3.23.0)
+Requires-Dist: mcp (>=1.9.3,<2.0.0) ; python_version >= "3.10"
+Requires-Dist: patch-ng (==1.18.1)
+Requires-Dist: pathvalidate (>=3.3.1,<4.0.0)
+Requires-Dist: pydantic (>=2.11.5,<3.0.0)
+Requires-Dist: pyjwt (>=2.8.0,<3.0)
+Requires-Dist: pyyaml (>=6.0,<7.0)
+Requires-Dist: requests (>=2.32.4,<3.0)
+Requires-Dist: rich (>=13.9.4,<14)
+Requires-Dist: sentry-sdk (>=2.8.0,<3.0)
+Requires-Dist: tenacity (>=9.0.0,<9.1.0)
+Requires-Dist: typer (>=0.15.3,<0.16.0)
+Requires-Dist: urllib3 (==1.26.19)
+Project-URL: Repository, https://github.com/cycodehq/cycode-cli
+Description-Content-Type: text/markdown
+
 # Cycode CLI User Guide
 
 The Cycode Command Line Interface (CLI) is an application you can install locally to scan your repositories for secrets, infrastructure as code misconfigurations, software composition analysis vulnerabilities, and static application security testing issues.
@@ -56,8 +99,9 @@ This guide walks you through both installation and usage.
         6. [Ignoring via a config file](#ignoring-via-a-config-file)
 6. [Report command](#report-command)
     1. [Generating SBOM Report](#generating-sbom-report)
-7. [Scan logs](#scan-logs)
-8. [Syntax Help](#syntax-help)
+7. [Import command](#import-command)
+8. [Scan logs](#scan-logs)
+9. [Syntax Help](#syntax-help)
 
 # Prerequisites
 
@@ -917,6 +961,24 @@ git push --no-verify
 > [!TIP]
 > The pre-push hook is triggered on `git push` command and scans only the commits that are about to be pushed, making it more efficient than scanning the entire repository.
 
+## Exclude Paths From Scans
+You can use a `.cycodeignore` file to tell the Cycode CLI which files and directories to exclude from scans.
+It works just like a `.gitignore` file. This helps you focus scans on your relevant code and prevent certain paths from triggering violations locally.
+
+### How It Works
+1. Create a file named `.cycodeignore` in your workfolder.
+2. List the files and directories you want to exclude, using the same patterns as `.gitignore`.
+3. Place this file in the directory where you plan to run the cycode scan command.
+
+> [!WARNING]
+> - **Invalid files**: If the `.cycodeignore` file contains a syntax error, the CLI scan will fail and return an error.
+> - **Ignoring paths vs. violations**: This file is for excluding paths. It's different from the CLI's capability to ignore specific violations (for example, by using the --ignore-violation flag).
+
+### Supported Scanners
+- SAST
+- IaC (comming soon)
+- SCA (comming soon)
+
 ## Scan Results
 
 Each scan will complete with a message stating if any issues were found or not.
@@ -1277,6 +1339,26 @@ To create an SBOM report for a path:\
 For example:\
 `cycode report sbom --format spdx-2.3 --include-vulnerabilities --include-dev-dependencies path /path/to/local/project`
 
+# Import Command
+
+## Importing SBOM
+
+A software bill of materials (SBOM) is an inventory of all constituent components and software dependencies involved in the development and delivery of an application.
+Using this command, you can import an SBOM file from your file system into Cycode.
+
+The following options are available for use with this command:
+
+| Option                                             | Description                                | Required | Default                                               |
+|----------------------------------------------------|--------------------------------------------|----------|-------------------------------------------------------|
+| `-n, --name TEXT`                                  | Display name of the SBOM                   | Yes      |                                                       |
+| `-v, --vendor TEXT`                                | Name of the entity that provided the SBOM  | Yes      |                                                       |
+| `-l, --label TEXT`                                 | Attach label to the SBOM                   | No       |                                                       |
+| `-o, --owner TEXT`                                 | Email address of the Cycode user that serves as point of contact for this SBOM | No |                         |
+| `-b, --business-impact [High \| Medium \| Low]`    | Business Impact                            | No       | Medium                                                |
+
+For example:\
+`cycode import sbom --name example-sbom --vendor cycode -label tag1 -label tag2 --owner example@cycode.com /path/to/local/project`
+
 # Scan Logs
 
 All CLI scans are logged in Cycode. The logs can be found under Settings > CLI Logs.
@@ -1312,3 +1394,4 @@ To see the options available for a report, use this command:
 To see the options available for a specific type of report, enter:
 
 `cycode scan {{option}} --help`
+

cycode-3.5.2/PKG-INFO → cycode-3.6.1.dev4/README.md

@@ -1,47 +1,3 @@
-Metadata-Version: 2.1
-Name: cycode
-Version: 3.5.2
-Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
-Home-page: https://github.com/cycodehq/cycode-cli
-License: MIT
-Keywords: secret-scan,cycode,devops,token,secret,security,cycode,code
-Author: Cycode
-Author-email: support@cycode.com
-Requires-Python: >=3.9,<3.14
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Environment :: Console
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Natural Language :: English
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.13
-Requires-Dist: arrow (>=1.0.0,<1.4.0)
-Requires-Dist: binaryornot (>=0.4.4,<0.5.0)
-Requires-Dist: click (>=8.1.0,<8.2.0)
-Requires-Dist: colorama (>=0.4.3,<0.5.0)
-Requires-Dist: gitpython (>=3.1.30,<3.2.0)
-Requires-Dist: marshmallow (>=3.15.0,<3.23.0)
-Requires-Dist: mcp (>=1.9.3,<2.0.0) ; python_version >= "3.10"
-Requires-Dist: patch-ng (==1.18.1)
-Requires-Dist: pathvalidate (>=3.3.1,<4.0.0)
-Requires-Dist: pydantic (>=2.11.5,<3.0.0)
-Requires-Dist: pyjwt (>=2.8.0,<3.0)
-Requires-Dist: pyyaml (>=6.0,<7.0)
-Requires-Dist: requests (>=2.32.4,<3.0)
-Requires-Dist: rich (>=13.9.4,<14)
-Requires-Dist: sentry-sdk (>=2.8.0,<3.0)
-Requires-Dist: tenacity (>=9.0.0,<9.1.0)
-Requires-Dist: typer (>=0.15.3,<0.16.0)
-Requires-Dist: urllib3 (==1.26.19)
-Project-URL: Repository, https://github.com/cycodehq/cycode-cli
-Description-Content-Type: text/markdown
-
 # Cycode CLI User Guide
 
 The Cycode Command Line Interface (CLI) is an application you can install locally to scan your repositories for secrets, infrastructure as code misconfigurations, software composition analysis vulnerabilities, and static application security testing issues.
@@ -100,8 +56,9 @@ This guide walks you through both installation and usage.
         6. [Ignoring via a config file](#ignoring-via-a-config-file)
 6. [Report command](#report-command)
     1. [Generating SBOM Report](#generating-sbom-report)
-7. [Scan logs](#scan-logs)
-8. [Syntax Help](#syntax-help)
+7. [Import command](#import-command)
+8. [Scan logs](#scan-logs)
+9. [Syntax Help](#syntax-help)
 
 # Prerequisites
 
@@ -961,6 +918,24 @@ git push --no-verify
 > [!TIP]
 > The pre-push hook is triggered on `git push` command and scans only the commits that are about to be pushed, making it more efficient than scanning the entire repository.
 
+## Exclude Paths From Scans
+You can use a `.cycodeignore` file to tell the Cycode CLI which files and directories to exclude from scans.
+It works just like a `.gitignore` file. This helps you focus scans on your relevant code and prevent certain paths from triggering violations locally.
+
+### How It Works
+1. Create a file named `.cycodeignore` in your workfolder.
+2. List the files and directories you want to exclude, using the same patterns as `.gitignore`.
+3. Place this file in the directory where you plan to run the cycode scan command.
+
+> [!WARNING]
+> - **Invalid files**: If the `.cycodeignore` file contains a syntax error, the CLI scan will fail and return an error.
+> - **Ignoring paths vs. violations**: This file is for excluding paths. It's different from the CLI's capability to ignore specific violations (for example, by using the --ignore-violation flag).
+
+### Supported Scanners
+- SAST
+- IaC (comming soon)
+- SCA (comming soon)
+
 ## Scan Results
 
 Each scan will complete with a message stating if any issues were found or not.
@@ -1321,6 +1296,26 @@ To create an SBOM report for a path:\
 For example:\
 `cycode report sbom --format spdx-2.3 --include-vulnerabilities --include-dev-dependencies path /path/to/local/project`
 
+# Import Command
+
+## Importing SBOM
+
+A software bill of materials (SBOM) is an inventory of all constituent components and software dependencies involved in the development and delivery of an application.
+Using this command, you can import an SBOM file from your file system into Cycode.
+
+The following options are available for use with this command:
+
+| Option                                             | Description                                | Required | Default                                               |
+|----------------------------------------------------|--------------------------------------------|----------|-------------------------------------------------------|
+| `-n, --name TEXT`                                  | Display name of the SBOM                   | Yes      |                                                       |
+| `-v, --vendor TEXT`                                | Name of the entity that provided the SBOM  | Yes      |                                                       |
+| `-l, --label TEXT`                                 | Attach label to the SBOM                   | No       |                                                       |
+| `-o, --owner TEXT`                                 | Email address of the Cycode user that serves as point of contact for this SBOM | No |                         |
+| `-b, --business-impact [High \| Medium \| Low]`    | Business Impact                            | No       | Medium                                                |
+
+For example:\
+`cycode import sbom --name example-sbom --vendor cycode -label tag1 -label tag2 --owner example@cycode.com /path/to/local/project`
+
 # Scan Logs
 
 All CLI scans are logged in Cycode. The logs can be found under Settings > CLI Logs.
@@ -1356,4 +1351,3 @@ To see the options available for a report, use this command:
 To see the options available for a specific type of report, enter:
 
 `cycode scan {{option}} --help`
-

cycode-3.6.1.dev4/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '3.6.1.dev4'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-3.5.2 → cycode-3.6.1.dev4}/cycode/cli/app.py

@@ -9,7 +9,7 @@ from typer._completion_shared import Shells
 from typer.completion import install_callback, show_callback
 
 from cycode import __version__
-from cycode.cli.apps import ai_remediation, auth, configure, ignore, report, scan, status
+from cycode.cli.apps import ai_remediation, auth, configure, ignore, report, report_import, scan, status
 
 if sys.version_info >= (3, 10):
     from cycode.cli.apps import mcp
@@ -50,6 +50,7 @@ app.add_typer(auth.app)
 app.add_typer(configure.app)
 app.add_typer(ignore.app)
 app.add_typer(report.app)
+app.add_typer(report_import.app)
 app.add_typer(scan.app)
 app.add_typer(status.app)
 if sys.version_info >= (3, 10):

{cycode-3.5.2 → cycode-3.6.1.dev4}/cycode/cli/apps/report/sbom/path/path_command.py

@@ -12,6 +12,7 @@ from cycode.cli.files_collector.sca.sca_file_collector import add_sca_dependenci
 from cycode.cli.files_collector.zip_documents import zip_documents
 from cycode.cli.utils.get_api_client import get_report_cycode_client
 from cycode.cli.utils.progress_bar import SbomReportProgressBarSection
+from cycode.cli.utils.scan_utils import is_cycodeignore_allowed_by_scan_config
 from cycode.cli.utils.sentry import add_breadcrumb
 
 
@@ -37,7 +38,11 @@ def path_command(
 
     try:
         documents = get_relevant_documents(
-            progress_bar, SbomReportProgressBarSection.PREPARE_LOCAL_FILES, consts.SCA_SCAN_TYPE, (str(path),)
+            progress_bar,
+            SbomReportProgressBarSection.PREPARE_LOCAL_FILES,
+            consts.SCA_SCAN_TYPE,
+            (str(path),),
+            is_cycodeignore_allowed=is_cycodeignore_allowed_by_scan_config(ctx),
         )
         # TODO(MarshalX): combine perform_pre_scan_documents_actions with get_relevant_document.
         #  unhardcode usage of context in perform_pre_scan_documents_actions

cycode-3.6.1.dev4/cycode/cli/apps/report_import/__init__.py

@@ -0,0 +1,8 @@
+import typer
+
+from cycode.cli.apps.report_import.report_import_command import report_import_command
+from cycode.cli.apps.report_import.sbom import sbom_command
+
+app = typer.Typer(name='import', no_args_is_help=True)
+app.callback(short_help='Import report. You`ll need to specify which report type to import.')(report_import_command)
+app.command(name='sbom', short_help='Import SBOM report from a local path.')(sbom_command)

cycode-3.6.1.dev4/cycode/cli/apps/report_import/report_import_command.py

@@ -0,0 +1,13 @@
+import typer
+
+from cycode.cli.utils.sentry import add_breadcrumb
+
+
+def report_import_command(ctx: typer.Context) -> int:
+    """:bar_chart: [bold cyan]Import security reports.[/]
+
+    Example usage:
+    * `cycode import sbom`: Import SBOM report
+    """
+    add_breadcrumb('import')
+    return 1

cycode-3.6.1.dev4/cycode/cli/apps/report_import/sbom/__init__.py

@@ -0,0 +1,6 @@
+import typer
+
+from cycode.cli.apps.report_import.sbom.sbom_command import sbom_command
+
+app = typer.Typer(name='sbom')
+app.command(name='path', short_help='Import SBOM report from a local path.')(sbom_command)

cycode-3.6.1.dev4/cycode/cli/apps/report_import/sbom/sbom_command.py

@@ -0,0 +1,76 @@
+from pathlib import Path
+from typing import Annotated, Optional
+
+import typer
+
+from cycode.cli.cli_types import BusinessImpactOption
+from cycode.cli.exceptions.handle_report_sbom_errors import handle_report_exception
+from cycode.cli.utils.get_api_client import get_import_sbom_cycode_client
+from cycode.cli.utils.sentry import add_breadcrumb
+from cycode.cyclient.import_sbom_client import ImportSbomParameters
+
+
+def sbom_command(
+    ctx: typer.Context,
+    path: Annotated[
+        Path,
+        typer.Argument(
+            exists=True, resolve_path=True, dir_okay=False, readable=True, help='Path to SBOM file.', show_default=False
+        ),
+    ],
+    sbom_name: Annotated[
+        str, typer.Option('--name', '-n', help='SBOM Name.', case_sensitive=False, show_default=False)
+    ],
+    vendor: Annotated[
+        str, typer.Option('--vendor', '-v', help='Vendor Name.', case_sensitive=False, show_default=False)
+    ],
+    labels: Annotated[
+        Optional[list[str]],
+        typer.Option(
+            '--label', '-l', help='Label, can be specified multiple times.', case_sensitive=False, show_default=False
+        ),
+    ] = None,
+    owners: Annotated[
+        Optional[list[str]],
+        typer.Option(
+            '--owner',
+            '-o',
+            help='Email address of a user in Cycode platform, can be specified multiple times.',
+            case_sensitive=True,
+            show_default=False,
+        ),
+    ] = None,
+    business_impact: Annotated[
+        BusinessImpactOption,
+        typer.Option(
+            '--business-impact',
+            '-b',
+            help='Business Impact.',
+            case_sensitive=True,
+            show_default=True,
+        ),
+    ] = BusinessImpactOption.MEDIUM,
+) -> None:
+    """Import SBOM."""
+    add_breadcrumb('sbom')
+
+    client = get_import_sbom_cycode_client(ctx)
+
+    import_parameters = ImportSbomParameters(
+        Name=sbom_name,
+        Vendor=vendor,
+        BusinessImpact=business_impact,
+        Labels=labels,
+        Owners=owners,
+    )
+
+    try:
+        if not path.exists():
+            from errno import ENOENT
+            from os import strerror
+
+            raise FileNotFoundError(ENOENT, strerror(ENOENT), path.absolute())
+
+        client.request_sbom_import_execution(import_parameters, path)
+    except Exception as e:
+        handle_report_exception(ctx, e)

{cycode-3.5.2 → cycode-3.6.1.dev4}/cycode/cli/apps/scan/code_scanner.py

@@ -23,7 +23,11 @@ from cycode.cli.files_collector.zip_documents import zip_documents
 from cycode.cli.models import CliError, Document, LocalScanResult
 from cycode.cli.utils.progress_bar import ScanProgressBarSection
 from cycode.cli.utils.scan_batch import run_parallel_batched_scan
-from cycode.cli.utils.scan_utils import generate_unique_scan_id, set_issue_detected_by_scan_results
+from cycode.cli.utils.scan_utils import (
+    generate_unique_scan_id,
+    is_cycodeignore_allowed_by_scan_config,
+    set_issue_detected_by_scan_results,
+)
 from cycode.cyclient.models import ZippedFileScanResult
 from cycode.logger import get_logger
 
@@ -42,7 +46,13 @@ def scan_disk_files(ctx: typer.Context, paths: tuple[str, ...]) -> None:
     progress_bar = ctx.obj['progress_bar']
 
     try:
-        documents = get_relevant_documents(progress_bar, ScanProgressBarSection.PREPARE_LOCAL_FILES, scan_type, paths)
+        documents = get_relevant_documents(
+            progress_bar,
+            ScanProgressBarSection.PREPARE_LOCAL_FILES,
+            scan_type,
+            paths,
+            is_cycodeignore_allowed=is_cycodeignore_allowed_by_scan_config(ctx),
+        )
         add_sca_dependencies_tree_documents_if_needed(ctx, scan_type, documents)
         scan_documents(ctx, documents, get_scan_parameters(ctx, paths))
     except Exception as e:

{cycode-3.5.2 → cycode-3.6.1.dev4}/cycode/cli/apps/scan/commit_range_scanner.py

@@ -26,9 +26,9 @@ from cycode.cli.files_collector.commit_range_documents import (
     get_diff_file_path,
     get_pre_commit_modified_documents,
     get_safe_head_reference_for_diff,
-    parse_commit_range_sast,
-    parse_commit_range_sca,
+    parse_commit_range,
 )
+from cycode.cli.files_collector.documents_walk_ignore import filter_documents_with_cycodeignore
 from cycode.cli.files_collector.file_excluder import excluder
 from cycode.cli.files_collector.models.in_memory_zip import InMemoryZip
 from cycode.cli.files_collector.sca.sca_file_collector import (
@@ -40,7 +40,11 @@ from cycode.cli.models import Document
 from cycode.cli.utils.git_proxy import git_proxy
 from cycode.cli.utils.path_utils import get_path_by_os
 from cycode.cli.utils.progress_bar import ScanProgressBarSection
-from cycode.cli.utils.scan_utils import generate_unique_scan_id, set_issue_detected_by_scan_results
+from cycode.cli.utils.scan_utils import (
+    generate_unique_scan_id,
+    is_cycodeignore_allowed_by_scan_config,
+    set_issue_detected_by_scan_results,
+)
 from cycode.cyclient.models import ZippedFileScanResult
 from cycode.logger import get_logger
 
@@ -182,13 +186,19 @@ def _scan_commit_range_documents(
 def _scan_sca_commit_range(ctx: typer.Context, repo_path: str, commit_range: str, **_) -> None:
     scan_parameters = get_scan_parameters(ctx, (repo_path,))
 
-    from_commit_rev, to_commit_rev = parse_commit_range_sca(commit_range, repo_path)
+    from_commit_rev, to_commit_rev = parse_commit_range(commit_range, repo_path)
     from_commit_documents, to_commit_documents, _ = get_commit_range_modified_documents(
         ctx.obj['progress_bar'], ScanProgressBarSection.PREPARE_LOCAL_FILES, repo_path, from_commit_rev, to_commit_rev
     )
     from_commit_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SCA_SCAN_TYPE, from_commit_documents)
     to_commit_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SCA_SCAN_TYPE, to_commit_documents)
 
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    from_commit_documents = filter_documents_with_cycodeignore(
+        from_commit_documents, repo_path, is_cycodeignore_allowed
+    )
+    to_commit_documents = filter_documents_with_cycodeignore(to_commit_documents, repo_path, is_cycodeignore_allowed)
+
     perform_sca_pre_commit_range_scan_actions(
         repo_path, from_commit_documents, from_commit_rev, to_commit_documents, to_commit_rev
     )
@@ -204,6 +214,11 @@ def _scan_secret_commit_range(
         consts.SECRET_SCAN_TYPE, commit_diff_documents_to_scan
     )
 
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    diff_documents_to_scan = filter_documents_with_cycodeignore(
+        diff_documents_to_scan, repo_path, is_cycodeignore_allowed
+    )
+
     scan_documents(
         ctx, diff_documents_to_scan, get_scan_parameters(ctx, (repo_path,)), is_git_diff=True, is_commit_range=True
     )
@@ -212,7 +227,7 @@ def _scan_secret_commit_range(
 def _scan_sast_commit_range(ctx: typer.Context, repo_path: str, commit_range: str, **_) -> None:
     scan_parameters = get_scan_parameters(ctx, (repo_path,))
 
-    from_commit_rev, to_commit_rev = parse_commit_range_sast(commit_range, repo_path)
+    from_commit_rev, to_commit_rev = parse_commit_range(commit_range, repo_path)
     _, commit_documents, diff_documents = get_commit_range_modified_documents(
         ctx.obj['progress_bar'],
         ScanProgressBarSection.PREPARE_LOCAL_FILES,
@@ -221,9 +236,14 @@ def _scan_sast_commit_range(ctx: typer.Context, repo_path: str, commit_range: st
         to_commit_rev,
         reverse_diff=False,
     )
+
     commit_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SAST_SCAN_TYPE, commit_documents)
     diff_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SAST_SCAN_TYPE, diff_documents)
 
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    commit_documents = filter_documents_with_cycodeignore(commit_documents, repo_path, is_cycodeignore_allowed)
+    diff_documents = filter_documents_with_cycodeignore(diff_documents, repo_path, is_cycodeignore_allowed)
+
     _scan_commit_range_documents(ctx, commit_documents, diff_documents, scan_parameters=scan_parameters)
 
 
@@ -254,11 +274,18 @@ def _scan_sca_pre_commit(ctx: typer.Context, repo_path: str) -> None:
         progress_bar_section=ScanProgressBarSection.PREPARE_LOCAL_FILES,
         repo_path=repo_path,
     )
+
     git_head_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SCA_SCAN_TYPE, git_head_documents)
     pre_committed_documents = excluder.exclude_irrelevant_documents_to_scan(
         consts.SCA_SCAN_TYPE, pre_committed_documents
     )
 
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    git_head_documents = filter_documents_with_cycodeignore(git_head_documents, repo_path, is_cycodeignore_allowed)
+    pre_committed_documents = filter_documents_with_cycodeignore(
+        pre_committed_documents, repo_path, is_cycodeignore_allowed
+    )
+
     perform_sca_pre_hook_range_scan_actions(repo_path, git_head_documents, pre_committed_documents)
 
     _scan_commit_range_documents(
@@ -288,8 +315,12 @@ def _scan_secret_pre_commit(ctx: typer.Context, repo_path: str) -> None:
                 is_git_diff_format=True,
             )
         )
+
     documents_to_scan = excluder.exclude_irrelevant_documents_to_scan(consts.SECRET_SCAN_TYPE, documents_to_scan)
 
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    documents_to_scan = filter_documents_with_cycodeignore(documents_to_scan, repo_path, is_cycodeignore_allowed)
+
     scan_documents(ctx, documents_to_scan, get_scan_parameters(ctx), is_git_diff=True)
 
 
@@ -301,11 +332,18 @@ def _scan_sast_pre_commit(ctx: typer.Context, repo_path: str, **_) -> None:
         progress_bar_section=ScanProgressBarSection.PREPARE_LOCAL_FILES,
         repo_path=repo_path,
     )
+
     pre_committed_documents = excluder.exclude_irrelevant_documents_to_scan(
         consts.SAST_SCAN_TYPE, pre_committed_documents
     )
     diff_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SAST_SCAN_TYPE, diff_documents)
 
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    pre_committed_documents = filter_documents_with_cycodeignore(
+        pre_committed_documents, repo_path, is_cycodeignore_allowed
+    )
+    diff_documents = filter_documents_with_cycodeignore(diff_documents, repo_path, is_cycodeignore_allowed)
+
     _scan_commit_range_documents(ctx, pre_committed_documents, diff_documents, scan_parameters=scan_parameters)
 
 

{cycode-3.5.2 → cycode-3.6.1.dev4}/cycode/cli/apps/scan/repository/repository_command.py

@@ -8,6 +8,7 @@ from cycode.cli import consts
 from cycode.cli.apps.scan.code_scanner import scan_documents
 from cycode.cli.apps.scan.scan_parameters import get_scan_parameters
 from cycode.cli.exceptions.handle_scan_errors import handle_scan_exception
+from cycode.cli.files_collector.documents_walk_ignore import filter_documents_with_cycodeignore
 from cycode.cli.files_collector.file_excluder import excluder
 from cycode.cli.files_collector.repository_documents import get_git_repository_tree_file_entries
 from cycode.cli.files_collector.sca.sca_file_collector import add_sca_dependencies_tree_documents_if_needed
@@ -15,6 +16,7 @@ from cycode.cli.logger import logger
 from cycode.cli.models import Document
 from cycode.cli.utils.path_utils import get_path_by_os
 from cycode.cli.utils.progress_bar import ScanProgressBarSection
+from cycode.cli.utils.scan_utils import is_cycodeignore_allowed_by_scan_config
 from cycode.cli.utils.sentry import add_breadcrumb
 
 
@@ -60,6 +62,9 @@ def repository_command(
 
         documents_to_scan = excluder.exclude_irrelevant_documents_to_scan(scan_type, documents_to_scan)
 
+        is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+        documents_to_scan = filter_documents_with_cycodeignore(documents_to_scan, str(path), is_cycodeignore_allowed)
+
         add_sca_dependencies_tree_documents_if_needed(ctx, scan_type, documents_to_scan)
 
         logger.debug('Found all relevant files for scanning %s', {'path': path, 'branch': branch})

{cycode-3.5.2 → cycode-3.6.1.dev4}/cycode/cli/apps/scan/scan_command.py

@@ -1,9 +1,11 @@
+import os
 from pathlib import Path
 from typing import Annotated, Optional
 
 import click
 import typer
 
+from cycode.cli.apps.scan.remote_url_resolver import _try_get_git_remote_url
 from cycode.cli.cli_types import ExportTypeOption, ScanTypeOption, ScaScanTypeOption, SeverityOption
 from cycode.cli.consts import (
     ISSUE_DETECTED_STATUS_CODE,
@@ -161,10 +163,15 @@ def scan_command(
     scan_client = get_scan_cycode_client(ctx)
     ctx.obj['client'] = scan_client
 
-    remote_scan_config = scan_client.get_scan_configuration_safe(scan_type)
+    # Get remote URL from current working directory
+    remote_url = _try_get_git_remote_url(os.getcwd())
+
+    remote_scan_config = scan_client.get_scan_configuration_safe(scan_type, remote_url)
     if remote_scan_config:
         excluder.apply_scan_config(str(scan_type), remote_scan_config)
 
+    ctx.obj['scan_config'] = remote_scan_config
+
     if export_type and export_file:
         console_printer = ctx.obj['console_printer']
         console_printer.enable_recording(export_type, export_file)

{cycode-3.5.2 → cycode-3.6.1.dev4}/cycode/cli/cli_types.py

@@ -52,6 +52,12 @@ class SbomOutputFormatOption(StrEnum):
     JSON = 'json'
 
 
+class BusinessImpactOption(StrEnum):
+    HIGH = 'High'
+    MEDIUM = 'Medium'
+    LOW = 'Low'
+
+
 class SeverityOption(StrEnum):
     INFO = 'info'
     LOW = 'low'

{cycode-3.5.2 → cycode-3.6.1.dev4}/cycode/cli/consts.py

@@ -17,6 +17,8 @@ SAST_SCAN_TYPE = 'sast'
 IAC_SCAN_SUPPORTED_FILE_EXTENSIONS = ('.tf', '.tf.json', '.json', '.yaml', '.yml', '.dockerfile', '.containerfile')
 IAC_SCAN_SUPPORTED_FILE_PREFIXES = ('dockerfile', 'containerfile')
 
+CYCODEIGNORE_FILENAME = '.cycodeignore'
+
 SECRET_SCAN_FILE_EXTENSIONS_TO_IGNORE = (
     '.DS_Store',
     '.bmp',

{cycode-3.5.2 → cycode-3.6.1.dev4}/cycode/cli/files_collector/commit_range_documents.py

@@ -408,22 +408,7 @@ def get_pre_commit_modified_documents(
     return git_head_documents, pre_committed_documents, diff_documents
 
 
-def parse_commit_range_sca(commit_range: str, path: str) -> tuple[Optional[str], Optional[str]]:
-    # FIXME(MarshalX): i truly believe that this function does NOT work as expected
-    #  it does not handle cases like 'A..B' correctly
-    #  i leave it as it for SCA to not break anything
-    #  the more correct approach is implemented for SAST
-    from_commit_rev = to_commit_rev = None
-
-    for commit in git_proxy.get_repo(path).iter_commits(rev=commit_range):
-        if not to_commit_rev:
-            to_commit_rev = commit.hexsha
-        from_commit_rev = commit.hexsha
-
-    return from_commit_rev, to_commit_rev
-
-
-def parse_commit_range_sast(commit_range: str, path: str) -> tuple[Optional[str], Optional[str]]:
+def parse_commit_range(commit_range: str, path: str) -> tuple[Optional[str], Optional[str]]:
     """Parses a git commit range string and returns the full SHAs for the 'from' and 'to' commits.
 
     Supports: