Skip to content

[PPSC-840] fix(scan): add inline suppression directives for remaining CI findings#198

Merged
yiftach-armis merged 2 commits into
mainfrom
fix/PPSC-840-fix-scan-suppression-directives
May 26, 2026
Merged

[PPSC-840] fix(scan): add inline suppression directives for remaining CI findings#198
yiftach-armis merged 2 commits into
mainfrom
fix/PPSC-840-fix-scan-suppression-directives

Conversation

@yiftach-armis
Copy link
Copy Markdown
Collaborator

@yiftach-armis yiftach-armis commented May 26, 2026
edited by atlassian Bot
Loading

Related Issue

Type of Change

  • Bug fix (non-breaking change which fixes an issue)

Problem

The inline matching engine flags certain code patterns as potential vulnerabilities (CWE-22, CWE-78, CWE-94, CWE-522, CWE-20, CWE-770) even though the inputs are already validated or bounded by design. This causes CI scan noise on every run.

Solution

Add and update armis:ignore inline suppression comments across 12 files to suppress false-positive findings. Each directive includes a reason: explaining why the flagged code is safe (e.g., path validated by isUnderDir, command args validated by allowlist, credentials written with 0600 permissions). Also adds missing cwe:22 to existing cwe:770 directives where both CWEs are reported on the same line.

Testing

Automated Tests

  • All tests passing locally
  • Unit tests added/updated (not applicable — comment-only changes)

Manual Testing

Verified that make lint and make test pass with no regressions from these changes.

Checklist

  • Code follows project style guidelines
  • Pre-commit hooks pass
  • Self-review performed
  • No new warnings generated

@yiftach-armis
fix(scan): add inline suppression directives for remaining CI findings
414ea19 
Add and update armis:ignore comments to suppress false-positive
findings from the inline matching engine. Adds cwe:22, cwe:78,
cwe:94, cwe:522, and cwe:20 directives where inputs are already
validated or bounded by design.
Copilot AI review requested due to automatic review settings May 26, 2026 12:56
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 26, 2026
edited
Loading

Test Coverage Report

total: (statements) 77.4%

Coverage by function 
github.com/ArmisSecurity/armis-cli/cmd/armis-cli/main.go:19:			main					0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/agent.go:34:		Registry				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/agentdetect.go:29:	FlatResults				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/agentdetect.go:45:	NewScanner				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/agentdetect.go:53:	Scan					82.4%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:12:		resolvePath				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:23:		isUnderDir				81.8%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:46:		dirExists				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:56:		fileExists				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:67:		hasExtensionPrefix			80.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:88:		findExtensionVersion			64.3%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:111:	readVersionFromPackageJSON		71.4%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:127:	hasJetBrainsPlugin			100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:140:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:142:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:147:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:151:	DetectVersion				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:159:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:161:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:171:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:175:	DetectVersion				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:183:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:185:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:189:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:193:	DetectVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:201:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:203:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:213:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:218:	DetectVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:226:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:228:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:235:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:239:	DetectVersion				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:247:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:249:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:256:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:262:	DetectVersion				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:270:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:272:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:279:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:283:	DetectVersion				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:291:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:293:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:300:	CheckMCP				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:304:	DetectVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:312:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:314:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:318:	CheckMCP				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:322:	DetectVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:330:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:332:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:336:	CheckMCP				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:340:	DetectVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:348:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:350:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:360:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:364:	DetectVersion				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:372:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:374:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:389:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:393:	DetectVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:401:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:403:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:411:	CheckMCP				75.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:419:	DetectVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:427:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:429:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:433:	CheckMCP				83.3%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:454:	DetectVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:462:	Name					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:464:	Detect					100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:468:	CheckMCP				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/detector.go:472:	DetectVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/format.go:13:		FormatPlain				81.8%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/format.go:50:		FormatJSON				100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/mcpconfig.go:19:	HasArmisMCP				83.3%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/mcpconfig.go:40:	HasArmisMCPInClaudeSettings		86.7%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/mcpconfig.go:68:	HasArmisMCPInZedSettings		66.7%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/mcpconfig.go:98:	HasArmisMCPInVSCodeFormat		66.7%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/mcpconfig.go:122:	hasArmisMCPInData			100.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/platform_linux.go:13:	NewPlatform				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/platform_linux.go:17:	UserHomeDirs				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/platform_linux.go:25:	VSCodeExtensionsDir			0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/platform_linux.go:30:	JetBrainsPluginDirs			0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/platform_linux.go:35:	VSCodeUserConfigDir			0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/platform_linux.go:39:	CursorAppExists				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/platform_linux.go:43:	JunieBinaryPaths			0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/platform_linux.go:51:	ZedConfigDir				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/platform_linux.go:55:	IsRoot					0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/userprofile.go:13:	enumerateUserDirs			0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/userprofile.go:41:	currentUserOnly				0.0%
github.com/ArmisSecurity/armis-cli/internal/agentdetect/userprofile.go:56:	globJetBrainsPluginDirs			0.0%
github.com/ArmisSecurity/armis-cli/internal/api/agents.go:30:			ReportAgentInventory			78.9%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:29:			Error					0.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:72:			copyWithContext				70.4%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:145:			WithHTTPClient				100.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:154:			WithUploadHTTPClient			100.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:162:			WithAllowLocalURLs			100.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:174:			NewClient				100.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:222:			IsDebug					100.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:236:			setAuthHeader				77.8%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:271:			StartIngest				72.3%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:431:			GetIngestStatus				82.6%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:472:			WaitForIngest				84.6%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:523:			FetchNormalizedResults			74.2%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:578:			FetchAllNormalizedResults		91.7%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:604:			GetScanResult				68.4%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:639:			WaitForScan				100.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:660:			formatBytes				100.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:682:			FetchArtifactScanResults		75.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:737:			ValidatePresignedURL			100.0%
github.com/ArmisSecurity/armis-cli/internal/api/client.go:774:			DownloadFromPresignedURL		84.2%
github.com/ArmisSecurity/armis-cli/internal/auth/auth.go:58:			NewAuthProvider				95.2%
github.com/ArmisSecurity/armis-cli/internal/auth/auth.go:104:			GetAuthorizationHeader			100.0%
github.com/ArmisSecurity/armis-cli/internal/auth/auth.go:124:			GetTenantID				85.7%
github.com/ArmisSecurity/armis-cli/internal/auth/auth.go:141:			GetRegion				85.7%
github.com/ArmisSecurity/armis-cli/internal/auth/auth.go:156:			IsLegacy				100.0%
github.com/ArmisSecurity/armis-cli/internal/auth/auth.go:169:			GetRawToken				85.7%
github.com/ArmisSecurity/armis-cli/internal/auth/auth.go:197:			exchangeCredentials			87.9%
github.com/ArmisSecurity/armis-cli/internal/auth/auth.go:268:			refreshIfNeeded				100.0%
github.com/ArmisSecurity/armis-cli/internal/auth/auth.go:300:			parseJWTClaims				93.3%
github.com/ArmisSecurity/armis-cli/internal/auth/client.go:29:			Error					100.0%
github.com/ArmisSecurity/armis-cli/internal/auth/client.go:41:			NewAuthClient				100.0%
github.com/ArmisSecurity/armis-cli/internal/auth/client.go:97:			Authenticate				77.4%
github.com/ArmisSecurity/armis-cli/internal/auth/region_cache.go:34:		NewRegionCache				100.0%
github.com/ArmisSecurity/armis-cli/internal/auth/region_cache.go:40:		Load					82.4%
github.com/ArmisSecurity/armis-cli/internal/auth/region_cache.go:75:		Save					76.9%
github.com/ArmisSecurity/armis-cli/internal/auth/region_cache.go:105:		Clear					75.0%
github.com/ArmisSecurity/armis-cli/internal/auth/region_cache.go:115:		getFilePath				83.3%
github.com/ArmisSecurity/armis-cli/internal/auth/region_cache.go:132:		loadCachedRegion			100.0%
github.com/ArmisSecurity/armis-cli/internal/auth/region_cache.go:136:		saveCachedRegion			100.0%
github.com/ArmisSecurity/armis-cli/internal/auth/region_cache.go:140:		clearCachedRegion			100.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:60:			InitColors				85.2%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:107:			ColorsEnabled				100.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:113:			ColorsForced				100.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:119:			SetOutputToFile				100.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:125:			GetOutputToFile				0.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:129:			enableColors				100.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:136:			disableColors				100.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:151:			parseErrorMessage			92.9%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:182:			PrintError				100.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:195:			PrintErrorf				0.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:202:			PrintWarning				100.0%
github.com/ArmisSecurity/armis-cli/internal/cli/color.go:208:			PrintWarningf				100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/agent_detection.go:36:		init					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/agent_detection.go:41:		runAgentDetection			0.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/agent_detection_collect.go:29:	init					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/agent_detection_collect.go:33:	runAgentDetectionCollect		0.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/agent_detection_collect.go:84:	buildInventoryPayload			100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/auth.go:33:			init					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/auth.go:39:			runAuth					92.9%
github.com/ArmisSecurity/armis-cli/internal/cmd/context.go:24:			NewSignalContext			100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/context.go:33:			handleScanError				100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/help.go:30:			SetupHelp				91.7%
github.com/ArmisSecurity/armis-cli/internal/cmd/help.go:59:			styledUsageTemplate			100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/help.go:102:			defaultUsageTemplate			100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/help.go:109:			initColorsForHelp			35.3%
github.com/ArmisSecurity/armis-cli/internal/cmd/help.go:150:			styleHelpOutput				83.3%
github.com/ArmisSecurity/armis-cli/internal/cmd/install.go:56:			init					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/install.go:62:			runInstall				0.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/install.go:84:			showInstalledVersions			84.6%
github.com/ArmisSecurity/armis-cli/internal/cmd/install.go:107:			installAll				0.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/install.go:176:			installTargets				33.3%
github.com/ArmisSecurity/armis-cli/internal/cmd/install.go:289:			printCredentialStatus			100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/output_helper.go:27:		Cleanup					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/output_helper.go:53:		ResolveOutput				96.4%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:168:			SetVersion				100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:176:			Execute					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:180:			init					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:211:			PrintUpdateNotification			81.2%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:253:			printUpdateNotificationOnce		75.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:266:			getEnvOrDefault				100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:273:			getEnvOrDefaultInt			100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:285:			getAPIBaseURL				100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:297:			getAuthProvider				100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:309:			getPageLimit				100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:316:			validatePageLimit			100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:326:			validateFailOn				100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/root.go:344:			getFailOn				100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/scan.go:92:			init					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/scan_image.go:156:		init					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/scan_repo.go:195:		init					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/uninstall.go:38:		init					100.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/uninstall.go:44:		runUninstall				0.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/uninstall.go:63:		uninstallAll				50.0%
github.com/ArmisSecurity/armis-cli/internal/cmd/uninstall.go:108:		uninstallTargets			54.8%
github.com/ArmisSecurity/armis-cli/internal/cmd/uninstall.go:168:		confirm					100.0%
github.com/ArmisSecurity/armis-cli/internal/httpclient/client.go:31:		NewClient				92.3%
github.com/ArmisSecurity/armis-cli/internal/httpclient/client.go:61:		Do					86.1%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:23:		NewClaudeInstaller			75.0%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:35:		InstalledVersion			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:40:		Install					14.3%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:72:		pluginCacheDir				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:77:		PluginCacheDir				0.0%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:82:		EnvFilePath				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:87:		GetInstalledVersion			76.2%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:119:		HasExistingEnv				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:124:		registerMarketplace			83.3%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:141:		registerPlugin				75.0%
github.com/ArmisSecurity/armis-cli/internal/install/claude.go:170:		enablePlugin				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:55:		EditorByID				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:68:		ConfigPath				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:79:		IsDetected				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:89:		Register				75.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:98:		DetectedEditors				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:115:		NewEditorInstaller			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:125:		InstalledVersion			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:128:		PluginDir				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:131:		EnvFilePath				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:134:		HasExistingEnv				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:145:		FetchPlugin				0.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:171:		GetInstalledVersion			80.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:181:		RegisterJetBrains			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:187:		defaultConfigPath			83.3%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:224:		homeDir					75.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:232:		appSupportPath				29.4%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:265:		registerEditor				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:279:		registerMCPServersFormat		100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:293:		registerVSCodeFormat			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:312:		registerZedFormat			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:331:		stdServerEntry				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/editors.go:338:		readJSONFileAsMap			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/manifest.go:38:		ManifestPath				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/manifest.go:55:		ReadManifest				80.0%
github.com/ArmisSecurity/armis-cli/internal/install/manifest.go:72:		WriteManifest				66.7%
github.com/ArmisSecurity/armis-cli/internal/install/manifest.go:84:		NewManifest				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/manifest.go:95:		AddEditor				66.7%
github.com/ArmisSecurity/armis-cli/internal/install/manifest.go:103:		RemoveEditor				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/manifest.go:108:		SetClaude				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/manifest.go:113:		ConfigFormat				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:53:		newPluginInstaller			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:61:		InstalledVersion			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:66:		LatestVersion				0.0%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:75:		FetchAndInstall				0.0%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:97:		fetchLatestRelease			69.6%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:137:		downloadAndExtract			73.6%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:253:		createVenv				0.0%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:286:		validateGitHubURL			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:300:		extractFile				57.1%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:312:		writeJSON				66.7%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:323:		findPython				76.9%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:350:		writeEnvFromEnvironment			85.7%
github.com/ArmisSecurity/armis-cli/internal/install/plugin.go:378:		venvPython				66.7%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:19:		NewUninstaller				100.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:28:		HasManifest				0.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:33:		PluginDir				0.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:38:		DeregisterEditor			0.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:59:		DeregisterAllEditors			80.6%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:110:		DeregisterClaude			64.7%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:144:		RemovePluginFiles			64.7%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:178:		editorConfigPath			0.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:189:		deregisterEditor			40.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:202:		deregisterFromFile			66.7%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:209:		deregisterMCPServersFormat		100.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:225:		deregisterVSCodeFormat			77.8%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:241:		deregisterZedFormat			77.8%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:257:		removeContinueFile			75.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:271:		removeFromMarketplace			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:276:		removeFromInstalledPlugins		100.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:281:		removeFromSettings			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:286:		removeJSONKey				55.6%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:301:		removeNestedJSONKey			61.5%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:321:		hasArmisEntry				83.3%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:343:		readAndParseJSON			100.0%
github.com/ArmisSecurity/armis-cli/internal/install/uninstall.go:355:		writeJSONAtomic				55.0%
github.com/ArmisSecurity/armis-cli/internal/output/errno_unix.go:12:		isSyncNotSupported			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:55:			wrapText				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:78:			wrapLine				91.7%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:116:		formatRecommendations			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:186:		wrapTextWithFirstLinePrefix		90.9%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:225:		write					66.7%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:256:		Write					89.5%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:286:		Format					100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:291:		FormatWithOptions			88.1%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:380:		SyncColors				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:384:		sortFindingsBySeverity			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:395:		loadSnippetFromFile			69.4%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:511:		formatCodeSnippetWithFrame		91.1%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:604:		truncatePlainLine			0.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:616:		highlightColumns			93.5%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:661:		scanDuration				89.5%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:694:		pluralize				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:703:		suppressionSummaryText			80.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:731:		renderBriefStatus			87.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:788:		renderSummaryDashboard			59.5%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:875:		renderFindings				88.9%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:904:		renderFinding				54.5%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1016:		renderGroupedFindings			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1040:		groupFindings				96.8%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1097:		severityRank				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1104:		isGitRepo				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1111:		getGitBlame				38.1%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1149:		parseGitBlame				95.2%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1185:		maskEmail				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1208:		getTopLevelDomain			75.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1220:		getHumanDisplayTitle			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1234:		wrapTitle				93.9%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1293:		maskFixForDisplay			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1328:		formatFixSection			0.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1393:		formatProposedSnippet			0.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1476:		limitHunkContext			64.7%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1552:		parseDiffHunk				91.7%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1574:		parseDiffLines				94.6%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1665:		findInlineChanges			73.5%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1736:		computeLCS				92.3%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1788:		buildTokenPositions			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1804:		tokenizeLine				92.9%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1832:		isWordChar				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1839:		formatDiffWithColorsStyled		77.1%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1913:		extractDiffFilename			80.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1935:		formatDiffHunkLine			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1955:		formatDiffContextLine			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:1966:		formatDiffRemoveLine			86.4%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2007:		formatDiffAddLine			86.4%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2049:		applyInlineHighlights			81.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2091:		truncateDiffLine			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2098:		truncateDiffLineWithFlag		66.7%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2112:		adjustHighlightSpans			83.3%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2134:		groupDiffHunks				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2165:		collectRenderOps			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2208:		renderChangeBlock			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2267:		formatDiffHunkSeparator			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2282:		formatValidationSection			0.0%
github.com/ArmisSecurity/armis-cli/internal/output/human.go:2339:		getExposureDescription			0.0%
github.com/ArmisSecurity/armis-cli/internal/output/icons.go:24:			GetConfidenceIcon			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/json.go:15:			Format					100.0%
github.com/ArmisSecurity/armis-cli/internal/output/json.go:24:			FormatWithOptions			66.7%
github.com/ArmisSecurity/armis-cli/internal/output/json.go:32:			formatWithDebug				0.0%
github.com/ArmisSecurity/armis-cli/internal/output/json.go:58:			maskScanResultForOutput			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/json.go:78:			maskFindingSecrets			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/junit.go:48:			Format					100.0%
github.com/ArmisSecurity/armis-cli/internal/output/junit.go:55:			FormatWithOptions			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/junit.go:63:			formatWithSeverities			77.8%
github.com/ArmisSecurity/armis-cli/internal/output/junit.go:92:			isFailureSeverity			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/junit.go:102:		convertToJUnitCasesWithSeverities	100.0%
github.com/ArmisSecurity/armis-cli/internal/output/junit.go:135:		countFailuresWithSeverities		100.0%
github.com/ArmisSecurity/armis-cli/internal/output/output.go:26:		Error					0.0%
github.com/ArmisSecurity/armis-cli/internal/output/output.go:37:		Error					0.0%
github.com/ArmisSecurity/armis-cli/internal/output/output.go:58:		GetFormatter				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/output.go:75:		ShouldFail				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/output.go:94:		FilterActiveFindings			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/output.go:107:		CheckExit				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:174:		normalizeCWE				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:183:		normalizeCVE				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:193:		stripMarkdown				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:205:		Format					100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:232:		firstNonEmpty				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:251:		stableRuleID				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:269:		buildRules				96.3%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:340:		convertToSarifResults			90.3%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:441:		buildMessageText			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:448:		severityToSarifLevel			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:467:		severityToSecurityScore			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:486:		generateHelpURI				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:510:		convertFixToSarif			90.5%
github.com/ArmisSecurity/armis-cli/internal/output/sarif.go:627:		FormatWithOptions			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/styles.go:138:		DefaultStyles				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/styles.go:276:		NoColorStyles				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/styles.go:353:		GetStyles				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/styles.go:361:		SyncStylesWithColorMode			100.0%
github.com/ArmisSecurity/armis-cli/internal/output/styles.go:386:		GetSeverityText				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/styles.go:414:		TerminalWidth				33.3%
github.com/ArmisSecurity/armis-cli/internal/output/syntax.go:21:		GetLexer				100.0%
github.com/ArmisSecurity/armis-cli/internal/output/syntax.go:32:		GetChromaStyle				80.0%
github.com/ArmisSecurity/armis-cli/internal/output/syntax.go:45:		HighlightCode				81.2%
github.com/ArmisSecurity/armis-cli/internal/output/syntax.go:79:		HighlightLine				75.0%
github.com/ArmisSecurity/armis-cli/internal/output/syntax.go:88:		getTerminalFormatter			60.0%
github.com/ArmisSecurity/armis-cli/internal/output/syntax.go:103:		HighlightLineWithBackground		87.5%
github.com/ArmisSecurity/armis-cli/internal/output/syntax.go:126:		getBackgroundANSI			58.3%
github.com/ArmisSecurity/armis-cli/internal/output/syntax.go:158:		rgbToANSI256				0.0%
github.com/ArmisSecurity/armis-cli/internal/output/syntax.go:171:		parseHexColor				76.9%
github.com/ArmisSecurity/armis-cli/internal/output/writer.go:51:		validateOutputPath			92.3%
github.com/ArmisSecurity/armis-cli/internal/output/writer.go:88:		NewFileOutput				88.2%
github.com/ArmisSecurity/armis-cli/internal/output/writer.go:145:		Writer					100.0%
github.com/ArmisSecurity/armis-cli/internal/output/writer.go:150:		Close					100.0%
github.com/ArmisSecurity/armis-cli/internal/output/writer.go:167:		FormatFromExtension			100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:32:		IsCI					100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:60:		isTerminalWriter			100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:68:		NewReader				100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:83:		NewWriter				50.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:117:		NewSpinner				100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:125:		NewSpinnerWithTimeout			100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:142:		NewSpinnerWithContext			100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:150:		SetWriter				100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:159:		Start					89.8%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:275:		Stop					100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:310:		Update					100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:317:		GetElapsed				100.0%
github.com/ArmisSecurity/armis-cli/internal/progress/progress.go:324:		formatDuration				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/finding_type.go:9:		DeriveFindingType			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:48:		NewScanner				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:63:		WithPollInterval			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:69:		WithFetchRetryInterval			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:75:		WithSBOMVEXOptions			0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:82:		WithPullPolicy				0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:88:		ScanImage				0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:119:		ScanTarball				77.8%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:231:		exportImage				0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:284:		isDockerAvailable			42.9%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:299:		getDockerCommand			75.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:308:		validateDockerCommand			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:317:		imageExistsLocally			87.5%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:332:		determinePullBehavior			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:350:		isRetryableError			75.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:358:		buildScanResult				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:385:		convertNormalizedFindings		85.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:508:		shouldFilterByExploitability		100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:527:		cleanDescription			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:546:		isEmptyFinding				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/image.go:561:		generateFindingTitle			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/image/validate.go:11:		validateImageName			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/mask.go:22:			MaskFixSecrets				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/files.go:26:		ParseFileList				87.5%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/files.go:41:		addFile					87.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/files.go:94:		Files					100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/files.go:99:		RepoRoot				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/files.go:104:		ValidateExistence			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:52:		GitChangedFiles				82.6%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:103:	gitRepoRoot				80.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:128:	changedUncommitted			41.7%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:157:	changedStaged				75.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:170:	validateRef				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:183:	changedSinceRef				75.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:206:	filterToScanPath			95.8%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:259:	runGit					91.7%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:286:	parseLines				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/gitchanges.go:306:	combineAndDedupe			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/ignore.go:28:		LoadIgnorePatterns			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/ignore.go:36:		LoadSuppressionConfig			0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/ignore.go:78:		LoadArmisIgnore				92.9%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/ignore.go:138:		parseArmisIgnoreFile			92.5%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/ignore.go:204:		Match					100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/ignore.go:216:		shouldSkipDir				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:85:		ApplyInlineSuppression			97.2%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:214:		parseInlineComment			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:241:		isCommentLine				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:255:		isFuncSignature				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:268:		containsAny				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:282:		findCommentStart			83.3%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:322:		parseDirectiveParams			93.9%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:380:		matchesInlineDirective			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:416:		buildInlineSuppressionInfo		100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/inline.go:444:		countSuppressed				0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/matcher.go:28:		MatchFinding				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/matcher.go:62:		cweMatches				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/matcher.go:78:		ApplySuppression			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/matcher.go:101:		recomputeSummary			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:46:		NewScanner				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:61:		WithPollInterval			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:67:		WithFetchRetryInterval			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:73:		WithIncludeFiles			0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:79:		WithSBOMVEXOptions			0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:85:		Scan					67.9%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:293:		tarGzDirectory				71.8%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:374:		isPathContained				75.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:383:		tarGzFiles				78.6%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:474:		safeAddSize				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:481:		calculateFilesSize			78.6%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:507:		calculateDirSize			76.9%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:554:		shouldSkip				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:585:		isTestFile				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:631:		isRetryableError			75.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:640:		buildScanResult				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:667:		convertNormalizedFindings		73.3%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:790:		shouldFilterByExploitability		100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:809:		cleanDescription			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:830:		generateFindingTitle			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/repo.go:834:		isEmptyFinding				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/suppression.go:58:	NewSuppressionConfig			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/suppression.go:63:	IsEmpty					100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/suppression.go:77:	Add					100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/suppression.go:99:	CategoryMapping				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/suppression.go:112:	parseDirectiveLine			93.5%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/suppression.go:173:	hasDirectivePrefix			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/repo/suppression.go:187:	validateCWE				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/sbom_vex.go:38:		NewSBOMVEXDownloader			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/sbom_vex.go:50:		Download				85.2%
github.com/ArmisSecurity/armis-cli/internal/scan/sbom_vex.go:102:		downloadAndSave				77.8%
github.com/ArmisSecurity/armis-cli/internal/scan/status.go:16:			FormatScanStatus			100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/status.go:35:			FormatElapsed				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/status.go:48:			MapSeverity				100.0%
github.com/ArmisSecurity/armis-cli/internal/scan/testhelpers/findings.go:9:	CreateNormalizedFinding			0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/testhelpers/findings.go:14:	CreateNormalizedFindingWithLabels	0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/testhelpers/findings.go:19:	CreateNormalizedFindingFull		0.0%
github.com/ArmisSecurity/armis-cli/internal/scan/title.go:14:			GenerateFindingTitle			100.0%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:63:		NewChecker				100.0%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:79:		CheckCached				100.0%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:97:		CheckInBackground			100.0%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:117:		check					85.7%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:160:		fetchLatestVersion			89.5%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:194:		getCacheFilePath			66.7%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:209:		readCache				84.6%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:233:		writeCache				76.9%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:257:		IsNewer					100.0%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:280:		parseVersion				100.0%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:303:		FormatNotification			100.0%
github.com/ArmisSecurity/armis-cli/internal/update/update.go:322:		getUpdateCommand			40.0%
github.com/ArmisSecurity/armis-cli/internal/util/cache.go:21:			GetCacheDir				75.0%
github.com/ArmisSecurity/armis-cli/internal/util/cache.go:41:			GetCacheFilePath			80.0%
github.com/ArmisSecurity/armis-cli/internal/util/format.go:7:			FormatCategory				100.0%
github.com/ArmisSecurity/armis-cli/internal/util/mask.go:109:			MaskSecretInLine			86.4%
github.com/ArmisSecurity/armis-cli/internal/util/mask.go:164:			maskValue				83.3%
github.com/ArmisSecurity/armis-cli/internal/util/mask.go:190:			MaskSecretInLines			100.0%
github.com/ArmisSecurity/armis-cli/internal/util/mask.go:204:			MaskSecretInMultiLineString		100.0%
github.com/ArmisSecurity/armis-cli/internal/util/mask.go:218:			MaskSecretsInStringMap			100.0%
github.com/ArmisSecurity/armis-cli/internal/util/path.go:13:			SanitizePath				90.9%
github.com/ArmisSecurity/armis-cli/internal/util/path.go:53:			SafeJoinPath				87.5%
github.com/ArmisSecurity/armis-cli/test/sample-repo/src/main.go:6:		main					0.0%
total:										(statements)				77.4%

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 26, 2026
edited
Loading

Armis AppSecArmis AppSec Security Scan Results

✅ No issues

Copilot AI reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces CI scan noise by adding armis:ignore inline suppression directives (with reasons) for known false-positive findings across the CLI codebase and installer scripts.

Changes:

  • Added inline suppression directives for remaining reported CWEs (e.g., 22/78/94/522/770/918/73/20) in targeted hot spots.
  • Updated a few existing suppressions to include additional CWEs where multiple CWEs were reported on the same line/pattern.
  • Documented suppression rationale inline to preserve auditability of the exceptions.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
scripts/install.ps1 Adds an inline suppression for executing the already-installed binary during upgrade detection.
internal/update/update.go Adds an additional inline suppression near cache path sanitization.
internal/scan/repo/matcher.go Adds an inline suppression around matching logic over parsed CWE directives.
internal/scan/mask.go Adds an inline suppression related to intentionally not masking prose text fields.
internal/scan/image/image.go Adds/updates inline suppressions around docker/podman command execution paths.
internal/install/claude.go Adds an inline suppression for writing credentials to an env file with restricted permissions.
internal/httpclient/client.go Adds an additional inline suppression around the HTTP request execution line.
internal/cmd/scan_repo.go Adds an inline suppression where a validated CLI repo path is passed into scanning.
internal/cmd/scan_image.go Adds an inline suppression around tarball path sanitization before use.
internal/agentdetect/userprofile.go Adds/updates suppressions around enumerating user home directories and path joins.
internal/agentdetect/mcpconfig.go Adds cwe:22 to existing bounded-config-file read suppressions.
internal/agentdetect/agentdetect.go Adds an inline suppression around flattening results (bounded in-memory iteration).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread internal/httpclient/client.go Outdated

// armis:ignore cwe:918 reason:URL validated by api.Client caller (HTTPS enforced, no redirects)
resp, err = c.httpClient.Do(req) //nolint:gosec // G704: URL is from API client, validated before use
// armis:ignore cwe:918 reason:URL validated by api.Client caller (HTTPS enforced, no redirects)
Comment thread internal/scan/image/image.go Outdated
// armis:ignore cwe:94 reason:dockerCmd from getDockerCommand (hardcoded docker/podman); imageName validated by validateImageName()
// armis:ignore cwe:78 reason:dockerCmd validated by validateDockerCommand allowlist; imageName validated by validateImageName
pullCmd := exec.CommandContext(ctx, dockerCmd, "pull", imageName) //nolint:gosec // G204: dockerCmd is validated, imageName is validated by validateImageName()
// armis:ignore cwe:78 cwe:94 reason:dockerCmd validated by validateDockerCommand allowlist; imageName validated by validateImageName
Comment thread internal/update/update.go
Comment on lines 192 to 197
// getCacheFilePath returns the path to the cache file.
// armis:ignore cwe:73 reason:cacheDir set from XDG/home path; SanitizePath validates before use
func (c *Checker) getCacheFilePath() string {
if c.cacheDir != "" {
// armis:ignore cwe:73 reason:cacheDir set from XDG/home path; SanitizePath validates before use
sanitized, err := util.SanitizePath(c.cacheDir)
@yiftach-armis
fix(scan): remove ineffective below-line suppression directives
a5ef0ae 
Inline suppression only scans upward from the finding line. Remove
directives placed after the flagged lines in httpclient/client.go
and scan/image/image.go as they have no effect — the above-line
directives already provide coverage.
@yiftach-armis yiftach-armis merged commit 6e6f7a9 into main May 26, 2026
9 checks passed
@yiftach-armis yiftach-armis mentioned this pull request May 27, 2026
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yiftach-armis