CM-26097 - Add no-restore flag for SCA

README.md

@@ -232,18 +232,19 @@ The following are the options and commands available with the Cycode CLI applica
 
 The Cycode CLI application offers several types of scans so that you can choose the option that best fits your case. The following are the current options and commands available:
 
-| Option                               | Description                                                                |
-|--------------------------------------|----------------------------------------------------------------------------|
-| `-t, --scan-type [secret\|iac\|sca\|sast]` | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret` |
-| `--secret TEXT`                      | Specify a Cycode client secret for this specific scan execution |
-| `--client-id TEXT`                   | Specify a Cycode client ID for this specific scan execution   |
-| `--show-secret BOOLEAN`              | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details. |
-| `--soft-fail BOOLEAN`                | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details. |
-| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]`  | Show only violations at the specified level or higher (supported for the SCA scan type only). |
-| `--sca-scan`                         | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both |
-| `--monitor`                          | When specified, the scan results will be recorded in the knowledge graph. Please note that when working in `monitor` mode, the knowledge graph will not be updated as a result of SCM events (Push, Repo creation). (Supported for SCA scan type only). |
-| `--report`                           | When specified, a violations report will be generated. A URL link to the report will be printed as an output to the command execution |
-| `--help`                             | Show options for given command.                                                |
+| Option                                                     | Description                                                                                                                                                                                                                                             |
+|------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `-t, --scan-type [secret\|iac\|sca\|sast]`                 | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`                                                                                                                                                             |
+| `--secret TEXT`                                            | Specify a Cycode client secret for this specific scan execution                                                                                                                                                                                         |
+| `--client-id TEXT`                                         | Specify a Cycode client ID for this specific scan execution                                                                                                                                                                                             |
+| `--show-secret BOOLEAN`                                    | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details.                                                                                                                                                        |
+| `--soft-fail BOOLEAN`                                      | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details.                                                                                                                                  |
+| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher (supported for the SCA scan type only).                                                                                                                                                           |
+| `--sca-scan`                                               | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both                                                                                                                                          |
+| `--monitor`                                                | When specified, the scan results will be recorded in the knowledge graph. Please note that when working in `monitor` mode, the knowledge graph will not be updated as a result of SCM events (Push, Repo creation). (Supported for SCA scan type only). |
+| `--report`                                                 | When specified, a violations report will be generated. A URL link to the report will be printed as an output to the command execution                                                                                                                   |
+| `--no-restore`                                             | When specified, Cycode will not run restore command. Will scan direct dependencies ONLY!                                                                                                                                                                |
+| `--help`                                                   | Show options for given command.                                                                                                                                                                                                                         |
 
 | Command                                | Description                                                     |
 |----------------------------------------|-----------------------------------------------------------------|

cycode/cli/code_scanner.py

@@ -15,6 +15,7 @@
 from cycode.cli import consts
 from cycode.cli.ci_integrations import get_commit_range
 from cycode.cli.config import configuration_manager
+from cycode.cli.consts import SCA_SKIP_RESTORE_DEPENDENCIES_FLAG
 from cycode.cli.exceptions import custom_exceptions
 from cycode.cli.helpers import sca_code_scanner, tf_content_generator
 from cycode.cli.models import CliError, CliErrors, Document, DocumentDetections, LocalScanResult, Severity
@@ -579,7 +580,7 @@ def create_local_scan_result(
 def perform_pre_scan_documents_actions(
     context: click.Context, scan_type: str, documents_to_scan: List[Document], is_git_diff: bool = False
 ) -> None:
-    if scan_type == consts.SCA_SCAN_TYPE:
+    if scan_type == consts.SCA_SCAN_TYPE and not context.obj.get(SCA_SKIP_RESTORE_DEPENDENCIES_FLAG):
         logger.debug('Perform pre scan document add_dependencies_tree_document action')
         sca_code_scanner.add_dependencies_tree_document(context, documents_to_scan, is_git_diff)
 

cycode/cli/consts.py

@@ -189,3 +189,5 @@
 # Example: A -> B -> C
 # Result: A -> ... -> C
 SCA_SHORTCUT_DEPENDENCY_PATHS = 2
+
+SCA_SKIP_RESTORE_DEPENDENCIES_FLAG = 'no-restore'

cycode/cli/main.py

@@ -9,7 +9,13 @@
 from cycode.cli import code_scanner
 from cycode.cli.auth.auth_command import authenticate
 from cycode.cli.config import config
-from cycode.cli.consts import CLI_CONTEXT_SETTINGS, ISSUE_DETECTED_STATUS_CODE, NO_ISSUES_STATUS_CODE, PROGRAM_NAME
+from cycode.cli.consts import (
+    CLI_CONTEXT_SETTINGS,
+    ISSUE_DETECTED_STATUS_CODE,
+    NO_ISSUES_STATUS_CODE,
+    PROGRAM_NAME,
+    SCA_SKIP_RESTORE_DEPENDENCIES_FLAG,
+)
 from cycode.cli.models import Severity
 from cycode.cli.user_settings.configuration_manager import ConfigurationManager
 from cycode.cli.user_settings.credentials_manager import CredentialsManager
@@ -99,6 +105,14 @@
     type=bool,
     required=False,
 )
+@click.option(
+    f'--{SCA_SKIP_RESTORE_DEPENDENCIES_FLAG}',
+    is_flag=True,
+    default=False,
+    help='When specified, Cycode will not run restore command. Will scan direct dependencies ONLY!',
+    type=bool,
+    required=False,
+)
 @click.pass_context
 def code_scan(
     context: click.Context,
@@ -111,6 +125,7 @@ def code_scan(
     sca_scan: List[str],
     monitor: bool,
     report: bool,
+    no_restore: bool,
 ) -> int:
     """Scans for Secrets, IaC, SCA or SAST violations."""
     if show_secret:
@@ -128,6 +143,7 @@ def code_scan(
     context.obj['severity_threshold'] = severity_threshold
     context.obj['monitor'] = monitor
     context.obj['report'] = report
+    context.obj[SCA_SKIP_RESTORE_DEPENDENCIES_FLAG] = no_restore
 
     _sca_scan_to_context(context, sca_scan)