Test for python skip-auto-install bug

go.mod

@@ -117,7 +117,7 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504
+replace github.com/jfrog/jfrog-cli-security => github.com/eranturgeman/jfrog-cli-security v0.0.0-20250408090618-dce93d2ba006
 
 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
 

go.sum

@@ -56,6 +56,8 @@ github.com/elazarl/goproxy v1.4.0 h1:4GyuSbFa+s26+3rmYNSuUVsx+HgPrV1bk1jXI0l9wjM
 github.com/elazarl/goproxy v1.4.0/go.mod h1:X/5W/t+gzDyLfHW4DrMdpjqYjpXsURlBt9lpBDxZZZQ=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
+github.com/eranturgeman/jfrog-cli-security v0.0.0-20250408090618-dce93d2ba006 h1:tUF6CKVqCinhrUBiGxFvpZyHn7VVVw8DnDQ9ZL8XrcM=
+github.com/eranturgeman/jfrog-cli-security v0.0.0-20250408090618-dce93d2ba006/go.mod h1:tJyLh4KI4qoF/AVBy0wC9s8DVxV/hoyKK4LIzpxL590=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/forPelevin/gomoji v1.2.0 h1:9k4WVSSkE1ARO/BWywxgEUBvR/jMnao6EZzrql5nxJ8=
@@ -134,8 +136,6 @@ github.com/jfrog/jfrog-cli-artifactory v0.2.1 h1:3r+dmY3STsb1hrR/cV30QkCUHsw96E+
 github.com/jfrog/jfrog-cli-artifactory v0.2.1/go.mod h1:LX9ukqknKqpW5EHjvoWi3ciHsUD8pqKt3GRL4DHgjnY=
 github.com/jfrog/jfrog-cli-core/v2 v2.58.2 h1:+pHoqpTZqpVk+QSbEtt/giyk4cuju3rSfb65SvlBztQ=
 github.com/jfrog/jfrog-cli-core/v2 v2.58.2/go.mod h1:SM9QovDEpbbknOKZv077dl8zjDlzhTTDea+La9eGS08=
-github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 h1:mnU8PtDaCmU1ZC8Wcy0VKj1gJEZnnyjgAc3rJLCcMjs=
-github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504/go.mod h1:tJyLh4KI4qoF/AVBy0wC9s8DVxV/hoyKK4LIzpxL590=
 github.com/jfrog/jfrog-client-go v1.28.1-0.20250402063549-14e8fd119680 h1:hkpGYiESR8bz00ktYhiaGw1kaeYDG376DgyKKpZq4Cc=
 github.com/jfrog/jfrog-client-go v1.28.1-0.20250402063549-14e8fd119680/go.mod h1:2tQPwRhGS/F357BOKFfZrQbjd4XbzHPYUQm/OFNwLHg=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=

scanpullrequest/scanpullrequest.go

@@ -93,6 +93,9 @@ func scanPullRequest(repo *utils.Repository, client vcsclient.VcsClient) (err er
 	log.Info("-----------------------------------------------------------")
 
 	// Audit PR code
+	// TODO Walme log
+	log.Debug(fmt.Sprintf("WALKME LOG #2: spr, value of skipAutoInstall before creating scanDetails is: %t", repo.Params.Scan.SkipAutoInstall))
+	// TODO Walkme log end
 	issues, resultContext, err := auditPullRequest(repo, client)
 	if err != nil {
 		return
@@ -232,6 +235,9 @@ func auditTargetBranch(repoConfig *utils.Repository, scanDetails *utils.ScanDeta
 	var targetResults *results.SecurityCommandResults
 	workingDirs := utils.GetFullPathWorkingDirs(scanDetails.Project.WorkingDirs, targetBranchWd)
 	log.Info("Scanning target branch...")
+	// TODO Walkme log
+	log.Debug(fmt.Sprintf("WALKME LOG #3: spr, value of skipAutoInstall passed to Audit in scanDetails: %t", scanDetails.SkipAutoInstall()))
+	// TODO Walkme log end
 	targetResults = scanDetails.RunInstallAndAudit(workingDirs...)
 	if err = targetResults.GetErrors(); err != nil {
 		// We get the scan status even if the scan failed to report the scan status in the summary

scanrepository/scanrepository.go

@@ -126,6 +126,9 @@ func (cfp *ScanRepositoryCmd) setCommandPrerequisites(repository *utils.Reposito
 	if err != nil {
 		return
 	}
+	// TODO Walme log
+	log.Debug(fmt.Sprintf("WALKME LOG #2: sr, value of skipAutoInstall before creating scanDetails is: %t", repository.SkipAutoInstall))
+	// TODO Walkme log end
 	// Set the scan details
 	cfp.scanDetails = utils.NewScanDetails(client, &repository.Server, &repository.Git).
 		SetJfrogVersions(cfp.XrayVersion, cfp.XscVersion).
@@ -218,6 +221,9 @@ func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) (i
 // Audit the dependencies of the current commit.
 func (cfp *ScanRepositoryCmd) scan(currentWorkingDir string) (*results.SecurityCommandResults, error) {
 	// Audit commit code
+	// TODO Walme log
+	log.Debug(fmt.Sprintf("WALKME LOG #3: sr, value of skipAutoInstall passed to Audit in scanDetails: %t", cfp.scanDetails.SkipAutoInstall()))
+	// TODO Walkme log end
 	auditResults := cfp.scanDetails.RunInstallAndAudit(currentWorkingDir)
 	if err := auditResults.GetErrors(); err != nil {
 		return nil, err

utils/params.go

@@ -259,6 +259,14 @@ func (s *Scan) setDefaultsIfNeeded() (err error) {
 		s.MinSeverity = severity.String()
 	}
 	if !s.SkipAutoInstall {
+		// TODO Walkme log
+		var skipAutoInstall bool
+		skipAutoInstall, err = getBoolEnv(SkipAutoInstallEnv, false)
+		if err != nil {
+			return
+		}
+		log.Debug(fmt.Sprintf("WALKME LOG #1: JF_SKIP_AUTO_INSTALL value is %s", strconv.FormatBool(skipAutoInstall)))
+		// TODO Walkme log end
 		if s.SkipAutoInstall, err = getBoolEnv(SkipAutoInstallEnv, false); err != nil {
 			return
 		}

utils/scandetails.go

@@ -81,6 +81,11 @@ func (sc *ScanDetails) SetSkipAutoInstall(skipAutoInstall bool) *ScanDetails {
 	return sc
 }
 
+// TODO WALKME debug func - delete
+func (sc *ScanDetails) SkipAutoInstall() bool {
+	return sc.skipAutoInstall
+}
+
 func (sc *ScanDetails) SetMinSeverity(minSeverity string) (*ScanDetails, error) {
 	if minSeverity == "" {
 		return sc, nil
@@ -175,6 +180,9 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *res
 		SetMultiScanId(sc.MultiScanId).
 		SetStartTime(sc.StartTime)
 
+	// TODO Walkme log
+	log.Debug(fmt.Sprintf("WALKME LOG #4: value of skipAutoInstall in AuditParams: %t", auditParams.SkipAutoInstall()))
+	// TODO Walkme log end
 	return audit.RunAudit(auditParams)
 }