CM-50594 - Add --maven-settings-file SCA option (#324)

omerr-cycode · web-flow · commit a838ebd63608 · 2025-07-17T11:04:45.000+02:00
diff --git a/cycode/cli/apps/scan/scan_command.py b/cycode/cli/apps/scan/scan_command.py
@@ -88,6 +88,16 @@ def scan_command(
             rich_help_panel=_SCA_RICH_HELP_PANEL,
         ),
     ] = False,
+    maven_settings_file: Annotated[
+        Optional[Path],
+        typer.Option(
+            '--maven-settings-file',
+            show_default=False,
+            help='When specified, Cycode will use this settings.xml file when building the maven dependency tree.',
+            dir_okay=False,
+            rich_help_panel=_SCA_RICH_HELP_PANEL,
+        ),
+    ] = None,
     export_type: Annotated[
         ExportTypeOption,
         typer.Option(
@@ -143,6 +153,7 @@ def scan_command(
     ctx.obj['sync'] = sync
     ctx.obj['severity_threshold'] = severity_threshold
     ctx.obj['monitor'] = monitor
+    ctx.obj['maven_settings_file'] = maven_settings_file
     ctx.obj['report'] = report
 
     scan_client = get_scan_cycode_client(ctx)
diff --git a/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py b/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py
@@ -24,7 +24,12 @@ def is_project(self, document: Document) -> bool:
         return path.basename(document.path).split('/')[-1] == BUILD_MAVEN_FILE_NAME
 
     def get_commands(self, manifest_file_path: str) -> list[list[str]]:
-        return [['mvn', 'org.cyclonedx:cyclonedx-maven-plugin:2.7.4:makeAggregateBom', '-f', manifest_file_path]]
+        command = ['mvn', 'org.cyclonedx:cyclonedx-maven-plugin:2.7.4:makeAggregateBom', '-f', manifest_file_path]
+
+        maven_settings_file = self.ctx.obj.get('maven_settings_file')
+        if maven_settings_file:
+            command += ['-s', str(maven_settings_file)]
+        return [command]
 
     def get_lock_file_name(self) -> str:
         return join_paths('target', MAVEN_CYCLONE_DEP_TREE_FILE_NAME)
@@ -46,7 +51,7 @@ def try_restore_dependencies(self, document: Document) -> Optional[Document]:
 
     def restore_from_secondary_command(self, document: Document, manifest_file_path: str) -> Optional[Document]:
         restore_content = execute_commands(
-            commands=create_secondary_restore_commands(manifest_file_path),
+            commands=self.create_secondary_restore_commands(manifest_file_path),
             timeout=self.command_timeout,
             working_directory=self.get_working_directory(document),
         )
@@ -61,10 +66,8 @@ def restore_from_secondary_command(self, document: Document, manifest_file_path:
             absolute_path=restore_file_path,
         )
 
-
-def create_secondary_restore_commands(manifest_file_path: str) -> list[list[str]]:
-    return [
-        [
+    def create_secondary_restore_commands(self, manifest_file_path: str) -> list[list[str]]:
+        command = [
             'mvn',
             'dependency:tree',
             '-B',
@@ -73,4 +76,9 @@ def create_secondary_restore_commands(manifest_file_path: str) -> list[list[str]
             manifest_file_path,
             f'-DoutputFile={MAVEN_DEP_TREE_FILE_NAME}',
         ]
-    ]
+
+        maven_settings_file = self.ctx.obj.get('maven_settings_file')
+        if maven_settings_file:
+            command += ['-s', str(maven_settings_file)]
+
+        return [command]
