Fix/not enabled scs engine being triggered with feature flag SSCS_NEW_LICENSING_ENABLED on (AST-125713) (#1375)

cx-leonardo-fontes · web-flow · commit e7376a756917 · 2025-12-12T23:54:25.000+05:30
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
@@ -1371,9 +1371,12 @@ func isScorecardRunnable(isScsEnginesFlagSet, scsScorecardSelected bool, scsRepo
 
 func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config, scsLicensingV2, hasRepositoryHealthLicense,
 	hasSecretDetectionLicense, hasEnterpriseSecretsLicense bool) (map[string]interface{}, error) {
-	scsEnabled := scanTypeEnabled(commonParams.ScsType)
-	scsScorecardAllowed := isScsScorecardAllowed(scsLicensingV2, hasRepositoryHealthLicense, scsEnabled)
-	scsSecretDetectionAllowed := isScsSecretDetectionAllowed(scsLicensingV2, hasSecretDetectionLicense, hasEnterpriseSecretsLicense, scsEnabled)
+	scsEnabled := isScsEnabled(scsLicensingV2)
+	if !scsEnabled {
+		return nil, nil
+	}
+	scsScorecardAllowed := isScsScorecardAllowed(scsLicensingV2, hasRepositoryHealthLicense)
+	scsSecretDetectionAllowed := isScsSecretDetectionAllowed(scsLicensingV2, hasSecretDetectionLicense, hasEnterpriseSecretsLicense)
 	if !scsScorecardAllowed && !scsSecretDetectionAllowed {
 		return nil, nil
 	}
@@ -1429,18 +1432,26 @@ func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config, scsLicensi
 	return scsMapConfig, nil
 }
 
-func isScsScorecardAllowed(scsLicensingV2, hasRepositoryHealthLicense, hasScsLicense bool) bool {
+func isScsEnabled(scsLicensingV2 bool) bool {
+	if scsLicensingV2 {
+		return scanTypeEnabled(commonParams.ScsType) || scanTypeEnabled(commonParams.SecretDetectionType) ||
+			scanTypeEnabled(commonParams.RepositoryHealthType)
+	}
+	return scanTypeEnabled(commonParams.ScsType)
+}
+
+func isScsScorecardAllowed(scsLicensingV2, hasRepositoryHealthLicense bool) bool {
 	if scsLicensingV2 {
 		return hasRepositoryHealthLicense
 	}
-	return hasScsLicense
+	return true
 }
 
-func isScsSecretDetectionAllowed(scsLicensingV2, hasSecretDetectionLicense, hasEnterpriseSecretsLicense, hasScsLicense bool) bool {
+func isScsSecretDetectionAllowed(scsLicensingV2, hasSecretDetectionLicense, hasEnterpriseSecretsLicense bool) bool {
 	if scsLicensingV2 {
 		return hasSecretDetectionLicense
 	}
-	return hasScsLicense && hasEnterpriseSecretsLicense
+	return hasEnterpriseSecretsLicense
 }
 
 func validateScanTypes(cmd *cobra.Command, jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) error {
diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go
@@ -3453,21 +3453,13 @@ func TestIsScsScorecardAllowed(t *testing.T) {
 		name                       string
 		scsLicensingV2             bool
 		hasRepositoryHealthLicense bool
-		hasScsLicense              bool
 		expectedAllowed            bool
 	}{
 		{
-			name:            "scsLicensingV2 disabled and has scs license",
+			name:            "scsLicensingV2 disabled",
 			scsLicensingV2:  false,
-			hasScsLicense:   true,
 			expectedAllowed: true,
 		},
-		{
-			name:            "scsLicensingV2 disabled and does not have scs license",
-			scsLicensingV2:  false,
-			hasScsLicense:   false,
-			expectedAllowed: false,
-		},
 		{
 			name:                       "scsLicensingV2 enabled and has repository health license",
 			scsLicensingV2:             true,
@@ -3484,7 +3476,7 @@ func TestIsScsScorecardAllowed(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			actualAllowed := isScsScorecardAllowed(tt.scsLicensingV2, tt.hasRepositoryHealthLicense, tt.hasScsLicense)
+			actualAllowed := isScsScorecardAllowed(tt.scsLicensingV2, tt.hasRepositoryHealthLicense)
 			assert.Equal(t, tt.expectedAllowed, actualAllowed)
 		})
 	}
@@ -3496,28 +3488,18 @@ func TestIsScsSecretDetectionAllowed(t *testing.T) {
 		scsLicensingV2              bool
 		hasSecretDetectionLicense   bool
 		hasEnterpriseSecretsLicense bool
-		hasScsLicense               bool
 		expectedAllowed             bool
 	}{
 		{
-			name:                        "scsLicensingV2 disabled and has scs and enterprise secrets license",
+			name:                        "scsLicensingV2 disabled and has enterprise secrets license",
 			scsLicensingV2:              false,
 			hasEnterpriseSecretsLicense: true,
-			hasScsLicense:               true,
 			expectedAllowed:             true,
 		},
 		{
-			name:                        "scsLicensingV2 disabled and has enterprise secrets but does not have scs license",
-			scsLicensingV2:              false,
-			hasEnterpriseSecretsLicense: true,
-			hasScsLicense:               false,
-			expectedAllowed:             false,
-		},
-		{
-			name:                        "scsLicensingV2 disabled and has scs license but does not have enterprise secrets license",
+			name:                        "scsLicensingV2 disabled but does not have enterprise secrets license",
 			scsLicensingV2:              false,
 			hasEnterpriseSecretsLicense: false,
-			hasScsLicense:               true,
 			expectedAllowed:             false,
 		},
 		{
@@ -3536,7 +3518,7 @@ func TestIsScsSecretDetectionAllowed(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			actualAllowed := isScsSecretDetectionAllowed(tt.scsLicensingV2, tt.hasSecretDetectionLicense, tt.hasEnterpriseSecretsLicense, tt.hasScsLicense)
+			actualAllowed := isScsSecretDetectionAllowed(tt.scsLicensingV2, tt.hasSecretDetectionLicense, tt.hasEnterpriseSecretsLicense)
 			assert.Equal(t, tt.expectedAllowed, actualAllowed)
 		})
 	}
