Checkmarx · cx-alex-cohen · Jan 29, 2025 · Jan 29, 2025 · Jan 29, 2025 · Jan 30, 2025
@@ -1047,10 +1047,8 @@ func setIsSCSEnabled(featureFlagsWrapper wrappers.FeatureFlagsWrapper) {
 	wrappers.IsSCSEnabled = scsEngineCLIEnabled.Status
 }
 
-func setIsContainersEnabled(agent string, featureFlagsWrapper wrappers.FeatureFlagsWrapper) {
-	agentSupported := !containsIgnoreCase(containerEngineUnsupportedAgents, agent)
-	containerEngineCLIEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagsWrapper, wrappers.ContainerEngineCLIEnabled)
-	wrappers.IsContainersEnabled = containerEngineCLIEnabled.Status && agentSupported
+func setIsContainersEnabled(agent string) {
+	wrappers.IsContainersEnabled = !containsIgnoreCase(containerEngineUnsupportedAgents, agent)
 }
 
 func filterResultsByType(results *wrappers.ScanResultsCollection, excludedTypes map[string]struct{}) *wrappers.ScanResultsCollection {
@@ -1109,7 +1107,7 @@ func CreateScanReport(
 	reportList := strings.Split(reportTypes, ",")
 	results := &wrappers.ScanResultsCollection{}
 	setIsSCSEnabled(featureFlagsWrapper)
-	setIsContainersEnabled(agent, featureFlagsWrapper)
+	setIsContainersEnabled(agent)
 	summary, err := convertScanToResultsSummary(scan, resultsWrapper)
 	if err != nil {
 		return nil, err

@@ -312,7 +312,6 @@ func TestRunGetResultsByScanIdSarifFormat(t *testing.T) {
 }
 func TestRunGetResultsByScanIdSarifFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sarif")
 	// Remove generated sarif file
 	removeFileBySuffix(t, printer.FormatSarif)
@@ -334,7 +333,6 @@ func TestRunGetResultsByScanIdSonarFormat(t *testing.T) {
 
 func TestRunGetResultsByScanIdSonarFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sonar")
 	// Remove generated sonar file
 	removeFile(t, fileName+"_"+printer.FormatSonar, printer.FormatJSON)
@@ -367,7 +365,6 @@ func TestDecodeHTMLEntitiesInResults(t *testing.T) {
 
 func TestRunGetResultsByScanIdJsonFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
 
 	// Remove generated json file
@@ -390,7 +387,6 @@ func TestRunGetResultsByScanIdSummaryJsonFormat(t *testing.T) {
 
 func TestRunGetResultsByScanIdSummaryJsonFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryJSON")
 
 	// Remove generated json file
@@ -406,7 +402,6 @@ func TestRunGetResultsByScanIdSummaryHtmlFormat(t *testing.T) {
 
 func TestRunGetResultsByScanIdSummaryHtmlFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryHTML")
 
 	// Remove generated html file
@@ -425,13 +420,11 @@ func TestRunGetResultsByScanIdSummaryMarkdownFormatWithContainers(t *testing.T)
 
 func TestRunGetResultsByScanIdSummaryConsoleFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryConsole")
 }
 
 func TestRunGetResultsByScanIdSummaryMarkdownFormat(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "markdown")
 	// Remove generated md file
 	removeFileBySuffix(t, "md")
@@ -480,7 +473,6 @@ func TestRunGetResultsByScanIdPDFFormat(t *testing.T) {
 
 func TestRunGetResultsByScanIdPDFFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "pdf")
 	_, err := os.Stat(fmt.Sprintf("%s.%s", fileName, printer.FormatPDF))
 	assert.NilError(t, err, "Report file should exist for extension "+printer.FormatPDF)
@@ -759,7 +751,6 @@ func TestSBOMReportXML(t *testing.T) {
 
 func TestSBOMReportJsonWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sbom")
 	_, err := os.Stat(fmt.Sprintf("%s.%s", fileName+"_"+printer.FormatSbom, printer.FormatJSON))
 	assert.NilError(t, err, "Report file should exist for extension "+printer.FormatJSON)
@@ -769,7 +760,6 @@ func TestSBOMReportJsonWithContainers(t *testing.T) {
 
 func TestSBOMReportXMLWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sbom", "--report-sbom-format", "CycloneDxXml")
 	_, err := os.Stat(fmt.Sprintf("%s.%s", fileName+"_"+printer.FormatSbom, printer.FormatXML))
 	assert.NilError(t, err, "Report file should exist for extension "+printer.FormatXML)
@@ -782,26 +772,17 @@ func TestRunGetResultsByScanIdGLFormat(t *testing.T) {
 	// Run test for gl-sast report type
 	os.Remove(fmt.Sprintf("%s.%s", fileName, printer.FormatGLSast))
 }
+
 func TestRunResultsShow_ContainersFFIsOn_includeContainersResult(t *testing.T) {
 	clearFlags()
-	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
 	assertTypePresentJSON(t, params.ContainersType, 1)
 	// Remove generated json file
 	removeFileBySuffix(t, printer.FormatJSON)
 }
-func TestRunResultsShow_ContainersFFIsOff_excludeContainersResult(t *testing.T) {
-	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: false}
-	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
-	assertTypePresentJSON(t, params.ContainersType, 0)
-	// Remove generated json file
-	removeFileBySuffix(t, printer.FormatJSON)
-}
+
 func TestRunResultsShow_jetbrainsIsNotSupported_excludeContainersResult(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "jetbrains")
 	assertTypePresentJSON(t, params.ContainersType, 0)
 	// Remove generated json file
@@ -810,7 +791,6 @@ func TestRunResultsShow_jetbrainsIsNotSupported_excludeContainersResult(t *testi
 
 func TestRunResultsShow_EclipseIsNotSupported_excludeContainersResult(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "Eclipse")
 	assertTypePresentJSON(t, params.ContainersType, 0)
 	// Remove generated json file
@@ -819,7 +799,6 @@ func TestRunResultsShow_EclipseIsNotSupported_excludeContainersResult(t *testing
 
 func TestRunResultsShow_VsCodeIsNotSupported_excludeContainersResult(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "vs code")
 	assertTypePresentJSON(t, params.ContainersType, 0)
 	// Remove generated json file
@@ -828,7 +807,6 @@ func TestRunResultsShow_VsCodeIsNotSupported_excludeContainersResult(t *testing.
 
 func TestRunResultsShow_VisualStudioIsNotSupported_excludeContainersResult(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "Visual Studio")
 	assertTypePresentJSON(t, params.ContainersType, 0)
 	// Remove generated json file
@@ -952,11 +930,7 @@ func assertResultsPresentSummaryJSON(t *testing.T, isResultsEnabled bool, scanTy
 		assert.Assert(t, false, "%s result summary should be present", scanType)
 	}
 }
-func TestRunGetResultsShow_ContainersFFOffAndResultsHasContainersResultsOnly_NilAssertion(t *testing.T) {
-	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: false}
-	execCmdNilAssertion(t, "results", "show", "--scan-id", "CONTAINERS_ONLY", "--report-format", "summaryConsole")
-}
+
 func TestRunGetResultsByScanIdGLSastAndAScaFormat(t *testing.T) {
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "gl-sast,gl-sca")
 	// Run test for gl-sast report type

@@ -147,55 +147,40 @@ func TestCreateScan(t *testing.T) {
 
 func TestCreateScanFromFolder_ContainersImagesAndDefaultScanTypes_ScanCreatedSuccessfully(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-b", "dummy_branch", "--container-images", "image1:latest,image2:tag"}
 	execCmdNilAssertion(t, append(baseArgs, "-s", blankSpace+"."+blankSpace)...)
 }
 
 func TestCreateScanFromZip_ContainersImagesAndDefaultScanTypes_ScanCreatedSuccessfully(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "scan", "create", "--project-name", "MOCK", "-s", "data/sources.zip", "-b", "dummy_branch", "--container-images", "image1:latest,image2:tag")
 }
 
 func TestCreateScanFromZip_ContainerTypeAndFilterFlags_ScanCreatedSuccessfully(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "scan", "create", "--project-name", "MOCK", "--scan-types", "container-security", "-s", "data/sources.zip", "-b", "dummy_branch", "--file-filter", "!.java")
 }
 
 func TestCreateScanFromFolder_InvalidContainersImagesAndNoContainerScanType_ScanCreatedSuccessfully(t *testing.T) {
 	// When no container scan type is provided, we will ignore the container images flag and its value
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-b", "dummy_branch", "--scan-types", "sast", "--container-images", "image1,image2:tag"}
 	execCmdNilAssertion(t, append(baseArgs, "-s", blankSpace+"."+blankSpace)...)
 }
 
 func TestCreateScanFromFolder_ContainerImagesFlagWithoutValue_FailCreatingScan(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	err := execCmdNotNilAssertion(t, "scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--container-images")
 	assert.Assert(t, err.Error() == "flag needs an argument: --container-images")
 }
 
 func TestCreateScanFromFolder_InvalidContainerImageFormat_FailCreatingScan(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-b", "dummy_branch", "--container-images", "image1,image2:tag"}
 	err := execCmdNotNilAssertion(t, append(baseArgs, "-s", blankSpace+"."+blankSpace)...)
 	assert.Assert(t, err.Error() == "Invalid value for --container-images flag. The value must be in the format <image-name>:<image-tag>")
 }
 
-func TestCreateContainersScan_ContainerFFIsOff_FailCreatingScan(t *testing.T) {
-	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: false}
-	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-b", "dummy_branch", "--scan-types", "container-security"}
-	err := execCmdNotNilAssertion(t, append(baseArgs, "-s", blankSpace+"."+blankSpace)...)
-	fmt.Println(err)
-	assert.ErrorContains(t, err, "you would need to purchase a license")
-}
-
 func TestCreateScanWithThreshold_ShouldSuccess(t *testing.T) {
 	execCmdNilAssertion(t, "scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--scan-types", "sast", "--threshold", "sca-low=1 ; sast-medium=2")
 }
@@ -1891,36 +1876,32 @@ func TestAddSastScan_ScanFlags(t *testing.T) {
 
 func TestValidateScanTypes(t *testing.T) {
 	tests := []struct {
-		name                      string
-		userScanTypes             string
-		userSCSScanTypes          string
-		allowedEngines            map[string]bool
-		containerEngineCLIEnabled bool
-		expectedError             string
+		name             string
+		userScanTypes    string
+		userSCSScanTypes string
+		allowedEngines   map[string]bool
+		expectedError    string
 	}{
 		{
-			name:                      "No licenses available",
-			userScanTypes:             "scs",
-			userSCSScanTypes:          "sast,secret-detection",
-			allowedEngines:            map[string]bool{"scs": false, "enterprise-secrets": false},
-			containerEngineCLIEnabled: true,
-			expectedError:             "It looks like the \"scs\" scan type does",
+			name:             "No licenses available",
+			userScanTypes:    "scs",
+			userSCSScanTypes: "sast,secret-detection",
+			allowedEngines:   map[string]bool{"scs": false, "enterprise-secrets": false},
+			expectedError:    "It looks like the \"scs\" scan type does",
 		},
 		{
-			name:                      "SCS license available, secret-detection not available",
-			userScanTypes:             "scs",
-			userSCSScanTypes:          "secret-detection",
-			allowedEngines:            map[string]bool{"scs": true, "enterprise-secrets": false},
-			containerEngineCLIEnabled: true,
-			expectedError:             "It looks like the \"secret-detection\" scan type does not exist",
+			name:             "SCS license available, secret-detection not available",
+			userScanTypes:    "scs",
+			userSCSScanTypes: "secret-detection",
+			allowedEngines:   map[string]bool{"scs": true, "enterprise-secrets": false},
+			expectedError:    "It looks like the \"secret-detection\" scan type does not exist",
 		},
 		{
-			name:                      "All licenses available",
-			userScanTypes:             "scs",
-			userSCSScanTypes:          "secret-detection",
-			allowedEngines:            map[string]bool{"scs": true, "enterprise-secrets": true},
-			containerEngineCLIEnabled: true,
-			expectedError:             "",
+			name:             "All licenses available",
+			userScanTypes:    "scs",
+			userSCSScanTypes: "secret-detection",
+			allowedEngines:   map[string]bool{"scs": true, "enterprise-secrets": true},
+			expectedError:    "",
 		},
 	}
 

@@ -10,7 +10,6 @@ const tenantIDClaimKey = "tenant_id"
 const PackageEnforcementEnabled = "PACKAGE_ENFORCEMENT_ENABLED"
 const CVSSV3Enabled = "CVSS_V3_ENABLED"
 const MinioEnabled = "MINIO_ENABLED"
-const ContainerEngineCLIEnabled = "CONTAINER_ENGINE_CLI_ENABLED"
 const SCSEngineCLIEnabled = "NEW_2MS_SCORECARD_RESULTS_CLI_ENABLED"
 const NewScanReportEnabled = "NEW_SAST_SCAN_REPORT_ENABLED"
 const maxRetries = 3

@@ -372,11 +372,9 @@ func TestContainerEngineScansE2E_ContainerImagesFlagAndScanType(t *testing.T) {
 		flag(params.BranchFlag), "dummy_branch",
 		flag(params.ScanInfoFormatFlag), printer.FormatJSON,
 	}
-	if isFFEnabled(t, wrappers.ContainerEngineCLIEnabled) {
-		scanID, projectID := executeCreateScan(t, testArgs)
-		assert.Assert(t, scanID != "", "Scan ID should not be empty")
-		assert.Assert(t, projectID != "", "Project ID should not be empty")
-	}
+	scanID, projectID := executeCreateScan(t, testArgs)
+	assert.Assert(t, scanID != "", "Scan ID should not be empty")
+	assert.Assert(t, projectID != "", "Project ID should not be empty")
 }
 
 func TestContainerEngineScansE2E_ContainerImagesFlagOnly(t *testing.T) {
@@ -390,11 +388,9 @@ func TestContainerEngineScansE2E_ContainerImagesFlagOnly(t *testing.T) {
 		flag(params.ScanTypes), params.ContainersTypeFlag,
 		flag(params.ScanInfoFormatFlag), printer.FormatJSON,
 	}
-	if isFFEnabled(t, wrappers.ContainerEngineCLIEnabled) {
-		scanID, projectID := executeCreateScan(t, testArgs)
-		assert.Assert(t, scanID != "", "Scan ID should not be empty")
-		assert.Assert(t, projectID != "", "Project ID should not be empty")
-	}
+	scanID, projectID := executeCreateScan(t, testArgs)
+	assert.Assert(t, scanID != "", "Scan ID should not be empty")
+	assert.Assert(t, projectID != "", "Project ID should not be empty")
 }
 
 func TestContainerEngineScansE2E_ContainerImagesAndDebugFlags(t *testing.T) {
@@ -409,11 +405,9 @@ func TestContainerEngineScansE2E_ContainerImagesAndDebugFlags(t *testing.T) {
 		flag(params.ScanTypes), params.ContainersTypeFlag,
 		flag(params.ScanInfoFormatFlag), printer.FormatJSON,
 	}
-	if isFFEnabled(t, wrappers.ContainerEngineCLIEnabled) {
-		scanID, projectID := executeCreateScan(t, testArgs)
-		assert.Assert(t, scanID != "", "Scan ID should not be empty")
-		assert.Assert(t, projectID != "", "Project ID should not be empty")
-	}
+	scanID, projectID := executeCreateScan(t, testArgs)
+	assert.Assert(t, scanID != "", "Scan ID should not be empty")
+	assert.Assert(t, projectID != "", "Project ID should not be empty")
 }
 
 func TestContainerEngineScansE2E_ContainerImagesFlagAndEmptyFolderProject(t *testing.T) {
@@ -427,11 +421,9 @@ func TestContainerEngineScansE2E_ContainerImagesFlagAndEmptyFolderProject(t *tes
 		flag(params.ScanInfoFormatFlag), printer.FormatJSON,
 		flag(params.ScanTypes), params.ContainersTypeFlag,
 	}
-	if isFFEnabled(t, wrappers.ContainerEngineCLIEnabled) {
-		scanID, projectID := executeCreateScan(t, testArgs)
-		assert.Assert(t, scanID != "", "Scan ID should not be empty")
-		assert.Assert(t, projectID != "", "Project ID should not be empty")
-	}
+	scanID, projectID := executeCreateScan(t, testArgs)
+	assert.Assert(t, scanID != "", "Scan ID should not be empty")
+	assert.Assert(t, projectID != "", "Project ID should not be empty")
 }
 
 func TestContainerEngineScansE2E_InvalidContainerImagesFlag(t *testing.T) {
@@ -444,10 +436,8 @@ func TestContainerEngineScansE2E_InvalidContainerImagesFlag(t *testing.T) {
 		flag(params.BranchFlag), "dummy_branch",
 		flag(params.ScanInfoFormatFlag), printer.FormatJSON,
 	}
-	if isFFEnabled(t, wrappers.ContainerEngineCLIEnabled) {
-		err, _ := executeCommand(t, testArgs...)
-		assertError(t, err, "Invalid value for --container-images flag. The value must be in the format <image-name>:<image-tag>")
-	}
+	err, _ := executeCommand(t, testArgs...)
+	assertError(t, err, "Invalid value for --container-images flag. The value must be in the format <image-name>:<image-tag>")
 }
 
 // Create scans from current dir, zip and url and perform assertions in executeScanAssertions
@@ -869,11 +859,7 @@ func executeScanAssertions(t *testing.T, projectID, scanID string, tags map[stri
 }
 
 func createScan(t *testing.T, source string, tags map[string]string) (string, string) {
-	if isFFEnabled(t, wrappers.ContainerEngineCLIEnabled) {
-		return executeCreateScan(t, getCreateArgs(source, tags, "sast , sca , iac-security , api-security,   container-security, scs"))
-	} else {
-		return executeCreateScan(t, getCreateArgs(source, tags, "sast , sca , iac-security , api-security, scs"))
-	}
+	return executeCreateScan(t, getCreateArgs(source, tags, "sast , sca , iac-security , api-security,   container-security, scs"))
 }
 
 func createScanNoWait(t *testing.T, source string, tags map[string]string, projectName string) (string, string) {