Checkmarx · cx-ben-alvo · Aug 6, 2025 · Aug 5, 2025 · Aug 5, 2025 · Aug 5, 2025
@@ -21,7 +21,7 @@ const (
 	SarifInvalidFileExtension              = "Invalid file extension. Supported extensions are .sarif and .zip containing sarif files."
 	ImportSarifFileError                   = "There was a problem importing the SARIF file. Please contact support for further details."
 	ImportSarifFileErrorMessageWithMessage = "There was a problem importing the SARIF file. Please contact support for further details with the following error code: %d %s"
-	NoASCALicense                          = "User doesn't have \"AI Protection\" license"
+	NoASCALicense                          = "User doesn't have \"AI Protection\" or \"Checkmarx One Assist\" license"
 	FailedUploadFileMsgWithDomain          = "Unable to upload the file to the pre-signed URL. Try adding the domain: %s to your allow list."
 	FailedUploadFileMsgWithURL             = "Unable to upload the file to the pre-signed URL. Try adding the URL: %s to your allow list."
 

@@ -277,6 +277,7 @@ const (
 	KicsType                       = "kics"
 	APISecurityType                = "api-security"
 	AIProtectionType               = "AI Protection"
+	CheckmarxOneAssistType         = "Checkmarx One Assist"
 	ContainersType                 = "containers"
 	APIDocumentationFlag           = "apisec-swagger-filter"
 	IacType                        = "iac-security"

@@ -9,10 +9,10 @@ import (
 	"time"
 
 	"github.com/checkmarx/ast-cli/internal/commands/asca/ascaconfig"
-	errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors"
 	"github.com/checkmarx/ast-cli/internal/logger"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/services/osinstaller"
+	"github.com/checkmarx/ast-cli/internal/services/realtimeengine"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/checkmarx/ast-cli/internal/wrappers/configuration"
 	"github.com/checkmarx/ast-cli/internal/wrappers/grpcs"
@@ -164,13 +164,7 @@ func ensureASCAServiceRunning(wrappersParam AscaWrappersParam, ascaParams AscaSc
 
 func checkLicense(isDefaultAgent bool, wrapperParams AscaWrappersParam) error {
 	if !isDefaultAgent {
-		allowed, err := wrapperParams.JwtWrapper.IsAllowedEngine(params.AIProtectionType)
-		if err != nil {
-			return err
-		}
-		if !allowed {
-			return fmt.Errorf("%v", errorconstants.NoASCALicense)
-		}
+		return realtimeengine.EnsureLicense(wrapperParams.JwtWrapper)
 	}
 	return nil
 }

@@ -3,6 +3,8 @@ package realtimeengine
 import (
 	"os"
 
+	errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors"
+	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/pkg/errors"
 )
@@ -21,7 +23,21 @@ func EnsureLicense(jwtWrapper wrappers.JWTWrapper) error {
 	if jwtWrapper == nil {
 		return errors.New("JWT wrapper is not initialized, cannot ensure license")
 	}
-	return nil
+
+	assistAllowed, err := jwtWrapper.IsAllowedEngine(params.CheckmarxOneAssistType)
+	if err != nil {
+		return errors.Wrap(err, "failed to check CheckmarxOneAssistType engine allowance")
+	}
+
+	aiAllowed, err := jwtWrapper.IsAllowedEngine(params.AIProtectionType)
+	if err != nil {
+		return errors.Wrap(err, "failed to check AIProtectionType engine allowance")
+	}
+
+	if aiAllowed || assistAllowed {
+		return nil
+	}
+	return errors.Wrap(err, errorconstants.NoASCALicense)
 }
 
 // ValidateFilePath validates that the file path exists and is accessible.

@@ -85,6 +85,10 @@ func (s *SecretsRealtimeService) RunSecretsRealtimeScan(filePath, ignoredFilePat
 		return nil, errorconstants.NewRealtimeEngineError(errorconstants.RealtimeEngineNotAvailable).Error()
 	}
 
+	if err := realtimeengine.EnsureLicense(s.JwtWrapper); err != nil {
+		return nil, errorconstants.NewRealtimeEngineError("failed to ensure license").Error()
+	}
+
 	if err := realtimeengine.ValidateFilePath(filePath); err != nil {
 		logger.PrintfIfVerbose("Failed to read file %s: %v", filePath, err)
 		return nil, errorconstants.NewRealtimeEngineError("failed to read file").Error()