Skip to content

Fix bug regarding cyclonedx format with contextFlags and --vuln flag #687

Open
eranturgeman wants to merge 2 commits intojfrog:devfrom
eranturgeman:fix-cdx-vulnerability-block-in-context-flag
Open

Fix bug regarding cyclonedx format with contextFlags and --vuln flag #687
eranturgeman wants to merge 2 commits intojfrog:devfrom
eranturgeman:fix-cdx-vulnerability-block-in-context-flag

Conversation

@eranturgeman
Copy link
Contributor

@eranturgeman eranturgeman commented Feb 26, 2026

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • Updated the Contributing page / ReadMe page / CI Workflow files if needed.
  • All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

This PR fixes the following issue:
Cyclonedx output does not support currently in violations. When providing a context flag (--project/ --repoPath/ --watches) we always assume violations context.
When we add --vuln flag we expect for vulnerabilities as well, and those can be parsed into the CDX. Also - not every time we use a project we actually want to be in violations mode.
I added an overpass for the scenario when a cycloneDx is requested with a context flag and --vuln. In this scenario only vulnerabilities will be parsed, excluding violations.
I added an indicative log explaining that as well as an addition to the --format flag.

@eranturgeman eranturgeman added the bug Something isn't working label Feb 26, 2026
attiasas
attiasas approved these changes Feb 26, 2026
View reviewed changes
Copy link
Collaborator

@attiasas attiasas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, check out my comment

@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Feb 26, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 26, 2026
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Feb 26, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 26, 2026
@github-actions
Copy link

github-actions bot commented Feb 26, 2026

👍 Frogbot scanned this pull request and did not find any new security issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@attiasas attiasas attiasas approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eranturgeman @attiasas