Add SSCS as scan type for the triage command (AST-72075)

[cx-ruio]

By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

SSCS triaging capabilities.

References

https://checkmarx.atlassian.net/browse/AST-72075

Testing

Checklist

• I have added documentation for new/changed functionality in this PR (if applicable).
• I have updated the CLI help for new/changed functionality in this PR (if applicable).
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used

[github-actions]

Checkmarx One – Scan Summary & Details – ebdbdb16-195d-4ea7-af76-5cd3eb6f4041

Great job, no security vulnerabilities found in this Pull Request

[github-actions]

The configurePath function is not defined within the provided diff. Ensure that the function exists and is properly implemented to handle the path parameter. If it's defined in another file, make sure it is correctly imported and accessible in this context.

[github-actions]

The condition if path != defaultPath is misleading because the function always returns defaultPath regardless of the input path. Consider returning the actual path that is set in the configuration.

[github-actions]

The error from configuration.GetConfigFilePath() is logged but not handled. If the config file path cannot be retrieved, the function should not attempt to write to it and should handle the error appropriately.

[github-actions]

The error from configuration.SafeWriteSingleConfigKeyString is logged but not handled. Consider what should happen if the configuration cannot be updated. Should the function return an error, or should there be a fallback mechanism?

[github-actions]

The file handle file is not closed after opening. Consider deferring the close operation immediately after checking the error from os.Open to avoid resource leaks.

[github-actions]

The test function name TestWriteSingleConfigKeyStringNonExistingFile_CreatingTheFileAndWritesTheKey_Success is misleading as it implies success, but the test does not assert any conditions to verify the success of the operation. Consider adding assertions to check that the key was written successfully.

[github-actions]

The viper.Set call has been removed, which means the new default path is not being set in the configuration. Ensure that the configuration is updated with the new default path if this is the intended behavior.

[github-actions]

The constant defaultScsScanOverviewPath is defined but not used anywhere in the code. Please ensure that it is utilized appropriately or remove it if it's not needed.

[github-actions]

The function setDefaultPath does not seem to be related to the SSCS triaging capabilities as described in the PR. Please ensure that this function is necessary for the feature being implemented and clarify its purpose in the context of SSCS triaging.

[github-actions]

The function setDefaultPath always returns defaultPath regardless of the input path. This behavior is not intuitive based on the function name and description. Consider returning the actual path set (either the input path or defaultPath) or renaming the function to reflect its behavior more accurately.

[github-actions]

The check if path != defaultPath should be followed by a return statement if the condition is false, to avoid unnecessary operations when the path is already set to the default.

[github-actions]

The function configuration.SafeWriteSingleConfigKeyString is called without handling the case where the configFilePath could not be retrieved due to an error. This could lead to unexpected behavior. Ensure that the function is not called if configFilePath cannot be determined.

[github-actions]

Logging the error using logger.PrintfIfVerbose might not be sufficient for error handling. Consider propagating the error up to the caller of setDefaultPath so that it can be handled appropriately.