Skip to content

Fetch Feature Flag with call to Feature Flag Gateway Api#6398

Open
brew42 wants to merge 1 commit intomainfrom
feature/CSENG-68_AddFFG
Open

Fetch Feature Flag with call to Feature Flag Gateway Api#6398
brew42 wants to merge 1 commit intomainfrom
feature/CSENG-68_AddFFG

Conversation

@brew42
Copy link

@brew42 brew42 commented Dec 18, 2025
edited
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Commit messages
    are release-note ready, emphasizing
    what was changed, not how.
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (N/A)
  • Links to automated tests covering new functionality (N/A)
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (N/A - experimental feature)
  • Includes product update to be announced in the next stable release notes (N/A - experimental feature)

What does this PR do?

Adds an interceptor for the registry call to fetch feature flags 'show-maven-build-scope' and ''show-npm-scope' from the gaf configuration
See /cli/cliv2/internal/proxy/interceptor/registryinjector.go

Pass this feature flag to the maven and npm plugins -> Plugin call to feature flag gateway from src/lib/snyk-test/index.js and pass flags to src/lib/plugins/get-single-plugin-result.ts where the mvn plugin is invoked with feature flag.

Where should the reviewer start?

/cli/cliv2/internal/proxy/interceptor/registryinjector.go
New Interceptor

src/lib/snyk-test/index.js
Call Feature Flag Gateway and set flag in featureFlags

src/cli/commands/monitor/index.js
Call Feature Flag Gateway and set flag in featureFlags

src/lib/plugins/get-single-plugin-result.ts
Update to pass feature flag to maven/npm plugin

How should this be manually tested?

-- Maven--
Generate sbom for maven project

Run sbom generation for org with and without the show-maven-build-scope feature flag enabled in flipt.
cli/binary-releases/snyk-macos-arm64 sbom --format cyclonedx1.6+json --debug

Run sbom generation for user authenticated with group service account token. Confirm default organization is passed to feature flag call scope is generated as expected.
cli/binary-releases/snyk-macos-arm64 auth <token>

Flag enabled - sbom output contains scope

{
            "bom-ref": "2-com.someorg.com@2.0.4",
            "type": "library",
            "group": "com.someorg.com",
            "name": "com.someorg.com,
            "version": "2.0.4",
            "purl": "pkg:maven/com.someorg@2.0.4",
            "properties": [
                {
                    "name": "snyk:maven:build_scope",
                    "value": "compile"
                }
            ]
        },

Flag disabled - sbom output does not contain scope

{
            "bom-ref": "2-com.someorg@2.0.4",
            "type": "library",
            "group": "com.someorg",
            "name": "com.someorg",
            "version": "2.0.4",
            "purl": "pkg:maven/com.someorg@2.0.4",
            "properties": [
            ]
        },

-- Npm--
Generate sbom for npm project
cli/binary-releases/snyk-macos-arm64 sbom --format cyclonedx1.6+json --debug

Flag enabled - sbom output contains scope

{
  "bom-ref": "3-accepts@2.0.0",
  "type": "library",
  "name": "accepts",
  "version": "2.0.0",
  "licenses": [
    {
      "expression": "MIT"
    }
  ],
  "purl": "pkg:npm/accepts@2.0.0",
  "properties": [
    {
      "name": "snyk:npm:scope",
      "value": "prod"
    }
  ]
}

Flag disabled - sbom output does not contain scope

{
      "bom-ref": "9-content-type@1.0.5",
      "type": "library",
      "name": "content-type",
      "version": "1.0.5",
      "licenses": [
        {
          "expression": "MIT"
        }
      ],
      "purl": "pkg:npm/content-type@1.0.5"
    }

Repeat with snyk monitor and test commands.

Further Testing
Verify instrumentation correctly record show scope flag information. Data written to analytics -> extension
Analytics data for sbom
"sbom::show-maven-build-scope":true,"sbom::show-npm-scope":true

Analytics data for monitor
"monitor::show-maven-build-scope":true,"monitor::show-npm-scope":true

Analytics data for test
"test::show-maven-build-scope":true,"test::show-npm-scope":true

What's the product update that needs to be communicated to CLI users?

Sbom generated output will contain maven scope information for those organizations with the 'show-maven-build-scope' feature flag enabled

Sbom generated output will contain npm scope information for those organizations with the 'show-npm-scope' feature flag enabled

Associated PRs to cli-extensions and gaf

Sbom
snyk/cli-extension-sbom#169
snyk/cli-extension-sbom#164

OS Flow
snyk/cli-extension-os-flows#201

GAF
snyk/go-application-framework#520
snyk/go-application-framework#525

@brew42 brew42 self-assigned this Dec 18, 2025
@brew42 brew42 requested review from a team as code owners December 18, 2025 18:10
@brew42 brew42 marked this pull request as draft December 18, 2025 18:10
@brew42 brew42 force-pushed the feature/CSENG-68_AddFFG branch 8 times, most recently from ee6339b to 0583fce Compare December 24, 2025 10:48
@brew42 brew42 marked this pull request as ready for review December 24, 2025 11:12
@brew42 brew42 force-pushed the feature/CSENG-68_AddFFG branch 6 times, most recently from 980cd8c to 7102dbb Compare December 29, 2025 09:54
@brew42 brew42 changed the title chore:[CSENG-68] add ffg call Fetch Feature Flag with call to Feature Flag Gateway Api Dec 29, 2025
@brew42 brew42 force-pushed the feature/CSENG-68_AddFFG branch from 7102dbb to 08bcc34 Compare December 29, 2025 09:57
snyk-abedonik
snyk-abedonik reviewed Dec 30, 2025
View reviewed changes
@brew42 brew42 force-pushed the feature/CSENG-68_AddFFG branch from 08bcc34 to 70dbb05 Compare December 31, 2025 12:38
PeterSchafer
PeterSchafer reviewed Jan 5, 2026
View reviewed changes
PeterSchafer
PeterSchafer reviewed Jan 5, 2026
View reviewed changes
PeterSchafer
PeterSchafer reviewed Jan 5, 2026
View reviewed changes
PeterSchafer
PeterSchafer reviewed Jan 5, 2026
View reviewed changes
PeterSchafer
PeterSchafer reviewed Jan 5, 2026
View reviewed changes
PeterSchafer
PeterSchafer reviewed Jan 5, 2026
View reviewed changes
@brew42 brew42 force-pushed the feature/CSENG-68_AddFFG branch 4 times, most recently from a85c192 to b116a78 Compare January 26, 2026 11:45
PeterSchafer
PeterSchafer reviewed Jan 26, 2026
View reviewed changes
PeterSchafer
PeterSchafer reviewed Jan 26, 2026
View reviewed changes
@brew42 brew42 force-pushed the feature/CSENG-68_AddFFG branch 7 times, most recently from 72b2c14 to 3309560 Compare January 26, 2026 17:33
@brew42 brew42 requested a review from PeterSchafer January 27, 2026 09:49
@mihaibuzgau mihaibuzgau requested a review from gitphill January 28, 2026 10:26
@brew42 brew42 requested a review from mihaibuzgau January 29, 2026 10:31
PeterSchafer
PeterSchafer reviewed Jan 30, 2026
View reviewed changes
@brew42 brew42 force-pushed the feature/CSENG-68_AddFFG branch 2 times, most recently from 224a226 to 573acc2 Compare February 2, 2026 14:51
brew42
brew42 commented Feb 2, 2026
View reviewed changes
test/jest/unit/cli-commands/test-and-monitor.spec.ts
options,
);
expect(options.useImprovedDotnetWithoutPublish).toBe(true);

Copy link
Author

@brew42 brew42 Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@PeterSchafer added unit test to verify flags are passed in set to plugin call

@brew42 brew42 requested a review from PeterSchafer February 2, 2026 15:14
@brew42 brew42 force-pushed the feature/CSENG-68_AddFFG branch 3 times, most recently from 0f14677 to d62df24 Compare February 5, 2026 14:37
PeterSchafer
PeterSchafer reviewed Feb 5, 2026
View reviewed changes
.circleci/config.yml
type: string
# https://go.dev/doc/devel/release
default: '1.24.11'
default: '1.25.6'
Copy link
Contributor

@PeterSchafer PeterSchafer Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: Is the golang upgrade this intentional?

PeterSchafer
PeterSchafer reviewed Feb 5, 2026
View reviewed changes
@brew42 brew42 force-pushed the feature/CSENG-68_AddFFG branch from ff6c85e to 0e94b00 Compare February 5, 2026 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PeterSchafer PeterSchafer PeterSchafer left review comments

@gitphill gitphill gitphill approved these changes

@snyk-abedonik snyk-abedonik Awaiting requested review from snyk-abedonik

@mihaibuzgau mihaibuzgau Awaiting requested review from mihaibuzgau

At least 1 approving review is required to merge this pull request.

Assignees

@brew42 brew42

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@brew42 @gitphill @PeterSchafer @snyk-abedonik