Checkmarx · cx-anjali-deore · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026
@@ -1037,6 +1037,11 @@
 		configArr = append(configArr, SCSConfig)
 	}
 
+	var aiscConfig = addAiscScan(featureFlagsWrapper, resubmitConfig)
+	if aiscConfig != nil {
+		configArr = append(configArr, aiscConfig)
+	}
+
 	info["config"] = configArr
 	var err2 error
 	*input, err2 = json.Marshal(info)
@@ -1164,6 +1169,31 @@
 	}
 }
 
+func addAiscScan(featureFlagWrapper wrappers.FeatureFlagsWrapper, resubmitConfig []wrappers.Config) map[string]interface{} {
+	// TODO: Add the aisc resubmit config, currently no value is passed in config
+	aiSupplyChainEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagWrapper, wrappers.AISupplyChainEnabled)
+	//aiSupplyChainGAEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagWrapper, wrappers.AISupplyChainGAEnabled)
+	// TODO GA enabled to be added
+	if scanTypeEnabled(commonParams.AiscType) && aiSupplyChainEnabled.Status {
+		aiscMapConfig := make(map[string]interface{})
+		aiscConfig := wrappers.AISCConfig{}
+		aiscMapConfig[resultsMapType] = commonParams.AiscType
+		aiscMapConfig[resultsMapValue] = &aiscConfig
+
+		for _, config := range resubmitConfig {
+			// TODO : to do this in future when config value comes
+			if config.Type == commonParams.AiscType && config.Value == nil {
+				continue
+			}
+		}
+
+		return aiscMapConfig
+
+	}
+
+	return nil
+}
+
 func addKicsScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) map[string]interface{} {
 	if scanTypeEnabled(commonParams.KicsType) {
 		kicsMapConfig := make(map[string]interface{})
@@ -1504,6 +1534,7 @@
 	scsLicensingV2Flag, _ := wrappers.GetSpecificFeatureFlag(featureFlagsWrapper, wrappers.ScsLicensingV2Enabled)
 
 	allowedEngines, err := jwtWrapper.GetAllowedEngines(featureFlagsWrapper)
+	logger.PrintIfVerbose(fmt.Sprintf("Allowed scan types: %v", allowedEngines))
 
 	isSbomScan, _ := cmd.PersistentFlags().GetBool(commonParams.SbomFlag)
 
@@ -2449,6 +2480,7 @@
 			jwtWrapper,
 			tenantWrapper,
 		)
+
 		defer cleanUpTempZip(zipFilePath)
 		if err != nil {
 			return errors.Errorf("%s", err)
@@ -2562,6 +2594,7 @@
 	scanModel := wrappers.Scan{}
 	// Try to parse to a scan model in order to manipulate the request payload
 	err = json.Unmarshal(input, &scanModel)
+
 	if err != nil {
 		return nil, "", errors.Wrapf(err, "%s: Input in bad format", failedCreating)
 	}

@@ -309,6 +309,7 @@ const (
 const (
 	SastType                       = "sast"
 	KicsType                       = "kics"
+	AiscType                       = "aisc"
 	APISecurityType                = "api-security"
 	AIProtectionType               = "AI Protection"
 	CheckmarxOneAssistType         = "Checkmarx One Assist"

@@ -21,6 +21,8 @@
 const maxRetries = 3
 const IncreaseFileUploadLimit = "INCREASE_FILE_UPLOAD_LIMIT"
 const ScaDeltaScanEnabled = "SCA_DELTASCAN_ENABLED"
+const AISupplyChainEnabled = "AI_SUPPLY_CHAIN_ENGINE_ENABLED"
+const AISupplyChainGAEnabled = "AI_SUPPLY_CHAIN_ENGINE_GA_ENABLED"
 
 var DefaultFFLoad bool = false
 

@@ -41,7 +41,7 @@ func NewJwtWrapper() JWTWrapper {
 }
 
 func getEnabledEngines(scsLicensingV2 bool) (enabledEngines []string) {
-	enabledEngines = []string{"sast", "sca", "api-security", "iac-security", "containers"}
+	enabledEngines = []string{"sast", "sca", "api-security", "iac-security", "containers", "aisc"}
 	if scsLicensingV2 {
 		enabledEngines = append(enabledEngines, commonParams.RepositoryHealthType, commonParams.SecretDetectionType)
 	} else {
@@ -57,6 +57,7 @@ func getDefaultEngines(scsLicensingV2 bool) (defaultEngines map[string]bool) {
 		"api-security": true,
 		"iac-security": true,
 		"containers":   true,
+		"aisc":         true,
 	}
 	if scsLicensingV2 {
 		defaultEngines[commonParams.RepositoryHealthType] = true

@@ -163,3 +163,6 @@
 	RepoToken        string `json:"repoToken,omitempty"`
 	GitCommitHistory string `json:"gitCommitHistory,omitempty"`
 }
+
+type AISCConfig struct {
+}