Fix: Preserve scan status codes in merged results

eyalk007 · eyalk007 · commit bccd93268960 · 2026-01-22T15:39:06.000+02:00
When merging SCA and JAS diff results, the ResultsStatus field was not being copied,
causing all status codes (SastStatusCode, IacStatusCode, etc.) to remain nil.
This resulted in Frogbot displaying 'Not Scanned' for JAS scans even when they
ran successfully but produced 0 new findings after diff.

Now properly merging SCA status codes (including ContextualAnalysis) and JAS-only
status codes (SAST, Secrets, IaC) into the unified results.
diff --git a/tests/testdata/projects/package-managers/go/curation-project/go.sum b/tests/testdata/projects/package-managers/go/curation-project/go.sum
@@ -0,0 +1,3 @@
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+rsc.io/quote v1.5.2/go.mod h1:LzX7hefJvL54yjefDEDHNONDjII0t9xZLPXsUe+TKr0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/utils/results/diff.go b/utils/results/diff.go
@@ -32,6 +32,25 @@ func MergeScaAndJasResults(scaResults, jasDiffResults *SecurityCommandResults) *
 			AppsConfigModule: scaTarget.AppsConfigModule,
 			ScaResults:       scaTarget.ScaResults,
 			JasResults:       scaTarget.JasResults,
+			ResultsStatus:    scaTarget.ResultsStatus, // Preserve SCA scan status
+		}
+
+		// Merge JAS status codes if JAS scans were performed
+		// Note: ContextualAnalysis is part of SCA, not JAS, so we don't override it here
+		if jasTarget != nil {
+			// JAS status codes take precedence (they include the JAS scan results)
+			if jasTarget.ResultsStatus.SastScanStatusCode != nil {
+				unifiedTarget.ResultsStatus.SastScanStatusCode = jasTarget.ResultsStatus.SastScanStatusCode
+			}
+			if jasTarget.ResultsStatus.IacScanStatusCode != nil {
+				unifiedTarget.ResultsStatus.IacScanStatusCode = jasTarget.ResultsStatus.IacScanStatusCode
+			}
+			if jasTarget.ResultsStatus.SecretsScanStatusCode != nil {
+				unifiedTarget.ResultsStatus.SecretsScanStatusCode = jasTarget.ResultsStatus.SecretsScanStatusCode
+			}
+			if jasTarget.ResultsStatus.MaliciousScanStatusCode != nil {
+				unifiedTarget.ResultsStatus.MaliciousScanStatusCode = jasTarget.ResultsStatus.MaliciousScanStatusCode
+			}
 		}
 
 		if jasTarget != nil && jasTarget.JasResults != nil {

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=`
	`2`	`+rsc.io/quote v1.5.2/go.mod h1:LzX7hefJvL54yjefDEDHNONDjII0t9xZLPXsUe+TKr0=`
	`3`	`+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=`