Fetch Feature Flag with call to Feature Flag Gateway Api #6398

brew42 · 2025-12-18T18:10:37Z

Pull Request Submission Checklist

Follows CONTRIBUTING guidelines
Commit messages
are release-note ready, emphasizing
what was changed, not how.
Includes detailed description of changes
Contains risk assessment (Low | Medium | High)
Highlights breaking API changes (if applicable)
Links to automated tests covering new functionality
Includes manual testing instructions (if necessary)
Updates relevant GitBook documentation (PR link: ___)
Includes product update to be announced in the next stable release notes

What does this PR do?

Adds an interceptor for the registry call to fetch feature flag 'show-maven-build-scope' from the gaf configuration
See /cli/cliv2/internal/proxy/interceptor/registryinjector.go

Pass this feature flag to the maven plugin -> Plugin call to feature flag gateway from src/lib/snyk-test/index.js and pass flags to src/lib/plugins/get-single-plugin-result.ts where the mvn plugin is invoked with feature flag.

Where should the reviewer start?

/cli/cliv2/internal/proxy/interceptor/registryinjector.go
New Interceptor

src/lib/snyk-test/index.js
Call Feature Flag Gateway and set flag in featureFlags

src/lib/plugins/get-single-plugin-result.ts
Update to pass feature flag to maven plugin

How should this be manually tested?

Run sbom generation for org with and without the show-maven-build-scope feature flag enabled in flipt.
cli/binary-releases/snyk-macos-arm64 sbom --format cyclonedx1.6+json --debug

Run sbom generation for user authenticated with group service account token. Confirm default organization is passed to feature flag call scope is generated as expected.
cli/binary-releases/snyk-macos-arm64 auth <token>

Flag enabled - sbom output contains scope

{
            "bom-ref": "2-com.jpmorgan.snykcode:[email protected]",
            "type": "library",
            "group": "com.jpmorgan.snykcode",
            "name": "com.jpmorgan.snykcode:moneta-commons",
            "version": "2.0.4",
            "purl": "pkg:maven/com.jpmorgan.snykcode/[email protected]",
            "properties": [
                {
                    "name": "snyk:maven:build_scope",
                    "value": "compile"
                }
            ]
        },

Flag disabled - sbom output does not contain scope

{
            "bom-ref": "2-com.jpmorgan.snykcode:[email protected]",
            "type": "library",
            "group": "com.jpmorgan.snykcode",
            "name": "com.jpmorgan.snykcode:moneta-commons",
            "version": "2.0.4",
            "purl": "pkg:maven/com.jpmorgan.snykcode/[email protected]",
            "properties": [
            ]
        },

What's the product update that needs to be communicated to CLI users?

Sbom generated output will contain maven scope information for those organizations with the 'show-maven-build-scope' feature flag enabled

cliv2/internal/feature-flag-gateway/model.go

cliv2/cmd/cliv2/main.go

cliv2/internal/feature-flag-gateway/service.go

github-actions · 2026-01-15T09:46:40Z

	Warnings
⚠️	Since the CLI is unifying on a standard and improved tooling, we're starting to migrate old-style `import`s and `export`s to ES6 ones. A file you've modified is using either `module.exports` or `require()`. If you can, please update them to ES6 import syntax and export syntax. Files found: `test/jest/unit/cli-commands/test-and-monitor.spec.ts`

Generated by 🚫 dangerJS against c4e7766

PeterSchafer · 2026-01-16T11:11:37Z

cliv2/internal/proxy/interceptor/registryinjector.go

+	}
+}
+
+func NewRegistryInjector(invocationCtx workflow.InvocationContext) Interceptor {


Suggestion: I know naming is hard, but here maybe we should focus on the functionality that is intercepted. So something like LegacyFeatureFlagInterceptor might be a clearer framing

chore: update go sum chore: correct acceptance tests chore: revert feature flag gw call and route via proxy chore: fix formattting and tap tests chore:fix unit tests chore: rename interecptor

brew42 self-assigned this Dec 18, 2025

brew42 requested review from a team as code owners December 18, 2025 18:10

brew42 marked this pull request as draft December 18, 2025 18:10

brew42 force-pushed the feature/CSENG-68_AddFFG branch 8 times, most recently from ee6339b to 0583fce Compare December 24, 2025 10:48

brew42 marked this pull request as ready for review December 24, 2025 11:12

brew42 force-pushed the feature/CSENG-68_AddFFG branch 6 times, most recently from 980cd8c to 7102dbb Compare December 29, 2025 09:54

brew42 changed the title ~~chore:[CSENG-68] add ffg call~~ Fetch Feature Flag with call to Feature Flag Gateway Api Dec 29, 2025

brew42 force-pushed the feature/CSENG-68_AddFFG branch from 7102dbb to 08bcc34 Compare December 29, 2025 09:57

snyk-abedonik reviewed Dec 30, 2025

View reviewed changes

cliv2/internal/feature-flag-gateway/model.go Outdated Show resolved Hide resolved

snyk-abedonik approved these changes Dec 30, 2025

View reviewed changes

brew42 force-pushed the feature/CSENG-68_AddFFG branch from 08bcc34 to 70dbb05 Compare December 31, 2025 12:38