SCA-101 Scanner property to disable SCA scanning

2 files changed, 50 insertions, 12 deletions

diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/sca/ScaExecutor.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/sca/ScaExecutor.java
index 0ab6feb1aaa..06142fadb8f 100644
--- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/sca/ScaExecutor.java
+++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/sca/ScaExecutor.java
@@ -53,8 +53,15 @@ public class ScaExecutor {
   }
 
   public void execute(DefaultInputModule root) {
+    // Global feature flag
     if (!featureFlagsRepository.isEnabled(SCA_FEATURE_NAME)) {
-      LOG.debug("Dependency analysis skipped");
+      LOG.info("Dependency analysis skipped");
+      return;
+    }
+
+    // Project or scanner level feature flag
+    if (!configuration.getBoolean("sonar.sca.enabled").orElse(true)) {
+      LOG.info("Dependency analysis disabled for this project");
       return;
     }
 
diff --git a/sonar-scanner-engine/src/test/java/org/sonar/scanner/sca/ScaExecutorTest.java b/sonar-scanner-engine/src/test/java/org/sonar/scanner/sca/ScaExecutorTest.java
index ded24657569..aecbc7011a9 100644
--- a/sonar-scanner-engine/src/test/java/org/sonar/scanner/sca/ScaExecutorTest.java
+++ b/sonar-scanner-engine/src/test/java/org/sonar/scanner/sca/ScaExecutorTest.java
@@ -21,6 +21,7 @@ package org.sonar.scanner.sca;
 
 import java.io.File;
 import java.io.IOException;
+import java.util.Optional;
 import org.assertj.core.util.Files;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -64,17 +65,6 @@ class ScaExecutorTest {
   }
 
   @Test
-  void execute_shouldSkipAnalysisWhenFeatureFlagDisabled() {
-    when(featureFlagsRepository.isEnabled("sca")).thenReturn(false);
-    logTester.setLevel(Level.DEBUG);
-
-    underTest.execute(root);
-
-    assertThat(logTester.logs()).contains("Dependency analysis skipped");
-    verifyNoInteractions(cliService, cliCacheService);
-  }
-
-  @Test
   void execute_shouldCallCliAndPublisher() throws IOException {
     File mockCliFile = Files.newTemporaryFile();
     File mockManifestZip = Files.newTemporaryFile();
@@ -130,4 +120,45 @@ class ScaExecutorTest {
 
     verify(cliService, never()).generateManifestsZip(root, mockCliFile, configuration);
   }
+
+  @Test
+  void execute_whenGlobalFeatureDisabled_skips() {
+    when(featureFlagsRepository.isEnabled("sca")).thenReturn(false);
+    logTester.setLevel(Level.DEBUG);
+
+    underTest.execute(root);
+
+    assertThat(logTester.logs()).contains("Dependency analysis skipped");
+    verifyNoInteractions(cliService, cliCacheService);
+  }
+
+  @Test
+  void execute_whenProjectPropertyDisabled_skips() {
+    when(configuration.getBoolean("sonar.sca.enabled")).thenReturn(Optional.of(false));
+    logTester.setLevel(Level.DEBUG);
+
+    underTest.execute(root);
+
+    assertThat(logTester.logs()).contains("Dependency analysis disabled for this project");
+    verifyNoInteractions(cliService, cliCacheService);
+  }
+
+  @Test
+  void execute_whenProjectPropertyExplicitlyEnabled_CallsCli() throws IOException {
+    when(configuration.getBoolean("sonar.sca.enabled")).thenReturn(Optional.of(true));
+    File mockCliFile = Files.newTemporaryFile();
+    File mockManifestZip = Files.newTemporaryFile();
+    ScannerReportWriter mockReportWriter = mock(ScannerReportWriter.class);
+    when(cliCacheService.cacheCli()).thenReturn(mockCliFile);
+    when(cliService.generateManifestsZip(root, mockCliFile, configuration)).thenReturn(mockManifestZip);
+    when(reportPublisher.getWriter()).thenReturn(mockReportWriter);
+    logTester.setLevel(Level.DEBUG);
+
+    underTest.execute(root);
+
+    verify(cliService).generateManifestsZip(root, mockCliFile, configuration);
+    verify(mockReportWriter).writeScaFile(mockManifestZip);
+    assertThat(logTester.logs(Level.DEBUG)).contains("Zip ready for report: " + mockManifestZip);
+    assertThat(logTester.logs(Level.DEBUG)).contains("Manifest zip written to report");
+  }
 }