CM-59777: Add --maven-settings-file option to report sbom command by niramna · Pull Request #388 · cycodehq/cycode-cli

niramna · 2026-02-17T20:27:36Z

Summary

Adds --maven-settings-file option to the report sbom command, bringing it to parity with the scan command
The shared Maven resolver (restore_maven_dependencies.py) already reads ctx.obj.get('maven_settings_file') and passes -s <path> to mvn — the only missing piece was accepting and storing the flag in sbom_command.py
Without this fix, users with private/enterprise Maven repositories would silently get incomplete dependency graphs when generating SBOMs via report sbom path

Run cycode report sbom path --maven-settings-file /path/to/settings.xml . against a Maven project that requires a custom settings.xml and verify the dependency tree resolves correctly
Run without --maven-settings-file and verify existing behavior is unchanged
Verify cycode report sbom --help shows the new option

🤖 Generated with Claude Code

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

niramna · 2026-02-17T20:46:04Z

I see it's a duplicate of #385 so i'm closing this one

CM-59777: Add --maven-settings-file option to report sbom command

72f5ed2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

niramna requested review from elsapet, gotbadger and mateusz-sterczewski as code owners February 17, 2026 20:27

niramna closed this Feb 17, 2026

niramna deleted the CM-59777-maven-settings-sbom branch February 17, 2026 20:50