CM-59712: add --maven-settings-file to report sbom path command

ronens88 · cursoragent · ronens88 · commit f31f24f53d5e · 2026-02-16T17:52:37.000+02:00
Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/README.md b/README.md
@@ -1307,6 +1307,12 @@ To create an SBOM report for a path:\
 For example:\
 `cycode report sbom --format spdx-2.3 --include-vulnerabilities --include-dev-dependencies path /path/to/local/project`
 
+The `path` subcommand supports the following additional options:
+
+| Option                  | Description                                                                                                                      |
+|-------------------------|----------------------------------------------------------------------------------------------------------------------------------|
+| `--maven-settings-file` | For Maven only, allows using a custom [settings.xml](https://maven.apache.org/settings.html) file when building the dependency tree |
+
 # Import Command
 
 ## Importing SBOM
diff --git a/cycode/cli/apps/report/sbom/path/path_command.py b/cycode/cli/apps/report/sbom/path/path_command.py
@@ -1,6 +1,6 @@
 import time
 from pathlib import Path
-from typing import Annotated
+from typing import Annotated, Optional
 
 import typer
 
@@ -15,13 +15,28 @@
 from cycode.cli.utils.scan_utils import is_cycodeignore_allowed_by_scan_config
 
 
+_SCA_RICH_HELP_PANEL = 'SCA options'
+
+
 def path_command(
     ctx: typer.Context,
     path: Annotated[
         Path,
         typer.Argument(exists=True, resolve_path=True, help='Path to generate SBOM report for.', show_default=False),
     ],
+    maven_settings_file: Annotated[
+        Optional[Path],
+        typer.Option(
+            '--maven-settings-file',
+            show_default=False,
+            help='When specified, Cycode will use this settings.xml file when building the maven dependency tree.',
+            dir_okay=False,
+            rich_help_panel=_SCA_RICH_HELP_PANEL,
+        ),
+    ] = None,
 ) -> None:
+    ctx.obj['maven_settings_file'] = maven_settings_file
+
     client = get_report_cycode_client(ctx)
     report_parameters = ctx.obj['report_parameters']
     output_format = report_parameters.output_format
