jfrog · attiasas · Jan 13, 2026 · orto17 · Jan 26, 2026 · attiasas
diff --git a/commands/audit/audit.go b/commands/audit/audit.go
@@ -590,18 +590,14 @@ func addJasScansToRunner(auditParallelRunner *utils.SecurityParallelRunner, audi
 		return
 	}
 	auditParallelRunner.ResultsMu.Lock()
-	repoKey := utils.GetGitRepoUrlKey(auditParams.resultsContext.GitRepoHttpsCloneUrl)
-	if isNewFlow {
-		// Violations by git repo key In JAS by AM not needed in the new flow.
-		repoKey = ""
-	}
 	scannerOptions := []jas.JasScannerOption{
 		jas.WithEnvVars(
 			scanResults.SecretValidation,
 			jas.GetDiffScanTypeValue(auditParams.diffMode, auditParams.resultsToCompare),
 			jas.GetAnalyzerManagerXscEnvVars(
+				isNewFlow,
 				auditParams.GetMultiScanId(),
-				repoKey,
+				utils.GetGitRepoUrlKey(auditParams.resultsContext.GitRepoHttpsCloneUrl),
 				auditParams.resultsContext.ProjectKey,
 				auditParams.resultsContext.Watches,
 				scanResults.GetTechnologies()...,

diff --git a/commands/maliciousscan/maliciousscan.go b/commands/maliciousscan/maliciousscan.go
@@ -145,12 +145,7 @@ func (cmd *MaliciousScanCommand) createJasScanner() (*jas.JasScanner, error) {
 		jas.WithEnvVars(
 			false,
 			jas.NotDiffScanEnvValue,
-			jas.GetAnalyzerManagerXscEnvVars(
-				"",
-				"",
-				cmd.project,
-				nil,
-			),
+			jas.GetAnalyzerManagerXscEnvVars(false, "", "", cmd.project, nil),
 		),
 		jas.WithMinSeverity(cmd.minSeverityFilter),
 	}

diff --git a/commands/scan/scan.go b/commands/scan/scan.go
@@ -550,6 +550,7 @@ func (scanCmd *ScanCommand) RunBinaryJasScans(cmdType utils.CommandType, msi str
 			secretValidation,
 			jas.NotDiffScanEnvValue,
 			jas.GetAnalyzerManagerXscEnvVars(
+				false,
 				msi,
 				// Passing but empty since not supported for binary scans
 				scanCmd.resultsContext.GitRepoHttpsCloneUrl,

diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go
@@ -37,6 +37,7 @@ const (
 	watchesEnvVariable                        = "AM_WATCHES"
 	projectEnvVariable                        = "AM_PROJECT_KEY"
 	gitRepoEnvVariable                        = "AM_GIT_REPO_VIOLATIONS"
+	newFlowEnvVariable                        = "AM_DUMMY_MODE"
 	notEntitledExitCode                       = 31
 	unsupportedCommandExitCode                = 13
 	unsupportedOsExitCode                     = 55

diff --git a/jas/common.go b/jas/common.go
@@ -474,8 +474,8 @@ func CheckForSecretValidation(xrayManager *xray.XrayServicesManager, xrayVersion
 	return err == nil && isEnabled
 }
 
-func GetAnalyzerManagerXscEnvVars(msi string, gitRepoUrl, projectKey string, watches []string, technologies ...techutils.Technology) map[string]string {
-	envVars := map[string]string{utils.JfMsiEnvVariable: msi}
+func GetAnalyzerManagerXscEnvVars(newFlow bool, msi string, gitRepoUrl, projectKey string, watches []string, technologies ...techutils.Technology) map[string]string {
+	envVars := map[string]string{utils.JfMsiEnvVariable: msi, newFlowEnvVariable: strconv.FormatBool(newFlow)}
 	if gitRepoUrl != "" {
 		envVars[gitRepoEnvVariable] = gitRepoUrl
 	}

diff --git a/jas/common_test.go b/jas/common_test.go
@@ -487,7 +487,7 @@ func TestGetAnalyzerManagerXscEnvVars(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			assert.Equal(t, test.expectedOutput, GetAnalyzerManagerXscEnvVars(test.msi, test.gitRepoUrl, test.projectKey, test.watches, test.technologies...))
+			assert.Equal(t, test.expectedOutput, GetAnalyzerManagerXscEnvVars(false, test.msi, test.gitRepoUrl, test.projectKey, test.watches, test.technologies...))
 		})
 	}
 }

diff --git a/jas/runner/jasrunner_test.go b/jas/runner/jasrunner_test.go
@@ -44,7 +44,7 @@ func TestJasRunner(t *testing.T) {
 	securityParallelRunnerForTest := utils.CreateSecurityParallelRunner(cliutils.Threads)
 	targetResults := results.NewCommandResults(utils.SourceCode).SetEntitledForJas(true).SetSecretValidation(true).NewScanResults(results.ScanTarget{Target: "target", Technology: techutils.Pip})
 
-	jasScanner, err := jas.NewJasScanner(&jas.FakeServerDetails, jas.WithEnvVars(false, jas.NotDiffScanEnvValue, jas.GetAnalyzerManagerXscEnvVars("", "", "", []string{}, targetResults.GetTechnologies()...)))
+	jasScanner, err := jas.NewJasScanner(&jas.FakeServerDetails, jas.WithEnvVars(false, jas.NotDiffScanEnvValue, jas.GetAnalyzerManagerXscEnvVars(false, "", "", "", []string{}, targetResults.GetTechnologies()...)))
 	assert.NoError(t, err)
 	jasScanner.AnalyzerManager.AnalyzerManagerFullPath, err = jas.GetAnalyzerManagerExecutable()
 	assert.NoError(t, err)