Pull/merge request doesn't return error/success immediately if scan already exists for same project

[cx-scord]

Description

Pull/merge request doesn't return error/success immediately if scan already exists for same project, stalling the PR if block-merge is true, keeping it in pending status.

Expected Behavior

CxFlow should send a check fail on a "Active scan with ID XXXXXXXX already exists" error so the scan fails and enables the Merge Request button. Also, a Markdown comment with the reason could be sent out before it sends the check fail, with a clear message with something like "CxSAST scan still ongoing for this project, please close the PR and reopen when the scan ends it's ready".

Actual Behavior

When creating a pull/merge request right after a push for the same project on Github, if the request to create a scan fails on an already existing project error, the PR will stay indefinitely waiting in pending status for a scan update from CxFlow.

CxFlow error output archetype:

• com.checkmarx.sdk.exception.CheckmarxException: Active Scan with Id XXXXXXXX already exists for Project: YY at com.checkmarx.flow.service.SastScanner.scan(SastScanner.java:86)

This becomes worse if block-merge is "true" and/or if there's a branch rule that requires the scan to succeed with no vulnerabilities to enable the Merge button, since it will not be possible to merge while the fail/succeed status check isn't received by GitHub for that PR.

Reproduction

Requirements:

1. Have block-merge: true set in the application.yml config file as a github: property and/or a branch rule requiring a "checkmarx" status to be received;
2. Create a branch allowed on the branches: in the application.yml config file;
3. Immediately create a new branch on the branch created in action nº 2.;
4. Make a change on the new branch;
5. Create a pull-request to merge on the branch created in action nº 2.;
6. Check if Github is waiting for the outcome of the scan
7. Check the CxFlow for an "Active Scan with Id XXXXXXXX already exists for Project: YY" error.
8. PR will stay indefinitely waiting in pending status for a scan result.

Environment Details

• CxSAST 8.9 HF24 on windows 10
• CxFlow 1.6.3 running on Windows 10
• Github.com - online
• ngrok 2.3.35

[ghost]

@cx-scord , the bugfix has been done.
Also, just to make you aware, we also have a property called 'scan-resubmit' available under the cxflow block. If this is set to true, any existing ongoing scan (for the same project) will be canceled and a new scan will be submitted.

for e.g -
cx-flow:
scan-resubmit: true

[ghost]

CxFlow will now post a comment if it encounters any ongoing scan for the same project and will update the status of PR accordingly. The PR will not remain blocked anymore as originally stated in the bug description.