From 4ca63432684fb392e0bb8eab0ae9523efca8a48e Mon Sep 17 00:00:00 2001
From: Mateo Burillo <mateo.burillo@sysdig.com>
Date: Wed, 8 Apr 2026 17:27:54 +0200
Subject: [PATCH] feat: add --detailed-policies-eval parameter support

Adds a new boolean input to expose the CLI scanner's
--detailed-policies-eval flag via the Azure DevOps task.

Resolves ET-821.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 sysdig-cli-scan-task/src/InputFetch.ts     | 4 ++++
 sysdig-cli-scan-task/src/ScanningEngine.ts | 5 +++++
 sysdig-cli-scan-task/task.json             | 9 +++++++++
 3 files changed, 18 insertions(+)

diff --git a/sysdig-cli-scan-task/src/InputFetch.ts b/sysdig-cli-scan-task/src/InputFetch.ts
index f2eb72f..a60840c 100644
--- a/sysdig-cli-scan-task/src/InputFetch.ts
+++ b/sysdig-cli-scan-task/src/InputFetch.ts
@@ -64,6 +64,10 @@ export class InputFetch {
         return this.fetchString('policy', false);
     }
 
+    get detailedPoliciesEval(): boolean {
+        return tl.getBoolInput('detailedPoliciesEval');
+    }
+
     private error(input: string, required: boolean): string {
         if (required) {
             tl.setResult(tl.TaskResult.Failed, input.toUpperCase().concat(' fetch failed.'));
diff --git a/sysdig-cli-scan-task/src/ScanningEngine.ts b/sysdig-cli-scan-task/src/ScanningEngine.ts
index 7b3fbbe..48a7acc 100644
--- a/sysdig-cli-scan-task/src/ScanningEngine.ts
+++ b/sysdig-cli-scan-task/src/ScanningEngine.ts
@@ -79,6 +79,11 @@ export function buildScanningEngineArg(binaryPath: string): tr.ToolRunner {
   if (fetch.policy) {
     scanningEngine.arg(['--policy=' + fetch.policy]);
   }
+
+  if (fetch.detailedPoliciesEval) {
+    scanningEngine.arg('--detailed-policies-eval');
+  }
+
   // Add image to be scanned
   scanningEngine.arg(fetch.image);
 
diff --git a/sysdig-cli-scan-task/task.json b/sysdig-cli-scan-task/task.json
index bc384a8..f0a9099 100644
--- a/sysdig-cli-scan-task/task.json
+++ b/sysdig-cli-scan-task/task.json
@@ -132,6 +132,15 @@
       "required": false,
       "helpMarkDown": "Policy to evaluate in the pipeline execution. If not specified, only the Always Apply policy will be evaluated.",
       "groupName": "overrides"
+    },
+    {
+      "name": "detailedPoliciesEval",
+      "type": "boolean",
+      "label": "Show detailed policies evaluation results",
+      "defaultValue": false,
+      "required": false,
+      "helpMarkDown": "Show detailed per-policy evaluation results in the output.",
+      "groupName": "overrides"
     }
   ],
   "execution": {