Checkmarx · cx-ronit-steinberg · Jan 12, 2026 · Jan 12, 2026 · Jan 12, 2026 · Jan 12, 2026
@@ -291,6 +291,13 @@
 	ResultPolicyDefaultTimeout = 1
 )
 
+// License
+const (
+	CxOneAssistEnabledKey = "scan.config.plugins.cxoneassist"
+	CxDevAssistEnabledKey = "scan.config.plugins.cxdevassist"
+	DastEnabledKey = "scan.config.plugins.dastenabled"
+)
+
 // Results
 const (
 	SastType                       = "sast"

@@ -21,6 +21,7 @@ type JWTStruct struct {
 	AstLicense struct {
 		LicenseData struct {
 			AllowedEngines []string `json:"allowedEngines"`
+			DastEnabled    bool     `json:"dastEnabled"`
 		} `json:"LicenseData"`
 	} `json:"ast-license"`
 	ASTRoles             []string `json:"roles_ast"`
@@ -84,20 +85,25 @@ func (*JWTStruct) GetAllowedEngines(featureFlagsWrapper FeatureFlagsWrapper) (al
 }
 
 func (*JWTStruct) GetLicenseDetails() (licenseDetails map[string]string, err error) {
-	licenseDetails = make(map[string]string)
-
 	jwtStruct, err := getJwtStruct()
 	if err != nil {
 		return nil, err
 	}
+	return buildLicenseDetailsFromJWT(jwtStruct), nil
+}
+
+func buildLicenseDetailsFromJWT(jwtStruct *JWTStruct) map[string]string {
+	licenseDetails := make(map[string]string)
 
 	assistEnabled := containsIgnoreCase(jwtStruct.AstLicense.LicenseData.AllowedEngines, commonParams.CheckmarxOneAssistType) ||
 		containsIgnoreCase(jwtStruct.AstLicense.LicenseData.AllowedEngines, commonParams.AIProtectionType)
 	devAssistEnabled := containsIgnoreCase(jwtStruct.AstLicense.LicenseData.AllowedEngines, commonParams.CheckmarxDevAssistType)
 
-	licenseDetails["scan.config.plugins.cxoneassist"] = strconv.FormatBool(assistEnabled)
-	licenseDetails["scan.config.plugins.cxdevassist"] = strconv.FormatBool(devAssistEnabled)
-	return licenseDetails, nil
+	licenseDetails[commonParams.CxOneAssistEnabledKey] = strconv.FormatBool(assistEnabled)
+	licenseDetails[commonParams.CxDevAssistEnabledKey] = strconv.FormatBool(devAssistEnabled)
+	licenseDetails[commonParams.DastEnabledKey] = strconv.FormatBool(jwtStruct.AstLicense.LicenseData.DastEnabled)
+
+	return licenseDetails
 }
 
 // containsIgnoreCase returns true if target exists in arr using case-insensitive comparison

@@ -115,3 +115,91 @@
 		assert.Assert(t, !strings.Contains(parts[1], "\\"), "Username should not contain backslash")
 	})
 }
+
+func TestBuildLicenseDetailsFromJWT(t *testing.T) {
+	tests := []struct {
+		name                 string
+		allowedEngines       []string
+		dastEnabled          bool
+		expectedCxOneAssist  string
+		expectedCxDevAssist  string
+		expectedDast         string
+	}{
+		{
+			name:                 "all features enabled",
+			allowedEngines:       []string{"sast", "sca", commonParams.CheckmarxOneAssistType, commonParams.CheckmarxDevAssistType},
+			dastEnabled:          true,
+			expectedCxOneAssist:  "true",
+			expectedCxDevAssist:  "true",
+			expectedDast:         "true",
+		},
+		{
+			name:                 "all features enabled - AIProtection",
+			allowedEngines:       []string{"sast", "sca", commonParams.CheckmarxOneAssistType, commonParams.AIProtectionType},
+			dastEnabled:          true,
+			expectedCxOneAssist:  "true",
+			expectedCxDevAssist:  "false",
+			expectedDast:         "true",
+		},
+		{
+			name:                 "only dev assist enabled",
+			allowedEngines:       []string{"sast", commonParams.CheckmarxDevAssistType},
+			dastEnabled:          false,
+			expectedCxOneAssist:  "false",
+			expectedCxDevAssist:  "true",
+			expectedDast:         "false",
+		},
+		{
+			name:                 "no assist features enabled",
+			allowedEngines:       []string{"sast", "sca", "iac-security"},
+			dastEnabled:          false,
+			expectedCxOneAssist:  "false",
+			expectedCxDevAssist:  "false",
+			expectedDast:         "false",
+		},
+		{
+			name:                 "only dast enabled",
+			allowedEngines:       []string{"sast"},
+			dastEnabled:          true,
+			expectedCxOneAssist:  "false",
+			expectedCxDevAssist:  "false",
+			expectedDast:         "true",
+		},
+		{
+			name:                 "case insensitive matching",
+			allowedEngines:       []string{"checkmarx one assist", "checkmarx developer assist"},
+			dastEnabled:          false,
+			expectedCxOneAssist:  "true",
+			expectedCxDevAssist:  "true",
+			expectedDast:         "false",
+		},
+		{
+			name:                 "empty allowed engines",
+			allowedEngines:       []string{},
+			dastEnabled:          false,
+			expectedCxOneAssist:  "false",
+			expectedCxDevAssist:  "false",
+			expectedDast:         "false",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Create a JWT struct with test data
+			jwtStruct := &JWTStruct{}
+			jwtStruct.AstLicense.LicenseData.AllowedEngines = tt.allowedEngines
+			jwtStruct.AstLicense.LicenseData.DastEnabled = tt.dastEnabled
+
+			// Call the function under test
+			licenseDetails := buildLicenseDetailsFromJWT(jwtStruct)
+
+			// Assert the results
+			assert.Equal(t, tt.expectedCxOneAssist, licenseDetails[commonParams.CxOneAssistEnabledKey],
+				"CxOneAssist should be %s", tt.expectedCxOneAssist)
+			assert.Equal(t, tt.expectedCxDevAssist, licenseDetails[commonParams.CxDevAssistEnabledKey],
+				"CxDevAssist should be %s", tt.expectedCxDevAssist)
+			assert.Equal(t, tt.expectedDast, licenseDetails[commonParams.DastEnabledKey],
+				"Dast should be %s", tt.expectedDast)
+		})
+	}
+}
@@ -13,6 +13,7 @@ type JWTMockWrapper struct {
 	EnterpriseSecretsEnabled  int
 	SecretDetectionEnabled    int
 	CheckmarxOneAssistEnabled int
+	DastEnabled               bool
 	CustomGetAllowedEngines   func(wrappers.FeatureFlagsWrapper) (map[string]bool, error)
 }
 
@@ -83,10 +84,11 @@ func (j *JWTMockWrapper) GetLicenseDetails() (licenseDetails map[string]string,
 	licenseDetails = make(map[string]string)
 
 	assistEnabled := (j.CheckmarxOneAssistEnabled != CheckmarxOneAssistDisabled) || (j.AIEnabled != AIProtectionDisabled)
-	licenseDetails["scan.config.plugins.cxoneassist"] = strconv.FormatBool(assistEnabled)
+	licenseDetails[params.CxOneAssistEnabledKey] = strconv.FormatBool(assistEnabled)
 
 	standaloneEnabled := true
-	licenseDetails["scan.config.plugins.cxdevassist"] = strconv.FormatBool(standaloneEnabled)
+	licenseDetails[params.CxDevAssistEnabledKey] = strconv.FormatBool(standaloneEnabled)
+	licenseDetails[params.DastEnabledKey] = strconv.FormatBool(j.DastEnabled)
 
 	for _, engine := range engines {
 		licenseDetails[engine] = licenseEnabledValue