Tags: walmav/socket-python-cli
Tags
Fix reachability filtering, add config file support (SocketDev#169) * Add SARIF scoping/reachability controls, config file support Signed-off-by: lelia <[email protected]> * Add coverage for new SARIF scoping, config file behavior Signed-off-by: lelia <[email protected]> * Add config examples for different use cases Signed-off-by: lelia <[email protected]> * Refactor docs to reduce README complexity, create dedicated CLI and CI/CD guides Signed-off-by: lelia <[email protected]> * Bump version for release Signed-off-by: lelia <[email protected]> * Add shared selector/filter module Signed-off-by: lelia <[email protected]> * Refactor output handling to use shared alert selection Signed-off-by: lelia <[email protected]> * Refactor Slack diff filtering to use shared selection semantics, facts-aware reachable filtering Signed-off-by: lelia <[email protected]> * Add unit tests for shared selection logic Signed-off-by: lelia <[email protected]> * Add unit tests for new Slack behavior Signed-off-by: lelia <[email protected]> * Update output tests for strict-blocking and SARIF Signed-off-by: lelia <[email protected]> * Add JSON config examples for reference Signed-off-by: lelia <[email protected]> * Remove unnecessary backwards compat logic Signed-off-by: lelia <[email protected]> * Docs refactor for better readability, dedicated guides for CLI + CI/CD usage Signed-off-by: lelia <[email protected]> * Bump version for release Signed-off-by: lelia <[email protected]> * Fix missing version check expected in PR preview Signed-off-by: lelia <[email protected]> * Fix PR preview worklfow to use updated version check Signed-off-by: lelia <[email protected]> * Fix e2e regression tests to use correct SARIF flags and remove legacy assertions Signed-off-by: lelia <[email protected]> --------- Signed-off-by: lelia <[email protected]>
Fix has_manifest_files failing to match root-level manifest files (So… …cketDev#168) * Fix has_manifest_files failing to match root-level manifest files PurePath.match("**/package.json") returns False for root-level files in Python 3.12+ because ** requires at least one directory component. The function was unconditionally prepending **/ to all patterns, causing root-level manifests like package.json and package-lock.json to never match. This forced every scan into full scan mode instead of diff scan mode, which meant MR/PR comments were never posted. Fix by trying the direct pattern match first, then falling back to the **/ prefixed pattern for subdirectory matching. Fixes Zendesk #2447 * Bump version to 2.2.77 * Add tests/core to CI trigger paths and test command * Fixing compatibility drift between CLI <> SDK surfaced by test failures Signed-off-by: lelia <[email protected]> * Fixing core test failures caused by updated stale fixtures, outdated test construction Signed-off-by: lelia <[email protected]> --------- Signed-off-by: lelia <[email protected]> Co-authored-by: lelia <[email protected]>
SARIF file output and reachability filtering (SocketDev#165) * Add support for SARIF file output Signed-off-by: lelia <[email protected]> * Ignore SARIF results Signed-off-by: lelia <[email protected]> * Add test for new SARIF output functionality Signed-off-by: lelia <[email protected]> * Document new CLI output flag and clarify intended usage Signed-off-by: lelia <[email protected]> * Bump version to prep for release Signed-off-by: lelia <[email protected]> * Bump version to account for new release Signed-off-by: lelia <[email protected]> * Add workflow for running unittests Signed-off-by: lelia <[email protected]> * Tweak workflow name Signed-off-by: lelia <[email protected]> * Install dev dependencies for testing Signed-off-by: lelia <[email protected]> * Update lockfile Signed-off-by: lelia <[email protected]> * Add configurable option for reachabilty filtering with SARIF Signed-off-by: lelia <[email protected]> * Implement reachabilty logic for SARIF output Signed-off-by: lelia <[email protected]> * Add unittests to cover new reachability filtering functionality Signed-off-by: lelia <[email protected]> * Update README to document new filtering options and required use of --reach flag Signed-off-by: lelia <[email protected]> * Update e2e tests to include SARIF workflow Signed-off-by: lelia <[email protected]> * Impove Slack bot mode debug logging to surface failures Signed-off-by: lelia <[email protected]> * Skip gitlab tests that pass incorrect mock client to constructor Signed-off-by: lelia <[email protected]> * Update old constructor to use current Mock(spec=CliConfig) pattern, plus other test fixes Signed-off-by: lelia <[email protected]> --------- Signed-off-by: lelia <[email protected]>
Update SDK version to fix `workspace` issue (SocketDev#167) * Update python SDK to v3.0.32 Signed-off-by: lelia <[email protected]> * Bump CLI version for release Signed-off-by: lelia <[email protected]> --------- Signed-off-by: lelia <[email protected]>
Add `workspace` flag to CLI args (SocketDev#164) * Add support for --workspace flag Signed-off-by: lelia <[email protected]> * Add tests to cover new workspace CLI args Signed-off-by: lelia <[email protected]> * Update README to document new CLI flag, and differentiate it from existing workspace-name flag Signed-off-by: lelia <[email protected]> * Update refs to use generic project names Signed-off-by: lelia <[email protected]> * Bump CLI version Signed-off-by: lelia <[email protected]> * Pin python and virtualenv versions to unblock builds Signed-off-by: lelia <[email protected]> * Bump published SDK version refs Signed-off-by: lelia <[email protected]> * Tweak helper text for CLI flag Signed-off-by: lelia <[email protected]> * Update CODEOWNERS to reflect proper team structure Signed-off-by: lelia <[email protected]> * Increment version again for release Signed-off-by: lelia <[email protected]> --------- Signed-off-by: lelia <[email protected]>
Merge pull request SocketDev#155 from SocketDev/add-strace-to-docker Add strace to Docker image
Merge pull request SocketDev#154 from SocketDev/set-scan-type-when-reach Set the scan type to socket_tier1 when using the reachability flag
Merge pull request SocketDev#153 from SocketDev/reach-new-flags feat: add new reachability flags and change analysis splitting default
Mucha dev gitlab security output (SocketDev#147) * feat: add GitLab Security Dashboard integration with Dependency Scanning report output Adds support for generating GitLab-compatible Dependency Scanning reports that integrate with GitLab's Security Dashboard. This feature enables Socket security findings to be displayed natively in GitLab merge requests and security dashboards. Key Features: - New --enable-gitlab-security flag to generate GitLab reports - New --gitlab-security-file flag for custom output paths (default: gl-dependency-scanning-report.json) - Generates GitLab Dependency Scanning schema v15.0.0 compliant reports - Supports multiple simultaneous output formats (JSON, SARIF, GitLab) - Includes actionable security alerts (error/warn level) in vulnerability reports - Maps Socket severity levels to GitLab severity (Critical, High, Medium, Low) - Extracts CVE identifiers and dependency chain information - Generates deterministic UUIDs for vulnerability tracking Implementation: - Added GitLab report generator in messages.py with helper functions for severity mapping, identifier extraction, and location parsing - Refactored OutputHandler to support multiple simultaneous output formats - Added comprehensive unit tests (test_gitlab_format.py) and integration tests - Updated documentation with usage examples, CI/CD integration guide, and alert filtering details Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * capturing all recent changes * chore: bump version to 2.3.0 for GitLab Security Dashboard feature Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * bumping version * Removing unneeded files --------- Co-authored-by: Jonathan Mucha <[email protected]> Co-authored-by: Claude Sonnet 4.5 <[email protected]> Co-authored-by: Douglas Coburn <[email protected]>
feat: add PyPy installation for Alpine on x86_64 (SocketDev#148) * feat: add PyPy installation for Alpine on x86_64 Install Alpine-compatible PyPy3.11 build on amd64 platforms to enable faster Python reachability analysis. * Fix versions & changelog * Bump version to 2.2.65 --------- Co-authored-by: Douglas Coburn <[email protected]>
PreviousNext