Tags: SocketDev/socket-python-cli
Tags
Fix reachability filtering, add config file support (#169) * Add SARIF scoping/reachability controls, config file support Signed-off-by: lelia <lelia@socket.dev> * Add coverage for new SARIF scoping, config file behavior Signed-off-by: lelia <lelia@socket.dev> * Add config examples for different use cases Signed-off-by: lelia <lelia@socket.dev> * Refactor docs to reduce README complexity, create dedicated CLI and CI/CD guides Signed-off-by: lelia <lelia@socket.dev> * Bump version for release Signed-off-by: lelia <lelia@socket.dev> * Add shared selector/filter module Signed-off-by: lelia <lelia@socket.dev> * Refactor output handling to use shared alert selection Signed-off-by: lelia <lelia@socket.dev> * Refactor Slack diff filtering to use shared selection semantics, facts-aware reachable filtering Signed-off-by: lelia <lelia@socket.dev> * Add unit tests for shared selection logic Signed-off-by: lelia <lelia@socket.dev> * Add unit tests for new Slack behavior Signed-off-by: lelia <lelia@socket.dev> * Update output tests for strict-blocking and SARIF Signed-off-by: lelia <lelia@socket.dev> * Add JSON config examples for reference Signed-off-by: lelia <lelia@socket.dev> * Remove unnecessary backwards compat logic Signed-off-by: lelia <lelia@socket.dev> * Docs refactor for better readability, dedicated guides for CLI + CI/CD usage Signed-off-by: lelia <lelia@socket.dev> * Bump version for release Signed-off-by: lelia <lelia@socket.dev> * Fix missing version check expected in PR preview Signed-off-by: lelia <lelia@socket.dev> * Fix PR preview worklfow to use updated version check Signed-off-by: lelia <lelia@socket.dev> * Fix e2e regression tests to use correct SARIF flags and remove legacy assertions Signed-off-by: lelia <lelia@socket.dev> --------- Signed-off-by: lelia <lelia@socket.dev>
Fix has_manifest_files failing to match root-level manifest files (#168) * Fix has_manifest_files failing to match root-level manifest files PurePath.match("**/package.json") returns False for root-level files in Python 3.12+ because ** requires at least one directory component. The function was unconditionally prepending **/ to all patterns, causing root-level manifests like package.json and package-lock.json to never match. This forced every scan into full scan mode instead of diff scan mode, which meant MR/PR comments were never posted. Fix by trying the direct pattern match first, then falling back to the **/ prefixed pattern for subdirectory matching. Fixes Zendesk #2447 * Bump version to 2.2.77 * Add tests/core to CI trigger paths and test command * Fixing compatibility drift between CLI <> SDK surfaced by test failures Signed-off-by: lelia <lelia@socket.dev> * Fixing core test failures caused by updated stale fixtures, outdated test construction Signed-off-by: lelia <lelia@socket.dev> --------- Signed-off-by: lelia <lelia@socket.dev> Co-authored-by: lelia <lelia@socket.dev>
SARIF file output and reachability filtering (#165) * Add support for SARIF file output Signed-off-by: lelia <lelia@socket.dev> * Ignore SARIF results Signed-off-by: lelia <lelia@socket.dev> * Add test for new SARIF output functionality Signed-off-by: lelia <lelia@socket.dev> * Document new CLI output flag and clarify intended usage Signed-off-by: lelia <lelia@socket.dev> * Bump version to prep for release Signed-off-by: lelia <lelia@socket.dev> * Bump version to account for new release Signed-off-by: lelia <lelia@socket.dev> * Add workflow for running unittests Signed-off-by: lelia <lelia@socket.dev> * Tweak workflow name Signed-off-by: lelia <lelia@socket.dev> * Install dev dependencies for testing Signed-off-by: lelia <lelia@socket.dev> * Update lockfile Signed-off-by: lelia <lelia@socket.dev> * Add configurable option for reachabilty filtering with SARIF Signed-off-by: lelia <lelia@socket.dev> * Implement reachabilty logic for SARIF output Signed-off-by: lelia <lelia@socket.dev> * Add unittests to cover new reachability filtering functionality Signed-off-by: lelia <lelia@socket.dev> * Update README to document new filtering options and required use of --reach flag Signed-off-by: lelia <lelia@socket.dev> * Update e2e tests to include SARIF workflow Signed-off-by: lelia <lelia@socket.dev> * Impove Slack bot mode debug logging to surface failures Signed-off-by: lelia <lelia@socket.dev> * Skip gitlab tests that pass incorrect mock client to constructor Signed-off-by: lelia <lelia@socket.dev> * Update old constructor to use current Mock(spec=CliConfig) pattern, plus other test fixes Signed-off-by: lelia <lelia@socket.dev> --------- Signed-off-by: lelia <lelia@socket.dev>
Add `workspace` flag to CLI args (#164) * Add support for --workspace flag Signed-off-by: lelia <lelia@socket.dev> * Add tests to cover new workspace CLI args Signed-off-by: lelia <lelia@socket.dev> * Update README to document new CLI flag, and differentiate it from existing workspace-name flag Signed-off-by: lelia <lelia@socket.dev> * Update refs to use generic project names Signed-off-by: lelia <lelia@socket.dev> * Bump CLI version Signed-off-by: lelia <lelia@socket.dev> * Pin python and virtualenv versions to unblock builds Signed-off-by: lelia <lelia@socket.dev> * Bump published SDK version refs Signed-off-by: lelia <lelia@socket.dev> * Tweak helper text for CLI flag Signed-off-by: lelia <lelia@socket.dev> * Update CODEOWNERS to reflect proper team structure Signed-off-by: lelia <lelia@socket.dev> * Increment version again for release Signed-off-by: lelia <lelia@socket.dev> --------- Signed-off-by: lelia <lelia@socket.dev>
Mucha dev gitlab security output (#147) * feat: add GitLab Security Dashboard integration with Dependency Scanning report output Adds support for generating GitLab-compatible Dependency Scanning reports that integrate with GitLab's Security Dashboard. This feature enables Socket security findings to be displayed natively in GitLab merge requests and security dashboards. Key Features: - New --enable-gitlab-security flag to generate GitLab reports - New --gitlab-security-file flag for custom output paths (default: gl-dependency-scanning-report.json) - Generates GitLab Dependency Scanning schema v15.0.0 compliant reports - Supports multiple simultaneous output formats (JSON, SARIF, GitLab) - Includes actionable security alerts (error/warn level) in vulnerability reports - Maps Socket severity levels to GitLab severity (Critical, High, Medium, Low) - Extracts CVE identifiers and dependency chain information - Generates deterministic UUIDs for vulnerability tracking Implementation: - Added GitLab report generator in messages.py with helper functions for severity mapping, identifier extraction, and location parsing - Refactored OutputHandler to support multiple simultaneous output formats - Added comprehensive unit tests (test_gitlab_format.py) and integration tests - Updated documentation with usage examples, CI/CD integration guide, and alert filtering details Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * capturing all recent changes * chore: bump version to 2.3.0 for GitLab Security Dashboard feature Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * bumping version * Removing unneeded files --------- Co-authored-by: Jonathan Mucha <jonathan@mucha.local> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> Co-authored-by: Douglas Coburn <douglas@dactbc.com>
feat: add PyPy installation for Alpine on x86_64 (#148) * feat: add PyPy installation for Alpine on x86_64 Install Alpine-compatible PyPy3.11 build on amd64 platforms to enable faster Python reachability analysis. * Fix versions & changelog * Bump version to 2.2.65 --------- Co-authored-by: Douglas Coburn <douglas@dactbc.com>
PreviousNext