Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

fix: include license violations in diff results + SDK 2.1.8 upgrade #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dacoburn merged 6 commits into main from doug/fix-diff-results-for-violation
Aug 23, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions .github/workflows/docker-stable.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,23 +21,24 @@ jobs:
fi
echo "Version ${{ inputs.version }} found on PyPI - proceeding with release"

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub with Organization Token
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build & Push Stable Docker
uses: docker/build-push-action@v5
with:
push: true
platforms: linux/amd64,linux/arm64
tags: socketdev/cli:stable
build-args: |
CLI_VERSION=${{ inputs.version }}
CLI_VERSION=${{ inputs.version }}

14 changes: 7 additions & 7 deletions .github/workflows/pr-preview.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,19 +119,19 @@ jobs:
echo "success=false" >> $GITHUB_OUTPUT
exit 1

- name: Login to Docker Hub
if: steps.verify_package.outputs.success == 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub with Organization Token
if: steps.verify_package.outputs.success == 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build & Push Docker Preview
if: steps.verify_package.outputs.success == 'true'
uses: docker/build-push-action@v5
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/release.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,18 +68,18 @@ jobs:
if: steps.version_check.outputs.pypi_exists != 'true'
uses: pypa/gh-action-pypi-publish@v1.12.4

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub with Organization Token
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Verify package is installable
id: verify_package
env:
Expand Down
3 changes: 3 additions & 0 deletions README.md
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ If you don't want to provide the Socket API Token every time then you can use th
|:-------------------------|:---------|:--------|:----------------------------------------------------------------------|
| --ignore-commit-files | False | False | Ignore commit files |
| --disable-blocking | False | False | Disable blocking mode |
| --enable-diff | False | False | Enable diff mode even when using --integration api (forces diff mode without SCM integration) |
| --scm | False | api | Source control management type |
| --timeout | False | | Timeout in seconds for API requests |
| --include-module-folders | False | False | If enabled will include manifest files from folders like node_modules |
Expand Down Expand Up @@ -205,13 +206,15 @@ The CLI determines which files to scan based on the following logic:
- **Differential Mode**: When manifest files are detected in changes, performs a diff scan with PR/MR comment integration
- **API Mode**: When no manifest files are in changes, creates a full scan report without PR comments but still scans the entire repository
- **Force Mode**: With `--ignore-commit-files`, always performs a full scan regardless of changes
- **Forced Diff Mode**: With `--enable-diff`, forces differential mode even when using `--integration api` (without SCM integration)

### Examples

- **Commit with manifest file**: If your commit includes changes to `package.json`, a differential scan will be triggered automatically with PR comment integration.
- **Commit without manifest files**: If your commit only changes non-manifest files (like `.github/workflows/socket.yaml`), the CLI automatically switches to API mode and performs a full repository scan.
- **Using `--files`**: If you specify `--files '["package.json"]'`, the CLI will check if this file exists and is a manifest file before determining scan type.
- **Using `--ignore-commit-files`**: This forces a full scan of all manifest files in the target path, regardless of what's in your commit.
- **Using `--enable-diff`**: Forces diff mode without SCM integration - useful when you want differential scanning but are using `--integration api`. For example: `socketcli --integration api --enable-diff --target-path /path/to/repo`
- **Auto-detection**: Most CI/CD scenarios now work with just `socketcli --target-path /path/to/repo --scm github --pr-number $PR_NUM`

## Debugging and Troubleshooting
Expand Down
4 changes: 2 additions & 2 deletions pyproject.toml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ build-backend = "hatchling.build"

[project]
name = "socketsecurity"
version = "2.1.35"
version = "2.2.0"
requires-python = ">= 3.10"
license = {"file" = "LICENSE"}
dependencies = [
Expand All @@ -16,7 +16,7 @@ dependencies = [
'GitPython',
'packaging',
'python-dotenv',
'socket-sdk-python>=2.1.5,<3'
'socket-sdk-python>=2.1.8,<3'
]
readme = "README.md"
description = "Socket Security CLI for CI/CD"
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ requests==2.32.4
# via socketsecurity
smmap==5.0.2
# via gitdb
socket-sdk-python==2.1.5
socket-sdk-python==2.1.8
# via socketsecurity
typing-extensions==4.12.2
# via socket-sdk-python
Expand Down
2 changes: 1 addition & 1 deletion socketsecurity/__init__.py
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
__author__ = 'socket.dev'
__version__ = '2.1.35'
__version__ = '2.2.0'
7 changes: 7 additions & 0 deletions socketsecurity/config.py
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ class CliConfig:
integration_type: IntegrationType = "api"
integration_org_slug: Optional[str] = None
pending_head: bool = False
enable_diff: bool = False
timeout: Optional[int] = 1200
exclude_license_details: bool = False
include_module_folders: bool = False
Expand Down Expand Up @@ -421,6 +422,12 @@ def create_argument_parser() -> argparse.ArgumentParser:
action="store_true",
help=argparse.SUPPRESS
)
advanced_group.add_argument(
"--enable-diff",
dest="enable_diff",
action="store_true",
help="Enable diff mode even when using --integration api (forces diff mode without SCM integration)"
)
advanced_group.add_argument(
"--scm",
metavar="<type>",
Expand Down
Loading
Loading

AltStyle γ«γ‚ˆγ£γ¦ε€‰ζ›γ•γ‚ŒγŸγƒšγƒΌγ‚Έ (->γ‚ͺγƒͺγ‚ΈγƒŠγƒ«) /