Tags: SocketDev/socket-python-cli
Tags
Migrate license enrichment to org-scoped endpoint (#180) * Backfill changelog for v2.2.74+ releases Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Migrate license enrichment to org-scoped endpoint Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Fix github project homepage on PyPI Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Bump version for release Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Properly bump version Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * bump SDK version to stage CLI release Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * fix e2e reachability tests, respect --disable-blocking when set Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * document --disable-blocking exit behavior Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> --------- Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> Co-authored-by: Eric Hibbs <eric@socket.dev>
Fix uv lockfile sync + version incrementation checks (#204) * update uv.lock to reflect new version Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * update version check workflow to include uv.lock Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * update python hooks to include uv sync Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * remove unused setup.py check from workflow Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * rev all versions to v2.2.89 Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> --------- Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
Add bun and vlt lockfiles (#202) * Add bun and vlt lockfiles * Add bun.lockb * Add unit tests for bun.lock, bun.lockb, and vlt-lock.json manifest matching Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Bump version to 2.2.87 Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Add missing version refs Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> --------- Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> Co-authored-by: lelia <2418071+lelia@users.noreply.github.com>
fix: bump Socket SDK version, handle missing diff scores (#193) * fix: handle missing diff scores in dependency overview Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * chore: bump release version for CLI Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * chore: bump SDK version for release Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> --------- Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
Add hidden reach-continue-on-* flags for Coana v15 (#191) * Add hidden reach-continue-on-* flags for Coana v15 Coana v15 introduces four new halt-by-default behaviors in socket mode and corresponding --reach-continue-on-* opt-outs. Expose them as hidden flags on the Python CLI so it is ready to forward them when Coana v15 becomes the default. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Bump version to 2.2.85 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fix: strip git name-rev suffix operators from detected branch name (#189 ) In detached-HEAD CI checkouts (common in Buildkite/CircleCI/Jenkins/etc. where none of the GitHub/GitLab/Bitbucket CI env vars are recognized), the Python CLI falls back to `git name-rev --name-only HEAD` to detect the current branch. When the checked-out SHA is not exactly at a branch tip (e.g. master moved forward after the pipeline started), name-rev returns strings like `remotes/origin/master~1` or `master^0`. The previous split('/')[-1] cleanup kept the `~N`/`^N` suffix, which the Socket API then rejected with "Invalid branch name". Strip anything from the first `~` or `^` onward before the prefix split. Both characters are forbidden in git ref names per check-ref-format(1), so truncating at them is always safe. Assisted-by: Claude Code:opus-4-7
Fix GitLab security report schema compliance + scan alert population (#… …182) * Bump incremental version Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Fix gitlab security report schema validation errors Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Populate gitlab security report with alerts for full scans Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Skip license-metadata API call when fetching full scan alerts Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Consolidate e2e test workflows, add additional coverage Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Strip logger timestamp prefix to fix e2e test Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Include unchanged alerts in GitLab report Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Fix commit status to count new + unchanged alerts when strict blocking enabled Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Add comparison table of alert behaviors between GitLab + JSON/SARIF Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Document comment-based ignore behavior differences Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * Add new unit tests for unchanged alerts Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * chore: bump npm test fixture versions Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> --------- Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
Fix broken links on PyPI by using absolute GitHub URLs (#174) PyPI renders the README but has no access to the repository file tree, so all relative links (docs/, examples/config/, workflows/) resolved against pypi.org and returned 404s. Replace with absolute URLs pointing to the main branch on GitHub.
Update required Python version, tweak CI checks (#172) * Add guard to not run on external fork PRs Signed-off-by: lelia <lelia@socket.dev> * Update python tests to include installation check Signed-off-by: lelia <lelia@socket.dev> * Bump project verison and required Python version Signed-off-by: lelia <lelia@socket.dev> * Add more unit test checks Signed-off-by: lelia <lelia@socket.dev> * Bump project version and required Python version Signed-off-by: lelia <lelia@socket.dev> * Add additional guardrails for PR check behaviors Signed-off-by: lelia <lelia@socket.dev> --------- Signed-off-by: lelia <lelia@socket.dev>
Fix reachability filtering, add config file support (#169) * Add SARIF scoping/reachability controls, config file support Signed-off-by: lelia <lelia@socket.dev> * Add coverage for new SARIF scoping, config file behavior Signed-off-by: lelia <lelia@socket.dev> * Add config examples for different use cases Signed-off-by: lelia <lelia@socket.dev> * Refactor docs to reduce README complexity, create dedicated CLI and CI/CD guides Signed-off-by: lelia <lelia@socket.dev> * Bump version for release Signed-off-by: lelia <lelia@socket.dev> * Add shared selector/filter module Signed-off-by: lelia <lelia@socket.dev> * Refactor output handling to use shared alert selection Signed-off-by: lelia <lelia@socket.dev> * Refactor Slack diff filtering to use shared selection semantics, facts-aware reachable filtering Signed-off-by: lelia <lelia@socket.dev> * Add unit tests for shared selection logic Signed-off-by: lelia <lelia@socket.dev> * Add unit tests for new Slack behavior Signed-off-by: lelia <lelia@socket.dev> * Update output tests for strict-blocking and SARIF Signed-off-by: lelia <lelia@socket.dev> * Add JSON config examples for reference Signed-off-by: lelia <lelia@socket.dev> * Remove unnecessary backwards compat logic Signed-off-by: lelia <lelia@socket.dev> * Docs refactor for better readability, dedicated guides for CLI + CI/CD usage Signed-off-by: lelia <lelia@socket.dev> * Bump version for release Signed-off-by: lelia <lelia@socket.dev> * Fix missing version check expected in PR preview Signed-off-by: lelia <lelia@socket.dev> * Fix PR preview worklfow to use updated version check Signed-off-by: lelia <lelia@socket.dev> * Fix e2e regression tests to use correct SARIF flags and remove legacy assertions Signed-off-by: lelia <lelia@socket.dev> --------- Signed-off-by: lelia <lelia@socket.dev>
PreviousNext