@socketsecurity/sdk 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/README.md +1 -1
  3. package/dist/constants.d.ts +1 -1
  4. package/dist/http-client.d.ts +21 -21
  5. package/dist/index.d.ts +1 -1
  6. package/dist/index.js +1339 -1098
  7. package/dist/promise-queue.d.ts +9 -9
  8. package/dist/socket-sdk-class.d.ts +528 -380
  9. package/dist/testing.d.ts +9 -9
  10. package/dist/types-strict.d.ts +180 -144
  11. package/dist/types.d.ts +14 -14
  12. package/dist/utils.d.ts +42 -42
  13. package/package.json +6 -4
  14. package/types/api.d.ts +1042 -409
package/types/api.d.ts CHANGED
@@ -7,7 +7,10 @@ export interface paths {
7
7
  '/purl': {
8
8
  /**
9
9
  * Get Packages by PURL
10
- * @description Batch retrieval of package metadata and alerts by PURL strings. Compatible witch CycloneDX reports.
10
+ * @deprecated
11
+ * @description **This endpoint is deprecated.** Deprecated since 2026-01-05. It will be removed on 2026-07-30.
12
+ *
13
+ * Batch retrieval of package metadata and alerts by PURL strings. Compatible with CycloneDX reports.
11
14
  *
12
15
  * Package URLs (PURLs) are an ecosystem agnostic way to identify packages.
13
16
  * CycloneDX SBOMs use the purl format to identify components.
@@ -135,7 +138,7 @@ export interface paths {
135
138
  *
136
139
  * To get a list of supported filetypes that can be uploaded in a full-scan, see the [Get supported file types](/reference/getsupportedfiles) endpoint.
137
140
  *
138
- * The maximum number of files you can upload at a time is 5000 and each file can be no bigger than 67 MB.
141
+ * The maximum number of files you can upload at a time is 5000 and each file can be no bigger than 268 MB.
139
142
  *
140
143
  * **Query Parameters:**
141
144
  * - `scan_type` (optional): The type of scan to perform. Defaults to 'socket'. Must be 32 characters or less. Used for categorizing multiple SBOM heads per repository branch.
@@ -233,7 +236,7 @@ export interface paths {
233
236
  *
234
237
  * Each uploaded archive is extracted server-side and any supported manifest files (like package.json, package-lock.json, pnpm-lock.yaml, etc.) are ingested for the scan. If you upload multiple archives in a single request, the manifests from every archive are merged into one full scan. The response includes any files that were ignored.
235
238
  *
236
- * The maximum combined number of files extracted from your upload is 5000 and each extracted file can be no bigger than 67 MB.
239
+ * The maximum combined number of files extracted from your upload is 5000 and each extracted file can be no bigger than 268 MB.
237
240
  *
238
241
  * This endpoint consumes 1 unit of your quota.
239
242
  *
@@ -242,6 +245,18 @@ export interface paths {
242
245
  */
243
246
  post: operations['CreateOrgFullScanArchive']
244
247
  }
248
+ '/orgs/{org_slug}/full-scans/{full_scan_id}/rescan': {
249
+ /**
250
+ * Rescan full scan
251
+ * @description Create a new full scan by rescanning an existing scan. A "shallow" rescan reapplies the latest policies to the previously cached dependency resolution results. A "deep" rescan reruns dependency resolution and applies the latest policies to the results.
252
+ *
253
+ * This endpoint consumes 1 unit of your quota.
254
+ *
255
+ * This endpoint requires the following org token scopes:
256
+ * - full-scans:create
257
+ */
258
+ post: operations['rescanOrgFullScan']
259
+ }
245
260
  '/orgs/{org_slug}/export/cdx/{id}': {
246
261
  /**
247
262
  * Export CycloneDX SBOM (Beta)
@@ -268,6 +283,31 @@ export interface paths {
268
283
  */
269
284
  get: operations['exportCDX']
270
285
  }
286
+ '/orgs/{org_slug}/export/openvex/{id}': {
287
+ /**
288
+ * Export OpenVEX Document (Beta)
289
+ * @description Export vulnerability exploitability data as an OpenVEX v0.2.0 document.
290
+ *
291
+ * OpenVEX (Vulnerability Exploitability eXchange) documents communicate the
292
+ * exploitability status of vulnerabilities in software products. This export
293
+ * includes:
294
+ *
295
+ * - **Patch data**: Vulnerabilities fixed by applied Socket patches are marked as "fixed"
296
+ * - **Reachability analysis**: Code reachability determines if vulnerable code is exploitable:
297
+ * - Unreachable code → "not_affected" with justification
298
+ * - Reachable code → "affected"
299
+ * - Unknown/pending → "under_investigation"
300
+ *
301
+ * Each statement in the document represents a single artifact-vulnerability pair
302
+ * for granular reachability information.
303
+ *
304
+ * This endpoint consumes 1 unit of your quota.
305
+ *
306
+ * This endpoint requires the following org token scopes:
307
+ * - report:read
308
+ */
309
+ get: operations['exportOpenVEX']
310
+ }
271
311
  '/orgs/{org_slug}/export/spdx/{id}': {
272
312
  /**
273
313
  * Export SPDX SBOM (Beta)
@@ -347,7 +387,7 @@ export interface paths {
347
387
  * Returns metadata about the diff scan. Once the diff scan is created, fetch the diff scan from
348
388
  * the [api_url](/reference/getDiffScanById) URL to get the contents of the diff.
349
389
  *
350
- * The maximum number of files you can upload at a time is 5000 and each file can be no bigger than 67 MB.
390
+ * The maximum number of files you can upload at a time is 5000 and each file can be no bigger than 268 MB.
351
391
  *
352
392
  * This endpoint consumes 1 unit of your quota.
353
393
  *
@@ -931,6 +971,107 @@ export interface paths {
931
971
  */
932
972
  get: operations['getOrgThreatFeedItems']
933
973
  }
974
+ '/orgs/{org_slug}/purl': {
975
+ /**
976
+ * Get Packages by PURL (Org Scoped)
977
+ * @description Batch retrieval of package metadata and alerts by PURL strings for a specific organization. Compatible with CycloneDX reports.
978
+ *
979
+ * Package URLs (PURLs) are an ecosystem agnostic way to identify packages.
980
+ * CycloneDX SBOMs use the purl format to identify components.
981
+ * This endpoint supports fetching metadata and alerts for multiple packages at once by passing an array of purl strings, or by passing an entire CycloneDX report.
982
+ *
983
+ * **Note:** This endpoint has a batch size limit (default: 1024 PURLs per request). Requests exceeding this limit will return a 400 Bad Request error.
984
+ *
985
+ * More information on purl and CycloneDX:
986
+ *
987
+ * - [`purl` Spec](https://github.com/package-url/purl-spec)
988
+ * - [CycloneDX Spec](https://cyclonedx.org/specification/overview/#components)
989
+ *
990
+ * This endpoint returns the latest available alert data for artifacts in the batch (stale while revalidate).
991
+ * Actively running analysis will be returned when available on subsequent runs.
992
+ *
993
+ * ## Query Parameters
994
+ *
995
+ * This endpoint supports all query parameters from `POST /v0/purl` including: `alerts`, `actions`, `compact`, `fixable`, `licenseattrib`, `licensedetails`, `purlErrors`, `cachedResultsOnly`, and `summary`.
996
+ *
997
+ * Additionally, you may provide a `labels` query parameter to apply a repository label's security policies. Pass the label slug as the value (e.g., `?labels=production`). Only one label is currently supported.
998
+ *
999
+ * ## Examples:
1000
+ *
1001
+ * ### Looking up an npm package:
1002
+ *
1003
+ * ```json
1004
+ * {
1005
+ * "components": [
1006
+ * {
1007
+ * "purl": "pkg:npm/express@4.19.2"
1008
+ * }
1009
+ * ]
1010
+ * }
1011
+ * ```
1012
+ *
1013
+ * ### Looking up a PyPi package:
1014
+ *
1015
+ * ```json
1016
+ * {
1017
+ * "components": [
1018
+ * {
1019
+ * "purl": "pkg:pypi/django@5.0.6"
1020
+ * }
1021
+ * ]
1022
+ * }
1023
+ * ```
1024
+ *
1025
+ * ### Looking up a Maven package:
1026
+ *
1027
+ * ```json
1028
+ * {
1029
+ * "components": [
1030
+ * {
1031
+ * "purl": "pkg:maven/log4j/log4j@1.2.17"
1032
+ * }
1033
+ * ]
1034
+ * }
1035
+ * ```
1036
+ *
1037
+ * ### Batch lookup
1038
+ *
1039
+ * ```json
1040
+ * {
1041
+ * "components": [
1042
+ * {
1043
+ * "purl": "pkg:npm/express@4.19.2"
1044
+ * },
1045
+ * {
1046
+ * "purl": "pkg:pypi/django@5.0.6"
1047
+ * },
1048
+ * {
1049
+ * "purl": "pkg:maven/log4j/log4j@1.2.17"
1050
+ * }
1051
+ * ]
1052
+ * }
1053
+ * ```
1054
+ *
1055
+ * ### With label and options (query parameters):
1056
+ *
1057
+ * ```
1058
+ * POST /v0/orgs/{org_slug}/purl?labels=production&alerts=true&compact=true
1059
+ * {
1060
+ * "components": [
1061
+ * {
1062
+ * "purl": "pkg:npm/express@4.19.2"
1063
+ * }
1064
+ * ]
1065
+ * }
1066
+ * ```
1067
+ *
1068
+ * This endpoint consumes 100 units of your quota.
1069
+ *
1070
+ * This endpoint requires the following org token scopes:
1071
+ * - packages:list
1072
+ */
1073
+ post: operations['batchPackageFetchByOrg']
1074
+ }
934
1075
  '/orgs/{org_slug}/fixes': {
935
1076
  /**
936
1077
  * Fetch fixes for vulnerabilities in a repository or scan
@@ -938,6 +1079,57 @@ export interface paths {
938
1079
  * Requires either repo_slug or full_scan_id as well as vulnerability_ids to be provided.
939
1080
  * vulnerability_ids can be a comma-separated list of GHSA or CVE IDs, or "*" for all vulnerabilities.
940
1081
  *
1082
+ * ## Response Structure
1083
+ *
1084
+ * The response contains a `fixDetails` object where each key is a vulnerability ID (GHSA or CVE) and the value is a discriminated union based on the `type` field.
1085
+ *
1086
+ * ### Common Fields
1087
+ *
1088
+ * All response variants include:
1089
+ * - `type`: Discriminator field (one of: "fixFound", "partialFixFound", "noFixAvailable", "fixNotApplicable", "errorComputingFix")
1090
+ * - `value`: Object containing the variant-specific data
1091
+ *
1092
+ * The `value` object always contains:
1093
+ * - `ghsa`: string | null - The GHSA ID
1094
+ * - `cve`: string | null - The CVE ID (if available)
1095
+ * - `advisoryDetails`: object | null - Advisory details (only if include_details=true)
1096
+ *
1097
+ * ### Response Variants
1098
+ *
1099
+ * **fixFound**: A complete fix is available for all vulnerable packages
1100
+ * - `value.fixDetails.fixes`: Array of fix objects, each containing:
1101
+ * - `purl`: Package URL to upgrade
1102
+ * - `fixedVersion`: Version to upgrade to
1103
+ * - `manifestFiles`: Array of manifest files containing the package
1104
+ * - `updateType`: "patch" | "minor" | "major" | "unknown"
1105
+ * - `value.fixDetails.responsibleDirectDependencies`: (optional) Map of direct dependencies responsible for the vulnerability
1106
+ *
1107
+ * **partialFixFound**: Fixes available for some but not all vulnerable packages
1108
+ * - Same as fixFound, plus:
1109
+ * - `value.fixDetails.unfixablePurls`: Array of packages that cannot be fixed, each containing:
1110
+ * - `purl`: Package URL
1111
+ * - `manifestFiles`: Array of manifest files
1112
+ *
1113
+ * **noFixAvailable**: No fix exists for this vulnerability (no patched version published)
1114
+ *
1115
+ * **fixNotApplicable**: A fix exists but cannot be applied due to version constraints
1116
+ * - `value.vulnerableArtifacts`: Array of vulnerable packages with their manifest files
1117
+ *
1118
+ * **errorComputingFix**: An error occurred while computing fixes
1119
+ * - `value.message`: Error description
1120
+ *
1121
+ * ### Advisory Details (when include_details=true)
1122
+ *
1123
+ * - `title`: string | null
1124
+ * - `description`: string | null
1125
+ * - `cwes`: string[] - CWE identifiers
1126
+ * - `severity`: "LOW" | "MODERATE" | "HIGH" | "CRITICAL"
1127
+ * - `cvssVector`: string | null
1128
+ * - `publishedAt`: string (ISO date)
1129
+ * - `kev`: boolean - Whether it's a Known Exploited Vulnerability
1130
+ * - `epss`: number | null - Exploit Prediction Scoring System score
1131
+ * - `affectedPurls`: Array of affected packages with version ranges
1132
+ *
941
1133
  * This endpoint consumes 10 units of your quota.
942
1134
  *
943
1135
  * This endpoint requires the following org token scopes:
@@ -1032,6 +1224,18 @@ export interface paths {
1032
1224
  */
1033
1225
  get: operations['alertsList']
1034
1226
  }
1227
+ '/orgs/{org_slug}/alert-full-scan-search': {
1228
+ /**
1229
+ * List full scans associated with alert (Beta)
1230
+ * @description List full scans associated with alert.
1231
+ *
1232
+ * This endpoint consumes 10 units of your quota.
1233
+ *
1234
+ * This endpoint requires the following org token scopes:
1235
+ * - alerts:list
1236
+ */
1237
+ get: operations['alertFullScans']
1238
+ }
1035
1239
  '/license-policy': {
1036
1240
  /**
1037
1241
  * License Policy (Beta)
@@ -1638,7 +1842,7 @@ export interface components {
1638
1842
  _type: 'summary'
1639
1843
  value: components['schemas']['PurlSummarySchema']
1640
1844
  }
1641
- SocketBatchPURLFetch: {
1845
+ SocketOrgBatchPURLFetch: {
1642
1846
  components: Array<components['schemas']['SocketBatchPURLRequest']>
1643
1847
  }
1644
1848
  SocketArtifact: components['schemas']['SocketPURL'] &
@@ -1815,6 +2019,25 @@ export interface components {
1815
2019
  }
1816
2020
  }>
1817
2021
  }
2022
+ OpenVEXDocumentSchema: {
2023
+ /** @default https://openvex.dev/ns/v0.2.0 */
2024
+ '@context': string
2025
+ /** @default */
2026
+ '@id': string
2027
+ /** @default Socket Security */
2028
+ author: string
2029
+ /** @default */
2030
+ timestamp: string
2031
+ /** @default 1 */
2032
+ version: number
2033
+ statements: Array<components['schemas']['OpenVEXStatementSchema']>
2034
+ /** @default VEX Generator */
2035
+ role?: string
2036
+ /** @default */
2037
+ last_updated?: string
2038
+ /** @default Socket Security VEX Generator */
2039
+ tooling?: string
2040
+ }
1818
2041
  SPDXManifestSchema: {
1819
2042
  /** @default SPDX-2.3 */
1820
2043
  spdxVersion: string
@@ -2429,6 +2652,32 @@ export interface components {
2429
2652
  }>
2430
2653
  components?: Array<components['schemas']['CDXComponentSchema']>
2431
2654
  }
2655
+ OpenVEXStatementSchema: {
2656
+ vulnerability: components['schemas']['OpenVEXVulnerabilitySchema']
2657
+ products: Array<components['schemas']['OpenVEXProductSchema']>
2658
+ /** @default affected */
2659
+ status: string
2660
+ /** @default */
2661
+ '@id'?: string
2662
+ /** @default 0 */
2663
+ version?: number
2664
+ /** @default */
2665
+ timestamp?: string
2666
+ /** @default */
2667
+ last_updated?: string
2668
+ /** @default */
2669
+ supplier?: string
2670
+ /** @default */
2671
+ status_notes?: string
2672
+ /** @default */
2673
+ justification?: string
2674
+ /** @default */
2675
+ impact_statement?: string
2676
+ /** @default */
2677
+ action_statement?: string
2678
+ /** @default */
2679
+ action_statement_timestamp?: string
2680
+ }
2432
2681
  LicenseAllowListElabbed: {
2433
2682
  strings: string[]
2434
2683
  classes: string[]
@@ -3045,6 +3294,19 @@ export interface components {
3045
3294
  usage?: components['schemas']['SocketUsageRef']
3046
3295
  }
3047
3296
  }
3297
+ | {
3298
+ /** @enum {string} */
3299
+ type?: 'tooManyFiles'
3300
+ value?: components['schemas']['SocketIssueBasics'] & {
3301
+ /** @default */
3302
+ description: string
3303
+ props: {
3304
+ /** @default 0 */
3305
+ fileCount: number
3306
+ }
3307
+ usage?: components['schemas']['SocketUsageRef']
3308
+ }
3309
+ }
3048
3310
  | {
3049
3311
  /** @enum {string} */
3050
3312
  type?: 'generic'
@@ -3172,6 +3434,21 @@ export interface components {
3172
3434
  usage?: components['schemas']['SocketUsageRef']
3173
3435
  }
3174
3436
  }
3437
+ | {
3438
+ /** @enum {string} */
3439
+ type?: 'recentlyPublished'
3440
+ value?: components['schemas']['SocketIssueBasics'] & {
3441
+ /** @default */
3442
+ description: string
3443
+ props: {
3444
+ /** @default */
3445
+ publishedAt: string
3446
+ /** @default */
3447
+ checkedAt: string
3448
+ }
3449
+ usage?: components['schemas']['SocketUsageRef']
3450
+ }
3451
+ }
3175
3452
  | {
3176
3453
  /** @enum {string} */
3177
3454
  type?: 'licenseSpdxDisj'
@@ -4405,6 +4682,7 @@ export interface components {
4405
4682
  | 'pub'
4406
4683
  | 'pypi'
4407
4684
  | 'rpm'
4685
+ | 'socket'
4408
4686
  | 'swid'
4409
4687
  | 'swift'
4410
4688
  | 'vscode'
@@ -4453,6 +4731,22 @@ export interface components {
4453
4731
  /** @description Reachability analysis results for each vulnerability */
4454
4732
  results: Array<components['schemas']['ReachabilityResultItem']>
4455
4733
  }
4734
+ OpenVEXVulnerabilitySchema: {
4735
+ /** @default */
4736
+ name: string
4737
+ /** @default */
4738
+ '@id'?: string
4739
+ /** @default */
4740
+ description?: string
4741
+ aliases?: string[]
4742
+ }
4743
+ OpenVEXProductSchema: {
4744
+ /** @default */
4745
+ '@id': string
4746
+ identifiers?: components['schemas']['OpenVEXIdentifiersSchema']
4747
+ hashes?: components['schemas']['OpenVEXHashesSchema']
4748
+ subcomponents?: Array<components['schemas']['OpenVEXComponentSchema']>
4749
+ }
4456
4750
  SocketIssueBasics: {
4457
4751
  severity: components['schemas']['SocketIssueSeverity']
4458
4752
  category: components['schemas']['SocketCategory']
@@ -4508,6 +4802,46 @@ export interface components {
4508
4802
  */
4509
4803
  subprojectPath?: string
4510
4804
  }
4805
+ OpenVEXIdentifiersSchema: {
4806
+ /** @default */
4807
+ purl?: string
4808
+ /** @default */
4809
+ cpe23?: string
4810
+ /** @default */
4811
+ cpe22?: string
4812
+ }
4813
+ OpenVEXHashesSchema: {
4814
+ /** @default */
4815
+ md5?: string
4816
+ /** @default */
4817
+ sha1?: string
4818
+ /** @default */
4819
+ 'sha-256'?: string
4820
+ /** @default */
4821
+ 'sha-384'?: string
4822
+ /** @default */
4823
+ 'sha-512'?: string
4824
+ /** @default */
4825
+ 'sha3-224'?: string
4826
+ /** @default */
4827
+ 'sha3-256'?: string
4828
+ /** @default */
4829
+ 'sha3-384'?: string
4830
+ /** @default */
4831
+ 'sha3-512'?: string
4832
+ /** @default */
4833
+ 'blake2s-256'?: string
4834
+ /** @default */
4835
+ 'blake2b-256'?: string
4836
+ /** @default */
4837
+ 'blake2b-512'?: string
4838
+ }
4839
+ OpenVEXComponentSchema: {
4840
+ /** @default */
4841
+ '@id'?: string
4842
+ identifiers?: components['schemas']['OpenVEXIdentifiersSchema']
4843
+ hashes?: components['schemas']['OpenVEXHashesSchema']
4844
+ }
4511
4845
  SocketRefList: Array<components['schemas']['SocketRef']>
4512
4846
  SocketRefFile: {
4513
4847
  /** @default */
@@ -4777,6 +5111,19 @@ export interface components {
4777
5111
  }
4778
5112
  }
4779
5113
  }
5114
+ /** @description Resource already exists */
5115
+ SocketConflict: {
5116
+ content: {
5117
+ 'application/json': {
5118
+ error: {
5119
+ /** @default */
5120
+ message: string
5121
+ /** @default null */
5122
+ details: Record<string, unknown> | null
5123
+ }
5124
+ }
5125
+ }
5126
+ }
4780
5127
  /** @description Gone */
4781
5128
  SocketGone: {
4782
5129
  content: {
@@ -4804,7 +5151,10 @@ export type external = Record<string, never>
4804
5151
  export interface operations {
4805
5152
  /**
4806
5153
  * Get Packages by PURL
4807
- * @description Batch retrieval of package metadata and alerts by PURL strings. Compatible witch CycloneDX reports.
5154
+ * @deprecated
5155
+ * @description **This endpoint is deprecated.** Deprecated since 2026-01-05. It will be removed on 2026-07-30.
5156
+ *
5157
+ * Batch retrieval of package metadata and alerts by PURL strings. Compatible with CycloneDX reports.
4808
5158
  *
4809
5159
  * Package URLs (PURLs) are an ecosystem agnostic way to identify packages.
4810
5160
  * CycloneDX SBOMs use the purl format to identify components.
@@ -4888,7 +5238,7 @@ export interface operations {
4888
5238
  alerts?: boolean
4889
5239
  /** @description Include only alerts with comma separated actions defined by security policy. */
4890
5240
  actions?: Array<'error' | 'monitor' | 'warn' | 'ignore'>
4891
- /** @description Compact metadata. */
5241
+ /** @description Compact metadata. When enabled, excludes metadata fields like author, scores, size, dependencies, and manifest files. Always includes: id, type, name, version, release, namespace, subpath, alerts, and alertPriorities. */
4892
5242
  compact?: boolean
4893
5243
  /** @description Include only fixable alerts. */
4894
5244
  fixable?: boolean
@@ -4906,7 +5256,7 @@ export interface operations {
4906
5256
  }
4907
5257
  requestBody?: {
4908
5258
  content: {
4909
- 'application/json': components['schemas']['SocketBatchPURLFetch']
5259
+ 'application/json': components['schemas']['SocketOrgBatchPURLFetch']
4910
5260
  }
4911
5261
  }
4912
5262
  responses: {
@@ -5156,7 +5506,7 @@ export interface operations {
5156
5506
  *
5157
5507
  * To get a list of supported filetypes that can be uploaded in a full-scan, see the [Get supported file types](/reference/getsupportedfiles) endpoint.
5158
5508
  *
5159
- * The maximum number of files you can upload at a time is 5000 and each file can be no bigger than 67 MB.
5509
+ * The maximum number of files you can upload at a time is 5000 and each file can be no bigger than 268 MB.
5160
5510
  *
5161
5511
  * **Query Parameters:**
5162
5512
  * - `scan_type` (optional): The type of scan to perform. Defaults to 'socket'. Must be 32 characters or less. Used for categorizing multiple SBOM heads per repository branch.
@@ -5300,6 +5650,8 @@ export interface operations {
5300
5650
  | Array<'component' | 'formula'>
5301
5651
  /** @description Include license details in the response. This can increase the response size significantly. */
5302
5652
  include_license_details: boolean
5653
+ /** @description Return cached immutable scan results. When enabled and results are cached, returns the pre-computed scan. When results are not yet cached, returns 202 Accepted and enqueues a background job. */
5654
+ cached?: boolean
5303
5655
  }
5304
5656
  path: {
5305
5657
  /** @description The slug of the organization */
@@ -5315,6 +5667,17 @@ export interface operations {
5315
5667
  'application/x-ndjson': components['schemas']['SocketArtifact']
5316
5668
  }
5317
5669
  }
5670
+ /** @description Scan is being processed. Poll again later to retrieve results. */
5671
+ 202: {
5672
+ content: {
5673
+ 'application/json': {
5674
+ /** @default processing */
5675
+ status: string
5676
+ /** @default */
5677
+ id: string
5678
+ }
5679
+ }
5680
+ }
5318
5681
  400: components['responses']['SocketBadRequest']
5319
5682
  401: components['responses']['SocketUnauthorized']
5320
5683
  403: components['responses']['SocketForbidden']
@@ -5702,7 +6065,7 @@ export interface operations {
5702
6065
  *
5703
6066
  * Each uploaded archive is extracted server-side and any supported manifest files (like package.json, package-lock.json, pnpm-lock.yaml, etc.) are ingested for the scan. If you upload multiple archives in a single request, the manifests from every archive are merged into one full scan. The response includes any files that were ignored.
5704
6067
  *
5705
- * The maximum combined number of files extracted from your upload is 5000 and each extracted file can be no bigger than 67 MB.
6068
+ * The maximum combined number of files extracted from your upload is 5000 and each extracted file can be no bigger than 268 MB.
5706
6069
  *
5707
6070
  * This endpoint consumes 1 unit of your quota.
5708
6071
  *
@@ -5822,6 +6185,47 @@ export interface operations {
5822
6185
  429: components['responses']['SocketTooManyRequestsResponse']
5823
6186
  }
5824
6187
  }
6188
+ /**
6189
+ * Rescan full scan
6190
+ * @description Create a new full scan by rescanning an existing scan. A "shallow" rescan reapplies the latest policies to the previously cached dependency resolution results. A "deep" rescan reruns dependency resolution and applies the latest policies to the results.
6191
+ *
6192
+ * This endpoint consumes 1 unit of your quota.
6193
+ *
6194
+ * This endpoint requires the following org token scopes:
6195
+ * - full-scans:create
6196
+ */
6197
+ rescanOrgFullScan: {
6198
+ parameters: {
6199
+ query?: {
6200
+ /** @description The rescan mode: "shallow" (default) re-applies policies to cached data, "deep" re-fetches the SBOM stream. */
6201
+ mode?: 'shallow' | 'deep'
6202
+ }
6203
+ path: {
6204
+ /** @description The slug of the organization */
6205
+ org_slug: string
6206
+ /** @description The ID of the full scan to rescan */
6207
+ full_scan_id: string
6208
+ }
6209
+ }
6210
+ responses: {
6211
+ /** @description Rescan initiated successfully */
6212
+ 201: {
6213
+ content: {
6214
+ 'application/json': {
6215
+ /** @default The ID of the newly created full scan */
6216
+ id: string
6217
+ /** @default The status of the new scan */
6218
+ status: string
6219
+ }
6220
+ }
6221
+ }
6222
+ 400: components['responses']['SocketBadRequest']
6223
+ 401: components['responses']['SocketUnauthorized']
6224
+ 403: components['responses']['SocketForbidden']
6225
+ 404: components['responses']['SocketNotFoundResponse']
6226
+ 429: components['responses']['SocketTooManyRequestsResponse']
6227
+ }
6228
+ }
5825
6229
  /**
5826
6230
  * Export CycloneDX SBOM (Beta)
5827
6231
  * @description Export a Socket SBOM as a CycloneDX SBOM
@@ -5885,8 +6289,60 @@ export interface operations {
5885
6289
  }
5886
6290
  }
5887
6291
  /**
5888
- * Export SPDX SBOM (Beta)
5889
- * @description Export a Socket SBOM as a SPDX SBOM
6292
+ * Export OpenVEX Document (Beta)
6293
+ * @description Export vulnerability exploitability data as an OpenVEX v0.2.0 document.
6294
+ *
6295
+ * OpenVEX (Vulnerability Exploitability eXchange) documents communicate the
6296
+ * exploitability status of vulnerabilities in software products. This export
6297
+ * includes:
6298
+ *
6299
+ * - **Patch data**: Vulnerabilities fixed by applied Socket patches are marked as "fixed"
6300
+ * - **Reachability analysis**: Code reachability determines if vulnerable code is exploitable:
6301
+ * - Unreachable code → "not_affected" with justification
6302
+ * - Reachable code → "affected"
6303
+ * - Unknown/pending → "under_investigation"
6304
+ *
6305
+ * Each statement in the document represents a single artifact-vulnerability pair
6306
+ * for granular reachability information.
6307
+ *
6308
+ * This endpoint consumes 1 unit of your quota.
6309
+ *
6310
+ * This endpoint requires the following org token scopes:
6311
+ * - report:read
6312
+ */
6313
+ exportOpenVEX: {
6314
+ parameters: {
6315
+ query?: {
6316
+ /** @description The author of the VEX document. Should be an individual or organization. */
6317
+ author?: string
6318
+ /** @description The role of the document author (e.g., "VEX Generator", "Security Team"). */
6319
+ role?: string
6320
+ /** @description Custom IRI for the VEX document. If not provided, a default IRI will be generated. */
6321
+ document_id?: string
6322
+ }
6323
+ path: {
6324
+ /** @description The slug of the organization */
6325
+ org_slug: string
6326
+ /** @description The full scan OR sbom report ID */
6327
+ id: string
6328
+ }
6329
+ }
6330
+ responses: {
6331
+ /** @description OpenVEX v0.2.0 document */
6332
+ 200: {
6333
+ content: {
6334
+ 'application/json': components['schemas']['OpenVEXDocumentSchema']
6335
+ }
6336
+ }
6337
+ 400: components['responses']['SocketBadRequest']
6338
+ 401: components['responses']['SocketUnauthorized']
6339
+ 403: components['responses']['SocketForbidden']
6340
+ 429: components['responses']['SocketTooManyRequestsResponse']
6341
+ }
6342
+ }
6343
+ /**
6344
+ * Export SPDX SBOM (Beta)
6345
+ * @description Export a Socket SBOM as a SPDX SBOM
5890
6346
  *
5891
6347
  * Supported ecosystems:
5892
6348
  *
@@ -6039,6 +6495,8 @@ export interface operations {
6039
6495
  omit_license_details?: boolean
6040
6496
  /** @description Omit unchanged artifacts from the response. When set to true, the unchanged field will be set to null. */
6041
6497
  omit_unchanged?: boolean
6498
+ /** @description Return cached immutable scan results. When enabled and results are cached, returns the pre-computed scan. When results are not yet cached, returns 202 Accepted and enqueues a background job. Note: When cached=true, the omit_license_details parameter is ignored as cached results always includes license details. */
6499
+ cached?: boolean
6042
6500
  }
6043
6501
  path: {
6044
6502
  /** @description The slug of the organization */
@@ -6144,6 +6602,17 @@ export interface operations {
6144
6602
  }
6145
6603
  }
6146
6604
  }
6605
+ /** @description Scan is being processed. Poll again later to retrieve results. */
6606
+ 202: {
6607
+ content: {
6608
+ 'application/json': {
6609
+ /** @default processing */
6610
+ status: string
6611
+ /** @default */
6612
+ id: string
6613
+ }
6614
+ }
6615
+ }
6147
6616
  400: components['responses']['SocketBadRequest']
6148
6617
  401: components['responses']['SocketUnauthorized']
6149
6618
  403: components['responses']['SocketForbidden']
@@ -6315,7 +6784,7 @@ export interface operations {
6315
6784
  * Returns metadata about the diff scan. Once the diff scan is created, fetch the diff scan from
6316
6785
  * the [api_url](/reference/getDiffScanById) URL to get the contents of the diff.
6317
6786
  *
6318
- * The maximum number of files you can upload at a time is 5000 and each file can be no bigger than 67 MB.
6787
+ * The maximum number of files you can upload at a time is 5000 and each file can be no bigger than 268 MB.
6319
6788
  *
6320
6789
  * This endpoint consumes 1 unit of your quota.
6321
6790
  *
@@ -6463,6 +6932,7 @@ export interface operations {
6463
6932
  401: components['responses']['SocketUnauthorized']
6464
6933
  403: components['responses']['SocketForbidden']
6465
6934
  404: components['responses']['SocketNotFoundResponse']
6935
+ 409: components['responses']['SocketConflict']
6466
6936
  429: components['responses']['SocketTooManyRequestsResponse']
6467
6937
  }
6468
6938
  }
@@ -6589,6 +7059,7 @@ export interface operations {
6589
7059
  401: components['responses']['SocketUnauthorized']
6590
7060
  403: components['responses']['SocketForbidden']
6591
7061
  404: components['responses']['SocketNotFoundResponse']
7062
+ 409: components['responses']['SocketConflict']
6592
7063
  429: components['responses']['SocketTooManyRequestsResponse']
6593
7064
  }
6594
7065
  }
@@ -7870,6 +8341,13 @@ export interface operations {
7870
8341
  */
7871
8342
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
7872
8343
  }
8344
+ tooManyFiles?: {
8345
+ /**
8346
+ * @description The action to take for tooManyFiles issues.
8347
+ * @enum {string}
8348
+ */
8349
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
8350
+ }
7873
8351
  generic?: {
7874
8352
  /**
7875
8353
  * @description The action to take for generic issues.
@@ -7926,6 +8404,13 @@ export interface operations {
7926
8404
  */
7927
8405
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
7928
8406
  }
8407
+ recentlyPublished?: {
8408
+ /**
8409
+ * @description The action to take for recentlyPublished issues.
8410
+ * @enum {string}
8411
+ */
8412
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
8413
+ }
7929
8414
  licenseSpdxDisj?: {
7930
8415
  /**
7931
8416
  * @description The action to take for licenseSpdxDisj issues.
@@ -8749,6 +9234,13 @@ export interface operations {
8749
9234
  */
8750
9235
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
8751
9236
  }
9237
+ tooManyFiles?: {
9238
+ /**
9239
+ * @description The action to take for tooManyFiles issues.
9240
+ * @enum {string}
9241
+ */
9242
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
9243
+ }
8752
9244
  generic?: {
8753
9245
  /**
8754
9246
  * @description The action to take for generic issues.
@@ -8805,6 +9297,13 @@ export interface operations {
8805
9297
  */
8806
9298
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
8807
9299
  }
9300
+ recentlyPublished?: {
9301
+ /**
9302
+ * @description The action to take for recentlyPublished issues.
9303
+ * @enum {string}
9304
+ */
9305
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
9306
+ }
8808
9307
  licenseSpdxDisj?: {
8809
9308
  /**
8810
9309
  * @description The action to take for licenseSpdxDisj issues.
@@ -9782,6 +10281,13 @@ export interface operations {
9782
10281
  */
9783
10282
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
9784
10283
  }
10284
+ tooManyFiles?: {
10285
+ /**
10286
+ * @description The action to take for tooManyFiles issues.
10287
+ * @enum {string}
10288
+ */
10289
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
10290
+ }
9785
10291
  generic?: {
9786
10292
  /**
9787
10293
  * @description The action to take for generic issues.
@@ -9838,6 +10344,13 @@ export interface operations {
9838
10344
  */
9839
10345
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
9840
10346
  }
10347
+ recentlyPublished?: {
10348
+ /**
10349
+ * @description The action to take for recentlyPublished issues.
10350
+ * @enum {string}
10351
+ */
10352
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
10353
+ }
9841
10354
  licenseSpdxDisj?: {
9842
10355
  /**
9843
10356
  * @description The action to take for licenseSpdxDisj issues.
@@ -10654,6 +11167,13 @@ export interface operations {
10654
11167
  */
10655
11168
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
10656
11169
  }
11170
+ tooManyFiles?: {
11171
+ /**
11172
+ * @description The action to take for tooManyFiles issues.
11173
+ * @enum {string}
11174
+ */
11175
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
11176
+ }
10657
11177
  generic?: {
10658
11178
  /**
10659
11179
  * @description The action to take for generic issues.
@@ -10710,6 +11230,13 @@ export interface operations {
10710
11230
  */
10711
11231
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
10712
11232
  }
11233
+ recentlyPublished?: {
11234
+ /**
11235
+ * @description The action to take for recentlyPublished issues.
11236
+ * @enum {string}
11237
+ */
11238
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
11239
+ }
10713
11240
  licenseSpdxDisj?: {
10714
11241
  /**
10715
11242
  * @description The action to take for licenseSpdxDisj issues.
@@ -11495,6 +12022,13 @@ export interface operations {
11495
12022
  */
11496
12023
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
11497
12024
  }
12025
+ tooManyFiles?: {
12026
+ /**
12027
+ * @description The action to take for tooManyFiles issues.
12028
+ * @enum {string}
12029
+ */
12030
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
12031
+ }
11498
12032
  generic?: {
11499
12033
  /**
11500
12034
  * @description The action to take for generic issues.
@@ -11551,6 +12085,13 @@ export interface operations {
11551
12085
  */
11552
12086
  action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
11553
12087
  }
12088
+ recentlyPublished?: {
12089
+ /**
12090
+ * @description The action to take for recentlyPublished issues.
12091
+ * @enum {string}
12092
+ */
12093
+ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore'
12094
+ }
11554
12095
  licenseSpdxDisj?: {
11555
12096
  /**
11556
12097
  * @description The action to take for licenseSpdxDisj issues.
@@ -13728,8 +14269,10 @@ export interface operations {
13728
14269
  | 'ChangeMemberRole'
13729
14270
  | 'ChangePlanSubscriptionSeats'
13730
14271
  | 'CreateApiToken'
14272
+ | 'CreateArtifact'
13731
14273
  | 'CreateLabel'
13732
14274
  | 'CreateWebhook'
14275
+ | 'DeleteApiToken'
13733
14276
  | 'DeleteFullScan'
13734
14277
  | 'DeleteLabel'
13735
14278
  | 'DeleteLabelSetting'
@@ -13844,6 +14387,8 @@ export interface operations {
13844
14387
  per_page?: number
13845
14388
  /** @description The token specifying which page to return. */
13846
14389
  page?: number
14390
+ /** @description Whether to include token values in response. Use "omit" to exclude tokens entirely. */
14391
+ token_values?: 'include' | 'omit'
13847
14392
  }
13848
14393
  path: {
13849
14394
  /** @description The slug of the organization */
@@ -13892,6 +14437,17 @@ export interface operations {
13892
14437
  * @default
13893
14438
  */
13894
14439
  created_at: string
14440
+ /**
14441
+ * Format: uuid
14442
+ * @description The stable group UUID that remains constant across token rotations
14443
+ * @default
14444
+ */
14445
+ group_uuid: string
14446
+ /**
14447
+ * @description SRI-format hash of the token (e.g., sha512-base64hash). Null for tokens created before hash column was added.
14448
+ * @default
14449
+ */
14450
+ hash: string | null
13895
14451
  /**
13896
14452
  * @description The ID of the API Token
13897
14453
  * @default
@@ -13984,17 +14540,21 @@ export interface operations {
13984
14540
  | 'triage'
13985
14541
  | 'triage:alerts-list'
13986
14542
  | 'triage:alerts-update'
14543
+ | 'uploaded-artifacts'
14544
+ | 'uploaded-artifacts:create'
14545
+ | 'uploaded-artifacts:list'
13987
14546
  | 'webhooks'
13988
14547
  | 'webhooks:create'
13989
14548
  | 'webhooks:list'
13990
14549
  | 'webhooks:update'
13991
14550
  | 'webhooks:delete'
14551
+ | '*'
13992
14552
  )[]
13993
14553
  /**
13994
- * @description The obfuscated token of the API Token
14554
+ * @description The token of the API Token (redacted or omitted)
13995
14555
  * @default
13996
14556
  */
13997
- token: string
14557
+ token: string | null
13998
14558
  /**
13999
14559
  * @description The visibility of the API Token. Warning: this field is deprecated and will be removed in the future.
14000
14560
  * @default organization
@@ -14108,11 +14668,15 @@ export interface operations {
14108
14668
  | 'triage'
14109
14669
  | 'triage:alerts-list'
14110
14670
  | 'triage:alerts-update'
14671
+ | 'uploaded-artifacts'
14672
+ | 'uploaded-artifacts:create'
14673
+ | 'uploaded-artifacts:list'
14111
14674
  | 'webhooks'
14112
14675
  | 'webhooks:create'
14113
14676
  | 'webhooks:list'
14114
14677
  | 'webhooks:update'
14115
14678
  | 'webhooks:delete'
14679
+ | '*'
14116
14680
  >
14117
14681
  /**
14118
14682
  * @description The visibility of the API Token. Warning: this field is deprecated and will be removed in the future.
@@ -14171,18 +14735,26 @@ export interface operations {
14171
14735
  }
14172
14736
  }
14173
14737
  responses: {
14174
- /** @description The newly created api token. */
14738
+ /** @description The newly created api token with its stable UUID and hash. */
14175
14739
  200: {
14176
14740
  content: {
14177
14741
  'application/json': {
14178
14742
  /**
14179
14743
  * Format: uuid
14180
- * @description ID of the Socket user who created the API Token, if available
14744
+ * @description ID of the Socket user who created the API Token
14181
14745
  * @default
14182
14746
  */
14183
14747
  created_by: string | null
14748
+ /**
14749
+ * Format: uuid
14750
+ * @description The stable group UUID that remains constant across token rotations
14751
+ * @default
14752
+ */
14753
+ group_uuid: string
14184
14754
  /** @default */
14185
14755
  token: string
14756
+ /** @default */
14757
+ hash: string
14186
14758
  }
14187
14759
  }
14188
14760
  }
@@ -14287,17 +14859,16 @@ export interface operations {
14287
14859
  | 'triage'
14288
14860
  | 'triage:alerts-list'
14289
14861
  | 'triage:alerts-update'
14862
+ | 'uploaded-artifacts'
14863
+ | 'uploaded-artifacts:create'
14864
+ | 'uploaded-artifacts:list'
14290
14865
  | 'webhooks'
14291
14866
  | 'webhooks:create'
14292
14867
  | 'webhooks:list'
14293
14868
  | 'webhooks:update'
14294
14869
  | 'webhooks:delete'
14870
+ | '*'
14295
14871
  >
14296
- /**
14297
- * @description The API token to update
14298
- * @default
14299
- */
14300
- token: string
14301
14872
  /**
14302
14873
  * @description The visibility of the API Token. Warning: this field is deprecated and will be removed in the future.
14303
14874
  * @default organization
@@ -14333,6 +14904,27 @@ export interface operations {
14333
14904
  * @default api token
14334
14905
  */
14335
14906
  name?: string
14907
+ /**
14908
+ * Format: uuid
14909
+ * @description The stable group UUID to update (provide uuid, id, token, or hash. May provide uuid+hash together for validation)
14910
+ * @default
14911
+ */
14912
+ uuid?: string
14913
+ /**
14914
+ * @description The API token ID to update (provide uuid, id, token, or hash)
14915
+ * @default
14916
+ */
14917
+ id?: string
14918
+ /**
14919
+ * @description The API token to update (provide uuid, id, token, or hash)
14920
+ * @default
14921
+ */
14922
+ token?: string
14923
+ /**
14924
+ * @description The API token hash to update (provide uuid, id, token, or hash)
14925
+ * @default
14926
+ */
14927
+ hash?: string
14336
14928
  }
14337
14929
  }
14338
14930
  }
@@ -14341,8 +14933,11 @@ export interface operations {
14341
14933
  200: {
14342
14934
  content: {
14343
14935
  'application/json': {
14344
- /** @default */
14345
- token: string
14936
+ /**
14937
+ * @description SRI-format hash of the API token (e.g., sha512-base64hash)
14938
+ * @default
14939
+ */
14940
+ hash: string
14346
14941
  }
14347
14942
  }
14348
14943
  }
@@ -14367,28 +14962,49 @@ export interface operations {
14367
14962
  org_slug: string
14368
14963
  }
14369
14964
  }
14370
- /** @description The API Token to rotate */
14965
+ /** @description The API Token identifier to rotate. Provide uuid (recommended), token, or hash. May provide uuid+hash together for validation. */
14371
14966
  requestBody?: {
14372
14967
  content: {
14373
14968
  'application/json': {
14969
+ /**
14970
+ * Format: uuid
14971
+ * @description The stable group UUID of the API token to rotate
14972
+ * @default
14973
+ */
14974
+ uuid?: string
14374
14975
  /** @default */
14375
- token: string
14976
+ token?: string
14977
+ /** @default */
14978
+ hash?: string
14376
14979
  }
14377
14980
  }
14378
14981
  }
14379
14982
  responses: {
14380
- /** @description The replacement API Token */
14983
+ /** @description The replacement API Token with its stable UUID, new token value, and hash */
14381
14984
  200: {
14382
14985
  content: {
14383
14986
  'application/json': {
14987
+ /**
14988
+ * @description The database ID of the new API token
14989
+ * @default
14990
+ */
14991
+ id: string
14384
14992
  /**
14385
14993
  * Format: uuid
14386
- * @description ID of the Socket user who initiated the rotation, if available
14994
+ * @description The stable group UUID (unchanged after rotation)
14995
+ * @default
14996
+ */
14997
+ group_uuid: string
14998
+ /**
14999
+ * Format: uuid
15000
+ * @description ID of the Socket user who created the API Token
14387
15001
  * @default
14388
15002
  */
14389
15003
  created_by: string | null
14390
15004
  /** @default */
14391
15005
  token: string
15006
+ /** @default */
15007
+ hash: string
14392
15008
  }
14393
15009
  }
14394
15010
  }
@@ -14413,12 +15029,20 @@ export interface operations {
14413
15029
  org_slug: string
14414
15030
  }
14415
15031
  }
14416
- /** @description The token to revoke. */
15032
+ /** @description The API token identifier to revoke. Provide uuid (recommended), token, or hash. May provide uuid+hash together for validation. */
14417
15033
  requestBody?: {
14418
15034
  content: {
14419
15035
  'application/json': {
15036
+ /**
15037
+ * Format: uuid
15038
+ * @description The stable group UUID of the API token to revoke
15039
+ * @default
15040
+ */
15041
+ uuid?: string
14420
15042
  /** @default */
14421
- token: string
15043
+ token?: string
15044
+ /** @default */
15045
+ hash?: string
14422
15046
  }
14423
15047
  }
14424
15048
  }
@@ -14540,6 +15164,8 @@ export interface operations {
14540
15164
  | 'vscode'
14541
15165
  | 'pypi'
14542
15166
  | 'gem'
15167
+ | 'socket'
15168
+ | 'swift'
14543
15169
  }
14544
15170
  }
14545
15171
  responses: {
@@ -14553,6 +15179,8 @@ export interface operations {
14553
15179
  /** @default */
14554
15180
  updatedAt?: string
14555
15181
  /** @default */
15182
+ publishedAt?: string | null
15183
+ /** @default */
14556
15184
  description?: string
14557
15185
  /** @default 0 */
14558
15186
  id?: number
@@ -14650,6 +15278,8 @@ export interface operations {
14650
15278
  | 'vscode'
14651
15279
  | 'pypi'
14652
15280
  | 'gem'
15281
+ | 'socket'
15282
+ | 'swift'
14653
15283
  }
14654
15284
  path: {
14655
15285
  /** @description The slug of the organization */
@@ -14667,6 +15297,8 @@ export interface operations {
14667
15297
  /** @default */
14668
15298
  updatedAt?: string
14669
15299
  /** @default */
15300
+ publishedAt?: string | null
15301
+ /** @default */
14670
15302
  description?: string
14671
15303
  /** @default 0 */
14672
15304
  id?: number
@@ -14703,12 +15335,209 @@ export interface operations {
14703
15335
  429: components['responses']['SocketTooManyRequestsResponse']
14704
15336
  }
14705
15337
  }
15338
+ /**
15339
+ * Get Packages by PURL (Org Scoped)
15340
+ * @description Batch retrieval of package metadata and alerts by PURL strings for a specific organization. Compatible with CycloneDX reports.
15341
+ *
15342
+ * Package URLs (PURLs) are an ecosystem agnostic way to identify packages.
15343
+ * CycloneDX SBOMs use the purl format to identify components.
15344
+ * This endpoint supports fetching metadata and alerts for multiple packages at once by passing an array of purl strings, or by passing an entire CycloneDX report.
15345
+ *
15346
+ * **Note:** This endpoint has a batch size limit (default: 1024 PURLs per request). Requests exceeding this limit will return a 400 Bad Request error.
15347
+ *
15348
+ * More information on purl and CycloneDX:
15349
+ *
15350
+ * - [`purl` Spec](https://github.com/package-url/purl-spec)
15351
+ * - [CycloneDX Spec](https://cyclonedx.org/specification/overview/#components)
15352
+ *
15353
+ * This endpoint returns the latest available alert data for artifacts in the batch (stale while revalidate).
15354
+ * Actively running analysis will be returned when available on subsequent runs.
15355
+ *
15356
+ * ## Query Parameters
15357
+ *
15358
+ * This endpoint supports all query parameters from `POST /v0/purl` including: `alerts`, `actions`, `compact`, `fixable`, `licenseattrib`, `licensedetails`, `purlErrors`, `cachedResultsOnly`, and `summary`.
15359
+ *
15360
+ * Additionally, you may provide a `labels` query parameter to apply a repository label's security policies. Pass the label slug as the value (e.g., `?labels=production`). Only one label is currently supported.
15361
+ *
15362
+ * ## Examples:
15363
+ *
15364
+ * ### Looking up an npm package:
15365
+ *
15366
+ * ```json
15367
+ * {
15368
+ * "components": [
15369
+ * {
15370
+ * "purl": "pkg:npm/express@4.19.2"
15371
+ * }
15372
+ * ]
15373
+ * }
15374
+ * ```
15375
+ *
15376
+ * ### Looking up a PyPi package:
15377
+ *
15378
+ * ```json
15379
+ * {
15380
+ * "components": [
15381
+ * {
15382
+ * "purl": "pkg:pypi/django@5.0.6"
15383
+ * }
15384
+ * ]
15385
+ * }
15386
+ * ```
15387
+ *
15388
+ * ### Looking up a Maven package:
15389
+ *
15390
+ * ```json
15391
+ * {
15392
+ * "components": [
15393
+ * {
15394
+ * "purl": "pkg:maven/log4j/log4j@1.2.17"
15395
+ * }
15396
+ * ]
15397
+ * }
15398
+ * ```
15399
+ *
15400
+ * ### Batch lookup
15401
+ *
15402
+ * ```json
15403
+ * {
15404
+ * "components": [
15405
+ * {
15406
+ * "purl": "pkg:npm/express@4.19.2"
15407
+ * },
15408
+ * {
15409
+ * "purl": "pkg:pypi/django@5.0.6"
15410
+ * },
15411
+ * {
15412
+ * "purl": "pkg:maven/log4j/log4j@1.2.17"
15413
+ * }
15414
+ * ]
15415
+ * }
15416
+ * ```
15417
+ *
15418
+ * ### With label and options (query parameters):
15419
+ *
15420
+ * ```
15421
+ * POST /v0/orgs/{org_slug}/purl?labels=production&alerts=true&compact=true
15422
+ * {
15423
+ * "components": [
15424
+ * {
15425
+ * "purl": "pkg:npm/express@4.19.2"
15426
+ * }
15427
+ * ]
15428
+ * }
15429
+ * ```
15430
+ *
15431
+ * This endpoint consumes 100 units of your quota.
15432
+ *
15433
+ * This endpoint requires the following org token scopes:
15434
+ * - packages:list
15435
+ */
15436
+ batchPackageFetchByOrg: {
15437
+ parameters: {
15438
+ query?: {
15439
+ /** @description Repository label slugs to apply policies. Only one label is supported currently; the parameter is an array to allow future support for multiple labels. */
15440
+ labels?: string[]
15441
+ /** @description Include alert metadata. */
15442
+ alerts?: boolean
15443
+ /** @description Include only alerts with comma separated actions defined by security policy. */
15444
+ actions?: Array<'error' | 'monitor' | 'warn' | 'ignore'>
15445
+ /** @description Compact metadata. When enabled, excludes metadata fields like author, scores, size, dependencies, and manifest files. Always includes: id, type, name, version, release, namespace, subpath, alerts, and alertPriorities. */
15446
+ compact?: boolean
15447
+ /** @description Include only fixable alerts. */
15448
+ fixable?: boolean
15449
+ /** @description Include license attribution data, including license text and author information. Maps attribution/license text to a list of data objects to which that attribution info applies. */
15450
+ licenseattrib?: boolean
15451
+ /** @description Include detailed license information, including location and match strength, for each license datum. */
15452
+ licensedetails?: boolean
15453
+ /** @description Return errors found with handling PURLs as error objects in the stream. */
15454
+ purlErrors?: boolean
15455
+ /** @description Return only cached results, do not attempt to scan new artifacts or rescan stale results. */
15456
+ cachedResultsOnly?: boolean
15457
+ /** @description Include a summary object at the end of the stream with counts of malformed, resolved, and not found PURLs. */
15458
+ summary?: boolean
15459
+ }
15460
+ path: {
15461
+ /** @description The slug of the organization */
15462
+ org_slug: string
15463
+ }
15464
+ }
15465
+ requestBody?: {
15466
+ content: {
15467
+ 'application/json': components['schemas']['SocketOrgBatchPURLFetch']
15468
+ }
15469
+ }
15470
+ responses: {
15471
+ /** @description Socket issue lists and scores for all packages, and optional metadata objects */
15472
+ 200: {
15473
+ content: {
15474
+ 'application/x-ndjson': components['schemas']['BatchPurlStreamSchema']
15475
+ }
15476
+ }
15477
+ 400: components['responses']['SocketBadRequest']
15478
+ 401: components['responses']['SocketUnauthorized']
15479
+ 403: components['responses']['SocketForbidden']
15480
+ 404: components['responses']['SocketNotFoundResponse']
15481
+ 429: components['responses']['SocketTooManyRequestsResponse']
15482
+ }
15483
+ }
14706
15484
  /**
14707
15485
  * Fetch fixes for vulnerabilities in a repository or scan
14708
15486
  * @description Fetches available fixes for vulnerabilities in a repository or scan.
14709
15487
  * Requires either repo_slug or full_scan_id as well as vulnerability_ids to be provided.
14710
15488
  * vulnerability_ids can be a comma-separated list of GHSA or CVE IDs, or "*" for all vulnerabilities.
14711
15489
  *
15490
+ * ## Response Structure
15491
+ *
15492
+ * The response contains a `fixDetails` object where each key is a vulnerability ID (GHSA or CVE) and the value is a discriminated union based on the `type` field.
15493
+ *
15494
+ * ### Common Fields
15495
+ *
15496
+ * All response variants include:
15497
+ * - `type`: Discriminator field (one of: "fixFound", "partialFixFound", "noFixAvailable", "fixNotApplicable", "errorComputingFix")
15498
+ * - `value`: Object containing the variant-specific data
15499
+ *
15500
+ * The `value` object always contains:
15501
+ * - `ghsa`: string | null - The GHSA ID
15502
+ * - `cve`: string | null - The CVE ID (if available)
15503
+ * - `advisoryDetails`: object | null - Advisory details (only if include_details=true)
15504
+ *
15505
+ * ### Response Variants
15506
+ *
15507
+ * **fixFound**: A complete fix is available for all vulnerable packages
15508
+ * - `value.fixDetails.fixes`: Array of fix objects, each containing:
15509
+ * - `purl`: Package URL to upgrade
15510
+ * - `fixedVersion`: Version to upgrade to
15511
+ * - `manifestFiles`: Array of manifest files containing the package
15512
+ * - `updateType`: "patch" | "minor" | "major" | "unknown"
15513
+ * - `value.fixDetails.responsibleDirectDependencies`: (optional) Map of direct dependencies responsible for the vulnerability
15514
+ *
15515
+ * **partialFixFound**: Fixes available for some but not all vulnerable packages
15516
+ * - Same as fixFound, plus:
15517
+ * - `value.fixDetails.unfixablePurls`: Array of packages that cannot be fixed, each containing:
15518
+ * - `purl`: Package URL
15519
+ * - `manifestFiles`: Array of manifest files
15520
+ *
15521
+ * **noFixAvailable**: No fix exists for this vulnerability (no patched version published)
15522
+ *
15523
+ * **fixNotApplicable**: A fix exists but cannot be applied due to version constraints
15524
+ * - `value.vulnerableArtifacts`: Array of vulnerable packages with their manifest files
15525
+ *
15526
+ * **errorComputingFix**: An error occurred while computing fixes
15527
+ * - `value.message`: Error description
15528
+ *
15529
+ * ### Advisory Details (when include_details=true)
15530
+ *
15531
+ * - `title`: string | null
15532
+ * - `description`: string | null
15533
+ * - `cwes`: string[] - CWE identifiers
15534
+ * - `severity`: "LOW" | "MODERATE" | "HIGH" | "CRITICAL"
15535
+ * - `cvssVector`: string | null
15536
+ * - `publishedAt`: string (ISO date)
15537
+ * - `kev`: boolean - Whether it's a Known Exploited Vulnerability
15538
+ * - `epss`: number | null - Exploit Prediction Scoring System score
15539
+ * - `affectedPurls`: Array of affected packages with version ranges
15540
+ *
14712
15541
  * This endpoint consumes 10 units of your quota.
14713
15542
  *
14714
15543
  * This endpoint requires the following org token scopes:
@@ -14742,385 +15571,8 @@ export interface operations {
14742
15571
  200: {
14743
15572
  content: {
14744
15573
  'application/json': {
14745
- /** @description Map of vulnerability IDs (GHSA or CVE) to their fix details. Each entry contains information about available fixes, partial fixes, or reasons why fixes are not available. */
14746
15574
  fixDetails: {
14747
- [key: string]:
14748
- | {
14749
- /** @enum {string} */
14750
- type: 'fixFound'
14751
- value: {
14752
- /**
14753
- * @default fixFound
14754
- * @enum {string}
14755
- */
14756
- type: 'fixFound'
14757
- /** @default */
14758
- ghsa: string
14759
- /** @default */
14760
- cve: string | null
14761
- fixDetails: {
14762
- fixes: Array<{
14763
- /** @default The PURL (unique package identifier) of the package to upgrade */
14764
- purl: string
14765
- /** @default The version of the package to upgrade to */
14766
- fixedVersion: string
14767
- manifestFiles: string[]
14768
- /**
14769
- * @description The type of version update (patch, minor, major, or unknown if it cannot be determined)
14770
- * @default unknown
14771
- * @enum {string}
14772
- */
14773
- updateType: 'patch' | 'minor' | 'major' | 'unknown'
14774
- }>
14775
- /** @description The keys are the PURL (unique package identifier) of the direct dependency(ies) responsible for introducing the vulnerability. */
14776
- responsibleDirectDependencies?: {
14777
- [key: string]: {
14778
- /**
14779
- * Format: The current version of the package
14780
- * @default
14781
- */
14782
- currentVersion: string
14783
- nextAvailableVersion?: {
14784
- /**
14785
- * Format: The next available version of the package
14786
- * @default
14787
- */
14788
- version: string
14789
- /**
14790
- * @description The type of version update (patch, minor, major, or unknown if it cannot be determined)
14791
- * @default unknown
14792
- * @enum {string}
14793
- */
14794
- updateType:
14795
- | 'patch'
14796
- | 'minor'
14797
- | 'major'
14798
- | 'unknown'
14799
- } | null
14800
- /** @description The version and update type of the package that is necessary to fix the vulnerability. If the value is null, it means the package does not have to be upgraded to fix the vulnerability */
14801
- fixByUpgradingTo?: {
14802
- /** @default */
14803
- version: string
14804
- /**
14805
- * @description The type of version update (patch, minor, major, or unknown if it cannot be determined)
14806
- * @default unknown
14807
- * @enum {string}
14808
- */
14809
- updateType:
14810
- | 'patch'
14811
- | 'minor'
14812
- | 'major'
14813
- | 'unknown'
14814
- } | null
14815
- }
14816
- } | null
14817
- }
14818
- advisoryDetails: {
14819
- /** @default */
14820
- title?: string | null
14821
- /** @default */
14822
- description?: string | null
14823
- cwes?: string[]
14824
- /**
14825
- * @description Severity level of the vulnerability
14826
- * @default LOW
14827
- * @enum {string}
14828
- */
14829
- severity?: 'LOW' | 'MODERATE' | 'HIGH' | 'CRITICAL'
14830
- /** @default */
14831
- cvssVector?: string | null
14832
- /** @default */
14833
- publishedAt?: string
14834
- /**
14835
- * @description Whether the vulnerability is a Known Exploited Vulnerability
14836
- * @default false
14837
- */
14838
- kev?: boolean
14839
- /**
14840
- * @description Exploit Prediction Scoring System score
14841
- * @default 0
14842
- */
14843
- epss?: number | null
14844
- affectedPurls?: Array<{
14845
- /**
14846
- * Format: The PURL (unique package identifier) of the affected package
14847
- * @default
14848
- */
14849
- purl: string
14850
- /** @default The range of vulnerable versions */
14851
- affectedRange: string
14852
- }>
14853
- } | null
14854
- }
14855
- }
14856
- | {
14857
- /** @enum {string} */
14858
- type: 'partialFixFound'
14859
- value: {
14860
- /**
14861
- * @default partialFixFound
14862
- * @enum {string}
14863
- */
14864
- type: 'partialFixFound'
14865
- /** @default */
14866
- ghsa: string
14867
- /** @default */
14868
- cve: string | null
14869
- fixDetails: {
14870
- fixes: Array<{
14871
- /** @default The PURL (unique package identifier) of the package to upgrade */
14872
- purl: string
14873
- /** @default The version of the package to upgrade to */
14874
- fixedVersion: string
14875
- manifestFiles: string[]
14876
- /**
14877
- * @description The type of version update (patch, minor, major, or unknown if it cannot be determined)
14878
- * @default unknown
14879
- * @enum {string}
14880
- */
14881
- updateType: 'patch' | 'minor' | 'major' | 'unknown'
14882
- }>
14883
- unfixablePurls: Array<{
14884
- /** @default The PURL (unique package identifier) of the package that cannot be upgraded */
14885
- purl: string
14886
- manifestFiles: string[]
14887
- }>
14888
- /** @description The keys are the PURL (unique package identifier) of the direct dependency(ies) responsible for introducing the vulnerability. */
14889
- responsibleDirectDependencies?: {
14890
- [key: string]: {
14891
- /**
14892
- * Format: The current version of the package
14893
- * @default
14894
- */
14895
- currentVersion: string
14896
- nextAvailableVersion?: {
14897
- /**
14898
- * Format: The next available version of the package
14899
- * @default
14900
- */
14901
- version: string
14902
- /**
14903
- * @description The type of version update (patch, minor, major, or unknown if it cannot be determined)
14904
- * @default unknown
14905
- * @enum {string}
14906
- */
14907
- updateType:
14908
- | 'patch'
14909
- | 'minor'
14910
- | 'major'
14911
- | 'unknown'
14912
- } | null
14913
- /** @description The version and update type of the package that is necessary to fix the vulnerability. If the value is null, it means the package does not have to be upgraded to fix the vulnerability */
14914
- fixByUpgradingTo?: {
14915
- /** @default */
14916
- version: string
14917
- /**
14918
- * @description The type of version update (patch, minor, major, or unknown if it cannot be determined)
14919
- * @default unknown
14920
- * @enum {string}
14921
- */
14922
- updateType:
14923
- | 'patch'
14924
- | 'minor'
14925
- | 'major'
14926
- | 'unknown'
14927
- } | null
14928
- }
14929
- } | null
14930
- }
14931
- advisoryDetails: {
14932
- /** @default */
14933
- title?: string | null
14934
- /** @default */
14935
- description?: string | null
14936
- cwes?: string[]
14937
- /**
14938
- * @description Severity level of the vulnerability
14939
- * @default LOW
14940
- * @enum {string}
14941
- */
14942
- severity?: 'LOW' | 'MODERATE' | 'HIGH' | 'CRITICAL'
14943
- /** @default */
14944
- cvssVector?: string | null
14945
- /** @default */
14946
- publishedAt?: string
14947
- /**
14948
- * @description Whether the vulnerability is a Known Exploited Vulnerability
14949
- * @default false
14950
- */
14951
- kev?: boolean
14952
- /**
14953
- * @description Exploit Prediction Scoring System score
14954
- * @default 0
14955
- */
14956
- epss?: number | null
14957
- affectedPurls?: Array<{
14958
- /**
14959
- * Format: The PURL (unique package identifier) of the affected package
14960
- * @default
14961
- */
14962
- purl: string
14963
- /** @default The range of vulnerable versions */
14964
- affectedRange: string
14965
- }>
14966
- } | null
14967
- }
14968
- }
14969
- | {
14970
- /** @enum {string} */
14971
- type: 'errorComputingFix'
14972
- value: {
14973
- /**
14974
- * @default errorComputingFix
14975
- * @enum {string}
14976
- */
14977
- type: 'errorComputingFix'
14978
- /** @default */
14979
- ghsa: string | null
14980
- /** @default */
14981
- cve: string | null
14982
- /** @default */
14983
- message: string
14984
- advisoryDetails: {
14985
- /** @default */
14986
- title?: string | null
14987
- /** @default */
14988
- description?: string | null
14989
- cwes?: string[]
14990
- /**
14991
- * @description Severity level of the vulnerability
14992
- * @default LOW
14993
- * @enum {string}
14994
- */
14995
- severity?: 'LOW' | 'MODERATE' | 'HIGH' | 'CRITICAL'
14996
- /** @default */
14997
- cvssVector?: string | null
14998
- /** @default */
14999
- publishedAt?: string
15000
- /**
15001
- * @description Whether the vulnerability is a Known Exploited Vulnerability
15002
- * @default false
15003
- */
15004
- kev?: boolean
15005
- /**
15006
- * @description Exploit Prediction Scoring System score
15007
- * @default 0
15008
- */
15009
- epss?: number | null
15010
- affectedPurls?: Array<{
15011
- /**
15012
- * Format: The PURL (unique package identifier) of the affected package
15013
- * @default
15014
- */
15015
- purl: string
15016
- /** @default The range of vulnerable versions */
15017
- affectedRange: string
15018
- }>
15019
- } | null
15020
- }
15021
- }
15022
- | {
15023
- /** @enum {string} */
15024
- type: 'noFixAvailable'
15025
- value: {
15026
- /**
15027
- * @default noFixAvailable
15028
- * @enum {string}
15029
- */
15030
- type: 'noFixAvailable'
15031
- /** @default */
15032
- ghsa: string
15033
- /** @default */
15034
- cve: string | null
15035
- advisoryDetails: {
15036
- /** @default */
15037
- title?: string | null
15038
- /** @default */
15039
- description?: string | null
15040
- cwes?: string[]
15041
- /**
15042
- * @description Severity level of the vulnerability
15043
- * @default LOW
15044
- * @enum {string}
15045
- */
15046
- severity?: 'LOW' | 'MODERATE' | 'HIGH' | 'CRITICAL'
15047
- /** @default */
15048
- cvssVector?: string | null
15049
- /** @default */
15050
- publishedAt?: string
15051
- /**
15052
- * @description Whether the vulnerability is a Known Exploited Vulnerability
15053
- * @default false
15054
- */
15055
- kev?: boolean
15056
- /**
15057
- * @description Exploit Prediction Scoring System score
15058
- * @default 0
15059
- */
15060
- epss?: number | null
15061
- affectedPurls?: Array<{
15062
- /**
15063
- * Format: The PURL (unique package identifier) of the affected package
15064
- * @default
15065
- */
15066
- purl: string
15067
- /** @default The range of vulnerable versions */
15068
- affectedRange: string
15069
- }>
15070
- } | null
15071
- }
15072
- }
15073
- | {
15074
- /** @enum {string} */
15075
- type: 'fixNotApplicable'
15076
- value: {
15077
- /**
15078
- * @default fixNotApplicable
15079
- * @enum {string}
15080
- */
15081
- type: 'fixNotApplicable'
15082
- /** @default */
15083
- ghsa: string
15084
- /** @default */
15085
- cve: string | null
15086
- advisoryDetails: {
15087
- /** @default */
15088
- title?: string | null
15089
- /** @default */
15090
- description?: string | null
15091
- cwes?: string[]
15092
- /**
15093
- * @description Severity level of the vulnerability
15094
- * @default LOW
15095
- * @enum {string}
15096
- */
15097
- severity?: 'LOW' | 'MODERATE' | 'HIGH' | 'CRITICAL'
15098
- /** @default */
15099
- cvssVector?: string | null
15100
- /** @default */
15101
- publishedAt?: string
15102
- /**
15103
- * @description Whether the vulnerability is a Known Exploited Vulnerability
15104
- * @default false
15105
- */
15106
- kev?: boolean
15107
- /**
15108
- * @description Exploit Prediction Scoring System score
15109
- * @default 0
15110
- */
15111
- epss?: number | null
15112
- affectedPurls?: Array<{
15113
- /**
15114
- * Format: The PURL (unique package identifier) of the affected package
15115
- * @default
15116
- */
15117
- purl: string
15118
- /** @default The range of vulnerable versions */
15119
- affectedRange: string
15120
- }>
15121
- } | null
15122
- }
15123
- }
15575
+ [key: string]: Record<string, never>
15124
15576
  }
15125
15577
  }
15126
15578
  }
@@ -15671,10 +16123,34 @@ export interface operations {
15671
16123
  'filters.alertAction'?: string
15672
16124
  /** @description Comma-separated list of alert actions ("error", "warn", "monitor", or "ignore) that should be excluded */
15673
16125
  'filters.alertAction.notIn'?: string
16126
+ /** @description Comma-separated list of alert action source types ("fallback", "injected-alert", "org-policy", "reachability", "repo-label-policy", "socket-yml", or "triage") that should be included */
16127
+ 'filters.alertActionSourceType'?: string
16128
+ /** @description Comma-separated list of alert action source types ("fallback", "injected-alert", "org-policy", "reachability", "repo-label-policy", "socket-yml", or "triage") that should be excluded */
16129
+ 'filters.alertActionSourceType.notIn'?: string
15674
16130
  /** @description Comma-separated list of alert categories ("supplyChainRisk", "maintenance", "quality", "license", or "vulnerability") that should be included */
15675
16131
  'filters.alertCategory'?: string
15676
16132
  /** @description Comma-separated list of alert categories ("supplyChainRisk", "maintenance", "quality", "license", or "vulnerability") that should be excluded */
15677
16133
  'filters.alertCategory.notIn'?: string
16134
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16135
+ 'filters.alertClearedAt.eq'?: string
16136
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16137
+ 'filters.alertClearedAt.lt'?: string
16138
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16139
+ 'filters.alertClearedAt.lte'?: string
16140
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16141
+ 'filters.alertClearedAt.gt'?: string
16142
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16143
+ 'filters.alertClearedAt.gte'?: string
16144
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16145
+ 'filters.alertCreatedAt.eq'?: string
16146
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16147
+ 'filters.alertCreatedAt.lt'?: string
16148
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16149
+ 'filters.alertCreatedAt.lte'?: string
16150
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16151
+ 'filters.alertCreatedAt.gt'?: string
16152
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16153
+ 'filters.alertCreatedAt.gte'?: string
15678
16154
  /** @description CVE ID */
15679
16155
  'filters.alertCveId'?: string
15680
16156
  /** @description CVE ID */
@@ -15707,6 +16183,10 @@ export interface operations {
15707
16183
  'filters.alertPriority'?: string
15708
16184
  /** @description Alert priority ("low", "medium", "high", or "critical") */
15709
16185
  'filters.alertPriority.notIn'?: string
16186
+ /** @description Comma-separated list of alert CVE reachability analysis types ("full-scan" or "precomputed") that should be included */
16187
+ 'filters.alertReachabilityAnalysisType'?: string
16188
+ /** @description Comma-separated list of alert CVE reachability analysis types ("full-scan" or "precomputed") that should be excluded */
16189
+ 'filters.alertReachabilityAnalysisType.notIn'?: string
15710
16190
  /** @description Comma-separated list of alert CVE reachability types ("direct_dependency", "error", "maybe_reachable", "missing_support", "pending", "reachable", "undeterminable_reachability", "unknown", or "unreachable") that should be included */
15711
16191
  'filters.alertReachabilityType'?: string
15712
16192
  /** @description Comma-separated list of alert CVE reachability types ("direct_dependency", "error", "maybe_reachable", "missing_support", "pending", "reachable", "undeterminable_reachability", "unknown", or "unreachable") that should be excluded */
@@ -15733,6 +16213,26 @@ export interface operations {
15733
16213
  'filters.alertUpdatedAt.gt'?: string
15734
16214
  /** @description Alert updated at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
15735
16215
  'filters.alertUpdatedAt.gte'?: string
16216
+ /** @description Name of artifact */
16217
+ 'filters.artifactName'?: string
16218
+ /** @description Name of artifact */
16219
+ 'filters.artifactName.notIn'?: string
16220
+ /** @description Comma-separated list of artifact types (e.g. "npm", "pypi", "gem", "maven", "golang", etc.) that should be included */
16221
+ 'filters.artifactType'?: string
16222
+ /** @description Comma-separated list of artifact types (e.g. "npm", "pypi", "gem", "maven", "golang", etc.) that should be excluded */
16223
+ 'filters.artifactType.notIn'?: string
16224
+ /** @description Dead/reachable dependency filter flag */
16225
+ 'filters.dependencyDead'?: boolean
16226
+ /** @description Dead/reachable dependency filter flag */
16227
+ 'filters.dependencyDead.notIn'?: boolean
16228
+ /** @description Development/production dependency filter flag */
16229
+ 'filters.dependencyDev'?: boolean
16230
+ /** @description Development/production dependency filter flag */
16231
+ 'filters.dependencyDev.notIn'?: boolean
16232
+ /** @description Direct/transitive dependency filter flag */
16233
+ 'filters.dependencyDirect'?: boolean
16234
+ /** @description Direct/transitive dependency filter flag */
16235
+ 'filters.dependencyDirect.notIn'?: boolean
15736
16236
  /** @description Comma-separated list of repo full names that should be included */
15737
16237
  'filters.repoFullName'?: string
15738
16238
  /** @description Comma-separated list of repo full names that should be excluded */
@@ -15752,7 +16252,7 @@ export interface operations {
15752
16252
  }
15753
16253
  }
15754
16254
  responses: {
15755
- /** @description The paginated array of API tokens for the organization, and related metadata. */
16255
+ /** @description The paginated array of alert items for the organization and related metadata. */
15756
16256
  200: {
15757
16257
  content: {
15758
16258
  'application/json': {
@@ -15807,6 +16307,8 @@ export interface operations {
15807
16307
  clearedAt: string | null
15808
16308
  /** @default */
15809
16309
  dashboardUrl: string
16310
+ /** @default */
16311
+ title: string
15810
16312
  /**
15811
16313
  * @default low
15812
16314
  * @enum {string}
@@ -15913,10 +16415,34 @@ export interface operations {
15913
16415
  alertAction?: string[]
15914
16416
  /** @description Comma-separated list of alert actions ("error", "warn", "monitor", or "ignore) that should be excluded */
15915
16417
  'alertAction.notIn'?: string[]
16418
+ /** @description Comma-separated list of alert action source types ("fallback", "injected-alert", "org-policy", "reachability", "repo-label-policy", "socket-yml", or "triage") that should be included */
16419
+ alertActionSourceType?: string[]
16420
+ /** @description Comma-separated list of alert action source types ("fallback", "injected-alert", "org-policy", "reachability", "repo-label-policy", "socket-yml", or "triage") that should be excluded */
16421
+ 'alertActionSourceType.notIn'?: string[]
15916
16422
  /** @description Comma-separated list of alert categories ("supplyChainRisk", "maintenance", "quality", "license", or "vulnerability") that should be included */
15917
16423
  alertCategory?: string[]
15918
16424
  /** @description Comma-separated list of alert categories ("supplyChainRisk", "maintenance", "quality", "license", or "vulnerability") that should be excluded */
15919
16425
  'alertCategory.notIn'?: string[]
16426
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16427
+ 'alertClearedAt.eq'?: string[]
16428
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16429
+ 'alertClearedAt.lt'?: string[]
16430
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16431
+ 'alertClearedAt.lte'?: string[]
16432
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16433
+ 'alertClearedAt.gt'?: string[]
16434
+ /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16435
+ 'alertClearedAt.gte'?: string[]
16436
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16437
+ 'alertCreatedAt.eq'?: string[]
16438
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16439
+ 'alertCreatedAt.lt'?: string[]
16440
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16441
+ 'alertCreatedAt.lte'?: string[]
16442
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16443
+ 'alertCreatedAt.gt'?: string[]
16444
+ /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
16445
+ 'alertCreatedAt.gte'?: string[]
15920
16446
  /** @description CVE ID */
15921
16447
  alertCveId?: string[]
15922
16448
  /** @description CVE ID */
@@ -15947,6 +16473,10 @@ export interface operations {
15947
16473
  alertPriority?: string[]
15948
16474
  /** @description Alert priority ("low", "medium", "high", or "critical") */
15949
16475
  'alertPriority.notIn'?: string[]
16476
+ /** @description Comma-separated list of alert CVE reachability analysis types ("full-scan" or "precomputed") that should be included */
16477
+ alertReachabilityAnalysisType?: string[]
16478
+ /** @description Comma-separated list of alert CVE reachability analysis types ("full-scan" or "precomputed") that should be excluded */
16479
+ 'alertReachabilityAnalysisType.notIn'?: string[]
15950
16480
  /** @description Comma-separated list of alert CVE reachability types ("direct_dependency", "error", "maybe_reachable", "missing_support", "pending", "reachable", "undeterminable_reachability", "unknown", or "unreachable") that should be included */
15951
16481
  alertReachabilityType?: string[]
15952
16482
  /** @description Comma-separated list of alert CVE reachability types ("direct_dependency", "error", "maybe_reachable", "missing_support", "pending", "reachable", "undeterminable_reachability", "unknown", or "unreachable") that should be excluded */
@@ -15973,6 +16503,20 @@ export interface operations {
15973
16503
  'alertUpdatedAt.gt'?: string[]
15974
16504
  /** @description Alert updated at (YYYY-MM-DD HH:MM:SS in UTC time zone) */
15975
16505
  'alertUpdatedAt.gte'?: string[]
16506
+ /** @description Name of artifact */
16507
+ artifactName?: string[]
16508
+ /** @description Name of artifact */
16509
+ 'artifactName.notIn'?: string[]
16510
+ /** @description Comma-separated list of artifact types (e.g. "npm", "pypi", "gem", "maven", "golang", etc.) that should be included */
16511
+ artifactType?: string[]
16512
+ /** @description Comma-separated list of artifact types (e.g. "npm", "pypi", "gem", "maven", "golang", etc.) that should be excluded */
16513
+ 'artifactType.notIn'?: string[]
16514
+ /** @description Dead/reachable dependency filter flag */
16515
+ dependencyDead?: boolean[]
16516
+ /** @description Development/production dependency filter flag */
16517
+ dependencyDev?: boolean[]
16518
+ /** @description Direct/transitive dependency filter flag */
16519
+ dependencyDirect?: boolean[]
15976
16520
  /** @description Comma-separated list of repo full names that should be included */
15977
16521
  repoFullName?: string[]
15978
16522
  /** @description Comma-separated list of repo full names that should be excluded */
@@ -15996,6 +16540,95 @@ export interface operations {
15996
16540
  429: components['responses']['SocketTooManyRequestsResponse']
15997
16541
  }
15998
16542
  }
16543
+ /**
16544
+ * List full scans associated with alert (Beta)
16545
+ * @description List full scans associated with alert.
16546
+ *
16547
+ * This endpoint consumes 10 units of your quota.
16548
+ *
16549
+ * This endpoint requires the following org token scopes:
16550
+ * - alerts:list
16551
+ */
16552
+ alertFullScans: {
16553
+ parameters: {
16554
+ query: {
16555
+ /** @description Specify the maximum number of items to return per page (intermediate pages may have fewer than this limit and callers should always check "endCursor" in response body to know if there are more pages) */
16556
+ per_page?: number
16557
+ /** @description The pagination cursor that was returned as the "endCursor" property in previous request */
16558
+ startAfterCursor?: string
16559
+ /** @description One or more alert keys for which to find associated full scans */
16560
+ alertKey: string
16561
+ /** @description The number of days of data to fetch as an offset from current date (e.g. "-7d" for past 7 days) */
16562
+ range?: string
16563
+ }
16564
+ path: {
16565
+ /** @description The slug of the organization */
16566
+ org_slug: string
16567
+ }
16568
+ }
16569
+ responses: {
16570
+ /** @description The paginated array of full scans associated with alert for the organization and related metadata. */
16571
+ 200: {
16572
+ content: {
16573
+ 'application/json': {
16574
+ /** @default */
16575
+ endCursor: string | null
16576
+ items: Array<{
16577
+ /**
16578
+ * @description ID of full scan
16579
+ * @default
16580
+ */
16581
+ fullScanId: string
16582
+ /** @default */
16583
+ branchName: string | null
16584
+ /**
16585
+ * @description Type of branch that was scanned
16586
+ * @default
16587
+ * @enum {string}
16588
+ */
16589
+ branchType:
16590
+ | 'default'
16591
+ | 'non-default'
16592
+ | 'tracked'
16593
+ | 'untracked'
16594
+ | ''
16595
+ /**
16596
+ * @description Full name of repo which contains repo workspace and repo slug
16597
+ * @default
16598
+ */
16599
+ repoFullName: string | null
16600
+ /**
16601
+ * @description ISO date when SBOM was created
16602
+ * @default
16603
+ */
16604
+ sbomCreatedAt: string
16605
+ /**
16606
+ * @description ISO date when SBOM was scanned
16607
+ * @default
16608
+ */
16609
+ scannedAt: string
16610
+ alertKeys: string[]
16611
+ }>
16612
+ meta: {
16613
+ /** @default */
16614
+ organizationId: string
16615
+ alertKeys: string[]
16616
+ /** @default 0 */
16617
+ queryStartTimestamp: number
16618
+ /** @default */
16619
+ startDateInclusive: string
16620
+ /** @default */
16621
+ endDateInclusive: string
16622
+ }
16623
+ }
16624
+ }
16625
+ }
16626
+ 400: components['responses']['SocketBadRequest']
16627
+ 401: components['responses']['SocketUnauthorized']
16628
+ 403: components['responses']['SocketForbidden']
16629
+ 429: components['responses']['SocketTooManyRequestsResponse']
16630
+ }
16631
+ }
15999
16632
  /**
16000
16633
  * License Policy (Beta)
16001
16634
  * @description Compare the license data found for a list of packages (given as PURL strings) with the contents of a configurable license policy,