cycode 3.3.1.dev4__tar.gz → 3.3.1.dev6__tar.gz

{cycode-3.3.1.dev4 → cycode-3.3.1.dev6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 3.3.1.dev4
+Version: 3.3.1.dev6
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT
@@ -79,7 +79,7 @@ This guide walks you through both installation and usage.
         3. [Path Scan](#path-scan)
             1. [Terraform Plan Scan](#terraform-plan-scan)
         4. [Commit History Scan](#commit-history-scan)
-            1. [Commit Range Option](#commit-range-option)
+            1. [Commit Range Option (Diff Scanning)](#commit-range-option-diff-scanning)
         5. [Pre-Commit Scan](#pre-commit-scan)
     2. [Scan Results](#scan-results)
         1. [Show/Hide Secrets](#showhide-secrets)
@@ -596,12 +596,12 @@ The Cycode CLI application offers several types of scans so that you can choose
 | `--maven-settings-file`                                    | For Maven only, allows using a custom [settings.xml](https://maven.apache.org/settings.html) file when scanning for dependencies |
 | `--help`                                                   | Show options for given command.                                                                                                  |
 
-| Command                                | Description                                                     |
-|----------------------------------------|-----------------------------------------------------------------|
-| [commit-history](#commit-history-scan) | Scan all the commits history in this git repository             |
-| [path](#path-scan)                     | Scan the files in the path supplied in the command              |
-| [pre-commit](#pre-commit-scan)         | Use this command to scan the content that was not committed yet |
-| [repository](#repository-scan)         | Scan git repository including its history                       |
+| Command                                | Description                                                           |
+|----------------------------------------|-----------------------------------------------------------------------|
+| [commit-history](#commit-history-scan) | Scan commit history or perform diff scanning between specific commits |
+| [path](#path-scan)                     | Scan the files in the path supplied in the command                    |
+| [pre-commit](#pre-commit-scan)         | Use this command to scan the content that was not committed yet       |
+| [repository](#repository-scan)         | Scan git repository including its history                             |
 
 ### Options
 
@@ -745,9 +745,16 @@ If you just have a configuration file, you can generate a plan by doing the foll
 ### Commit History Scan
 
 > [!NOTE]
-> Secrets scanning analyzes all commits in the repository history because secrets introduced and later removed can still be leaked or exposed. SCA and SAST scanning focus only on the latest code state and the changes between branches or pull requests. Full commit history scanning is not performed for SCA and SAST.
+> Commit History Scan is not available for IaC scans.
 
-A commit history scan is limited to a local repository’s previous commits, focused on finding any secrets within the commit history, instead of examining the repository’s current state.
+The commit history scan command provides two main capabilities:
+
+1. **Full History Scanning**: Analyze all commits in the repository history
+2. **Diff Scanning**: Scan only the changes between specific commits
+
+Secrets scanning can analyze all commits in the repository history because secrets introduced and later removed can still be leaked or exposed. For SCA and SAST scans, the commit history command focuses on scanning the differences/changes between commits, making it perfect for pull request reviews and incremental scanning.
+
+A commit history scan examines your Git repository's commit history and can be used both for comprehensive historical analysis and targeted diff scanning of specific changes.
 
 To execute a commit history scan, execute the following:
 
@@ -763,13 +770,55 @@ The following options are available for use with this command:
 |---------------------------|----------------------------------------------------------------------------------------------------------|
 | `-r, --commit-range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
 
-#### Commit Range Option
+#### Commit Range Option (Diff Scanning)
+
+The commit range option enables **diff scanning** – scanning only the changes between specific commits instead of the entire repository history. 
+This is particularly useful for:
+- **Pull request validation**: Scan only the changes introduced in a PR
+- **Incremental CI/CD scanning**: Focus on recent changes rather than the entire codebase  
+- **Feature branch review**: Compare changes against main/master branch
+- **Performance optimization**: Faster scans by limiting scope to relevant changes
+
+#### Commit Range Syntax
+
+The `--commit-range` (`-r`) option supports standard Git revision syntax:
+
+| Syntax              | Description                       | Example                 |
+|---------------------|-----------------------------------|-------------------------|
+| `commit1..commit2`  | Changes from commit1 to commit2   | `abc123..def456`        |
+| `commit1...commit2` | Changes in commit2 not in commit1 | `main...feature-branch` |
+| `commit`            | Changes from commit to HEAD       | `HEAD~1`                |
+| `branch1..branch2`  | Changes from branch1 to branch2   | `main..feature-branch`  |
+
+#### Diff Scanning Examples
+
+**Scan changes in the last commit:**
+```bash
+cycode scan commit-history -r HEAD~1 ~/home/git/codebase
+```
+
+**Scan changes between two specific commits:**
+```bash
+cycode scan commit-history -r abc123..def456 ~/home/git/codebase
+```
 
-The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit-range` (`-r`) followed by the name you specify.
+**Scan changes in your feature branch compared to main:**
+```bash
+cycode scan commit-history -r main..HEAD ~/home/git/codebase
+```
 
-Consider the previous example. If you wanted to scan only specific commits in your repository, you could execute the following:
+**Scan changes between main and a feature branch:**
+```bash
+cycode scan commit-history -r main..feature-branch ~/home/git/codebase
+```
 
-`cycode scan commit-history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`
+**Scan all changes in the last 3 commits:**
+```bash
+cycode scan commit-history -r HEAD~3..HEAD ~/home/git/codebase
+```
+
+> [!TIP]
+> For CI/CD pipelines, you can use environment variables like `${{ github.event.pull_request.base.sha }}..${{ github.sha }}` (GitHub Actions) or `$CI_MERGE_REQUEST_TARGET_BRANCH_SHA..$CI_COMMIT_SHA` (GitLab CI) to scan only PR/MR changes.
 
 ### Pre-Commit Scan
 

{cycode-3.3.1.dev4 → cycode-3.3.1.dev6}/README.md

@@ -35,7 +35,7 @@ This guide walks you through both installation and usage.
         3. [Path Scan](#path-scan)
             1. [Terraform Plan Scan](#terraform-plan-scan)
         4. [Commit History Scan](#commit-history-scan)
-            1. [Commit Range Option](#commit-range-option)
+            1. [Commit Range Option (Diff Scanning)](#commit-range-option-diff-scanning)
         5. [Pre-Commit Scan](#pre-commit-scan)
     2. [Scan Results](#scan-results)
         1. [Show/Hide Secrets](#showhide-secrets)
@@ -552,12 +552,12 @@ The Cycode CLI application offers several types of scans so that you can choose
 | `--maven-settings-file`                                    | For Maven only, allows using a custom [settings.xml](https://maven.apache.org/settings.html) file when scanning for dependencies |
 | `--help`                                                   | Show options for given command.                                                                                                  |
 
-| Command                                | Description                                                     |
-|----------------------------------------|-----------------------------------------------------------------|
-| [commit-history](#commit-history-scan) | Scan all the commits history in this git repository             |
-| [path](#path-scan)                     | Scan the files in the path supplied in the command              |
-| [pre-commit](#pre-commit-scan)         | Use this command to scan the content that was not committed yet |
-| [repository](#repository-scan)         | Scan git repository including its history                       |
+| Command                                | Description                                                           |
+|----------------------------------------|-----------------------------------------------------------------------|
+| [commit-history](#commit-history-scan) | Scan commit history or perform diff scanning between specific commits |
+| [path](#path-scan)                     | Scan the files in the path supplied in the command                    |
+| [pre-commit](#pre-commit-scan)         | Use this command to scan the content that was not committed yet       |
+| [repository](#repository-scan)         | Scan git repository including its history                             |
 
 ### Options
 
@@ -701,9 +701,16 @@ If you just have a configuration file, you can generate a plan by doing the foll
 ### Commit History Scan
 
 > [!NOTE]
-> Secrets scanning analyzes all commits in the repository history because secrets introduced and later removed can still be leaked or exposed. SCA and SAST scanning focus only on the latest code state and the changes between branches or pull requests. Full commit history scanning is not performed for SCA and SAST.
+> Commit History Scan is not available for IaC scans.
 
-A commit history scan is limited to a local repository’s previous commits, focused on finding any secrets within the commit history, instead of examining the repository’s current state.
+The commit history scan command provides two main capabilities:
+
+1. **Full History Scanning**: Analyze all commits in the repository history
+2. **Diff Scanning**: Scan only the changes between specific commits
+
+Secrets scanning can analyze all commits in the repository history because secrets introduced and later removed can still be leaked or exposed. For SCA and SAST scans, the commit history command focuses on scanning the differences/changes between commits, making it perfect for pull request reviews and incremental scanning.
+
+A commit history scan examines your Git repository's commit history and can be used both for comprehensive historical analysis and targeted diff scanning of specific changes.
 
 To execute a commit history scan, execute the following:
 
@@ -719,13 +726,55 @@ The following options are available for use with this command:
 |---------------------------|----------------------------------------------------------------------------------------------------------|
 | `-r, --commit-range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
 
-#### Commit Range Option
+#### Commit Range Option (Diff Scanning)
+
+The commit range option enables **diff scanning** – scanning only the changes between specific commits instead of the entire repository history. 
+This is particularly useful for:
+- **Pull request validation**: Scan only the changes introduced in a PR
+- **Incremental CI/CD scanning**: Focus on recent changes rather than the entire codebase  
+- **Feature branch review**: Compare changes against main/master branch
+- **Performance optimization**: Faster scans by limiting scope to relevant changes
+
+#### Commit Range Syntax
+
+The `--commit-range` (`-r`) option supports standard Git revision syntax:
+
+| Syntax              | Description                       | Example                 |
+|---------------------|-----------------------------------|-------------------------|
+| `commit1..commit2`  | Changes from commit1 to commit2   | `abc123..def456`        |
+| `commit1...commit2` | Changes in commit2 not in commit1 | `main...feature-branch` |
+| `commit`            | Changes from commit to HEAD       | `HEAD~1`                |
+| `branch1..branch2`  | Changes from branch1 to branch2   | `main..feature-branch`  |
+
+#### Diff Scanning Examples
+
+**Scan changes in the last commit:**
+```bash
+cycode scan commit-history -r HEAD~1 ~/home/git/codebase
+```
+
+**Scan changes between two specific commits:**
+```bash
+cycode scan commit-history -r abc123..def456 ~/home/git/codebase
+```
 
-The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit-range` (`-r`) followed by the name you specify.
+**Scan changes in your feature branch compared to main:**
+```bash
+cycode scan commit-history -r main..HEAD ~/home/git/codebase
+```
 
-Consider the previous example. If you wanted to scan only specific commits in your repository, you could execute the following:
+**Scan changes between main and a feature branch:**
+```bash
+cycode scan commit-history -r main..feature-branch ~/home/git/codebase
+```
 
-`cycode scan commit-history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`
+**Scan all changes in the last 3 commits:**
+```bash
+cycode scan commit-history -r HEAD~3..HEAD ~/home/git/codebase
+```
+
+> [!TIP]
+> For CI/CD pipelines, you can use environment variables like `${{ github.event.pull_request.base.sha }}..${{ github.sha }}` (GitHub Actions) or `$CI_MERGE_REQUEST_TARGET_BRANCH_SHA..$CI_COMMIT_SHA` (GitLab CI) to scan only PR/MR changes.
 
 ### Pre-Commit Scan
 

cycode-3.3.1.dev6/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '3.3.1.dev6'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-3.3.1.dev4 → cycode-3.3.1.dev6}/cycode/cli/apps/scan/__init__.py

@@ -20,7 +20,7 @@ app.callback(
 
 app.command(name='path', short_help='Scan the files in the paths provided in the command.')(path_command)
 app.command(name='repository', short_help='Scan the Git repository included files.')(repository_command)
-app.command(name='commit-history', short_help='Scan all the commits history in this Git repository.')(
+app.command(name='commit-history', short_help='Scan commit history or perform diff scanning between specific commits.')(
     commit_history_command
 )
 app.command(

{cycode-3.3.1.dev4 → cycode-3.3.1.dev6}/cycode/cli/files_collector/walk_ignore.py

@@ -4,8 +4,9 @@ from collections.abc import Generator, Iterable
 from cycode.cli.logger import logger
 from cycode.cli.utils.ignore_utils import IgnoreFilterManager
 
-_SUPPORTED_IGNORE_PATTERN_FILES = {  # oneday we will bring .cycodeignore or something like that
+_SUPPORTED_IGNORE_PATTERN_FILES = {
     '.gitignore',
+    '.cycodeignore',
 }
 _DEFAULT_GLOBAL_IGNORE_PATTERNS = [
     '.git',

{cycode-3.3.1.dev4 → cycode-3.3.1.dev6}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cycode"
-version = "3.3.1.dev4" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+version = "3.3.1.dev6" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
 description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
 keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
 authors = ["Cycode <support@cycode.com>"]

cycode-3.3.1.dev4/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '3.3.1.dev4'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag