socketsecurity 1.0.42__tar.gz → 1.0.47__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. {socketsecurity-1.0.42/socketsecurity.egg-info → socketsecurity-1.0.47}/PKG-INFO +3 -2
  2. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/README.md +2 -1
  3. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/__init__.py +1 -1
  4. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/messages.py +261 -0
  5. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/socketcli.py +37 -2
  6. {socketsecurity-1.0.42 → socketsecurity-1.0.47/socketsecurity.egg-info}/PKG-INFO +3 -2
  7. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/LICENSE +0 -0
  8. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/pyproject.toml +0 -0
  9. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/setup.cfg +0 -0
  10. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/__init__.py +0 -0
  11. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/classes.py +0 -0
  12. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/exceptions.py +0 -0
  13. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/git_interface.py +0 -0
  14. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/github.py +0 -0
  15. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/gitlab.py +0 -0
  16. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/issues.py +0 -0
  17. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/licenses.py +0 -0
  18. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/scm_comments.py +0 -0
  19. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity.egg-info/SOURCES.txt +0 -0
  20. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity.egg-info/dependency_links.txt +0 -0
  21. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity.egg-info/entry_points.txt +0 -0
  22. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity.egg-info/requires.txt +0 -0
  23. {socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity.egg-info/top_level.txt +0 -0
{socketsecurity-1.0.42/socketsecurity.egg-info → socketsecurity-1.0.47}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.2
2
2
  Name: socketsecurity
3
- Version: 1.0.42
3
+ Version: 1.0.47
4
4
  Summary: Socket Security CLI for CI/CD
5
5
  Author-email: Douglas Coburn <douglas@socket.dev>
6
6
  Maintainer-email: Douglas Coburn <douglas@socket.dev>
@@ -31,7 +31,7 @@ The Socket Security CLI was created to enable integrations with other tools like
31
31
  ```` shell
32
32
  socketcli [-h] [--api_token API_TOKEN] [--repo REPO] [--branch BRANCH] [--committer COMMITTER] [--pr_number PR_NUMBER]
33
33
  [--commit_message COMMIT_MESSAGE] [--default_branch] [--target_path TARGET_PATH] [--scm {api,github,gitlab}] [--sbom-file SBOM_FILE]
34
- [--commit-sha COMMIT_SHA] [--generate-license GENERATE_LICENSE] [-v] [--enable-debug] [--enable-json] [--disable-overview]
34
+ [--commit-sha COMMIT_SHA] [--generate-license GENERATE_LICENSE] [-v] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview]
35
35
  [--disable-security-issue] [--files FILES] [--ignore-commit-files] [--timeout]
36
36
  ````
37
37
 
@@ -57,6 +57,7 @@ If you don't want to provide the Socket API Token every time then you can use th
57
57
  | --commit-sha | | False | | The commit hash for the commit |
58
58
  | --generate-license | | False | False | If enabled with `--sbom-file` will include license details |
59
59
  | --enable-json | | False | False | If enabled will change the console output format to JSON |
60
+ | --enable-sarif | | False | False | If enabled will change the console output format to SARIF |
60
61
  | --disable-overview | | False | False | If enabled will disable Dependency Overview comments |
61
62
  | --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
62
63
  | --files | | False | | If provided in the format of `["file1", "file2"]` will be used to determine if there have been supported file changes. This is used if it isn't a git repo and you would like to only run if it supported files have changed. |
{socketsecurity-1.0.42 → socketsecurity-1.0.47}/README.md RENAMED
@@ -7,7 +7,7 @@ The Socket Security CLI was created to enable integrations with other tools like
7
7
  ```` shell
8
8
  socketcli [-h] [--api_token API_TOKEN] [--repo REPO] [--branch BRANCH] [--committer COMMITTER] [--pr_number PR_NUMBER]
9
9
  [--commit_message COMMIT_MESSAGE] [--default_branch] [--target_path TARGET_PATH] [--scm {api,github,gitlab}] [--sbom-file SBOM_FILE]
10
- [--commit-sha COMMIT_SHA] [--generate-license GENERATE_LICENSE] [-v] [--enable-debug] [--enable-json] [--disable-overview]
10
+ [--commit-sha COMMIT_SHA] [--generate-license GENERATE_LICENSE] [-v] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview]
11
11
  [--disable-security-issue] [--files FILES] [--ignore-commit-files] [--timeout]
12
12
  ````
13
13
 
@@ -33,6 +33,7 @@ If you don't want to provide the Socket API Token every time then you can use th
33
33
  | --commit-sha | | False | | The commit hash for the commit |
34
34
  | --generate-license | | False | False | If enabled with `--sbom-file` will include license details |
35
35
  | --enable-json | | False | False | If enabled will change the console output format to JSON |
36
+ | --enable-sarif | | False | False | If enabled will change the console output format to SARIF |
36
37
  | --disable-overview | | False | False | If enabled will disable Dependency Overview comments |
37
38
  | --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
38
39
  | --files | | False | | If provided in the format of `["file1", "file2"]` will be used to determine if there have been supported file changes. This is used if it isn't a git repo and you would like to only run if it supported files have changed. |
{socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/__init__.py RENAMED
@@ -1,2 +1,2 @@
1
1
  __author__ = 'socket.dev'
2
- __version__ = '1.0.42'
2
+ __version__ = '1.0.47'
{socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/core/messages.py RENAMED
@@ -1,5 +1,9 @@
1
1
  import json
2
+ import os
3
+ import re
4
+ import json
2
5
 
6
+ from pathlib import Path
3
7
  from mdutils import MdUtils
4
8
  from socketsecurity.core.classes import Diff, Purl, Issue
5
9
  from prettytable import PrettyTable
@@ -7,6 +11,263 @@ from prettytable import PrettyTable
7
11
 
8
12
  class Messages:
9
13
 
14
+ @staticmethod
15
+ def map_severity_to_sarif(severity: str) -> str:
16
+ """
17
+ Map Socket severity levels to SARIF levels (GitHub code scanning).
18
+
19
+ 'low' -> 'note'
20
+ 'medium' or 'middle' -> 'warning'
21
+ 'high' or 'critical' -> 'error'
22
+ """
23
+ severity_mapping = {
24
+ "low": "note",
25
+ "medium": "warning",
26
+ "middle": "warning", # older data might say "middle"
27
+ "high": "error",
28
+ "critical": "error",
29
+ }
30
+ return severity_mapping.get(severity.lower(), "note")
31
+
32
+ @staticmethod
33
+ def find_line_in_file(packagename: str, packageversion: str, manifest_file: str) -> tuple:
34
+ """
35
+ Finds the line number and snippet of code for the given package/version in a manifest file.
36
+ Returns a 2-tuple: (line_number, snippet_or_message).
37
+
38
+ Supports:
39
+ 1) JSON-based manifest files (package-lock.json, Pipfile.lock, composer.lock)
40
+ - Locates a dictionary entry with the matching package & version
41
+ - Does a rough line-based search to find the actual line in the raw text
42
+ 2) Text-based (requirements.txt, package.json, yarn.lock, etc.)
43
+ - Uses compiled regex patterns to detect a match line by line
44
+ """
45
+ # Extract just the file name to detect manifest type
46
+ file_type = Path(manifest_file).name
47
+
48
+ # ----------------------------------------------------
49
+ # 1) JSON-based manifest files
50
+ # ----------------------------------------------------
51
+ if file_type in ["package-lock.json", "Pipfile.lock", "composer.lock"]:
52
+ try:
53
+ # Read entire file so we can parse JSON and also do raw line checks
54
+ with open(manifest_file, "r", encoding="utf-8") as f:
55
+ raw_text = f.read()
56
+
57
+ # Attempt JSON parse
58
+ data = json.loads(raw_text)
59
+
60
+ # In practice, you may need to check data["dependencies"], data["default"], etc.
61
+ # This is an example approach.
62
+ packages_dict = (
63
+ data.get("packages")
64
+ or data.get("default")
65
+ or data.get("dependencies")
66
+ or {}
67
+ )
68
+
69
+ found_key = None
70
+ found_info = None
71
+ # Locate a dictionary entry whose 'version' matches
72
+ for key, value in packages_dict.items():
73
+ # For NPM package-lock, keys might look like "node_modules/axios"
74
+ if key.endswith(packagename) and "version" in value:
75
+ if value["version"] == packageversion:
76
+ found_key = key
77
+ found_info = value
78
+ break
79
+
80
+ if found_key and found_info:
81
+ # Search lines to approximate the correct line number
82
+ needle_key = f'"{found_key}":' # e.g. "node_modules/axios":
83
+ needle_version = f'"version": "{packageversion}"'
84
+ lines = raw_text.splitlines()
85
+ best_line = 1
86
+ snippet = None
87
+
88
+ for i, line in enumerate(lines, start=1):
89
+ if (needle_key in line) or (needle_version in line):
90
+ best_line = i
91
+ snippet = line.strip()
92
+ break # On first match, stop
93
+
94
+ # If we found an approximate line, return it; else fallback to line 1
95
+ if best_line > 0 and snippet:
96
+ return best_line, snippet
97
+ else:
98
+ return 1, f'"{found_key}": {found_info}'
99
+ else:
100
+ return 1, f"{packagename} {packageversion} (not found in {manifest_file})"
101
+
102
+ except (FileNotFoundError, json.JSONDecodeError):
103
+ return 1, f"Error reading {manifest_file}"
104
+
105
+ # ----------------------------------------------------
106
+ # 2) Text-based / line-based manifests
107
+ # ----------------------------------------------------
108
+ # Define a dictionary of patterns for common manifest types
109
+ search_patterns = {
110
+ "package.json": rf'"{packagename}":\s*"{packageversion}"',
111
+ "yarn.lock": rf'{packagename}@{packageversion}',
112
+ "pnpm-lock.yaml": rf'"{re.escape(packagename)}"\s*:\s*\{{[^}}]*"version":\s*"{re.escape(packageversion)}"',
113
+ "requirements.txt": rf'^{re.escape(packagename)}\s*(?:==|===|!=|>=|<=|~=|\s+)?\s*{re.escape(packageversion)}(?:\s*;.*)?$',
114
+ "pyproject.toml": rf'{packagename}\s*=\s*"{packageversion}"',
115
+ "Pipfile": rf'"{packagename}"\s*=\s*"{packageversion}"',
116
+ "go.mod": rf'require\s+{re.escape(packagename)}\s+{re.escape(packageversion)}',
117
+ "go.sum": rf'{re.escape(packagename)}\s+{re.escape(packageversion)}',
118
+ "pom.xml": rf'<artifactId>{re.escape(packagename)}</artifactId>\s*<version>{re.escape(packageversion)}</version>',
119
+ "build.gradle": rf'implementation\s+"{re.escape(packagename)}:{re.escape(packageversion)}"',
120
+ "Gemfile": rf'gem\s+"{re.escape(packagename)}",\s*"{re.escape(packageversion)}"',
121
+ "Gemfile.lock": rf'\s+{re.escape(packagename)}\s+\({re.escape(packageversion)}\)',
122
+ ".csproj": rf'<PackageReference\s+Include="{re.escape(packagename)}"\s+Version="{re.escape(packageversion)}"\s*/>',
123
+ ".fsproj": rf'<PackageReference\s+Include="{re.escape(packagename)}"\s+Version="{re.escape(packageversion)}"\s*/>',
124
+ "paket.dependencies": rf'nuget\s+{re.escape(packagename)}\s+{re.escape(packageversion)}',
125
+ "Cargo.toml": rf'{re.escape(packagename)}\s*=\s*"{re.escape(packageversion)}"',
126
+ "build.sbt": rf'"{re.escape(packagename)}"\s*%\s*"{re.escape(packageversion)}"',
127
+ "Podfile": rf'pod\s+"{re.escape(packagename)}",\s*"{re.escape(packageversion)}"',
128
+ "Package.swift": rf'\.package\(name:\s*"{re.escape(packagename)}",\s*url:\s*".*?",\s*version:\s*"{re.escape(packageversion)}"\)',
129
+ "mix.exs": rf'\{{:{re.escape(packagename)},\s*"{re.escape(packageversion)}"\}}',
130
+ "composer.json": rf'"{re.escape(packagename)}":\s*"{re.escape(packageversion)}"',
131
+ "conanfile.txt": rf'{re.escape(packagename)}/{re.escape(packageversion)}',
132
+ "vcpkg.json": rf'"{re.escape(packagename)}":\s*"{re.escape(packageversion)}"',
133
+ }
134
+
135
+ # If no specific pattern is found for this file name, fallback to a naive approach
136
+ searchstring = search_patterns.get(file_type, rf'{re.escape(packagename)}.*{re.escape(packageversion)}')
137
+
138
+ try:
139
+ # Read file lines and search for a match
140
+ with open(manifest_file, 'r', encoding="utf-8") as file:
141
+ lines = [line.rstrip("\n") for line in file]
142
+ for line_number, line_content in enumerate(lines, start=1):
143
+ # For Python conditional dependencies, ignore everything after first ';'
144
+ line_main = line_content.split(";", 1)[0].strip()
145
+
146
+ # Use a case-insensitive regex search
147
+ if re.search(searchstring, line_main, re.IGNORECASE):
148
+ return line_number, line_content.strip()
149
+
150
+ except FileNotFoundError:
151
+ return 1, f"{manifest_file} not found"
152
+ except Exception as e:
153
+ return 1, f"Error reading {manifest_file}: {e}"
154
+
155
+ return 1, f"{packagename} {packageversion} (not found)"
156
+
157
+ @staticmethod
158
+ def get_manifest_type_url(manifest_file: str, pkg_name: str, pkg_version: str) -> str:
159
+ """
160
+ Determine the correct URL path based on the manifest file type.
161
+ """
162
+ manifest_to_url_prefix = {
163
+ "package.json": "npm",
164
+ "package-lock.json": "npm",
165
+ "yarn.lock": "npm",
166
+ "pnpm-lock.yaml": "npm",
167
+ "requirements.txt": "pypi",
168
+ "pyproject.toml": "pypi",
169
+ "Pipfile": "pypi",
170
+ "go.mod": "go",
171
+ "go.sum": "go",
172
+ "pom.xml": "maven",
173
+ "build.gradle": "maven",
174
+ ".csproj": "nuget",
175
+ ".fsproj": "nuget",
176
+ "paket.dependencies": "nuget",
177
+ "Cargo.toml": "cargo",
178
+ "Gemfile": "rubygems",
179
+ "Gemfile.lock": "rubygems",
180
+ "composer.json": "composer",
181
+ "vcpkg.json": "vcpkg",
182
+ }
183
+
184
+ file_type = Path(manifest_file).name
185
+ url_prefix = manifest_to_url_prefix.get(file_type, "unknown")
186
+ return f"https://socket.dev/{url_prefix}/package/{pkg_name}/alerts/{pkg_version}"
187
+
188
+ @staticmethod
189
+ def create_security_comment_sarif(diff) -> dict:
190
+ """
191
+ Create SARIF-compliant output from the diff report, including dynamic URL generation
192
+ based on manifest type and improved <br/> formatting for GitHub SARIF display.
193
+ """
194
+ sarif_data = {
195
+ "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
196
+ "version": "2.1.0",
197
+ "runs": [
198
+ {
199
+ "tool": {
200
+ "driver": {
201
+ "name": "Socket Security",
202
+ "informationUri": "https://socket.dev",
203
+ "rules": []
204
+ }
205
+ },
206
+ "results": []
207
+ }
208
+ ]
209
+ }
210
+
211
+ rules_map = {}
212
+ results_list = []
213
+
214
+ for alert in diff.new_alerts:
215
+ pkg_name = alert.pkg_name
216
+ pkg_version = alert.pkg_version
217
+ rule_id = f"{pkg_name}=={pkg_version}"
218
+ severity = alert.severity
219
+
220
+ # Generate the correct URL for the alert based on manifest type
221
+ introduced_list = alert.introduced_by
222
+ manifest_file = introduced_list[0][1] if introduced_list and isinstance(introduced_list[0], list) else alert.manifests or "requirements.txt"
223
+ socket_url = Messages.get_manifest_type_url(manifest_file, pkg_name, pkg_version)
224
+
225
+ # Prepare descriptions with <br/> replacements
226
+ short_desc = f"{alert.props.get('note', '')}<br/><br/>Suggested Action:<br/>{alert.suggestion}<br/><a href=\"{socket_url}\">{socket_url}</a>"
227
+ full_desc = f"{alert.title} - {alert.description.replace('\r\n', '<br/>')}"
228
+
229
+ # Identify the line and snippet in the manifest file
230
+ line_number, line_content = Messages.find_line_in_file(pkg_name, pkg_version, manifest_file)
231
+ if line_number < 1:
232
+ line_number = 1 # Ensure SARIF compliance
233
+
234
+ # Create the rule if not already defined
235
+ if rule_id not in rules_map:
236
+ rules_map[rule_id] = {
237
+ "id": rule_id,
238
+ "name": f"{pkg_name}=={pkg_version}",
239
+ "shortDescription": {"text": f"Alert generated for {rule_id} by Socket Security"},
240
+ "fullDescription": {"text": full_desc},
241
+ "helpUri": socket_url,
242
+ "defaultConfiguration": {
243
+ "level": Messages.map_severity_to_sarif(severity)
244
+ },
245
+ }
246
+
247
+ # Add the SARIF result
248
+ result_obj = {
249
+ "ruleId": rule_id,
250
+ "message": {"text": short_desc},
251
+ "locations": [
252
+ {
253
+ "physicalLocation": {
254
+ "artifactLocation": {"uri": manifest_file},
255
+ "region": {
256
+ "startLine": line_number,
257
+ "snippet": {"text": line_content},
258
+ },
259
+ }
260
+ }
261
+ ],
262
+ }
263
+ results_list.append(result_obj)
264
+
265
+ # Attach rules and results
266
+ sarif_data["runs"][0]["tool"]["driver"]["rules"] = list(rules_map.values())
267
+ sarif_data["runs"][0]["results"] = results_list
268
+
269
+ return sarif_data
270
+
10
271
  @staticmethod
11
272
  def create_security_comment_json(diff: Diff) -> dict:
12
273
  scan_failed = False
{socketsecurity-1.0.42 → socketsecurity-1.0.47}/socketsecurity/socketcli.py RENAMED
@@ -170,6 +170,14 @@ parser.add_argument(
170
170
  type=float
171
171
  )
172
172
 
173
+ parser.add_argument(
174
+ '--enable-sarif',
175
+ help='Enable SARIF output of results instead of table or JSON format',
176
+ action='store_true',
177
+ default=False
178
+ )
179
+
180
+
173
181
  def output_console_comments(diff_report: Diff, sbom_file_name: str = None) -> None:
174
182
  if diff_report.id != "NO_DIFF_RAN":
175
183
  console_security_comment = Messages.create_console_security_alert_table(diff_report)
@@ -188,6 +196,25 @@ def output_console_comments(diff_report: Diff, sbom_file_name: str = None) -> No
188
196
  else:
189
197
  log.info("No New Security issues detected by Socket Security")
190
198
 
199
+ def output_console_sarif(diff_report: Diff, sbom_file_name: str = None) -> None:
200
+ """
201
+ Generate SARIF output from the diff report and save it to a file.
202
+ """
203
+ if diff_report.id != "NO_DIFF_RAN":
204
+ # Generate the SARIF structure using Messages
205
+ console_security_comment = Messages.create_security_comment_sarif(diff_report)
206
+
207
+ # Save the SARIF output to the specified SBOM file name or fallback to a default
208
+ save_sbom_file(diff_report, sbom_file_name)
209
+ # Print the SARIF output to the console in JSON format
210
+ print(json.dumps(console_security_comment, indent=2))
211
+
212
+ # Handle exit codes based on alert severity
213
+ if not report_pass(diff_report) and not blocking_disabled:
214
+ sys.exit(1)
215
+ elif len(diff_report.new_alerts) > 0 and not blocking_disabled:
216
+ # Warning alerts without blocking
217
+ sys.exit(5)
191
218
 
192
219
  def output_console_json(diff_report: Diff, sbom_file_name: str = None) -> None:
193
220
  if diff_report.id != "NO_DIFF_RAN":
@@ -257,6 +284,7 @@ def main_code():
257
284
  sbom_file = arguments.sbom_file
258
285
  license_mode = arguments.generate_license
259
286
  enable_json = arguments.enable_json
287
+ enable_sarif = arguments.enable_sarif
260
288
  disable_overview = arguments.disable_overview
261
289
  disable_security_issue = arguments.disable_security_issue
262
290
  ignore_commit_files = arguments.ignore_commit_files
@@ -401,7 +429,10 @@ def main_code():
401
429
  else:
402
430
  log.info("Starting non-PR/MR flow")
403
431
  diff = core.create_new_diff(target_path, params, workspace=target_path, no_change=no_change)
404
- if enable_json:
432
+ if enable_sarif:
433
+ log.debug("Outputting SARIF Results")
434
+ output_console_sarif(diff, sbom_file)
435
+ elif enable_json:
405
436
  log.debug("Outputting JSON Results")
406
437
  output_console_json(diff, sbom_file)
407
438
  else:
@@ -410,7 +441,11 @@ def main_code():
410
441
  log.info("API Mode")
411
442
  diff: Diff
412
443
  diff = core.create_new_diff(target_path, params, workspace=target_path, no_change=no_change)
413
- if enable_json:
444
+ if enable_sarif:
445
+ log.debug("Outputting SARIF Results")
446
+ output_console_sarif(diff, sbom_file)
447
+ elif enable_json:
448
+ log.debug("Outputting JSON Results")
414
449
  output_console_json(diff, sbom_file)
415
450
  else:
416
451
  output_console_comments(diff, sbom_file)
{socketsecurity-1.0.42 → socketsecurity-1.0.47/socketsecurity.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.2
2
2
  Name: socketsecurity
3
- Version: 1.0.42
3
+ Version: 1.0.47
4
4
  Summary: Socket Security CLI for CI/CD
5
5
  Author-email: Douglas Coburn <douglas@socket.dev>
6
6
  Maintainer-email: Douglas Coburn <douglas@socket.dev>
@@ -31,7 +31,7 @@ The Socket Security CLI was created to enable integrations with other tools like
31
31
  ```` shell
32
32
  socketcli [-h] [--api_token API_TOKEN] [--repo REPO] [--branch BRANCH] [--committer COMMITTER] [--pr_number PR_NUMBER]
33
33
  [--commit_message COMMIT_MESSAGE] [--default_branch] [--target_path TARGET_PATH] [--scm {api,github,gitlab}] [--sbom-file SBOM_FILE]
34
- [--commit-sha COMMIT_SHA] [--generate-license GENERATE_LICENSE] [-v] [--enable-debug] [--enable-json] [--disable-overview]
34
+ [--commit-sha COMMIT_SHA] [--generate-license GENERATE_LICENSE] [-v] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview]
35
35
  [--disable-security-issue] [--files FILES] [--ignore-commit-files] [--timeout]
36
36
  ````
37
37
 
@@ -57,6 +57,7 @@ If you don't want to provide the Socket API Token every time then you can use th
57
57
  | --commit-sha | | False | | The commit hash for the commit |
58
58
  | --generate-license | | False | False | If enabled with `--sbom-file` will include license details |
59
59
  | --enable-json | | False | False | If enabled will change the console output format to JSON |
60
+ | --enable-sarif | | False | False | If enabled will change the console output format to SARIF |
60
61
  | --disable-overview | | False | False | If enabled will disable Dependency Overview comments |
61
62
  | --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
62
63
  | --files | | False | | If provided in the format of `["file1", "file2"]` will be used to determine if there have been supported file changes. This is used if it isn't a git repo and you would like to only run if it supported files have changed. |
{socketsecurity-1.0.42 → socketsecurity-1.0.47}/LICENSE RENAMED
File without changes