PyPI - socketsecurity - Versions diffs - 2.0.8__tar.gz → 2.0.9__tar.gz - Mend

socketsecurity 2.0.8tar.gz → 2.0.9tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

{socketsecurity-2.0.8/socketsecurity.egg-info → socketsecurity-2.0.9}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: socketsecurity
-Version: 2.0.8
+Version: 2.0.9
 Summary: Socket Security CLI for CI/CD
 Author-email: Douglas Coburn <douglas@socket.dev>
 Maintainer-email: Douglas Coburn <douglas@socket.dev>
@@ -38,10 +38,10 @@ The Socket Security CLI was created to enable integrations with other tools like
 ## Usage
 ```` shell
-socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH]
-          [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA]
-          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--default-branch] [--pending-head]
-          [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview] [--disable-security-issue]
+socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH]
+          [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA]
+          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--default-branch] [--pending-head]
+          [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview] [--disable-security-issue]
           [--allow-unverified] [--ignore-commit-files] [--disable-blocking] [--scm SCM] [--timeout TIMEOUT]
           [--exclude-license-details]
 ````
@@ -108,9 +108,30 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --scm              | False    | api     | Source control management type                |
 | --timeout          | False    |         | Timeout in seconds for API requests           |
+## File Selection Behavior
+The CLI determines which files to scan based on the following logic:
+1. **Git Commit Files**: By default, the CLI checks files changed in the current git commit first. If any of these files match supported manifest patterns (like package.json, requirements.txt, etc.), a scan is triggered.
+2. **`--files` Parameter**: If no git commit exists, or no manifest files are found in the commit changes, the CLI checks files specified via the `--files` parameter. This parameter accepts a JSON array of file paths.
+3. **`--ignore-commit-files`**: When this flag is set, git commit files are ignored completely, and only files specified in `--files` are considered. This also forces a scan regardless of whether manifest files are present.
+4. **No Manifest Files**: If no manifest files are found in either git commit changes or `--files` (and `--ignore-commit-files` is not set), the scan is skipped.
+> **Note**: The CLI does not scan only the specified files - it uses them to determine whether a scan should be performed. When a scan is triggered, it searches the entire `--target-path` for all supported manifest files.
+### Examples
+- **Commit with manifest file**: If your commit includes changes to `package.json`, a scan will be triggered automatically.
+- **Commit without manifest files**: If your commit only changes non-manifest files (like `.github/workflows/socket.yaml`), no scan will be performed unless you use `--files` or `--ignore-commit-files`.
+- **Using `--files`**: If you specify `--files '["package.json"]'`, the CLI will check if this file exists and is a manifest file before triggering a scan.
+- **Using `--ignore-commit-files`**: This forces a scan of all manifest files in the target path, regardless of what's in your commit.
 ## Development
-This project uses `pyproject.toml` as the primary dependency specification.
+This project uses `pyproject.toml` as the primary dependency specification.
 ### Development Workflows
@@ -165,8 +186,3 @@ Implementation targets:
 ### Environment Variables
 - `SOCKET_SDK_PATH`: Path to local socket-sdk-python repository (default: ../socket-sdk-python)
-### Running tests:
-#### Run all tests:
-```

{socketsecurity-2.0.8 → socketsecurity-2.0.9}/README.md RENAMED Viewed

@@ -5,10 +5,10 @@ The Socket Security CLI was created to enable integrations with other tools like
 ## Usage
 ```` shell
-socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH]
-          [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA]
-          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--default-branch] [--pending-head]
-          [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview] [--disable-security-issue]
+socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH]
+          [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA]
+          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--default-branch] [--pending-head]
+          [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview] [--disable-security-issue]
           [--allow-unverified] [--ignore-commit-files] [--disable-blocking] [--scm SCM] [--timeout TIMEOUT]
           [--exclude-license-details]
 ````
@@ -75,9 +75,30 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --scm              | False    | api     | Source control management type                |
 | --timeout          | False    |         | Timeout in seconds for API requests           |
+## File Selection Behavior
+The CLI determines which files to scan based on the following logic:
+1. **Git Commit Files**: By default, the CLI checks files changed in the current git commit first. If any of these files match supported manifest patterns (like package.json, requirements.txt, etc.), a scan is triggered.
+2. **`--files` Parameter**: If no git commit exists, or no manifest files are found in the commit changes, the CLI checks files specified via the `--files` parameter. This parameter accepts a JSON array of file paths.
+3. **`--ignore-commit-files`**: When this flag is set, git commit files are ignored completely, and only files specified in `--files` are considered. This also forces a scan regardless of whether manifest files are present.
+4. **No Manifest Files**: If no manifest files are found in either git commit changes or `--files` (and `--ignore-commit-files` is not set), the scan is skipped.
+> **Note**: The CLI does not scan only the specified files - it uses them to determine whether a scan should be performed. When a scan is triggered, it searches the entire `--target-path` for all supported manifest files.
+### Examples
+- **Commit with manifest file**: If your commit includes changes to `package.json`, a scan will be triggered automatically.
+- **Commit without manifest files**: If your commit only changes non-manifest files (like `.github/workflows/socket.yaml`), no scan will be performed unless you use `--files` or `--ignore-commit-files`.
+- **Using `--files`**: If you specify `--files '["package.json"]'`, the CLI will check if this file exists and is a manifest file before triggering a scan.
+- **Using `--ignore-commit-files`**: This forces a scan of all manifest files in the target path, regardless of what's in your commit.
 ## Development
-This project uses `pyproject.toml` as the primary dependency specification.
+This project uses `pyproject.toml` as the primary dependency specification.
 ### Development Workflows
@@ -132,8 +153,3 @@ Implementation targets:
 ### Environment Variables
 - `SOCKET_SDK_PATH`: Path to local socket-sdk-python repository (default: ../socket-sdk-python)
-### Running tests:
-#### Run all tests:
-```

{socketsecurity-2.0.8 → socketsecurity-2.0.9}/socketsecurity/__init__.py RENAMED Viewed

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '2.0.8'
+__version__ = '2.0.9'

{socketsecurity-2.0.8 → socketsecurity-2.0.9}/socketsecurity/core/__init__.py RENAMED Viewed

@@ -1,4 +1,5 @@
 import logging
+import os
 import sys
 import time
 from dataclasses import asdict
@@ -146,7 +147,8 @@ class Core:
                 glob_start = time.time()
                 glob_files = glob(file_path, recursive=True)
                 for glob_file in glob_files:
-                    if glob_file not in files:
+                    # Only add if it's a file, not a directory
+                    if glob_file not in files and os.path.isfile(glob_file):
                         files.add(glob_file)
                 glob_end = time.time()
                 glob_total_time = glob_end - glob_start

{socketsecurity-2.0.8 → socketsecurity-2.0.9/socketsecurity.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: socketsecurity
-Version: 2.0.8
+Version: 2.0.9
 Summary: Socket Security CLI for CI/CD
 Author-email: Douglas Coburn <douglas@socket.dev>
 Maintainer-email: Douglas Coburn <douglas@socket.dev>
@@ -38,10 +38,10 @@ The Socket Security CLI was created to enable integrations with other tools like
 ## Usage
 ```` shell
-socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH]
-          [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA]
-          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--default-branch] [--pending-head]
-          [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview] [--disable-security-issue]
+socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH]
+          [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA]
+          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--default-branch] [--pending-head]
+          [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview] [--disable-security-issue]
           [--allow-unverified] [--ignore-commit-files] [--disable-blocking] [--scm SCM] [--timeout TIMEOUT]
           [--exclude-license-details]
 ````
@@ -108,9 +108,30 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --scm              | False    | api     | Source control management type                |
 | --timeout          | False    |         | Timeout in seconds for API requests           |
+## File Selection Behavior
+The CLI determines which files to scan based on the following logic:
+1. **Git Commit Files**: By default, the CLI checks files changed in the current git commit first. If any of these files match supported manifest patterns (like package.json, requirements.txt, etc.), a scan is triggered.
+2. **`--files` Parameter**: If no git commit exists, or no manifest files are found in the commit changes, the CLI checks files specified via the `--files` parameter. This parameter accepts a JSON array of file paths.
+3. **`--ignore-commit-files`**: When this flag is set, git commit files are ignored completely, and only files specified in `--files` are considered. This also forces a scan regardless of whether manifest files are present.
+4. **No Manifest Files**: If no manifest files are found in either git commit changes or `--files` (and `--ignore-commit-files` is not set), the scan is skipped.
+> **Note**: The CLI does not scan only the specified files - it uses them to determine whether a scan should be performed. When a scan is triggered, it searches the entire `--target-path` for all supported manifest files.
+### Examples
+- **Commit with manifest file**: If your commit includes changes to `package.json`, a scan will be triggered automatically.
+- **Commit without manifest files**: If your commit only changes non-manifest files (like `.github/workflows/socket.yaml`), no scan will be performed unless you use `--files` or `--ignore-commit-files`.
+- **Using `--files`**: If you specify `--files '["package.json"]'`, the CLI will check if this file exists and is a manifest file before triggering a scan.
+- **Using `--ignore-commit-files`**: This forces a scan of all manifest files in the target path, regardless of what's in your commit.
 ## Development
-This project uses `pyproject.toml` as the primary dependency specification.
+This project uses `pyproject.toml` as the primary dependency specification.
 ### Development Workflows
@@ -165,8 +186,3 @@ Implementation targets:
 ### Environment Variables
 - `SOCKET_SDK_PATH`: Path to local socket-sdk-python repository (default: ../socket-sdk-python)
-### Running tests:
-#### Run all tests:
-```