socketsecurity 2.2.26__tar.gz → 2.2.32__tar.gz

socketsecurity-2.2.32/Dockerfile

@@ -0,0 +1,102 @@
+FROM python:3-alpine
+LABEL org.opencontainers.image.authors="socket.dev"
+
+# Language version arguments with defaults
+ARG GO_VERSION=system
+ARG JAVA_VERSION=17
+ARG DOTNET_VERSION=8
+
+# CLI and SDK arguments
+ARG CLI_VERSION
+ARG SDK_VERSION
+ARG PIP_INDEX_URL=https://pypi.org/simple
+ARG PIP_EXTRA_INDEX_URL=https://pypi.org/simple
+ARG USE_LOCAL_INSTALL=false
+
+# Install base packages first
+RUN apk update && apk add --no-cache \
+        git nodejs npm yarn curl wget \
+        ruby ruby-dev build-base
+
+# Install Go with version control
+RUN if [ "$GO_VERSION" = "system" ]; then \
+        apk add --no-cache go; \
+    else \
+        cd /tmp && \
+        ARCH=$(uname -m) && \
+        case $ARCH in \
+            x86_64) GOARCH=amd64 ;; \
+            aarch64) GOARCH=arm64 ;; \
+            *) echo "Unsupported architecture: $ARCH" && exit 1 ;; \
+        esac && \
+        wget https://golang.org/dl/go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
+        tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
+        rm go${GO_VERSION}.linux-${GOARCH}.tar.gz; \
+    fi
+
+# Install Java with version control
+RUN if [ "$JAVA_VERSION" = "8" ]; then \
+        apk add --no-cache openjdk8-jdk; \
+    elif [ "$JAVA_VERSION" = "11" ]; then \
+        apk add --no-cache openjdk11-jdk; \
+    elif [ "$JAVA_VERSION" = "17" ]; then \
+        apk add --no-cache openjdk17-jdk; \
+    elif [ "$JAVA_VERSION" = "21" ]; then \
+        apk add --no-cache openjdk21-jdk; \
+    else \
+        echo "Unsupported Java version: $JAVA_VERSION. Supported: 8, 11, 17, 21" && exit 1; \
+    fi
+
+# Install .NET with version control
+RUN if [ "$DOTNET_VERSION" = "6" ]; then \
+        apk add --no-cache dotnet6-sdk; \
+    elif [ "$DOTNET_VERSION" = "8" ]; then \
+        apk add --no-cache dotnet8-sdk; \
+    else \
+        echo "Unsupported .NET version: $DOTNET_VERSION. Supported: 6, 8" && exit 1; \
+    fi
+
+# Install additional tools
+RUN npm install @coana-tech/cli -g && \
+    gem install bundler && \
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y && \
+    . ~/.cargo/env && \
+    rustup component add rustfmt clippy
+
+# Set environment paths
+ENV PATH="/usr/local/go/bin:/root/.cargo/bin:${PATH}"
+ENV GOROOT="/usr/local/go"
+ENV GOPATH="/go"
+
+# Install uv
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
+
+# Install CLI based on build mode
+RUN if [ "$USE_LOCAL_INSTALL" = "true" ]; then \
+        echo "Using local development install"; \
+    else \
+        for i in $(seq 1 10); do \
+            echo "Attempt $i/10: Installing socketsecurity==$CLI_VERSION"; \
+            if pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketsecurity==$CLI_VERSION; then \
+                break; \
+            fi; \
+            echo "Install failed, waiting 30s before retry..."; \
+            sleep 30; \
+        done && \
+        if [ ! -z "$SDK_VERSION" ]; then \
+            pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketdev==${SDK_VERSION}; \
+        fi; \
+    fi
+
+# Copy local source and install in editable mode if USE_LOCAL_INSTALL is true
+COPY . /app
+WORKDIR /app
+RUN if [ "$USE_LOCAL_INSTALL" = "true" ]; then \
+        pip install --upgrade -e .; \
+        pip install --upgrade socketdev; \
+    fi
+
+# Create workspace directory with proper permissions
+RUN mkdir -p /go/src && chmod -R 777 /go
+
+ENTRYPOINT ["socketcli"]

{socketsecurity-2.2.26 → socketsecurity-2.2.32}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.26
+Version: 2.2.32
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>
@@ -40,7 +40,7 @@ Requires-Dist: packaging
 Requires-Dist: prettytable
 Requires-Dist: python-dotenv
 Requires-Dist: requests
-Requires-Dist: socketdev<4.0.0,>=3.0.17
+Requires-Dist: socketdev<4.0.0,>=3.0.19
 Provides-Extra: dev
 Requires-Dist: hatch; extra == 'dev'
 Requires-Dist: pre-commit; extra == 'dev'
@@ -228,6 +228,8 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --reach-version                  | False    | latest  | Version of @coana-tech/cli to use for analysis                                                                             |
 | --reach-analysis-timeout         | False    | 1200    | Timeout in seconds for the reachability analysis (default: 1200 seconds / 20 minutes)                                      |
 | --reach-analysis-memory-limit    | False    | 4096    | Memory limit in MB for the reachability analysis (default: 4096 MB / 4 GB)                                                 |
+| --reach-concurrency              | False    |         | Control parallel analysis execution (must be >= 1)                                                                         |
+| --reach-additional-params        | False    |         | Pass custom parameters to the coana CLI tool                                                                               |
 | --reach-ecosystems               | False    |         | Comma-separated list of ecosystems to analyze (e.g., "npm,pypi"). If not specified, all supported ecosystems are analyzed  |
 | --reach-exclude-paths            | False    |         | Comma-separated list of file paths or patterns to exclude from reachability analysis                                       |
 | --reach-min-severity             | False    |         | Minimum severity level for reporting reachability results (low, medium, high, critical)                                    |

{socketsecurity-2.2.26 → socketsecurity-2.2.32}/README.md

@@ -171,6 +171,8 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --reach-version                  | False    | latest  | Version of @coana-tech/cli to use for analysis                                                                             |
 | --reach-analysis-timeout         | False    | 1200    | Timeout in seconds for the reachability analysis (default: 1200 seconds / 20 minutes)                                      |
 | --reach-analysis-memory-limit    | False    | 4096    | Memory limit in MB for the reachability analysis (default: 4096 MB / 4 GB)                                                 |
+| --reach-concurrency              | False    |         | Control parallel analysis execution (must be >= 1)                                                                         |
+| --reach-additional-params        | False    |         | Pass custom parameters to the coana CLI tool                                                                               |
 | --reach-ecosystems               | False    |         | Comma-separated list of ecosystems to analyze (e.g., "npm,pypi"). If not specified, all supported ecosystems are analyzed  |
 | --reach-exclude-paths            | False    |         | Comma-separated list of file paths or patterns to exclude from reachability analysis                                       |
 | --reach-min-severity             | False    |         | Minimum severity level for reporting reachability results (low, medium, high, critical)                                    |

{socketsecurity-2.2.26 → socketsecurity-2.2.32}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.26"
+version = "2.2.32"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
@@ -16,7 +16,7 @@ dependencies = [
     'GitPython',
     'packaging',
     'python-dotenv',
-    'socketdev>=3.0.17,<4.0.0',
+    'socketdev>=3.0.19,<4.0.0',
     "bs4>=0.0.2",
 ]
 readme = "README.md"

socketsecurity-2.2.32/scripts/build_container_flexible.sh

@@ -0,0 +1,161 @@
+#!/bin/sh
+VERSION=$(grep -o "__version__.*" socketsecurity/__init__.py | awk '{print $3}' | tr -d "'")
+ENABLE_PYPI_BUILD=$1
+STABLE_VERSION=$2
+GO_VERSION=${GO_VERSION:-"1.21"}
+JAVA_VERSION=${JAVA_VERSION:-"17"}
+DOTNET_VERSION=${DOTNET_VERSION:-"8"}
+
+verify_package() {
+    local version=$1
+    local pip_index=$2
+    echo "Verifying package availability..."
+    
+    for i in $(seq 1 30); do
+        if pip install --index-url $pip_index socketsecurity==$version; then
+            echo "Package $version is now available and installable"
+            pip uninstall -y socketsecurity
+            return 0
+        fi
+        echo "Attempt $i: Package not yet installable, waiting 20s... ($i/30)"
+        sleep 20
+    done
+    
+    echo "Package verification failed after 30 attempts"
+    return 1
+}
+
+# Function to build Docker image with language versions
+build_docker_image() {
+    local cli_version=$1
+    local tag=$2
+    local pip_index=${3:-"https://pypi.org/simple"}
+    local pip_extra_index=${4:-"https://pypi.org/simple"}
+    local use_local=${5:-"false"}
+    local dockerfile=${6:-"Dockerfile"}
+    
+    echo "Building with Go $GO_VERSION, Java $JAVA_VERSION, .NET $DOTNET_VERSION"
+    
+    local build_args="--build-arg CLI_VERSION=$cli_version"
+    build_args="$build_args --build-arg GO_VERSION=$GO_VERSION"
+    build_args="$build_args --build-arg JAVA_VERSION=$JAVA_VERSION"
+    build_args="$build_args --build-arg DOTNET_VERSION=$DOTNET_VERSION"
+    build_args="$build_args --build-arg PIP_INDEX_URL=$pip_index"
+    build_args="$build_args --build-arg PIP_EXTRA_INDEX_URL=$pip_extra_index"
+    build_args="$build_args --build-arg USE_LOCAL_INSTALL=$use_local"
+    
+    docker build --no-cache $build_args --platform linux/amd64,linux/arm64 -t $tag -f $dockerfile .
+}
+
+echo "Socket CLI version: $VERSION"
+echo "Language versions: Go $GO_VERSION, Java $JAVA_VERSION, .NET $DOTNET_VERSION"
+
+if [ -z $ENABLE_PYPI_BUILD ] || [ -z $STABLE_VERSION ]; then
+    echo "$0 pypi-build=<option> stable=<true|false|prod|test>"
+    echo "\tpypi-build: Options are prod, test, or local"
+    echo "\t  - prod: Build and publish to production PyPI, then build Docker images"
+    echo "\t  - test: Build and publish to test PyPI, then build Docker images"
+    echo "\t  - local: Build Docker images only using existing PyPI package (specify prod or test via stable parameter)"
+    echo "\tstable: true/false/prod/test - Also tag as stable; for local builds:"
+    echo "\t  - stable=prod: Use production PyPI package"
+    echo "\t  - stable=test: Use test PyPI package"
+    echo "\t  - stable=false: Use local development install (pip install -e .)"
+    echo ""
+    echo "Environment variables for language versions:"
+    echo "\tGO_VERSION: Go version to install (default: 1.21, or 'system' for Alpine package)"
+    echo "\tJAVA_VERSION: Java version to install (default: 17, options: 8, 11, 17, 21)"
+    echo "\tDOTNET_VERSION: .NET version to install (default: 8, options: 6, 8)"
+    echo ""
+    echo "Examples:"
+    echo "\tGO_VERSION=1.19 JAVA_VERSION=11 $0 pypi-build=local stable=prod"
+    echo "\tGO_VERSION=system JAVA_VERSION=8 $0 pypi-build=local stable=false"
+    exit
+fi
+
+if [ $ENABLE_PYPI_BUILD = "pypi-build=prod" ]; then
+    echo "Doing production build"
+    
+    build_docker_image $VERSION "socketdev/cli:$VERSION"
+    docker push socketdev/cli:$VERSION
+    
+    build_docker_image $VERSION "socketdev/cli:latest"
+    docker push socketdev/cli:latest
+fi
+
+if [ $ENABLE_PYPI_BUILD = "pypi-build=test" ]; then
+    echo "Doing test build"
+    if ! python -m build --wheel --sdist; then
+        echo "Build failed"
+        exit 1
+    fi
+    
+    if ! twine upload --repository testpypi dist/*$VERSION*; then
+        echo "Upload to TestPyPI failed"
+        exit 1
+    fi
+    
+    if ! verify_package $VERSION "https://test.pypi.org/simple"; then
+        echo "Failed to verify package on TestPyPI"
+        exit 1
+    fi
+    
+    build_docker_image $VERSION "socketdev/cli:$VERSION-test" "https://test.pypi.org/simple" "https://pypi.org/simple"
+    docker push socketdev/cli:$VERSION-test
+    
+    build_docker_image $VERSION "socketdev/cli:test" "https://test.pypi.org/simple" "https://pypi.org/simple"
+    docker push socketdev/cli:test
+fi
+
+if [ $STABLE_VERSION = "stable=true" ]; then
+    if [ $ENABLE_PYPI_BUILD = "pypi-build=enable" ]; then
+        if ! verify_package $VERSION "https://pypi.org/simple"; then
+            echo "Failed to verify package on PyPI"
+            exit 1
+        fi
+    fi
+    
+    build_docker_image $VERSION "socketdev/cli:stable"
+    docker push socketdev/cli:stable
+fi
+
+if [ $ENABLE_PYPI_BUILD = "pypi-build=local" ]; then
+    echo "Building local version without publishing to PyPI"
+    
+    # Determine PyPI source and build parameters
+    if [ $STABLE_VERSION = "stable=prod" ]; then
+        echo "Using production PyPI"
+        PIP_INDEX_URL="https://pypi.org/simple"
+        PIP_EXTRA_INDEX_URL="https://pypi.org/simple" 
+        TAG_SUFFIX="local"
+        USE_LOCAL_INSTALL="false"
+    elif [ $STABLE_VERSION = "stable=test" ]; then
+        echo "Using test PyPI"
+        PIP_INDEX_URL="https://test.pypi.org/simple"
+        PIP_EXTRA_INDEX_URL="https://pypi.org/simple"
+        TAG_SUFFIX="local-test"
+        USE_LOCAL_INSTALL="false"
+    elif [ $STABLE_VERSION = "stable=false" ]; then
+        echo "Using local development install (pip install -e .)"
+        TAG_SUFFIX="local-dev"
+        USE_LOCAL_INSTALL="true"
+        PIP_INDEX_URL="https://pypi.org/simple"
+        PIP_EXTRA_INDEX_URL="https://pypi.org/simple"
+    else
+        echo "For local builds, use stable=prod, stable=test, or stable=false"
+        exit 1
+    fi
+    
+    # Create language-specific tag if non-default versions are used
+    LANG_TAG=""
+    if [ "$GO_VERSION" != "1.21" ] || [ "$JAVA_VERSION" != "17" ] || [ "$DOTNET_VERSION" != "8" ]; then
+        LANG_TAG="-go${GO_VERSION}-java${JAVA_VERSION}-dotnet${DOTNET_VERSION}"
+    fi
+    
+    build_docker_image $VERSION "socketdev/cli:$VERSION-$TAG_SUFFIX$LANG_TAG" $PIP_INDEX_URL $PIP_EXTRA_INDEX_URL $USE_LOCAL_INSTALL "Dockerfile.flexible"
+    
+    build_docker_image $VERSION "socketdev/cli:$TAG_SUFFIX$LANG_TAG" $PIP_INDEX_URL $PIP_EXTRA_INDEX_URL $USE_LOCAL_INSTALL "Dockerfile.flexible"
+    
+    echo "Local build complete. Tagged as:"
+    echo "  - socketdev/cli:$VERSION-$TAG_SUFFIX$LANG_TAG"
+    echo "  - socketdev/cli:$TAG_SUFFIX$LANG_TAG"
+fi

{socketsecurity-2.2.26 → socketsecurity-2.2.32}/socketsecurity/__init__.py

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.26'
+__version__ = '2.2.32'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

{socketsecurity-2.2.26 → socketsecurity-2.2.32}/socketsecurity/config.py

@@ -73,6 +73,8 @@ class CliConfig:
     reach_skip_cache: bool = False
     reach_min_severity: Optional[str] = None
     reach_output_file: Optional[str] = None
+    reach_concurrency: Optional[int] = None
+    reach_additional_params: Optional[List[str]] = None
     only_facts_file: bool = False
     
     @classmethod
@@ -132,6 +134,8 @@ class CliConfig:
             'reach_skip_cache': args.reach_skip_cache,
             'reach_min_severity': args.reach_min_severity,
             'reach_output_file': args.reach_output_file,
+            'reach_concurrency': args.reach_concurrency,
+            'reach_additional_params': args.reach_additional_params,
             'only_facts_file': args.only_facts_file,
             'version': __version__
         }
@@ -169,6 +173,11 @@ class CliConfig:
             logging.error("--only-facts-file requires --reach to be specified")
             exit(1)
 
+        # Validate reach_concurrency is >= 1 if provided
+        if args.reach_concurrency is not None and args.reach_concurrency < 1:
+            logging.error("--reach-concurrency must be >= 1")
+            exit(1)
+
         return cls(**config_args)
 
     def to_dict(self) -> dict:
@@ -429,20 +438,13 @@ def create_argument_parser() -> argparse.ArgumentParser:
         help="Exclude license details from the diff report (boosts performance for large repos)"
     )
 
-    # Security Configuration
-    security_group = parser.add_argument_group('Security Configuration')
-    security_group.add_argument(
-        "--allow-unverified",
-        action="store_true",
-        help="Allow unverified packages"
-    )
-    security_group.add_argument(
+    output_group.add_argument(
         "--disable-security-issue",
         dest="disable_security_issue",
         action="store_true",
         help="Disable security issue checks"
     )
-    security_group.add_argument(
+    output_group.add_argument(
         "--disable_security_issue",
         dest="disable_security_issue",
         action="store_true",
@@ -494,6 +496,11 @@ def create_argument_parser() -> argparse.ArgumentParser:
         help="Timeout in seconds for API requests",
         required=False
     )
+    advanced_group.add_argument(
+        "--allow-unverified",
+        action="store_true",
+        help="Disable SSL certificate verification for API requests"
+    )
     config_group.add_argument(
         "--include-module-folders",
         dest="include_module_folders",
@@ -567,6 +574,20 @@ def create_argument_parser() -> argparse.ArgumentParser:
         default=".socket.facts.json",
         help="Output file path for reachability analysis results (default: .socket.facts.json)"
     )
+    reachability_group.add_argument(
+        "--reach-concurrency",
+        dest="reach_concurrency",
+        type=int,
+        metavar="<number>",
+        help="Concurrency level for reachability analysis (must be >= 1)"
+    )
+    reachability_group.add_argument(
+        "--reach-additional-params",
+        dest="reach_additional_params",
+        nargs='+',
+        metavar="<param>",
+        help="Additional parameters to pass to the coana CLI (e.g., --reach-additional-params --other-param value --another-param value2)"
+    )
     reachability_group.add_argument(
         "--only-facts-file",
         dest="only_facts_file",

{socketsecurity-2.2.26 → socketsecurity-2.2.32}/socketsecurity/core/scm/gitlab.py

@@ -1,8 +1,9 @@
 import os
 import sys
 from dataclasses import dataclass
-from typing import Optional
+from typing import Optional, Union
 
+import requests
 from socketsecurity import USER_AGENT
 from socketsecurity.core import log
 from socketsecurity.core.classes import Comment
@@ -128,9 +129,9 @@ class Gitlab:
         try:
             # Try the initial request with the configured headers
             return self.client.request(**kwargs)
-        except Exception as e:
+        except requests.exceptions.HTTPError as e:
             # Check if this is an authentication error (401)
-            if hasattr(e, 'response') and e.response and e.response.status_code == 401:
+            if e.response and e.response.status_code == 401:
                 log.debug(f"Authentication failed with initial headers, trying fallback method")
                 
                 # Determine the fallback headers
@@ -144,6 +145,9 @@ class Gitlab:
             
             # Re-raise the original exception if it's not an auth error or fallback failed
             raise
+        except Exception as e:
+            # Handle other types of exceptions that don't have response attribute
+            raise
 
     def _get_fallback_headers(self, original_headers: dict) -> dict:
         """
@@ -235,13 +239,13 @@ class Gitlab:
             new_security_comment: bool = True,
             new_overview_comment: bool = True
     ) -> None:
-        existing_overview_comment = comments.get("overview", "")
-        existing_security_comment = comments.get("security", "")
+        existing_overview_comment = comments.get("overview")
+        existing_security_comment = comments.get("security")
         if new_overview_comment:
             log.debug("New Dependency Overview comment")
             if existing_overview_comment is not None:
                 log.debug("Previous version of Dependency Overview, updating")
-                existing_overview_comment: Comment
+                # Type narrowing: after None check, mypy knows this is Comment
                 self.update_comment(overview_comment, str(existing_overview_comment.id))
             else:
                 log.debug("No previous version of Dependency Overview, posting")
@@ -250,15 +254,15 @@ class Gitlab:
             log.debug("New Security Issue Comment")
             if existing_security_comment is not None:
                 log.debug("Previous version of Security Issue comment, updating")
-                existing_security_comment: Comment
+                # Type narrowing: after None check, mypy knows this is Comment
                 self.update_comment(security_comment, str(existing_security_comment.id))
             else:
                 log.debug("No Previous version of Security Issue comment, posting")
                 self.post_comment(security_comment)
 
     def remove_comment_alerts(self, comments: dict):
-        security_alert = comments.get("security", "")
+        security_alert = comments.get("security")
         if security_alert is not None:
-            security_alert: Comment
+            # Type narrowing: after None check, mypy knows this is Comment
             new_body = Comments.process_security_comment(security_alert, comments)
             self.update_comment(new_body, str(security_alert.id))

{socketsecurity-2.2.26 → socketsecurity-2.2.32}/socketsecurity/core/tools/reachability.py

@@ -20,7 +20,7 @@ class ReachabilityAnalyzer:
         Check if @coana-tech/cli is installed, and install/update it if needed.
         
         Args:
-            version: Specific version to install (e.g., '1.2.3'). If None, updates to latest.
+            version: Specific version to install (e.g., '1.2.3'). If None, always updates to latest.
             
         Returns:
             str: The package specifier to use with npx
@@ -48,6 +48,7 @@ class ReachabilityAnalyzer:
                 log.debug(f"Could not check for existing @coana-tech/cli installation: {e}")
         
         # Install or update the package
+        # When no version is specified, always try to update to latest
         if version:
             log.info(f"Installing reachability analysis plugin (@coana-tech/cli@{version})...")
         else:
@@ -95,6 +96,9 @@ class ReachabilityAnalyzer:
         repo_name: Optional[str] = None,
         branch_name: Optional[str] = None,
         version: Optional[str] = None,
+        concurrency: Optional[int] = None,
+        additional_params: Optional[List[str]] = None,
+        allow_unverified: bool = False,
     ) -> Dict[str, Any]:
         """
         Run reachability analysis.
@@ -114,6 +118,9 @@ class ReachabilityAnalyzer:
             repo_name: Repository name
             branch_name: Branch name
             version: Specific version of @coana-tech/cli to use
+            concurrency: Concurrency level for analysis (must be >= 1)
+            additional_params: Additional parameters to pass to coana CLI
+            allow_unverified: Disable SSL certificate verification (sets NODE_TLS_REJECT_UNAUTHORIZED=0)
             
         Returns:
             Dict containing scan_id and report_path
@@ -158,6 +165,13 @@ class ReachabilityAnalyzer:
         if skip_cache:
             cmd.append("--skip-cache-usage")
         
+        if concurrency:
+            cmd.extend(["--concurrency", str(concurrency)])
+        
+        # Add any additional parameters provided by the user
+        if additional_params:
+            cmd.extend(additional_params)
+        
         # Set up environment variables
         env = os.environ.copy()
         
@@ -172,6 +186,10 @@ class ReachabilityAnalyzer:
         if branch_name:
             env["SOCKET_BRANCH_NAME"] = branch_name
         
+        # Set NODE_TLS_REJECT_UNAUTHORIZED=0 if allow_unverified is True
+        if allow_unverified:
+            env["NODE_TLS_REJECT_UNAUTHORIZED"] = "0"
+        
         # Execute CLI
         log.info("Running reachability analysis...")
         log.debug(f"Reachability command: {' '.join(cmd)}")

{socketsecurity-2.2.26 → socketsecurity-2.2.32}/socketsecurity/socketcli.py

@@ -2,6 +2,7 @@ import json
 import sys
 import traceback
 import shutil
+import warnings
 
 from dotenv import load_dotenv
 from git import InvalidGitRepositoryError, NoSuchPathError
@@ -55,7 +56,13 @@ def main_code():
                  "2. Environment variable: SOCKET_SECURITY_API_KEY")
         sys.exit(3)
     
-    sdk = socketdev(token=config.api_token)
+    sdk = socketdev(token=config.api_token, allow_unverified=config.allow_unverified)
+    
+    # Suppress urllib3 InsecureRequestWarning when using --allow-unverified
+    if config.allow_unverified:
+        import urllib3
+        urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+    
     output_handler = OutputHandler(config, sdk)
     log.debug("sdk loaded")
 
@@ -277,7 +284,10 @@ def main_code():
                     disable_analytics=config.reach_disable_analytics or False,
                     repo_name=config.repo,
                     branch_name=config.branch,
-                    version=config.reach_version
+                    version=config.reach_version,
+                    concurrency=config.reach_concurrency,
+                    additional_params=config.reach_additional_params,
+                    allow_unverified=config.allow_unverified
                 )
                 
                 log.info(f"Reachability analysis completed successfully")

{socketsecurity-2.2.26 → socketsecurity-2.2.32}/uv.lock

@@ -1052,26 +1052,28 @@ wheels = [
 
 [[package]]
 name = "socketdev"
-version = "3.0.16"
+version = "3.0.17"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "requests" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/02/0d/6da0e0c34b97eef3a926d55470fa4bda2fcbbc42cc9e26ac51a34c6f117d/socketdev-3.0.16.tar.gz", hash = "sha256:5145300945e4e8d2d7f71db9c55cb44cc1449874f9d6416cc1d6ec129c64d638", size = 132505, upload-time = "2025-11-07T03:24:16.231Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/47/60/54b56ac179a9c89b2c9f2ab7eb5ba81220de64d11d52cf19249113ff364d/socketdev-3.0.17.tar.gz", hash = "sha256:a4446a84856c637c312d809d5b8deb25dd20ca38ae7d00a4c8104ea5b890c0af", size = 134013, upload-time = "2025-11-07T22:38:34.354Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/a3/91/8486b2a62ba71d62a8f4f2f9ad22c61fcaabb461c5f269bbe0734eae76f9/socketdev-3.0.16-py3-none-any.whl", hash = "sha256:f5e413f5f2f8c0c938d5654da7f0a157c0be02a25e14d94af62c252e9fb3b502", size = 58567, upload-time = "2025-11-07T03:24:14.965Z" },
+    { url = "https://files.pythonhosted.org/packages/98/56/34ab0e33b5345ca7ada68cd0a9e9d4adcde16051192eb10f8e2c3e0deaa1/socketdev-3.0.17-py3-none-any.whl", hash = "sha256:0986ee0694d5ce879cadb8e06fcfb75a4ca2dfb6f415414593825701593cf991", size = 59317, upload-time = "2025-11-07T22:38:32.704Z" },
 ]
 
 [[package]]
 name = "socketsecurity"
-version = "2.2.18"
+version = "2.2.26"
 source = { editable = "." }
 dependencies = [
     { name = "bs4" },
     { name = "gitpython" },
+    { name = "hatch" },
     { name = "mdutils" },
     { name = "packaging" },
+    { name = "pluggy" },
     { name = "prettytable" },
     { name = "python-dotenv" },
     { name = "requests" },
@@ -1098,9 +1100,11 @@ test = [
 requires-dist = [
     { name = "bs4", specifier = ">=0.0.2" },
     { name = "gitpython" },
+    { name = "hatch", specifier = ">=1.14.1" },
     { name = "hatch", marker = "extra == 'dev'" },
     { name = "mdutils" },
     { name = "packaging" },
+    { name = "pluggy", specifier = ">=1.6.0" },
     { name = "pre-commit", marker = "extra == 'dev'" },
     { name = "prettytable" },
     { name = "pytest", marker = "extra == 'test'", specifier = ">=7.4.0" },
@@ -1111,7 +1115,7 @@ requires-dist = [
     { name = "python-dotenv" },
     { name = "requests" },
     { name = "ruff", marker = "extra == 'dev'", specifier = ">=0.3.0" },
-    { name = "socketdev", specifier = ">=3.0.16,<4.0.0" },
+    { name = "socketdev", specifier = ">=3.0.17,<4.0.0" },
     { name = "twine", marker = "extra == 'dev'" },
     { name = "uv", marker = "extra == 'dev'", specifier = ">=0.1.0" },
 ]

socketsecurity-2.2.26/Dockerfile

@@ -1,41 +0,0 @@
-FROM python:3-alpine
-LABEL org.opencontainers.image.authors="socket.dev"
-ARG CLI_VERSION
-ARG SDK_VERSION
-ARG PIP_INDEX_URL=https://pypi.org/simple
-ARG PIP_EXTRA_INDEX_URL=https://pypi.org/simple
-ARG USE_LOCAL_INSTALL=false
-
-RUN apk update \
-    && apk add --no-cache git nodejs npm yarn curl \
-    && npm install @coana-tech/cli -g
-
-# Install uv
-COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
-
-# Install CLI based on build mode
-RUN if [ "$USE_LOCAL_INSTALL" = "true" ]; then \
-        echo "Using local development install"; \
-    else \
-        for i in $(seq 1 10); do \
-            echo "Attempt $i/10: Installing socketsecurity==$CLI_VERSION"; \
-            if pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketsecurity==$CLI_VERSION; then \
-                break; \
-            fi; \
-            echo "Install failed, waiting 30s before retry..."; \
-            sleep 30; \
-        done && \
-        if [ ! -z "$SDK_VERSION" ]; then \
-            pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketdev==${SDK_VERSION}; \
-        fi; \
-    fi
-
-# Copy local source and install in editable mode if USE_LOCAL_INSTALL is true
-COPY . /app
-WORKDIR /app
-RUN if [ "$USE_LOCAL_INSTALL" = "true" ]; then \
-        pip install --upgrade -e .; \
-        pip install --upgrade socketdev; \
-    fi
-
-# ENTRYPOINT ["socketcli"]