PyPI - socketsecurity - Versions diffs - 2.2.27__tar.gz → 2.2.32__tar.gz - Mend

socketsecurity 2.2.27tar.gz → 2.2.32tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

socketsecurity-2.2.32/Dockerfile ADDED Viewed

@@ -0,0 +1,102 @@
+FROM python:3-alpine
+LABEL org.opencontainers.image.authors="socket.dev"
+# Language version arguments with defaults
+ARG GO_VERSION=system
+ARG JAVA_VERSION=17
+ARG DOTNET_VERSION=8
+# CLI and SDK arguments
+ARG CLI_VERSION
+ARG SDK_VERSION
+ARG PIP_INDEX_URL=https://pypi.org/simple
+ARG PIP_EXTRA_INDEX_URL=https://pypi.org/simple
+ARG USE_LOCAL_INSTALL=false
+# Install base packages first
+RUN apk update && apk add --no-cache \
+        git nodejs npm yarn curl wget \
+        ruby ruby-dev build-base
+# Install Go with version control
+RUN if [ "$GO_VERSION" = "system" ]; then \
+        apk add --no-cache go; \
+    else \
+        cd /tmp && \
+        ARCH=$(uname -m) && \
+        case $ARCH in \
+            x86_64) GOARCH=amd64 ;; \
+            aarch64) GOARCH=arm64 ;; \
+            *) echo "Unsupported architecture: $ARCH" && exit 1 ;; \
+        esac && \
+        wget https://golang.org/dl/go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
+        tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
+        rm go${GO_VERSION}.linux-${GOARCH}.tar.gz; \
+    fi
+# Install Java with version control
+RUN if [ "$JAVA_VERSION" = "8" ]; then \
+        apk add --no-cache openjdk8-jdk; \
+    elif [ "$JAVA_VERSION" = "11" ]; then \
+        apk add --no-cache openjdk11-jdk; \
+    elif [ "$JAVA_VERSION" = "17" ]; then \
+        apk add --no-cache openjdk17-jdk; \
+    elif [ "$JAVA_VERSION" = "21" ]; then \
+        apk add --no-cache openjdk21-jdk; \
+    else \
+        echo "Unsupported Java version: $JAVA_VERSION. Supported: 8, 11, 17, 21" && exit 1; \
+    fi
+# Install .NET with version control
+RUN if [ "$DOTNET_VERSION" = "6" ]; then \
+        apk add --no-cache dotnet6-sdk; \
+    elif [ "$DOTNET_VERSION" = "8" ]; then \
+        apk add --no-cache dotnet8-sdk; \
+    else \
+        echo "Unsupported .NET version: $DOTNET_VERSION. Supported: 6, 8" && exit 1; \
+    fi
+# Install additional tools
+RUN npm install @coana-tech/cli -g && \
+    gem install bundler && \
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y && \
+    . ~/.cargo/env && \
+    rustup component add rustfmt clippy
+# Set environment paths
+ENV PATH="/usr/local/go/bin:/root/.cargo/bin:${PATH}"
+ENV GOROOT="/usr/local/go"
+ENV GOPATH="/go"
+# Install uv
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
+# Install CLI based on build mode
+RUN if [ "$USE_LOCAL_INSTALL" = "true" ]; then \
+        echo "Using local development install"; \
+    else \
+        for i in $(seq 1 10); do \
+            echo "Attempt $i/10: Installing socketsecurity==$CLI_VERSION"; \
+            if pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketsecurity==$CLI_VERSION; then \
+                break; \
+            fi; \
+            echo "Install failed, waiting 30s before retry..."; \
+            sleep 30; \
+        done && \
+        if [ ! -z "$SDK_VERSION" ]; then \
+            pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketdev==${SDK_VERSION}; \
+        fi; \
+    fi
+# Copy local source and install in editable mode if USE_LOCAL_INSTALL is true
+COPY . /app
+WORKDIR /app
+RUN if [ "$USE_LOCAL_INSTALL" = "true" ]; then \
+        pip install --upgrade -e .; \
+        pip install --upgrade socketdev; \
+    fi
+# Create workspace directory with proper permissions
+RUN mkdir -p /go/src && chmod -R 777 /go
+ENTRYPOINT ["socketcli"]

{socketsecurity-2.2.27 → socketsecurity-2.2.32}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.27
+Version: 2.2.32
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>
@@ -40,7 +40,7 @@ Requires-Dist: packaging
 Requires-Dist: prettytable
 Requires-Dist: python-dotenv
 Requires-Dist: requests
-Requires-Dist: socketdev<4.0.0,>=3.0.17
+Requires-Dist: socketdev<4.0.0,>=3.0.19
 Provides-Extra: dev
 Requires-Dist: hatch; extra == 'dev'
 Requires-Dist: pre-commit; extra == 'dev'
@@ -228,6 +228,8 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --reach-version                  | False    | latest  | Version of @coana-tech/cli to use for analysis                                                                             |
 | --reach-analysis-timeout         | False    | 1200    | Timeout in seconds for the reachability analysis (default: 1200 seconds / 20 minutes)                                      |
 | --reach-analysis-memory-limit    | False    | 4096    | Memory limit in MB for the reachability analysis (default: 4096 MB / 4 GB)                                                 |
+| --reach-concurrency              | False    |         | Control parallel analysis execution (must be >= 1)                                                                         |
+| --reach-additional-params        | False    |         | Pass custom parameters to the coana CLI tool                                                                               |
 | --reach-ecosystems               | False    |         | Comma-separated list of ecosystems to analyze (e.g., "npm,pypi"). If not specified, all supported ecosystems are analyzed  |
 | --reach-exclude-paths            | False    |         | Comma-separated list of file paths or patterns to exclude from reachability analysis                                       |
 | --reach-min-severity             | False    |         | Minimum severity level for reporting reachability results (low, medium, high, critical)                                    |

{socketsecurity-2.2.27 → socketsecurity-2.2.32}/README.md RENAMED Viewed

@@ -171,6 +171,8 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --reach-version                  | False    | latest  | Version of @coana-tech/cli to use for analysis                                                                             |
 | --reach-analysis-timeout         | False    | 1200    | Timeout in seconds for the reachability analysis (default: 1200 seconds / 20 minutes)                                      |
 | --reach-analysis-memory-limit    | False    | 4096    | Memory limit in MB for the reachability analysis (default: 4096 MB / 4 GB)                                                 |
+| --reach-concurrency              | False    |         | Control parallel analysis execution (must be >= 1)                                                                         |
+| --reach-additional-params        | False    |         | Pass custom parameters to the coana CLI tool                                                                               |
 | --reach-ecosystems               | False    |         | Comma-separated list of ecosystems to analyze (e.g., "npm,pypi"). If not specified, all supported ecosystems are analyzed  |
 | --reach-exclude-paths            | False    |         | Comma-separated list of file paths or patterns to exclude from reachability analysis                                       |
 | --reach-min-severity             | False    |         | Minimum severity level for reporting reachability results (low, medium, high, critical)                                    |

{socketsecurity-2.2.27 → socketsecurity-2.2.32}/pyproject.toml RENAMED Viewed

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 [project]
 name = "socketsecurity"
-version = "2.2.27"
+version = "2.2.32"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
@@ -16,7 +16,7 @@ dependencies = [
     'GitPython',
     'packaging',
     'python-dotenv',
-    'socketdev>=3.0.17,<4.0.0',
+    'socketdev>=3.0.19,<4.0.0',
     "bs4>=0.0.2",
 ]
 readme = "README.md"

socketsecurity-2.2.32/scripts/build_container_flexible.sh ADDED Viewed

@@ -0,0 +1,161 @@
+#!/bin/sh
+VERSION=$(grep -o "__version__.*" socketsecurity/__init__.py | awk '{print $3}' | tr -d "'")
+ENABLE_PYPI_BUILD=$1
+STABLE_VERSION=$2
+GO_VERSION=${GO_VERSION:-"1.21"}
+JAVA_VERSION=${JAVA_VERSION:-"17"}
+DOTNET_VERSION=${DOTNET_VERSION:-"8"}
+verify_package() {
+    local version=$1
+    local pip_index=$2
+    echo "Verifying package availability..."
+    for i in $(seq 1 30); do
+        if pip install --index-url $pip_index socketsecurity==$version; then
+            echo "Package $version is now available and installable"
+            pip uninstall -y socketsecurity
+            return 0
+        fi
+        echo "Attempt $i: Package not yet installable, waiting 20s... ($i/30)"
+        sleep 20
+    done
+    echo "Package verification failed after 30 attempts"
+    return 1
+}
+# Function to build Docker image with language versions
+build_docker_image() {
+    local cli_version=$1
+    local tag=$2
+    local pip_index=${3:-"https://pypi.org/simple"}
+    local pip_extra_index=${4:-"https://pypi.org/simple"}
+    local use_local=${5:-"false"}
+    local dockerfile=${6:-"Dockerfile"}
+    echo "Building with Go $GO_VERSION, Java $JAVA_VERSION, .NET $DOTNET_VERSION"
+    local build_args="--build-arg CLI_VERSION=$cli_version"
+    build_args="$build_args --build-arg GO_VERSION=$GO_VERSION"
+    build_args="$build_args --build-arg JAVA_VERSION=$JAVA_VERSION"
+    build_args="$build_args --build-arg DOTNET_VERSION=$DOTNET_VERSION"
+    build_args="$build_args --build-arg PIP_INDEX_URL=$pip_index"
+    build_args="$build_args --build-arg PIP_EXTRA_INDEX_URL=$pip_extra_index"
+    build_args="$build_args --build-arg USE_LOCAL_INSTALL=$use_local"
+    docker build --no-cache $build_args --platform linux/amd64,linux/arm64 -t $tag -f $dockerfile .
+}
+echo "Socket CLI version: $VERSION"
+echo "Language versions: Go $GO_VERSION, Java $JAVA_VERSION, .NET $DOTNET_VERSION"
+if [ -z $ENABLE_PYPI_BUILD ] || [ -z $STABLE_VERSION ]; then
+    echo "$0 pypi-build=<option> stable=<true|false|prod|test>"
+    echo "\tpypi-build: Options are prod, test, or local"
+    echo "\t  - prod: Build and publish to production PyPI, then build Docker images"
+    echo "\t  - test: Build and publish to test PyPI, then build Docker images"
+    echo "\t  - local: Build Docker images only using existing PyPI package (specify prod or test via stable parameter)"
+    echo "\tstable: true/false/prod/test - Also tag as stable; for local builds:"
+    echo "\t  - stable=prod: Use production PyPI package"
+    echo "\t  - stable=test: Use test PyPI package"
+    echo "\t  - stable=false: Use local development install (pip install -e .)"
+    echo ""
+    echo "Environment variables for language versions:"
+    echo "\tGO_VERSION: Go version to install (default: 1.21, or 'system' for Alpine package)"
+    echo "\tJAVA_VERSION: Java version to install (default: 17, options: 8, 11, 17, 21)"
+    echo "\tDOTNET_VERSION: .NET version to install (default: 8, options: 6, 8)"
+    echo ""
+    echo "Examples:"
+    echo "\tGO_VERSION=1.19 JAVA_VERSION=11 $0 pypi-build=local stable=prod"
+    echo "\tGO_VERSION=system JAVA_VERSION=8 $0 pypi-build=local stable=false"
+    exit
+fi
+if [ $ENABLE_PYPI_BUILD = "pypi-build=prod" ]; then
+    echo "Doing production build"
+    build_docker_image $VERSION "socketdev/cli:$VERSION"
+    docker push socketdev/cli:$VERSION
+    build_docker_image $VERSION "socketdev/cli:latest"
+    docker push socketdev/cli:latest
+fi
+if [ $ENABLE_PYPI_BUILD = "pypi-build=test" ]; then
+    echo "Doing test build"
+    if ! python -m build --wheel --sdist; then
+        echo "Build failed"
+        exit 1
+    fi
+    if ! twine upload --repository testpypi dist/*$VERSION*; then
+        echo "Upload to TestPyPI failed"
+        exit 1
+    fi
+    if ! verify_package $VERSION "https://test.pypi.org/simple"; then
+        echo "Failed to verify package on TestPyPI"
+        exit 1
+    fi
+    build_docker_image $VERSION "socketdev/cli:$VERSION-test" "https://test.pypi.org/simple" "https://pypi.org/simple"
+    docker push socketdev/cli:$VERSION-test
+    build_docker_image $VERSION "socketdev/cli:test" "https://test.pypi.org/simple" "https://pypi.org/simple"
+    docker push socketdev/cli:test
+fi
+if [ $STABLE_VERSION = "stable=true" ]; then
+    if [ $ENABLE_PYPI_BUILD = "pypi-build=enable" ]; then
+        if ! verify_package $VERSION "https://pypi.org/simple"; then
+            echo "Failed to verify package on PyPI"
+            exit 1
+        fi
+    fi
+    build_docker_image $VERSION "socketdev/cli:stable"
+    docker push socketdev/cli:stable
+fi
+if [ $ENABLE_PYPI_BUILD = "pypi-build=local" ]; then
+    echo "Building local version without publishing to PyPI"
+    # Determine PyPI source and build parameters
+    if [ $STABLE_VERSION = "stable=prod" ]; then
+        echo "Using production PyPI"
+        PIP_INDEX_URL="https://pypi.org/simple"
+        PIP_EXTRA_INDEX_URL="https://pypi.org/simple"
+        TAG_SUFFIX="local"
+        USE_LOCAL_INSTALL="false"
+    elif [ $STABLE_VERSION = "stable=test" ]; then
+        echo "Using test PyPI"
+        PIP_INDEX_URL="https://test.pypi.org/simple"
+        PIP_EXTRA_INDEX_URL="https://pypi.org/simple"
+        TAG_SUFFIX="local-test"
+        USE_LOCAL_INSTALL="false"
+    elif [ $STABLE_VERSION = "stable=false" ]; then
+        echo "Using local development install (pip install -e .)"
+        TAG_SUFFIX="local-dev"
+        USE_LOCAL_INSTALL="true"
+        PIP_INDEX_URL="https://pypi.org/simple"
+        PIP_EXTRA_INDEX_URL="https://pypi.org/simple"
+    else
+        echo "For local builds, use stable=prod, stable=test, or stable=false"
+        exit 1
+    fi
+    # Create language-specific tag if non-default versions are used
+    LANG_TAG=""
+    if [ "$GO_VERSION" != "1.21" ] || [ "$JAVA_VERSION" != "17" ] || [ "$DOTNET_VERSION" != "8" ]; then
+        LANG_TAG="-go${GO_VERSION}-java${JAVA_VERSION}-dotnet${DOTNET_VERSION}"
+    fi
+    build_docker_image $VERSION "socketdev/cli:$VERSION-$TAG_SUFFIX$LANG_TAG" $PIP_INDEX_URL $PIP_EXTRA_INDEX_URL $USE_LOCAL_INSTALL "Dockerfile.flexible"
+    build_docker_image $VERSION "socketdev/cli:$TAG_SUFFIX$LANG_TAG" $PIP_INDEX_URL $PIP_EXTRA_INDEX_URL $USE_LOCAL_INSTALL "Dockerfile.flexible"
+    echo "Local build complete. Tagged as:"
+    echo "  - socketdev/cli:$VERSION-$TAG_SUFFIX$LANG_TAG"
+    echo "  - socketdev/cli:$TAG_SUFFIX$LANG_TAG"
+fi

{socketsecurity-2.2.27 → socketsecurity-2.2.32}/socketsecurity/__init__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.27'
+__version__ = '2.2.32'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

{socketsecurity-2.2.27 → socketsecurity-2.2.32}/socketsecurity/config.py RENAMED Viewed

@@ -73,6 +73,8 @@ class CliConfig:
     reach_skip_cache: bool = False
     reach_min_severity: Optional[str] = None
     reach_output_file: Optional[str] = None
+    reach_concurrency: Optional[int] = None
+    reach_additional_params: Optional[List[str]] = None
     only_facts_file: bool = False
     @classmethod
@@ -132,6 +134,8 @@ class CliConfig:
             'reach_skip_cache': args.reach_skip_cache,
             'reach_min_severity': args.reach_min_severity,
             'reach_output_file': args.reach_output_file,
+            'reach_concurrency': args.reach_concurrency,
+            'reach_additional_params': args.reach_additional_params,
             'only_facts_file': args.only_facts_file,
             'version': __version__
         }
@@ -169,6 +173,11 @@ class CliConfig:
             logging.error("--only-facts-file requires --reach to be specified")
             exit(1)
+        # Validate reach_concurrency is >= 1 if provided
+        if args.reach_concurrency is not None and args.reach_concurrency < 1:
+            logging.error("--reach-concurrency must be >= 1")
+            exit(1)
         return cls(**config_args)
     def to_dict(self) -> dict:
@@ -429,20 +438,13 @@ def create_argument_parser() -> argparse.ArgumentParser:
         help="Exclude license details from the diff report (boosts performance for large repos)"
     )
-    # Security Configuration
-    security_group = parser.add_argument_group('Security Configuration')
-    security_group.add_argument(
-        "--allow-unverified",
-        action="store_true",
-        help="Allow unverified packages"
-    )
-    security_group.add_argument(
+    output_group.add_argument(
         "--disable-security-issue",
         dest="disable_security_issue",
         action="store_true",
         help="Disable security issue checks"
     )
-    security_group.add_argument(
+    output_group.add_argument(
         "--disable_security_issue",
         dest="disable_security_issue",
         action="store_true",
@@ -494,6 +496,11 @@ def create_argument_parser() -> argparse.ArgumentParser:
         help="Timeout in seconds for API requests",
         required=False
     )
+    advanced_group.add_argument(
+        "--allow-unverified",
+        action="store_true",
+        help="Disable SSL certificate verification for API requests"
+    )
     config_group.add_argument(
         "--include-module-folders",
         dest="include_module_folders",
@@ -567,6 +574,20 @@ def create_argument_parser() -> argparse.ArgumentParser:
         default=".socket.facts.json",
         help="Output file path for reachability analysis results (default: .socket.facts.json)"
     )
+    reachability_group.add_argument(
+        "--reach-concurrency",
+        dest="reach_concurrency",
+        type=int,
+        metavar="<number>",
+        help="Concurrency level for reachability analysis (must be >= 1)"
+    )
+    reachability_group.add_argument(
+        "--reach-additional-params",
+        dest="reach_additional_params",
+        nargs='+',
+        metavar="<param>",
+        help="Additional parameters to pass to the coana CLI (e.g., --reach-additional-params --other-param value --another-param value2)"
+    )
     reachability_group.add_argument(
         "--only-facts-file",
         dest="only_facts_file",

{socketsecurity-2.2.27 → socketsecurity-2.2.32}/socketsecurity/core/tools/reachability.py RENAMED Viewed

@@ -20,7 +20,7 @@ class ReachabilityAnalyzer:
         Check if @coana-tech/cli is installed, and install/update it if needed.
         Args:
-            version: Specific version to install (e.g., '1.2.3'). If None, updates to latest.
+            version: Specific version to install (e.g., '1.2.3'). If None, always updates to latest.
         Returns:
             str: The package specifier to use with npx
@@ -48,6 +48,7 @@ class ReachabilityAnalyzer:
                 log.debug(f"Could not check for existing @coana-tech/cli installation: {e}")
         # Install or update the package
+        # When no version is specified, always try to update to latest
         if version:
             log.info(f"Installing reachability analysis plugin (@coana-tech/cli@{version})...")
         else:
@@ -95,6 +96,9 @@ class ReachabilityAnalyzer:
         repo_name: Optional[str] = None,
         branch_name: Optional[str] = None,
         version: Optional[str] = None,
+        concurrency: Optional[int] = None,
+        additional_params: Optional[List[str]] = None,
+        allow_unverified: bool = False,
     ) -> Dict[str, Any]:
         """
         Run reachability analysis.
@@ -114,6 +118,9 @@ class ReachabilityAnalyzer:
             repo_name: Repository name
             branch_name: Branch name
             version: Specific version of @coana-tech/cli to use
+            concurrency: Concurrency level for analysis (must be >= 1)
+            additional_params: Additional parameters to pass to coana CLI
+            allow_unverified: Disable SSL certificate verification (sets NODE_TLS_REJECT_UNAUTHORIZED=0)
         Returns:
             Dict containing scan_id and report_path
@@ -158,6 +165,13 @@ class ReachabilityAnalyzer:
         if skip_cache:
             cmd.append("--skip-cache-usage")
+        if concurrency:
+            cmd.extend(["--concurrency", str(concurrency)])
+        # Add any additional parameters provided by the user
+        if additional_params:
+            cmd.extend(additional_params)
         # Set up environment variables
         env = os.environ.copy()
@@ -172,6 +186,10 @@ class ReachabilityAnalyzer:
         if branch_name:
             env["SOCKET_BRANCH_NAME"] = branch_name
+        # Set NODE_TLS_REJECT_UNAUTHORIZED=0 if allow_unverified is True
+        if allow_unverified:
+            env["NODE_TLS_REJECT_UNAUTHORIZED"] = "0"
         # Execute CLI
         log.info("Running reachability analysis...")
         log.debug(f"Reachability command: {' '.join(cmd)}")

{socketsecurity-2.2.27 → socketsecurity-2.2.32}/socketsecurity/socketcli.py RENAMED Viewed

@@ -2,6 +2,7 @@ import json
 import sys
 import traceback
 import shutil
+import warnings
 from dotenv import load_dotenv
 from git import InvalidGitRepositoryError, NoSuchPathError
@@ -55,7 +56,13 @@ def main_code():
                  "2. Environment variable: SOCKET_SECURITY_API_KEY")
         sys.exit(3)
-    sdk = socketdev(token=config.api_token)
+    sdk = socketdev(token=config.api_token, allow_unverified=config.allow_unverified)
+    # Suppress urllib3 InsecureRequestWarning when using --allow-unverified
+    if config.allow_unverified:
+        import urllib3
+        urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
     output_handler = OutputHandler(config, sdk)
     log.debug("sdk loaded")
@@ -277,7 +284,10 @@ def main_code():
                     disable_analytics=config.reach_disable_analytics or False,
                     repo_name=config.repo,
                     branch_name=config.branch,
-                    version=config.reach_version
+                    version=config.reach_version,
+                    concurrency=config.reach_concurrency,
+                    additional_params=config.reach_additional_params,
+                    allow_unverified=config.allow_unverified
                 )
                 log.info(f"Reachability analysis completed successfully")

socketsecurity-2.2.27/Dockerfile DELETED Viewed

@@ -1,41 +0,0 @@
-FROM python:3-alpine
-LABEL org.opencontainers.image.authors="socket.dev"
-ARG CLI_VERSION
-ARG SDK_VERSION
-ARG PIP_INDEX_URL=https://pypi.org/simple
-ARG PIP_EXTRA_INDEX_URL=https://pypi.org/simple
-ARG USE_LOCAL_INSTALL=false
-RUN apk update \
-    && apk add --no-cache git nodejs npm yarn curl \
-    && npm install @coana-tech/cli -g
-# Install uv
-COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
-# Install CLI based on build mode
-RUN if [ "$USE_LOCAL_INSTALL" = "true" ]; then \
-        echo "Using local development install"; \
-    else \
-        for i in $(seq 1 10); do \
-            echo "Attempt $i/10: Installing socketsecurity==$CLI_VERSION"; \
-            if pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketsecurity==$CLI_VERSION; then \
-                break; \
-            fi; \
-            echo "Install failed, waiting 30s before retry..."; \
-            sleep 30; \
-        done && \
-        if [ ! -z "$SDK_VERSION" ]; then \
-            pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketdev==${SDK_VERSION}; \
-        fi; \
-    fi
-# Copy local source and install in editable mode if USE_LOCAL_INSTALL is true
-COPY . /app
-WORKDIR /app
-RUN if [ "$USE_LOCAL_INSTALL" = "true" ]; then \
-        pip install --upgrade -e .; \
-        pip install --upgrade socketdev; \
-    fi
-# ENTRYPOINT ["socketcli"]