socketsecurity 2.2.81__tar.gz → 2.2.85__tar.gz

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 2.2.83
+
+- Fixed branch detection in detached-HEAD CI checkouts. When `git name-rev --name-only HEAD` returned an output with a suffix operator (e.g. `remotes/origin/master~1`, `master^0`), the `~N`/`^N` was previously passed through as the branch name and rejected by the Socket API as an invalid Git ref. The suffix is now stripped before the prefix split, producing the bare branch name.
+
 ## 2.2.71
 
 - Added `strace` to the Docker image for debugging purposes.

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.81
+Version: 2.2.85
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/docs/cli-reference.md

@@ -151,7 +151,7 @@ socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--workspace WORKSPACE] [--
           [--excluded-ecosystems EXCLUDED_ECOSYSTEMS] [--default-branch] [--pending-head] [--generate-license] [--enable-debug]
           [--enable-json] [--enable-sarif] [--sarif-file <path>] [--sarif-scope {diff,full}] [--sarif-grouping {instance,alert}] [--sarif-reachability {all,reachable,potentially,reachable-or-potentially}] [--enable-gitlab-security] [--gitlab-security-file <path>]
           [--disable-overview] [--exclude-license-details] [--allow-unverified] [--disable-security-issue]
-          [--ignore-commit-files] [--disable-blocking] [--enable-diff] [--scm SCM] [--timeout TIMEOUT] [--include-module-folders]
+          [--ignore-commit-files] [--disable-blocking] [--disable-ignore] [--enable-diff] [--scm SCM] [--timeout TIMEOUT] [--include-module-folders]
           [--reach] [--reach-version REACH_VERSION] [--reach-timeout REACH_ANALYSIS_TIMEOUT]
           [--reach-memory-limit REACH_ANALYSIS_MEMORY_LIMIT] [--reach-ecosystems REACH_ECOSYSTEMS] [--reach-exclude-paths REACH_EXCLUDE_PATHS]
           [--reach-min-severity {low,medium,high,critical}] [--reach-skip-cache] [--reach-disable-analytics] [--reach-output-file REACH_OUTPUT_FILE]
@@ -306,6 +306,7 @@ The CLI will automatically install `@coana-tech/cli` if not present. Use `--reac
 |:-------------------------|:---------|:--------|:----------------------------------------------------------------------|
 | `--ignore-commit-files`    | False    | False   | Ignore commit files                                                   |
 | `--disable-blocking`       | False    | False   | Disable blocking mode                                                 |
+| `--disable-ignore`         | False    | False   | Disable support for `@SocketSecurity ignore` commands in PR comments. When set, alerts cannot be suppressed via comments and ignore instructions are hidden from comment output. |
 | `--strict-blocking`        | False    | False   | Fail on ANY security policy violations (blocking severity), not just new ones. Only works in diff mode. See [Strict Blocking Mode](#strict-blocking-mode) for details. |
 | `--enable-diff`            | False    | False   | Enable diff mode even when using `--integration api` (forces diff mode without SCM integration) |
 | `--scm`                    | False    | api     | Source control management type                                        |

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.81"
+version = "2.2.85"
 requires-python = ">= 3.11"
 license = {"file" = "LICENSE"}
 dependencies = [

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/socketsecurity/__init__.py

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.81'
+__version__ = '2.2.85'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/socketsecurity/config.py

@@ -91,6 +91,7 @@ class CliConfig:
     files: str = None
     ignore_commit_files: bool = False
     disable_blocking: bool = False
+    disable_ignore: bool = False
     strict_blocking: bool = False
     integration_type: IntegrationType = "api"
     integration_org_slug: Optional[str] = None
@@ -130,6 +131,10 @@ class CliConfig:
     reach_additional_params: Optional[List[str]] = None
     only_facts_file: bool = False
     reach_use_only_pregenerated_sboms: bool = False
+    reach_continue_on_analysis_errors: bool = False
+    reach_continue_on_install_errors: bool = False
+    reach_continue_on_missing_lock_files: bool = False
+    reach_continue_on_no_source_files: bool = False
     max_purl_batch_size: int = 5000
     enable_commit_status: bool = False
     config_file: Optional[str] = None
@@ -201,6 +206,7 @@ class CliConfig:
             'files': args.files,
             'ignore_commit_files': args.ignore_commit_files,
             'disable_blocking': args.disable_blocking,
+            'disable_ignore': args.disable_ignore,
             'strict_blocking': args.strict_blocking,
             'integration_type': args.integration,
             'pending_head': args.pending_head,
@@ -234,6 +240,10 @@ class CliConfig:
             'reach_additional_params': args.reach_additional_params,
             'only_facts_file': args.only_facts_file,
             'reach_use_only_pregenerated_sboms': args.reach_use_only_pregenerated_sboms,
+            'reach_continue_on_analysis_errors': args.reach_continue_on_analysis_errors,
+            'reach_continue_on_install_errors': args.reach_continue_on_install_errors,
+            'reach_continue_on_missing_lock_files': args.reach_continue_on_missing_lock_files,
+            'reach_continue_on_no_source_files': args.reach_continue_on_no_source_files,
             'max_purl_batch_size': args.max_purl_batch_size,
             'enable_commit_status': args.enable_commit_status,
             'config_file': args.config_file,
@@ -693,6 +703,19 @@ def create_argument_parser() -> argparse.ArgumentParser:
         action="store_true",
         help=argparse.SUPPRESS
     )
+    advanced_group.add_argument(
+        "--disable-ignore",
+        dest="disable_ignore",
+        action="store_true",
+        help="Disable support for @SocketSecurity ignore commands in PR comments. "
+             "Alerts cannot be suppressed via comments when this flag is set."
+    )
+    advanced_group.add_argument(
+        "--disable_ignore",
+        dest="disable_ignore",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
     advanced_group.add_argument(
         "--strict-blocking",
         dest="strict_blocking",
@@ -846,6 +869,30 @@ def create_argument_parser() -> argparse.ArgumentParser:
         action="store_true",
         help="When using this option, the scan is created based only on pre-generated CDX and SPDX files in your project. (requires --reach)"
     )
+    reachability_group.add_argument(
+        "--reach-continue-on-analysis-errors",
+        dest="reach_continue_on_analysis_errors",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
+    reachability_group.add_argument(
+        "--reach-continue-on-install-errors",
+        dest="reach_continue_on_install_errors",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
+    reachability_group.add_argument(
+        "--reach-continue-on-missing-lock-files",
+        dest="reach_continue_on_missing_lock_files",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
+    reachability_group.add_argument(
+        "--reach-continue-on-no-source-files",
+        dest="reach_continue_on_no_source_files",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
 
     parser.add_argument(
         '--version',

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/socketsecurity/core/cli_client.py

@@ -1,4 +1,5 @@
 import base64
+import json
 import logging
 from typing import Dict, List, Optional, Union
 
@@ -55,3 +56,18 @@ class CliClient:
         except requests.exceptions.RequestException as e:
             logger.error(f"API request failed: {str(e)}")
             raise APIFailure(f"Request failed: {str(e)}")
+
+    def post_telemetry_events(self, org_slug: str, events: List[Dict]) -> None:
+        """Post telemetry events one at a time to the v0 telemetry API. Fire-and-forget — logs errors but never raises."""
+        logger.debug(f"Sending {len(events)} telemetry event(s) to v0/orgs/{org_slug}/telemetry")
+        for i, event in enumerate(events):
+            try:
+                logger.debug(f"Telemetry event {i+1}/{len(events)}: {json.dumps(event)}")
+                resp = self.request(
+                    path=f"orgs/{org_slug}/telemetry",
+                    method="POST",
+                    payload=json.dumps(event),
+                )
+                logger.debug(f"Telemetry event {i+1}/{len(events)} sent: status={resp.status_code}")
+            except Exception as e:
+                logger.warning(f"Failed to send telemetry event {i+1}/{len(events)}: {e}")

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/socketsecurity/core/git_interface.py

@@ -1,3 +1,4 @@
+import re
 import urllib.parse
 import os
 
@@ -108,6 +109,11 @@ class Git:
                     # Try git name-rev first (most reliable for detached HEAD)
                     result = self.repo.git.name_rev('--name-only', 'HEAD')
                     if result and result != 'undefined':
+                        # Strip name-rev suffix operators (~N, ^N, or combinations
+                        # like master~3^2). These characters are forbidden in git
+                        # ref names, so cutting at the first occurrence can never
+                        # truncate a real branch name.
+                        result = re.split(r'[~^]', result, maxsplit=1)[0]
                         # Clean up the result (remove any prefixes like 'remotes/origin/')
                         git_detected_branch = result.split('/')[-1]
                         log.debug(f"Branch detected from git name-rev: {git_detected_branch}")

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/socketsecurity/core/messages.py

@@ -850,6 +850,8 @@ class Messages:
   <tbody>
     """
 
+        show_ignore = not (config and getattr(config, 'disable_ignore', False))
+
         # Loop through security alerts (non-license), dynamically generating rows
         for alert in security_alerts:
             severity_icon = Messages.get_severity_icon(alert.severity)
@@ -858,6 +860,12 @@ class Messages:
             # Generate proper manifest URL
             manifest_url = Messages.get_manifest_file_url(diff, alert.manifests, config)
             # Generate a table row for each alert
+            ignore_html = (
+                f"<p><em>Mark as acceptable risk:</em> To ignore this alert only in this pull request, reply with:<br/>"
+                f"<code>@SocketSecurity ignore {alert.pkg_name}@{alert.pkg_version}</code><br/>"
+                f"Or ignore all future alerts with:<br/>"
+                f"<code>@SocketSecurity ignore-all</code></p>"
+            ) if show_ignore else ""
             comment += f"""
 <!-- start-socket-alert-{alert.pkg_name}@{alert.pkg_version} -->
 <tr>
@@ -870,16 +878,13 @@ class Messages:
       <summary>{alert.pkg_name}@{alert.pkg_version} - {alert.title}</summary>
       <p><strong>Note:</strong> {alert.description}</p>
       <p><strong>Source:</strong> <a href="{manifest_url}">Manifest File</a></p>
-      <p>ℹ️ Read more on:  
-      <a href="{alert.purl}">This package</a> |  
-      <a href="{alert.url}">This alert</a> |  
+      <p>ℹ️ Read more on:
+      <a href="{alert.purl}">This package</a> |
+      <a href="{alert.url}">This alert</a> |
       <a href="https://socket.dev/alerts/malware">What is known malware?</a></p>
       <blockquote>
         <p><em>Suggestion:</em> {alert.suggestion}</p>
-        <p><em>Mark as acceptable risk:</em> To ignore this alert only in this pull request, reply with:<br/>
-        <code>@SocketSecurity ignore {alert.pkg_name}@{alert.pkg_version}</code><br/>
-        Or ignore all future alerts with:<br/>
-        <code>@SocketSecurity ignore-all</code></p>
+        {ignore_html}
       </blockquote>
     </details>
   </td>
@@ -917,14 +922,20 @@ class Messages:
             
             # Generate proper manifest URL for license violations
             license_manifest_url = Messages.get_manifest_file_url(diff, first_alert.manifests, config)
-            
+
+            license_ignore_html = (
+                f"<p><em>Mark the package as acceptable risk:</em> To ignore this alert only in this pull request, reply with the comment "
+                f"<code>@SocketSecurity ignore {first_alert.pkg_name}@{first_alert.pkg_version}</code>. "
+                f"You can also ignore all packages with <code>@SocketSecurity ignore-all</code>. "
+                f"To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.</p>"
+            ) if show_ignore else ""
             comment += f"""      </ul>
       <p><strong>From:</strong> <a href="{license_manifest_url}">Manifest File</a></p>
       <p>ℹ️ Read more on: <a href="{first_alert.purl}">This package</a> | <a href="https://socket.dev/alerts/license">What is a license policy violation?</a></p>
       <blockquote>
         <p><em>Next steps:</em> Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at <strong>support@socket.dev</strong>.</p>
         <p><em>Suggestion:</em> Find a package that does not violate your license policy or adjust your policy to allow this package's license.</p>
-        <p><em>Mark the package as acceptable risk:</em> To ignore this alert only in this pull request, reply with the comment <code>@SocketSecurity ignore {first_alert.pkg_name}@{first_alert.pkg_version}</code>. You can also ignore all packages with <code>@SocketSecurity ignore-all</code>. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.</p>
+        {license_ignore_html}
       </blockquote>
     </details>
   </td>

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/socketsecurity/core/scm/gitlab.py

@@ -1,3 +1,4 @@
+import json
 import os
 import sys
 from dataclasses import dataclass
@@ -219,6 +220,24 @@ class Gitlab:
             base_url=self.config.api_url
         )
 
+    def has_thumbsup_reaction(self, comment_id: int) -> bool:
+        """Best-effort check for 'thumbsup' award emoji on a MR note."""
+        if not self.config.mr_project_id or not self.config.mr_iid:
+            return False
+        path = f"projects/{self.config.mr_project_id}/merge_requests/{self.config.mr_iid}/notes/{comment_id}/award_emoji"
+        try:
+            response = self._request_with_fallback(
+                path=path,
+                headers=self.config.headers,
+                base_url=self.config.api_url
+            )
+            for emoji in response.json():
+                if emoji.get("name") == "thumbsup":
+                    return True
+        except Exception as e:
+            log.debug(f"Could not check award emoji for note {comment_id} (best effort): {e}")
+        return False
+
     def get_comments_for_pr(self) -> dict:
         log.debug(f"Getting Gitlab comments for Repo {self.config.repository} for PR {self.config.mr_iid}")
         path = f"projects/{self.config.mr_project_id}/merge_requests/{self.config.mr_iid}/notes"
@@ -326,9 +345,32 @@ class Gitlab:
         except Exception as e:
             log.error(f"Failed to set commit status: {e}")
 
+    def post_thumbsup_reaction(self, comment_id: int) -> None:
+        """Best-effort: add 'thumbsup' award emoji to a MR note."""
+        if not self.config.mr_project_id or not self.config.mr_iid:
+            return
+        path = f"projects/{self.config.mr_project_id}/merge_requests/{self.config.mr_iid}/notes/{comment_id}/award_emoji"
+        try:
+            headers = {**self.config.headers, "Content-Type": "application/json"}
+            self._request_with_fallback(
+                path=path,
+                payload=json.dumps({"name": "thumbsup"}),
+                method="POST",
+                headers=headers,
+                base_url=self.config.api_url
+            )
+        except Exception as e:
+            log.debug(f"Could not add thumbsup emoji to note {comment_id} (best effort): {e}")
+
+    def handle_ignore_reactions(self, comments: dict) -> None:
+        for comment in comments.get("ignore", []):
+            if "SocketSecurity ignore" in comment.body and not self.has_thumbsup_reaction(comment.id):
+                self.post_thumbsup_reaction(comment.id)
+
     def remove_comment_alerts(self, comments: dict):
         security_alert = comments.get("security")
         if security_alert is not None:
             # Type narrowing: after None check, mypy knows this is Comment
             new_body = Comments.process_security_comment(security_alert, comments)
+            self.handle_ignore_reactions(comments)
             self.update_comment(new_body, str(security_alert.id))

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/socketsecurity/core/scm_comments.py

@@ -51,11 +51,13 @@ class Comments:
         for comment in comments["ignore"]:
             comment: Comment
             first_line = comment.body_list[0]
-            if not ignore_all and "SocketSecurity ignore" in first_line:
+            if not ignore_all and "socketsecurity ignore" in first_line.lower():
                 try:
                     first_line = first_line.lstrip("@")
-                    _, command = first_line.split("SocketSecurity ")
-                    command = command.strip()
+                    # Case-insensitive split: find "SocketSecurity " regardless of casing
+                    lower_line = first_line.lower()
+                    split_idx = lower_line.index("socketsecurity ") + len("socketsecurity ")
+                    command = first_line[split_idx:].strip()
                     if command == "ignore-all":
                         ignore_all = True
                     else:

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/socketsecurity/core/tools/reachability.py

@@ -104,6 +104,10 @@ class ReachabilityAnalyzer:
         allow_unverified: bool = False,
         enable_debug: bool = False,
         use_only_pregenerated_sboms: bool = False,
+        continue_on_analysis_errors: bool = False,
+        continue_on_install_errors: bool = False,
+        continue_on_missing_lock_files: bool = False,
+        continue_on_no_source_files: bool = False,
     ) -> Dict[str, Any]:
         """
         Run reachability analysis.
@@ -196,6 +200,18 @@ class ReachabilityAnalyzer:
         if use_only_pregenerated_sboms:
             cmd.append("--use-only-pregenerated-sboms")
 
+        if continue_on_analysis_errors:
+            cmd.append("--reach-continue-on-analysis-errors")
+
+        if continue_on_install_errors:
+            cmd.append("--reach-continue-on-install-errors")
+
+        if continue_on_missing_lock_files:
+            cmd.append("--reach-continue-on-missing-lock-files")
+
+        if continue_on_no_source_files:
+            cmd.append("--reach-continue-on-no-source-files")
+
         # Add any additional parameters provided by the user
         if additional_params:
             cmd.extend(additional_params)

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/socketsecurity/socketcli.py

@@ -4,6 +4,8 @@ import sys
 import traceback
 import shutil
 import warnings
+from datetime import datetime, timezone
+from uuid import uuid4
 
 from dotenv import load_dotenv
 from git import InvalidGitRepositoryError, NoSuchPathError
@@ -301,7 +303,11 @@ def main_code():
                     additional_params=config.reach_additional_params,
                     allow_unverified=config.allow_unverified,
                     enable_debug=config.enable_debug,
-                    use_only_pregenerated_sboms=config.reach_use_only_pregenerated_sboms
+                    use_only_pregenerated_sboms=config.reach_use_only_pregenerated_sboms,
+                    continue_on_analysis_errors=config.reach_continue_on_analysis_errors,
+                    continue_on_install_errors=config.reach_continue_on_install_errors,
+                    continue_on_missing_lock_files=config.reach_continue_on_missing_lock_files,
+                    continue_on_no_source_files=config.reach_continue_on_no_source_files,
                 )
                 
                 log.info(f"Reachability analysis completed successfully")
@@ -478,6 +484,17 @@ def main_code():
 
     # Handle SCM-specific flows
     log.debug(f"Flow decision: scm={scm is not None}, force_diff_mode={force_diff_mode}, force_api_mode={force_api_mode}, enable_diff={config.enable_diff}")
+
+    def _is_unprocessed(c):
+        """Check if an ignore comment has not yet been marked with '+1' reaction.
+        For GitHub, reactions['+1'] is already in the comment response (no extra call).
+        For GitLab, has_thumbsup_reaction() makes a lazy API call per comment."""
+        if getattr(c, "reactions", {}).get("+1"):
+            return False
+        if hasattr(scm, "has_thumbsup_reaction") and scm.has_thumbsup_reaction(c.id):
+            return False
+        return True
+
     if scm is not None and scm.check_event_type() == "comment":
         # FIXME: This entire flow should be a separate command called "filter_ignored_alerts_in_comments"
         # It's not related to scanning or diff generation - it just:
@@ -486,10 +503,51 @@ def main_code():
         # 3. Updates the comment to remove ignored alerts
         # This is completely separate from the main scanning functionality
         log.info("Comment initiated flow")
-        
-        comments = scm.get_comments_for_pr()
-        log.debug("Removing comment alerts")
-        scm.remove_comment_alerts(comments)
+
+        if not config.disable_ignore:
+            comments = scm.get_comments_for_pr()
+
+            # Emit telemetry for ignore comments before +1 reaction is added.
+            # The +1 reaction (added by remove_comment_alerts) serves as the "processed" marker.
+            if "ignore" in comments:
+                unprocessed = [c for c in comments["ignore"] if _is_unprocessed(c)]
+                if unprocessed:
+                    try:
+                        events = []
+                        for c in unprocessed:
+                            single = {"ignore": [c]}
+                            ignore_all, ignore_commands = Comments.get_ignore_options(single)
+                            user = getattr(c, "user", None) or getattr(c, "author", None) or {}
+                            now = datetime.now(timezone.utc).isoformat()
+                            shared_fields = {
+                                "event_kind": "user-action",
+                                "client_action": "ignore",
+                                "alert_action": "error",
+                                "event_sender_created_at": now,
+                                "vcs_provider": integration_type,
+                                "owner": config.repo.split("/")[0] if "/" in config.repo else "",
+                                "repo": config.repo,
+                                "pr_number": pr_number,
+                                "ignore_all": ignore_all,
+                                "sender_name": user.get("login") or user.get("username", ""),
+                                "sender_id": str(user.get("id", "")),
+                            }
+                            if ignore_commands:
+                                for name, version in ignore_commands:
+                                    events.append({**shared_fields, "event_id": str(uuid4()), "artifact_input": f"{name}@{version}"})
+                            elif ignore_all:
+                                events.append({**shared_fields, "event_id": str(uuid4())})
+
+                        if events:
+                            log.debug(f"Ignore telemetry: {len(events)} events to send")
+                            client.post_telemetry_events(org_slug, events)
+                    except Exception as e:
+                        log.warning(f"Failed to send ignore telemetry: {e}")
+
+            log.debug("Removing comment alerts")
+            scm.remove_comment_alerts(comments)
+        else:
+            log.info("Ignore commands disabled (--disable-ignore), skipping comment processing")
     
     elif scm is not None and scm.check_event_type() != "comment" and not force_api_mode:
         log.info("Push initiated flow")
@@ -497,10 +555,80 @@ def main_code():
             log.info("Starting comment logic for PR/MR event")
             diff = core.create_new_diff(scan_paths, params, no_change=should_skip_scan, save_files_list_path=config.save_submitted_files_list, save_manifest_tar_path=config.save_manifest_tar, base_paths=base_paths, explicit_files=sbom_files_to_submit)
             comments = scm.get_comments_for_pr()
-            log.debug("Removing comment alerts")
-            
+
             # FIXME: this overwrites diff.new_alerts, which was previously populated by Core.create_issue_alerts
-            diff.new_alerts = Comments.remove_alerts(comments, diff.new_alerts)
+            if not config.disable_ignore:
+                log.debug("Removing comment alerts")
+                alerts_before = list(diff.new_alerts)
+                diff.new_alerts = Comments.remove_alerts(comments, diff.new_alerts)
+
+                ignored_alerts = [a for a in alerts_before if a not in diff.new_alerts]
+                # Emit telemetry per-comment so each event carries the comment author.
+                unprocessed_ignore = [
+                    c for c in comments.get("ignore", [])
+                    if _is_unprocessed(c)
+                ]
+                if ignored_alerts and unprocessed_ignore:
+                    try:
+                        events = []
+                        now = datetime.now(timezone.utc).isoformat()
+                        for c in unprocessed_ignore:
+                            single = {"ignore": [c]}
+                            c_ignore_all, c_ignore_commands = Comments.get_ignore_options(single)
+                            user = getattr(c, "user", None) or getattr(c, "author", None) or {}
+                            sender_name = user.get("login") or user.get("username", "")
+                            sender_id = str(user.get("id", ""))
+
+                            # Match this comment's targets to the actual ignored alerts
+                            matched_alerts = []
+                            if c_ignore_all:
+                                matched_alerts = ignored_alerts
+                            else:
+                                for alert in ignored_alerts:
+                                    full_name = f"{alert.pkg_type}/{alert.pkg_name}"
+                                    purl = (full_name, alert.pkg_version)
+                                    purl_star = (full_name, "*")
+                                    if purl in c_ignore_commands or purl_star in c_ignore_commands:
+                                        matched_alerts.append(alert)
+
+                            shared_fields = {
+                                "event_kind": "user-action",
+                                "client_action": "ignore",
+                                "event_sender_created_at": now,
+                                "vcs_provider": integration_type,
+                                "owner": config.repo.split("/")[0] if "/" in config.repo else "",
+                                "repo": config.repo,
+                                "pr_number": pr_number,
+                                "ignore_all": c_ignore_all,
+                                "sender_name": sender_name,
+                                "sender_id": sender_id,
+                            }
+                            if matched_alerts:
+                                for alert in matched_alerts:
+                                    # Derive alert_action from the alert's resolved action flags
+                                    if getattr(alert, "error", False):
+                                        alert_action = "error"
+                                    elif getattr(alert, "warn", False):
+                                        alert_action = "warn"
+                                    elif getattr(alert, "monitor", False):
+                                        alert_action = "monitor"
+                                    else:
+                                        alert_action = "error"
+                                    events.append({**shared_fields, "alert_action": alert_action, "event_id": str(uuid4()), "artifact_purl": alert.purl})
+                            elif c_ignore_all:
+                                events.append({**shared_fields, "event_id": str(uuid4())})
+
+                        if events:
+                            client.post_telemetry_events(org_slug, events)
+
+                        # Mark ignore comments as processed with +1 reaction
+                        if hasattr(scm, "handle_ignore_reactions"):
+                            scm.handle_ignore_reactions(comments)
+                    except Exception as e:
+                        log.warning(f"Failed to send ignore telemetry: {e}")
+            else:
+                log.info("Ignore commands disabled (--disable-ignore), all alerts will be reported")
+
             log.debug("Creating Dependency Overview Comment")
             
             overview_comment = Messages.dependency_overview_template(diff)

{socketsecurity-2.2.81 → socketsecurity-2.2.85}/tests/unit/test_client.py

@@ -122,4 +122,53 @@ def test_request_with_payload(client):
 
         args, kwargs = mock_request.call_args
         assert kwargs['method'] == "POST"
-        assert kwargs['data'] == payload
+        assert kwargs['data'] == payload
+
+
+def test_post_telemetry_events_sends_individually(client):
+    """Test that telemetry events are posted one at a time to v0 API"""
+    import json
+
+    events = [
+        {"event_kind": "user-action", "client_action": "ignore_alerts", "artifact_purl": "pkg:npm/foo@1.0.0"},
+        {"event_kind": "user-action", "client_action": "ignore_alerts", "artifact_purl": "pkg:npm/bar@2.0.0"},
+    ]
+
+    with patch('requests.request') as mock_request:
+        mock_response = Mock()
+        mock_response.status_code = 201
+        mock_request.return_value = mock_response
+
+        client.post_telemetry_events("test-org", events)
+
+        assert mock_request.call_count == 2
+
+        first_call = mock_request.call_args_list[0]
+        assert first_call.kwargs['url'] == "https://api.socket.dev/v0/orgs/test-org/telemetry"
+        assert first_call.kwargs['method'] == "POST"
+        assert first_call.kwargs['data'] == json.dumps(events[0])
+
+        second_call = mock_request.call_args_list[1]
+        assert second_call.kwargs['data'] == json.dumps(events[1])
+
+
+def test_post_telemetry_events_continues_on_failure(client):
+    """Test that a failed event does not prevent subsequent events from being sent"""
+    import json
+
+    events = [
+        {"event_kind": "user-action", "artifact_purl": "pkg:npm/foo@1.0.0"},
+        {"event_kind": "user-action", "artifact_purl": "pkg:npm/bar@2.0.0"},
+    ]
+
+    with patch('requests.request') as mock_request:
+        mock_response = Mock()
+        mock_response.status_code = 201
+        mock_request.side_effect = [
+            requests.exceptions.ConnectionError("timeout"),
+            mock_response,
+        ]
+
+        client.post_telemetry_events("test-org", events)
+
+        assert mock_request.call_count == 2