socketsecurity 2.2.9__tar.gz → 2.2.15__tar.gz

{socketsecurity-2.2.9 → socketsecurity-2.2.15}/.github/workflows/pr-preview.yml

@@ -11,10 +11,10 @@ jobs:
       contents: read
       pull-requests: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
         with:
           python-version: '3.x'
 
@@ -43,14 +43,14 @@ jobs:
 
       - name: Publish to Test PyPI
         if: steps.version_check.outputs.exists != 'true'
-        uses: pypa/gh-action-pypi-publish@v1.12.4
+        uses: pypa/gh-action-pypi-publish@ab69e431e9c9f48a3310be0a56527c679f56e04d
         with:
           repository-url: https://test.pypi.org/legacy/
           verbose: true
 
       - name: Comment on PR
         if: steps.version_check.outputs.exists != 'true'
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
         env:
           VERSION: ${{ env.VERSION }}
         with:
@@ -120,21 +120,21 @@ jobs:
           exit 1
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
 
       - name: Login to Docker Hub with Organization Token
         if: steps.verify_package.outputs.success == 'true'
-        uses: docker/login-action@v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build & Push Docker Preview
         if: steps.verify_package.outputs.success == 'true'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
         env:
           VERSION: ${{ env.VERSION }}
         with:

{socketsecurity-2.2.9 → socketsecurity-2.2.15}/.github/workflows/release.yml

@@ -10,10 +10,10 @@ jobs:
       id-token: write
       contents: read
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
         with:
           python-version: '3.x'
 
@@ -66,16 +66,16 @@ jobs:
 
       - name: Publish to PyPI
         if: steps.version_check.outputs.pypi_exists != 'true'
-        uses: pypa/gh-action-pypi-publish@v1.12.4
+        uses: pypa/gh-action-pypi-publish@ab69e431e9c9f48a3310be0a56527c679f56e04d
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
 
       - name: Login to Docker Hub with Organization Token
-        uses: docker/login-action@v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -102,7 +102,7 @@ jobs:
         if: |
           steps.verify_package.outputs.success == 'true' &&
           steps.docker_check.outputs.docker_exists != 'true'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
         env:
           VERSION: ${{ env.VERSION }}
         with:

{socketsecurity-2.2.9 → socketsecurity-2.2.15}/.github/workflows/version-check.yml

@@ -11,7 +11,7 @@ jobs:
   check_version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
         with:
           fetch-depth: 0  # Fetch all history for all branches
 
@@ -39,7 +39,7 @@ jobs:
           "
 
       - name: Manage PR Comment
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
         if: always()
         env:
           MAIN_VERSION: ${{ env.MAIN_VERSION }}

{socketsecurity-2.2.9 → socketsecurity-2.2.15}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.9
+Version: 2.2.15
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>
@@ -39,7 +39,7 @@ Requires-Dist: packaging
 Requires-Dist: prettytable
 Requires-Dist: python-dotenv
 Requires-Dist: requests
-Requires-Dist: socketdev<4.0.0,>=3.0.5
+Requires-Dist: socketdev<4.0.0,>=3.0.6
 Provides-Extra: dev
 Requires-Dist: hatch; extra == 'dev'
 Requires-Dist: pre-commit; extra == 'dev'
@@ -97,15 +97,60 @@ Pre-configured workflow examples are available in the [`workflows/`](workflows/)
 
 These examples are production-ready and include best practices for each platform.
 
+## Monorepo Workspace Support
+
+The Socket CLI supports scanning specific workspaces within monorepo structures while preserving git context from the repository root. This is useful for organizations that maintain multiple applications or services in a single repository.
+
+### Key Features
+
+- **Multiple Sub-paths**: Specify multiple `--sub-path` options to scan different directories within your monorepo
+- **Combined Workspace**: All sub-paths are scanned together as a single workspace in Socket
+- **Git Context Preserved**: Repository metadata (commits, branches, etc.) comes from the main target-path
+- **Workspace Naming**: Use `--workspace-name` to differentiate scans from different parts of your monorepo
+
+### Usage Examples
+
+**Scan multiple frontend and backend workspaces:**
+```bash
+socketcli --target-path /path/to/monorepo \
+          --sub-path frontend \
+          --sub-path backend \
+          --sub-path services/api \
+          --workspace-name main-app
+```
+
+**GitHub Actions for monorepo workspace:**
+```bash
+socketcli --target-path $GITHUB_WORKSPACE \
+          --sub-path packages/web \
+          --sub-path packages/mobile \
+          --workspace-name mobile-web \
+          --scm github \
+          --pr-number $PR_NUMBER
+```
+
+This will:
+- Scan manifest files in `./packages/web/` and `./packages/mobile/`
+- Combine them into a single workspace scan
+- Create a repository in Socket named like `my-repo-mobile-web`
+- Preserve git context (commits, branch info) from the repository root
+
+### Requirements
+
+- Both `--sub-path` and `--workspace-name` must be specified together
+- `--sub-path` can be used multiple times to include multiple directories
+- All specified sub-paths must exist within the target-path
+
 ## Usage
 
 ```` shell
-socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH]
-          [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA]
-          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--save-submitted-files-list SAVE_SUBMITTED_FILES_LIST]
-          [--default-branch] [--pending-head] [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] 
-          [--disable-overview] [--disable-security-issue] [--allow-unverified] [--ignore-commit-files] [--disable-blocking] 
-          [--scm SCM] [--timeout TIMEOUT] [--exclude-license-details]
+socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--repo-is-public] [--branch BRANCH] [--integration {api,github,gitlab,azure,bitbucket}] 
+          [--owner OWNER] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA] [--committers [COMMITTERS ...]] 
+          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--license-file-name LICENSE_FILE_NAME] [--save-submitted-files-list SAVE_SUBMITTED_FILES_LIST]
+          [--save-manifest-tar SAVE_MANIFEST_TAR] [--files FILES] [--sub-path SUB_PATH] [--workspace-name WORKSPACE_NAME] 
+          [--excluded-ecosystems EXCLUDED_ECOSYSTEMS] [--default-branch] [--pending-head] [--generate-license] [--enable-debug] 
+          [--enable-json] [--enable-sarif] [--disable-overview] [--exclude-license-details] [--allow-unverified] [--disable-security-issue] 
+          [--ignore-commit-files] [--disable-blocking] [--enable-diff] [--scm SCM] [--timeout TIMEOUT] [--include-module-folders] [--version]
 ````
 
 If you don't want to provide the Socket API Token every time then you can use the environment variable `SOCKET_SECURITY_API_KEY`
@@ -121,11 +166,11 @@ If you don't want to provide the Socket API Token every time then you can use th
 | Parameter        | Required | Default | Description                                                             |
 |:-----------------|:---------|:--------|:------------------------------------------------------------------------|
 | --repo           | False    | *auto*  | Repository name in owner/repo format (auto-detected from git remote)   |
-| --integration    | False    | api     | Integration type (api, github, gitlab)                                  |
+| --repo-is-public | False    | False   | If set, flags a new repository creation as public. Defaults to false.   |
+| --integration    | False    | api     | Integration type (api, github, gitlab, azure, bitbucket)                |
 | --owner          | False    |         | Name of the integration owner, defaults to the socket organization slug |
 | --branch         | False    | *auto*  | Branch name (auto-detected from git)                                   |
 | --committers     | False    | *auto*  | Committer(s) to filter by (auto-detected from git commit)              |
-| --repo-is-public | False    | False   | If set, flags a new repository creation as public. Defaults to false.   |
 
 #### Pull Request and Commit
 | Parameter        | Required | Default | Description                                    |
@@ -139,17 +184,20 @@ If you don't want to provide the Socket API Token every time then you can use th
 |:----------------------------|:---------|:----------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | --target-path               | False    | ./                    | Target path for analysis                                                                                                                                                         |
 | --sbom-file                 | False    |                       | SBOM file path                                                                                                                                                                   |
-| --files                     | False    | *auto*                | Files to analyze (JSON array string). Auto-detected from git commit changes when not specified                                                                                   |
-| --excluded-ecosystems       | False    | []                    | List of ecosystems to exclude from analysis (JSON array string). You can get supported files from the [Supported Files API](https://docs.socket.dev/reference/getsupportedfiles) |
 | --license-file-name         | False    | `license_output.json` | Name of the file to save the license details to if enabled                                                                                                                       |
 | --save-submitted-files-list | False    |                       | Save list of submitted file names to JSON file for debugging purposes                                                                                                            |
 | --save-manifest-tar         | False    |                       | Save all manifest files to a compressed tar.gz archive with original directory structure                                                                                         |
+| --files                     | False    | *auto*                | Files to analyze (JSON array string). Auto-detected from git commit changes when not specified                                                                                   |
+| --sub-path                  | False    |                       | Sub-path within target-path for manifest file scanning (can be specified multiple times). All sub-paths are combined into a single workspace scan while preserving git context from target-path. Must be used with --workspace-name |
+| --workspace-name            | False    |                       | Workspace name suffix to append to repository name (repo-name-workspace_name). Must be used with --sub-path                                                                     |
+| --excluded-ecosystems       | False    | []                    | List of ecosystems to exclude from analysis (JSON array string). You can get supported files from the [Supported Files API](https://docs.socket.dev/reference/getsupportedfiles) |
 
 #### Branch and Scan Configuration
-| Parameter        | Required | Default | Description                                                                                           |
-|:-----------------|:---------|:--------|:------------------------------------------------------------------------------------------------------|
-| --default-branch | False    | *auto*  | Make this branch the default branch (auto-detected from git and CI environment when not specified)   |
-| --pending-head   | False    | *auto*  | If true, the new scan will be set as the branch's head scan (automatically synced with default-branch) |
+| Parameter                | Required | Default | Description                                                                                           |
+|:-------------------------|:---------|:--------|:------------------------------------------------------------------------------------------------------|
+| --default-branch         | False    | *auto*  | Make this branch the default branch (auto-detected from git and CI environment when not specified)   |
+| --pending-head           | False    | *auto*  | If true, the new scan will be set as the branch's head scan (automatically synced with default-branch) |
+| --include-module-folders | False    | False   | If enabled will include manifest files from folders like node_modules                                |
 
 #### Output Configuration
 | Parameter                 | Required | Default | Description                                                                       |
@@ -160,6 +208,7 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --enable-sarif            | False    | False   | Enable SARIF output of results instead of table or JSON format                    |
 | --disable-overview        | False    | False   | Disable overview output                                                           |
 | --exclude-license-details | False    | False   | Exclude license details from the diff report (boosts performance for large repos) |
+| --version                 | False    | False   | Show program's version number and exit                                            |
 
 #### Security Configuration
 | Parameter                | Required | Default | Description                   |
@@ -175,7 +224,6 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --enable-diff            | False    | False   | Enable diff mode even when using --integration api (forces diff mode without SCM integration) |
 | --scm                    | False    | api     | Source control management type                                        |
 | --timeout                | False    |         | Timeout in seconds for API requests                                   |
-| --include-module-folders | False    | False   | If enabled will include manifest files from folders like node_modules |
 
 #### Plugins
 

{socketsecurity-2.2.9 → socketsecurity-2.2.15}/README.md

@@ -41,15 +41,60 @@ Pre-configured workflow examples are available in the [`workflows/`](workflows/)
 
 These examples are production-ready and include best practices for each platform.
 
+## Monorepo Workspace Support
+
+The Socket CLI supports scanning specific workspaces within monorepo structures while preserving git context from the repository root. This is useful for organizations that maintain multiple applications or services in a single repository.
+
+### Key Features
+
+- **Multiple Sub-paths**: Specify multiple `--sub-path` options to scan different directories within your monorepo
+- **Combined Workspace**: All sub-paths are scanned together as a single workspace in Socket
+- **Git Context Preserved**: Repository metadata (commits, branches, etc.) comes from the main target-path
+- **Workspace Naming**: Use `--workspace-name` to differentiate scans from different parts of your monorepo
+
+### Usage Examples
+
+**Scan multiple frontend and backend workspaces:**
+```bash
+socketcli --target-path /path/to/monorepo \
+          --sub-path frontend \
+          --sub-path backend \
+          --sub-path services/api \
+          --workspace-name main-app
+```
+
+**GitHub Actions for monorepo workspace:**
+```bash
+socketcli --target-path $GITHUB_WORKSPACE \
+          --sub-path packages/web \
+          --sub-path packages/mobile \
+          --workspace-name mobile-web \
+          --scm github \
+          --pr-number $PR_NUMBER
+```
+
+This will:
+- Scan manifest files in `./packages/web/` and `./packages/mobile/`
+- Combine them into a single workspace scan
+- Create a repository in Socket named like `my-repo-mobile-web`
+- Preserve git context (commits, branch info) from the repository root
+
+### Requirements
+
+- Both `--sub-path` and `--workspace-name` must be specified together
+- `--sub-path` can be used multiple times to include multiple directories
+- All specified sub-paths must exist within the target-path
+
 ## Usage
 
 ```` shell
-socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH]
-          [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA]
-          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--save-submitted-files-list SAVE_SUBMITTED_FILES_LIST]
-          [--default-branch] [--pending-head] [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] 
-          [--disable-overview] [--disable-security-issue] [--allow-unverified] [--ignore-commit-files] [--disable-blocking] 
-          [--scm SCM] [--timeout TIMEOUT] [--exclude-license-details]
+socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--repo-is-public] [--branch BRANCH] [--integration {api,github,gitlab,azure,bitbucket}] 
+          [--owner OWNER] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA] [--committers [COMMITTERS ...]] 
+          [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--license-file-name LICENSE_FILE_NAME] [--save-submitted-files-list SAVE_SUBMITTED_FILES_LIST]
+          [--save-manifest-tar SAVE_MANIFEST_TAR] [--files FILES] [--sub-path SUB_PATH] [--workspace-name WORKSPACE_NAME] 
+          [--excluded-ecosystems EXCLUDED_ECOSYSTEMS] [--default-branch] [--pending-head] [--generate-license] [--enable-debug] 
+          [--enable-json] [--enable-sarif] [--disable-overview] [--exclude-license-details] [--allow-unverified] [--disable-security-issue] 
+          [--ignore-commit-files] [--disable-blocking] [--enable-diff] [--scm SCM] [--timeout TIMEOUT] [--include-module-folders] [--version]
 ````
 
 If you don't want to provide the Socket API Token every time then you can use the environment variable `SOCKET_SECURITY_API_KEY`
@@ -65,11 +110,11 @@ If you don't want to provide the Socket API Token every time then you can use th
 | Parameter        | Required | Default | Description                                                             |
 |:-----------------|:---------|:--------|:------------------------------------------------------------------------|
 | --repo           | False    | *auto*  | Repository name in owner/repo format (auto-detected from git remote)   |
-| --integration    | False    | api     | Integration type (api, github, gitlab)                                  |
+| --repo-is-public | False    | False   | If set, flags a new repository creation as public. Defaults to false.   |
+| --integration    | False    | api     | Integration type (api, github, gitlab, azure, bitbucket)                |
 | --owner          | False    |         | Name of the integration owner, defaults to the socket organization slug |
 | --branch         | False    | *auto*  | Branch name (auto-detected from git)                                   |
 | --committers     | False    | *auto*  | Committer(s) to filter by (auto-detected from git commit)              |
-| --repo-is-public | False    | False   | If set, flags a new repository creation as public. Defaults to false.   |
 
 #### Pull Request and Commit
 | Parameter        | Required | Default | Description                                    |
@@ -83,17 +128,20 @@ If you don't want to provide the Socket API Token every time then you can use th
 |:----------------------------|:---------|:----------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | --target-path               | False    | ./                    | Target path for analysis                                                                                                                                                         |
 | --sbom-file                 | False    |                       | SBOM file path                                                                                                                                                                   |
-| --files                     | False    | *auto*                | Files to analyze (JSON array string). Auto-detected from git commit changes when not specified                                                                                   |
-| --excluded-ecosystems       | False    | []                    | List of ecosystems to exclude from analysis (JSON array string). You can get supported files from the [Supported Files API](https://docs.socket.dev/reference/getsupportedfiles) |
 | --license-file-name         | False    | `license_output.json` | Name of the file to save the license details to if enabled                                                                                                                       |
 | --save-submitted-files-list | False    |                       | Save list of submitted file names to JSON file for debugging purposes                                                                                                            |
 | --save-manifest-tar         | False    |                       | Save all manifest files to a compressed tar.gz archive with original directory structure                                                                                         |
+| --files                     | False    | *auto*                | Files to analyze (JSON array string). Auto-detected from git commit changes when not specified                                                                                   |
+| --sub-path                  | False    |                       | Sub-path within target-path for manifest file scanning (can be specified multiple times). All sub-paths are combined into a single workspace scan while preserving git context from target-path. Must be used with --workspace-name |
+| --workspace-name            | False    |                       | Workspace name suffix to append to repository name (repo-name-workspace_name). Must be used with --sub-path                                                                     |
+| --excluded-ecosystems       | False    | []                    | List of ecosystems to exclude from analysis (JSON array string). You can get supported files from the [Supported Files API](https://docs.socket.dev/reference/getsupportedfiles) |
 
 #### Branch and Scan Configuration
-| Parameter        | Required | Default | Description                                                                                           |
-|:-----------------|:---------|:--------|:------------------------------------------------------------------------------------------------------|
-| --default-branch | False    | *auto*  | Make this branch the default branch (auto-detected from git and CI environment when not specified)   |
-| --pending-head   | False    | *auto*  | If true, the new scan will be set as the branch's head scan (automatically synced with default-branch) |
+| Parameter                | Required | Default | Description                                                                                           |
+|:-------------------------|:---------|:--------|:------------------------------------------------------------------------------------------------------|
+| --default-branch         | False    | *auto*  | Make this branch the default branch (auto-detected from git and CI environment when not specified)   |
+| --pending-head           | False    | *auto*  | If true, the new scan will be set as the branch's head scan (automatically synced with default-branch) |
+| --include-module-folders | False    | False   | If enabled will include manifest files from folders like node_modules                                |
 
 #### Output Configuration
 | Parameter                 | Required | Default | Description                                                                       |
@@ -104,6 +152,7 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --enable-sarif            | False    | False   | Enable SARIF output of results instead of table or JSON format                    |
 | --disable-overview        | False    | False   | Disable overview output                                                           |
 | --exclude-license-details | False    | False   | Exclude license details from the diff report (boosts performance for large repos) |
+| --version                 | False    | False   | Show program's version number and exit                                            |
 
 #### Security Configuration
 | Parameter                | Required | Default | Description                   |
@@ -119,7 +168,6 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --enable-diff            | False    | False   | Enable diff mode even when using --integration api (forces diff mode without SCM integration) |
 | --scm                    | False    | api     | Source control management type                                        |
 | --timeout                | False    |         | Timeout in seconds for API requests                                   |
-| --include-module-folders | False    | False   | If enabled will include manifest files from folders like node_modules |
 
 #### Plugins
 

{socketsecurity-2.2.9 → socketsecurity-2.2.15}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.9"
+version = "2.2.15"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
@@ -16,7 +16,7 @@ dependencies = [
     'GitPython',
     'packaging',
     'python-dotenv',
-    'socketdev>=3.0.5,<4.0.0'
+    'socketdev>=3.0.6,<4.0.0'
 ]
 readme = "README.md"
 description = "Socket Security CLI for CI/CD"

socketsecurity-2.2.15/socketsecurity/__init__.py

@@ -0,0 +1,3 @@
+__author__ = 'socket.dev'
+__version__ = '2.2.15'
+USER_AGENT = f'SocketPythonCLI/{__version__}'

{socketsecurity-2.2.9 → socketsecurity-2.2.15}/socketsecurity/config.py

@@ -60,7 +60,7 @@ class CliConfig:
     license_file_name: str = "license_output.json"
     save_submitted_files_list: Optional[str] = None
     save_manifest_tar: Optional[str] = None
-    sub_path: Optional[str] = None
+    sub_paths: List[str] = field(default_factory=list)
     workspace_name: Optional[str] = None
 
     @classmethod
@@ -108,7 +108,7 @@ class CliConfig:
             'license_file_name': args.license_file_name,
             'save_submitted_files_list': args.save_submitted_files_list,
             'save_manifest_tar': args.save_manifest_tar,
-            'sub_path': args.sub_path,
+            'sub_paths': args.sub_paths or [],
             'workspace_name': args.workspace_name,
             'version': __version__
         }
@@ -133,11 +133,11 @@ class CliConfig:
         if args.owner:
             config_args['integration_org_slug'] = args.owner
 
-        # Validate that sub_path and workspace_name are used together
-        if args.sub_path and not args.workspace_name:
+        # Validate that sub_paths and workspace_name are used together
+        if args.sub_paths and not args.workspace_name:
             logging.error("--sub-path requires --workspace-name to be specified")
             exit(1)
-        if args.workspace_name and not args.sub_path:
+        if args.workspace_name and not args.sub_paths:
             logging.error("--workspace-name requires --sub-path to be specified")
             exit(1)
 
@@ -299,9 +299,10 @@ def create_argument_parser() -> argparse.ArgumentParser:
     )
     path_group.add_argument(
         "--sub-path",
-        dest="sub_path",
+        dest="sub_paths",
         metavar="<path>",
-        help="Sub-path within target-path for manifest file scanning (while preserving git context from target-path)"
+        action="append",
+        help="Sub-path within target-path for manifest file scanning (can be specified multiple times). All sub-paths will be combined into a single workspace scan while preserving git context from target-path"
     )
     path_group.add_argument(
         "--workspace-name",

{socketsecurity-2.2.9 → socketsecurity-2.2.15}/socketsecurity/core/__init__.py

@@ -18,7 +18,7 @@ from socketdev.org import Organization
 from socketdev.repos import RepositoryInfo
 from socketdev.settings import SecurityPolicyRule
 import copy
-from socketsecurity import __version__
+from socketsecurity import __version__, USER_AGENT
 from socketsecurity.core.classes import (
     Alert,
     Diff,
@@ -39,6 +39,7 @@ __all__ = [
     "Core",
     "log",
     "__version__",
+    "USER_AGENT",
 ]
 
 version = __version__
@@ -451,14 +452,14 @@ class Core:
         log.debug(f"Created temporary empty file for baseline scan: {temp_path}")
         return [temp_path]
 
-    def create_full_scan(self, files: List[str], params: FullScanParams, base_path: str = None) -> FullScan:
+    def create_full_scan(self, files: List[str], params: FullScanParams, base_paths: List[str] = None) -> FullScan:
         """
         Creates a new full scan via the Socket API.
 
         Args:
             files: List of file paths to scan
             params: Parameters for the full scan
-            base_path: Base path for the scan (optional)
+            base_paths: List of base paths for the scan (optional)
 
         Returns:
             FullScan object with scan results
@@ -466,7 +467,7 @@ class Core:
         log.info("Creating new full scan")
         create_full_start = time.time()
 
-        res = self.sdk.fullscans.post(files, params, use_types=True, use_lazy_loading=True, max_open_files=50, base_path=base_path)
+        res = self.sdk.fullscans.post(files, params, use_types=True, use_lazy_loading=True, max_open_files=50, base_paths=base_paths)
         if not res.success:
             log.error(f"Error creating full scan: {res.message}, status: {res.status}")
             raise Exception(f"Error creating full scan: {res.message}, status: {res.status}")
@@ -480,20 +481,22 @@ class Core:
 
     def create_full_scan_with_report_url(
             self,
-            path: str,
+            paths: List[str],
             params: FullScanParams,
             no_change: bool = False,
             save_files_list_path: str = None,
-            save_manifest_tar_path: str = None
+            save_manifest_tar_path: str = None,
+            base_paths: List[str] = None
     ) -> Diff:
         """Create a new full scan and return with html_report_url.
 
         Args:
-            path: Path to look for manifest files
+            paths: List of paths to look for manifest files
             params: Query params for the Full Scan endpoint
             no_change: If True, return empty result
             save_files_list_path: Optional path to save submitted files list for debugging
             save_manifest_tar_path: Optional path to save manifest files tar.gz archive
+            base_paths: List of base paths for the scan (optional)
 
         Returns:
             Dict with full scan data including html_report_url
@@ -507,24 +510,27 @@ class Core:
         if no_change:
             return diff
 
-        # Find manifest files
-        files = self.find_files(path)
+        # Find manifest files from all paths
+        all_files = []
+        for path in paths:
+            files = self.find_files(path)
+            all_files.extend(files)
         
         # Save submitted files list if requested
-        if save_files_list_path and files:
-            self.save_submitted_files_list(files, save_files_list_path)
+        if save_files_list_path and all_files:
+            self.save_submitted_files_list(all_files, save_files_list_path)
         
-        # Save manifest tar.gz if requested
-        if save_manifest_tar_path and files:
-            self.save_manifest_tar(files, save_manifest_tar_path, path)
+        # Save manifest tar.gz if requested (use first path as base)
+        if save_manifest_tar_path and all_files and paths:
+            self.save_manifest_tar(all_files, save_manifest_tar_path, paths[0])
         
-        if not files:
+        if not all_files:
             return diff
 
         try:
             # Create new scan
             new_scan_start = time.time()
-            new_full_scan = self.create_full_scan(files, params, base_path=path)
+            new_full_scan = self.create_full_scan(all_files, params, base_paths=base_paths)
             new_scan_end = time.time()
             log.info(f"Total time to create new full scan: {new_scan_end - new_scan_start:.2f}")
         except APIFailure as e:
@@ -847,37 +853,42 @@ class Core:
 
     def create_new_diff(
             self,
-            path: str,
+            paths: List[str],
             params: FullScanParams,
             no_change: bool = False,
             save_files_list_path: str = None,
-            save_manifest_tar_path: str = None
+            save_manifest_tar_path: str = None,
+            base_paths: List[str] = None
     ) -> Diff:
         """Create a new diff using the Socket SDK.
 
         Args:
-            path: Path to look for manifest files
+            paths: List of paths to look for manifest files
             params: Query params for the Full Scan endpoint
             no_change: If True, return empty diff
             save_files_list_path: Optional path to save submitted files list for debugging
             save_manifest_tar_path: Optional path to save manifest files tar.gz archive
+            base_paths: List of base paths for the scan (optional)
         """
         log.debug(f"starting create_new_diff with no_change: {no_change}")
         if no_change:
             return Diff(id="NO_DIFF_RAN", diff_url="", report_url="")
 
-        # Find manifest files
-        files = self.find_files(path)
+        # Find manifest files from all paths
+        all_files = []
+        for path in paths:
+            files = self.find_files(path)
+            all_files.extend(files)
         
         # Save submitted files list if requested
-        if save_files_list_path and files:
-            self.save_submitted_files_list(files, save_files_list_path)
+        if save_files_list_path and all_files:
+            self.save_submitted_files_list(all_files, save_files_list_path)
         
-        # Save manifest tar.gz if requested
-        if save_manifest_tar_path and files:
-            self.save_manifest_tar(files, save_manifest_tar_path, path)
+        # Save manifest tar.gz if requested (use first path as base)
+        if save_manifest_tar_path and all_files and paths:
+            self.save_manifest_tar(all_files, save_manifest_tar_path, paths[0])
         
-        if not files:
+        if not all_files:
             return Diff(id="NO_DIFF_RAN", diff_url="", report_url="")
 
         try:
@@ -900,7 +911,7 @@ class Core:
             # Create baseline scan with empty file
             empty_files = Core.empty_head_scan_file()
             try:
-                head_full_scan = self.create_full_scan(empty_files, tmp_params, base_path=path)
+                head_full_scan = self.create_full_scan(empty_files, tmp_params, base_paths=base_paths)
                 head_full_scan_id = head_full_scan.id
                 log.debug(f"Created empty baseline scan: {head_full_scan_id}")
                 
@@ -923,7 +934,7 @@ class Core:
         # Create new scan
         try:
             new_scan_start = time.time()
-            new_full_scan = self.create_full_scan(files, params, base_path=path)
+            new_full_scan = self.create_full_scan(all_files, params, base_paths=base_paths)
             new_scan_end = time.time()
             log.info(f"Total time to create new full scan: {new_scan_end - new_scan_start:.2f}")
         except APIFailure as e: