Tags: SocketDev/socket-python-cli
Tags
Mucha dev gitlab security output (#147) * feat: add GitLab Security Dashboard integration with Dependency Scanning report output Adds support for generating GitLab-compatible Dependency Scanning reports that integrate with GitLab's Security Dashboard. This feature enables Socket security findings to be displayed natively in GitLab merge requests and security dashboards. Key Features: - New --enable-gitlab-security flag to generate GitLab reports - New --gitlab-security-file flag for custom output paths (default: gl-dependency-scanning-report.json) - Generates GitLab Dependency Scanning schema v15.0.0 compliant reports - Supports multiple simultaneous output formats (JSON, SARIF, GitLab) - Includes actionable security alerts (error/warn level) in vulnerability reports - Maps Socket severity levels to GitLab severity (Critical, High, Medium, Low) - Extracts CVE identifiers and dependency chain information - Generates deterministic UUIDs for vulnerability tracking Implementation: - Added GitLab report generator in messages.py with helper functions for severity mapping, identifier extraction, and location parsing - Refactored OutputHandler to support multiple simultaneous output formats - Added comprehensive unit tests (test_gitlab_format.py) and integration tests - Updated documentation with usage examples, CI/CD integration guide, and alert filtering details Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * capturing all recent changes * chore: bump version to 2.3.0 for GitLab Security Dashboard feature Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * bumping version * Removing unneeded files --------- Co-authored-by: Jonathan Mucha <[email protected]> Co-authored-by: Claude Sonnet 4.5 <[email protected]> Co-authored-by: Douglas Coburn <[email protected]>
feat: add PyPy installation for Alpine on x86_64 (#148) * feat: add PyPy installation for Alpine on x86_64 Install Alpine-compatible PyPy3.11 build on amd64 platforms to enable faster Python reachability analysis. * Fix versions & changelog * Bump version to 2.2.65 --------- Co-authored-by: Douglas Coburn <[email protected]>
feat: add Slack formatter for Socket Facts reachability analysis (#144) - Add new markdown utility for Socket Facts data formatting - Add `socketsecurity/core/helper/socket_facts_loader.py` to load Socket Facts JSON - Add `socketsecurity/plugins/formatters/slack.py` for Slack-specific formatting - Update Slack plugin to support reachability analysis notifications with smart block limiting - Add markdown dependency for enhanced formatting capabilities - Update README documentation - Update socketdev dependency to 3.0.25 - Bump version to 2.2.59
feat: add batched PURL endpoint calls and conditional license fetching ( #140) * feat: add batched PURL endpoint calls and conditional license fetching - Add --max-purl-batch-size flag (default: 5000, range: 1-9999) to control batch size for license detail API calls - Skip PURL endpoint entirely when --generate-license is not set, improving performance for scans that don't need license attribution/details - Implement batching in get_license_text_via_purl() to process packages in configurable chunks, preventing API overload on large repos - Add validation for max_purl_batch_size parameter with clear error messages - Remove unused check_full_scans_status() method (dead code cleanup) This change optimizes license data retrieval by: 1. Only calling PURL endpoint when license output is actually needed 2. Processing packages in manageable batches to avoid timeouts/limits 3. Providing tunable batch sizes for different repo sizes * Fixing --ignore-commit-files to properly work again * properly included the enable diff param to the main module * Adding NPM CLI to Dockerfile
PreviousNext