From abe85475aa826173990c9b22481a42d1ed909736 Mon Sep 17 00:00:00 2001 From: Douglas Coburn Date: Thu, 24 Jul 2025 18:49:02 -0700 Subject: [PATCH 1/2] Updated workflow examples to use Socket Container --- pyproject.toml | 2 +- socketsecurity/__init__.py | 2 +- workflows/bitbucket-pipelines.yml | 9 +++--- workflows/github-actions.yml | 49 ++++++++++++++++++++++++++----- workflows/gitlab-ci.yml | 7 +++-- 5 files changed, 52 insertions(+), 17 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 1406aad..1618949 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "hatchling.build" [project] name = "socketsecurity" -version = "2.1.24" +version = "2.1.25" requires-python = ">= 3.10" license = {"file" = "LICENSE"} dependencies = [ diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py index b396467..f6c8793 100644 --- a/socketsecurity/__init__.py +++ b/socketsecurity/__init__.py @@ -1,2 +1,2 @@ __author__ = 'socket.dev' -__version__ = '2.1.24' +__version__ = '2.1.25' diff --git a/workflows/bitbucket-pipelines.yml b/workflows/bitbucket-pipelines.yml index d9f1260..21fa952 100644 --- a/workflows/bitbucket-pipelines.yml +++ b/workflows/bitbucket-pipelines.yml @@ -2,17 +2,16 @@ # This pipeline runs Socket Security scans on every commit to any branch # The CLI automatically detects most information from the git repository -image: python:3.12-slim +image: socketdev/cli:latest definitions: steps: - step: &socket-scan name: Socket Security Scan - caches: - - pip script: - - pip install --upgrade pip - - pip install socketsecurity + # Socket CLI is pre-installed in the socketdev/cli:latest image + # Git is also pre-installed for auto-detection features + - socketcli --version # Run Socket CLI with minimal required parameters # The CLI automatically detects: # - Repository name from git diff --git a/workflows/github-actions.yml b/workflows/github-actions.yml index bfbda7a..a607afd 100644 --- a/workflows/github-actions.yml +++ b/workflows/github-actions.yml @@ -26,19 +26,15 @@ jobs: pull-requests: write runs-on: ubuntu-latest + # Option 1: Use the official Socket CLI container (faster, more reliable) + container: socketdev/cli:latest + steps: - uses: actions/checkout@v4 with: # For PRs, fetch one additional commit for proper diff analysis fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }} - - uses: actions/setup-python@v5 - with: - python-version: '3.12' - - - name: Install Socket CLI - run: pip install socketsecurity --upgrade - - name: Run Socket Security Scan env: SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }} @@ -65,3 +61,42 @@ jobs: --target-path $GITHUB_WORKSPACE \ --scm github \ --pr-number $PR_NUMBER + +# Alternative Option 2: Traditional Python setup (if you prefer not to use containers) +# Replace the job above with this version if you want to use the traditional approach: +# +# socket-security: +# permissions: +# issues: write +# contents: read +# pull-requests: write +# runs-on: ubuntu-latest +# +# steps: +# - uses: actions/checkout@v4 +# with: +# fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }} +# +# - uses: actions/setup-python@v5 +# with: +# python-version: '3.12' +# +# - name: Install Socket CLI +# run: pip install socketsecurity --upgrade +# +# - name: Run Socket Security Scan +# env: +# SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }} +# GH_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# run: | +# PR_NUMBER=0 +# if [ "${{ github.event_name }}" == "pull_request" ]; then +# PR_NUMBER=${{ github.event.pull_request.number }} +# elif [ "${{ github.event_name }}" == "issue_comment" ]; then +# PR_NUMBER=${{ github.event.issue.number }} +# fi +# +# socketcli \ +# --target-path $GITHUB_WORKSPACE \ +# --scm github \ +# --pr-number $PR_NUMBER diff --git a/workflows/gitlab-ci.yml b/workflows/gitlab-ci.yml index 2b96288..0602bc0 100644 --- a/workflows/gitlab-ci.yml +++ b/workflows/gitlab-ci.yml @@ -7,7 +7,7 @@ stages: socket-security: stage: security-scan - image: python:3.12-slim + image: socketdev/cli:latest # Run on all branches and merge requests rules: @@ -24,8 +24,9 @@ socket-security: - .cache/pip/ before_script: - - pip install --upgrade pip - - pip install socketsecurity + # Socket CLI is pre-installed in the socketdev/cli:latest image + # Git is also pre-installed for auto-detection features + - socketcli --version script: # Run Socket CLI with minimal required parameters From fa890a06780e88ae93c0344e2fb501af8ef3ef69 Mon Sep 17 00:00:00 2001 From: Douglas Coburn Date: Thu, 24 Jul 2025 18:50:45 -0700 Subject: [PATCH 2/2] Updated examples not to do an extra version check --- pyproject.toml | 2 +- socketsecurity/__init__.py | 2 +- workflows/bitbucket-pipelines.yml | 3 --- workflows/github-actions.yml | 39 ------------------------------- workflows/gitlab-ci.yml | 5 ---- 5 files changed, 2 insertions(+), 49 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 1618949..bdf1827 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "hatchling.build" [project] name = "socketsecurity" -version = "2.1.25" +version = "2.1.26" requires-python = ">= 3.10" license = {"file" = "LICENSE"} dependencies = [ diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py index f6c8793..f4e09ad 100644 --- a/socketsecurity/__init__.py +++ b/socketsecurity/__init__.py @@ -1,2 +1,2 @@ __author__ = 'socket.dev' -__version__ = '2.1.25' +__version__ = '2.1.26' diff --git a/workflows/bitbucket-pipelines.yml b/workflows/bitbucket-pipelines.yml index 21fa952..d129560 100644 --- a/workflows/bitbucket-pipelines.yml +++ b/workflows/bitbucket-pipelines.yml @@ -9,9 +9,6 @@ definitions: - step: &socket-scan name: Socket Security Scan script: - # Socket CLI is pre-installed in the socketdev/cli:latest image - # Git is also pre-installed for auto-detection features - - socketcli --version # Run Socket CLI with minimal required parameters # The CLI automatically detects: # - Repository name from git diff --git a/workflows/github-actions.yml b/workflows/github-actions.yml index a607afd..8c3d49d 100644 --- a/workflows/github-actions.yml +++ b/workflows/github-actions.yml @@ -61,42 +61,3 @@ jobs: --target-path $GITHUB_WORKSPACE \ --scm github \ --pr-number $PR_NUMBER - -# Alternative Option 2: Traditional Python setup (if you prefer not to use containers) -# Replace the job above with this version if you want to use the traditional approach: -# -# socket-security: -# permissions: -# issues: write -# contents: read -# pull-requests: write -# runs-on: ubuntu-latest -# -# steps: -# - uses: actions/checkout@v4 -# with: -# fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }} -# -# - uses: actions/setup-python@v5 -# with: -# python-version: '3.12' -# -# - name: Install Socket CLI -# run: pip install socketsecurity --upgrade -# -# - name: Run Socket Security Scan -# env: -# SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }} -# GH_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} -# run: | -# PR_NUMBER=0 -# if [ "${{ github.event_name }}" == "pull_request" ]; then -# PR_NUMBER=${{ github.event.pull_request.number }} -# elif [ "${{ github.event_name }}" == "issue_comment" ]; then -# PR_NUMBER=${{ github.event.issue.number }} -# fi -# -# socketcli \ -# --target-path $GITHUB_WORKSPACE \ -# --scm github \ -# --pr-number $PR_NUMBER diff --git a/workflows/gitlab-ci.yml b/workflows/gitlab-ci.yml index 0602bc0..4e44580 100644 --- a/workflows/gitlab-ci.yml +++ b/workflows/gitlab-ci.yml @@ -23,11 +23,6 @@ socket-security: paths: - .cache/pip/ - before_script: - # Socket CLI is pre-installed in the socketdev/cli:latest image - # Git is also pre-installed for auto-detection features - - socketcli --version - script: # Run Socket CLI with minimal required parameters # The CLI automatically detects: