Add --reach-skip-cache to disable reachability analysis configuration caching and pass --range-style to the Coana fix CLI (#724)

* add --reach-skip-cache option for disabling the reachability analysis configuration caching that is otherwise enabled by default

* pass the --range-style to the Coana CLI for fixes

* upgrade Coana CLI to 14.12.12

Author: mtorp

package-lock.json

@@ -85,7 +85,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.3",
     "@biomejs/biome": "2.2.2",
-    "@coana-tech/cli": "14.12.10",
+    "@coana-tech/cli": "14.12.12",
     "@cyclonedx/cdxgen": "11.6.0",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",

package.json

@@ -43,6 +43,7 @@ export async function handleCi(autoManifest: boolean): Promise<void> {
       reachDisableAnalytics: false,
       reachEcosystems: [],
       reachExcludePaths: [],
+      reachSkipCache: false,
       runReachabilityAnalysis: false,
     },
     repoName,

src/commands/ci/handle-ci.mts

@@ -98,6 +98,9 @@ export async function coanaFix(
         tarHash,
         '--apply-fixes-to',
         ...(isAll ? ['all'] : ghsas),
+        ...(fixConfig.rangeStyle
+          ? ['--range-style', fixConfig.rangeStyle]
+          : []),
         ...fixConfig.unknownFlags,
       ],
       fixConfig.orgSlug,
@@ -115,6 +118,9 @@ export async function coanaFix(
         cwd,
         '--manifests-tar-hash',
         tarHash,
+        ...(fixConfig.rangeStyle
+          ? ['--range-style', fixConfig.rangeStyle]
+          : []),
         ...fixConfig.unknownFlags,
       ],
       fixConfig.orgSlug,

src/commands/fix/coana-fix.mts

@@ -227,6 +227,7 @@ async function run(
     reachAnalysisMemoryLimit,
     reachAnalysisTimeout,
     reachDisableAnalytics,
+    reachSkipCache,
     readOnly,
     setAsAlertsPage: pendingHeadFlag,
     tmp,
@@ -249,6 +250,7 @@ async function run(
     reachAnalysisTimeout: number
     reachAnalysisMemoryLimit: number
     reachDisableAnalytics: boolean
+    reachSkipCache: boolean
   }
 
   const dryRun = !!cli.flags['dryRun']
@@ -424,7 +426,8 @@ async function run(
     isUsingNonDefaultTimeout ||
     isUsingNonDefaultAnalytics ||
     hasReachEcosystems ||
-    hasReachExcludePaths
+    hasReachExcludePaths ||
+    reachSkipCache
 
   const wasValidInput = checkCommandInput(
     outputKind,
@@ -499,6 +502,7 @@ async function run(
       reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
       reachEcosystems,
       reachExcludePaths,
+      reachSkipCache: Boolean(reachSkipCache),
     },
     readOnly: Boolean(readOnly),
     repoName,

src/commands/scan/cmd-scan-create.mts

@@ -48,6 +48,7 @@ describe('socket scan create', async () => {
             --reach-disable-analytics  Disable reachability analytics sharing with Socket. Also disables caching-based optimizations.
             --reach-ecosystems  List of ecosystems to conduct reachability analysis on, as either a comma separated value or as multiple flags. Defaults to all ecosystems.
             --reach-exclude-paths  List of paths to exclude from reachability analysis, as either a comma separated value or as multiple flags.
+            --reach-skip-cache  Skip caching-based optimizations. By default, the reachability analysis will use cached configurations from previous runs to speed up the analysis.
 
           Uploads the specified dependency manifest files for Go, Gradle, JavaScript,
           Kotlin, Python, and Scala. Files like "package.json" and "requirements.txt".

src/commands/scan/cmd-scan-create.test.mts

@@ -109,6 +109,7 @@ async function run(
     reachAnalysisMemoryLimit,
     reachAnalysisTimeout,
     reachDisableAnalytics,
+    reachSkipCache,
   } = cli.flags as {
     cwd: string
     interactive: boolean
@@ -118,6 +119,7 @@ async function run(
     reachAnalysisTimeout: number
     reachAnalysisMemoryLimit: number
     reachDisableAnalytics: boolean
+    reachSkipCache: boolean
   }
 
   const dryRun = !!cli.flags['dryRun']
@@ -204,6 +206,7 @@ async function run(
       reachDisableAnalytics: Boolean(reachDisableAnalytics),
       reachEcosystems,
       reachExcludePaths,
+      reachSkipCache: Boolean(reachSkipCache),
     },
   })
 }

src/commands/scan/cmd-scan-reach.mts

@@ -34,6 +34,7 @@ describe('socket scan reach', async () => {
             --reach-disable-analytics  Disable reachability analytics sharing with Socket. Also disables caching-based optimizations.
             --reach-ecosystems  List of ecosystems to conduct reachability analysis on, as either a comma separated value or as multiple flags. Defaults to all ecosystems.
             --reach-exclude-paths  List of paths to exclude from reachability analysis, as either a comma separated value or as multiple flags.
+            --reach-skip-cache  Skip caching-based optimizations. By default, the reachability analysis will use cached configurations from previous runs to speed up the analysis.
 
           Runs the Socket reachability analysis without creating a scan in Socket.
           The output is written to .socket.facts.json in the current working directory.

src/commands/scan/cmd-scan-reach.test.mts

@@ -246,6 +246,7 @@ async function scanOneRepo(
       reachAnalysisMemoryLimit: 0,
       reachEcosystems: [],
       reachExcludePaths: [],
+      reachSkipCache: false,
     },
     readOnly: false,
     repoName: repoSlug,

src/commands/scan/create-scan-from-github.mts

@@ -22,6 +22,7 @@ export type ReachabilityOptions = {
   reachDisableAnalytics: boolean
   reachEcosystems: PURL_Type[]
   reachExcludePaths: string[]
+  reachSkipCache: boolean
 }
 
 export type ReachabilityAnalysisOptions = {
@@ -161,6 +162,7 @@ export async function performReachabilityAnalysis(
     ...(reachabilityOptions.reachExcludePaths.length
       ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths]
       : []),
+    ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : []),
   ]
 
   // Build environment variables.