From 8f412aaeda56a206cb933e63613a21a7548ab6c6 Mon Sep 17 00:00:00 2001
From: Martin Torp <martin@socket.dev>
Date: Mon, 18 Aug 2025 19:10:08 +0200
Subject: [PATCH 1/2] fix an issue where the wrong org slug was passed to the
 Coana process when the org slug was provided through --org

---
 src/commands/fix/coana-fix.mts                     |  3 ++-
 .../scan/perform-reachability-analysis.mts         |  2 +-
 src/utils/coana.mts                                | 14 ++++++++++----
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts
index 4b4278ad1..1c3804c18 100644
--- a/src/commands/fix/coana-fix.mts
+++ b/src/commands/fix/coana-fix.mts
@@ -79,7 +79,8 @@ export async function coanaFix(
           ...ids,
           ...fixConfig.unknownFlags,
         ],
-        { cwd, spinner, env: { SOCKET_ORG_SLUG: orgSlug } },
+        fixConfig.orgSlug,
+        { cwd, spinner },
       )
     : undefined
 
diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts
index 41367c4d1..64a4d3397 100644
--- a/src/commands/scan/perform-reachability-analysis.mts
+++ b/src/commands/scan/perform-reachability-analysis.mts
@@ -162,7 +162,7 @@ export async function performReachabilityAnalysis(
   }
 
   // Run Coana with the manifests tar hash.
-  const coanaResult = await spawnCoana(coanaArgs, {
+  const coanaResult = await spawnCoana(coanaArgs, orgSlug, {
     cwd,
     env,
     spinner,
diff --git a/src/utils/coana.mts b/src/utils/coana.mts
index 9e7316574..138a0b09a 100644
--- a/src/utils/coana.mts
+++ b/src/utils/coana.mts
@@ -25,6 +25,7 @@ export function extractTier1ReachabilityScanId(
 
 export async function spawnCoana(
   args: string[] | readonly string[],
+  orgSlug?: string,
   options?: SpawnOptions | undefined,
   extra?: SpawnExtra | undefined,
 ): Promise<CResult<string>> {
@@ -37,9 +38,14 @@ export async function spawnCoana(
   if (defaultApiToken) {
     mixinsEnv['SOCKET_CLI_API_TOKEN'] = defaultApiToken
   }
-  const orgSlugCResult = await getDefaultOrgSlug()
-  if (orgSlugCResult.ok) {
-    mixinsEnv['SOCKET_ORG_SLUG'] = orgSlugCResult.data
+
+  if (orgSlug) {
+    mixinsEnv['SOCKET_ORG_SLUG'] = orgSlug
+  } else {
+    const orgSlugCResult = await getDefaultOrgSlug()
+    if (orgSlugCResult.ok) {
+      mixinsEnv['SOCKET_ORG_SLUG'] = orgSlugCResult.data
+    }
   }
   try {
     const output = await spawn(
@@ -50,7 +56,7 @@ export async function spawnCoana(
         // Lazily access constants.nodeMemoryFlags.
         ...constants.nodeMemoryFlags,
         // Lazily access constants.coanaBinPath.
-        constants.coanaBinPath,
+        // constants.coanaBinPath,
         ...args,
       ],
       {

From 292adc3de0f62900026660e31a1c408bde4c2b85 Mon Sep 17 00:00:00 2001
From: Martin Torp <martin@socket.dev>
Date: Mon, 18 Aug 2025 19:35:17 +0200
Subject: [PATCH 2/2] upgrade Coana to 14.11.14

---
 package-lock.json   | 8 ++++----
 package.json        | 2 +-
 src/utils/coana.mts | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ee2b7f9e3..d704de416 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -21,7 +21,7 @@
         "@babel/preset-typescript": "7.27.1",
         "@babel/runtime": "7.28.3",
         "@biomejs/biome": "2.2.0",
-        "@coana-tech/cli": "14.11.11",
+        "@coana-tech/cli": "14.11.14",
         "@cyclonedx/cdxgen": "11.5.0",
         "@dotenvx/dotenvx": "1.48.4",
         "@eslint/compat": "1.3.2",
@@ -898,9 +898,9 @@
       "optional": true
     },
     "node_modules/@coana-tech/cli": {
-      "version": "14.11.11",
-      "resolved": "https://registry.npmjs.org/@coana-tech/cli/-/cli-14.11.11.tgz",
-      "integrity": "sha512-Y8uE2im5kt3mVFZFSwjPkk5ifyLPIh3NtU2WifFT1ke1FbwRCFsdTKfuP8hHvM9EygKBdX5IDcQVLYBW2HIcwg==",
+      "version": "14.11.14",
+      "resolved": "https://registry.npmjs.org/@coana-tech/cli/-/cli-14.11.14.tgz",
+      "integrity": "sha512-3BK96NdrIUlPci/7dA75Z7zhz/iP7dePDwsYkRdLajG/DQ5lrOtu2deINuUSscR3hDPqSBafC6EJ3WvMl7dDxw==",
       "dev": true,
       "bin": {
         "cli": "cli-wrapper.mjs"
diff --git a/package.json b/package.json
index 5bfc2bcb5..82abb8d1b 100644
--- a/package.json
+++ b/package.json
@@ -84,7 +84,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.3",
     "@biomejs/biome": "2.2.0",
-    "@coana-tech/cli": "14.11.11",
+    "@coana-tech/cli": "14.11.14",
     "@cyclonedx/cdxgen": "11.5.0",
     "@dotenvx/dotenvx": "1.48.4",
     "@eslint/compat": "1.3.2",
diff --git a/src/utils/coana.mts b/src/utils/coana.mts
index 138a0b09a..270f88cfc 100644
--- a/src/utils/coana.mts
+++ b/src/utils/coana.mts
@@ -56,7 +56,7 @@ export async function spawnCoana(
         // Lazily access constants.nodeMemoryFlags.
         ...constants.nodeMemoryFlags,
         // Lazily access constants.coanaBinPath.
-        // constants.coanaBinPath,
+        constants.coanaBinPath,
         ...args,
       ],
       {