From 3840c160d56b89a60481273a4893dedd5ff36f43 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Tue, 2 Sep 2025 09:33:16 +0200 Subject: [PATCH 1/3] add --reach-skip-cache option for disabling the reachability analysis configuration caching that is otherwise enabled by default --- src/commands/ci/handle-ci.mts | 1 + src/commands/scan/cmd-scan-create.mts | 6 +++++- src/commands/scan/cmd-scan-create.test.mts | 1 + src/commands/scan/cmd-scan-reach.mts | 3 +++ src/commands/scan/cmd-scan-reach.test.mts | 1 + src/commands/scan/create-scan-from-github.mts | 1 + src/commands/scan/perform-reachability-analysis.mts | 2 ++ src/commands/scan/reachability-flags.mts | 6 ++++++ 8 files changed, 20 insertions(+), 1 deletion(-) diff --git a/src/commands/ci/handle-ci.mts b/src/commands/ci/handle-ci.mts index a4e75026c..a0635b20e 100644 --- a/src/commands/ci/handle-ci.mts +++ b/src/commands/ci/handle-ci.mts @@ -43,6 +43,7 @@ export async function handleCi(autoManifest: boolean): Promise { reachDisableAnalytics: false, reachEcosystems: [], reachExcludePaths: [], + reachSkipCache: false, runReachabilityAnalysis: false, }, repoName, diff --git a/src/commands/scan/cmd-scan-create.mts b/src/commands/scan/cmd-scan-create.mts index 33adacf1e..12e8da872 100644 --- a/src/commands/scan/cmd-scan-create.mts +++ b/src/commands/scan/cmd-scan-create.mts @@ -227,6 +227,7 @@ async function run( reachAnalysisMemoryLimit, reachAnalysisTimeout, reachDisableAnalytics, + reachSkipCache, readOnly, setAsAlertsPage: pendingHeadFlag, tmp, @@ -249,6 +250,7 @@ async function run( reachAnalysisTimeout: number reachAnalysisMemoryLimit: number reachDisableAnalytics: boolean + reachSkipCache: boolean } const dryRun = !!cli.flags['dryRun'] @@ -424,7 +426,8 @@ async function run( isUsingNonDefaultTimeout || isUsingNonDefaultAnalytics || hasReachEcosystems || - hasReachExcludePaths + hasReachExcludePaths || + reachSkipCache const wasValidInput = checkCommandInput( outputKind, @@ -499,6 +502,7 @@ async function run( reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit), reachEcosystems, reachExcludePaths, + reachSkipCache: Boolean(reachSkipCache), }, readOnly: Boolean(readOnly), repoName, diff --git a/src/commands/scan/cmd-scan-create.test.mts b/src/commands/scan/cmd-scan-create.test.mts index f03b33ee5..e4e7a32d0 100644 --- a/src/commands/scan/cmd-scan-create.test.mts +++ b/src/commands/scan/cmd-scan-create.test.mts @@ -48,6 +48,7 @@ describe('socket scan create', async () => { --reach-disable-analytics Disable reachability analytics sharing with Socket. Also disables caching-based optimizations. --reach-ecosystems List of ecosystems to conduct reachability analysis on, as either a comma separated value or as multiple flags. Defaults to all ecosystems. --reach-exclude-paths List of paths to exclude from reachability analysis, as either a comma separated value or as multiple flags. + --reach-skip-cache Skip caching-based optimizations. By default, the reachability analysis will use cached configurations from previous runs to speed up the analysis. Uploads the specified dependency manifest files for Go, Gradle, JavaScript, Kotlin, Python, and Scala. Files like "package.json" and "requirements.txt". diff --git a/src/commands/scan/cmd-scan-reach.mts b/src/commands/scan/cmd-scan-reach.mts index 0bf2c3332..584c6c0fb 100644 --- a/src/commands/scan/cmd-scan-reach.mts +++ b/src/commands/scan/cmd-scan-reach.mts @@ -109,6 +109,7 @@ async function run( reachAnalysisMemoryLimit, reachAnalysisTimeout, reachDisableAnalytics, + reachSkipCache, } = cli.flags as { cwd: string interactive: boolean @@ -118,6 +119,7 @@ async function run( reachAnalysisTimeout: number reachAnalysisMemoryLimit: number reachDisableAnalytics: boolean + reachSkipCache: boolean } const dryRun = !!cli.flags['dryRun'] @@ -204,6 +206,7 @@ async function run( reachDisableAnalytics: Boolean(reachDisableAnalytics), reachEcosystems, reachExcludePaths, + reachSkipCache: Boolean(reachSkipCache), }, }) } diff --git a/src/commands/scan/cmd-scan-reach.test.mts b/src/commands/scan/cmd-scan-reach.test.mts index 52960b750..5bf733813 100644 --- a/src/commands/scan/cmd-scan-reach.test.mts +++ b/src/commands/scan/cmd-scan-reach.test.mts @@ -34,6 +34,7 @@ describe('socket scan reach', async () => { --reach-disable-analytics Disable reachability analytics sharing with Socket. Also disables caching-based optimizations. --reach-ecosystems List of ecosystems to conduct reachability analysis on, as either a comma separated value or as multiple flags. Defaults to all ecosystems. --reach-exclude-paths List of paths to exclude from reachability analysis, as either a comma separated value or as multiple flags. + --reach-skip-cache Skip caching-based optimizations. By default, the reachability analysis will use cached configurations from previous runs to speed up the analysis. Runs the Socket reachability analysis without creating a scan in Socket. The output is written to .socket.facts.json in the current working directory. diff --git a/src/commands/scan/create-scan-from-github.mts b/src/commands/scan/create-scan-from-github.mts index 2d4e666c6..ea162063b 100644 --- a/src/commands/scan/create-scan-from-github.mts +++ b/src/commands/scan/create-scan-from-github.mts @@ -246,6 +246,7 @@ async function scanOneRepo( reachAnalysisMemoryLimit: 0, reachEcosystems: [], reachExcludePaths: [], + reachSkipCache: false, }, readOnly: false, repoName: repoSlug, diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts index dec27fdb3..1b991be3c 100644 --- a/src/commands/scan/perform-reachability-analysis.mts +++ b/src/commands/scan/perform-reachability-analysis.mts @@ -22,6 +22,7 @@ export type ReachabilityOptions = { reachDisableAnalytics: boolean reachEcosystems: PURL_Type[] reachExcludePaths: string[] + reachSkipCache: boolean } export type ReachabilityAnalysisOptions = { @@ -161,6 +162,7 @@ export async function performReachabilityAnalysis( ...(reachabilityOptions.reachExcludePaths.length ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths] : []), + ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : []), ] // Build environment variables. diff --git a/src/commands/scan/reachability-flags.mts b/src/commands/scan/reachability-flags.mts index ba430ac9b..0cd9278a6 100644 --- a/src/commands/scan/reachability-flags.mts +++ b/src/commands/scan/reachability-flags.mts @@ -31,4 +31,10 @@ export const reachabilityFlags: MeowFlags = { description: 'List of paths to exclude from reachability analysis, as either a comma separated value or as multiple flags.', }, + reachSkipCache: { + type: 'boolean', + default: false, + description: + 'Skip caching-based optimizations. By default, the reachability analysis will use cached configurations from previous runs to speed up the analysis.', + }, } From 88beaf886c5dc4e87897cb09ff4eaff7aa70a11c Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Tue, 2 Sep 2025 10:14:43 +0200 Subject: [PATCH 2/3] pass the --range-style to the Coana CLI for fixes --- src/commands/fix/coana-fix.mts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts index 253125210..a6482f026 100644 --- a/src/commands/fix/coana-fix.mts +++ b/src/commands/fix/coana-fix.mts @@ -98,6 +98,9 @@ export async function coanaFix( tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), + ...(fixConfig.rangeStyle + ? ['--range-style', fixConfig.rangeStyle] + : []), ...fixConfig.unknownFlags, ], fixConfig.orgSlug, @@ -115,6 +118,9 @@ export async function coanaFix( cwd, '--manifests-tar-hash', tarHash, + ...(fixConfig.rangeStyle + ? ['--range-style', fixConfig.rangeStyle] + : []), ...fixConfig.unknownFlags, ], fixConfig.orgSlug, From 78c73ebcbae575f49ad760146e704182bcb96461 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Tue, 2 Sep 2025 10:17:10 +0200 Subject: [PATCH 3/3] upgrade Coana CLI to 14.12.12 --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 19b37248e..e42773ca7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ "@babel/preset-typescript": "7.27.1", "@babel/runtime": "7.28.3", "@biomejs/biome": "2.2.2", - "@coana-tech/cli": "14.12.10", + "@coana-tech/cli": "14.12.12", "@cyclonedx/cdxgen": "11.6.0", "@dotenvx/dotenvx": "1.49.0", "@eslint/compat": "1.3.2", @@ -898,9 +898,9 @@ "optional": true }, "node_modules/@coana-tech/cli": { - "version": "14.12.10", - "resolved": "https://registry.npmjs.org/@coana-tech/cli/-/cli-14.12.10.tgz", - "integrity": "sha512-h3JDAQ979bDm1DYftff4x6Mn3AUNDGzPUge1HKnGhe3IDqi++Soo/m0Hz2E4G8id0v1uGnaAHHq4sPotU31vUw==", + "version": "14.12.12", + "resolved": "https://registry.npmjs.org/@coana-tech/cli/-/cli-14.12.12.tgz", + "integrity": "sha512-VyMki7RUB7ORI0clueuhBfG+67C7SVVk6Qr54HQiV0DEhtYAEtFQQs4x56CNkf2GxRaQGqJHbY+C9Aq/nnhT1g==", "dev": true, "bin": { "cli": "cli-wrapper.mjs" diff --git a/package.json b/package.json index 57e15dae9..5803a0215 100644 --- a/package.json +++ b/package.json @@ -85,7 +85,7 @@ "@babel/preset-typescript": "7.27.1", "@babel/runtime": "7.28.3", "@biomejs/biome": "2.2.2", - "@coana-tech/cli": "14.12.10", + "@coana-tech/cli": "14.12.12", "@cyclonedx/cdxgen": "11.6.0", "@dotenvx/dotenvx": "1.49.0", "@eslint/compat": "1.3.2",