diff --git a/README.md b/README.md index 832f931..37a8735 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.0.20 + uses: SocketDev/socket-basics@1.0.21 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -112,7 +112,7 @@ Configure scanning policies, notification channels, and rule sets for your entir **Dashboard-Configured (Enterprise):** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -123,7 +123,7 @@ Configure scanning policies, notification channels, and rule sets for your entir **CLI-Configured:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -139,10 +139,10 @@ Configure scanning policies, notification channels, and rule sets for your entir ```bash # Build with version tag -docker build -t socketdev/socket-basics:1.0.20 . +docker build -t socketdev/socket-basics:1.0.21 . # Run scan -docker run --rm -v "$PWD:/workspace" socketdev/socket-basics:1.0.20 \ +docker run --rm -v "$PWD:/workspace" socketdev/socket-basics:1.0.21 \ --workspace /workspace \ --python-sast-enabled \ --secret-scanning-enabled \ diff --git a/docs/github-action.md b/docs/github-action.md index 7ef8a04..8d7b019 100644 --- a/docs/github-action.md +++ b/docs/github-action.md @@ -38,7 +38,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.0.20 + uses: SocketDev/socket-basics@1.0.21 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -78,7 +78,7 @@ Include these in your workflow's `jobs..permissions` section. **SAST (Static Analysis):** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} # Enable SAST for specific languages @@ -92,7 +92,7 @@ Include these in your workflow's `jobs..permissions` section. **Secret Scanning:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} secret_scanning_enabled: 'true' @@ -104,7 +104,7 @@ Include these in your workflow's `jobs..permissions` section. **Container Scanning:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} # Scan Docker images (auto-enables container scanning) @@ -115,7 +115,7 @@ Include these in your workflow's `jobs..permissions` section. **Socket Tier 1 Reachability:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_tier_1_enabled: 'true' @@ -124,7 +124,7 @@ Include these in your workflow's `jobs..permissions` section. ### Output Configuration ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} python_sast_enabled: 'true' @@ -154,7 +154,7 @@ Configure Socket Basics centrally from the [Socket Dashboard](https://socket.dev **Enable in workflow:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -166,7 +166,7 @@ Configure Socket Basics centrally from the [Socket Dashboard](https://socket.dev > **Note:** You can also pass credentials using environment variables instead of the `with:` section: > ```yaml -> - uses: SocketDev/socket-basics@1.0.20 +> - uses: SocketDev/socket-basics@1.0.21 > env: > SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }} > with: @@ -184,7 +184,7 @@ All notification integrations require Socket Enterprise. **Slack Notifications:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -196,7 +196,7 @@ All notification integrations require Socket Enterprise. **Jira Issue Creation:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -211,7 +211,7 @@ All notification integrations require Socket Enterprise. **Microsoft Teams:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -223,7 +223,7 @@ All notification integrations require Socket Enterprise. **Generic Webhook:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -235,7 +235,7 @@ All notification integrations require Socket Enterprise. **SIEM Integration:** ```yaml -- uses: SocketDev/socket-basics@1.0.20 +- uses: SocketDev/socket-basics@1.0.21 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -271,7 +271,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.0.20 + uses: SocketDev/socket-basics@1.0.21 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -317,7 +317,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Full Security Scan - uses: SocketDev/socket-basics@1.0.20 + uses: SocketDev/socket-basics@1.0.21 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -368,10 +368,10 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build Docker Image - run: docker build -t myapp:1.0.20:${{ github.sha }} . + run: docker build -t myapp:1.0.21:${{ github.sha }} . - name: Scan Container - uses: SocketDev/socket-basics@1.0.20 + uses: SocketDev/socket-basics@1.0.21 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -404,7 +404,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.0.20 + uses: SocketDev/socket-basics@1.0.21 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -497,7 +497,7 @@ env: ```yaml steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - Must be first - - uses: SocketDev/socket-basics@1.0.20 + - uses: SocketDev/socket-basics@1.0.21 ``` ### PR Comments Not Appearing diff --git a/docs/local-install-docker.md b/docs/local-install-docker.md index 2362023..bb1f3e8 100644 --- a/docs/local-install-docker.md +++ b/docs/local-install-docker.md @@ -17,7 +17,7 @@ Run Socket Basics locally using Docker without installing any security tools on # 1. Clone and build git clone https://github.com/SocketDev/socket-basics.git cd socket-basics -docker build -t socket-basics:1.0.20 . +docker build -t socket-basics:1.0.21 . # 2. Create .env file with your credentials cat > .env << 'EOF' @@ -29,7 +29,7 @@ EOF docker run --rm \ -v "$PWD:/workspace" \ --env-file .env \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --python \ --secrets \ @@ -46,10 +46,10 @@ git clone https://github.com/SocketDev/socket-basics.git cd socket-basics # Build with version tag -docker build -t socket-basics:1.0.20 . +docker build -t socket-basics:1.0.21 . # Or build with latest tag -docker build -t socket-basics:1.0.20:latest . +docker build -t socket-basics:1.0.21:latest . # Verify the build docker images | grep socket-basics @@ -59,21 +59,21 @@ docker images | grep socket-basics ```bash # Use your own image name -docker build -t myorg/security-scanner:1.0.20 . +docker build -t myorg/security-scanner:1.0.21 . # Build for specific platform (e.g., for M1/M2 Macs) -docker build --platform linux/amd64 -t socket-basics:1.0.20 . +docker build --platform linux/amd64 -t socket-basics:1.0.21 . ``` ### Verify Installation ```bash # Check that all tools are available in the container -docker run --rm socket-basics:1.0.20 socket-basics --version -docker run --rm socket-basics:1.0.20 socket --version -docker run --rm socket-basics:1.0.20 trivy --version -docker run --rm socket-basics:1.0.20 semgrep --version -docker run --rm socket-basics:1.0.20 trufflehog --version +docker run --rm socket-basics:1.0.21 socket-basics --version +docker run --rm socket-basics:1.0.21 socket --version +docker run --rm socket-basics:1.0.21 trivy --version +docker run --rm socket-basics:1.0.21 semgrep --version +docker run --rm socket-basics:1.0.21 trufflehog --version ``` ## Running Scans @@ -86,7 +86,7 @@ Mount your project directory into the container: # Scan current directory docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --python \ --secrets \ @@ -103,7 +103,7 @@ docker run --rm \ # Scan a specific project directory docker run --rm \ -v "/path/to/your/project:/workspace" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --javascript \ --secrets @@ -114,7 +114,7 @@ docker run --rm \ ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --all-languages \ --secrets \ @@ -162,7 +162,7 @@ VERBOSE=false docker run --rm \ -v "$PWD:/workspace" \ --env-file .env \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --python \ --secrets @@ -177,7 +177,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -e "SOCKET_SECURITY_API_KEY=scrt_your_api_key" \ -e "SOCKET_ORG=your-org-slug" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --python \ --secrets \ @@ -199,7 +199,7 @@ docker run --rm \ --env-file .env.socket \ --env-file .env.notifiers \ --env-file .env.scanning \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --all-languages ``` @@ -218,7 +218,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -e "SOCKET_SECURITY_API_KEY=$SOCKET_SECURITY_API_KEY" \ -e "SOCKET_ORG=$SOCKET_ORG" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --python ``` @@ -234,7 +234,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -v "/var/run/docker.sock:/var/run/docker.sock" \ --env-file .env \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --images "nginx:latest,redis:7" \ --console-tabular-enabled @@ -255,7 +255,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -v "$PWD/scan-results:/results" \ --env-file .env \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --python \ --secrets \ @@ -272,7 +272,7 @@ docker run --rm -it \ -v "$PWD:/workspace" \ --env-file .env \ --entrypoint /bin/bash \ - socket-basics:1.0.20 + socket-basics:1.0.21 # Inside container, run commands manually: # cd /workspace @@ -301,7 +301,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -v "$PWD/socket-config.json:/config.json" \ --env-file .env \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --config /config.json ``` @@ -325,7 +325,7 @@ for PROJECT in "${PROJECTS[@]}"; do docker run --rm \ -v "$PROJECT:/workspace" \ --env-file .env \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --all-languages \ --secrets \ @@ -345,7 +345,7 @@ pipeline { stage('Security Scan') { steps { script { - docker.image('socket-basics:1.0.20').inside( + docker.image('socket-basics:1.0.21').inside( "-v ${WORKSPACE}:/workspace --env-file .env" ) { sh ''' @@ -367,7 +367,7 @@ pipeline { ```yaml security-scan: - image: socket-basics:1.0.20 + image: socket-basics:1.0.21 stage: test script: - socket-basics @@ -393,7 +393,7 @@ security-scan: docker run --rm \ -v "$PWD:/workspace" \ --user "$(id -u):$(id -g)" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace ``` @@ -412,14 +412,14 @@ security-scan: ```bash docker run --rm \ -v "$(pwd):/workspace" \ # Use $(pwd) instead of $PWD - socket-basics:1.0.20 + socket-basics:1.0.21 ``` 2. Verify mount: ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ ls -la /workspace ``` @@ -449,7 +449,7 @@ security-scan: docker run --rm \ -v "$PWD:/workspace" \ --env-file "$(pwd)/.env" \ - socket-basics:1.0.20 + socket-basics:1.0.21 ``` ### Docker Socket Permission Denied @@ -497,7 +497,7 @@ security-scan: ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --python \ --secrets \ @@ -518,7 +518,7 @@ security-scan: ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --output /workspace/results.json # Save to mounted directory ``` @@ -529,7 +529,7 @@ security-scan: docker run --rm \ -v "$PWD:/workspace" \ -v "$PWD/results:/results" \ - socket-basics:1.0.20 \ + socket-basics:1.0.21 \ --workspace /workspace \ --output /results/scan.json ``` @@ -540,14 +540,14 @@ Add these to your `~/.bashrc` or `~/.zshrc` for quick access: ```bash # Socket Basics Docker aliases -alias sb-docker='docker run --rm -v "$PWD:/workspace" --env-file .env socket-basics:1.0.20 --workspace /workspace' +alias sb-docker='docker run --rm -v "$PWD:/workspace" --env-file .env socket-basics:1.0.21 --workspace /workspace' alias sb-quick='sb-docker --secrets --console-tabular-enabled' alias sb-python='sb-docker --python --secrets --console-tabular-enabled' alias sb-js='sb-docker --javascript --secrets --console-tabular-enabled' alias sb-all='sb-docker --all-languages --secrets --socket-tier1 --console-tabular-enabled' # Rebuild image -alias sb-build='docker build -t socket-basics:1.0.20 .' +alias sb-build='docker build -t socket-basics:1.0.21 .' ``` Usage: @@ -583,7 +583,7 @@ set -e # Configuration PROJECT_DIR="$(pwd)" RESULTS_DIR="./scan-results" -IMAGE_NAME="socket-basics:1.0.20" +IMAGE_NAME="socket-basics:1.0.21" ENV_FILE=".env" # Create results directory diff --git a/docs/pre-commit-hook.md b/docs/pre-commit-hook.md index 660c64b..fc2971d 100644 --- a/docs/pre-commit-hook.md +++ b/docs/pre-commit-hook.md @@ -39,7 +39,7 @@ git clone https://github.com/SocketDev/socket-basics.git cd socket-basics # Build the Docker image with version tag -docker build -t socket-basics:1.0.20 . +docker build -t socket-basics:1.0.21 . ``` **2. Create pre-commit hook:** diff --git a/pyproject.toml b/pyproject.toml index ac8a699..e30b011 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "socket_basics" -version = "1.0.20" +version = "1.0.21" description = "Socket Basics with integrated SAST, secret scanning, and container analysis" readme = "README.md" requires-python = ">=3.10" diff --git a/socket_basics/core/config.py b/socket_basics/core/config.py index 87f256a..6b36cb3 100644 --- a/socket_basics/core/config.py +++ b/socket_basics/core/config.py @@ -292,11 +292,17 @@ def get_custom_rules_path(self) -> Optional[Path]: Returns path relative to workspace if workspace is set, otherwise relative to cwd. Returns None if custom rules are not enabled or path doesn't exist. """ + # Cache the result to avoid repeated warnings and path resolution + if hasattr(self, '_custom_rules_path_cache'): + return self._custom_rules_path_cache + if not self.get('use_custom_sast_rules', False): + self._custom_rules_path_cache = None return None custom_path_str = self.get('custom_sast_rule_path', 'custom_rules') if not custom_path_str: + self._custom_rules_path_cache = None return None # Determine base path @@ -313,13 +319,16 @@ def get_custom_rules_path(self) -> Optional[Path]: # Check if path exists if not custom_path.exists(): - logger.warning(f"Custom SAST rules path does not exist: {custom_path}") + logger.debug(f"Custom SAST rules path does not exist: {custom_path}") + self._custom_rules_path_cache = None return None if not custom_path.is_dir(): logger.warning(f"Custom SAST rules path is not a directory: {custom_path}") + self._custom_rules_path_cache = None return None + self._custom_rules_path_cache = custom_path return custom_path diff --git a/socket_basics/version.py b/socket_basics/version.py index 6e3c058..c916e68 100644 --- a/socket_basics/version.py +++ b/socket_basics/version.py @@ -1 +1 @@ -__version__ = "1.0.20" +__version__ = "1.0.21"