From 2bacb69aaf1efa087cd167387c7369e592297924 Mon Sep 17 00:00:00 2001
From: Jeppe Fredsgaard Blaabjerg <jfblaa@gmail.com>
Date: Wed, 26 Nov 2025 13:55:53 +0100
Subject: [PATCH 1/2] upload manifest filess relative to target for coana-fix
 and perform-reachability-analysis

---
 package.json                                        | 2 +-
 src/commands/fix/coana-fix.mts                      | 2 +-
 src/commands/scan/perform-reachability-analysis.mts | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index 20fc21712..14f433c60 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.35",
+  "version": "1.1.36",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",
diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts
index e72cc370b..a566052ae 100644
--- a/src/commands/fix/coana-fix.mts
+++ b/src/commands/fix/coana-fix.mts
@@ -155,7 +155,7 @@ export async function coanaFix(
     p => path.basename(p).toLowerCase() !== DOT_SOCKET_DOT_FACTS_JSON,
   )
   const uploadCResult = await handleApiCall(
-    sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload),
+    sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload, cwd),
     {
       description: 'upload manifests',
       spinner,
diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts
index b1833f121..75bf60fab 100644
--- a/src/commands/scan/perform-reachability-analysis.mts
+++ b/src/commands/scan/perform-reachability-analysis.mts
@@ -107,7 +107,7 @@ export async function performReachabilityAnalysis(
     spinner?.start('Uploading manifests for reachability analysis...')
 
     const uploadCResult = await handleApiCall(
-      sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload),
+      sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload, target),
       {
         description: 'upload manifests',
         spinner,

From 3bb089cc3e1ad9e27efc01ae9582539d1c36daca Mon Sep 17 00:00:00 2001
From: Jeppe Fredsgaard Blaabjerg <jfblaa@gmail.com>
Date: Wed, 26 Nov 2025 14:28:46 +0100
Subject: [PATCH 2/2] slightly more verbose, but hopefully more intuitive
 relative path argument for uploadManifestFiles add comment

---
 src/commands/scan/perform-reachability-analysis.mts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts
index 75bf60fab..48c745aa9 100644
--- a/src/commands/scan/perform-reachability-analysis.mts
+++ b/src/commands/scan/perform-reachability-analysis.mts
@@ -106,8 +106,13 @@ export async function performReachabilityAnalysis(
 
     spinner?.start('Uploading manifests for reachability analysis...')
 
+    // Ensure uploaded manifest files are relative to analysis target as coana resolves SBOM manifest files relative to this path
     const uploadCResult = await handleApiCall(
-      sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload, target),
+      sockSdk.uploadManifestFiles(
+        orgSlug,
+        filepathsToUpload,
+        path.resolve(cwd, analysisTarget),
+      ),
       {
         description: 'upload manifests',
         spinner,