From 2bacb69aaf1efa087cd167387c7369e592297924 Mon Sep 17 00:00:00 2001
From: Jeppe Fredsgaard Blaabjerg <jfblaa@gmail.com>
Date: Wed, 26 Nov 2025 13:55:53 +0100
Subject: [PATCH 1/3] upload manifest filess relative to target for coana-fix
 and perform-reachability-analysis

---
 package.json                                        | 2 +-
 src/commands/fix/coana-fix.mts                      | 2 +-
 src/commands/scan/perform-reachability-analysis.mts | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index 20fc21712..14f433c60 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.35",
+  "version": "1.1.36",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",
diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts
index e72cc370b..a566052ae 100644
--- a/src/commands/fix/coana-fix.mts
+++ b/src/commands/fix/coana-fix.mts
@@ -155,7 +155,7 @@ export async function coanaFix(
     p => path.basename(p).toLowerCase() !== DOT_SOCKET_DOT_FACTS_JSON,
   )
   const uploadCResult = await handleApiCall(
-    sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload),
+    sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload, cwd),
     {
       description: 'upload manifests',
       spinner,
diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts
index b1833f121..75bf60fab 100644
--- a/src/commands/scan/perform-reachability-analysis.mts
+++ b/src/commands/scan/perform-reachability-analysis.mts
@@ -107,7 +107,7 @@ export async function performReachabilityAnalysis(
     spinner?.start('Uploading manifests for reachability analysis...')
 
     const uploadCResult = await handleApiCall(
-      sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload),
+      sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload, target),
       {
         description: 'upload manifests',
         spinner,

From 3bb089cc3e1ad9e27efc01ae9582539d1c36daca Mon Sep 17 00:00:00 2001
From: Jeppe Fredsgaard Blaabjerg <jfblaa@gmail.com>
Date: Wed, 26 Nov 2025 14:28:46 +0100
Subject: [PATCH 2/3] slightly more verbose, but hopefully more intuitive
 relative path argument for uploadManifestFiles add comment

---
 src/commands/scan/perform-reachability-analysis.mts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts
index 75bf60fab..48c745aa9 100644
--- a/src/commands/scan/perform-reachability-analysis.mts
+++ b/src/commands/scan/perform-reachability-analysis.mts
@@ -106,8 +106,13 @@ export async function performReachabilityAnalysis(
 
     spinner?.start('Uploading manifests for reachability analysis...')
 
+    // Ensure uploaded manifest files are relative to analysis target as coana resolves SBOM manifest files relative to this path
     const uploadCResult = await handleApiCall(
-      sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload, target),
+      sockSdk.uploadManifestFiles(
+        orgSlug,
+        filepathsToUpload,
+        path.resolve(cwd, analysisTarget),
+      ),
       {
         description: 'upload manifests',
         spinner,

From a7aa0c66069218eae03568e1ea5b0af88ec81920 Mon Sep 17 00:00:00 2001
From: Jeppe Fredsgaard Blaabjerg <jfblaa@gmail.com>
Date: Wed, 26 Nov 2025 14:56:56 +0100
Subject: [PATCH 3/3] version bump and changelog

---
 CHANGELOG.md | 7 ++++++-
 package.json | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 58396a70c..799c79452 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,12 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
-## [1.1.36](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.35) - 2025-11-26
+## [1.1.37](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.37) - 2025-11-26
+
+### Fixed
+- Fix a bug where setting target path could cause incorrect manifest file paths for commands `socket scan reach <target>`, `socket scan create --reach <target>`, and `socket fix <target>`.
+
+## [1.1.36](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.36) - 2025-11-26
 
 ### Fixed
 - Fix a bug where the reachability analysis would hang on runs with analysis errors.
diff --git a/package.json b/package.json
index 15926155d..918d51f16 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.36",
+  "version": "1.1.37",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",