diff --git a/Dockerfile b/Dockerfile index 13cd03f..cccf517 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,10 +19,12 @@ RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \ RUN npm install -g socket # Install Trivy -RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.67.2 +ARG TRIVY_VERSION=v0.67.2 +RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "${TRIVY_VERSION}" # Install Trufflehog -RUN curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin +ARG TRUFFLEHOG_VERSION=v3.93.3 +RUN curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin "${TRUFFLEHOG_VERSION}" # Install OpenGrep (connector/runtime dependency) RUN curl -fsSL https://raw.githubusercontent.com/opengrep/opengrep/main/install.sh | bash diff --git a/README.md b/README.md index 0d0999c..2e8bd7d 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.0.28 + uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -120,7 +120,7 @@ Configure scanning policies, notification channels, and rule sets for your entir **Dashboard-Configured (Enterprise):** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -131,7 +131,7 @@ Configure scanning policies, notification channels, and rule sets for your entir **CLI-Configured:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -147,16 +147,25 @@ Configure scanning policies, notification channels, and rule sets for your entir ```bash # Build with version tag -docker build -t socketdev/socket-basics:1.0.28 . +docker build -t socketdev/socket-basics:1.0.29 . # Run scan -docker run --rm -v "$PWD:/workspace" socketdev/socket-basics:1.0.28 \ +docker run --rm -v "$PWD:/workspace" socketdev/socket-basics:1.0.29 \ --workspace /workspace \ --python-sast-enabled \ --secret-scanning-enabled \ --console-tabular-enabled ``` +Tip: If you need specific Trivy or TruffleHog versions, you can override them at build time: + +```bash +docker build \ + --build-arg TRIVY_VERSION=v0.67.2 \ + --build-arg TRUFFLEHOG_VERSION=v3.93.3 \ + -t socketdev/socket-basics:1.0.29 . +``` + 📖 **[View Docker Installation Guide](docs/local-install-docker.md)** ### CLI @@ -281,4 +290,3 @@ We welcome contributions! To add new features: --- **Need help?** Visit our [documentation](docs/) or contact [Socket Support](https://socket.dev/support). - diff --git a/docs/github-action.md b/docs/github-action.md index db3d81e..7dae4d9 100644 --- a/docs/github-action.md +++ b/docs/github-action.md @@ -39,7 +39,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.0.28 + uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -79,7 +79,7 @@ Include these in your workflow's `jobs..permissions` section. **SAST (Static Analysis):** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} # Enable SAST for specific languages @@ -93,7 +93,7 @@ Include these in your workflow's `jobs..permissions` section. **Secret Scanning:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} secret_scanning_enabled: 'true' @@ -105,7 +105,7 @@ Include these in your workflow's `jobs..permissions` section. **Container Scanning:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} # Scan Docker images (auto-enables container scanning) @@ -116,7 +116,7 @@ Include these in your workflow's `jobs..permissions` section. **Socket Tier 1 Reachability:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_tier_1_enabled: 'true' @@ -125,7 +125,7 @@ Include these in your workflow's `jobs..permissions` section. ### Output Configuration ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} python_sast_enabled: 'true' @@ -155,7 +155,7 @@ Configure Socket Basics centrally from the [Socket Dashboard](https://socket.dev **Enable in workflow:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -167,7 +167,7 @@ Configure Socket Basics centrally from the [Socket Dashboard](https://socket.dev > **Note:** You can also pass credentials using environment variables instead of the `with:` section: > ```yaml -> - uses: SocketDev/socket-basics@1.0.28 +> - uses: SocketDev/socket-basics@1.0.29 > env: > SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }} > with: @@ -185,7 +185,7 @@ All notification integrations require Socket Enterprise. **Slack Notifications:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -197,7 +197,7 @@ All notification integrations require Socket Enterprise. **Jira Issue Creation:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -212,7 +212,7 @@ All notification integrations require Socket Enterprise. **Microsoft Teams:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -224,7 +224,7 @@ All notification integrations require Socket Enterprise. **Generic Webhook:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -236,7 +236,7 @@ All notification integrations require Socket Enterprise. **SIEM Integration:** ```yaml -- uses: SocketDev/socket-basics@1.0.28 +- uses: SocketDev/socket-basics@1.0.29 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -272,7 +272,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.0.28 + uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -318,7 +318,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Full Security Scan - uses: SocketDev/socket-basics@1.0.28 + uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -369,10 +369,10 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build Docker Image - run: docker build -t myapp:1.0.28:${{ github.sha }} . + run: docker build -t myapp:1.0.29:${{ github.sha }} . - name: Scan Container - uses: SocketDev/socket-basics@1.0.28 + uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -435,7 +435,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.0.28 + uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -487,7 +487,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.0.28 + uses: SocketDev/socket-basics@1.0.29 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -580,7 +580,7 @@ env: ```yaml steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - Must be first - - uses: SocketDev/socket-basics@1.0.28 + - uses: SocketDev/socket-basics@1.0.29 ``` ### PR Comments Not Appearing diff --git a/docs/local-install-docker.md b/docs/local-install-docker.md index 02b3c69..4e4389a 100644 --- a/docs/local-install-docker.md +++ b/docs/local-install-docker.md @@ -17,7 +17,7 @@ Run Socket Basics locally using Docker without installing any security tools on # 1. Clone and build git clone https://github.com/SocketDev/socket-basics.git cd socket-basics -docker build -t socket-basics:1.0.28 . +docker build -t socket-basics:1.0.29 . # 2. Create .env file with your credentials cat > .env << 'EOF' @@ -29,7 +29,7 @@ EOF docker run --rm \ -v "$PWD:/workspace" \ --env-file .env \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --python \ --secrets \ @@ -46,10 +46,10 @@ git clone https://github.com/SocketDev/socket-basics.git cd socket-basics # Build with version tag -docker build -t socket-basics:1.0.28 . +docker build -t socket-basics:1.0.29 . # Or build with latest tag -docker build -t socket-basics:1.0.28:latest . +docker build -t socket-basics:1.0.29:latest . # Verify the build docker images | grep socket-basics @@ -59,21 +59,21 @@ docker images | grep socket-basics ```bash # Use your own image name -docker build -t myorg/security-scanner:1.0.28 . +docker build -t myorg/security-scanner:1.0.29 . # Build for specific platform (e.g., for M1/M2 Macs) -docker build --platform linux/amd64 -t socket-basics:1.0.28 . +docker build --platform linux/amd64 -t socket-basics:1.0.29 . ``` ### Verify Installation ```bash # Check that all tools are available in the container -docker run --rm socket-basics:1.0.28 socket-basics --version -docker run --rm socket-basics:1.0.28 socket --version -docker run --rm socket-basics:1.0.28 trivy --version -docker run --rm socket-basics:1.0.28 opengrep --version -docker run --rm socket-basics:1.0.28 trufflehog --version +docker run --rm socket-basics:1.0.29 socket-basics --version +docker run --rm socket-basics:1.0.29 socket --version +docker run --rm socket-basics:1.0.29 trivy --version +docker run --rm socket-basics:1.0.29 opengrep --version +docker run --rm socket-basics:1.0.29 trufflehog --version ``` ## Running Scans @@ -86,7 +86,7 @@ Mount your project directory into the container: # Scan current directory docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --python \ --secrets \ @@ -103,7 +103,7 @@ docker run --rm \ # Scan a specific project directory docker run --rm \ -v "/path/to/your/project:/workspace" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --javascript \ --secrets @@ -114,7 +114,7 @@ docker run --rm \ ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --all-languages \ --secrets \ @@ -162,7 +162,7 @@ VERBOSE=false docker run --rm \ -v "$PWD:/workspace" \ --env-file .env \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --python \ --secrets @@ -177,7 +177,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -e "SOCKET_SECURITY_API_KEY=scrt_your_api_key" \ -e "SOCKET_ORG=your-org-slug" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --python \ --secrets \ @@ -199,7 +199,7 @@ docker run --rm \ --env-file .env.socket \ --env-file .env.notifiers \ --env-file .env.scanning \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --all-languages ``` @@ -218,7 +218,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -e "SOCKET_SECURITY_API_KEY=$SOCKET_SECURITY_API_KEY" \ -e "SOCKET_ORG=$SOCKET_ORG" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --python ``` @@ -234,7 +234,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -v "/var/run/docker.sock:/var/run/docker.sock" \ --env-file .env \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --images "nginx:latest,redis:7" \ --console-tabular-enabled @@ -255,7 +255,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -v "$PWD/scan-results:/results" \ --env-file .env \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --python \ --secrets \ @@ -272,7 +272,7 @@ docker run --rm -it \ -v "$PWD:/workspace" \ --env-file .env \ --entrypoint /bin/bash \ - socket-basics:1.0.28 + socket-basics:1.0.29 # Inside container, run commands manually: # cd /workspace @@ -301,7 +301,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -v "$PWD/socket-config.json:/config.json" \ --env-file .env \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --config /config.json ``` @@ -325,7 +325,7 @@ for PROJECT in "${PROJECTS[@]}"; do docker run --rm \ -v "$PROJECT:/workspace" \ --env-file .env \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --all-languages \ --secrets \ @@ -345,7 +345,7 @@ pipeline { stage('Security Scan') { steps { script { - docker.image('socket-basics:1.0.28').inside( + docker.image('socket-basics:1.0.29').inside( "-v ${WORKSPACE}:/workspace --env-file .env" ) { sh ''' @@ -367,7 +367,7 @@ pipeline { ```yaml security-scan: - image: socket-basics:1.0.28 + image: socket-basics:1.0.29 stage: test script: - socket-basics @@ -393,7 +393,7 @@ security-scan: docker run --rm \ -v "$PWD:/workspace" \ --user "$(id -u):$(id -g)" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace ``` @@ -412,14 +412,14 @@ security-scan: ```bash docker run --rm \ -v "$(pwd):/workspace" \ # Use $(pwd) instead of $PWD - socket-basics:1.0.28 + socket-basics:1.0.29 ``` 2. Verify mount: ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ ls -la /workspace ``` @@ -449,7 +449,7 @@ security-scan: docker run --rm \ -v "$PWD:/workspace" \ --env-file "$(pwd)/.env" \ - socket-basics:1.0.28 + socket-basics:1.0.29 ``` ### Docker Socket Permission Denied @@ -497,7 +497,7 @@ security-scan: ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --python \ --secrets \ @@ -518,7 +518,7 @@ security-scan: ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --output /workspace/results.json # Save to mounted directory ``` @@ -529,7 +529,7 @@ security-scan: docker run --rm \ -v "$PWD:/workspace" \ -v "$PWD/results:/results" \ - socket-basics:1.0.28 \ + socket-basics:1.0.29 \ --workspace /workspace \ --output /results/scan.json ``` @@ -540,14 +540,14 @@ Add these to your `~/.bashrc` or `~/.zshrc` for quick access: ```bash # Socket Basics Docker aliases -alias sb-docker='docker run --rm -v "$PWD:/workspace" --env-file .env socket-basics:1.0.28 --workspace /workspace' +alias sb-docker='docker run --rm -v "$PWD:/workspace" --env-file .env socket-basics:1.0.29 --workspace /workspace' alias sb-quick='sb-docker --secrets --console-tabular-enabled' alias sb-python='sb-docker --python --secrets --console-tabular-enabled' alias sb-js='sb-docker --javascript --secrets --console-tabular-enabled' alias sb-all='sb-docker --all-languages --secrets --socket-tier1 --console-tabular-enabled' # Rebuild image -alias sb-build='docker build -t socket-basics:1.0.28 .' +alias sb-build='docker build -t socket-basics:1.0.29 .' ``` Usage: @@ -583,7 +583,7 @@ set -e # Configuration PROJECT_DIR="$(pwd)" RESULTS_DIR="./scan-results" -IMAGE_NAME="socket-basics:1.0.28" +IMAGE_NAME="socket-basics:1.0.29" ENV_FILE=".env" # Create results directory diff --git a/docs/pre-commit-hook.md b/docs/pre-commit-hook.md index 32acf07..f68c27c 100644 --- a/docs/pre-commit-hook.md +++ b/docs/pre-commit-hook.md @@ -39,7 +39,7 @@ git clone https://github.com/SocketDev/socket-basics.git cd socket-basics # Build the Docker image with version tag -docker build -t socket-basics:1.0.28 . +docker build -t socket-basics:1.0.29 . ``` **2. Create pre-commit hook:** diff --git a/pyproject.toml b/pyproject.toml index 640b10f..29c134a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "socket_basics" -version = "1.0.28" +version = "1.0.29" description = "Socket Basics with integrated SAST, secret scanning, and container analysis" readme = "README.md" requires-python = ">=3.10" diff --git a/socket_basics/__init__.py b/socket_basics/__init__.py index 414df69..7aa6a49 100644 --- a/socket_basics/__init__.py +++ b/socket_basics/__init__.py @@ -12,7 +12,7 @@ from .socket_basics import SecurityScanner, main from .core.config import load_config_from_env, Config -__version__ = "1.0.28" +__version__ = "1.0.29" __author__ = "Socket.dev" __email__ = "support@socket.dev" diff --git a/socket_basics/version.py b/socket_basics/version.py index 94650f2..7b64613 100644 --- a/socket_basics/version.py +++ b/socket_basics/version.py @@ -1 +1 @@ -__version__ = "1.0.28" +__version__ = "1.0.29" diff --git a/uv.lock b/uv.lock index c255685..d6b75b8 100644 --- a/uv.lock +++ b/uv.lock @@ -623,7 +623,7 @@ wheels = [ [[package]] name = "socket-basics" -version = "1.0.28" +version = "1.0.29" source = { editable = "." } dependencies = [ { name = "jsonschema" },