diff --git a/README.md b/README.md index a4b463c..82c2e76 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.1.0 + uses: SocketDev/socket-basics@1.1.1 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -144,10 +144,10 @@ For GitHub Actions, see the [Quick Start](#-quick-start---github-actions) above ```bash # Build with version tag -docker build -t socketdev/socket-basics:1.1.0 . +docker build -t socketdev/socket-basics:1.1.1 . # Run scan -docker run --rm -v "$PWD:/workspace" socketdev/socket-basics:1.1.0 \ +docker run --rm -v "$PWD:/workspace" socketdev/socket-basics:1.1.1 \ --workspace /workspace \ --python-sast-enabled \ --secret-scanning-enabled \ @@ -160,7 +160,7 @@ Tip: If you need specific Trivy or TruffleHog versions, you can override them at docker build \ --build-arg TRIVY_VERSION=v0.67.2 \ --build-arg TRUFFLEHOG_VERSION=v3.93.3 \ - -t socketdev/socket-basics:1.1.0 . + -t socketdev/socket-basics:1.1.1 . ``` 📖 **[View Docker Installation Guide](docs/local-install-docker.md)** diff --git a/docs/github-action.md b/docs/github-action.md index fd9d4b7..2d0bcb5 100644 --- a/docs/github-action.md +++ b/docs/github-action.md @@ -42,7 +42,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.1.0 + uses: SocketDev/socket-basics@1.1.1 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -77,7 +77,7 @@ Include these in your workflow's `jobs..permissions` section. **SAST (Static Analysis):** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} # Enable SAST for specific languages @@ -91,7 +91,7 @@ Include these in your workflow's `jobs..permissions` section. **Secret Scanning:** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} secret_scanning_enabled: 'true' @@ -103,7 +103,7 @@ Include these in your workflow's `jobs..permissions` section. **Container Scanning:** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} # Scan Docker images (auto-enables container scanning) @@ -114,7 +114,7 @@ Include these in your workflow's `jobs..permissions` section. **Socket Tier 1 Reachability:** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_tier_1_enabled: 'true' @@ -123,7 +123,7 @@ Include these in your workflow's `jobs..permissions` section. ### Output Configuration ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} python_sast_enabled: 'true' @@ -159,7 +159,7 @@ Configure Socket Basics centrally from the [Socket Dashboard](https://socket.dev **Enable in workflow:** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -171,7 +171,7 @@ Configure Socket Basics centrally from the [Socket Dashboard](https://socket.dev > **Note:** You can also pass credentials using environment variables instead of the `with:` section: > ```yaml -> - uses: SocketDev/socket-basics@1.1.0 +> - uses: SocketDev/socket-basics@1.1.1 > env: > SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }} > with: @@ -189,7 +189,7 @@ All notification integrations require Socket Enterprise. **Slack Notifications:** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -201,7 +201,7 @@ All notification integrations require Socket Enterprise. **Jira Issue Creation:** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -216,7 +216,7 @@ All notification integrations require Socket Enterprise. **Microsoft Teams:** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -228,7 +228,7 @@ All notification integrations require Socket Enterprise. **Generic Webhook:** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -240,7 +240,7 @@ All notification integrations require Socket Enterprise. **SIEM Integration:** ```yaml -- uses: SocketDev/socket-basics@1.1.0 +- uses: SocketDev/socket-basics@1.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} socket_org: ${{ secrets.SOCKET_ORG }} @@ -276,7 +276,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.1.0 + uses: SocketDev/socket-basics@1.1.1 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -322,7 +322,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Full Security Scan - uses: SocketDev/socket-basics@1.1.0 + uses: SocketDev/socket-basics@1.1.1 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -373,10 +373,10 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Build Docker Image - run: docker build -t myapp:1.1.0:${{ github.sha }} . + run: docker build -t myapp:1.1.1:${{ github.sha }} . - name: Scan Container - uses: SocketDev/socket-basics@1.1.0 + uses: SocketDev/socket-basics@1.1.1 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -439,7 +439,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.1.0 + uses: SocketDev/socket-basics@1.1.1 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -491,7 +491,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Socket Basics - uses: SocketDev/socket-basics@1.1.0 + uses: SocketDev/socket-basics@1.1.1 env: GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} with: @@ -584,7 +584,7 @@ env: ```yaml steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - Must be first - - uses: SocketDev/socket-basics@1.1.0 + - uses: SocketDev/socket-basics@1.1.1 ``` ### PR Comments Not Appearing diff --git a/docs/local-install-docker.md b/docs/local-install-docker.md index 94479e9..915b589 100644 --- a/docs/local-install-docker.md +++ b/docs/local-install-docker.md @@ -17,7 +17,7 @@ Run Socket Basics locally using Docker without installing any security tools on # 1. Clone and build git clone https://github.com/SocketDev/socket-basics.git cd socket-basics -docker build -t socket-basics:1.1.0 . +docker build -t socket-basics:1.1.1 . # 2. Create .env file with your credentials cat > .env << 'EOF' @@ -29,7 +29,7 @@ EOF docker run --rm \ -v "$PWD:/workspace" \ --env-file .env \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --python \ --secrets \ @@ -46,10 +46,10 @@ git clone https://github.com/SocketDev/socket-basics.git cd socket-basics # Build with version tag -docker build -t socket-basics:1.1.0 . +docker build -t socket-basics:1.1.1 . # Or build with latest tag -docker build -t socket-basics:1.1.0:latest . +docker build -t socket-basics:1.1.1:latest . # Verify the build docker images | grep socket-basics @@ -59,21 +59,21 @@ docker images | grep socket-basics ```bash # Use your own image name -docker build -t myorg/security-scanner:1.1.0 . +docker build -t myorg/security-scanner:1.1.1 . # Build for specific platform (e.g., for M1/M2 Macs) -docker build --platform linux/amd64 -t socket-basics:1.1.0 . +docker build --platform linux/amd64 -t socket-basics:1.1.1 . ``` ### Verify Installation ```bash # Check that all tools are available in the container -docker run --rm socket-basics:1.1.0 socket-basics --version -docker run --rm socket-basics:1.1.0 socket --version -docker run --rm socket-basics:1.1.0 trivy --version -docker run --rm socket-basics:1.1.0 opengrep --version -docker run --rm socket-basics:1.1.0 trufflehog --version +docker run --rm socket-basics:1.1.1 socket-basics --version +docker run --rm socket-basics:1.1.1 socket --version +docker run --rm socket-basics:1.1.1 trivy --version +docker run --rm socket-basics:1.1.1 opengrep --version +docker run --rm socket-basics:1.1.1 trufflehog --version ``` ## Running Scans @@ -86,7 +86,7 @@ Mount your project directory into the container: # Scan current directory docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --python \ --secrets \ @@ -103,7 +103,7 @@ docker run --rm \ # Scan a specific project directory docker run --rm \ -v "/path/to/your/project:/workspace" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --javascript \ --secrets @@ -114,7 +114,7 @@ docker run --rm \ ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --all-languages \ --secrets \ @@ -162,7 +162,7 @@ VERBOSE=false docker run --rm \ -v "$PWD:/workspace" \ --env-file .env \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --python \ --secrets @@ -177,7 +177,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -e "SOCKET_SECURITY_API_KEY=scrt_your_api_key" \ -e "SOCKET_ORG=your-org-slug" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --python \ --secrets \ @@ -199,7 +199,7 @@ docker run --rm \ --env-file .env.socket \ --env-file .env.notifiers \ --env-file .env.scanning \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --all-languages ``` @@ -218,7 +218,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -e "SOCKET_SECURITY_API_KEY=$SOCKET_SECURITY_API_KEY" \ -e "SOCKET_ORG=$SOCKET_ORG" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --python ``` @@ -234,7 +234,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -v "/var/run/docker.sock:/var/run/docker.sock" \ --env-file .env \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --images "nginx:latest,redis:7" \ --console-tabular-enabled @@ -255,7 +255,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -v "$PWD/scan-results:/results" \ --env-file .env \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --python \ --secrets \ @@ -272,7 +272,7 @@ docker run --rm -it \ -v "$PWD:/workspace" \ --env-file .env \ --entrypoint /bin/bash \ - socket-basics:1.1.0 + socket-basics:1.1.1 # Inside container, run commands manually: # cd /workspace @@ -301,7 +301,7 @@ docker run --rm \ -v "$PWD:/workspace" \ -v "$PWD/socket-config.json:/config.json" \ --env-file .env \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --config /config.json ``` @@ -325,7 +325,7 @@ for PROJECT in "${PROJECTS[@]}"; do docker run --rm \ -v "$PROJECT:/workspace" \ --env-file .env \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --all-languages \ --secrets \ @@ -349,7 +349,7 @@ pipeline { stage('Security Scan') { steps { script { - docker.image('socket-basics:1.1.0').inside( + docker.image('socket-basics:1.1.1').inside( "-v ${WORKSPACE}:/workspace --env-file .env" ) { sh ''' @@ -371,7 +371,7 @@ pipeline { ```yaml security-scan: - image: socket-basics:1.1.0 + image: socket-basics:1.1.1 stage: test script: - socket-basics @@ -397,7 +397,7 @@ security-scan: docker run --rm \ -v "$PWD:/workspace" \ --user "$(id -u):$(id -g)" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace ``` @@ -416,14 +416,14 @@ security-scan: ```bash docker run --rm \ -v "$(pwd):/workspace" \ # Use $(pwd) instead of $PWD - socket-basics:1.1.0 + socket-basics:1.1.1 ``` 2. Verify mount: ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ ls -la /workspace ``` @@ -453,7 +453,7 @@ security-scan: docker run --rm \ -v "$PWD:/workspace" \ --env-file "$(pwd)/.env" \ - socket-basics:1.1.0 + socket-basics:1.1.1 ``` ### Docker Socket Permission Denied @@ -501,7 +501,7 @@ security-scan: ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --python \ --secrets \ @@ -522,7 +522,7 @@ security-scan: ```bash docker run --rm \ -v "$PWD:/workspace" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --output /workspace/results.json # Save to mounted directory ``` @@ -533,7 +533,7 @@ security-scan: docker run --rm \ -v "$PWD:/workspace" \ -v "$PWD/results:/results" \ - socket-basics:1.1.0 \ + socket-basics:1.1.1 \ --workspace /workspace \ --output /results/scan.json ``` @@ -544,14 +544,14 @@ Add these to your `~/.bashrc` or `~/.zshrc` for quick access: ```bash # Socket Basics Docker aliases -alias sb-docker='docker run --rm -v "$PWD:/workspace" --env-file .env socket-basics:1.1.0 --workspace /workspace' +alias sb-docker='docker run --rm -v "$PWD:/workspace" --env-file .env socket-basics:1.1.1 --workspace /workspace' alias sb-quick='sb-docker --secrets --console-tabular-enabled' alias sb-python='sb-docker --python --secrets --console-tabular-enabled' alias sb-js='sb-docker --javascript --secrets --console-tabular-enabled' alias sb-all='sb-docker --all-languages --secrets --socket-tier1 --console-tabular-enabled' # Rebuild image -alias sb-build='docker build -t socket-basics:1.1.0 .' +alias sb-build='docker build -t socket-basics:1.1.1 .' ``` Usage: @@ -587,7 +587,7 @@ set -e # Configuration PROJECT_DIR="$(pwd)" RESULTS_DIR="./scan-results" -IMAGE_NAME="socket-basics:1.1.0" +IMAGE_NAME="socket-basics:1.1.1" ENV_FILE=".env" # Create results directory diff --git a/docs/pre-commit-hook.md b/docs/pre-commit-hook.md index 8bbcaee..0b92b34 100644 --- a/docs/pre-commit-hook.md +++ b/docs/pre-commit-hook.md @@ -39,7 +39,7 @@ git clone https://github.com/SocketDev/socket-basics.git cd socket-basics # Build the Docker image with version tag -docker build -t socket-basics:1.1.0 . +docker build -t socket-basics:1.1.1 . ``` **2. Create pre-commit hook:** diff --git a/pyproject.toml b/pyproject.toml index 369b072..44f36ce 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "socket_basics" -version = "1.1.0" +version = "1.1.1" description = "Socket Basics with integrated SAST, secret scanning, and container analysis" readme = "README.md" requires-python = ">=3.10" diff --git a/socket_basics/__init__.py b/socket_basics/__init__.py index 3e75711..d749971 100644 --- a/socket_basics/__init__.py +++ b/socket_basics/__init__.py @@ -12,7 +12,7 @@ from .socket_basics import SecurityScanner, main from .core.config import load_config_from_env, Config -__version__ = "1.1.0" +__version__ = "1.1.1" __author__ = "Socket.dev" __email__ = "support@socket.dev" diff --git a/socket_basics/core/notification/webhook_notifier.py b/socket_basics/core/notification/webhook_notifier.py index 6180944..a5a5279 100644 --- a/socket_basics/core/notification/webhook_notifier.py +++ b/socket_basics/core/notification/webhook_notifier.py @@ -19,7 +19,7 @@ def __init__(self, params: Dict[str, Any] | None = None): super().__init__(params or {}) # Webhook URL from params, env variable, or app config self.url = ( - self.config.get('url') or + self.config.get('webhook_url') or get_webhook_url() ) diff --git a/socket_basics/version.py b/socket_basics/version.py index 6849410..a82b376 100644 --- a/socket_basics/version.py +++ b/socket_basics/version.py @@ -1 +1 @@ -__version__ = "1.1.0" +__version__ = "1.1.1" diff --git a/tests/test_webhook_notifier_params.py b/tests/test_webhook_notifier_params.py new file mode 100644 index 0000000..996f105 --- /dev/null +++ b/tests/test_webhook_notifier_params.py @@ -0,0 +1,87 @@ +import os + +from socket_basics.core.notification.webhook_notifier import WebhookNotifier +from socket_basics.core.notification.manager import NotificationManager + + +def _base_cfg(): + return { + "notifiers": { + "webhook": { + "module_path": "socket_basics.core.notification.webhook_notifier", + "class": "WebhookNotifier", + "parameters": [ + {"name": "webhook_url", "env_variable": "INPUT_WEBHOOK_URL", "type": "str"}, + ], + } + } + } + + +def test_webhook_notifier_reads_url_from_params(): + """webhook_url param from dashboard config should populate self.url""" + n = WebhookNotifier({"webhook_url": "https://hooks.example.com/endpoint"}) + assert n.url == "https://hooks.example.com/endpoint" + + +def test_webhook_notifier_url_is_none_without_config(monkeypatch): + """Without any config or env var, url should be falsy""" + monkeypatch.delenv("WEBHOOK_URL", raising=False) + monkeypatch.delenv("INPUT_WEBHOOK_URL", raising=False) + n = WebhookNotifier({}) + assert not n.url + + +def test_webhook_notifier_falls_back_to_env_var(monkeypatch): + """INPUT_WEBHOOK_URL env var should work as fallback when params empty""" + monkeypatch.delenv("WEBHOOK_URL", raising=False) + monkeypatch.setenv("INPUT_WEBHOOK_URL", "https://env.example.com/hook") + n = WebhookNotifier({}) + assert n.url == "https://env.example.com/hook" + + +def test_webhook_notifier_params_take_precedence_over_env(monkeypatch): + """Dashboard config (params) should take precedence over env var""" + monkeypatch.delenv("WEBHOOK_URL", raising=False) + monkeypatch.setenv("INPUT_WEBHOOK_URL", "https://env.example.com/hook") + n = WebhookNotifier({"webhook_url": "https://dashboard.example.com/hook"}) + assert n.url == "https://dashboard.example.com/hook" + + +def test_webhook_enabled_via_app_config(monkeypatch): + """Webhook notifier should load when webhook_url is in app_config (dashboard)""" + monkeypatch.delenv("WEBHOOK_URL", raising=False) + monkeypatch.delenv("INPUT_WEBHOOK_URL", raising=False) + + cfg = _base_cfg() + nm = NotificationManager(cfg, app_config={"webhook_url": "https://app.example.com/hook"}) + nm.load_from_config() + + webhook = next(n for n in nm.notifiers if getattr(n, "name", "") == "webhook") + assert webhook.url == "https://app.example.com/hook" + + +def test_webhook_enabled_via_env_var(monkeypatch): + """Webhook notifier should load when INPUT_WEBHOOK_URL env var is set""" + monkeypatch.delenv("WEBHOOK_URL", raising=False) + monkeypatch.setenv("INPUT_WEBHOOK_URL", "https://env.example.com/hook") + + cfg = _base_cfg() + nm = NotificationManager(cfg, app_config={}) + nm.load_from_config() + + webhook = next(n for n in nm.notifiers if getattr(n, "name", "") == "webhook") + assert webhook.url == "https://env.example.com/hook" + + +def test_webhook_app_config_precedence_over_env(monkeypatch): + """app_config webhook_url should take precedence over env var in manager flow""" + monkeypatch.delenv("WEBHOOK_URL", raising=False) + monkeypatch.setenv("INPUT_WEBHOOK_URL", "https://env.example.com/hook") + + cfg = _base_cfg() + nm = NotificationManager(cfg, app_config={"webhook_url": "https://dashboard.example.com/hook"}) + nm.load_from_config() + + webhook = next(n for n in nm.notifiers if getattr(n, "name", "") == "webhook") + assert webhook.url == "https://dashboard.example.com/hook" diff --git a/uv.lock b/uv.lock index 931946a..726c53f 100644 --- a/uv.lock +++ b/uv.lock @@ -623,7 +623,7 @@ wheels = [ [[package]] name = "socket-basics" -version = "1.1.0" +version = "1.1.1" source = { editable = "." } dependencies = [ { name = "jsonschema" },