Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

socketsecurity

Package Overview
Dependencies
Maintainers
3
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

socketsecurity

Socket Security CLI for CI/CD

  • 1.0.35
  • PyPI
  • Socket score

Maintainers
3

Socket Security CLI

The Socket Security CLI was created to enable integrations with other tools like Github Actions, Gitlab, BitBucket, local use cases and more. The tool will get the head scan for the provided repo from Socket, create a new one, and then report any new alerts detected. If there are new alerts against the Socket security policy it'll exit with a non-Zero exit code.

Usage

socketcli [-h] [--api_token API_TOKEN] [--repo REPO] [--branch BRANCH] [--committer COMMITTER] [--pr_number PR_NUMBER]
                 [--commit_message COMMIT_MESSAGE] [--default_branch] [--target_path TARGET_PATH] [--scm {api,github,gitlab}] [--sbom-file SBOM_FILE]
                 [--commit-sha COMMIT_SHA] [--generate-license GENERATE_LICENSE] [-v] [--enable-debug] [--enable-json] [--disable-overview]
                 [--disable-security-issue] [--files FILES] [--ignore-commit-files]

If you don't want to provide the Socket API Token every time then you can use the environment variable SOCKET_SECURITY_API_KEY

ParameterAlternate NameRequiredDefaultDescription
-h--helpFalseShow the CLI help message
--api_tokenFalseProvides the Socket API Token
--repoTrueThe string name in a git approved name for repositories.
--branchFalseThe string name in a git approved name for branches.
--committerFalseThe string name of the person doing the commit or running the CLI. Can be specified multiple times to have more than one committer
--pr_numberFalse0The integer for the PR or MR number
--commit_messageFalseThe string for a commit message if there is one
--default_branchFalseFalseIf the flag is specified this will signal that this is the default branch. This needs to be enabled for a report to update Org Alerts and Org Dependencies
--target_pathFalse./This is the path to where the manifest files are location. The tool will recursively search for all supported manifest files
--scmFalseapiThis is the mode that the tool is to run in. For local runs api would be the mode. Other options are gitlab and github
--generate-licenseFalseFalseIf this flag is specified it will generate a json file with the license per package and license text in the current working directory
--version-vFalsePrints the version and exits
--enable-debugFalseFalseEnables debug messaging for the CLI
--sbom-fileFalseFalseCreates a JSON file with all dependencies and alerts
--commit-shaFalseThe commit hash for the commit
--generate-licenseFalseFalseIf enabled with --sbom-file will include license details
--enable-jsonFalseFalseIf enabled will change the console output format to JSON
--disable-overviewFalseFalseIf enabled will disable Dependency Overview comments
--disable-security-issueFalseFalseIf enabled will disable Security Issue Comments
--filesFalseIf provided in the format of ["file1", "file2"] will be used to determine if there have been supported file changes. This is used if it isn't a git repo and you would like to only run if it supported files have changed.
--ignore-commit-filesFalseFalseIf enabled then the CLI will ignore what files are changed in the commit and look for all manifest files
--disable-blockingFalseFalseDisables failing checks and will only exit with an exit code of 0

Keywords

FAQs


Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc