Merge pull request #155 from SocketDev/add-strace-to-docker

Add strace to Docker image

Merge pull request #154 from SocketDev/set-scan-type-when-reach

Set the scan type to socket_tier1 when using the reachability flag

Merge pull request #153 from SocketDev/reach-new-flags

feat: add new reachability flags and change analysis splitting default

Mucha dev gitlab security output (#147)

* feat: add GitLab Security Dashboard integration with Dependency Scanning report output

Adds support for generating GitLab-compatible Dependency Scanning reports that integrate with GitLab's Security Dashboard. This feature enables Socket security findings to be displayed natively in GitLab merge requests and security dashboards.

Key Features:
- New --enable-gitlab-security flag to generate GitLab reports
- New --gitlab-security-file flag for custom output paths (default: gl-dependency-scanning-report.json)
- Generates GitLab Dependency Scanning schema v15.0.0 compliant reports
- Supports multiple simultaneous output formats (JSON, SARIF, GitLab)
- Includes actionable security alerts (error/warn level) in vulnerability reports
- Maps Socket severity levels to GitLab severity (Critical, High, Medium, Low)
- Extracts CVE identifiers and dependency chain information
- Generates deterministic UUIDs for vulnerability tracking

Implementation:
- Added GitLab report generator in messages.py with helper functions for severity mapping, identifier extraction, and location parsing
- Refactored OutputHandler to support multiple simultaneous output formats
- Added comprehensive unit tests (test_gitlab_format.py) and integration tests
- Updated documentation with usage examples, CI/CD integration guide, and alert filtering details

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* capturing all recent changes

* chore: bump version to 2.3.0 for GitLab Security Dashboard feature

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* bumping version

* Removing unneeded files

---------

Co-authored-by: Jonathan Mucha <jonathan@mucha.local>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Douglas Coburn <douglas@dactbc.com>

feat: add PyPy installation for Alpine on x86_64 (#148)

* feat: add PyPy installation for Alpine on x86_64

Install Alpine-compatible PyPy3.11 build on amd64 platforms to enable
faster Python reachability analysis.

* Fix versions & changelog

* Bump version to 2.2.65

---------

Co-authored-by: Douglas Coburn <douglas@dactbc.com>

Incremented to newer SDK support for fix for PR Number (#146)

Added support to do a Slack Bot instead of just a Slack WebHook (#145)

* Added support to do a Slack Bot instead of just a Slack WebHook

* Updated README with new Slack bot directions

feat: add Slack formatter for Socket Facts reachability analysis (#144)

- Add new markdown utility for Socket Facts data formatting
- Add `socketsecurity/core/helper/socket_facts_loader.py` to load Socket Facts JSON
- Add `socketsecurity/plugins/formatters/slack.py` for Slack-specific formatting
- Update Slack plugin to support reachability analysis notifications with smart block limiting
- Add markdown dependency for enhanced formatting capabilities
- Update README documentation
- Update socketdev dependency to 3.0.25
- Bump version to 2.2.59

Fixed globbing for files that were unintentionally filtering out path… (

#143)

* Fixed globbing for files that were unintentionally filtering out paths that started with a dot

* Removed unused imports

Merge pull request #142 from SocketDev/fix-go-env

fix GOROOT when go is installed via apk