From 39dd14c41d18af4a017170265bae79b254d093dd Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Wed, 22 Apr 2026 15:27:49 +0200 Subject: [PATCH 1/2] Add hidden reach-continue-on-* flags for Coana v15 Coana v15 introduces four new halt-by-default behaviors in socket mode and corresponding --reach-continue-on-* opt-outs. Expose them as hidden flags on the Python CLI so it is ready to forward them when Coana v15 becomes the default. Co-Authored-By: Claude Opus 4.7 (1M context) --- socketsecurity/config.py | 32 +++++++++++++++++++++++ socketsecurity/core/tools/reachability.py | 16 ++++++++++++ socketsecurity/socketcli.py | 6 ++++- 3 files changed, 53 insertions(+), 1 deletion(-) diff --git a/socketsecurity/config.py b/socketsecurity/config.py index bc7689f..1d18c6a 100644 --- a/socketsecurity/config.py +++ b/socketsecurity/config.py @@ -131,6 +131,10 @@ class CliConfig: reach_additional_params: Optional[List[str]] = None only_facts_file: bool = False reach_use_only_pregenerated_sboms: bool = False + reach_continue_on_analysis_errors: bool = False + reach_continue_on_install_errors: bool = False + reach_continue_on_missing_lock_files: bool = False + reach_continue_on_no_source_files: bool = False max_purl_batch_size: int = 5000 enable_commit_status: bool = False config_file: Optional[str] = None @@ -236,6 +240,10 @@ def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig': 'reach_additional_params': args.reach_additional_params, 'only_facts_file': args.only_facts_file, 'reach_use_only_pregenerated_sboms': args.reach_use_only_pregenerated_sboms, + 'reach_continue_on_analysis_errors': args.reach_continue_on_analysis_errors, + 'reach_continue_on_install_errors': args.reach_continue_on_install_errors, + 'reach_continue_on_missing_lock_files': args.reach_continue_on_missing_lock_files, + 'reach_continue_on_no_source_files': args.reach_continue_on_no_source_files, 'max_purl_batch_size': args.max_purl_batch_size, 'enable_commit_status': args.enable_commit_status, 'config_file': args.config_file, @@ -861,6 +869,30 @@ def create_argument_parser() -> argparse.ArgumentParser: action="store_true", help="When using this option, the scan is created based only on pre-generated CDX and SPDX files in your project. (requires --reach)" ) + reachability_group.add_argument( + "--reach-continue-on-analysis-errors", + dest="reach_continue_on_analysis_errors", + action="store_true", + help=argparse.SUPPRESS + ) + reachability_group.add_argument( + "--reach-continue-on-install-errors", + dest="reach_continue_on_install_errors", + action="store_true", + help=argparse.SUPPRESS + ) + reachability_group.add_argument( + "--reach-continue-on-missing-lock-files", + dest="reach_continue_on_missing_lock_files", + action="store_true", + help=argparse.SUPPRESS + ) + reachability_group.add_argument( + "--reach-continue-on-no-source-files", + dest="reach_continue_on_no_source_files", + action="store_true", + help=argparse.SUPPRESS + ) parser.add_argument( '--version', diff --git a/socketsecurity/core/tools/reachability.py b/socketsecurity/core/tools/reachability.py index 581ea70..27593c8 100644 --- a/socketsecurity/core/tools/reachability.py +++ b/socketsecurity/core/tools/reachability.py @@ -104,6 +104,10 @@ def run_reachability_analysis( allow_unverified: bool = False, enable_debug: bool = False, use_only_pregenerated_sboms: bool = False, + continue_on_analysis_errors: bool = False, + continue_on_install_errors: bool = False, + continue_on_missing_lock_files: bool = False, + continue_on_no_source_files: bool = False, ) -> Dict[str, Any]: """ Run reachability analysis. @@ -196,6 +200,18 @@ def run_reachability_analysis( if use_only_pregenerated_sboms: cmd.append("--use-only-pregenerated-sboms") + if continue_on_analysis_errors: + cmd.append("--reach-continue-on-analysis-errors") + + if continue_on_install_errors: + cmd.append("--reach-continue-on-install-errors") + + if continue_on_missing_lock_files: + cmd.append("--reach-continue-on-missing-lock-files") + + if continue_on_no_source_files: + cmd.append("--reach-continue-on-no-source-files") + # Add any additional parameters provided by the user if additional_params: cmd.extend(additional_params) diff --git a/socketsecurity/socketcli.py b/socketsecurity/socketcli.py index 76e5099..1f2b166 100644 --- a/socketsecurity/socketcli.py +++ b/socketsecurity/socketcli.py @@ -303,7 +303,11 @@ def main_code(): additional_params=config.reach_additional_params, allow_unverified=config.allow_unverified, enable_debug=config.enable_debug, - use_only_pregenerated_sboms=config.reach_use_only_pregenerated_sboms + use_only_pregenerated_sboms=config.reach_use_only_pregenerated_sboms, + continue_on_analysis_errors=config.reach_continue_on_analysis_errors, + continue_on_install_errors=config.reach_continue_on_install_errors, + continue_on_missing_lock_files=config.reach_continue_on_missing_lock_files, + continue_on_no_source_files=config.reach_continue_on_no_source_files, ) log.info(f"Reachability analysis completed successfully") From ea4f94d4dff315b278aa01d55b4fd9ecf0c8a4e1 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Wed, 22 Apr 2026 15:29:45 +0200 Subject: [PATCH 2/2] Bump version to 2.2.85 Co-Authored-By: Claude Opus 4.7 (1M context) --- pyproject.toml | 2 +- socketsecurity/__init__.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 3963007..c0e07c7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "hatchling.build" [project] name = "socketsecurity" -version = "2.2.84" +version = "2.2.85" requires-python = ">= 3.11" license = {"file" = "LICENSE"} dependencies = [ diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py index 9ca3b60..ec5936b 100644 --- a/socketsecurity/__init__.py +++ b/socketsecurity/__init__.py @@ -1,3 +1,3 @@ __author__ = 'socket.dev' -__version__ = '2.2.84' +__version__ = '2.2.85' USER_AGENT = f'SocketPythonCLI/{__version__}'