Skip to content

feat: add Slack formatter for Socket Facts reachability analysis #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dacoburn merged 1 commit into from
Jan 2, 2026
Merged

feat: add Slack formatter for Socket Facts reachability analysis #144

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 37 additions & 8 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,14 +101,14 @@ socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--repo-is-public] [--branc
[--only-facts-file] [--version]
````

If you don't want to provide the Socket API Token every time then you can use the environment variable `SOCKET_SECURITY_API_KEY`
If you don't want to provide the Socket API Token every time then you can use the environment variable `SOCKET_SECURITY_API_TOKEN`

### Parameters

#### Authentication
| Parameter | Required | Default | Description |
|:------------|:---------|:--------|:--------------------------------------------------------------------------------|
| --api-token | False | | Socket Security API token (can also be set via SOCKET_SECURITY_API_KEY env var) |
| Parameter | Required | Default | Description |
|:------------|:---------|:--------|:----------------------------------------------------------------------------------|
| --api-token | False | | Socket Security API token (can also be set via SOCKET_SECURITY_API_TOKEN env var) |

#### Repository
| Parameter | Required | Default | Description |
Expand Down Expand Up @@ -221,15 +221,43 @@ Example `SOCKET_JIRA_CONFIG_JSON` value

| Environment Variable | Required | Default | Description |
|:-------------------------|:---------|:--------|:-----------------------------------|
| SOCKET_SLACK_ENABLED | False | false | Enables/Disables the Slack Plugin |
| SOCKET_SLACK_CONFIG_JSON | True | None | Required if the Plugin is enabled. |
| SOCKET_SLACK_CONFIG_JSON | False | None | Slack webhook configuration (enables plugin when set). Alternatively, use --slack-webhook CLI flag. |

Example `SOCKET_SLACK_CONFIG_JSON` value
Example `SOCKET_SLACK_CONFIG_JSON` value (simple webhook):

````json
{"url": "https://REPLACE_ME_WEBHOOK"}
````

Example with advanced filtering (reachability-only alerts):

````json
{
"url": [
{
"name": "prod_alerts",
"url": "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
}
],
"url_configs": {
"prod_alerts": {
"reachability_alerts_only": true,
"always_send_reachability": true
}
}
}
````

**Advanced Configuration Options:**

The `url_configs` object allows per-webhook filtering:

- `reachability_alerts_only` (boolean, default: false): When `--reach` is enabled, only send blocking alerts (error=true) from diff scans
- `always_send_reachability` (boolean, default: true): Send reachability alerts even on non-diff scans when `--reach` is enabled. Set to false to only send reachability alerts when there are diff alerts.
- `repos` (array): Only send alerts for specific repositories (e.g., `["owner/repo1", "owner/repo2"]`)
- `alert_types` (array): Only send specific alert types (e.g., `["malware", "typosquat"]`)
- `severities` (array): Only send alerts with specific severities (e.g., `["high", "critical"]`)

## Automatic Git Detection

The CLI now automatically detects repository information from your git environment, significantly simplifying usage in CI/CD pipelines:
Expand Down Expand Up @@ -490,7 +518,8 @@ Implementation targets:
### Environment Variables

#### Core Configuration
- `SOCKET_SECURITY_API_KEY`: Socket Security API token (alternative to --api-token parameter)
- `SOCKET_SECURITY_API_TOKEN`: Socket Security API token (alternative to --api-token parameter)
- For backwards compatibility, also accepts: `SOCKET_SECURITY_API_KEY`, `SOCKET_API_KEY`, `SOCKET_API_TOKEN`
- `SOCKET_SDK_PATH`: Path to local socketdev repository (default: ../socketdev)

#### GitLab Integration
Expand Down
5 changes: 3 additions & 2 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ build-backend = "hatchling.build"

[project]
name = "socketsecurity"
version = "2.2.59"
version = "2.2.60"
requires-python = ">= 3.10"
license = {"file" = "LICENSE"}
dependencies = [
Expand All @@ -16,8 +16,9 @@ dependencies = [
'GitPython',
'packaging',
'python-dotenv',
'socketdev>=3.0.22,<4.0.0',
"socketdev>=3.0.25,<4.0.0",
"bs4>=0.0.2",
"markdown>=3.10",
]
readme = "README.md"
description = "Socket Security CLI for CI/CD"
Expand Down
2 changes: 1 addition & 1 deletion socketsecurity/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
__author__ = 'socket.dev'
__version__ = '2.2.59'
__version__ = '2.2.60'
USER_AGENT = f'SocketPythonCLI/{__version__}'
32 changes: 27 additions & 5 deletions socketsecurity/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ class CliConfig:
version: str = __version__
jira_plugin: PluginConfig = field(default_factory=PluginConfig)
slack_plugin: PluginConfig = field(default_factory=PluginConfig)
slack_webhook: Optional[str] = None
license_file_name: str = "license_output.json"
save_submitted_files_list: Optional[str] = None
save_manifest_tar: Optional[str] = None
Expand Down Expand Up @@ -85,8 +86,14 @@ def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig':
parser = create_argument_parser()
args = parser.parse_args(args_list)

# Get API token from env or args
api_token = os.getenv("SOCKET_SECURITY_API_KEY") or args.api_token
# Get API token from env or args (check multiple env var names)
api_token = (
os.getenv("SOCKET_SECURITY_API_KEY") or
os.getenv("SOCKET_SECURITY_API_TOKEN") or
os.getenv("SOCKET_API_KEY") or
os.getenv("SOCKET_API_TOKEN") or
args.api_token
)

# Strip quotes from commit message if present
commit_message = args.commit_message
Expand Down Expand Up @@ -128,6 +135,7 @@ def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig':
'save_manifest_tar': args.save_manifest_tar,
'sub_paths': args.sub_paths or [],
'workspace_name': args.workspace_name,
'slack_webhook': args.slack_webhook,
'reach': args.reach,
'reach_version': args.reach_version,
'reach_analysis_timeout': args.reach_analysis_timeout,
Expand All @@ -151,16 +159,21 @@ def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig':
except json.JSONDecodeError:
logging.error(f"Unable to parse excluded_ecosystems: {config_args['excluded_ecosystems']}")
exit(1)
# Build Slack plugin config, merging CLI arg with env config
slack_config = get_plugin_config_from_env("SOCKET_SLACK")
if args.slack_webhook:
slack_config["url"] = args.slack_webhook

config_args.update({
"jira_plugin": PluginConfig(
enabled=os.getenv("SOCKET_JIRA_ENABLED", "false").lower() == "true",
levels=os.getenv("SOCKET_JIRA_LEVELS", "block,warn").split(","),
config=get_plugin_config_from_env("SOCKET_JIRA")
),
"slack_plugin": PluginConfig(
enabled=os.getenv("SOCKET_SLACK_ENABLED", "false").lower() == "true",
enabled=bool(slack_config) or bool(args.slack_webhook),
levels=os.getenv("SOCKET_SLACK_LEVELS", "block,warn").split(","),
config=get_plugin_config_from_env("SOCKET_SLACK")
config=slack_config
)
})

Expand Down Expand Up @@ -212,7 +225,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
"--api-token",
dest="api_token",
metavar="<token>",
help="Socket Security API token (can also be set via SOCKET_SECURITY_API_KEY env var)",
help="Socket Security API token (can also be set via SOCKET_SECURITY_API_TOKEN env var)",
required=False
)
auth_group.add_argument(
Expand Down Expand Up @@ -475,6 +488,15 @@ def create_argument_parser() -> argparse.ArgumentParser:
help=argparse.SUPPRESS
)

# Plugin Configuration
plugin_group = parser.add_argument_group('Plugin Configuration')
plugin_group.add_argument(
"--slack-webhook",
dest="slack_webhook",
metavar="<url>",
help="Slack webhook URL for notifications (automatically enables Slack plugin)"
)

# Advanced Configuration
advanced_group = parser.add_argument_group('Advanced Configuration')
advanced_group.add_argument(
Expand Down
Loading
Loading