You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+21Lines changed: 21 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -75,6 +75,27 @@ If you don't want to provide the Socket API Token every time then you can use th
75
75
| --scm | False | api | Source control management type|
76
76
| --timeout | False || Timeout in seconds for API requests |
77
77
78
+
## File Selection Behavior
79
+
80
+
The CLI determines which files to scan based on the following logic:
81
+
82
+
1. **Git Commit Files**: By default, the CLI checks files changed in the current git commit first. If any of these files match supported manifest patterns (like package.json, requirements.txt, etc.), a scan is triggered.
83
+
84
+
2. **`--files` Parameter**: If no git commit exists, or no manifest files are found in the commit changes, the CLI checks files specified via the `--files` parameter. This parameter accepts a JSON array of file paths.
85
+
86
+
3. **`--ignore-commit-files`**: When this flag is set, git commit files are ignored completely, and only files specified in`--files` are considered. This also forces a scan regardless of whether manifest files are present.
87
+
88
+
4. **No Manifest Files**: If no manifest files are found in either git commit changes or `--files` (and `--ignore-commit-files` is not set), the scan is skipped.
89
+
90
+
>**Note**: The CLI does not scan only the specified files - it uses them to determine whether a scan should be performed. When a scan is triggered, it searches the entire `--target-path`for all supported manifest files.
91
+
92
+
### Examples
93
+
94
+
- **Commit with manifest file**: If your commit includes changes to `package.json`, a scan will be triggered automatically.
95
+
- **Commit without manifest files**: If your commit only changes non-manifest files (like `.github/workflows/socket.yaml`), no scan will be performed unless you use `--files` or `--ignore-commit-files`.
96
+
- **Using `--files`**: If you specify `--files '["package.json"]'`, the CLI will check if this file exists and is a manifest file before triggering a scan.
97
+
- **Using `--ignore-commit-files`**: This forces a scan of all manifest files in the target path, regardless of what's in your commit.
98
+
78
99
## Development
79
100
80
101
This project uses `pyproject.toml` as the primary dependency specification.
0 commit comments