From dda007b82c13e5fe42f7a240b7ddf783dbcd9c79 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 19 Dec 2025 07:32:50 +0000 Subject: [PATCH] fix(openapi): sync with openapi definition --- openapi.json | 1046 +++++++++++++++++++++++++++++++++++++++++++++++- types/api.d.ts | 357 ++++++++++++++++- 2 files changed, 1367 insertions(+), 36 deletions(-) diff --git a/openapi.json b/openapi.json index 6f254b03..a480a076 100644 --- a/openapi.json +++ b/openapi.json @@ -5094,6 +5094,49 @@ } } }, + { + "type": "object", + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "recentlyPublished" + ] + }, + "value": { + "allOf": [ + { + "$ref": "#/components/schemas/SocketIssueBasics" + }, + { + "type": "object", + "additionalProperties": false, + "properties": { + "description": { + "type": "string", + "description": "", + "default": "" + }, + "props": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": {} + }, + "usage": { + "$ref": "#/components/schemas/SocketUsageRef" + } + }, + "required": [ + "description", + "props" + ] + } + ] + } + } + }, { "type": "object", "additionalProperties": false, @@ -12046,6 +12089,16 @@ "type": "boolean", "default": false } + }, + { + "name": "cached", + "in": "query", + "required": false, + "description": "Return cached immutable scan results. When enabled and results are cached, returns the pre-computed scan. When results are not yet cached, returns 202 Accepted and enqueues a background job.", + "schema": { + "type": "boolean", + "default": false + } } ], "security": [ @@ -12072,6 +12125,34 @@ }, "description": "Socket issue lists and scores for all packages" }, + "202": { + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "status": { + "type": "string", + "description": "", + "default": "processing" + }, + "id": { + "type": "string", + "description": "", + "default": "" + } + }, + "required": [ + "id", + "status" + ] + } + } + }, + "description": "Scan is being processed. Poll again later to retrieve results." + }, "400": { "$ref": "#/components/responses/SocketBadRequest" }, @@ -13524,6 +13605,108 @@ "x-readme": {} } }, + "/orgs/{org_slug}/full-scans/{full_scan_id}/rescan": { + "post": { + "tags": [ + "Full Scans" + ], + "summary": "Rescan full scan", + "operationId": "rescanOrgFullScan", + "parameters": [ + { + "name": "org_slug", + "in": "path", + "required": true, + "description": "The slug of the organization", + "schema": { + "type": "string" + } + }, + { + "name": "full_scan_id", + "in": "path", + "required": true, + "description": "The ID of the full scan to rescan", + "schema": { + "type": "string" + } + }, + { + "name": "mode", + "in": "query", + "required": false, + "description": "The rescan mode: \"shallow\" (default) re-applies policies to cached data, \"deep\" re-fetches the SBOM stream.", + "schema": { + "type": "string", + "enum": [ + "shallow", + "deep" + ], + "default": "shallow" + } + } + ], + "security": [ + { + "bearerAuth": [ + "full-scans:create" + ] + }, + { + "basicAuth": [ + "full-scans:create" + ] + } + ], + "description": "Create a new full scan by rescanning an existing scan. A \"shallow\" rescan reapplies the latest policies to the previously cached dependency resolution results. A \"deep\" rescan reruns dependency resolution and applies the latest policies to the results.\n\nThis endpoint consumes 1 unit of your quota.\n\nThis endpoint requires the following org token scopes:\n- full-scans:create", + "responses": { + "201": { + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "id": { + "type": "string", + "description": "", + "default": "The ID of the newly created full scan" + }, + "status": { + "type": "string", + "description": "", + "default": "The status of the new scan" + } + }, + "required": [ + "id", + "status" + ] + } + } + }, + "description": "Rescan initiated successfully" + }, + "400": { + "$ref": "#/components/responses/SocketBadRequest" + }, + "401": { + "$ref": "#/components/responses/SocketUnauthorized" + }, + "403": { + "$ref": "#/components/responses/SocketForbidden" + }, + "404": { + "$ref": "#/components/responses/SocketNotFoundResponse" + }, + "429": { + "$ref": "#/components/responses/SocketTooManyRequestsResponse" + } + }, + "x-readme": {} + } + }, "/orgs/{org_slug}/export/cdx/{id}": { "get": { "tags": [ @@ -18727,6 +18910,27 @@ "action" ] }, + "recentlyPublished": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "action": { + "type": "string", + "enum": [ + "defer", + "error", + "warn", + "monitor", + "ignore" + ], + "description": "The action to take for recentlyPublished issues." + } + }, + "required": [ + "action" + ] + }, "licenseSpdxDisj": { "type": "object", "additionalProperties": false, @@ -21289,6 +21493,27 @@ "action" ] }, + "recentlyPublished": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "action": { + "type": "string", + "enum": [ + "defer", + "error", + "warn", + "monitor", + "ignore" + ], + "description": "The action to take for recentlyPublished issues." + } + }, + "required": [ + "action" + ] + }, "licenseSpdxDisj": { "type": "object", "additionalProperties": false, @@ -24164,6 +24389,27 @@ "action" ] }, + "recentlyPublished": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "action": { + "type": "string", + "enum": [ + "defer", + "error", + "warn", + "monitor", + "ignore" + ], + "description": "The action to take for recentlyPublished issues." + } + }, + "required": [ + "action" + ] + }, "licenseSpdxDisj": { "type": "object", "additionalProperties": false, @@ -26729,6 +26975,27 @@ "action" ] }, + "recentlyPublished": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "action": { + "type": "string", + "enum": [ + "defer", + "error", + "warn", + "monitor", + "ignore" + ], + "description": "The action to take for recentlyPublished issues." + } + }, + "required": [ + "action" + ] + }, "licenseSpdxDisj": { "type": "object", "additionalProperties": false, @@ -29247,6 +29514,27 @@ "action" ] }, + "recentlyPublished": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "action": { + "type": "string", + "enum": [ + "defer", + "error", + "warn", + "monitor", + "ignore" + ], + "description": "The action to take for recentlyPublished issues." + } + }, + "required": [ + "action" + ] + }, "licenseSpdxDisj": { "type": "object", "additionalProperties": false, @@ -35642,16 +35930,22 @@ "type": "string", "description": "", "default": "" + }, + "hash": { + "type": "string", + "description": "", + "default": "" } }, "required": [ "created_by", + "hash", "token" ] } } }, - "description": "The newly created api token." + "description": "The newly created api token and its hash." }, "401": { "$ref": "#/components/responses/SocketUnauthorized" @@ -35730,6 +36024,20 @@ "minimum": 1, "default": 1 } + }, + { + "name": "token_values", + "in": "query", + "required": false, + "description": "Whether to include token values in response. Use \"omit\" to exclude tokens entirely.", + "schema": { + "type": "string", + "enum": [ + "include", + "omit" + ], + "default": "include" + } } ], "security": [ @@ -35812,6 +36120,12 @@ "default": "", "format": "date" }, + "hash": { + "type": "string", + "description": "SRI-format hash of the token (e.g., sha512-base64hash). Null for tokens created before hash column was added.", + "default": "", + "nullable": true + }, "id": { "type": "string", "description": "The ID of the API Token", @@ -35921,8 +36235,9 @@ }, "token": { "type": "string", - "description": "The obfuscated token of the API Token", - "default": "" + "description": "The token of the API Token (redacted or omitted)", + "default": "", + "nullable": true }, "visibility": { "type": "string", @@ -35938,6 +36253,7 @@ "committers", "created_at", "created_by", + "hash", "id", "last_used_at", "max_quota", @@ -36093,11 +36409,6 @@ }, "description": "List of scopes granted to the API Token" }, - "token": { - "type": "string", - "description": "The API token to update", - "default": "" - }, "visibility": { "type": "string", "enum": [ @@ -36145,13 +36456,22 @@ "type": "string", "description": "Name for the API Token", "default": "api token" + }, + "token": { + "type": "string", + "description": "The API token to update (provide either token or hash)", + "default": "" + }, + "hash": { + "type": "string", + "description": "The API token hash to update (provide either token or hash)", + "default": "" } }, "required": [ "committer", "max_quota", "scopes", - "token", "visibility" ] } @@ -36233,21 +36553,23 @@ "schema": { "type": "object", "additionalProperties": false, - "description": "", "properties": { "token": { "type": "string", "description": "", "default": "" + }, + "hash": { + "type": "string", + "description": "", + "default": "" } }, - "required": [ - "token" - ] + "description": "The API Token or hash to rotate. Must provide either token or hash, but not both." } } }, - "description": "The API Token to rotate", + "description": "The API Token or hash to rotate. Must provide either token or hash, but not both.", "required": false }, "security": [ @@ -36283,16 +36605,22 @@ "type": "string", "description": "", "default": "" + }, + "hash": { + "type": "string", + "description": "", + "default": "" } }, "required": [ "created_by", + "hash", "token" ] } } }, - "description": "The replacement API Token" + "description": "The replacement API Token and its hash" }, "401": { "$ref": "#/components/responses/SocketUnauthorized" @@ -36331,21 +36659,23 @@ "schema": { "type": "object", "additionalProperties": false, - "description": "", "properties": { "token": { "type": "string", "description": "", "default": "" + }, + "hash": { + "type": "string", + "description": "", + "default": "" } }, - "required": [ - "token" - ] + "description": "The token or hash to revoke. Must provide either token or hash, but not both." } } }, - "description": "The token to revoke.", + "description": "The token or hash to revoke. Must provide either token or hash, but not both.", "required": false }, "security": [ @@ -38035,6 +38365,35 @@ "default": "", "nullable": true }, + "vulnerableArtifacts": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "purl": { + "type": "string", + "description": "", + "default": "The PURL (unique package identifier) of the vulnerable package" + }, + "manifestFiles": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "The manifest file(s) that contain the package" + }, + "description": "" + } + }, + "required": [ + "manifestFiles", + "purl" + ] + }, + "description": "" + }, "advisoryDetails": { "type": "object", "additionalProperties": false, @@ -38128,7 +38487,8 @@ "advisoryDetails", "cve", "ghsa", - "type" + "type", + "vulnerableArtifacts" ] } } @@ -39330,6 +39690,24 @@ "type": "string" } }, + { + "name": "filters.alertActionSourceType", + "in": "query", + "required": false, + "description": "Comma-separated list of alert action source types (\"fallback\", \"injected-alert\", \"org-policy\", \"reachability\", \"repo-label-policy\", \"socket-yml\", or \"triage\") that should be included", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertActionSourceType.notIn", + "in": "query", + "required": false, + "description": "Comma-separated list of alert action source types (\"fallback\", \"injected-alert\", \"org-policy\", \"reachability\", \"repo-label-policy\", \"socket-yml\", or \"triage\") that should be excluded", + "schema": { + "type": "string" + } + }, { "name": "filters.alertCategory", "in": "query", @@ -39348,6 +39726,96 @@ "type": "string" } }, + { + "name": "filters.alertClearedAt.eq", + "in": "query", + "required": false, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertClearedAt.lt", + "in": "query", + "required": false, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertClearedAt.lte", + "in": "query", + "required": false, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertClearedAt.gt", + "in": "query", + "required": false, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertClearedAt.gte", + "in": "query", + "required": false, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertCreatedAt.eq", + "in": "query", + "required": false, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertCreatedAt.lt", + "in": "query", + "required": false, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertCreatedAt.lte", + "in": "query", + "required": false, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertCreatedAt.gt", + "in": "query", + "required": false, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertCreatedAt.gte", + "in": "query", + "required": false, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)", + "schema": { + "type": "string" + } + }, { "name": "filters.alertCveId", "in": "query", @@ -39494,6 +39962,24 @@ "type": "string" } }, + { + "name": "filters.alertReachabilityAnalysisType", + "in": "query", + "required": false, + "description": "Comma-separated list of alert CVE reachability analysis types (\"full-scan\" or \"precomputed\") that should be included", + "schema": { + "type": "string" + } + }, + { + "name": "filters.alertReachabilityAnalysisType.notIn", + "in": "query", + "required": false, + "description": "Comma-separated list of alert CVE reachability analysis types (\"full-scan\" or \"precomputed\") that should be excluded", + "schema": { + "type": "string" + } + }, { "name": "filters.alertReachabilityType", "in": "query", @@ -39611,6 +40097,102 @@ "type": "string" } }, + { + "name": "filters.artifactName", + "in": "query", + "required": false, + "description": "Name of artifact", + "schema": { + "type": "string" + } + }, + { + "name": "filters.artifactName.notIn", + "in": "query", + "required": false, + "description": "Name of artifact", + "schema": { + "type": "string" + } + }, + { + "name": "filters.artifactType", + "in": "query", + "required": false, + "description": "Comma-separated list of artifact types (e.g. \"npm\", \"pypi\", \"gem\", \"maven\", \"golang\", etc.) that should be included", + "schema": { + "type": "string" + } + }, + { + "name": "filters.artifactType.notIn", + "in": "query", + "required": false, + "description": "Comma-separated list of artifact types (e.g. \"npm\", \"pypi\", \"gem\", \"maven\", \"golang\", etc.) that should be excluded", + "schema": { + "type": "string" + } + }, + { + "name": "filters.dependencyDead", + "in": "query", + "required": false, + "description": "Dead/reachable dependency filter flag", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "filters.dependencyDead.notIn", + "in": "query", + "required": false, + "description": "Dead/reachable dependency filter flag", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "filters.dependencyDev", + "in": "query", + "required": false, + "description": "Development/production dependency filter flag", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "filters.dependencyDev.notIn", + "in": "query", + "required": false, + "description": "Development/production dependency filter flag", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "filters.dependencyDirect", + "in": "query", + "required": false, + "description": "Direct/transitive dependency filter flag", + "schema": { + "type": "boolean", + "default": false + } + }, + { + "name": "filters.dependencyDirect.notIn", + "in": "query", + "required": false, + "description": "Direct/transitive dependency filter flag", + "schema": { + "type": "boolean", + "default": false + } + }, { "name": "filters.repoFullName", "in": "query", @@ -39867,6 +40449,11 @@ "description": "", "default": "" }, + "title": { + "type": "string", + "description": "", + "default": "" + }, "severity": { "type": "string", "enum": [ @@ -40229,6 +40816,7 @@ "locations", "severity", "status", + "title", "type", "updatedAt", "version", @@ -40274,6 +40862,24 @@ }, "description": "Comma-separated list of alert actions (\"error\", \"warn\", \"monitor\", or \"ignore) that should be excluded" }, + "alertActionSourceType": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Comma-separated list of alert action source types (\"fallback\", \"injected-alert\", \"org-policy\", \"reachability\", \"repo-label-policy\", \"socket-yml\", or \"triage\") that should be included" + }, + "alertActionSourceType.notIn": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Comma-separated list of alert action source types (\"fallback\", \"injected-alert\", \"org-policy\", \"reachability\", \"repo-label-policy\", \"socket-yml\", or \"triage\") that should be excluded" + }, "alertCategory": { "type": "array", "items": { @@ -40292,6 +40898,96 @@ }, "description": "Comma-separated list of alert categories (\"supplyChainRisk\", \"maintenance\", \"quality\", \"license\", or \"vulnerability\") that should be excluded" }, + "alertClearedAt.eq": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, + "alertClearedAt.lt": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, + "alertClearedAt.lte": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, + "alertClearedAt.gt": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, + "alertClearedAt.gte": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, + "alertCreatedAt.eq": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, + "alertCreatedAt.lt": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, + "alertCreatedAt.lte": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, + "alertCreatedAt.gt": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, + "alertCreatedAt.gte": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone)" + }, "alertCveId": { "type": "array", "items": { @@ -40427,6 +41123,24 @@ }, "description": "Alert priority (\"low\", \"medium\", \"high\", or \"critical\")" }, + "alertReachabilityAnalysisType": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Comma-separated list of alert CVE reachability analysis types (\"full-scan\" or \"precomputed\") that should be included" + }, + "alertReachabilityAnalysisType.notIn": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Comma-separated list of alert CVE reachability analysis types (\"full-scan\" or \"precomputed\") that should be excluded" + }, "alertReachabilityType": { "type": "array", "items": { @@ -40544,6 +41258,69 @@ }, "description": "Alert updated at (YYYY-MM-DD HH:MM:SS in UTC time zone)" }, + "artifactName": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Name of artifact" + }, + "artifactName.notIn": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Name of artifact" + }, + "artifactType": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Comma-separated list of artifact types (e.g. \"npm\", \"pypi\", \"gem\", \"maven\", \"golang\", etc.) that should be included" + }, + "artifactType.notIn": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "Comma-separated list of artifact types (e.g. \"npm\", \"pypi\", \"gem\", \"maven\", \"golang\", etc.) that should be excluded" + }, + "dependencyDead": { + "type": "array", + "items": { + "type": "boolean", + "default": false, + "description": "" + }, + "description": "Dead/reachable dependency filter flag" + }, + "dependencyDev": { + "type": "array", + "items": { + "type": "boolean", + "default": false, + "description": "" + }, + "description": "Development/production dependency filter flag" + }, + "dependencyDirect": { + "type": "array", + "items": { + "type": "boolean", + "default": false, + "description": "" + }, + "description": "Direct/transitive dependency filter flag" + }, "repoFullName": { "type": "array", "items": { @@ -40617,7 +41394,232 @@ } } }, - "description": "The paginated array of API tokens for the organization, and related metadata." + "description": "The paginated array of alert items for the organization and related metadata." + }, + "400": { + "$ref": "#/components/responses/SocketBadRequest" + }, + "401": { + "$ref": "#/components/responses/SocketUnauthorized" + }, + "403": { + "$ref": "#/components/responses/SocketForbidden" + }, + "429": { + "$ref": "#/components/responses/SocketTooManyRequestsResponse" + } + }, + "x-readme": {} + } + }, + "/orgs/{org_slug}/alert-full-scan-search": { + "get": { + "tags": [ + "Alerts" + ], + "summary": "List full scans associated with alert (Beta)", + "operationId": "alertFullScans", + "parameters": [ + { + "name": "org_slug", + "in": "path", + "required": true, + "description": "The slug of the organization", + "schema": { + "type": "string" + } + }, + { + "name": "per_page", + "in": "query", + "required": false, + "description": "Specify the maximum number of items to return per page (intermediate pages may have fewer than this limit and callers should always check \"endCursor\" in response body to know if there are more pages)", + "schema": { + "type": "integer", + "minimum": 1, + "maximum": 5000, + "default": 1000 + } + }, + { + "name": "startAfterCursor", + "in": "query", + "required": false, + "description": "The pagination cursor that was returned as the \"endCursor\" property in previous request", + "schema": { + "type": "string", + "default": "" + } + }, + { + "name": "alertKey", + "in": "query", + "required": true, + "description": "One or more alert keys for which to find associated full scans", + "schema": { + "type": "string" + } + }, + { + "name": "range", + "in": "query", + "required": false, + "description": "The number of days of data to fetch as an offset from current date (e.g. \"-7d\" for past 7 days)", + "schema": { + "type": "string", + "default": "-7d" + } + } + ], + "security": [ + { + "bearerAuth": [ + "alerts:list" + ] + }, + { + "basicAuth": [ + "alerts:list" + ] + } + ], + "description": "List full scans associated with alert.\n\nThis endpoint consumes 10 units of your quota.\n\nThis endpoint requires the following org token scopes:\n- alerts:list", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "endCursor": { + "type": "string", + "description": "", + "default": "", + "nullable": true + }, + "items": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "fullScanId": { + "type": "string", + "description": "ID of full scan", + "default": "" + }, + "branchName": { + "type": "string", + "description": "", + "default": "", + "nullable": true + }, + "branchType": { + "type": "string", + "enum": [ + "default", + "non-default", + "tracked", + "untracked", + "" + ], + "description": "Type of branch that was scanned", + "default": "" + }, + "repoFullName": { + "type": "string", + "description": "Full name of repo which contains repo workspace and repo slug", + "default": "", + "nullable": true + }, + "sbomCreatedAt": { + "type": "string", + "description": "ISO date when SBOM was created", + "default": "" + }, + "scannedAt": { + "type": "string", + "description": "ISO date when SBOM was scanned", + "default": "" + }, + "alertKeys": { + "type": "array", + "items": { + "type": "string", + "description": "Alert keys associated with scan", + "default": "" + }, + "description": "" + } + }, + "required": [ + "alertKeys", + "branchName", + "branchType", + "fullScanId", + "repoFullName", + "sbomCreatedAt", + "scannedAt" + ] + }, + "description": "" + }, + "meta": { + "type": "object", + "additionalProperties": false, + "description": "", + "properties": { + "organizationId": { + "type": "string", + "description": "", + "default": "" + }, + "alertKeys": { + "type": "array", + "items": { + "type": "string", + "description": "", + "default": "" + }, + "description": "" + }, + "queryStartTimestamp": { + "type": "number", + "description": "", + "default": 0 + }, + "startDateInclusive": { + "type": "string", + "description": "", + "default": "" + }, + "endDateInclusive": { + "type": "string", + "description": "", + "default": "" + } + }, + "required": [ + "alertKeys", + "endDateInclusive", + "organizationId", + "queryStartTimestamp", + "startDateInclusive" + ] + } + }, + "required": [ + "endCursor", + "items", + "meta" + ] + } + } + }, + "description": "The paginated array of full scans associated with alert for the organization and related metadata." }, "400": { "$ref": "#/components/responses/SocketBadRequest" diff --git a/types/api.d.ts b/types/api.d.ts index fa2cf5e3..1e96eb44 100644 --- a/types/api.d.ts +++ b/types/api.d.ts @@ -242,6 +242,18 @@ export interface paths { */ post: operations['CreateOrgFullScanArchive'] } + '/orgs/{org_slug}/full-scans/{full_scan_id}/rescan': { + /** + * Rescan full scan + * @description Create a new full scan by rescanning an existing scan. A "shallow" rescan reapplies the latest policies to the previously cached dependency resolution results. A "deep" rescan reruns dependency resolution and applies the latest policies to the results. + * + * This endpoint consumes 1 unit of your quota. + * + * This endpoint requires the following org token scopes: + * - full-scans:create + */ + post: operations['rescanOrgFullScan'] + } '/orgs/{org_slug}/export/cdx/{id}': { /** * Export CycloneDX SBOM (Beta) @@ -1057,6 +1069,18 @@ export interface paths { */ get: operations['alertsList'] } + '/orgs/{org_slug}/alert-full-scan-search': { + /** + * List full scans associated with alert (Beta) + * @description List full scans associated with alert. + * + * This endpoint consumes 10 units of your quota. + * + * This endpoint requires the following org token scopes: + * - alerts:list + */ + get: operations['alertFullScans'] + } '/license-policy': { /** * License Policy (Beta) @@ -3242,6 +3266,16 @@ export interface components { usage?: components['schemas']['SocketUsageRef'] } } + | { + /** @enum {string} */ + type?: 'recentlyPublished' + value?: components['schemas']['SocketIssueBasics'] & { + /** @default */ + description: string + props: Record + usage?: components['schemas']['SocketUsageRef'] + } + } | { /** @enum {string} */ type?: 'licenseSpdxDisj' @@ -5427,6 +5461,8 @@ export interface operations { | Array<'component' | 'formula'> /** @description Include license details in the response. This can increase the response size significantly. */ include_license_details: boolean + /** @description Return cached immutable scan results. When enabled and results are cached, returns the pre-computed scan. When results are not yet cached, returns 202 Accepted and enqueues a background job. */ + cached?: boolean } path: { /** @description The slug of the organization */ @@ -5442,6 +5478,17 @@ export interface operations { 'application/x-ndjson': components['schemas']['SocketArtifact'] } } + /** @description Scan is being processed. Poll again later to retrieve results. */ + 202: { + content: { + 'application/json': { + /** @default processing */ + status: string + /** @default */ + id: string + } + } + } 400: components['responses']['SocketBadRequest'] 401: components['responses']['SocketUnauthorized'] 403: components['responses']['SocketForbidden'] @@ -5949,6 +5996,47 @@ export interface operations { 429: components['responses']['SocketTooManyRequestsResponse'] } } + /** + * Rescan full scan + * @description Create a new full scan by rescanning an existing scan. A "shallow" rescan reapplies the latest policies to the previously cached dependency resolution results. A "deep" rescan reruns dependency resolution and applies the latest policies to the results. + * + * This endpoint consumes 1 unit of your quota. + * + * This endpoint requires the following org token scopes: + * - full-scans:create + */ + rescanOrgFullScan: { + parameters: { + query?: { + /** @description The rescan mode: "shallow" (default) re-applies policies to cached data, "deep" re-fetches the SBOM stream. */ + mode?: 'shallow' | 'deep' + } + path: { + /** @description The slug of the organization */ + org_slug: string + /** @description The ID of the full scan to rescan */ + full_scan_id: string + } + } + responses: { + /** @description Rescan initiated successfully */ + 201: { + content: { + 'application/json': { + /** @default The ID of the newly created full scan */ + id: string + /** @default The status of the new scan */ + status: string + } + } + } + 400: components['responses']['SocketBadRequest'] + 401: components['responses']['SocketUnauthorized'] + 403: components['responses']['SocketForbidden'] + 404: components['responses']['SocketNotFoundResponse'] + 429: components['responses']['SocketTooManyRequestsResponse'] + } + } /** * Export CycloneDX SBOM (Beta) * @description Export a Socket SBOM as a CycloneDX SBOM @@ -8105,6 +8193,13 @@ export interface operations { */ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' } + recentlyPublished?: { + /** + * @description The action to take for recentlyPublished issues. + * @enum {string} + */ + action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' + } licenseSpdxDisj?: { /** * @description The action to take for licenseSpdxDisj issues. @@ -8984,6 +9079,13 @@ export interface operations { */ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' } + recentlyPublished?: { + /** + * @description The action to take for recentlyPublished issues. + * @enum {string} + */ + action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' + } licenseSpdxDisj?: { /** * @description The action to take for licenseSpdxDisj issues. @@ -10017,6 +10119,13 @@ export interface operations { */ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' } + recentlyPublished?: { + /** + * @description The action to take for recentlyPublished issues. + * @enum {string} + */ + action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' + } licenseSpdxDisj?: { /** * @description The action to take for licenseSpdxDisj issues. @@ -10889,6 +10998,13 @@ export interface operations { */ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' } + recentlyPublished?: { + /** + * @description The action to take for recentlyPublished issues. + * @enum {string} + */ + action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' + } licenseSpdxDisj?: { /** * @description The action to take for licenseSpdxDisj issues. @@ -11730,6 +11846,13 @@ export interface operations { */ action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' } + recentlyPublished?: { + /** + * @description The action to take for recentlyPublished issues. + * @enum {string} + */ + action: 'defer' | 'error' | 'warn' | 'monitor' | 'ignore' + } licenseSpdxDisj?: { /** * @description The action to take for licenseSpdxDisj issues. @@ -14023,6 +14146,8 @@ export interface operations { per_page?: number /** @description The token specifying which page to return. */ page?: number + /** @description Whether to include token values in response. Use "omit" to exclude tokens entirely. */ + token_values?: 'include' | 'omit' } path: { /** @description The slug of the organization */ @@ -14071,6 +14196,11 @@ export interface operations { * @default */ created_at: string + /** + * @description SRI-format hash of the token (e.g., sha512-base64hash). Null for tokens created before hash column was added. + * @default + */ + hash: string | null /** * @description The ID of the API Token * @default @@ -14170,10 +14300,10 @@ export interface operations { | 'webhooks:delete' )[] /** - * @description The obfuscated token of the API Token + * @description The token of the API Token (redacted or omitted) * @default */ - token: string + token: string | null /** * @description The visibility of the API Token. Warning: this field is deprecated and will be removed in the future. * @default organization @@ -14350,7 +14480,7 @@ export interface operations { } } responses: { - /** @description The newly created api token. */ + /** @description The newly created api token and its hash. */ 200: { content: { 'application/json': { @@ -14362,6 +14492,8 @@ export interface operations { created_by: string | null /** @default */ token: string + /** @default */ + hash: string } } } @@ -14472,11 +14604,6 @@ export interface operations { | 'webhooks:update' | 'webhooks:delete' > - /** - * @description The API token to update - * @default - */ - token: string /** * @description The visibility of the API Token. Warning: this field is deprecated and will be removed in the future. * @default organization @@ -14512,6 +14639,16 @@ export interface operations { * @default api token */ name?: string + /** + * @description The API token to update (provide either token or hash) + * @default + */ + token?: string + /** + * @description The API token hash to update (provide either token or hash) + * @default + */ + hash?: string } } } @@ -14546,17 +14683,19 @@ export interface operations { org_slug: string } } - /** @description The API Token to rotate */ + /** @description The API Token or hash to rotate. Must provide either token or hash, but not both. */ requestBody?: { content: { 'application/json': { /** @default */ - token: string + token?: string + /** @default */ + hash?: string } } } responses: { - /** @description The replacement API Token */ + /** @description The replacement API Token and its hash */ 200: { content: { 'application/json': { @@ -14568,6 +14707,8 @@ export interface operations { created_by: string | null /** @default */ token: string + /** @default */ + hash: string } } } @@ -14592,12 +14733,14 @@ export interface operations { org_slug: string } } - /** @description The token to revoke. */ + /** @description The token or hash to revoke. Must provide either token or hash, but not both. */ requestBody?: { content: { 'application/json': { /** @default */ - token: string + token?: string + /** @default */ + hash?: string } } } @@ -15264,6 +15407,11 @@ export interface operations { ghsa: string /** @default */ cve: string | null + vulnerableArtifacts: Array<{ + /** @default The PURL (unique package identifier) of the vulnerable package */ + purl: string + manifestFiles: string[] + }> advisoryDetails: { /** @default */ title?: string | null @@ -15852,10 +16000,34 @@ export interface operations { 'filters.alertAction'?: string /** @description Comma-separated list of alert actions ("error", "warn", "monitor", or "ignore) that should be excluded */ 'filters.alertAction.notIn'?: string + /** @description Comma-separated list of alert action source types ("fallback", "injected-alert", "org-policy", "reachability", "repo-label-policy", "socket-yml", or "triage") that should be included */ + 'filters.alertActionSourceType'?: string + /** @description Comma-separated list of alert action source types ("fallback", "injected-alert", "org-policy", "reachability", "repo-label-policy", "socket-yml", or "triage") that should be excluded */ + 'filters.alertActionSourceType.notIn'?: string /** @description Comma-separated list of alert categories ("supplyChainRisk", "maintenance", "quality", "license", or "vulnerability") that should be included */ 'filters.alertCategory'?: string /** @description Comma-separated list of alert categories ("supplyChainRisk", "maintenance", "quality", "license", or "vulnerability") that should be excluded */ 'filters.alertCategory.notIn'?: string + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertClearedAt.eq'?: string + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertClearedAt.lt'?: string + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertClearedAt.lte'?: string + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertClearedAt.gt'?: string + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertClearedAt.gte'?: string + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertCreatedAt.eq'?: string + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertCreatedAt.lt'?: string + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertCreatedAt.lte'?: string + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertCreatedAt.gt'?: string + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'filters.alertCreatedAt.gte'?: string /** @description CVE ID */ 'filters.alertCveId'?: string /** @description CVE ID */ @@ -15888,6 +16060,10 @@ export interface operations { 'filters.alertPriority'?: string /** @description Alert priority ("low", "medium", "high", or "critical") */ 'filters.alertPriority.notIn'?: string + /** @description Comma-separated list of alert CVE reachability analysis types ("full-scan" or "precomputed") that should be included */ + 'filters.alertReachabilityAnalysisType'?: string + /** @description Comma-separated list of alert CVE reachability analysis types ("full-scan" or "precomputed") that should be excluded */ + 'filters.alertReachabilityAnalysisType.notIn'?: string /** @description Comma-separated list of alert CVE reachability types ("direct_dependency", "error", "maybe_reachable", "missing_support", "pending", "reachable", "undeterminable_reachability", "unknown", or "unreachable") that should be included */ 'filters.alertReachabilityType'?: string /** @description Comma-separated list of alert CVE reachability types ("direct_dependency", "error", "maybe_reachable", "missing_support", "pending", "reachable", "undeterminable_reachability", "unknown", or "unreachable") that should be excluded */ @@ -15914,6 +16090,26 @@ export interface operations { 'filters.alertUpdatedAt.gt'?: string /** @description Alert updated at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ 'filters.alertUpdatedAt.gte'?: string + /** @description Name of artifact */ + 'filters.artifactName'?: string + /** @description Name of artifact */ + 'filters.artifactName.notIn'?: string + /** @description Comma-separated list of artifact types (e.g. "npm", "pypi", "gem", "maven", "golang", etc.) that should be included */ + 'filters.artifactType'?: string + /** @description Comma-separated list of artifact types (e.g. "npm", "pypi", "gem", "maven", "golang", etc.) that should be excluded */ + 'filters.artifactType.notIn'?: string + /** @description Dead/reachable dependency filter flag */ + 'filters.dependencyDead'?: boolean + /** @description Dead/reachable dependency filter flag */ + 'filters.dependencyDead.notIn'?: boolean + /** @description Development/production dependency filter flag */ + 'filters.dependencyDev'?: boolean + /** @description Development/production dependency filter flag */ + 'filters.dependencyDev.notIn'?: boolean + /** @description Direct/transitive dependency filter flag */ + 'filters.dependencyDirect'?: boolean + /** @description Direct/transitive dependency filter flag */ + 'filters.dependencyDirect.notIn'?: boolean /** @description Comma-separated list of repo full names that should be included */ 'filters.repoFullName'?: string /** @description Comma-separated list of repo full names that should be excluded */ @@ -15933,7 +16129,7 @@ export interface operations { } } responses: { - /** @description The paginated array of API tokens for the organization, and related metadata. */ + /** @description The paginated array of alert items for the organization and related metadata. */ 200: { content: { 'application/json': { @@ -15988,6 +16184,8 @@ export interface operations { clearedAt: string | null /** @default */ dashboardUrl: string + /** @default */ + title: string /** * @default low * @enum {string} @@ -16094,10 +16292,34 @@ export interface operations { alertAction?: string[] /** @description Comma-separated list of alert actions ("error", "warn", "monitor", or "ignore) that should be excluded */ 'alertAction.notIn'?: string[] + /** @description Comma-separated list of alert action source types ("fallback", "injected-alert", "org-policy", "reachability", "repo-label-policy", "socket-yml", or "triage") that should be included */ + alertActionSourceType?: string[] + /** @description Comma-separated list of alert action source types ("fallback", "injected-alert", "org-policy", "reachability", "repo-label-policy", "socket-yml", or "triage") that should be excluded */ + 'alertActionSourceType.notIn'?: string[] /** @description Comma-separated list of alert categories ("supplyChainRisk", "maintenance", "quality", "license", or "vulnerability") that should be included */ alertCategory?: string[] /** @description Comma-separated list of alert categories ("supplyChainRisk", "maintenance", "quality", "license", or "vulnerability") that should be excluded */ 'alertCategory.notIn'?: string[] + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertClearedAt.eq'?: string[] + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertClearedAt.lt'?: string[] + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertClearedAt.lte'?: string[] + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertClearedAt.gt'?: string[] + /** @description Alert cleared at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertClearedAt.gte'?: string[] + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertCreatedAt.eq'?: string[] + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertCreatedAt.lt'?: string[] + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertCreatedAt.lte'?: string[] + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertCreatedAt.gt'?: string[] + /** @description Alert created at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ + 'alertCreatedAt.gte'?: string[] /** @description CVE ID */ alertCveId?: string[] /** @description CVE ID */ @@ -16128,6 +16350,10 @@ export interface operations { alertPriority?: string[] /** @description Alert priority ("low", "medium", "high", or "critical") */ 'alertPriority.notIn'?: string[] + /** @description Comma-separated list of alert CVE reachability analysis types ("full-scan" or "precomputed") that should be included */ + alertReachabilityAnalysisType?: string[] + /** @description Comma-separated list of alert CVE reachability analysis types ("full-scan" or "precomputed") that should be excluded */ + 'alertReachabilityAnalysisType.notIn'?: string[] /** @description Comma-separated list of alert CVE reachability types ("direct_dependency", "error", "maybe_reachable", "missing_support", "pending", "reachable", "undeterminable_reachability", "unknown", or "unreachable") that should be included */ alertReachabilityType?: string[] /** @description Comma-separated list of alert CVE reachability types ("direct_dependency", "error", "maybe_reachable", "missing_support", "pending", "reachable", "undeterminable_reachability", "unknown", or "unreachable") that should be excluded */ @@ -16154,6 +16380,20 @@ export interface operations { 'alertUpdatedAt.gt'?: string[] /** @description Alert updated at (YYYY-MM-DD HH:MM:SS in UTC time zone) */ 'alertUpdatedAt.gte'?: string[] + /** @description Name of artifact */ + artifactName?: string[] + /** @description Name of artifact */ + 'artifactName.notIn'?: string[] + /** @description Comma-separated list of artifact types (e.g. "npm", "pypi", "gem", "maven", "golang", etc.) that should be included */ + artifactType?: string[] + /** @description Comma-separated list of artifact types (e.g. "npm", "pypi", "gem", "maven", "golang", etc.) that should be excluded */ + 'artifactType.notIn'?: string[] + /** @description Dead/reachable dependency filter flag */ + dependencyDead?: boolean[] + /** @description Development/production dependency filter flag */ + dependencyDev?: boolean[] + /** @description Direct/transitive dependency filter flag */ + dependencyDirect?: boolean[] /** @description Comma-separated list of repo full names that should be included */ repoFullName?: string[] /** @description Comma-separated list of repo full names that should be excluded */ @@ -16177,6 +16417,95 @@ export interface operations { 429: components['responses']['SocketTooManyRequestsResponse'] } } + /** + * List full scans associated with alert (Beta) + * @description List full scans associated with alert. + * + * This endpoint consumes 10 units of your quota. + * + * This endpoint requires the following org token scopes: + * - alerts:list + */ + alertFullScans: { + parameters: { + query: { + /** @description Specify the maximum number of items to return per page (intermediate pages may have fewer than this limit and callers should always check "endCursor" in response body to know if there are more pages) */ + per_page?: number + /** @description The pagination cursor that was returned as the "endCursor" property in previous request */ + startAfterCursor?: string + /** @description One or more alert keys for which to find associated full scans */ + alertKey: string + /** @description The number of days of data to fetch as an offset from current date (e.g. "-7d" for past 7 days) */ + range?: string + } + path: { + /** @description The slug of the organization */ + org_slug: string + } + } + responses: { + /** @description The paginated array of full scans associated with alert for the organization and related metadata. */ + 200: { + content: { + 'application/json': { + /** @default */ + endCursor: string | null + items: Array<{ + /** + * @description ID of full scan + * @default + */ + fullScanId: string + /** @default */ + branchName: string | null + /** + * @description Type of branch that was scanned + * @default + * @enum {string} + */ + branchType: + | 'default' + | 'non-default' + | 'tracked' + | 'untracked' + | '' + /** + * @description Full name of repo which contains repo workspace and repo slug + * @default + */ + repoFullName: string | null + /** + * @description ISO date when SBOM was created + * @default + */ + sbomCreatedAt: string + /** + * @description ISO date when SBOM was scanned + * @default + */ + scannedAt: string + alertKeys: string[] + }> + meta: { + /** @default */ + organizationId: string + alertKeys: string[] + /** @default 0 */ + queryStartTimestamp: number + /** @default */ + startDateInclusive: string + /** @default */ + endDateInclusive: string + } + } + } + } + 400: components['responses']['SocketBadRequest'] + 401: components['responses']['SocketUnauthorized'] + 403: components['responses']['SocketForbidden'] + 429: components['responses']['SocketTooManyRequestsResponse'] + } + } /** * License Policy (Beta) * @description Compare the license data found for a list of packages (given as PURL strings) with the contents of a configurable license policy,