- Fixed branch detection in detached-HEAD CI checkouts. When
git name-rev --name-only HEADreturned an output with a suffix operator (e.g.remotes/origin/master~1,master^0), the~N/^Nwas previously passed through as the branch name and rejected by the Socket API as an invalid Git ref. The suffix is now stripped before the prefix split, producing the bare branch name.
- Added
straceto the Docker image for debugging purposes.
- Set the scan to
'socket_tier1'when using the--reachflag. This ensures Tier 1 scans are properly integrated into the organization-wide alerts.
- Added
--reach-enable-analysis-splittingflag to enable analysis splitting (disabled by default). - Added
--reach-detailed-analysis-log-fileflag to print detailed analysis log file path. - Added
--reach-lazy-modeflag to enable lazy mode for reachability analysis. - Changed default behavior: analysis splitting is now disabled by default. The old
--reach-disable-analysis-splittingflag is kept as a hidden no-op for backwards compatibility.
- Included PyPy in the Docker image.
- Fixed Dockerfile to set
GOROOTto/usr/lib/gowhen using system Go (GO_VERSION=system) instead of always using/usr/local/go.
- Removed process timeout from reachability analysis subprocess. Timeouts are now only passed to the Coana CLI via the
--analysis-timeoutflag.