🔧 Socket Python CLI - Critical Bug Fixes & Performance Improvements

🎯 Description

This PR addresses several critical issues in the Socket Python CLI that were affecting license compliance monitoring, committer identification, and performance with large repositories. The changes ensure that all security alerts, including license violations, are properly reported in diff scans while improving the overall reliability and performance of the tool.

🐛 Key Bug Fixes

1. License Violations Missing from Diff Scans

Critical Fix: The CLI was filtering out license violation alerts (licenseSpdxDisj) from diff processing results, causing license violations to not be properly reported when scanning changes between commits or branches.

Root Cause: The process_alerts_for_diff_scan() method in the core module contained a filter condition that explicitly excluded alerts of type licenseSpdxDisj from being added to the alerts collection.

Solution: Removed the license alert filter condition, ensuring all alert types including license violations are now properly included in diff scan results for comprehensive compliance monitoring.

# Before (filtered out license alerts)
if issue_alert.type != 'licenseSpdxDisj':
    if issue_alert.key not in alerts_collection:
        alerts_collection[issue_alert.key] = [issue_alert]
    else:
        alerts_collection[issue_alert.key].append(issue_alert)

# After (includes all alerts)
if issue_alert.key not in alerts_collection:
    alerts_collection[issue_alert.key] = [issue_alert]
else:
    alerts_collection[issue_alert.key].append(issue_alert)

2. Enhanced Committer Identification

Improvement: Significantly improved how the CLI identifies committers with a robust priority-based system that works across different CI/CD environments.

New Priority Order:

1. CLI Arguments: Direct --committers parameter (highest priority)
2. CI/CD Environment Variables:
   • GITHUB_ACTOR (GitHub Actions)
   • GITLAB_USER_LOGIN (GitLab CI)
   • BITBUCKET_STEP_TRIGGERER_UUID (Bitbucket Pipelines)
3. Smart Email Parsing: Extract usernames from GitHub noreply emails ([email protected])
4. Git Email: Use the commit author's email address
5. Git Author Name: Fallback to author name

This ensures accurate committer attribution across all major CI/CD platforms and development workflows.

🚀 Performance Enhancements

3. Lazy File Loading with SDK 2.1.8

Major Performance Improvement: Upgraded to Socket SDK 2.1.8 with lazy file loading support, significantly improving performance for large repositories.

Benefits:

• Prevents "Too many open files" errors when processing repositories with large numbers of manifest files
• Reduced memory footprint through efficient file handle management
• Better resource utilization with configurable max_open_files=50 limit
• Improved scalability for enterprise-grade repositories

4. Reduced Log Noise

Quality of Life: Changed ulimit warning messages from warning to debug level to reduce unnecessary log noise while maintaining diagnostic capability.

Implementation:

# Now uses debug level for better log hygiene
log.debug(f"Found {file_count} manifest files, which may exceed the file descriptor limit (ulimit -n = {ulimit_check['soft_limit']})")

🎯 Release Notes

• FIXED: License violations (licenseSpdxDisj) are now properly included in diff scan results, ensuring complete compliance monitoring
• IMPROVED: Enhanced committer identification with proper priority order: CLI arguments → CI/CD environment variables (GITHUB_ACTOR, GITLAB_USER_LOGIN, BITBUCKET_STEP_TRIGGERER_UUID) → extracted usernames from GitHub noreply emails → git email → git author name as fallback
• ENHANCED: Upgraded to Socket SDK 2.1.8 with lazy file loading support, significantly improving performance for large repositories and preventing "Too many open files" errors
• OPTIMIZED: Reduced log noise by changing ulimit warning messages from warning to debug level for better log hygiene

*This PR ensures the Socket Python CLI provides complete, accurate, and performant security scanning across all development