Add support for basics API and pinned workflow actions to commit hash

Author: dacoburn

.github/workflows/pr-preview.yml

@@ -11,10 +11,10 @@ jobs:
       contents: read
       pull-requests: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
           python-version: '3.x'
 
@@ -57,14 +57,14 @@ jobs:
 
       - name: Publish to Test PyPI
         if: steps.version_check.outputs.exists != 'true'
-        uses: pypa/gh-action-pypi-publish@v1.12.4
+        uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.4
         with:
           repository-url: https://test.pypi.org/legacy/
           verbose: true
 
       - name: Comment on PR
         if: steps.version_check.outputs.exists != 'true'
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           VERSION: ${{ env.VERSION }}
         with:

.github/workflows/release.yml

@@ -10,10 +10,10 @@ jobs:
       id-token: write
       contents: read
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
           python-version: '3.x'
 
@@ -54,7 +54,7 @@ jobs:
 
       - name: Publish to PyPI
         if: steps.version_check.outputs.pypi_exists != 'true'
-        uses: pypa/gh-action-pypi-publish@v1.12.4
+        uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.4
 
       - name: Verify package is installable
         id: verify_package

.github/workflows/version-check.yml

@@ -11,7 +11,7 @@ jobs:
   check_version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           fetch-depth: 0  # Fetch all history for all branches
 
@@ -39,7 +39,7 @@ jobs:
           "
 
       - name: Manage PR Comment
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         if: always()
         env:
           MAIN_VERSION: ${{ env.MAIN_VERSION }}

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketdev"
-version = "3.0.7"
+version = "3.0.8"
 requires-python = ">= 3.9"
 dependencies = [
     'requests',

socketdev/__init__.py

@@ -24,6 +24,7 @@
 from socketdev.auditlog import AuditLog
 from socketdev.analytics import Analytics
 from socketdev.alerttypes import AlertTypes
+from socketdev.basics import Basics
 from socketdev.log import log
 
 __author__ = "socket.dev"
@@ -72,6 +73,7 @@ def __init__(self, token: str, timeout: int = 1200):
         self.auditlog = AuditLog(self.api)
         self.analytics = Analytics(self.api)
         self.alerttypes = AlertTypes(self.api)
+        self.basics = Basics(self.api)
 
     @staticmethod
     def set_timeout(timeout: int):

socketdev/basics/__init__.py

@@ -0,0 +1,120 @@
+import logging
+from typing import Optional, Union
+from dataclasses import dataclass, asdict
+
+log = logging.getLogger("socketdev")
+
+
+@dataclass
+class SocketBasicsConfig:
+    """Data class representing Socket Basics configuration settings."""
+    pythonSastEnabled: bool = False
+    golangSastEnabled: bool = False
+    javascriptSastEnabled: bool = False
+    secretScanningEnabled: bool = False
+    trivyImageEnabled: bool = False
+    trivyDockerfileEnabled: bool = False
+    socketScanningEnabled: bool = False
+    socketScaEnabled: bool = False
+    additionalParameters: str = ""
+
+    def __getitem__(self, key):
+        return getattr(self, key)
+
+    def to_dict(self):
+        return asdict(self)
+
+    @classmethod
+    def from_dict(cls, data: dict) -> "SocketBasicsConfig":
+        return cls(
+            pythonSastEnabled=data.get("pythonSastEnabled", False),
+            golangSastEnabled=data.get("golangSastEnabled", False),
+            javascriptSastEnabled=data.get("javascriptSastEnabled", False),
+            secretScanningEnabled=data.get("secretScanningEnabled", False),
+            trivyImageEnabled=data.get("trivyImageEnabled", False),
+            trivyDockerfileEnabled=data.get("trivyDockerfileEnabled", False),
+            socketScanningEnabled=data.get("socketScanningEnabled", False),
+            socketScaEnabled=data.get("socketScaEnabled", False),
+            additionalParameters=data.get("additionalParameters", ""),
+        )
+
+
+@dataclass
+class SocketBasicsResponse:
+    """Data class representing the response from Socket Basics API calls."""
+    success: bool
+    status: int
+    config: Optional[SocketBasicsConfig] = None
+    message: Optional[str] = None
+
+    def __getitem__(self, key):
+        return getattr(self, key)
+
+    def to_dict(self):
+        return asdict(self)
+
+    @classmethod
+    def from_dict(cls, data: dict) -> "SocketBasicsResponse":
+        return cls(
+            config=SocketBasicsConfig.from_dict(data) if data else None,
+            success=True,
+            status=200,
+        )
+
+
+class Basics:
+    """
+    Socket Basics API client for managing CI/CD security scanning configurations.
+    
+    Socket Basics is a security scanning suite that includes:
+    - SAST (Static Application Security Testing) for Python, Go, and JavaScript
+    - Secret scanning for hardcoded credentials
+    - Container security for Docker images and Dockerfiles
+    - Socket SCA dependency scanning
+    """
+
+    def __init__(self, api):
+        self.api = api
+
+    def get_config(
+        self, org_slug: str, use_types: bool = False
+    ) -> Union[dict, SocketBasicsResponse]:
+        """
+        Get Socket Basics configuration for an organization.
+
+        Args:
+            org_slug: Organization slug
+            use_types: Whether to return typed response objects (default: False)
+
+        Returns:
+            dict or SocketBasicsResponse: Configuration settings for Socket Basics
+
+        Example:
+            >>> basics = socketdev_client.basics
+            >>> config = basics.get_config("my-org")
+            >>> print(config["pythonSastEnabled"])
+            
+            >>> # Using typed response
+            >>> response = basics.get_config("my-org", use_types=True)
+            >>> print(response.config.pythonSastEnabled)
+        """
+        path = f"orgs/{org_slug}/settings/socket-basics"
+        response = self.api.do_request(path=path, method="GET")
+
+        if response.status_code == 200:
+            config_data = response.json()
+            if use_types:
+                return SocketBasicsResponse.from_dict(config_data)
+            return config_data
+
+        error_message = response.json().get("error", {}).get("message", "Unknown error")
+        log.error(f"Failed to get Socket Basics configuration: {response.status_code}, message: {error_message}")
+        
+        if use_types:
+            return SocketBasicsResponse(
+                success=False,
+                status=response.status_code,
+                config=None,
+                message=error_message
+            )
+        return {}

socketdev/basics/__pycache__/.gitkeep

@@ -0,0 +1 @@
+# This directory is created for the basics module

socketdev/version.py

@@ -1 +1 @@
-__version__ = "3.0.7"
+__version__ = "3.0.8"