feat: add SKIP_SOCKET_REACH and SKIP_SOCKET_SUBMISSION env vars for Node.js Socket CLI integration#29
Open
feat: add SKIP_SOCKET_REACH and SKIP_SOCKET_SUBMISSION env vars for Node.js Socket CLI integration#29
Conversation
jdalton
force-pushed
the
feat/skip-socket-submission
branch
3 times, most recently
from
a4cdfd2 to
5b512f9
Compare
jdalton
changed the title
jdalton
force-pushed
the
feat/skip-socket-submission
branch
3 times, most recently
from
26a05e5 to
2dc1dbb
Compare
billxinli
reviewed
Feb 10, 2026
…riables for CLI integration Add support for environment variables to allow external tools (like the Node.js Socket CLI) to skip specific operations and collect data for unified API submission. SKIP_SOCKET_SUBMISSION: - Skip Socket API submission while still generating .socket.facts.json - Socket Basics completes all scanning and generates the facts file - Allows external tools to collect and submit in a unified API call SKIP_SOCKET_REACH: - Skip Socket Tier 1 reachability analysis - Allows external tools to skip redundant reachability scans - Useful when reachability analysis is performed separately Benefits: - Single scan ID for all findings (supply chain + SAST + secrets + containers + reachability) - Unified dashboard view - Better performance via parallel execution - No duplicate API submissions - Flexible workflow integration Implementation: - Added SKIP_SOCKET_SUBMISSION check in submit_socket_facts() - Added SKIP_SOCKET_REACH check in SocketTier1Scanner.scan() - Returns early when environment variables are set - Documented in README under Integration Environment Variables
jdalton
force-pushed
the
feat/skip-socket-submission
branch
from
2dc1dbb to
ea1c5e9
Compare
divmain
approved these changes
Feb 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add support for
SKIP_SOCKET_REACHandSKIP_SOCKET_SUBMISSIONenv vars to enable Node.js Socket CLI integration. This allows the Node.js Socket CLI to run socket-basics in the background, collect the.socket.facts.jsonfile, and submit it along with manifest data in a unified API call.Motivation
The npm Socket CLI wants to integrate socket-basics. To achieve this:
Without this change, socket-basics would submit independently, creating fragmented results.
Changes
Code Changes
socket_basics/socket_basics.py: Added environment variable check insubmit_socket_facts()SKIP_SOCKET_REACH=1, skips tier 1 reachability scans (coana)SKIP_SOCKET_SUBMISSION=1, skips Socket API submission.socket.facts.jsonwith all findingssocket_facts_pathin results for downstream toolsDocumentation Changes
README.md: Added "Integration Environment Variables" sectionSKIP_SOCKET_REACHandSKIP_SOCKET_SUBMISSIONHow It Works