Doug/fix trivy socket results (#2)

* Fixed build process and changed naming convention to work with uv

* Extensive updates to all components for improved functionality

Author: dacoburn

.gitmodules

@@ -0,0 +1,27 @@
+[submodule "app_tests/NodeGoat"]
+	path = app_tests/NodeGoat
+	url = https://github.com/OWASP/NodeGoat.git
+[submodule "app_tests/DVWA"]
+	path = app_tests/DVWA
+	url = https://github.com/digininja/DVWA.git
+[submodule "app_tests/WebGoat"]
+	path = app_tests/WebGoat
+	url = https://github.com/WebGoat/WebGoat.git
+[submodule "app_tests/juice-shop"]
+	path = app_tests/juice-shop
+	url = https://github.com/juice-shop/juice-shop.git
+[submodule "app_tests/railsgoat"]
+	path = app_tests/railsgoat
+	url = https://github.com/OWASP/railsgoat.git
+[submodule "app_tests/IWA-DotNet"]
+	path = app_tests/IWA-DotNet
+	url = https://github.com/fortify/IWA-DotNet.git
+[submodule "app_tests/pygoat"]
+	path = app_tests/pygoat
+	url = https://github.com/adeyosemanputra/pygoat.git
+[submodule "app_tests/DVIA-v2"]
+	path = app_tests/DVIA-v2
+	url = https://github.com/prateek147/DVIA-v2.git
+[submodule "app_tests/scala-woof"]
+	path = app_tests/scala-woof
+	url = https://github.com/snyk/scala-woof.git

.hooks/version-check.py

@@ -1,4 +1,23 @@
 #!/usr/bin/env python3
+"""
+Version management script for Socket Basics.
+
+This script:
+1. Ensures version.py and pyproject.toml are in sync
+2. Auto-bumps version on commits if unchanged
+3. Automatically updates version references in:
+   - README.md (GitHub Action versions and Docker build tags)
+   - docs/github-action.md (all action version references)
+   - docs/pre-commit-hook.md (Docker build tags)
+
+Pattern matching:
+- GitHub Actions: SocketDev/[email protected] -> @vNEW_VERSION
+- Docker builds: docker build -t IMAGE_NAME -> docker build -t IMAGE_NAME:NEW_VERSION
+
+Usage:
+- Normal commit: Will auto-bump patch version if unchanged
+- Dev mode: python3 .hooks/version-check.py --dev
+"""
 import subprocess
 import pathlib
 import re
@@ -8,9 +27,18 @@
 
 VERSION_FILE = pathlib.Path("socket_basics/version.py")
 PYPROJECT_FILE = pathlib.Path("pyproject.toml")
+README_FILES = [
+    pathlib.Path("README.md"),
+    pathlib.Path("docs/github-action.md"),
+    pathlib.Path("docs/pre-commit-hook.md"),
+]
 
 VERSION_PATTERN = re.compile(r"__version__\s*=\s*['\"]([^'\"]+)['\"]")
 PYPROJECT_PATTERN = re.compile(r'^version\s*=\s*"([^"]+)"$', re.MULTILINE)
+# Pattern to match SocketDev/[email protected] or @vX.X.X
+ACTION_VERSION_PATTERN = re.compile(r'(SocketDev/socket-basics|socket-basics)@v\d+\.\d+\.\d+')
+# Pattern to match docker build with version tag
+DOCKER_BUILD_PATTERN = re.compile(r'docker build -t (socketdev/socket-basics|socket-basics)(?::\d+\.\d+\.\d+)?')
 # Update this URL to match your actual PyPI package if you publish it
 PYPI_API = "https://pypi.org/pypi/security-wrapper/json"
 
@@ -71,6 +99,31 @@ def find_next_available_dev_version(base_version: str) -> str:
     print("❌ Could not find available .devN slot after 100 attempts.")
     sys.exit(1)
 
+def update_readme_versions(version: str):
+    """Update version references in README files"""
+    for readme_file in README_FILES:
+        if not readme_file.exists():
+            print(f"⚠️ {readme_file} not found, skipping")
+            continue
+        
+        content = readme_file.read_text()
+        original_content = content
+        
+        # Update action version references (SocketDev/[email protected])
+        content = ACTION_VERSION_PATTERN.sub(rf'\1@v{version}', content)
+        
+        # Update docker build commands to include version tag
+        def docker_replacement(match):
+            image_name = match.group(1)
+            return f'docker build -t {image_name}:{version}'
+        content = DOCKER_BUILD_PATTERN.sub(docker_replacement, content)
+        
+        if content != original_content:
+            readme_file.write_text(content)
+            print(f"✅ Updated version references in {readme_file}")
+        else:
+            print(f"ℹ️  No version updates needed in {readme_file}")
+
 def inject_version(version: str):
     print(f"🔁 Updating version to: {version}")
 
@@ -85,6 +138,9 @@ def inject_version(version: str):
         print(f"✅ Updated {PYPROJECT_FILE}")
     else:
         print(f"⚠️ Could not find version field in {PYPROJECT_FILE}")
+    
+    # Update README files with version references
+    update_readme_versions(version)
 
 def check_version_sync():
     """Ensure version.py and pyproject.toml are in sync"""

Dockerfile

@@ -2,47 +2,35 @@
 FROM python:3.12
 
 # Create application directory
-WORKDIR /socket-security-tools
+WORKDIR /socket-basics
 ENV PATH=$PATH:/usr/local/go/bin
 
 # Install uv
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
-# Install Trivy
-RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.3
-
-# Install Trufflehog
-RUN curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
-
-
+# Install system dependencies
 RUN apt-get update && apt-get install -y curl git wget
 
 # Install Trivy
-RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.3
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.67.2
 
 # Install Trufflehog
 RUN curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
 
 # Install OpenGrep (connector/runtime dependency)
 RUN curl -fsSL https://raw.githubusercontent.com/opengrep/opengrep/main/install.sh | bash
 
-# Copy socket_basics package so we can install the CLI entrypoint
-COPY socket_basics /socket-security-tools/socket_basics
-# Also copy the project root so editable install has access to all files
-COPY . /socket-security-tools/
-
-COPY pyproject.toml uv.lock LICENSE README.md /scripts/
-# Install Python dependencies using uv
-WORKDIR /scripts
-RUN uv sync --frozen && uv pip install light-s3-client
-ENV PATH="/scripts/.venv/bin:/root/.opengrep/cli/latest:$PATH"
-
-# Install this package so the `socket-basics` CLI entrypoint is available
-WORKDIR /socket-security-tools
-# Ensure python can import package if install doesn't run; prefer installed package
-ENV PYTHONPATH="/socket-security-tools:${PYTHONPATH}"
-# Ensure pyproject is present for editable install; fail loudly if install fails
-RUN uv pip install -e . || pip install -e .
+# Copy the specific files needed for the project
+COPY socket_basics /socket-basics/socket_basics
+COPY pyproject.toml /socket-basics/pyproject.toml
+COPY README.md /socket-basics/README.md
+COPY LICENSE /socket-basics/LICENSE
+COPY uv.lock /socket-basics/uv.lock
+
+# Install Python dependencies using uv from the project root
+WORKDIR /socket-basics
+RUN pip install -e . && uv sync --frozen --no-dev
+ENV PATH="/socket-basics/.venv/bin:/root/.opengrep/cli/latest:$PATH"
 
 # Use socket-basics as the default entrypoint
 ENTRYPOINT ["socket-basics"]