fix(scan): match manifest filenames case-insensitively#1290
Merged
Benjamin Barslev Nielsen (barslev) merged 1 commit intov1.xfrom Apr 30, 2026
Merged
Conversation
The supported-file patterns returned by getReportSupportedFiles are lowercase (e.g. `pipfile`, `setup.py`), but real Python projects commonly ship capitalized names like `Pipfile` and `Pipfile.lock`. Without `nocase: true`, those files were silently dropped from `socket scan create` output, so only one manifest type per project ended up in the SBOM. Adds `nocase: true` to the four micromatch.some() calls used during scan-file selection (filterBySupportedScanFiles, createSupportedFilesFilter, isReportSupportedFile, and filterToCdxSpdxAndFactsFiles).
Martin Torp (mtorp)
approved these changes
Apr 30, 2026
Benjamin Barslev Nielsen (barslev)
deleted the
barslev/fix-support-for-pipfile-with-capital-p
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The supported-file patterns returned by getReportSupportedFiles are lowercase (e.g.
pipfile,setup.py), but real Python projects commonly ship capitalized names likePipfileandPipfile.lock. Withoutnocase: true, those files were silently dropped fromsocket scan createoutput, so only one manifest type per project ended up in the SBOM.Adds
nocase: trueto the four micromatch.some() calls used during scan-file selection (filterBySupportedScanFiles,createSupportedFilesFilter, isReportSupportedFile, and filterToCdxSpdxAndFactsFiles).
Note
Low Risk
Small, localized change to file-glob filtering behavior with added tests; low chance of unintended impact beyond including additional files in scans.
Overview
Fixes
socket scan createmanifest discovery to be case-insensitive by enablingmicromatchnocasematching in the scan-file selection paths (supported-manifest filtering and CDX/SPDX-only filtering), preventing files likePipfile/Pipfile.lockfrom being silently excluded.Adds unit coverage ensuring capitalized Python manifest filenames are picked up, and bumps the CLI version to
1.1.89with a corresponding changelog entry.Reviewed by Cursor Bugbot for commit 82030f1. Configure here.