ai_root_shield 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7aa3147f758f9775ee0b5739aa6edf8c6a905052b72760bbbe5991c80a2c4925
-  data.tar.gz: bc5d646ce2e6c86bceef124763ed0ff3168a70bb90c6946f24e8e37fe5310df4
+  metadata.gz: 7ab00a90d8cb8fbc0cb67c95ef7bc24b29b6cc9c77049be87d228b4dbdb6f4e8
+  data.tar.gz: c4be63597e34946070cea7ffd0d9d978cc3049923e5d4b86aca02fc2151f23df
 SHA512:
-  metadata.gz: 8a1160dbbbc26d2956ec0262ec5fbeeacce25335229cafdce11d88311bffe1fa040d060b47db07aff39344f3bd7f468433ea5ca2d4d768fc5d39d7e8b898de05
-  data.tar.gz: 0cfb012442a47483f041651fc47089348e115c1837583d54de71584f5678e5ccc34458f98adf40084f49d7149459e7c0d7f01fa9d8dd4af77b77ae76b06aeb44
+  metadata.gz: b22228772e76a7d77b02a42c1a448c5aa694cdf2c90fe193d489d71264fb2e9946090a72d49fe4c98a7670b65d56e3f6e872242ee950c4599effd52226801a65
+  data.tar.gz: 0e2e77706e50afb391d0fcf5c40ea2c541033392b279edb7a4fdd42087736724084cac47c9f046a39d908920dfd117811075428c057484864b13c4efa8e6bc4c

data/README.md

@@ -9,28 +9,41 @@
 > **Created by [Ahmet KAHRAMAN](https://ahmetxhero.web.app)** - Mobile Developer & Cyber Security Expert  
 > *"Security first, innovation always"* 🛡️
 
-An AI-powered Ruby library that performs comprehensive on-device compromise detection for mobile applications without requiring a backend. Protects against root/jailbreak, emulators, hooking frameworks, and provides behavioral risk analysis.
+An enterprise-grade AI-powered Ruby library that performs comprehensive cross-platform mobile security analysis. Features advanced platform-specific detection, hardware security validation, CI/CD integration, and enterprise SIEM connectivity - all without requiring a backend.
 
 ## Features
 
+### 🔒 Core Security Detection
 - **Root & Jailbreak Detection**: Comprehensive detection of rooted Android devices and jailbroken iOS devices
 - **Emulator/Simulator Detection**: Identifies virtual devices, emulators, and simulators
 - **Hooking Framework Detection**: Detects Frida, Xposed, Substrate, and other instrumentation tools
 - **Application Integrity Checks**: Validates app signatures and detects repackaging/tampering
 - **Network Security Analysis**: Identifies TLS issues, custom CAs, and MITM tools
-- **🆕 Advanced Network Security**: Certificate pinning helper and comprehensive proxy detection
-- **🆕 Enterprise Policy Management**: JSON-based customizable security rules and compliance validation
-- **🆕 Certificate Pinning Helper**: TLS public key pinning with easy integration
-- **🆕 Advanced Proxy Detection**: VPN, Tor, custom DNS, and MITM appliance detection
+
+### 🆕 v0.5.0 Platform-Specific Security Modules
+- **Android SafetyNet & Play Integrity API**: Native Google security API integration
+- **iOS Advanced Jailbreak Detection**: DYLD injection, sandbox escape, code signing validation
+- **Hardware Security Analysis**: TEE/SE validation, biometric consistency checks
+- **Cross-Platform Unified Reporting**: Standardized security reports across platforms
+
+### 🛠️ Developer Tools & CI/CD Integration
+- **CI/CD Security Testing Module**: Automated security tests for GitHub Actions, GitLab CI, Jenkins
+- **Web Dashboard**: Optional GUI for log analysis and risk visualization
+- **Risk Score Visualization**: Interactive charts, timelines, and heatmaps
+- **SIEM/SOC Integrations**: Splunk, Elastic Stack, QRadar, Sentinel, Sumo Logic, Datadog
+
+### 🔐 Advanced Security Features
+- **Certificate Pinning Helper**: TLS public key pinning with common CA support
+- **Advanced Proxy Detection**: VPN, Tor, custom DNS, and MITM appliance detection
+- **Enterprise Policy Management**: JSON-based customizable security rules and compliance
 - **RASP Protection**: Runtime Application Self-Protection with real-time threat blocking
-- **Anti-Debug Mechanisms**: Ptrace, GDB, LLDB detection and blocking
-- **Anti-Tamper Protection**: Code integrity and memory patch detection
-- **Dynamic Memory Protection**: Frida injection hook mitigation
-- **Runtime Integrity Monitor**: Critical function hash validation
 - **AI Behavioral Analysis**: ONNX-powered behavioral pattern analysis with anomaly detection
-- **ML-Based Emulator Detection**: Advanced machine learning techniques for emulator identification
-- **AI Confidence Scoring**: Confidence metrics integrated into risk assessment
+- **Hardware Attestation**: Android Key Attestation and iOS Device Check integration
+
+### 📊 Enterprise Features
+- **Compliance Frameworks**: OWASP MASVS, NIST, ISO 27001, PCI DSS, GDPR support
 - **Risk Scoring System**: Comprehensive risk assessment with weighted factors (0-100 scale)
+- **Threat Intelligence**: IoC extraction and attack vector identification
 - **CLI Tool**: Command-line interface with multiple output formats
 - **Privacy-First**: Completely offline, no data collection or external dependencies
 
@@ -68,6 +81,50 @@ puts result[:risk_score]  # => 87
 puts result[:factors]     # => ["ROOT_SU_FOUND", "FRIDA_GADGET", "TLS_UNPINNED"]
 ```
 
+### v0.5.0 Platform-Specific Analysis
+
+```ruby
+require "ai_root_shield"
+
+# Load device logs
+device_logs = JSON.parse(File.read("device_logs/android_device.json"))
+
+# Android-specific security analysis
+android_results = AiRootShield.analyze_android_security(device_logs, {
+  api_key: "your_safetynet_api_key",
+  package_name: "com.yourapp.package"
+})
+
+puts "SafetyNet Basic Integrity: #{android_results[:safetynet][:basic_integrity]}"
+puts "Play Integrity Verdict: #{android_results[:play_integrity][:device_verdict]}"
+puts "Hardware TEE Available: #{android_results[:hardware_security][:tee_available]}"
+
+# iOS-specific security analysis
+ios_logs = JSON.parse(File.read("device_logs/ios_device.json"))
+ios_results = AiRootShield.analyze_ios_security(ios_logs)
+
+puts "Jailbreak Detected: #{ios_results[:jailbreak_detection][:file_system_check][:detected]}"
+puts "Code Signing Valid: #{ios_results[:code_signing][:main_bundle_signed]}"
+puts "Secure Enclave Available: #{ios_results[:hardware_security][:secure_enclave_available]}"
+
+# Hardware security analysis
+hardware_analysis = AiRootShield.analyze_hardware_security(device_logs, 'android')
+puts "Hardware Security Score: #{hardware_analysis[:security_score]}"
+
+# Generate unified cross-platform report
+unified_report = AiRootShield.generate_unified_report(
+  android_results: android_results,
+  ios_results: ios_results,
+  metadata: {
+    app_name: "MySecureApp",
+    app_version: "1.0.0",
+    organization: "MyCompany"
+  }
+)
+
+puts "Overall Risk Level: #{unified_report[:unified_risk_assessment][:risk_level]}"
+```
+
 ### Advanced Configuration
 
 ```ruby
@@ -94,6 +151,76 @@ actions = AiRootShield::RiskCalculator.recommended_actions(result[:factors])
 actions.each { |action| puts "→ #{action}" }
 ```
 
+### CI/CD Integration (New in v0.5.0)
+
+```ruby
+# Run security tests in CI/CD pipeline
+test_results = AiRootShield.run_ci_cd_tests("device_logs/sample.json", {
+  fail_on_high_risk: true,
+  risk_threshold: 70,
+  report_format: 'json',
+  artifacts_path: './security_artifacts'
+})
+
+puts "Pipeline Result: #{test_results[:pipeline_result][:result]}"
+
+# Generate CI/CD configuration
+github_config = AiRootShield.generate_ci_config('github_actions')
+File.write('.github/workflows/security.yml', github_config)
+
+gitlab_config = AiRootShield.generate_ci_config('gitlab_ci')
+File.write('.gitlab-ci.yml', gitlab_config)
+```
+
+### SIEM Integration (New in v0.5.0)
+
+```ruby
+# Configure SIEM connector
+AiRootShield.configure_siem(:splunk, {
+  api_endpoint: 'https://your-splunk-instance.com:8088',
+  api_key: 'your-hec-token',
+  index: 'mobile_security'
+})
+
+# Send security events to SIEM
+analysis_results = AiRootShield.analyze_android_security(device_logs)
+AiRootShield.send_to_siem(analysis_results, {
+  device_id: 'device-123',
+  user_id: 'user-456',
+  app_version: '1.0.0'
+})
+
+# Configure multiple SIEM platforms
+elastic_connector = AiRootShield.configure_siem(:elastic, {
+  api_endpoint: 'https://your-elastic-cluster.com',
+  api_key: 'your-api-key',
+  index: 'ai-root-shield-events'
+})
+
+datadog_connector = AiRootShield.configure_siem(:datadog, {
+  api_endpoint: 'https://api.datadoghq.com',
+  api_key: 'your-datadog-api-key'
+})
+```
+
+### Web Dashboard (New in v0.5.0)
+
+```ruby
+# Start the web dashboard
+AiRootShield.start_dashboard({
+  port: 4567,
+  bind: '0.0.0.0'
+})
+
+# Dashboard will be available at http://localhost:4567
+# Features:
+# - Real-time security analysis
+# - Risk score visualization
+# - Interactive charts and heatmaps
+# - Historical trend analysis
+# - Compliance reporting
+```
+
 ### CLI Usage
 
 The gem includes a command-line interface:
@@ -102,6 +229,23 @@ The gem includes a command-line interface:
 # Basic scan
 $ ai_root_shield device_logs/sample.json
 
+# Platform-specific analysis
+$ ai_root_shield --platform android --safetynet-api-key YOUR_KEY device_logs/android.json
+$ ai_root_shield --platform ios --enable-jailbreak-detection device_logs/ios.json
+
+# CI/CD mode with artifacts
+$ ai_root_shield --ci-mode --format json --artifacts-path ./reports device_logs/sample.json
+
+# SIEM integration
+$ ai_root_shield --siem splunk --siem-endpoint https://splunk.com:8088 --siem-token TOKEN device_logs/sample.json
+
+# Web dashboard
+$ ai_root_shield --start-dashboard --port 8080
+
+# Generate CI/CD configs
+$ ai_root_shield --generate-ci-config github-actions > .github/workflows/security.yml
+$ ai_root_shield --generate-ci-config gitlab-ci > .gitlab-ci.yml
+
 # With options
 $ ai_root_shield --format text --threshold 60 device_logs/sample.json
 
@@ -365,9 +509,11 @@ See the `examples/device_logs/` directory for complete examples.
 
 - **v0.1** ✅ Static root/jailbreak checks
 - **v0.2** ✅ Emulator/simulator detection + TLS pinning helper
-- **v0.3** 🔄 AI behavioral model (ONNX inference)
-- **v0.4** 📋 Enhanced hooking/instrumentation detection
-- **v1.0** 🎯 Full compromise detection with comprehensive risk scoring
+- **v0.3** ✅ AI behavioral model (ONNX inference) + RASP protection
+- **v0.4** ✅ Advanced network security + enterprise policy management
+- **v0.5** ✅ Platform-specific modules + CI/CD integration + SIEM connectivity
+- **v0.6** 🔄 Real-time threat feeds + ML model updates
+- **v1.0** 🎯 Enterprise security orchestration platform
 
 ## 🤝 Contributing
 

data/exe/ai_root_shield

@@ -3,6 +3,7 @@
 
 require "optparse"
 require "json"
+require "fileutils"
 require_relative "../lib/ai_root_shield"
 
 # Command line interface for AI Root Shield
@@ -24,13 +25,37 @@ class AiRootShieldCLI
       enable_certificate_pinning: false,
       enable_proxy_detection: false,
       target_ip: nil,
-      target_url: nil
+      target_url: nil,
+      # v0.5.0 new options
+      platform: nil,
+      safetynet_api_key: nil,
+      package_name: nil,
+      ci_mode: false,
+      artifacts_path: './security_test_artifacts',
+      siem_platform: nil,
+      siem_endpoint: nil,
+      siem_token: nil,
+      start_dashboard: false,
+      dashboard_port: 4567,
+      generate_ci_config: nil,
+      enable_unified_reporting: false
     }
   end
 
   def run(args)
     parse_options(args)
     
+    # Handle special commands first
+    if @options[:start_dashboard]
+      start_dashboard
+      return
+    end
+    
+    if @options[:generate_ci_config]
+      generate_ci_config
+      return
+    end
+    
     if args.empty?
       puts "Error: Please provide a device logs file path"
       puts "Usage: ai_root_shield [options] <device_logs.json>"
@@ -45,6 +70,15 @@ class AiRootShieldCLI
     end
 
     begin
+      # Configure SIEM if provided
+      if @options[:siem_platform] && @options[:siem_endpoint] && @options[:siem_token]
+        puts "Configuring SIEM integration (#{@options[:siem_platform]})..." if @options[:verbose]
+        AiRootShield.configure_siem(@options[:siem_platform].to_sym, {
+          api_endpoint: @options[:siem_endpoint],
+          api_key: @options[:siem_token]
+        })
+      end
+      
       # Configure enterprise policy if provided
       if @options[:policy_file]
         puts "Loading enterprise policy from #{@options[:policy_file]}..." if @options[:verbose]
@@ -83,7 +117,23 @@ class AiRootShieldCLI
         sleep(@options[:rasp_monitoring_time])
       end
       
-      result = AiRootShield.scan_device_with_config(device_logs_path, @options)
+      # Run analysis based on mode
+      if @options[:ci_mode]
+        result = run_ci_cd_analysis(device_logs_path)
+      elsif @options[:platform]
+        result = run_platform_specific_analysis(device_logs_path)
+      else
+        result = AiRootShield.scan_device_with_config(device_logs_path, @options)
+      end
+      
+      # Send to SIEM if configured
+      if @options[:siem_platform]
+        puts "Sending results to SIEM..." if @options[:verbose]
+        AiRootShield.send_to_siem(result, {
+          cli_version: AiRootShield::VERSION,
+          scan_timestamp: Time.now.utc.iso8601
+        })
+      end
       
       # Add RASP status to result if enabled
       if @options[:enable_rasp_protection] && AiRootShield.rasp_active?
@@ -184,6 +234,70 @@ class AiRootShieldCLI
         @options[:target_url] = url
       end
 
+      # v0.5.0 Platform-specific options
+      opts.separator ""
+      opts.separator "Platform-specific Analysis (v0.5.0):"
+
+      opts.on("--platform PLATFORM", ["android", "ios"], "Platform-specific analysis (android, ios)") do |platform|
+        @options[:platform] = platform
+      end
+
+      opts.on("--safetynet-key KEY", "Google SafetyNet API key for Android analysis") do |key|
+        @options[:safetynet_api_key] = key
+      end
+
+      opts.on("--package-name NAME", "Android package name for analysis") do |name|
+        @options[:package_name] = name
+      end
+
+      opts.on("--unified-report", "Generate unified cross-platform report") do
+        @options[:enable_unified_reporting] = true
+      end
+
+      # CI/CD Integration options
+      opts.separator ""
+      opts.separator "CI/CD Integration (v0.5.0):"
+
+      opts.on("--ci-mode", "Run in CI/CD mode with test artifacts") do
+        @options[:ci_mode] = true
+      end
+
+      opts.on("--artifacts-path PATH", "Path for CI/CD test artifacts (default: ./security_test_artifacts)") do |path|
+        @options[:artifacts_path] = path
+      end
+
+      opts.on("--generate-ci-config PLATFORM", ["github", "gitlab", "jenkins", "azure"], "Generate CI config for platform") do |platform|
+        @options[:generate_ci_config] = platform
+      end
+
+      # SIEM Integration options
+      opts.separator ""
+      opts.separator "SIEM Integration (v0.5.0):"
+
+      opts.on("--siem-platform PLATFORM", ["splunk", "elastic", "qradar", "sentinel", "datadog", "chronicle", "arcsight"], "SIEM platform") do |platform|
+        @options[:siem_platform] = platform
+      end
+
+      opts.on("--siem-endpoint URL", "SIEM API endpoint URL") do |url|
+        @options[:siem_endpoint] = url
+      end
+
+      opts.on("--siem-token TOKEN", "SIEM API authentication token") do |token|
+        @options[:siem_token] = token
+      end
+
+      # Dashboard options
+      opts.separator ""
+      opts.separator "Dashboard (v0.5.0):"
+
+      opts.on("--start-dashboard", "Start web dashboard server") do
+        @options[:start_dashboard] = true
+      end
+
+      opts.on("--dashboard-port PORT", Integer, "Dashboard port (default: 4567)") do |port|
+        @options[:dashboard_port] = port
+      end
+
       opts.on("-h", "--help", "Show this help message") do
         puts opts
         exit
@@ -280,14 +394,113 @@ class AiRootShieldCLI
   end
 
   def output_summary_format(result)
-    risk_level = AiRootShield::RiskCalculator.risk_level_description(result[:risk_score])
+    # Handle unified report format
+    if result[:executive_summary]
+      risk_level = result[:executive_summary][:overall_risk_level]
+      security_score = result[:executive_summary][:security_posture_score]
+      threat_count = result[:executive_summary][:critical_findings]&.length || 0
+      
+      puts "Risk Level: #{risk_level} (Security Score: #{security_score}/100)"
+      puts "Threats: #{threat_count} critical findings detected"
+      
+      if result[:executive_summary][:key_recommendations]&.any?
+        puts "Primary Concerns: #{result[:executive_summary][:key_recommendations].first(3).join(', ')}"
+      end
+    else
+      # Handle regular analysis format
+      risk_level = AiRootShield::RiskCalculator.risk_level_description(result[:risk_score])
+      
+      puts "Risk Level: #{risk_level} (#{result[:risk_score]}/100)"
+      puts "Threats: #{result[:factors]&.length || 0} detected"
+      
+      if result[:factors]&.any?
+        puts "Primary Concerns: #{result[:factors].first(3).join(', ')}"
+      end
+    end
+  end
+
+  # v0.5.0 New Methods
+  def run_platform_specific_analysis(device_logs_path)
+    puts "Running #{@options[:platform]} platform-specific analysis..." if @options[:verbose]
     
-    puts "Risk Level: #{risk_level} (#{result[:risk_score]}/100)"
-    puts "Threats: #{result[:factors].length} detected"
+    case @options[:platform]
+    when 'android'
+      config = {}
+      config[:safetynet_api_key] = @options[:safetynet_api_key] if @options[:safetynet_api_key]
+      config[:package_name] = @options[:package_name] if @options[:package_name]
+      
+      result = AiRootShield.analyze_android_device(device_logs_path, config)
+    when 'ios'
+      result = AiRootShield.analyze_ios_device(device_logs_path)
+    else
+      raise "Unsupported platform: #{@options[:platform]}"
+    end
     
-    if result[:factors].any?
-      puts "Primary Concerns: #{result[:factors].first(3).join(', ')}"
+    if @options[:enable_unified_reporting]
+      puts "Generating unified cross-platform report..." if @options[:verbose]
+      case @options[:platform]
+      when 'android'
+        unified_result = AiRootShield.generate_unified_report(android_results: result)
+      when 'ios'
+        unified_result = AiRootShield.generate_unified_report(ios_results: result)
+      end
+      return unified_result
     end
+    
+    result
+  end
+
+  def run_ci_cd_analysis(device_logs_path)
+    puts "Running CI/CD security analysis..." if @options[:verbose]
+    
+    # Create artifacts directory
+    Dir.mkdir(@options[:artifacts_path]) unless Dir.exist?(@options[:artifacts_path])
+    
+    # Run CI/CD tests
+    result = AiRootShield.run_ci_cd_tests(device_logs_path, {
+      artifacts_path: @options[:artifacts_path],
+      verbose: @options[:verbose]
+    })
+    
+    puts "CI/CD test artifacts saved to: #{@options[:artifacts_path]}" if @options[:verbose]
+    result
+  end
+
+  def start_dashboard
+    puts "Starting AI Root Shield Dashboard on port #{@options[:dashboard_port]}..."
+    puts "Dashboard will be available at: http://localhost:#{@options[:dashboard_port]}"
+    puts "Press Ctrl+C to stop the dashboard"
+    
+    begin
+      AiRootShield.start_dashboard(@options[:dashboard_port])
+    rescue Interrupt
+      puts "\nDashboard stopped."
+    end
+  end
+
+  def generate_ci_config
+    puts "Generating CI/CD configuration for #{@options[:generate_ci_config]}..."
+    
+    config_content = AiRootShield.generate_ci_config(@options[:generate_ci_config].to_sym)
+    
+    filename = case @options[:generate_ci_config]
+    when 'github'
+      '.github/workflows/security-scan.yml'
+    when 'gitlab'
+      '.gitlab-ci.yml'
+    when 'jenkins'
+      'Jenkinsfile'
+    when 'azure'
+      'azure-pipelines.yml'
+    end
+    
+    # Create directory if needed
+    dir = File.dirname(filename)
+    FileUtils.mkdir_p(dir) unless Dir.exist?(dir) || dir == '.'
+    
+    File.write(filename, config_content)
+    puts "CI/CD configuration saved to: #{filename}"
+    puts "Please review and customize the configuration as needed."
   end
 end
 

data/lib/ai_root_shield/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AiRootShield
-  VERSION = "0.4.0"
+  VERSION = "0.5.0"
 end

data/lib/ai_root_shield.rb

@@ -15,6 +15,21 @@ require_relative "ai_root_shield/certificate_pinning_helper"
 require_relative "ai_root_shield/advanced_proxy_detector"
 require_relative "ai_root_shield/enterprise_policy_manager"
 
+# v0.5.0 Platform-specific security modules
+require_relative "ai_root_shield/platform/android_security_module"
+require_relative "ai_root_shield/platform/ios_security_module"
+require_relative "ai_root_shield/platform/hardware_security_analyzer"
+require_relative "ai_root_shield/platform/unified_report_generator"
+
+# v0.5.0 CI/CD and developer tools
+require_relative "ai_root_shield/ci_cd/security_test_module"
+
+# v0.5.0 Dashboard and visualization
+require_relative "ai_root_shield/dashboard/web_dashboard"
+
+# v0.5.0 Third-party integrations
+require_relative "ai_root_shield/integrations/siem_connector"
+
 module AiRootShield
   class Error < StandardError; end
 
@@ -23,6 +38,12 @@ module AiRootShield
   @policy_manager = nil
   @certificate_pinning = nil
   @proxy_detector = nil
+  @android_module = nil
+  @ios_module = nil
+  @hardware_analyzer = nil
+  @report_generator = nil
+  @ci_cd_module = nil
+  @siem_connector = nil
 
   # Main entry point for device scanning
   # @param device_logs_path [String] Path to device logs JSON file
@@ -133,6 +154,128 @@ module AiRootShield
     @proxy_detector
   end
 
+  # v0.5.0 Platform-specific security analysis
+  # Analyze Android device security using SafetyNet and Play Integrity APIs
+  # @param device_logs [Hash] Device logs data
+  # @param config [Hash] Configuration options
+  # @return [Hash] Android security analysis results
+  def self.analyze_android_security(device_logs, config = {})
+    @android_module ||= Platform::AndroidSecurityModule.new(config)
+    @android_module.analyze_device_security(device_logs)
+  end
+
+  # Analyze iOS device security with advanced jailbreak detection
+  # @param device_logs [Hash] Device logs data
+  # @return [Hash] iOS security analysis results
+  def self.analyze_ios_security(device_logs)
+    @ios_module ||= Platform::IosSecurityModule.new
+    @ios_module.analyze_device_security(device_logs)
+  end
+
+  # Analyze hardware security features (TEE/SE, biometrics)
+  # @param device_logs [Hash] Device logs data
+  # @param platform [String] Platform type ('android' or 'ios')
+  # @return [Hash] Hardware security analysis results
+  def self.analyze_hardware_security(device_logs, platform)
+    @hardware_analyzer ||= Platform::HardwareSecurityAnalyzer.new
+    @hardware_analyzer.analyze_hardware_security(device_logs, platform)
+  end
+
+  # Generate unified cross-platform security report
+  # @param android_results [Hash] Android analysis results
+  # @param ios_results [Hash] iOS analysis results
+  # @param metadata [Hash] Report metadata
+  # @return [Hash] Unified security report
+  def self.generate_unified_report(android_results: nil, ios_results: nil, metadata: {})
+    @report_generator ||= Platform::UnifiedReportGenerator.new
+    @report_generator.generate_unified_report(
+      android_results: android_results,
+      ios_results: ios_results,
+      metadata: metadata
+    )
+  end
+
+  # Run CI/CD security tests
+  # @param device_logs_path [String] Path to device logs file
+  # @param options [Hash] Test configuration options
+  # @return [Hash] CI/CD test results
+  def self.run_ci_cd_tests(device_logs_path, options = {})
+    @ci_cd_module ||= CiCd::SecurityTestModule.new(options)
+    @ci_cd_module.run_security_tests(device_logs_path, options)
+  end
+
+  # Generate CI/CD configuration for specified platform
+  # @param platform [String] CI/CD platform name
+  # @param options [Hash] Configuration options
+  # @return [String] CI/CD configuration content
+  def self.generate_ci_config(platform, options = {})
+    @ci_cd_module ||= CiCd::SecurityTestModule.new
+    @ci_cd_module.generate_ci_config(platform, options)
+  end
+
+  # Configure SIEM integration
+  # @param platform [Symbol] SIEM platform (:splunk, :elastic, etc.)
+  # @param config [Hash] SIEM configuration
+  # @return [Integrations::SiemConnector] SIEM connector instance
+  def self.configure_siem(platform, config = {})
+    @siem_connector = Integrations::SiemConnector.new(platform, config)
+  end
+
+  # Send security events to SIEM
+  # @param analysis_results [Hash] Security analysis results
+  # @param metadata [Hash] Event metadata
+  # @return [Hash] SIEM response
+  def self.send_to_siem(analysis_results, metadata = {})
+    return { error: "SIEM not configured" } unless @siem_connector
+    
+    @siem_connector.send_security_event(analysis_results, metadata)
+  end
+
+  # Start web dashboard
+  # @param port [Integer] Port number
+  def self.start_dashboard(port = 4567)
+    dashboard = AiRootShield::Dashboard::WebDashboard.new
+    dashboard.start(port)
+  end
+
+  # Platform-specific analysis methods for CLI
+  def self.analyze_android_device(device_logs_path, config = {})
+    device_logs = JSON.parse(File.read(device_logs_path))
+    android_module = AiRootShield::Platform::AndroidSecurityModule.new(
+      api_key: config[:safetynet_api_key],
+      package_name: config[:package_name]
+    )
+    android_module.analyze_device_security(device_logs)
+  end
+
+  def self.analyze_ios_device(device_logs_path, config = {})
+    device_logs = JSON.parse(File.read(device_logs_path))
+    ios_module = AiRootShield::Platform::IosSecurityModule.new
+    ios_module.analyze_device_security(device_logs)
+  end
+
+  # CI/CD integration method for CLI
+  def self.run_ci_cd_tests(device_logs_path, config = {})
+    ci_module = AiRootShield::CiCd::SecurityTestModule.new
+    ci_module.run_security_tests(device_logs_path, config)
+  end
+
+  # Generate CI configuration for CLI
+  def self.generate_ci_config(platform)
+    ci_module = AiRootShield::CiCd::SecurityTestModule.new
+    ci_module.generate_ci_config(platform)
+  end
+
+  # Generate unified cross-platform report for CLI
+  def self.generate_unified_report(android_results: nil, ios_results: nil, metadata: {})
+    report_generator = AiRootShield::Platform::UnifiedReportGenerator.new
+    report_generator.generate_unified_report(
+      android_results: android_results,
+      ios_results: ios_results,
+      metadata: metadata
+    )
+  end
+
   # Check if RASP protection is active
   # @return [Boolean] True if RASP protection is active
   def self.rasp_active?
@@ -148,11 +291,19 @@ module AiRootShield
       policy_configured: !@policy_manager.nil?,
       certificate_pinning_configured: !@certificate_pinning.nil?,
       proxy_detection_configured: !@proxy_detector.nil?,
+      siem_configured: !@siem_connector.nil?,
+      platform_modules: {
+        android_module: !@android_module.nil?,
+        ios_module: !@ios_module.nil?,
+        hardware_analyzer: !@hardware_analyzer.nil?,
+        report_generator: !@report_generator.nil?
+      },
       components: {
         rasp: @rasp_protection&.protection_status,
         policy: @policy_manager&.policy_statistics,
         certificate_pinning: @certificate_pinning&.pinning_status,
-        proxy_detection: @proxy_detector&.detection_statistics
+        proxy_detection: @proxy_detector&.detection_statistics,
+        siem: @siem_connector ? { platform: @siem_connector.instance_variable_get(:@platform) } : nil
       }
     }
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ai_root_shield
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Ahmet KAHRAMAN