@clear-capabilities/agentic-security-scanner 0.76.1 → 0.78.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/bin/.agentic-security/findings.json +320 -9
  2. package/bin/.agentic-security/last-scan.json +320 -9
  3. package/bin/.agentic-security/last-scan.json.sig +1 -1
  4. package/bin/.agentic-security/scan-history.json +17 -377
  5. package/bin/.agentic-security/streak.json +11 -16
  6. package/bin/agentic-security.js +33 -2
  7. package/dist/178.index.js +1 -1
  8. package/dist/384.index.js +1 -1
  9. package/dist/637.index.js +1 -1
  10. package/dist/718.index.js +106 -0
  11. package/dist/824.index.js +126 -0
  12. package/dist/838.index.js +1 -1
  13. package/dist/agentic-security.mjs +32 -32
  14. package/dist/agentic-security.mjs.sha256 +1 -1
  15. package/package.json +7 -7
  16. package/src/.agentic-security/findings.json +5731 -3933
  17. package/src/.agentic-security/last-scan.json +5731 -3933
  18. package/src/.agentic-security/last-scan.json.sig +1 -1
  19. package/src/.agentic-security/scan-history.json +2533 -887
  20. package/src/.agentic-security/streak.json +11 -16
  21. package/src/dataflow/.agentic-security/findings.json +52 -24
  22. package/src/dataflow/.agentic-security/last-scan.json +52 -24
  23. package/src/dataflow/.agentic-security/last-scan.json.sig +1 -1
  24. package/src/dataflow/.agentic-security/scan-history.json +101 -134
  25. package/src/dataflow/.agentic-security/streak.json +8 -10
  26. package/src/dataflow/async-sequencing.js +16 -7
  27. package/src/dataflow/builtin-summaries.js +131 -0
  28. package/src/dataflow/catalog.js +107 -0
  29. package/src/dataflow/cross-repo.js +75 -1
  30. package/src/dataflow/engine.js +129 -0
  31. package/src/dataflow/implicit-flow.js +24 -6
  32. package/src/dataflow/stub-aware-filter.js +69 -11
  33. package/src/dataflow/summaries.js +28 -3
  34. package/src/engine-parallel.js +70 -0
  35. package/src/engine.js +165 -15
  36. package/src/ir/.agentic-security/findings.json +757 -16
  37. package/src/ir/.agentic-security/last-scan.json +757 -16
  38. package/src/ir/.agentic-security/last-scan.json.sig +1 -1
  39. package/src/ir/.agentic-security/scan-history.json +545 -138
  40. package/src/ir/.agentic-security/streak.json +11 -13
  41. package/src/ir/index.js +22 -1
  42. package/src/ir/parser-go.js +403 -0
  43. package/src/ir/parser-js.js +2 -0
  44. package/src/ir/parser-php.js +330 -0
  45. package/src/ir/parser-py.helper.py +137 -11
  46. package/src/ir/parser-rb.js +309 -0
  47. package/src/posture/.agentic-security/findings.json +407 -84
  48. package/src/posture/.agentic-security/last-scan.json +407 -84
  49. package/src/posture/.agentic-security/last-scan.json.sig +1 -1
  50. package/src/posture/.agentic-security/scan-history.json +16 -4923
  51. package/src/posture/.agentic-security/streak.json +10 -14
  52. package/src/posture/calibration.js +14 -0
  53. package/src/posture/triage.js +13 -0
  54. package/src/report/.agentic-security/findings.json +6 -5
  55. package/src/report/.agentic-security/last-scan.json +6 -5
  56. package/src/report/.agentic-security/last-scan.json.sig +1 -1
  57. package/src/report/.agentic-security/scan-history.json +3 -300
  58. package/src/report/.agentic-security/streak.json +7 -8
  59. package/src/report/index.js +23 -2
  60. package/src/sast/.agentic-security/findings.json +195 -56
  61. package/src/sast/.agentic-security/last-scan.json +195 -56
  62. package/src/sast/.agentic-security/last-scan.json.sig +1 -1
  63. package/src/sast/.agentic-security/scan-history.json +14 -394
  64. package/src/sast/.agentic-security/streak.json +10 -13
  65. package/src/sast/cache-poisoning.js +77 -0
  66. package/src/sast/comparison-safety.js +73 -0
  67. package/src/sast/db-taint.js +54 -0
  68. package/src/sast/graphql.js +127 -0
  69. package/src/sast/llm-stored-prompt.js +57 -0
  70. package/src/sast/mutation-xss.js +43 -0
  71. package/src/sast/nosql-injection.js +5 -0
  72. package/src/sast/null-byte-injection.js +76 -0
  73. package/src/sast/redos-nfa.js +338 -0
  74. package/src/sast/sensitive-data-logging.js +73 -0
  75. package/src/sast/weak-password-hash.js +77 -0
  76. package/src/sast/weak-randomness.js +100 -0
  77. package/src/sca/.agentic-security/findings.json +502 -11
  78. package/src/sca/.agentic-security/last-scan.json +502 -11
  79. package/src/sca/.agentic-security/last-scan.json.sig +1 -1
  80. package/src/sca/.agentic-security/scan-history.json +19 -1
  81. package/src/sca/.agentic-security/streak.json +6 -6
  82. package/src/sca/llm-function-extract.js +107 -0
  83. package/src/sca/vendor-detect.js +91 -0
  84. package/dist/218.index.js +0 -793
  85. package/dist/601.index.js +0 -1038
  86. package/dist/634.index.js +0 -1892
  87. package/src/integrations/.agentic-security/findings.json +0 -1504
  88. package/src/integrations/.agentic-security/last-scan.json +0 -1504
  89. package/src/integrations/.agentic-security/scan-history.json +0 -40
  90. package/src/integrations/.agentic-security/streak.json +0 -21
  91. package/src/llm-validator/.agentic-security/findings.json +0 -1891
  92. package/src/llm-validator/.agentic-security/last-scan.json +0 -1891
  93. package/src/llm-validator/.agentic-security/last-scan.json.sig +0 -1
  94. package/src/llm-validator/.agentic-security/scan-history.json +0 -168
  95. package/src/llm-validator/.agentic-security/streak.json +0 -20
  96. package/src/lsp/.agentic-security/findings.json +0 -28
  97. package/src/lsp/.agentic-security/last-scan.json +0 -28
  98. package/src/lsp/.agentic-security/scan-history.json +0 -79
  99. package/src/lsp/.agentic-security/streak.json +0 -22
  100. package/src/mcp/.agentic-security/findings.json +0 -8403
  101. package/src/mcp/.agentic-security/last-scan.json +0 -8403
  102. package/src/mcp/.agentic-security/last-scan.json.sig +0 -1
  103. package/src/mcp/.agentic-security/scan-history.json +0 -1182
  104. package/src/mcp/.agentic-security/streak.json +0 -22
  105. package/src/sast/bench-shape/.agentic-security/findings.json +0 -28
  106. package/src/sast/bench-shape/.agentic-security/last-scan.json +0 -28
  107. package/src/sast/bench-shape/.agentic-security/scan-history.json +0 -24
  108. package/src/sast/bench-shape/.agentic-security/streak.json +0 -22
package/src/mcp/.agentic-security/streak.json DELETED
@@ -1,22 +0,0 @@
1
- {
2
- "firstScanDate": "2026-05-18T16:19:09.478Z",
3
- "lastScanDate": "2026-05-24T15:10:46.517Z",
4
- "totalScans": 51,
5
- "daysCleanCritical": 1,
6
- "lastCleanDate": "2026-05-24",
7
- "lastCriticalDate": null,
8
- "hasEverHadCritical": false,
9
- "bestDaysCleanCritical": 2,
10
- "totalFindingsAtFirstScan": 4,
11
- "totalFindingsAtLastScan": 39,
12
- "totalFixesInferred": 0,
13
- "lastGrade": "A-",
14
- "bestGrade": "A",
15
- "launchCheckPassedAt": null,
16
- "achievements": [
17
- "first-scan",
18
- "grade-a",
19
- "scan-veteran-25"
20
- ],
21
- "previousGrade": "A-"
22
- }
package/src/sast/bench-shape/.agentic-security/findings.json DELETED
@@ -1,28 +0,0 @@
1
- {
2
- "scanId": "dc3f3a4e-866e-4a96-a3cf-95d740227eca",
3
- "startedAt": "2026-05-18T14:34:38.677Z",
4
- "durationMs": 64,
5
- "scanned": {
6
- "files": 1,
7
- "lines": 0
8
- },
9
- "findings": [],
10
- "bundles": [],
11
- "routes": [],
12
- "components": [],
13
- "suppressedCount": 1,
14
- "blastRadiusSignals": {
15
- "industry": "generic",
16
- "industryConfidence": "low",
17
- "jurisdictions": [],
18
- "controls": [],
19
- "estimatedUsers": 50,
20
- "revenueIndicator": "pre-revenue",
21
- "hasStripe": false,
22
- "hasAuth": false,
23
- "hasUserTable": false,
24
- "hasPII": false,
25
- "hasPHI": false,
26
- "hasS3": false
27
- }
28
- }
package/src/sast/bench-shape/.agentic-security/last-scan.json DELETED
@@ -1,28 +0,0 @@
1
- {
2
- "scanId": "dc3f3a4e-866e-4a96-a3cf-95d740227eca",
3
- "startedAt": "2026-05-18T14:34:38.677Z",
4
- "durationMs": 64,
5
- "scanned": {
6
- "files": 1,
7
- "lines": 0
8
- },
9
- "findings": [],
10
- "bundles": [],
11
- "routes": [],
12
- "components": [],
13
- "suppressedCount": 1,
14
- "blastRadiusSignals": {
15
- "industry": "generic",
16
- "industryConfidence": "low",
17
- "jurisdictions": [],
18
- "controls": [],
19
- "estimatedUsers": 50,
20
- "revenueIndicator": "pre-revenue",
21
- "hasStripe": false,
22
- "hasAuth": false,
23
- "hasUserTable": false,
24
- "hasPII": false,
25
- "hasPHI": false,
26
- "hasS3": false
27
- }
28
- }
package/src/sast/bench-shape/.agentic-security/scan-history.json DELETED
@@ -1,24 +0,0 @@
1
- [
2
- {
3
- "timestamp": "2026-05-18T14:28:11.803Z",
4
- "label": "scan",
5
- "total": 0,
6
- "critical": 0,
7
- "high": 0,
8
- "medium": 0,
9
- "low": 0,
10
- "kev": 0,
11
- "ids": []
12
- },
13
- {
14
- "timestamp": "2026-05-18T14:34:38.741Z",
15
- "label": "scan",
16
- "total": 0,
17
- "critical": 0,
18
- "high": 0,
19
- "medium": 0,
20
- "low": 0,
21
- "kev": 0,
22
- "ids": []
23
- }
24
- ]
package/src/sast/bench-shape/.agentic-security/streak.json DELETED
@@ -1,22 +0,0 @@
1
- {
2
- "firstScanDate": "2026-05-18T14:28:11.809Z",
3
- "lastScanDate": "2026-05-18T14:34:38.748Z",
4
- "totalScans": 2,
5
- "daysCleanCritical": 1,
6
- "lastCleanDate": "2026-05-18",
7
- "lastCriticalDate": null,
8
- "hasEverHadCritical": false,
9
- "bestDaysCleanCritical": 1,
10
- "totalFindingsAtFirstScan": 0,
11
- "totalFindingsAtLastScan": 0,
12
- "totalFixesInferred": 0,
13
- "lastGrade": "A+",
14
- "bestGrade": "A+",
15
- "launchCheckPassedAt": null,
16
- "achievements": [
17
- "first-scan",
18
- "grade-a",
19
- "grade-a-plus"
20
- ],
21
- "previousGrade": "A+"
22
- }