@cyclonedx/cdxgen 12.3.3 → 12.4.0

package/data/rules/package-integrity.yaml

@@ -7,6 +7,7 @@
   description: "npm packages with lifecycle hooks (preinstall, postinstall, etc.) execute arbitrary code during installation"
   severity: medium
   category: package-integrity
+  dry-run-support: full
   condition: |
     components[
       $prop($, 'cdx:npm:hasInstallScript') = 'true'
@@ -26,6 +27,7 @@
   description: "Detected mismatch between expected and resolved package name or version, which may indicate dependency confusion or tampering"
   severity: high
   category: package-integrity
+  dry-run-support: full
   condition: |
     components[
       $hasProp($, 'cdx:npm:nameMismatchError')
@@ -46,6 +48,7 @@
   description: "Go modules marked as deprecated may contain known issues or be abandoned"
   severity: medium
   category: package-integrity
+  dry-run-support: no
   condition: |
     components[
       $hasProp($, 'cdx:go:deprecated')
@@ -65,6 +68,7 @@
   description: "Yanked gems have been removed from RubyGems, typically due to security issues or critical bugs"
   severity: high
   category: package-integrity
+  dry-run-support: no
   condition: |
     components[
       $prop($, 'cdx:gem:yanked') = 'true'
@@ -84,6 +88,7 @@
   description: "npm packages marked as deprecated may have known vulnerabilities or unmaintained code"
   severity: low
   category: package-integrity
+  dry-run-support: partial
   condition: |
     components[
       $prop($, 'cdx:npm:deprecated') = 'true'
@@ -102,6 +107,7 @@
   description: "Dart packages from non-default registries may introduce unvetted code"
   severity: low
   category: package-integrity
+  dry-run-support: full
   condition: |
     components[
       $hasProp($, 'cdx:pub:registry')
@@ -120,6 +126,7 @@
   description: "Maven packages with shaded or relocated classes may obscure the true dependency graph and introduce hidden vulnerabilities"
   severity: low
   category: package-integrity
+  dry-run-support: full
   condition: |
     components[
       $prop($, 'cdx:maven:shaded') = 'true'
@@ -139,6 +146,7 @@
   description: "Hidden Unicode in README files can conceal malicious or misleading content in code review, especially inside comments"
   severity: medium
   category: package-integrity
+  dry-run-support: full
   condition: |
     formulation.components[
       $prop($, 'cdx:file:kind') = 'readme'
@@ -163,6 +171,7 @@
   description: "Lifecycle hooks that decode base64 payloads, hide long encoded blobs, or blend obfuscation with install-time execution are high-confidence supply-chain abuse indicators"
   severity: critical
   category: package-integrity
+  dry-run-support: full
   attack:
     tactics: [TA0005]
     techniques: [T1027]
@@ -187,6 +196,7 @@
   description: "Crates yanked from crates.io are often removed because of security, correctness, or ecosystem breakage issues"
   severity: high
   category: package-integrity
+  dry-run-support: no
   condition: |
     components[
       $prop($, 'cdx:cargo:yanked') = 'true'
@@ -208,6 +218,7 @@
   description: "Cargo build scripts and native build helpers expand execution surface during build and deserve additional review before release"
   severity: medium
   category: package-integrity
+  dry-run-support: full
   condition: |
     formulation.components[
       $prop($, 'cdx:rust:buildTool') = 'cargo'
@@ -232,6 +243,7 @@
   description: "Native Cargo build surfaces deserve additional scrutiny when the workflow relies on mutable Cargo toolchain setup actions instead of immutable SHA-pinned references"
   severity: medium
   category: package-integrity
+  dry-run-support: full
   condition: |
     formulation.components[
       $prop($, 'cdx:rust:buildTool') = 'cargo'
@@ -265,6 +277,7 @@
   description: "Cargo workflows that execute build/test/package/publish steps against native build surfaces increase the impact of build-script or native-helper changes"
   severity: medium
   category: package-integrity
+  dry-run-support: full
   condition: |
     formulation.components[
       $prop($, 'cdx:rust:buildTool') = 'cargo'
@@ -311,6 +324,7 @@
   description: "Collider lock entries should carry a SHA-256 wrap_hash so the selected wrap file remains integrity-pinned and reproducible"
   severity: high
   category: package-integrity
+  dry-run-support: full
   condition: |
     components[
       $hasProp($, 'cdx:collider:dependencyKind')

package/data/rules/rootfs-hardening.yaml

@@ -0,0 +1,179 @@
+# Rootfs and Offline Host Hardening Rules
+# Category: rootfs-hardening
+# Evaluates repository trust, trust anchors, privileged helpers, and service execution paths
+
+- id: RFS-001
+  name: "Enabled OS repository uses plaintext HTTP transport"
+  description: "Plain HTTP package repositories weaken integrity guarantees and make mirror tampering easier when network controls are absent."
+  severity: high
+  category: rootfs-hardening
+  dry-run-support: full
+  condition: |
+    components[
+      type = 'data'
+      and $hasProp($, 'cdx:os:repo:type')
+      and $safeStr($prop($, 'cdx:os:repo:enabled')) = 'true'
+      and $startsWith($lowercase($safeStr($prop($, 'cdx:os:repo:url'))), 'http://')
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "purl": purl
+    }
+  message: "Repository '{{ name }}' is enabled and still uses plaintext HTTP: {{ $prop($, 'cdx:os:repo:url') }}"
+  mitigation: "Move package sources to HTTPS or a trusted local mirror protected by authenticated transport and repository signing."
+  evidence: |
+    {
+      "sourceFile": $prop($, 'SrcFile'),
+      "repoType": $prop($, 'cdx:os:repo:type'),
+      "repoUrl": $prop($, 'cdx:os:repo:url')
+    }
+
+- id: RFS-002
+  name: "YUM repository has package signature checks disabled"
+  description: "Disabling gpgcheck in a configured YUM repository removes a core package authenticity control."
+  severity: critical
+  category: rootfs-hardening
+  dry-run-support: full
+  condition: |
+    components[
+      type = 'data'
+      and $safeStr($prop($, 'cdx:os:repo:type')) = 'yum-repository'
+      and $safeStr($prop($, 'cdx:os:repo:enabled')) = 'true'
+      and $safeStr($prop($, 'cdx:os:repo:gpgcheck')) = '0'
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "purl": purl
+    }
+  message: "YUM repository '{{ name }}' is enabled with gpgcheck disabled"
+  mitigation: "Enable gpgcheck, pin the expected signing keys, and review recent repository changes before continuing to trust packages from this source."
+  evidence: |
+    {
+      "sourceFile": $prop($, 'SrcFile'),
+      "repoUrl": $prop($, 'cdx:os:repo:url'),
+      "gpgcheck": $prop($, 'cdx:os:repo:gpgcheck'),
+      "gpgkey": $prop($, 'cdx:os:repo:gpgkey')
+    }
+
+- id: RFS-003
+  name: "Offline trust anchor is marked expired"
+  description: "Expired trust anchors inside an image or rootfs can break planned rotations and hide stale trust relationships."
+  severity: high
+  category: rootfs-hardening
+  dry-run-support: full
+  condition: |
+    components[
+      type = 'cryptographic-asset'
+      and $safeStr(cryptoProperties.assetType) = 'related-crypto-material'
+      and $safeStr(cryptoProperties.relatedCryptoMaterialProperties.state) = 'expired'
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref"
+    }
+  message: "Trust anchor '{{ name }}' is marked expired and should be reviewed"
+  mitigation: "Remove stale keys, replace expired trust anchors, and confirm the remaining repository trust chain matches approved policy."
+  evidence: |
+    {
+      "path": $prop($, 'SrcFile'),
+      "trustDomain": $prop($, 'cdx:crypto:trustDomain'),
+      "keyId": $prop($, 'cdx:crypto:keyId'),
+      "expiresAt": $prop($, 'cdx:crypto:expiresAt')
+    }
+
+- id: RFS-004
+  name: "Offline image retains setuid GTFOBins execution helper"
+  description: "Setuid GTFOBins-capable binaries increase privilege-escalation exposure inside rootfs and golden image baselines."
+  severity: critical
+  category: rootfs-hardening
+  dry-run-support: full
+  condition: |
+    components[
+      type = 'file'
+      and (
+        $prop($, 'internal:has_setuid') = 'true'
+        or $prop($, 'internal:has_setgid') = 'true'
+      )
+      and $prop($, 'cdx:gtfobins:matched') = 'true'
+      and (
+        $listContains($prop($, 'cdx:gtfobins:functions'), 'shell')
+        or $listContains($prop($, 'cdx:gtfobins:functions'), 'command')
+        or $listContains($prop($, 'cdx:gtfobins:functions'), 'library-load')
+      )
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "purl": purl
+    }
+  message: "Privileged helper '{{ name }}' keeps GTFOBins execution capability in the offline image"
+  mitigation: "Remove unnecessary setuid or setgid bits, replace the helper with a safer alternative, or justify and baseline the exposure explicitly."
+  evidence: |
+    {
+      "path": $prop($, 'SrcFile'),
+      "functions": $prop($, 'cdx:gtfobins:functions'),
+      "contexts": $prop($, 'cdx:gtfobins:contexts'),
+      "riskTags": $prop($, 'cdx:gtfobins:riskTags')
+    }
+
+- id: RFS-005
+  name: "Offline service executes from writable or temporary path"
+  description: "Services pointing at writable or temporary paths are a strong persistence and drift signal in base images and offline hosts."
+  severity: critical
+  category: rootfs-hardening
+  dry-run-support: full
+  condition: |
+    $auditServices($)[
+      $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStart'))), '/tmp/')
+      or $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStart'))), '/var/tmp/')
+      or $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStart'))), '/dev/shm/')
+      or $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStart'))), '/home/')
+      or $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStart'))), '/run/user/')
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref"
+    }
+  message: "Service '{{ name }}' launches from a writable or temporary path"
+  mitigation: "Relocate approved service binaries into trusted system paths and investigate any service definition that executes from writable directories."
+  evidence: |
+    {
+      "sourceFile": $prop($, 'SrcFile'),
+      "manager": $prop($, 'cdx:service:manager'),
+      "execStart": $prop($, 'cdx:service:ExecStart'),
+      "packageRef": $prop($, 'cdx:service:packageRef')
+    }
+
+- id: RFS-006
+  name: "Offline service pre-start step fetches or shells remote content"
+  description: "ExecStartPre hooks that fetch remote content or shell inline commands add bootstrap drift and weaken image reproducibility."
+  severity: high
+  category: rootfs-hardening
+  dry-run-support: full
+  condition: |
+    $auditServices($)[
+      (
+        $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStartPre'))), 'curl ')
+        or $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStartPre'))), 'wget ')
+      )
+      and (
+        $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStartPre'))), 'http://')
+        or $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStartPre'))), 'https://')
+        or $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStartPre'))), '| sh')
+        or $contains($lowercase($safeStr($prop($, 'cdx:service:ExecStartPre'))), '| bash')
+      )
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref"
+    }
+  message: "Service '{{ name }}' uses a remote-fetching ExecStartPre hook: {{ $prop($, 'cdx:service:ExecStartPre') }}"
+  mitigation: "Move bootstrap downloads into the image build pipeline, pin artifacts, and keep service startup paths deterministic and locally sourced."
+  evidence: |
+    {
+      "sourceFile": $prop($, 'SrcFile'),
+      "manager": $prop($, 'cdx:service:manager'),
+      "execStartPre": $prop($, 'cdx:service:ExecStartPre')
+    }

package/data/rules/vscode-extensions.yaml

@@ -7,6 +7,7 @@
   description: "VS Code extensions with postinstall/preinstall scripts execute arbitrary code during installation"
   severity: critical
   category: vscode-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:vscode-extension/')
@@ -32,6 +33,7 @@
   description: "Extensions activating on '*' with terminal-access contribution can execute commands in any workspace"
   severity: high
   category: vscode-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:vscode-extension/')
@@ -57,6 +59,7 @@
   description: "Extensions supporting untrustedWorkspaces=true with filesystem-provider contributions may access sensitive files"
   severity: high
   category: vscode-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:vscode-extension/')
@@ -82,6 +85,7 @@
   description: "Extension packs implicitly install bundled extensions; flag packs containing members with lifecycle scripts or privileged capabilities"
   severity: medium
   category: vscode-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:vscode-extension/')
@@ -105,6 +109,7 @@
   description: "Extensions depending on other extensions inherit their trust boundary; flag chains where dependencies have install scripts or privileged access"
   severity: medium
   category: vscode-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:vscode-extension/')
@@ -128,6 +133,7 @@
   description: "Extensions contributing debuggers or authentication providers have elevated host access and credential handling capabilities"
   severity: high
   category: vscode-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:vscode-extension/')
@@ -155,6 +161,7 @@
   description: "Extensions with extensionKind=workspace and executesCode=true run arbitrary code on remote hosts or containers"
   severity: high
   category: vscode-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:vscode-extension/')
@@ -180,6 +187,7 @@
   description: "Extensions requiring VS Code engine <1.80 may lack workspace trust and other modern security features"
   severity: low
   category: vscode-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:vscode-extension/')
@@ -204,6 +212,7 @@
   description: "Extensions declaring browser entry points should run in web sandbox; flag if also declares workspace execution or filesystem access"
   severity: medium
   category: vscode-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:vscode-extension/')

package/lib/audit/index.js

@@ -4,6 +4,7 @@ import { dirname, join, relative, resolve } from "node:path";
 import process from "node:process";
 
 import { createBom } from "../cli/index.js";
+import { DEFAULT_HBOM_AUDIT_CATEGORIES } from "../helpers/auditCategories.js";
 import {
   getNonCycloneDxErrorMessage,
   isCycloneDxBom,
@@ -24,13 +25,19 @@ import {
 import {
   dirNameStr,
   getTmpDir,
+  isDryRun,
+  recordActivity,
   safeExistsSync,
   safeMkdirSync,
   safeMkdtempSync,
   safeRmSync,
   safeWriteSync,
 } from "../helpers/utils.js";
-import { auditBom } from "../stages/postgen/auditBom.js";
+import {
+  auditBom,
+  isHbomLikeBom,
+  isObomLikeBom,
+} from "../stages/postgen/auditBom.js";
 import { postProcess } from "../stages/postgen/postgen.js";
 import { formatTargetLabel } from "./progress.js";
 import { renderAuditReport } from "./reporters.js";
@@ -52,6 +59,8 @@ export const DEFAULT_AUDIT_CATEGORIES = [
   "package-integrity",
 ];
 
+const DIRECT_AUDIT_TOOL_NAME = "cdx-audit";
+
 const AUDIT_CACHE_DIRNAME = ".cdx-audit";
 const AUDIT_CACHE_BOM_FILE = "source-bom.json";
 const AUDIT_CACHE_META_FILE = "source-bom.meta.json";
@@ -165,6 +174,113 @@ export function loadInputBoms(options) {
   return inputBoms;
 }
 
+function summarizeDirectAuditFindings(findings = []) {
+  const findingsBySeverity = {
+    critical: 0,
+    high: 0,
+    low: 0,
+    medium: 0,
+  };
+  let maxSeverity = "none";
+  for (const finding of findings) {
+    const severity = finding?.severity || "low";
+    if (findingsBySeverity[severity] !== undefined) {
+      findingsBySeverity[severity] += 1;
+    }
+    if (
+      (SEVERITY_ORDER[severity] ?? -1) > (SEVERITY_ORDER[maxSeverity] ?? -1)
+    ) {
+      maxSeverity = severity;
+    }
+  }
+  return {
+    findingsBySeverity,
+    findingsCount: findings.length,
+    maxSeverity,
+  };
+}
+
+function buildDirectAuditOptions(bomJson, options = {}) {
+  const explicitCategories = options.categories?.length
+    ? options.categories.join(",")
+    : undefined;
+  return {
+    bomAuditCategories:
+      explicitCategories ||
+      (isHbomLikeBom(bomJson)
+        ? DEFAULT_HBOM_AUDIT_CATEGORIES
+        : isObomLikeBom(bomJson)
+          ? "obom-runtime"
+          : undefined),
+    bomAuditMinSeverity: options.minSeverity || "low",
+    bomAuditRulesDir: options.rulesDir,
+  };
+}
+
+export async function runDirectBomAuditFromBoms(inputBoms, options = {}) {
+  if (!inputBoms.length) {
+    throw new Error("No CycloneDX BOM inputs were found.");
+  }
+  const results = [];
+  for (const inputBom of inputBoms) {
+    const directAuditOptions = buildDirectAuditOptions(
+      inputBom.bomJson,
+      options,
+    );
+    const findings = await auditBom(inputBom.bomJson, directAuditOptions);
+    results.push({
+      auditOptions: directAuditOptions,
+      bomFormat: inputBom.bomJson?.bomFormat,
+      findings,
+      serialNumber: inputBom.bomJson?.serialNumber,
+      source: inputBom.source,
+      specVersion: inputBom.bomJson?.specVersion,
+      status: "audited",
+      summary: summarizeDirectAuditFindings(findings),
+    });
+  }
+  const summary = {
+    findingsBySeverity: {
+      critical: 0,
+      high: 0,
+      low: 0,
+      medium: 0,
+    },
+    inputBomCount: inputBoms.length,
+    maxSeverity: "none",
+    totalFindings: 0,
+    bomsWithFindings: 0,
+  };
+  for (const result of results) {
+    summary.totalFindings += result.summary.findingsCount;
+    if (result.summary.findingsCount > 0) {
+      summary.bomsWithFindings += 1;
+    }
+    for (const [severity, count] of Object.entries(
+      result.summary.findingsBySeverity,
+    )) {
+      summary.findingsBySeverity[severity] += count;
+    }
+    if (
+      (SEVERITY_ORDER[result.summary.maxSeverity] ?? -1) >
+      (SEVERITY_ORDER[summary.maxSeverity] ?? -1)
+    ) {
+      summary.maxSeverity = result.summary.maxSeverity;
+    }
+  }
+  return {
+    auditMode: "direct",
+    generatedAt: new Date().toISOString(),
+    inputs: inputBoms.map((inputBom) => inputBom.source),
+    results,
+    summary,
+    tool: {
+      name: DIRECT_AUDIT_TOOL_NAME,
+      version: readPackageVersion(),
+    },
+  };
+}
+
 /**
  * Read the package version from the local package.json file.
  *
@@ -399,6 +515,8 @@ function buildPredictiveAuditEstimate(selectedTargets) {
 
 function buildPredictiveAuditPreflightMessage(extractedTargets, options) {
   const selectedTargets = extractedTargets?.targets?.length || 0;
+  const allowlistedTargetsExcluded =
+    extractedTargets?.stats?.allowlistedTargetsExcluded || 0;
   const availableTargets = extractedTargets?.stats?.availableTargets || 0;
   const requiredTargets = extractedTargets?.stats?.requiredTargets || 0;
   const trustedTargetsExcluded =
@@ -411,17 +529,25 @@ function buildPredictiveAuditPreflightMessage(extractedTargets, options) {
   const trustedExclusionMessage = trustedTargetsExcluded
     ? ` Skipping ${trustedTargetsExcluded} trusted-publishing-backed package(s) by default.${trustedHint}`
     : "";
+  const customAllowlistSuffix = options?.allowlistFile
+    ? " and your custom allowlist"
+    : "";
+  const allowlistExclusionMessage = allowlistedTargetsExcluded
+    ? ` Skipping ${allowlistedTargetsExcluded} allowlisted package(s) using the built-in well-known purl prefix filter${customAllowlistSuffix}.`
+    : "";
   if (!estimate && availableTargets < LARGE_PREDICTIVE_AUDIT_THRESHOLD) {
-    return trustedTargetsExcluded ? trustedExclusionMessage.trim() : undefined;
+    const passiveMessage =
+      `${trustedExclusionMessage}${allowlistExclusionMessage}`.trim();
+    return passiveMessage || undefined;
   }
   if (options?.scope === "required") {
-    return `Predictive audit will scan ${selectedTargets} required package(s). ${estimate || "Large required-only scans may still take a while depending on repository lookups and child SBOM generation."}${trustedExclusionMessage}`;
+    return `Predictive audit will scan ${selectedTargets} required package(s). ${estimate || "Large required-only scans may still take a while depending on repository lookups and child SBOM generation."}${trustedExclusionMessage}${allowlistExclusionMessage}`;
   }
   if (truncatedTargets > 0) {
     const additionalTargets = Math.max(0, selectedTargets - requiredTargets);
-    return `Predictive audit selected ${selectedTargets} of ${availableTargets} package(s) (${requiredTargets} required${additionalTargets ? ` + ${additionalTargets} additional` : ""}) using required-first prioritization. ${estimate || "This run was trimmed to keep audit time reasonable."}${trustedExclusionMessage}`;
+    return `Predictive audit selected ${selectedTargets} of ${availableTargets} package(s) (${requiredTargets} required${additionalTargets ? ` + ${additionalTargets} additional` : ""}) using required-first prioritization. ${estimate || "This run was trimmed to keep audit time reasonable."}${trustedExclusionMessage}${allowlistExclusionMessage}`;
   }
-  return `Predictive audit will scan ${selectedTargets} package(s). ${estimate || "Large predictive audits may still take a while depending on repository lookups and child SBOM generation."}${trustedExclusionMessage}`;
+  return `Predictive audit will scan ${selectedTargets} package(s). ${estimate || "Large predictive audits may still take a while depending on repository lookups and child SBOM generation."}${trustedExclusionMessage}${allowlistExclusionMessage}`;
 }
 
 /**
@@ -1622,6 +1748,7 @@ export async function auditTarget(target, options) {
     const findings = await auditBom(processedBomJson, {
       bomAuditCategories: categories.join(","),
       bomAuditMinSeverity: options.minSeverity || "low",
+      bomAuditRulesDir: options.rulesDir,
     });
     const contextualFindings = buildTargetContextFindings(target);
     const pythonSourceFindings = buildPythonSourceHeuristicFindings(
@@ -2100,15 +2227,69 @@ export async function runAuditFromBoms(inputBoms, options) {
   if (!inputBoms.length) {
     throw new Error("No CycloneDX BOM inputs were found.");
   }
-  if (options.trusted !== "include") {
+  const shouldEnrichRegistryMetadata =
+    !isDryRun && options.trusted !== "include";
+  if (shouldEnrichRegistryMetadata) {
     await enrichInputBomsWithRegistryMetadata(inputBoms);
   }
-  const extractedTargets = collectAuditTargets(inputBoms, {
+  const targetSelectionOptions = {
+    allowlistFile: options.allowlistFile,
     maxTargets: options.maxTargets,
     prioritizeDirectRuntime: options.prioritizeDirectRuntime,
     scope: options.scope,
     trusted: options.trusted,
-  });
+  };
+  const extractedTargets = collectAuditTargets(
+    inputBoms,
+    targetSelectionOptions,
+  );
+  if (isDryRun) {
+    // Dry-run mode intentionally stops after target planning. Registry metadata
+    // enrichment, repository cloning, and child SBOM generation are all
+    // side-effecting or outbound behaviors that the predictive audit must avoid.
+    const report = {
+      dryRun: true,
+      generatedAt: new Date().toISOString(),
+      groupedResults: [],
+      inputs: inputBoms.map((inputBom) => inputBom.source),
+      results: extractedTargets.targets.map((target) => ({
+        assessment: {
+          categoryCounts: {},
+          confidenceLabel: "none",
+          findingsCount: 0,
+          reasons: [
+            "Dry run mode planned this predictive audit target from the input BOM but skipped registry metadata fetches, upstream repository cloning, and child SBOM generation.",
+          ],
+          score: 0,
+          severity: "none",
+        },
+        findings: [],
+        status: "skipped",
+        target,
+      })),
+      skipped: extractedTargets.skipped,
+      summary: {
+        predictiveDryRun: true,
+      },
+      tool: {
+        name: "cdx-audit",
+        version: readPackageVersion(),
+      },
+    };
+    Object.assign(
+      report.summary,
+      summarizeAudit(inputBoms, report.results, extractedTargets.skipped),
+      summarizeGroupedResults(report.groupedResults),
+    );
+    recordActivity({
+      kind: "audit",
+      reason:
+        "Dry run mode planned predictive BOM audit targets from the input BOM but skipped registry metadata fetches, repository cloning, and child SBOM generation.",
+      status: extractedTargets.targets.length ? "blocked" : "completed",
+      target: "predictive-dependency-audit",
+    });
+    return report;
+  }
   const results = [];
   const preflightMessage = buildPredictiveAuditPreflightMessage(
     extractedTargets,
@@ -2192,6 +2373,12 @@ export async function runAudit(options) {
   const inputBoms = loadInputBoms(options);
   const workspaceContext = prepareWorkspaceContext(options);
   try {
+    if (options.directBomAudit) {
+      return await runDirectBomAuditFromBoms(inputBoms, {
+        ...options,
+        workspaceDir: workspaceContext.workspaceDir,
+      });
+    }
     return await runAuditFromBoms(inputBoms, {
       ...options,
       workspaceDir: workspaceContext.workspaceDir,
@@ -2214,6 +2401,20 @@ export function finalizeAuditReport(report, options) {
   const output = renderAuditReport(options.report, report, {
     minSeverity: options.minSeverity,
   });
+  if (report?.auditMode === "direct") {
+    const shouldFail = (report.results || []).some((result) =>
+      (result.findings || []).some((finding) =>
+        severityMeetsThreshold(
+          finding?.severity || "none",
+          options.failSeverity || "high",
+        ),
+      ),
+    );
+    return {
+      exitCode: shouldFail ? 3 : 0,
+      output,
+    };
+  }
   const effectiveResults = report.groupedResults?.length
     ? report.groupedResults
     : report.results;