@eurekadevsecops/radar 1.3.0 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -0
- package/package.json +1 -1
- package/src/commands/scan.js +12 -6
- package/src/telemetry/index.js +6 -1
package/README.md
CHANGED
|
@@ -10,6 +10,11 @@
|
|
|
10
10
|
|
|
11
11
|
radarctl is a command-line interface for Radar, an open-source orchestrator of security scanners. Radar is part of the Eureka DevSecOps platform.
|
|
12
12
|
|
|
13
|
+
## Requirements
|
|
14
|
+
|
|
15
|
+
- Node.js version 22.17.0 or higher
|
|
16
|
+
- Docker
|
|
17
|
+
|
|
13
18
|
## Installation
|
|
14
19
|
|
|
15
20
|
Install the Radar CLI on the command-line using [NPM](https://npmjs.com):
|
package/package.json
CHANGED
package/src/commands/scan.js
CHANGED
|
@@ -136,9 +136,15 @@ module.exports = {
|
|
|
136
136
|
const isTelemetryEnabled = telemetry.enabled()
|
|
137
137
|
if (isTelemetryEnabled) {
|
|
138
138
|
// TODO: Should pass scanID to the server; not read it from the server.
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
139
|
+
try {
|
|
140
|
+
const res = await telemetry.send(`scans/started`, {}, { scanners: scanners.map((s) => s.name) })
|
|
141
|
+
if (!res.ok) throw new Error(`[${res.status}] ${res.statusText}: ${await res.text()}`)
|
|
142
|
+
const data = await res.json()
|
|
143
|
+
scanID = data.scan_id
|
|
144
|
+
}
|
|
145
|
+
catch (error) {
|
|
146
|
+
log(`WARNING: Telemetry will be skipped for this scan run: ${error.message}\n`)
|
|
147
|
+
}
|
|
142
148
|
}
|
|
143
149
|
|
|
144
150
|
// Run scanners.
|
|
@@ -151,7 +157,7 @@ module.exports = {
|
|
|
151
157
|
catch (error) {
|
|
152
158
|
log(`\n${error}`)
|
|
153
159
|
if (!args.QUIET) log('Scan NOT completed!')
|
|
154
|
-
if (telemetry.enabled()) telemetry.send(`scans/:scanID/failed`, { scanID })
|
|
160
|
+
if (telemetry.enabled()) await telemetry.send(`scans/:scanID/failed`, { scanID })
|
|
155
161
|
fs.rmSync(tmpdir, { recursive: true, force: true }) // Clean up.
|
|
156
162
|
return 0x10 // exit code
|
|
157
163
|
}
|
|
@@ -168,8 +174,8 @@ module.exports = {
|
|
|
168
174
|
|
|
169
175
|
// Send telemetry.
|
|
170
176
|
if (isTelemetryEnabled && scanID) {
|
|
171
|
-
telemetry.send(`scans/:scanID/completed`, { scanID }, summary)
|
|
172
|
-
telemetry.sendSensitive(`scans/:scanID/results`, { scanID }, { findings: results.sarif, log: results.log })
|
|
177
|
+
await telemetry.send(`scans/:scanID/completed`, { scanID }, summary)
|
|
178
|
+
await telemetry.sendSensitive(`scans/:scanID/results`, { scanID }, { findings: results.sarif, log: results.log })
|
|
173
179
|
}
|
|
174
180
|
|
|
175
181
|
// Display summarized findings.
|
package/src/telemetry/index.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
const package = require('../../package.json')
|
|
2
2
|
const { DateTime } = require("luxon")
|
|
3
3
|
|
|
4
|
-
const EWA_URL = process.env.EWA_URL ?? 'https://
|
|
4
|
+
const EWA_URL = process.env.EWA_URL ?? 'https://bff.eurekadevsecops.com/'
|
|
5
5
|
const VDBE_URL = process.env.VDBE_URL ?? 'https://vulns.eurekadevsecops.com'
|
|
6
6
|
|
|
7
7
|
const USER_AGENT = `Radar/${package.version} (${package.pkgname}@${package.version}; ${process?.platform}-${process?.arch}; ${process?.release?.name}-${process?.version})`
|
|
@@ -22,6 +22,11 @@ const send = async (path, params, body, token) => {
|
|
|
22
22
|
},
|
|
23
23
|
body: toBody(path, body)
|
|
24
24
|
})
|
|
25
|
+
.then(async (res) => {
|
|
26
|
+
// TODO: Display this on stdout only if --debug option is selected on the cmd line.
|
|
27
|
+
// if (!res.ok) console.log(`POST ${toURL(path, params)} [${res.status}] ${res.statusText}: ${await res.text()}`)
|
|
28
|
+
return res
|
|
29
|
+
})
|
|
25
30
|
}
|
|
26
31
|
|
|
27
32
|
const sendSensitive = async (path, params, body) => {
|