@eurekadevsecops/radar 1.7.0 → 1.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
package/src/commands/scan.js
CHANGED
|
@@ -33,7 +33,8 @@ module.exports = {
|
|
|
33
33
|
a file on disk.
|
|
34
34
|
|
|
35
35
|
Select which scanners to use with the SCANNERS and CATEGORIES options. If
|
|
36
|
-
neither option is specified, all scanners are run.
|
|
36
|
+
neither option is specified, all default scanners are run. You can see which
|
|
37
|
+
scanners are marked as defaults with the 'radar scanners' command.
|
|
37
38
|
|
|
38
39
|
If you want to run all scanners of a certain type, such as SAST, SCA, or DAST,
|
|
39
40
|
use the CATEGORIES option. All scanners are classified into categories and
|
|
@@ -46,7 +47,7 @@ module.exports = {
|
|
|
46
47
|
specific list of scanners, comma-separated, in the SCANNERS option. Scanner
|
|
47
48
|
names passed into the SCANNERS option should match the scanner names returned
|
|
48
49
|
by the "scanners" command. To select all scanners across selected categories,
|
|
49
|
-
use the value 'all' for SCANNERS.
|
|
50
|
+
use the value 'all' for SCANNERS.
|
|
50
51
|
|
|
51
52
|
You can specify both SCANNERS and CATEGORIES at the same time. This will run
|
|
52
53
|
only those scanners that match both options. For example, if you specify the
|
|
@@ -93,7 +94,7 @@ module.exports = {
|
|
|
93
94
|
args.TARGET ??= process.cwd()
|
|
94
95
|
args.FORMAT ??= 'security'
|
|
95
96
|
args.CATEGORIES ??= 'all'
|
|
96
|
-
args.SCANNERS ??= '
|
|
97
|
+
args.SCANNERS ??= ''
|
|
97
98
|
|
|
98
99
|
// Normalize and/or rewrite args and options.
|
|
99
100
|
args.TARGET = path.resolve(path.normalize(args.TARGET))
|
|
@@ -108,6 +109,9 @@ module.exports = {
|
|
|
108
109
|
if (unknownScanners.length > 1) throw new Error(`Unknown scanners: ${unknownScanners.join(', ')}`)
|
|
109
110
|
else if (unknownScanners.length === 1) throw new Error(`Unknown scanner: ${unknownScanners[0]}`)
|
|
110
111
|
}
|
|
112
|
+
else {
|
|
113
|
+
args.SCANNERS = availableScanners.filter(s => s.default).map(s => s.name).join(',')
|
|
114
|
+
}
|
|
111
115
|
if (args.ESCALATE) args.ESCALATE.split(',').map(severity => {
|
|
112
116
|
if (args.FORMAT === 'security' && severity !== 'moderate' && severity !== 'low') throw new Error(`Severity to escalate must be 'moderate' or 'low'`)
|
|
113
117
|
if (args.FORMAT === 'sarif' && severity !== 'warning' && severity !== 'note') throw new Error(`Severity to escalate must be 'warning' or 'note'`)
|
package/src/commands/scanners.js
CHANGED
|
@@ -9,7 +9,7 @@ module.exports = {
|
|
|
9
9
|
run: async (toolbox, args) => {
|
|
10
10
|
const { log, scanners } = toolbox
|
|
11
11
|
for (const scanner of scanners) {
|
|
12
|
-
log(`${scanner.name}: ${scanner.title} [${scanner.categories.join()}] - ${scanner.description}`)
|
|
12
|
+
log(`${scanner.name}: ${scanner.title} [${scanner.categories.join()}] - ${scanner.default ? '(default) ' : ''}${scanner.description}`)
|
|
13
13
|
}
|
|
14
14
|
}
|
|
15
15
|
}
|
|
@@ -5,14 +5,18 @@ module.exports = (sarif, dir, git, root) => {
|
|
|
5
5
|
|
|
6
6
|
// Record the source repo location and the relative target subfolder within the repo.
|
|
7
7
|
run.originalUriBaseIds = {
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
8
|
+
SOURCE: {
|
|
9
|
+
uri: git.repo.url.https,
|
|
10
|
+
description: {
|
|
11
|
+
text: "Source origin for the target being scanned (ie. git repo URL)."
|
|
12
|
+
}
|
|
11
13
|
},
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
14
|
+
TARGET: {
|
|
15
|
+
uri: `${path.relative(root, dir)}`,
|
|
16
|
+
uriBaseId: "SOURCE",
|
|
17
|
+
description: {
|
|
18
|
+
text: "Scan target (subfolder) within the source repo or folder."
|
|
19
|
+
}
|
|
16
20
|
}
|
|
17
21
|
}
|
|
18
22
|
|