@eurekadevsecops/radar 1.7.2 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/scan.sarif +1 -0
- package/src/commands/import.js +0 -12
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@eurekadevsecops/radar",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.8.0",
|
|
4
4
|
"description": "Radar is an open-source orchestrator of security scanners.",
|
|
5
5
|
"homepage": "https://www.eurekadevsecops.com/radar",
|
|
6
6
|
"keywords": [
|
|
@@ -27,7 +27,7 @@
|
|
|
27
27
|
"url": "https://github.com/EurekaDevSecOps/radarctl.git"
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"@persistr/clif": "^1.11.
|
|
30
|
+
"@persistr/clif": "^1.11.1",
|
|
31
31
|
"@persistr/clif-plugin-settings": "^2.3.1",
|
|
32
32
|
"hosted-git-info": "^9.0.0",
|
|
33
33
|
"humanize-duration": "^3.33.0",
|
package/scan.sarif
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":"2.1.0","$schema":"https://json.schemastore.org/sarif-2.1.0.json","runs":[{"tool":{"driver":{"name":"abcgitleaks","semanticVersion":"v8.0.0","informationUri":"https://github.com/gitleaks/gitleaks","properties":{"officialName":"gitleaks"},"rules":[]}},"results":[],"originalUriBaseIds":{"SOURCE":{"uri":"https://github.com/EurekaDevSecOps/radarctl.git","description":{"text":"Source origin for the target being scanned (ie. git repo URL)."}},"TARGET":{"uri":"","uriBaseId":"SOURCE","description":{"text":"Scan target (subfolder) within the source repo or folder."}}}},{"tool":{"driver":{"name":"abcgrype","informationUri":"https://github.com/anchore/grype","properties":{"officialName":"grype"},"rules":[{"id":"GHSA-pfrx-2q88-qq97-got","name":"JavascriptMatcherExactDirectMatch","shortDescription":{"text":"GHSA-pfrx-2q88-qq97 medium vulnerability for got package"},"fullDescription":{"text":"Got allows a redirect to a UNIX socket"},"helpUri":"https://github.com/anchore/grype","help":{"text":"Vulnerability GHSA-pfrx-2q88-qq97\nSeverity: medium\nPackage: got\nVersion: 9.6.0\nFix Version: 11.8.5\nType: npm\nLocation: /package-lock.json\nData Namespace: github:language:javascript\nLink: [GHSA-pfrx-2q88-qq97](https://github.com/advisories/GHSA-pfrx-2q88-qq97)","markdown":"**Vulnerability GHSA-pfrx-2q88-qq97**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | got | 9.6.0 | 11.8.5 | npm | /package-lock.json | github:language:javascript | [GHSA-pfrx-2q88-qq97](https://github.com/advisories/GHSA-pfrx-2q88-qq97) |\n"},"properties":{"purls":["pkg:npm/got@9.6.0"],"security-severity":"5.3"}}]}},"results":[{"ruleId":"GHSA-pfrx-2q88-qq97-got","level":"warning","message":{"text":"A medium vulnerability in npm package: got, version 9.6.0 was found at: package-lock.json"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"package-lock.json"},"region":{"startLine":1,"startColumn":1,"endLine":1,"endColumn":1}}}],"partialFingerprints":{"primaryLocationLineHash":"677706e2c84cd6dfb855b123e8a34db12a8f4eeb5df5b8ab253aa5299b80da0b:1"}}],"originalUriBaseIds":{"SOURCE":{"uri":"https://github.com/EurekaDevSecOps/radarctl.git","description":{"text":"Source origin for the target being scanned (ie. git repo URL)."}},"TARGET":{"uri":"","uriBaseId":"SOURCE","description":{"text":"Scan target (subfolder) within the source repo or folder."}}}},{"tool":{"driver":{"name":"abcopengrep","semanticVersion":"1.5.0","properties":{"officialName":"Opengrep OSS"},"rules":[]}},"invocations":[{"executionSuccessful":true,"toolExecutionNotifications":[]}],"results":[],"originalUriBaseIds":{"SOURCE":{"uri":"https://github.com/EurekaDevSecOps/radarctl.git","description":{"text":"Source origin for the target being scanned (ie. git repo URL)."}},"TARGET":{"uri":"","uriBaseId":"SOURCE","description":{"text":"Scan target (subfolder) within the source repo or folder."}}}}]}
|
package/src/commands/import.js
CHANGED
|
@@ -83,18 +83,6 @@ module.exports = {
|
|
|
83
83
|
scanners.push(scanner)
|
|
84
84
|
}
|
|
85
85
|
|
|
86
|
-
// Check for unsupported scanners.
|
|
87
|
-
try {
|
|
88
|
-
const unknownScanners = scanners.filter(name => !availableScanners.find(s => s.name === name))
|
|
89
|
-
if (unknownScanners.length > 1) throw new Error(`Unknown scanners: ${unknownScanners.join(', ')}`)
|
|
90
|
-
else if (unknownScanners.length === 1) throw new Error(`Unknown scanner: ${unknownScanners[0]}`)
|
|
91
|
-
}
|
|
92
|
-
catch (error) {
|
|
93
|
-
log(`ERROR: ${error.message}`)
|
|
94
|
-
log(`Terminating with exit code 1. See 'radar help import' for list of possible exit codes.`)
|
|
95
|
-
return 0x1 // exit code
|
|
96
|
-
}
|
|
97
|
-
|
|
98
86
|
// Send telemetry: scan started.
|
|
99
87
|
let scanID = undefined
|
|
100
88
|
// TODO: Should pass scanID to the server; not read it from the server.
|