@eurekadevsecops/radar 1.9.4 → 1.9.6

package/.config/commitlint/config.mjs

@@ -0,0 +1,173 @@
+import { execSync } from 'node:child_process'
+
+const types = [
+  'build',
+  'chore',
+  'ci',
+  'deps',
+  'docs',
+  'feat',
+  'fix',
+  'perf',
+  'refactor',
+  'revert',
+  'style',
+  'test',
+]
+const scopes = {
+  default: [],
+}
+
+// Infer the issue number from the current branch name.
+// @tip: git branch name = feat/PE-123 => default issue = PE-123
+const issue = execSync('git rev-parse --abbrev-ref HEAD').toString().trim().split('/').at(-1)
+
+const Configuration = {
+  /*
+   * Resolve and load @commitlint/config-conventional from node_modules.
+   * Referenced packages must be installed
+   */
+  extends: ['@commitlint/config-conventional'],
+  /*
+   * Resolve and load conventional-changelog-atom from node_modules.
+   * Referenced packages must be installed
+   */
+  parserPreset: 'conventional-changelog-atom',
+  /*
+   * Resolve and load @commitlint/format from node_modules.
+   * Referenced package must be installed
+   */
+  formatter: '@commitlint/format',
+  /*
+   * Any rules defined here will override rules from @commitlint/config-conventional
+   */
+  rules: {
+    'type-enum': [2, 'always', types],
+    'scope-enum': [2, 'always', scopes.default],
+    'body-case': [2, 'always', 'sentence-case'],
+  },
+  /*
+   * Array of functions that return true if commitlint should ignore the given message.
+   * Given array is merged with predefined functions, which consist of matchers like:
+   *
+   * - 'Merge pull request', 'Merge X into Y' or 'Merge branch X'
+   * - 'Revert X'
+   * - 'v1.2.3' (ie semver matcher)
+   * - 'Automatic merge X' or 'Auto-merged X into Y'
+   *
+   * To see full list, check https://github.com/conventional-changelog/commitlint/blob/master/%40commitlint/is-ignored/src/defaults.ts.
+   * To disable those ignores and run rules always, set `defaultIgnores: false` as shown below.
+   */
+  ignores: [(commit) => commit === ''],
+  /*
+   * Whether commitlint uses the default ignore rules, see the description above.
+   */
+  defaultIgnores: true,
+  /*
+   * Custom URL to show upon failure
+   */
+  helpUrl: 'https://github.com/conventional-changelog/commitlint/#what-is-commitlint',
+  /*
+   * Custom prompt configs
+   */
+  prompt: {
+    messages: {
+      type: "Select the TYPE of change that you're committing",
+      scope: 'What is the SCOPE of this change',
+      customScope: 'Type in the SCOPE of this change:',
+      subject: 'Write a SHORT, IMPERATIVE tense description of the change:\n',
+      body: 'Provide a LONGER description of the change (optional). Use "|" to break new line:\n',
+      breaking: 'List any BREAKING CHANGES (optional). Use "|" to break new line:\n',
+      footerPrefixesSelect: 'Resolve or reference one or more ISSUES (optional):',
+      customFooterPrefix: 'Input ISSUES prefix:',
+      footer: 'Provide ISSUE numbers (e.g. "PE-123")\n',
+      generatingByAI: 'Generating your AI commit subject...',
+      generatedSelectByAI: 'Select from these AI-generated subjects:',
+      confirmCommit: 'Are you sure you want to proceed with the commit above?',
+    },
+    types: [
+      {
+        value: 'feat',
+        name: 'feat:     A new feature or improvement to existing feature',
+        emoji: ':sparkles:',
+      },
+      { value: 'fix', name: 'fix:      A fix for a customer-facing defect', emoji: ':bug:' },
+      { value: 'docs', name: 'docs:     Documentation only changes', emoji: ':memo:' },
+      { value: 'perf', name: 'perf:     A code change that improves performance', emoji: ':zap:' },
+      {
+        value: 'style',
+        name: 'style:    Changes that do not affect the meaning of the code (formatting, etc)',
+        emoji: ':lipstick:',
+      },
+      {
+        value: 'refactor',
+        name: 'refactor: A code change that neither fixes a bug nor adds a feature',
+        emoji: ':recycle:',
+      },
+      {
+        value: 'test',
+        name: 'test:     Adding missing tests or correcting existing tests',
+        emoji: ':white_check_mark:',
+      },
+      {
+        value: 'build',
+        name: 'build:    Changes that affect the build system or external dependencies',
+        emoji: ':package:',
+      },
+      {
+        value: 'deps',
+        name: 'deps:     Changes to internal dependencies (upgrades, downgrades, etc)',
+        emoji: ':package:',
+      },
+      {
+        value: 'ci',
+        name: 'ci:       Changes to our CI configuration files and scripts',
+        emoji: ':ferris_wheel:',
+      },
+      {
+        value: 'chore',
+        name: "chore:    Other changes that don't modify src or test files",
+        emoji: ':hammer:',
+      },
+      { value: 'revert', name: 'revert:   Reverts a previous commit', emoji: ':rewind:' },
+    ],
+    scopes: scopes.default,
+    useEmoji: false,
+    emojiAlign: 'center',
+    useAI: false,
+    aiNumber: 1,
+    themeColorCode: '',
+    allowCustomScopes: true,
+    allowEmptyScopes: true,
+    customScopesAlign: 'bottom',
+    customScopesAlias: 'custom',
+    emptyScopesAlias: 'empty',
+    upperCaseSubject: false,
+    markBreakingChangeMode: false,
+    allowBreakingChanges: ['feat', 'fix', 'perf'],
+    breaklineNumber: 100,
+    breaklineChar: '|',
+    skipQuestions: [],
+    issuePrefixes: [
+      {
+        value: 'References',
+        name: "Reference: This commit references one or more ISSUES but doesn't resolve them.",
+      },
+      { value: 'Resolves', name: 'Resolve:   This commit resolves one or more ISSUES.' },
+    ],
+    customIssuePrefixAlign: 'top',
+    emptyIssuePrefixAlias: 'skip',
+    customIssuePrefixAlias: 'custom',
+    allowCustomIssuePrefix: false,
+    allowEmptyIssuePrefix: true,
+    confirmColorize: true,
+    defaultBody: '',
+    defaultIssues: !issue ? '' : `${issue}`,
+    defaultScope: '',
+    defaultSubject: '',
+    useCommitSignGPG: true,
+  },
+  plugins: ['selective-scope'],
+}
+
+export default Configuration

package/.config/commitlint/cz.config.mjs

@@ -0,0 +1,3 @@
+import Configuration from './config.mjs'
+
+export default Configuration.prompt

package/.config/release-please/config.json

@@ -0,0 +1,51 @@
+{
+  "always-update": true,
+  "bump-minor-pre-major": false,
+  "bump-patch-for-minor-pre-major": false,
+  "changelog-path": "CHANGELOG.md",
+  "changelog-sections": [
+    { "type": "feat", "section": "Improvements" },
+    { "type": "improve", "section": "Improvements" },
+    { "type": "perf", "section": "Improvements" },
+    { "type": "fix", "section": "Fixes" },
+    { "type": "docs", "section": "Documentation" },
+
+    { "type": "test", "section": "Tests", "hidden": false },
+    { "type": "refactor", "section": "Code Refactoring", "hidden": false },
+    { "type": "build", "section": "Build System", "hidden": false },
+    { "type": "ci", "section": "CI/CD", "hidden": false },
+    { "type": "deps", "section": "Dependencies", "hidden": false },
+    { "type": "chore", "section": "Miscellaneous Chores", "hidden": false },
+    { "type": "style", "section": "Styles", "hidden": false },
+    { "type": "revert", "section": "Reverts", "hidden": false },
+    { "type": "deploy", "section": "Deployments", "hidden": false }
+  ],
+  "component-no-space": true,
+  "draft": false,
+  "group-pull-request-title-pattern": "v${version}",
+  "include-component-in-tag": false,
+  "include-v-in-tag": true,
+  "prerelease": false,
+  "pull-request-header": "<!-- This PR was generated automatically by release-please-action -->",
+  "pull-request-title-pattern": "v${version}",
+  "release-type": "node",
+
+  "packages": {
+    ".": {
+      "component": "eureka-radarctl"
+    }
+  },
+
+  "plugins": [
+    {
+      "type": "node-workspace",
+      "updateAllPackages": true,
+      "updatePeerDependencies": true
+    },
+    {
+      "type": "sentence-case"
+    }
+  ],
+
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
+}

package/.config/release-please/manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "1.9.6"
+}

package/.github/workflows/commitlint.yaml

@@ -0,0 +1,35 @@
+name: Static Analysis
+
+on: [push, pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  commitlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: lts/*
+          cache: npm
+      - name: Install commitlint
+        run: npm install -D @commitlint/cli @commitlint/config-conventional
+      - name: Print versions
+        run: |
+          git --version
+          node --version
+          npm --version
+          npx commitlint --config .config/commitlint/config.mjs --version
+
+      - name: Validate current commit (last commit) with commitlint
+        if: github.event_name == 'push'
+        run: npx commitlint --config .config/commitlint/config.mjs --last --verbose
+
+      - name: Validate PR commits with commitlint
+        if: github.event_name == 'pull_request'
+        run: npx commitlint --config .config/commitlint/config.mjs --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose

package/.github/workflows/radar.yaml

@@ -1,47 +1,19 @@
 name: Radar CLI
 
 on:
-  workflow_dispatch:
+  push:
+    branches: [ main ]
   pull_request:
-    types: [opened, synchronize, reopened, ready_for_review]
-    branches:
-      - main
+    types: [ opened, synchronize, reopened, ready_for_review ]
+    branches: [ main ]
 
 jobs:
-  scan:
-    # Radar scanner repo: https://github.com/EurekaDevSecOps/radarctl
-    name: Scan
+  security-scan:
+    name: Security Scan
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "22"
-
-      # Cache npm's download cache to speed up global installs
-      - name: Get npm cache directory
-        id: npm-cache-dir
-        run: echo "dir=$(npm config get cache)" >> "$GITHUB_OUTPUT"
-
-      - name: Cache npm cache
-        uses: actions/cache@v4
+      - uses: eurekadevsecops/scan-action@v1
         with:
-          path: ${{ steps.npm-cache-dir.outputs.dir }}
-          key: ${{ runner.os }}-npm-radar-cache-v1
-          restore-keys: |
-            ${{ runner.os }}-npm-radar-cache-
-
-      - name: Install Radar CLI
-        run: npm i -g @eurekadevsecops/radar
-
-      - name: Verify Radar install
-        run: radar && radar scanners
-
-      - name: Run Radar scan
-        env:
-          EUREKA_PROFILE: ${{ vars.EUREKA_PROFILE }}
-          EUREKA_AGENT_TOKEN: ${{ secrets.EUREKA_AGENT_TOKEN }}
-        run: radar scan
+          scanners: gitleaks,opengrep,grype
+          token: ${{ secrets.EUREKA_AGENT_TOKEN }}
+          profile: ${{ vars.EUREKA_PROFILE }}

package/.github/workflows/release-please.yaml

@@ -0,0 +1,21 @@
+name: Prepare Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: googleapis/release-please-action@v4
+        with:
+          config-file: .config/release-please/config.json
+          manifest-file: .config/release-please/manifest.json
+          token: ${{ secrets.EUREKA_GITHUB_PAT }}

package/.husky/commit-msg

@@ -0,0 +1 @@
+npx --no -- commitlint --config .config/commitlint/config.mjs --edit $1

package/CHANGELOG.md

@@ -0,0 +1,39 @@
+# Changelog
+
+## [1.9.6](https://github.com/EurekaDevSecOps/radarctl/compare/v1.9.5...v1.9.6) (2026-01-23)
+
+
+### Code Refactoring
+
+* Add changes to send repoFullName in ewa & vdbe api requests ([ebf9ad1](https://github.com/EurekaDevSecOps/radarctl/commit/ebf9ad135a130711fe2342cc98e8d92dd1e1eea8))
+* Add profile id to support current agent tokens for backwards compatability ([50f4ef3](https://github.com/EurekaDevSecOps/radarctl/commit/50f4ef371db9bb73c500da8d53ea8333ddb916ec))
+* Add profileId param to scan summary endpoint. ([84ec215](https://github.com/EurekaDevSecOps/radarctl/commit/84ec2153f418589644083127b4b201db8824a6d2))
+* Add scanStartTimeStamp and pass as parameter to both scans/started endpoints to ensure timestamps are consistent between vdbe & ewa ([4762af1](https://github.com/EurekaDevSecOps/radarctl/commit/4762af1e32682fee6ef33fe2ae39566f79e3ac4c))
+* Change vdbe metadata (stage 2) endpoint to scan started ([3409d78](https://github.com/EurekaDevSecOps/radarctl/commit/3409d783dd4577155db369e2c23312254a705c90))
+* Remove EUREKA_PROFILE env var ([8239410](https://github.com/EurekaDevSecOps/radarctl/commit/8239410db8bf5dcbca5b71d25719f828f52e03f7))
+* Remove repoFullName from metadata stage 2 (vdbe) ([7cba841](https://github.com/EurekaDevSecOps/radarctl/commit/7cba841990b9796d8eacb74b562dfb52366a6661))
+* Remove repoFullName from scan started endpoint ([1bfe3fb](https://github.com/EurekaDevSecOps/radarctl/commit/1bfe3fb612be0f0ba4f4e9c82dbba56e254f7dc6))
+* Remove repoFullName from summary & complete endpoint ([6fd01d4](https://github.com/EurekaDevSecOps/radarctl/commit/6fd01d4e98545833f6c4b6f5b41909db6d5d0a62))
+* **scan:** Changes to support repository based permissions for scans ([c2f0d15](https://github.com/EurekaDevSecOps/radarctl/commit/c2f0d1515d8c7245948e3579d2500fd6ab8836ac))
+* Update radar.yaml formatting ([#46](https://github.com/EurekaDevSecOps/radarctl/issues/46)) ([60456fe](https://github.com/EurekaDevSecOps/radarctl/commit/60456fe477adade3272e71e473e4298a196b457f))
+* Use Radar CLI scan-action ([#45](https://github.com/EurekaDevSecOps/radarctl/issues/45)) ([f0e6c4c](https://github.com/EurekaDevSecOps/radarctl/commit/f0e6c4c25e8b2e47101b71faba3978cbac1b16d5))
+* **vulns:** Remove profile ID from scans. ([869d7be](https://github.com/EurekaDevSecOps/radarctl/commit/869d7be9b08b0b6a01e73f7abb4ffcb4840365a7))
+
+
+### CI/CD
+
+* Add CHANGELOG.md automation ([#50](https://github.com/EurekaDevSecOps/radarctl/issues/50)) ([6e951c1](https://github.com/EurekaDevSecOps/radarctl/commit/6e951c1fe019db3ab21b0e20aa9658519e81ea2c))
+* Use the v1 release of scan-action ([#47](https://github.com/EurekaDevSecOps/radarctl/issues/47)) ([3a9affd](https://github.com/EurekaDevSecOps/radarctl/commit/3a9affd6fe5b4103be4ad3bcb13bd49df7653867))
+
+
+### Miscellaneous Chores
+
+* Add missing DateTime import ([3fda08d](https://github.com/EurekaDevSecOps/radarctl/commit/3fda08d999986a24ec05bc2a6b574574927981ec))
+* Clean up parameter format ([f8c03c6](https://github.com/EurekaDevSecOps/radarctl/commit/f8c03c65b062a5729e5f274393e4a51584ecd9f2))
+* Fix profile param format ([10b75d9](https://github.com/EurekaDevSecOps/radarctl/commit/10b75d9a026e09a9eedf3681e5439442de3857df))
+* Fix profile param name ([3d5eaf6](https://github.com/EurekaDevSecOps/radarctl/commit/3d5eaf691d672cefc65792963365ff2e87b0a2ce))
+* Re-add profile param conditional as vdbe validation was failing due to non-uuid profile value ([e1c007e](https://github.com/EurekaDevSecOps/radarctl/commit/e1c007ef59c5ba2d3368fe162b47ff0cee03493b))
+* Remove additional blank line ([940743d](https://github.com/EurekaDevSecOps/radarctl/commit/940743d7510af3ffcc905a29ca565a7d1c5414d1))
+* Remove blank line ([c723e7a](https://github.com/EurekaDevSecOps/radarctl/commit/c723e7a20927a29adcf2946dde0cd0a6cdae9d33))
+* Remove redundant metadata field and use spread operator for body as it already has the metadata field ([2ffa1f6](https://github.com/EurekaDevSecOps/radarctl/commit/2ffa1f6c6e79710aa97f7f8a192d995b40391dfc))
+* Simplify timestamp ([7cab5eb](https://github.com/EurekaDevSecOps/radarctl/commit/7cab5eb47e923a070586d8d8e269bf44d5eaf7a5))

package/LICENSE

@@ -617,58 +617,3 @@ reviewing courts shall apply local law that most closely approximates
 an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<https://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<https://www.gnu.org/licenses/why-not-lgpl.html>.

package/ewa-bitbucket.sarif

@@ -0,0 +1,61 @@
+{
+  "version": "2.1.0",
+  "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "gitleaks",
+          "semanticVersion": "v8.0.0",
+          "informationUri": "https://github.com/gitleaks/gitleaks",
+          "properties": {
+            "officialName": "gitleaks"
+          },
+          "rules": [
+            {
+              "id": "bitbucket-client-id",
+              "shortDescription": {
+                "text": "Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure."
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "message": {
+            "text": "bitbucket-client-id has detected secret for file apps/backend/.env.local."
+          },
+          "ruleId": "bitbucket-client-id",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "apps/backend/.env.local"
+                },
+                "region": {
+                  "startLine": 116,
+                  "startColumn": 2,
+                  "endLine": 116,
+                  "endColumn": 57,
+                  "snippet": {
+                    "text": "KbPZjucUXpxhqmKjP6wbtS5BfEERxdnb"
+                  }
+                }
+              }
+            }
+          ],
+          "properties": {
+            "tags": []
+          }
+        }
+      ],
+      "properties": {
+        "repository": {
+          "type": "git",
+          "url": "https://github.com/EurekaDevSecOps/app.git"
+        }
+      }
+    }
+  ]
+}