@grc-claw/integration-marketplace 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/IntegrationMarketplace.d.ts +32 -0
- package/dist/IntegrationMarketplace.js +319 -0
- package/dist/connectors/ADPConnector.d.ts +12 -0
- package/dist/connectors/ADPConnector.js +97 -0
- package/dist/connectors/AWSCloudTrailConnector.d.ts +12 -0
- package/dist/connectors/AWSCloudTrailConnector.js +77 -0
- package/dist/connectors/AWSCloudWatchConnector.d.ts +12 -0
- package/dist/connectors/AWSCloudWatchConnector.js +70 -0
- package/dist/connectors/AWSGuardDutyConnector.d.ts +12 -0
- package/dist/connectors/AWSGuardDutyConnector.js +139 -0
- package/dist/connectors/AWSIAMConnector.d.ts +12 -0
- package/dist/connectors/AWSIAMConnector.js +90 -0
- package/dist/connectors/AWSKMSConnector.d.ts +12 -0
- package/dist/connectors/AWSKMSConnector.js +70 -0
- package/dist/connectors/AWSLambdaConnector.d.ts +12 -0
- package/dist/connectors/AWSLambdaConnector.js +84 -0
- package/dist/connectors/AWSRDSConnector.d.ts +12 -0
- package/dist/connectors/AWSRDSConnector.js +84 -0
- package/dist/connectors/AWSS3Connector.d.ts +12 -0
- package/dist/connectors/AWSS3Connector.js +112 -0
- package/dist/connectors/AkamaiConnector.d.ts +12 -0
- package/dist/connectors/AkamaiConnector.js +98 -0
- package/dist/connectors/ArgoCDConnector.d.ts +12 -0
- package/dist/connectors/ArgoCDConnector.js +93 -0
- package/dist/connectors/ArtifactoryConnector.d.ts +12 -0
- package/dist/connectors/ArtifactoryConnector.js +94 -0
- package/dist/connectors/AtlassianJiraConnector.d.ts +12 -0
- package/dist/connectors/AtlassianJiraConnector.js +134 -0
- package/dist/connectors/Auth0Connector.d.ts +12 -0
- package/dist/connectors/Auth0Connector.js +150 -0
- package/dist/connectors/AzureADConnector.d.ts +12 -0
- package/dist/connectors/AzureADConnector.js +115 -0
- package/dist/connectors/AzureDevOpsConnector.d.ts +12 -0
- package/dist/connectors/AzureDevOpsConnector.js +130 -0
- package/dist/connectors/AzureDevOpsPipelinesConnector.d.ts +12 -0
- package/dist/connectors/AzureDevOpsPipelinesConnector.js +72 -0
- package/dist/connectors/AzurePipelinesConnector.d.ts +12 -0
- package/dist/connectors/AzurePipelinesConnector.js +72 -0
- package/dist/connectors/AzurePolicyConnector.d.ts +12 -0
- package/dist/connectors/AzurePolicyConnector.js +141 -0
- package/dist/connectors/AzureReposConnector.d.ts +12 -0
- package/dist/connectors/AzureReposConnector.js +96 -0
- package/dist/connectors/AzureSentinelConnector.d.ts +12 -0
- package/dist/connectors/AzureSentinelConnector.js +88 -0
- package/dist/connectors/BambooCICDConnector.d.ts +12 -0
- package/dist/connectors/BambooCICDConnector.js +72 -0
- package/dist/connectors/BambooHRConnector.d.ts +12 -0
- package/dist/connectors/BambooHRConnector.js +84 -0
- package/dist/connectors/BeyondTrustConnector.d.ts +12 -0
- package/dist/connectors/BeyondTrustConnector.js +94 -0
- package/dist/connectors/BitbucketConnector.d.ts +12 -0
- package/dist/connectors/BitbucketConnector.js +100 -0
- package/dist/connectors/BitbucketPipelinesConnector.d.ts +12 -0
- package/dist/connectors/BitbucketPipelinesConnector.js +72 -0
- package/dist/connectors/BoxConnector.d.ts +12 -0
- package/dist/connectors/BoxConnector.js +122 -0
- package/dist/connectors/BuildkiteConnector.d.ts +12 -0
- package/dist/connectors/BuildkiteConnector.js +95 -0
- package/dist/connectors/CarbonBlackConnector.d.ts +12 -0
- package/dist/connectors/CarbonBlackConnector.js +89 -0
- package/dist/connectors/CassandraConnector.d.ts +12 -0
- package/dist/connectors/CassandraConnector.js +69 -0
- package/dist/connectors/CheckPointConnector.d.ts +12 -0
- package/dist/connectors/CheckPointConnector.js +98 -0
- package/dist/connectors/CircleCIConnector.d.ts +12 -0
- package/dist/connectors/CircleCIConnector.js +129 -0
- package/dist/connectors/CircleCIConnectorsConnector.d.ts +12 -0
- package/dist/connectors/CircleCIConnectorsConnector.js +69 -0
- package/dist/connectors/CiscoUmbrellaConnector.d.ts +12 -0
- package/dist/connectors/CiscoUmbrellaConnector.js +96 -0
- package/dist/connectors/CloudBeesJenkinsConnector.d.ts +12 -0
- package/dist/connectors/CloudBeesJenkinsConnector.js +70 -0
- package/dist/connectors/CloudflareDNSConnector.d.ts +12 -0
- package/dist/connectors/CloudflareDNSConnector.js +71 -0
- package/dist/connectors/CloudflareWAFConnector.d.ts +12 -0
- package/dist/connectors/CloudflareWAFConnector.js +98 -0
- package/dist/connectors/ConfluenceConnector.d.ts +12 -0
- package/dist/connectors/ConfluenceConnector.js +101 -0
- package/dist/connectors/ConstantContactConnector.d.ts +12 -0
- package/dist/connectors/ConstantContactConnector.js +70 -0
- package/dist/connectors/CouchDBConnector.d.ts +12 -0
- package/dist/connectors/CouchDBConnector.js +69 -0
- package/dist/connectors/CrowdStrikeConnector.d.ts +12 -0
- package/dist/connectors/CrowdStrikeConnector.js +86 -0
- package/dist/connectors/CrowdStrikeFalconConnector.d.ts +12 -0
- package/dist/connectors/CrowdStrikeFalconConnector.js +92 -0
- package/dist/connectors/CrowdStrikeSpotlightConnector.d.ts +12 -0
- package/dist/connectors/CrowdStrikeSpotlightConnector.js +139 -0
- package/dist/connectors/CyberArkConnector.d.ts +12 -0
- package/dist/connectors/CyberArkConnector.js +95 -0
- package/dist/connectors/DatabricksConnector.d.ts +12 -0
- package/dist/connectors/DatabricksConnector.js +95 -0
- package/dist/connectors/DatadogConnector.d.ts +12 -0
- package/dist/connectors/DatadogConnector.js +110 -0
- package/dist/connectors/DigitalOceanConnector.d.ts +12 -0
- package/dist/connectors/DigitalOceanConnector.js +85 -0
- package/dist/connectors/DiscordConnector.d.ts +12 -0
- package/dist/connectors/DiscordConnector.js +98 -0
- package/dist/connectors/DockerHubConnector.d.ts +12 -0
- package/dist/connectors/DockerHubConnector.js +80 -0
- package/dist/connectors/DocuSignConnector.d.ts +12 -0
- package/dist/connectors/DocuSignConnector.js +96 -0
- package/dist/connectors/DriftConnector.d.ts +12 -0
- package/dist/connectors/DriftConnector.js +69 -0
- package/dist/connectors/DropboxConnector.d.ts +12 -0
- package/dist/connectors/DropboxConnector.js +127 -0
- package/dist/connectors/ESETConnector.d.ts +12 -0
- package/dist/connectors/ESETConnector.js +70 -0
- package/dist/connectors/ElasticsearchCloudConnector.d.ts +12 -0
- package/dist/connectors/ElasticsearchCloudConnector.js +70 -0
- package/dist/connectors/FSecureConnector.d.ts +12 -0
- package/dist/connectors/FSecureConnector.js +70 -0
- package/dist/connectors/FeatureFlagConnector.d.ts +12 -0
- package/dist/connectors/FeatureFlagConnector.js +70 -0
- package/dist/connectors/FluxCDConnector.d.ts +12 -0
- package/dist/connectors/FluxCDConnector.js +94 -0
- package/dist/connectors/ForgeRockConnector.d.ts +12 -0
- package/dist/connectors/ForgeRockConnector.js +95 -0
- package/dist/connectors/FortinetConnector.d.ts +12 -0
- package/dist/connectors/FortinetConnector.js +98 -0
- package/dist/connectors/FreshdeskConnector.d.ts +12 -0
- package/dist/connectors/FreshdeskConnector.js +71 -0
- package/dist/connectors/GCPBigQueryConnector.d.ts +12 -0
- package/dist/connectors/GCPBigQueryConnector.js +71 -0
- package/dist/connectors/GCPComputeConnector.d.ts +12 -0
- package/dist/connectors/GCPComputeConnector.js +87 -0
- package/dist/connectors/GCPConfigConnector.d.ts +12 -0
- package/dist/connectors/GCPConfigConnector.js +149 -0
- package/dist/connectors/GCPFirestoreConnector.d.ts +12 -0
- package/dist/connectors/GCPFirestoreConnector.js +71 -0
- package/dist/connectors/GCPIAMConnector.d.ts +12 -0
- package/dist/connectors/GCPIAMConnector.js +98 -0
- package/dist/connectors/GCPSCCConnector.d.ts +12 -0
- package/dist/connectors/GCPSCCConnector.js +94 -0
- package/dist/connectors/GitHubActionsConnector.d.ts +12 -0
- package/dist/connectors/GitHubActionsConnector.js +104 -0
- package/dist/connectors/GitHubConnector.d.ts +12 -0
- package/dist/connectors/GitHubConnector.js +135 -0
- package/dist/connectors/GitHubCopilotConnector.d.ts +12 -0
- package/dist/connectors/GitHubCopilotConnector.js +72 -0
- package/dist/connectors/GitLabCIConnector.d.ts +12 -0
- package/dist/connectors/GitLabCIConnector.js +71 -0
- package/dist/connectors/GitLabConnector.d.ts +12 -0
- package/dist/connectors/GitLabConnector.js +101 -0
- package/dist/connectors/GitLabSASTConnector.d.ts +12 -0
- package/dist/connectors/GitLabSASTConnector.js +130 -0
- package/dist/connectors/GoogleWorkspaceConnector.d.ts +12 -0
- package/dist/connectors/GoogleWorkspaceConnector.js +136 -0
- package/dist/connectors/HelmConnector.d.ts +12 -0
- package/dist/connectors/HelmConnector.js +94 -0
- package/dist/connectors/HubSpotConnector.d.ts +12 -0
- package/dist/connectors/HubSpotConnector.js +77 -0
- package/dist/connectors/IFTTTConnector.d.ts +12 -0
- package/dist/connectors/IFTTTConnector.js +70 -0
- package/dist/connectors/ImpervaConnector.d.ts +12 -0
- package/dist/connectors/ImpervaConnector.js +94 -0
- package/dist/connectors/InfluxDBConnector.d.ts +12 -0
- package/dist/connectors/InfluxDBConnector.js +70 -0
- package/dist/connectors/IntercomConnector.d.ts +12 -0
- package/dist/connectors/IntercomConnector.js +69 -0
- package/dist/connectors/JenkinsConnector.d.ts +12 -0
- package/dist/connectors/JenkinsConnector.js +96 -0
- package/dist/connectors/JiraConnector.d.ts +12 -0
- package/dist/connectors/JiraConnector.js +103 -0
- package/dist/connectors/KafkaConnector.d.ts +12 -0
- package/dist/connectors/KafkaConnector.js +70 -0
- package/dist/connectors/KasperskyConnector.d.ts +12 -0
- package/dist/connectors/KasperskyConnector.js +70 -0
- package/dist/connectors/KubernetesConnector.d.ts +12 -0
- package/dist/connectors/KubernetesConnector.js +109 -0
- package/dist/connectors/LaceworkConnector.d.ts +13 -0
- package/dist/connectors/LaceworkConnector.js +143 -0
- package/dist/connectors/LaunchDarklyConnector.d.ts +12 -0
- package/dist/connectors/LaunchDarklyConnector.js +86 -0
- package/dist/connectors/LinodeConnector.d.ts +12 -0
- package/dist/connectors/LinodeConnector.js +70 -0
- package/dist/connectors/LookerConnector.d.ts +12 -0
- package/dist/connectors/LookerConnector.js +94 -0
- package/dist/connectors/MailchimpConnector.d.ts +12 -0
- package/dist/connectors/MailchimpConnector.js +71 -0
- package/dist/connectors/MalwarebytesConnector.d.ts +12 -0
- package/dist/connectors/MalwarebytesConnector.js +85 -0
- package/dist/connectors/McAfeeConnector.d.ts +12 -0
- package/dist/connectors/McAfeeConnector.js +85 -0
- package/dist/connectors/Microsoft365Connector.d.ts +12 -0
- package/dist/connectors/Microsoft365Connector.js +139 -0
- package/dist/connectors/MongoDBConnector.d.ts +12 -0
- package/dist/connectors/MongoDBConnector.js +86 -0
- package/dist/connectors/NamelyConnector.d.ts +12 -0
- package/dist/connectors/NamelyConnector.js +97 -0
- package/dist/connectors/Neo4jConnector.d.ts +12 -0
- package/dist/connectors/Neo4jConnector.js +70 -0
- package/dist/connectors/NetSuiteConnector.d.ts +12 -0
- package/dist/connectors/NetSuiteConnector.js +94 -0
- package/dist/connectors/NetskopeConnector.d.ts +12 -0
- package/dist/connectors/NetskopeConnector.js +98 -0
- package/dist/connectors/NexusConnector.d.ts +12 -0
- package/dist/connectors/NexusConnector.js +93 -0
- package/dist/connectors/NotionConnector.d.ts +12 -0
- package/dist/connectors/NotionConnector.js +109 -0
- package/dist/connectors/OktaConnector.d.ts +12 -0
- package/dist/connectors/OktaConnector.js +123 -0
- package/dist/connectors/OktaSystemLogConnector.d.ts +12 -0
- package/dist/connectors/OktaSystemLogConnector.js +129 -0
- package/dist/connectors/OpsgenieConnector.d.ts +12 -0
- package/dist/connectors/OpsgenieConnector.js +70 -0
- package/dist/connectors/PagerDutyConnector.d.ts +12 -0
- package/dist/connectors/PagerDutyConnector.js +106 -0
- package/dist/connectors/PalantirConnector.d.ts +12 -0
- package/dist/connectors/PalantirConnector.js +95 -0
- package/dist/connectors/PaloAltoPrismaCloudConnector.d.ts +12 -0
- package/dist/connectors/PaloAltoPrismaCloudConnector.js +110 -0
- package/dist/connectors/PingFederateConnector.d.ts +12 -0
- package/dist/connectors/PingFederateConnector.js +97 -0
- package/dist/connectors/PostgreSQLCloudConnector.d.ts +12 -0
- package/dist/connectors/PostgreSQLCloudConnector.js +70 -0
- package/dist/connectors/PowerBIConnector.d.ts +12 -0
- package/dist/connectors/PowerBIConnector.js +95 -0
- package/dist/connectors/PrismaCloudConnector.d.ts +12 -0
- package/dist/connectors/PrismaCloudConnector.js +147 -0
- package/dist/connectors/QualysConnector.d.ts +12 -0
- package/dist/connectors/QualysConnector.js +96 -0
- package/dist/connectors/QualysScannerConnector.d.ts +12 -0
- package/dist/connectors/QualysScannerConnector.js +131 -0
- package/dist/connectors/QuickBooksConnector.d.ts +12 -0
- package/dist/connectors/QuickBooksConnector.js +97 -0
- package/dist/connectors/RabbitMQConnector.d.ts +12 -0
- package/dist/connectors/RabbitMQConnector.js +69 -0
- package/dist/connectors/RadwareConnector.d.ts +12 -0
- package/dist/connectors/RadwareConnector.js +94 -0
- package/dist/connectors/RedisCloudConnector.d.ts +12 -0
- package/dist/connectors/RedisCloudConnector.js +70 -0
- package/dist/connectors/RingCentralConnector.d.ts +12 -0
- package/dist/connectors/RingCentralConnector.js +94 -0
- package/dist/connectors/SAPSuccessFactorsConnector.d.ts +12 -0
- package/dist/connectors/SAPSuccessFactorsConnector.js +103 -0
- package/dist/connectors/SailPointConnector.d.ts +12 -0
- package/dist/connectors/SailPointConnector.js +97 -0
- package/dist/connectors/SalesforceConnector.d.ts +12 -0
- package/dist/connectors/SalesforceConnector.js +91 -0
- package/dist/connectors/SendGridConnector.d.ts +12 -0
- package/dist/connectors/SendGridConnector.js +69 -0
- package/dist/connectors/SentinelOneConnector.d.ts +12 -0
- package/dist/connectors/SentinelOneConnector.js +89 -0
- package/dist/connectors/ServiceNowConnector.d.ts +12 -0
- package/dist/connectors/ServiceNowConnector.js +123 -0
- package/dist/connectors/SlackConnector.d.ts +12 -0
- package/dist/connectors/SlackConnector.js +109 -0
- package/dist/connectors/SnowflakeConnector.d.ts +12 -0
- package/dist/connectors/SnowflakeConnector.js +105 -0
- package/dist/connectors/SnykConnector.d.ts +12 -0
- package/dist/connectors/SnykConnector.js +84 -0
- package/dist/connectors/SnykMonitorConnector.d.ts +12 -0
- package/dist/connectors/SnykMonitorConnector.js +131 -0
- package/dist/connectors/SophosConnector.d.ts +12 -0
- package/dist/connectors/SophosConnector.js +87 -0
- package/dist/connectors/SpinnakerConnector.d.ts +12 -0
- package/dist/connectors/SpinnakerConnector.js +70 -0
- package/dist/connectors/SplunkConnector.d.ts +12 -0
- package/dist/connectors/SplunkConnector.js +126 -0
- package/dist/connectors/StripeConnector.d.ts +12 -0
- package/dist/connectors/StripeConnector.js +97 -0
- package/dist/connectors/TableauConnector.d.ts +12 -0
- package/dist/connectors/TableauConnector.js +101 -0
- package/dist/connectors/TaniumConnector.d.ts +12 -0
- package/dist/connectors/TaniumConnector.js +97 -0
- package/dist/connectors/TeamCityConnector.d.ts +12 -0
- package/dist/connectors/TeamCityConnector.js +71 -0
- package/dist/connectors/TeamsConnector.d.ts +12 -0
- package/dist/connectors/TeamsConnector.js +96 -0
- package/dist/connectors/TenableIOConnector.d.ts +12 -0
- package/dist/connectors/TenableIOConnector.js +130 -0
- package/dist/connectors/TerraformCloudConnector.d.ts +12 -0
- package/dist/connectors/TerraformCloudConnector.js +106 -0
- package/dist/connectors/TravisCIConnector.d.ts +12 -0
- package/dist/connectors/TravisCIConnector.js +95 -0
- package/dist/connectors/TrendMicroConnector.d.ts +12 -0
- package/dist/connectors/TrendMicroConnector.js +85 -0
- package/dist/connectors/TwilioConnector.d.ts +12 -0
- package/dist/connectors/TwilioConnector.js +70 -0
- package/dist/connectors/VercelConnector.d.ts +12 -0
- package/dist/connectors/VercelConnector.js +70 -0
- package/dist/connectors/VultrConnector.d.ts +12 -0
- package/dist/connectors/VultrConnector.js +70 -0
- package/dist/connectors/WebexConnector.d.ts +12 -0
- package/dist/connectors/WebexConnector.js +94 -0
- package/dist/connectors/WizConnector.d.ts +12 -0
- package/dist/connectors/WizConnector.js +172 -0
- package/dist/connectors/WorkdayConnector.d.ts +12 -0
- package/dist/connectors/WorkdayConnector.js +100 -0
- package/dist/connectors/XeroConnector.d.ts +12 -0
- package/dist/connectors/XeroConnector.js +96 -0
- package/dist/connectors/ZapierConnector.d.ts +12 -0
- package/dist/connectors/ZapierConnector.js +70 -0
- package/dist/connectors/ZendeskConnector.d.ts +12 -0
- package/dist/connectors/ZendeskConnector.js +71 -0
- package/dist/connectors/ZenefitsConnector.d.ts +12 -0
- package/dist/connectors/ZenefitsConnector.js +93 -0
- package/dist/connectors/ZoomConnector.d.ts +12 -0
- package/dist/connectors/ZoomConnector.js +97 -0
- package/dist/connectors/ZscalerConnector.d.ts +12 -0
- package/dist/connectors/ZscalerConnector.js +97 -0
- package/dist/connectors/index.d.ts +150 -0
- package/dist/connectors/index.js +157 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.js +16 -0
- package/dist/index.test.d.ts +1 -0
- package/dist/index.test.js +139 -0
- package/dist/types.d.ts +57 -0
- package/dist/types.js +8 -0
- package/package.json +33 -0
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "snyk-vulns",
|
|
5
|
+
name: "Vulnerabilities",
|
|
6
|
+
description: "Fetch Snyk project vulnerabilities by severity",
|
|
7
|
+
evidenceCategories: ["vulnerability_management", "application_security"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "snyk-license",
|
|
11
|
+
name: "License Compliance",
|
|
12
|
+
description: "Fetch open-source license compliance issues",
|
|
13
|
+
evidenceCategories: ["license_compliance", "supply_chain"],
|
|
14
|
+
},
|
|
15
|
+
];
|
|
16
|
+
export class SnykConnector {
|
|
17
|
+
id = "snyk";
|
|
18
|
+
name = "Snyk";
|
|
19
|
+
category = "vulnerability";
|
|
20
|
+
authType = "bearer_token";
|
|
21
|
+
capabilities = capabilities;
|
|
22
|
+
frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
|
|
23
|
+
async fetchApi(config, endpoint) {
|
|
24
|
+
const base = config.baseUrl || "https://api.snyk.io/v1";
|
|
25
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
26
|
+
headers: { Authorization: `token ${config.apiToken}` },
|
|
27
|
+
});
|
|
28
|
+
if (!resp.ok)
|
|
29
|
+
throw new Error(`Snyk API ${resp.status}: ${resp.statusText}`);
|
|
30
|
+
return (await resp.json());
|
|
31
|
+
}
|
|
32
|
+
async testConnection(config) {
|
|
33
|
+
try {
|
|
34
|
+
await this.fetchApi(config, "/user/me");
|
|
35
|
+
return true;
|
|
36
|
+
}
|
|
37
|
+
catch {
|
|
38
|
+
return false;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
async collectEvidence(config) {
|
|
42
|
+
const artifacts = [];
|
|
43
|
+
const now = new Date().toISOString();
|
|
44
|
+
const orgId = config.extra?.orgId || "";
|
|
45
|
+
const projectId = config.extra?.projectId || "";
|
|
46
|
+
const issues = await this.fetchApi(config, `/orgs/${orgId}/projects/${projectId}/issues?severityThreshold=low`).catch(() => ({ issues: [] }));
|
|
47
|
+
const issueList = (issues.issues || []);
|
|
48
|
+
const bySeverity = {
|
|
49
|
+
critical: issueList.filter((i) => i.severity === "critical").length,
|
|
50
|
+
high: issueList.filter((i) => i.severity === "high").length,
|
|
51
|
+
medium: issueList.filter((i) => i.severity === "medium").length,
|
|
52
|
+
low: issueList.filter((i) => i.severity === "low").length,
|
|
53
|
+
};
|
|
54
|
+
artifacts.push({
|
|
55
|
+
id: generateEvidenceId(),
|
|
56
|
+
connectorId: this.id,
|
|
57
|
+
capabilityId: "snyk-vulns",
|
|
58
|
+
timestamp: now,
|
|
59
|
+
hash: hashEvidence({ issueCount: issueList.length, bySeverity }),
|
|
60
|
+
framework: "ISO27001",
|
|
61
|
+
controlId: "A.12.6.1",
|
|
62
|
+
source: `snyk/orgs/${orgId}/projects/${projectId}/issues`,
|
|
63
|
+
status: bySeverity.critical === 0 ? "compliant" : "non_compliant",
|
|
64
|
+
data: { totalIssues: issueList.length, bySeverity },
|
|
65
|
+
metadata: { orgId, projectId },
|
|
66
|
+
});
|
|
67
|
+
const licenses = await this.fetchApi(config, `/orgs/${orgId}/projects/${projectId}/issues?severityThreshold=low&types=license`).catch(() => ({ issues: [] }));
|
|
68
|
+
const licenseIssues = (licenses.issues || []);
|
|
69
|
+
artifacts.push({
|
|
70
|
+
id: generateEvidenceId(),
|
|
71
|
+
connectorId: this.id,
|
|
72
|
+
capabilityId: "snyk-license",
|
|
73
|
+
timestamp: now,
|
|
74
|
+
hash: hashEvidence({ licenseIssueCount: licenseIssues.length }),
|
|
75
|
+
framework: "ISO27001",
|
|
76
|
+
controlId: "A.18.1.5",
|
|
77
|
+
source: `snyk/orgs/${orgId}/projects/${projectId}/licenses`,
|
|
78
|
+
status: licenseIssues.length === 0 ? "compliant" : "non_compliant",
|
|
79
|
+
data: { licenseIssues: licenseIssues.length },
|
|
80
|
+
metadata: { orgId, projectId },
|
|
81
|
+
});
|
|
82
|
+
return artifacts;
|
|
83
|
+
}
|
|
84
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class SnykMonitorConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "snyk_monitor";
|
|
4
|
+
readonly name = "Snyk Monitor";
|
|
5
|
+
readonly category: "vulnerability";
|
|
6
|
+
readonly authType: "bearer_token";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "snyk-vulns",
|
|
5
|
+
name: "Monitored Vulnerabilities",
|
|
6
|
+
description: "Fetch Snyk monitor vulnerability findings across projects",
|
|
7
|
+
evidenceCategories: ["vulnerability_management", "supply_chain"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "snyk-licenses",
|
|
11
|
+
name: "License Compliance",
|
|
12
|
+
description: "Fetch license compliance results and policy violations",
|
|
13
|
+
evidenceCategories: ["compliance", "supply_chain"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "snyk-issues",
|
|
17
|
+
name: "Open Issues",
|
|
18
|
+
description: "Fetch open Snyk issues with fix availability",
|
|
19
|
+
evidenceCategories: ["vulnerability_management", "change_management"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "snyk-org",
|
|
23
|
+
name: "Organization Settings",
|
|
24
|
+
description: "Fetch Snyk org settings, RBAC, and integrations",
|
|
25
|
+
evidenceCategories: ["access_control", "configuration"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class SnykMonitorConnector {
|
|
29
|
+
id = "snyk_monitor";
|
|
30
|
+
name = "Snyk Monitor";
|
|
31
|
+
category = "vulnerability";
|
|
32
|
+
authType = "bearer_token";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"NIST_CSF",
|
|
38
|
+
"PCI_DSS",
|
|
39
|
+
];
|
|
40
|
+
async fetchApi(config, endpoint) {
|
|
41
|
+
const base = config.baseUrl || "https://api.snyk.io/v1";
|
|
42
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
43
|
+
headers: {
|
|
44
|
+
Authorization: `token ${config.apiToken}`,
|
|
45
|
+
Accept: "application/json",
|
|
46
|
+
},
|
|
47
|
+
});
|
|
48
|
+
if (!resp.ok)
|
|
49
|
+
throw new Error(`Snyk API ${resp.status}: ${resp.statusText}`);
|
|
50
|
+
return (await resp.json());
|
|
51
|
+
}
|
|
52
|
+
async testConnection(config) {
|
|
53
|
+
try {
|
|
54
|
+
await this.fetchApi(config, "/orgs");
|
|
55
|
+
return true;
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
return false;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
async collectEvidence(config) {
|
|
62
|
+
const artifacts = [];
|
|
63
|
+
const now = new Date().toISOString();
|
|
64
|
+
const orgId = config.extra?.orgId || "default-org";
|
|
65
|
+
const projectId = config.extra?.projectId || "";
|
|
66
|
+
const issues = await this.fetchApi(config, `/orgs/${orgId}/issues?limit=100&severity=high,critical`).catch(() => ({ issues: [] }));
|
|
67
|
+
const issueList = Array.isArray(issues.issues) ? issues.issues : [];
|
|
68
|
+
artifacts.push({
|
|
69
|
+
id: generateEvidenceId(),
|
|
70
|
+
connectorId: this.id,
|
|
71
|
+
capabilityId: "snyk-vulns",
|
|
72
|
+
timestamp: now,
|
|
73
|
+
hash: hashEvidence({ count: issueList.length }),
|
|
74
|
+
framework: "SOC2",
|
|
75
|
+
controlId: "CC6.6",
|
|
76
|
+
source: `snyk/${orgId}/vulnerabilities`,
|
|
77
|
+
status: issueList.length === 0 ? "compliant" : "non_compliant",
|
|
78
|
+
data: { highCriticalIssues: issueList.length },
|
|
79
|
+
metadata: { orgId },
|
|
80
|
+
});
|
|
81
|
+
const licenses = await this.fetchApi(config, `/orgs/${orgId}/licenses?limit=50`).catch(() => ({ licenses: [] }));
|
|
82
|
+
const licenseList = Array.isArray(licenses.licenses) ? licenses.licenses : [];
|
|
83
|
+
const deniedLicenses = licenseList.filter((l) => l.compatibility === "not_compatible");
|
|
84
|
+
artifacts.push({
|
|
85
|
+
id: generateEvidenceId(),
|
|
86
|
+
connectorId: this.id,
|
|
87
|
+
capabilityId: "snyk-licenses",
|
|
88
|
+
timestamp: now,
|
|
89
|
+
hash: hashEvidence({ count: licenseList.length, denied: deniedLicenses.length }),
|
|
90
|
+
framework: "ISO27001",
|
|
91
|
+
controlId: "A.12.1.1",
|
|
92
|
+
source: `snyk/${orgId}/licenses`,
|
|
93
|
+
status: deniedLicenses.length === 0 ? "compliant" : "non_compliant",
|
|
94
|
+
data: { totalLicenses: licenseList.length, denied: deniedLicenses.length },
|
|
95
|
+
metadata: { orgId },
|
|
96
|
+
});
|
|
97
|
+
const openIssues = projectId
|
|
98
|
+
? await this.fetchApi(config, `/orgs/${orgId}/projects/${projectId}/issues?limit=50`).catch(() => ({ issues: [] }))
|
|
99
|
+
: { issues: [] };
|
|
100
|
+
const openList = Array.isArray(openIssues.issues) ? openIssues.issues : [];
|
|
101
|
+
const fixable = openList.filter((i) => i.fixable === true);
|
|
102
|
+
artifacts.push({
|
|
103
|
+
id: generateEvidenceId(),
|
|
104
|
+
connectorId: this.id,
|
|
105
|
+
capabilityId: "snyk-issues",
|
|
106
|
+
timestamp: now,
|
|
107
|
+
hash: hashEvidence({ open: openList.length, fixable: fixable.length }),
|
|
108
|
+
framework: "NIST_CSF",
|
|
109
|
+
controlId: "ID.RA",
|
|
110
|
+
source: `snyk/${orgId}/issues`,
|
|
111
|
+
status: openList.length === 0 ? "compliant" : "non_compliant",
|
|
112
|
+
data: { openIssues: openList.length, fixableIssues: fixable.length },
|
|
113
|
+
metadata: { orgId },
|
|
114
|
+
});
|
|
115
|
+
const org = await this.fetchApi(config, `/orgs/${orgId}`).catch(() => ({}));
|
|
116
|
+
artifacts.push({
|
|
117
|
+
id: generateEvidenceId(),
|
|
118
|
+
connectorId: this.id,
|
|
119
|
+
capabilityId: "snyk-org",
|
|
120
|
+
timestamp: now,
|
|
121
|
+
hash: hashEvidence(org),
|
|
122
|
+
framework: "PCI_DSS",
|
|
123
|
+
controlId: "7.2.1",
|
|
124
|
+
source: `snyk/${orgId}/settings`,
|
|
125
|
+
status: "compliant",
|
|
126
|
+
data: org,
|
|
127
|
+
metadata: { orgId },
|
|
128
|
+
});
|
|
129
|
+
return artifacts;
|
|
130
|
+
}
|
|
131
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class SophosConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "sophos";
|
|
4
|
+
readonly name = "Sophos";
|
|
5
|
+
readonly category: "endpoint";
|
|
6
|
+
readonly authType: "api_key";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "sophos-endpoints",
|
|
5
|
+
name: "Endpoint Protection",
|
|
6
|
+
description: "Fetch Sophos endpoint agent status and managed status",
|
|
7
|
+
evidenceCategories: ["endpoint_security", "monitoring"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "sophos-threats",
|
|
11
|
+
name: "Threat Detections",
|
|
12
|
+
description: "Fetch threat detection events and incident summaries",
|
|
13
|
+
evidenceCategories: ["vulnerability_management", "monitoring"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "sophos-policies",
|
|
17
|
+
name: "Security Policies",
|
|
18
|
+
description: "Fetch Sophos security policy configurations and compliance state",
|
|
19
|
+
evidenceCategories: ["policy_compliance", "configuration"],
|
|
20
|
+
},
|
|
21
|
+
];
|
|
22
|
+
export class SophosConnector {
|
|
23
|
+
id = "sophos";
|
|
24
|
+
name = "Sophos";
|
|
25
|
+
category = "endpoint";
|
|
26
|
+
authType = "api_key";
|
|
27
|
+
capabilities = capabilities;
|
|
28
|
+
frameworks = ["SOC2", "ISO27001", "NIST_CSF", "HIPAA"];
|
|
29
|
+
async fetchApi(config, endpoint) {
|
|
30
|
+
const tenantId = config.tenantId || config.extra?.tenantId || "";
|
|
31
|
+
const base = config.baseUrl || `https://api-${tenantId}.central.sophos.com`;
|
|
32
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
33
|
+
headers: {
|
|
34
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
35
|
+
"Content-Type": "application/json",
|
|
36
|
+
"X-Tenant-ID": tenantId,
|
|
37
|
+
},
|
|
38
|
+
});
|
|
39
|
+
if (!resp.ok)
|
|
40
|
+
throw new Error(`Sophos API ${resp.status}: ${resp.statusText}`);
|
|
41
|
+
return (await resp.json());
|
|
42
|
+
}
|
|
43
|
+
async testConnection(config) {
|
|
44
|
+
try {
|
|
45
|
+
await this.fetchApi(config, "/endpoint/v1/endpoints?pageSize=1");
|
|
46
|
+
return true;
|
|
47
|
+
}
|
|
48
|
+
catch {
|
|
49
|
+
return false;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
async collectEvidence(config) {
|
|
53
|
+
const artifacts = [];
|
|
54
|
+
const now = new Date().toISOString();
|
|
55
|
+
const endpoints = await this.fetchApi(config, "/endpoint/v1/endpoints?pageSize=100").catch(() => ({ items: [] }));
|
|
56
|
+
const endpointList = (endpoints.items || []);
|
|
57
|
+
artifacts.push({
|
|
58
|
+
id: generateEvidenceId(),
|
|
59
|
+
connectorId: this.id,
|
|
60
|
+
capabilityId: "sophos-endpoints",
|
|
61
|
+
timestamp: now,
|
|
62
|
+
hash: hashEvidence({ endpointCount: endpointList.length }),
|
|
63
|
+
framework: "SOC2",
|
|
64
|
+
controlId: "CC6.8",
|
|
65
|
+
source: "sophos/endpoints",
|
|
66
|
+
status: endpointList.length > 0 ? "compliant" : "unknown",
|
|
67
|
+
data: { endpointCount: endpointList.length },
|
|
68
|
+
metadata: {},
|
|
69
|
+
});
|
|
70
|
+
const detections = await this.fetchApi(config, "/detector/v2/detections?pageSize=10").catch(() => ({ items: [] }));
|
|
71
|
+
const detectList = (detections.items || []);
|
|
72
|
+
artifacts.push({
|
|
73
|
+
id: generateEvidenceId(),
|
|
74
|
+
connectorId: this.id,
|
|
75
|
+
capabilityId: "sophos-threats",
|
|
76
|
+
timestamp: now,
|
|
77
|
+
hash: hashEvidence({ detectionCount: detectList.length }),
|
|
78
|
+
framework: "ISO27001",
|
|
79
|
+
controlId: "A.12.2.1",
|
|
80
|
+
source: "sophos/detections",
|
|
81
|
+
status: detectList.length === 0 ? "compliant" : "non_compliant",
|
|
82
|
+
data: { recentDetections: detectList.length },
|
|
83
|
+
metadata: {},
|
|
84
|
+
});
|
|
85
|
+
return artifacts;
|
|
86
|
+
}
|
|
87
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class SpinnakerConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "spinnaker";
|
|
4
|
+
readonly name = "Spinnaker";
|
|
5
|
+
readonly category: "ci_cd";
|
|
6
|
+
readonly authType: "bearer_token";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "spinnaker-pipelines",
|
|
5
|
+
name: "Deployment Pipelines",
|
|
6
|
+
description: "Fetch Spinnaker pipeline configurations and execution history",
|
|
7
|
+
evidenceCategories: ["ci_cd", "change_management"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "spinnaker-applications",
|
|
11
|
+
name: "Applications",
|
|
12
|
+
description: "Fetch Spinnaker application definitions and cluster configurations",
|
|
13
|
+
evidenceCategories: ["cloud_configuration", "change_management"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "spinnaker-rollback",
|
|
17
|
+
name: "Rollback Policies",
|
|
18
|
+
description: "Fetch automatic rollback configurations and canary analysis",
|
|
19
|
+
evidenceCategories: ["disaster_recovery", "configuration"],
|
|
20
|
+
},
|
|
21
|
+
];
|
|
22
|
+
export class SpinnakerConnector {
|
|
23
|
+
id = "spinnaker";
|
|
24
|
+
name = "Spinnaker";
|
|
25
|
+
category = "ci_cd";
|
|
26
|
+
authType = "bearer_token";
|
|
27
|
+
capabilities = capabilities;
|
|
28
|
+
frameworks = ["SOC2", "ISO27001", "NIST_CSF"];
|
|
29
|
+
async fetchApi(config, endpoint) {
|
|
30
|
+
const base = config.baseUrl || "https://spinnaker.example.com";
|
|
31
|
+
const resp = await fetch(`${base}/gate${endpoint}`, {
|
|
32
|
+
headers: {
|
|
33
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
34
|
+
"Content-Type": "application/json",
|
|
35
|
+
},
|
|
36
|
+
});
|
|
37
|
+
if (!resp.ok)
|
|
38
|
+
throw new Error(`Spinnaker API ${resp.status}: ${resp.statusText}`);
|
|
39
|
+
return (await resp.json());
|
|
40
|
+
}
|
|
41
|
+
async testConnection(config) {
|
|
42
|
+
try {
|
|
43
|
+
await this.fetchApi(config, "/applications?expand=false");
|
|
44
|
+
return true;
|
|
45
|
+
}
|
|
46
|
+
catch {
|
|
47
|
+
return false;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
async collectEvidence(config) {
|
|
51
|
+
const artifacts = [];
|
|
52
|
+
const now = new Date().toISOString();
|
|
53
|
+
const apps = await this.fetchApi(config, "/applications?expand=false").catch(() => []);
|
|
54
|
+
const appList = Array.isArray(apps) ? apps : [];
|
|
55
|
+
artifacts.push({
|
|
56
|
+
id: generateEvidenceId(),
|
|
57
|
+
connectorId: this.id,
|
|
58
|
+
capabilityId: "spinnaker-applications",
|
|
59
|
+
timestamp: now,
|
|
60
|
+
hash: hashEvidence({ appCount: appList.length }),
|
|
61
|
+
framework: "SOC2",
|
|
62
|
+
controlId: "CC8.1",
|
|
63
|
+
source: "spinnaker/applications",
|
|
64
|
+
status: "unknown",
|
|
65
|
+
data: { applicationCount: appList.length },
|
|
66
|
+
metadata: {},
|
|
67
|
+
});
|
|
68
|
+
return artifacts;
|
|
69
|
+
}
|
|
70
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class SplunkConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "splunk";
|
|
4
|
+
readonly name = "Splunk";
|
|
5
|
+
readonly category: "siem";
|
|
6
|
+
readonly authType: "basic_auth";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,126 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "splunk-indexes",
|
|
5
|
+
name: "Index Overview",
|
|
6
|
+
description: "Fetch Splunk index configurations and data volumes",
|
|
7
|
+
evidenceCategories: ["log_management", "configuration"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "splunk-saved-searches",
|
|
11
|
+
name: "Saved Searches & Alerts",
|
|
12
|
+
description: "Fetch saved searches, alerts, and correlation rules",
|
|
13
|
+
evidenceCategories: ["monitoring", "alerting"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "splunk-sourcetypes",
|
|
17
|
+
name: "Source Types",
|
|
18
|
+
description: "Fetch ingested source types and event volumes",
|
|
19
|
+
evidenceCategories: ["log_management", "data_collection"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "splunk-users",
|
|
23
|
+
name: "User Accounts",
|
|
24
|
+
description: "Fetch Splunk user accounts and role assignments",
|
|
25
|
+
evidenceCategories: ["access_control", "identity_management"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class SplunkConnector {
|
|
29
|
+
id = "splunk";
|
|
30
|
+
name = "Splunk";
|
|
31
|
+
category = "siem";
|
|
32
|
+
authType = "basic_auth";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = ["SOC2", "ISO27001", "NIST_CSF", "HIPAA", "PCI_DSS"];
|
|
35
|
+
async fetchApi(config, endpoint) {
|
|
36
|
+
const base = config.baseUrl || `https://${config.extra?.host || "localhost"}:8089`;
|
|
37
|
+
const auth = Buffer.from(`${config.clientId || ""}:${config.clientSecret || ""}`).toString("base64");
|
|
38
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
39
|
+
headers: {
|
|
40
|
+
Accept: "application/json",
|
|
41
|
+
Authorization: `Basic ${auth}`,
|
|
42
|
+
},
|
|
43
|
+
});
|
|
44
|
+
if (!resp.ok)
|
|
45
|
+
throw new Error(`Splunk API ${resp.status}: ${resp.statusText}`);
|
|
46
|
+
return (await resp.json());
|
|
47
|
+
}
|
|
48
|
+
async testConnection(config) {
|
|
49
|
+
try {
|
|
50
|
+
await this.fetchApi(config, "/services/server/info?output_mode=json");
|
|
51
|
+
return true;
|
|
52
|
+
}
|
|
53
|
+
catch {
|
|
54
|
+
return false;
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
async collectEvidence(config) {
|
|
58
|
+
const artifacts = [];
|
|
59
|
+
const now = new Date().toISOString();
|
|
60
|
+
const indexes = await this.fetchApi(config, "/services/data/indexes?output_mode=json&count=0").catch(() => ({ entry: [] }));
|
|
61
|
+
const indexList = (indexes.entry || []);
|
|
62
|
+
artifacts.push({
|
|
63
|
+
id: generateEvidenceId(),
|
|
64
|
+
connectorId: this.id,
|
|
65
|
+
capabilityId: "splunk-indexes",
|
|
66
|
+
timestamp: now,
|
|
67
|
+
hash: hashEvidence({ indexCount: indexList.length }),
|
|
68
|
+
framework: "SOC2",
|
|
69
|
+
controlId: "CC7.2",
|
|
70
|
+
source: "splunk/indexes",
|
|
71
|
+
status: indexList.length > 0 ? "compliant" : "non_compliant",
|
|
72
|
+
data: { indexCount: indexList.length },
|
|
73
|
+
metadata: { host: config.extra?.host || "" },
|
|
74
|
+
});
|
|
75
|
+
const searches = await this.fetchApi(config, "/services/saved/searches?output_mode=json&count=0").catch(() => ({ entry: [] }));
|
|
76
|
+
const searchList = (searches.entry || []);
|
|
77
|
+
const alerts = searchList.filter((s) => {
|
|
78
|
+
const cont = (s.content || {});
|
|
79
|
+
return cont.alert === 1 || cont.alert === true;
|
|
80
|
+
});
|
|
81
|
+
artifacts.push({
|
|
82
|
+
id: generateEvidenceId(),
|
|
83
|
+
connectorId: this.id,
|
|
84
|
+
capabilityId: "splunk-saved-searches",
|
|
85
|
+
timestamp: now,
|
|
86
|
+
hash: hashEvidence({ total: searchList.length, alerts: alerts.length }),
|
|
87
|
+
framework: "ISO27001",
|
|
88
|
+
controlId: "A.12.4.1",
|
|
89
|
+
source: "splunk/saved/searches",
|
|
90
|
+
status: "unknown",
|
|
91
|
+
data: { searchCount: searchList.length, alertCount: alerts.length },
|
|
92
|
+
metadata: { host: config.extra?.host || "" },
|
|
93
|
+
});
|
|
94
|
+
const sourcetypes = await this.fetchApi(config, "/services/data/indexes-extended?output_mode=json&count=0").catch(() => ({ entry: [] }));
|
|
95
|
+
const stList = (sourcetypes.entry || []);
|
|
96
|
+
artifacts.push({
|
|
97
|
+
id: generateEvidenceId(),
|
|
98
|
+
connectorId: this.id,
|
|
99
|
+
capabilityId: "splunk-sourcetypes",
|
|
100
|
+
timestamp: now,
|
|
101
|
+
hash: hashEvidence({ sourcetypeCount: stList.length }),
|
|
102
|
+
framework: "SOC2",
|
|
103
|
+
controlId: "CC7.2",
|
|
104
|
+
source: "splunk/indexes-extended",
|
|
105
|
+
status: "unknown",
|
|
106
|
+
data: { sourcetypeCount: stList.length },
|
|
107
|
+
metadata: { host: config.extra?.host || "" },
|
|
108
|
+
});
|
|
109
|
+
const users = await this.fetchApi(config, "/services/admin/users?output_mode=json&count=0").catch(() => ({ entry: [] }));
|
|
110
|
+
const userList = (users.entry || []);
|
|
111
|
+
artifacts.push({
|
|
112
|
+
id: generateEvidenceId(),
|
|
113
|
+
connectorId: this.id,
|
|
114
|
+
capabilityId: "splunk-users",
|
|
115
|
+
timestamp: now,
|
|
116
|
+
hash: hashEvidence({ userCount: userList.length }),
|
|
117
|
+
framework: "SOC2",
|
|
118
|
+
controlId: "CC6.1",
|
|
119
|
+
source: "splunk/admin/users",
|
|
120
|
+
status: "unknown",
|
|
121
|
+
data: { userCount: userList.length },
|
|
122
|
+
metadata: { host: config.extra?.host || "" },
|
|
123
|
+
});
|
|
124
|
+
return artifacts;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class StripeConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "stripe";
|
|
4
|
+
readonly name = "Stripe";
|
|
5
|
+
readonly category: "finance";
|
|
6
|
+
readonly authType: "api_key";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "stripe-payments",
|
|
5
|
+
name: "Payment Processing",
|
|
6
|
+
description: "Fetch Stripe payment configurations and PCI compliance status",
|
|
7
|
+
evidenceCategories: ["compliance", "data_protection"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "stripe-webhooks",
|
|
11
|
+
name: "Webhook Security",
|
|
12
|
+
description: "Fetch webhook endpoint configurations and signature verification",
|
|
13
|
+
evidenceCategories: ["access_control", "configuration"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "stripe-api-keys",
|
|
17
|
+
name: "API Key Management",
|
|
18
|
+
description: "Fetch API key usage and rotation status",
|
|
19
|
+
evidenceCategories: ["access_control", "data_protection"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "stripe-disputes",
|
|
23
|
+
name: "Fraud Prevention",
|
|
24
|
+
description: "Fetch Radar rules and dispute/fraud metrics",
|
|
25
|
+
evidenceCategories: ["vulnerability_management", "monitoring"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class StripeConnector {
|
|
29
|
+
id = "stripe";
|
|
30
|
+
name = "Stripe";
|
|
31
|
+
category = "finance";
|
|
32
|
+
authType = "api_key";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"PCI_DSS",
|
|
38
|
+
"NIST_CSF",
|
|
39
|
+
];
|
|
40
|
+
async fetchApi(config, endpoint) {
|
|
41
|
+
const base = config.baseUrl || "https://api.stripe.com";
|
|
42
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
43
|
+
headers: {
|
|
44
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
45
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
46
|
+
},
|
|
47
|
+
});
|
|
48
|
+
if (!resp.ok)
|
|
49
|
+
throw new Error(`Stripe API ${resp.status}: ${resp.statusText}`);
|
|
50
|
+
return (await resp.json());
|
|
51
|
+
}
|
|
52
|
+
async testConnection(config) {
|
|
53
|
+
try {
|
|
54
|
+
await this.fetchApi(config, "/v1/balance");
|
|
55
|
+
return true;
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
return false;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
async collectEvidence(config) {
|
|
62
|
+
const artifacts = [];
|
|
63
|
+
const now = new Date().toISOString();
|
|
64
|
+
const balance = await this.fetchApi(config, "/v1/balance").catch(() => ({}));
|
|
65
|
+
const balanceData = balance;
|
|
66
|
+
artifacts.push({
|
|
67
|
+
id: generateEvidenceId(),
|
|
68
|
+
connectorId: this.id,
|
|
69
|
+
capabilityId: "stripe-payments",
|
|
70
|
+
timestamp: now,
|
|
71
|
+
hash: hashEvidence(balance),
|
|
72
|
+
framework: "PCI_DSS",
|
|
73
|
+
controlId: "1.3",
|
|
74
|
+
source: "stripe/balance",
|
|
75
|
+
status: balanceData.object === "balance" ? "compliant" : "unknown",
|
|
76
|
+
data: { balanceAvailable: (balanceData.available || []).length },
|
|
77
|
+
metadata: {},
|
|
78
|
+
});
|
|
79
|
+
const webhooks = await this.fetchApi(config, "/v1/webhook_endpoints").catch(() => ({
|
|
80
|
+
data: [],
|
|
81
|
+
}));
|
|
82
|
+
artifacts.push({
|
|
83
|
+
id: generateEvidenceId(),
|
|
84
|
+
connectorId: this.id,
|
|
85
|
+
capabilityId: "stripe-webhooks",
|
|
86
|
+
timestamp: now,
|
|
87
|
+
hash: hashEvidence(webhooks),
|
|
88
|
+
framework: "SOC2",
|
|
89
|
+
controlId: "CC6.1",
|
|
90
|
+
source: "stripe/webhooks",
|
|
91
|
+
status: webhooks.data?.length > 0 ? "compliant" : "unknown",
|
|
92
|
+
data: { webhookEndpoints: webhooks.data?.length || 0 },
|
|
93
|
+
metadata: {},
|
|
94
|
+
});
|
|
95
|
+
return artifacts;
|
|
96
|
+
}
|
|
97
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class TableauConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "tableau";
|
|
4
|
+
readonly name = "Tableau";
|
|
5
|
+
readonly category: "data_warehouse";
|
|
6
|
+
readonly authType: "api_key";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|