@grc-claw/integration-marketplace 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/IntegrationMarketplace.d.ts +32 -0
- package/dist/IntegrationMarketplace.js +319 -0
- package/dist/connectors/ADPConnector.d.ts +12 -0
- package/dist/connectors/ADPConnector.js +97 -0
- package/dist/connectors/AWSCloudTrailConnector.d.ts +12 -0
- package/dist/connectors/AWSCloudTrailConnector.js +77 -0
- package/dist/connectors/AWSCloudWatchConnector.d.ts +12 -0
- package/dist/connectors/AWSCloudWatchConnector.js +70 -0
- package/dist/connectors/AWSGuardDutyConnector.d.ts +12 -0
- package/dist/connectors/AWSGuardDutyConnector.js +139 -0
- package/dist/connectors/AWSIAMConnector.d.ts +12 -0
- package/dist/connectors/AWSIAMConnector.js +90 -0
- package/dist/connectors/AWSKMSConnector.d.ts +12 -0
- package/dist/connectors/AWSKMSConnector.js +70 -0
- package/dist/connectors/AWSLambdaConnector.d.ts +12 -0
- package/dist/connectors/AWSLambdaConnector.js +84 -0
- package/dist/connectors/AWSRDSConnector.d.ts +12 -0
- package/dist/connectors/AWSRDSConnector.js +84 -0
- package/dist/connectors/AWSS3Connector.d.ts +12 -0
- package/dist/connectors/AWSS3Connector.js +112 -0
- package/dist/connectors/AkamaiConnector.d.ts +12 -0
- package/dist/connectors/AkamaiConnector.js +98 -0
- package/dist/connectors/ArgoCDConnector.d.ts +12 -0
- package/dist/connectors/ArgoCDConnector.js +93 -0
- package/dist/connectors/ArtifactoryConnector.d.ts +12 -0
- package/dist/connectors/ArtifactoryConnector.js +94 -0
- package/dist/connectors/AtlassianJiraConnector.d.ts +12 -0
- package/dist/connectors/AtlassianJiraConnector.js +134 -0
- package/dist/connectors/Auth0Connector.d.ts +12 -0
- package/dist/connectors/Auth0Connector.js +150 -0
- package/dist/connectors/AzureADConnector.d.ts +12 -0
- package/dist/connectors/AzureADConnector.js +115 -0
- package/dist/connectors/AzureDevOpsConnector.d.ts +12 -0
- package/dist/connectors/AzureDevOpsConnector.js +130 -0
- package/dist/connectors/AzureDevOpsPipelinesConnector.d.ts +12 -0
- package/dist/connectors/AzureDevOpsPipelinesConnector.js +72 -0
- package/dist/connectors/AzurePipelinesConnector.d.ts +12 -0
- package/dist/connectors/AzurePipelinesConnector.js +72 -0
- package/dist/connectors/AzurePolicyConnector.d.ts +12 -0
- package/dist/connectors/AzurePolicyConnector.js +141 -0
- package/dist/connectors/AzureReposConnector.d.ts +12 -0
- package/dist/connectors/AzureReposConnector.js +96 -0
- package/dist/connectors/AzureSentinelConnector.d.ts +12 -0
- package/dist/connectors/AzureSentinelConnector.js +88 -0
- package/dist/connectors/BambooCICDConnector.d.ts +12 -0
- package/dist/connectors/BambooCICDConnector.js +72 -0
- package/dist/connectors/BambooHRConnector.d.ts +12 -0
- package/dist/connectors/BambooHRConnector.js +84 -0
- package/dist/connectors/BeyondTrustConnector.d.ts +12 -0
- package/dist/connectors/BeyondTrustConnector.js +94 -0
- package/dist/connectors/BitbucketConnector.d.ts +12 -0
- package/dist/connectors/BitbucketConnector.js +100 -0
- package/dist/connectors/BitbucketPipelinesConnector.d.ts +12 -0
- package/dist/connectors/BitbucketPipelinesConnector.js +72 -0
- package/dist/connectors/BoxConnector.d.ts +12 -0
- package/dist/connectors/BoxConnector.js +122 -0
- package/dist/connectors/BuildkiteConnector.d.ts +12 -0
- package/dist/connectors/BuildkiteConnector.js +95 -0
- package/dist/connectors/CarbonBlackConnector.d.ts +12 -0
- package/dist/connectors/CarbonBlackConnector.js +89 -0
- package/dist/connectors/CassandraConnector.d.ts +12 -0
- package/dist/connectors/CassandraConnector.js +69 -0
- package/dist/connectors/CheckPointConnector.d.ts +12 -0
- package/dist/connectors/CheckPointConnector.js +98 -0
- package/dist/connectors/CircleCIConnector.d.ts +12 -0
- package/dist/connectors/CircleCIConnector.js +129 -0
- package/dist/connectors/CircleCIConnectorsConnector.d.ts +12 -0
- package/dist/connectors/CircleCIConnectorsConnector.js +69 -0
- package/dist/connectors/CiscoUmbrellaConnector.d.ts +12 -0
- package/dist/connectors/CiscoUmbrellaConnector.js +96 -0
- package/dist/connectors/CloudBeesJenkinsConnector.d.ts +12 -0
- package/dist/connectors/CloudBeesJenkinsConnector.js +70 -0
- package/dist/connectors/CloudflareDNSConnector.d.ts +12 -0
- package/dist/connectors/CloudflareDNSConnector.js +71 -0
- package/dist/connectors/CloudflareWAFConnector.d.ts +12 -0
- package/dist/connectors/CloudflareWAFConnector.js +98 -0
- package/dist/connectors/ConfluenceConnector.d.ts +12 -0
- package/dist/connectors/ConfluenceConnector.js +101 -0
- package/dist/connectors/ConstantContactConnector.d.ts +12 -0
- package/dist/connectors/ConstantContactConnector.js +70 -0
- package/dist/connectors/CouchDBConnector.d.ts +12 -0
- package/dist/connectors/CouchDBConnector.js +69 -0
- package/dist/connectors/CrowdStrikeConnector.d.ts +12 -0
- package/dist/connectors/CrowdStrikeConnector.js +86 -0
- package/dist/connectors/CrowdStrikeFalconConnector.d.ts +12 -0
- package/dist/connectors/CrowdStrikeFalconConnector.js +92 -0
- package/dist/connectors/CrowdStrikeSpotlightConnector.d.ts +12 -0
- package/dist/connectors/CrowdStrikeSpotlightConnector.js +139 -0
- package/dist/connectors/CyberArkConnector.d.ts +12 -0
- package/dist/connectors/CyberArkConnector.js +95 -0
- package/dist/connectors/DatabricksConnector.d.ts +12 -0
- package/dist/connectors/DatabricksConnector.js +95 -0
- package/dist/connectors/DatadogConnector.d.ts +12 -0
- package/dist/connectors/DatadogConnector.js +110 -0
- package/dist/connectors/DigitalOceanConnector.d.ts +12 -0
- package/dist/connectors/DigitalOceanConnector.js +85 -0
- package/dist/connectors/DiscordConnector.d.ts +12 -0
- package/dist/connectors/DiscordConnector.js +98 -0
- package/dist/connectors/DockerHubConnector.d.ts +12 -0
- package/dist/connectors/DockerHubConnector.js +80 -0
- package/dist/connectors/DocuSignConnector.d.ts +12 -0
- package/dist/connectors/DocuSignConnector.js +96 -0
- package/dist/connectors/DriftConnector.d.ts +12 -0
- package/dist/connectors/DriftConnector.js +69 -0
- package/dist/connectors/DropboxConnector.d.ts +12 -0
- package/dist/connectors/DropboxConnector.js +127 -0
- package/dist/connectors/ESETConnector.d.ts +12 -0
- package/dist/connectors/ESETConnector.js +70 -0
- package/dist/connectors/ElasticsearchCloudConnector.d.ts +12 -0
- package/dist/connectors/ElasticsearchCloudConnector.js +70 -0
- package/dist/connectors/FSecureConnector.d.ts +12 -0
- package/dist/connectors/FSecureConnector.js +70 -0
- package/dist/connectors/FeatureFlagConnector.d.ts +12 -0
- package/dist/connectors/FeatureFlagConnector.js +70 -0
- package/dist/connectors/FluxCDConnector.d.ts +12 -0
- package/dist/connectors/FluxCDConnector.js +94 -0
- package/dist/connectors/ForgeRockConnector.d.ts +12 -0
- package/dist/connectors/ForgeRockConnector.js +95 -0
- package/dist/connectors/FortinetConnector.d.ts +12 -0
- package/dist/connectors/FortinetConnector.js +98 -0
- package/dist/connectors/FreshdeskConnector.d.ts +12 -0
- package/dist/connectors/FreshdeskConnector.js +71 -0
- package/dist/connectors/GCPBigQueryConnector.d.ts +12 -0
- package/dist/connectors/GCPBigQueryConnector.js +71 -0
- package/dist/connectors/GCPComputeConnector.d.ts +12 -0
- package/dist/connectors/GCPComputeConnector.js +87 -0
- package/dist/connectors/GCPConfigConnector.d.ts +12 -0
- package/dist/connectors/GCPConfigConnector.js +149 -0
- package/dist/connectors/GCPFirestoreConnector.d.ts +12 -0
- package/dist/connectors/GCPFirestoreConnector.js +71 -0
- package/dist/connectors/GCPIAMConnector.d.ts +12 -0
- package/dist/connectors/GCPIAMConnector.js +98 -0
- package/dist/connectors/GCPSCCConnector.d.ts +12 -0
- package/dist/connectors/GCPSCCConnector.js +94 -0
- package/dist/connectors/GitHubActionsConnector.d.ts +12 -0
- package/dist/connectors/GitHubActionsConnector.js +104 -0
- package/dist/connectors/GitHubConnector.d.ts +12 -0
- package/dist/connectors/GitHubConnector.js +135 -0
- package/dist/connectors/GitHubCopilotConnector.d.ts +12 -0
- package/dist/connectors/GitHubCopilotConnector.js +72 -0
- package/dist/connectors/GitLabCIConnector.d.ts +12 -0
- package/dist/connectors/GitLabCIConnector.js +71 -0
- package/dist/connectors/GitLabConnector.d.ts +12 -0
- package/dist/connectors/GitLabConnector.js +101 -0
- package/dist/connectors/GitLabSASTConnector.d.ts +12 -0
- package/dist/connectors/GitLabSASTConnector.js +130 -0
- package/dist/connectors/GoogleWorkspaceConnector.d.ts +12 -0
- package/dist/connectors/GoogleWorkspaceConnector.js +136 -0
- package/dist/connectors/HelmConnector.d.ts +12 -0
- package/dist/connectors/HelmConnector.js +94 -0
- package/dist/connectors/HubSpotConnector.d.ts +12 -0
- package/dist/connectors/HubSpotConnector.js +77 -0
- package/dist/connectors/IFTTTConnector.d.ts +12 -0
- package/dist/connectors/IFTTTConnector.js +70 -0
- package/dist/connectors/ImpervaConnector.d.ts +12 -0
- package/dist/connectors/ImpervaConnector.js +94 -0
- package/dist/connectors/InfluxDBConnector.d.ts +12 -0
- package/dist/connectors/InfluxDBConnector.js +70 -0
- package/dist/connectors/IntercomConnector.d.ts +12 -0
- package/dist/connectors/IntercomConnector.js +69 -0
- package/dist/connectors/JenkinsConnector.d.ts +12 -0
- package/dist/connectors/JenkinsConnector.js +96 -0
- package/dist/connectors/JiraConnector.d.ts +12 -0
- package/dist/connectors/JiraConnector.js +103 -0
- package/dist/connectors/KafkaConnector.d.ts +12 -0
- package/dist/connectors/KafkaConnector.js +70 -0
- package/dist/connectors/KasperskyConnector.d.ts +12 -0
- package/dist/connectors/KasperskyConnector.js +70 -0
- package/dist/connectors/KubernetesConnector.d.ts +12 -0
- package/dist/connectors/KubernetesConnector.js +109 -0
- package/dist/connectors/LaceworkConnector.d.ts +13 -0
- package/dist/connectors/LaceworkConnector.js +143 -0
- package/dist/connectors/LaunchDarklyConnector.d.ts +12 -0
- package/dist/connectors/LaunchDarklyConnector.js +86 -0
- package/dist/connectors/LinodeConnector.d.ts +12 -0
- package/dist/connectors/LinodeConnector.js +70 -0
- package/dist/connectors/LookerConnector.d.ts +12 -0
- package/dist/connectors/LookerConnector.js +94 -0
- package/dist/connectors/MailchimpConnector.d.ts +12 -0
- package/dist/connectors/MailchimpConnector.js +71 -0
- package/dist/connectors/MalwarebytesConnector.d.ts +12 -0
- package/dist/connectors/MalwarebytesConnector.js +85 -0
- package/dist/connectors/McAfeeConnector.d.ts +12 -0
- package/dist/connectors/McAfeeConnector.js +85 -0
- package/dist/connectors/Microsoft365Connector.d.ts +12 -0
- package/dist/connectors/Microsoft365Connector.js +139 -0
- package/dist/connectors/MongoDBConnector.d.ts +12 -0
- package/dist/connectors/MongoDBConnector.js +86 -0
- package/dist/connectors/NamelyConnector.d.ts +12 -0
- package/dist/connectors/NamelyConnector.js +97 -0
- package/dist/connectors/Neo4jConnector.d.ts +12 -0
- package/dist/connectors/Neo4jConnector.js +70 -0
- package/dist/connectors/NetSuiteConnector.d.ts +12 -0
- package/dist/connectors/NetSuiteConnector.js +94 -0
- package/dist/connectors/NetskopeConnector.d.ts +12 -0
- package/dist/connectors/NetskopeConnector.js +98 -0
- package/dist/connectors/NexusConnector.d.ts +12 -0
- package/dist/connectors/NexusConnector.js +93 -0
- package/dist/connectors/NotionConnector.d.ts +12 -0
- package/dist/connectors/NotionConnector.js +109 -0
- package/dist/connectors/OktaConnector.d.ts +12 -0
- package/dist/connectors/OktaConnector.js +123 -0
- package/dist/connectors/OktaSystemLogConnector.d.ts +12 -0
- package/dist/connectors/OktaSystemLogConnector.js +129 -0
- package/dist/connectors/OpsgenieConnector.d.ts +12 -0
- package/dist/connectors/OpsgenieConnector.js +70 -0
- package/dist/connectors/PagerDutyConnector.d.ts +12 -0
- package/dist/connectors/PagerDutyConnector.js +106 -0
- package/dist/connectors/PalantirConnector.d.ts +12 -0
- package/dist/connectors/PalantirConnector.js +95 -0
- package/dist/connectors/PaloAltoPrismaCloudConnector.d.ts +12 -0
- package/dist/connectors/PaloAltoPrismaCloudConnector.js +110 -0
- package/dist/connectors/PingFederateConnector.d.ts +12 -0
- package/dist/connectors/PingFederateConnector.js +97 -0
- package/dist/connectors/PostgreSQLCloudConnector.d.ts +12 -0
- package/dist/connectors/PostgreSQLCloudConnector.js +70 -0
- package/dist/connectors/PowerBIConnector.d.ts +12 -0
- package/dist/connectors/PowerBIConnector.js +95 -0
- package/dist/connectors/PrismaCloudConnector.d.ts +12 -0
- package/dist/connectors/PrismaCloudConnector.js +147 -0
- package/dist/connectors/QualysConnector.d.ts +12 -0
- package/dist/connectors/QualysConnector.js +96 -0
- package/dist/connectors/QualysScannerConnector.d.ts +12 -0
- package/dist/connectors/QualysScannerConnector.js +131 -0
- package/dist/connectors/QuickBooksConnector.d.ts +12 -0
- package/dist/connectors/QuickBooksConnector.js +97 -0
- package/dist/connectors/RabbitMQConnector.d.ts +12 -0
- package/dist/connectors/RabbitMQConnector.js +69 -0
- package/dist/connectors/RadwareConnector.d.ts +12 -0
- package/dist/connectors/RadwareConnector.js +94 -0
- package/dist/connectors/RedisCloudConnector.d.ts +12 -0
- package/dist/connectors/RedisCloudConnector.js +70 -0
- package/dist/connectors/RingCentralConnector.d.ts +12 -0
- package/dist/connectors/RingCentralConnector.js +94 -0
- package/dist/connectors/SAPSuccessFactorsConnector.d.ts +12 -0
- package/dist/connectors/SAPSuccessFactorsConnector.js +103 -0
- package/dist/connectors/SailPointConnector.d.ts +12 -0
- package/dist/connectors/SailPointConnector.js +97 -0
- package/dist/connectors/SalesforceConnector.d.ts +12 -0
- package/dist/connectors/SalesforceConnector.js +91 -0
- package/dist/connectors/SendGridConnector.d.ts +12 -0
- package/dist/connectors/SendGridConnector.js +69 -0
- package/dist/connectors/SentinelOneConnector.d.ts +12 -0
- package/dist/connectors/SentinelOneConnector.js +89 -0
- package/dist/connectors/ServiceNowConnector.d.ts +12 -0
- package/dist/connectors/ServiceNowConnector.js +123 -0
- package/dist/connectors/SlackConnector.d.ts +12 -0
- package/dist/connectors/SlackConnector.js +109 -0
- package/dist/connectors/SnowflakeConnector.d.ts +12 -0
- package/dist/connectors/SnowflakeConnector.js +105 -0
- package/dist/connectors/SnykConnector.d.ts +12 -0
- package/dist/connectors/SnykConnector.js +84 -0
- package/dist/connectors/SnykMonitorConnector.d.ts +12 -0
- package/dist/connectors/SnykMonitorConnector.js +131 -0
- package/dist/connectors/SophosConnector.d.ts +12 -0
- package/dist/connectors/SophosConnector.js +87 -0
- package/dist/connectors/SpinnakerConnector.d.ts +12 -0
- package/dist/connectors/SpinnakerConnector.js +70 -0
- package/dist/connectors/SplunkConnector.d.ts +12 -0
- package/dist/connectors/SplunkConnector.js +126 -0
- package/dist/connectors/StripeConnector.d.ts +12 -0
- package/dist/connectors/StripeConnector.js +97 -0
- package/dist/connectors/TableauConnector.d.ts +12 -0
- package/dist/connectors/TableauConnector.js +101 -0
- package/dist/connectors/TaniumConnector.d.ts +12 -0
- package/dist/connectors/TaniumConnector.js +97 -0
- package/dist/connectors/TeamCityConnector.d.ts +12 -0
- package/dist/connectors/TeamCityConnector.js +71 -0
- package/dist/connectors/TeamsConnector.d.ts +12 -0
- package/dist/connectors/TeamsConnector.js +96 -0
- package/dist/connectors/TenableIOConnector.d.ts +12 -0
- package/dist/connectors/TenableIOConnector.js +130 -0
- package/dist/connectors/TerraformCloudConnector.d.ts +12 -0
- package/dist/connectors/TerraformCloudConnector.js +106 -0
- package/dist/connectors/TravisCIConnector.d.ts +12 -0
- package/dist/connectors/TravisCIConnector.js +95 -0
- package/dist/connectors/TrendMicroConnector.d.ts +12 -0
- package/dist/connectors/TrendMicroConnector.js +85 -0
- package/dist/connectors/TwilioConnector.d.ts +12 -0
- package/dist/connectors/TwilioConnector.js +70 -0
- package/dist/connectors/VercelConnector.d.ts +12 -0
- package/dist/connectors/VercelConnector.js +70 -0
- package/dist/connectors/VultrConnector.d.ts +12 -0
- package/dist/connectors/VultrConnector.js +70 -0
- package/dist/connectors/WebexConnector.d.ts +12 -0
- package/dist/connectors/WebexConnector.js +94 -0
- package/dist/connectors/WizConnector.d.ts +12 -0
- package/dist/connectors/WizConnector.js +172 -0
- package/dist/connectors/WorkdayConnector.d.ts +12 -0
- package/dist/connectors/WorkdayConnector.js +100 -0
- package/dist/connectors/XeroConnector.d.ts +12 -0
- package/dist/connectors/XeroConnector.js +96 -0
- package/dist/connectors/ZapierConnector.d.ts +12 -0
- package/dist/connectors/ZapierConnector.js +70 -0
- package/dist/connectors/ZendeskConnector.d.ts +12 -0
- package/dist/connectors/ZendeskConnector.js +71 -0
- package/dist/connectors/ZenefitsConnector.d.ts +12 -0
- package/dist/connectors/ZenefitsConnector.js +93 -0
- package/dist/connectors/ZoomConnector.d.ts +12 -0
- package/dist/connectors/ZoomConnector.js +97 -0
- package/dist/connectors/ZscalerConnector.d.ts +12 -0
- package/dist/connectors/ZscalerConnector.js +97 -0
- package/dist/connectors/index.d.ts +150 -0
- package/dist/connectors/index.js +157 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.js +16 -0
- package/dist/index.test.d.ts +1 -0
- package/dist/index.test.js +139 -0
- package/dist/types.d.ts +57 -0
- package/dist/types.js +8 -0
- package/package.json +33 -0
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "akamai-waf",
|
|
5
|
+
name: "Web Application Firewall",
|
|
6
|
+
description: "Fetch WAF policies and attack group configurations",
|
|
7
|
+
evidenceCategories: ["vulnerability_management", "configuration"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "akamai-bot",
|
|
11
|
+
name: "Bot Manager",
|
|
12
|
+
description: "Fetch bot detection policies and blocked requests",
|
|
13
|
+
evidenceCategories: ["access_control", "monitoring"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "akamai-edge",
|
|
17
|
+
name: "Edge Security",
|
|
18
|
+
description: "Fetch edge configuration and mPulse data",
|
|
19
|
+
evidenceCategories: ["configuration", "monitoring"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "akamai-api",
|
|
23
|
+
name: "API Gateway",
|
|
24
|
+
description: "Fetch API endpoint security and rate limiting rules",
|
|
25
|
+
evidenceCategories: ["access_control", "data_protection"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class AkamaiConnector {
|
|
29
|
+
id = "akamai";
|
|
30
|
+
name = "Akamai";
|
|
31
|
+
category = "cloud_provider";
|
|
32
|
+
authType = "api_key";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"NIST_CSF",
|
|
38
|
+
"PCI_DSS",
|
|
39
|
+
];
|
|
40
|
+
async fetchApi(config, endpoint) {
|
|
41
|
+
const base = config.baseUrl || "https://akab-akabapi.luna.akamaiapis.net";
|
|
42
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
43
|
+
headers: {
|
|
44
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
45
|
+
"Content-Type": "application/json",
|
|
46
|
+
},
|
|
47
|
+
});
|
|
48
|
+
if (!resp.ok)
|
|
49
|
+
throw new Error(`Akamai API ${resp.status}: ${resp.statusText}`);
|
|
50
|
+
return (await resp.json());
|
|
51
|
+
}
|
|
52
|
+
async testConnection(config) {
|
|
53
|
+
try {
|
|
54
|
+
await this.fetchApi(config, "/config/v1/security-policies");
|
|
55
|
+
return true;
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
return false;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
async collectEvidence(config) {
|
|
62
|
+
const artifacts = [];
|
|
63
|
+
const now = new Date().toISOString();
|
|
64
|
+
const policies = await this.fetchApi(config, "/config/v1/security-policies").catch(() => ({
|
|
65
|
+
policies: [],
|
|
66
|
+
}));
|
|
67
|
+
artifacts.push({
|
|
68
|
+
id: generateEvidenceId(),
|
|
69
|
+
connectorId: this.id,
|
|
70
|
+
capabilityId: "akamai-waf",
|
|
71
|
+
timestamp: now,
|
|
72
|
+
hash: hashEvidence(policies),
|
|
73
|
+
framework: "SOC2",
|
|
74
|
+
controlId: "CC6.1",
|
|
75
|
+
source: "akamai/security-policies",
|
|
76
|
+
status: policies.policies?.length > 0 ? "compliant" : "unknown",
|
|
77
|
+
data: { securityPolicies: policies.policies?.length || 0 },
|
|
78
|
+
metadata: {},
|
|
79
|
+
});
|
|
80
|
+
const bot = await this.fetchApi(config, "/config/v1/bot-managers").catch(() => ({
|
|
81
|
+
managers: [],
|
|
82
|
+
}));
|
|
83
|
+
artifacts.push({
|
|
84
|
+
id: generateEvidenceId(),
|
|
85
|
+
connectorId: this.id,
|
|
86
|
+
capabilityId: "akamai-bot",
|
|
87
|
+
timestamp: now,
|
|
88
|
+
hash: hashEvidence(bot),
|
|
89
|
+
framework: "ISO27001",
|
|
90
|
+
controlId: "A.6.2.1",
|
|
91
|
+
source: "akamai/bot-managers",
|
|
92
|
+
status: bot.managers?.length > 0 ? "compliant" : "partial",
|
|
93
|
+
data: { botManagers: bot.managers?.length || 0 },
|
|
94
|
+
metadata: {},
|
|
95
|
+
});
|
|
96
|
+
return artifacts;
|
|
97
|
+
}
|
|
98
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class ArgoCDConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "argocd";
|
|
4
|
+
readonly name = "Argo CD";
|
|
5
|
+
readonly category: "ci_cd";
|
|
6
|
+
readonly authType: "api_key";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "argocd-apps",
|
|
5
|
+
name: "Application Definitions",
|
|
6
|
+
description: "Fetch ArgoCD application sync status and health",
|
|
7
|
+
evidenceCategories: ["change_management", "configuration"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "argocd-repos",
|
|
11
|
+
name: "Repository Credentials",
|
|
12
|
+
description: "Fetch configured repository connections and RBAC",
|
|
13
|
+
evidenceCategories: ["access_control", "data_protection"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "argocd-projects",
|
|
17
|
+
name: "App Projects",
|
|
18
|
+
description: "Fetch project restrictions and source/repo allowlists",
|
|
19
|
+
evidenceCategories: ["access_control", "configuration"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "argocd-audit",
|
|
23
|
+
name: "Audit Logs",
|
|
24
|
+
description: "Fetch ArgoCD event and audit logs",
|
|
25
|
+
evidenceCategories: ["monitoring", "access_control"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class ArgoCDConnector {
|
|
29
|
+
id = "argocd";
|
|
30
|
+
name = "Argo CD";
|
|
31
|
+
category = "ci_cd";
|
|
32
|
+
authType = "api_key";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"NIST_CSF",
|
|
38
|
+
];
|
|
39
|
+
async fetchApi(config, endpoint) {
|
|
40
|
+
const base = config.baseUrl || "https://argocd.example.com";
|
|
41
|
+
const resp = await fetch(`${base}/api/v1${endpoint}`, {
|
|
42
|
+
headers: {
|
|
43
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
44
|
+
"Content-Type": "application/json",
|
|
45
|
+
},
|
|
46
|
+
});
|
|
47
|
+
if (!resp.ok)
|
|
48
|
+
throw new Error(`ArgoCD API ${resp.status}: ${resp.statusText}`);
|
|
49
|
+
return (await resp.json());
|
|
50
|
+
}
|
|
51
|
+
async testConnection(config) {
|
|
52
|
+
try {
|
|
53
|
+
await this.fetchApi(config, "/account");
|
|
54
|
+
return true;
|
|
55
|
+
}
|
|
56
|
+
catch {
|
|
57
|
+
return false;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
async collectEvidence(config) {
|
|
61
|
+
const artifacts = [];
|
|
62
|
+
const now = new Date().toISOString();
|
|
63
|
+
const apps = await this.fetchApi(config, "/applications").catch(() => ({ items: [] }));
|
|
64
|
+
artifacts.push({
|
|
65
|
+
id: generateEvidenceId(),
|
|
66
|
+
connectorId: this.id,
|
|
67
|
+
capabilityId: "argocd-apps",
|
|
68
|
+
timestamp: now,
|
|
69
|
+
hash: hashEvidence(apps),
|
|
70
|
+
framework: "SOC2",
|
|
71
|
+
controlId: "CC8.1",
|
|
72
|
+
source: "argocd/applications",
|
|
73
|
+
status: apps.items?.length > 0 ? "compliant" : "unknown",
|
|
74
|
+
data: { applicationCount: apps.items?.length || 0 },
|
|
75
|
+
metadata: {},
|
|
76
|
+
});
|
|
77
|
+
const projects = await this.fetchApi(config, "/projects").catch(() => ({ items: [] }));
|
|
78
|
+
artifacts.push({
|
|
79
|
+
id: generateEvidenceId(),
|
|
80
|
+
connectorId: this.id,
|
|
81
|
+
capabilityId: "argocd-projects",
|
|
82
|
+
timestamp: now,
|
|
83
|
+
hash: hashEvidence(projects),
|
|
84
|
+
framework: "ISO27001",
|
|
85
|
+
controlId: "A.6.2.1",
|
|
86
|
+
source: "argocd/projects",
|
|
87
|
+
status: projects.items?.length > 0 ? "compliant" : "non_compliant",
|
|
88
|
+
data: { projectCount: projects.items?.length || 0 },
|
|
89
|
+
metadata: {},
|
|
90
|
+
});
|
|
91
|
+
return artifacts;
|
|
92
|
+
}
|
|
93
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class ArtifactoryConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "artifactory";
|
|
4
|
+
readonly name = "JFrog Artifactory";
|
|
5
|
+
readonly category: "ci_cd";
|
|
6
|
+
readonly authType: "api_key";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "artifactory-repos",
|
|
5
|
+
name: "Repository Management",
|
|
6
|
+
description: "Fetch repository types, permissions, and replication settings",
|
|
7
|
+
evidenceCategories: ["access_control", "configuration"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "artifactory-artifacts",
|
|
11
|
+
name: "Artifact Security",
|
|
12
|
+
description: "Fetch artifact scan results and checksum verification",
|
|
13
|
+
evidenceCategories: ["data_protection", "vulnerability_management"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "artifactory-audit",
|
|
17
|
+
name: "Access Audit",
|
|
18
|
+
description: "Fetch artifact access logs and user activity",
|
|
19
|
+
evidenceCategories: ["monitoring", "access_control"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "artifactory-licenses",
|
|
23
|
+
name: "License Compliance",
|
|
24
|
+
description: "Fetch license policy violations and component analysis",
|
|
25
|
+
evidenceCategories: ["compliance", "vulnerability_management"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class ArtifactoryConnector {
|
|
29
|
+
id = "artifactory";
|
|
30
|
+
name = "JFrog Artifactory";
|
|
31
|
+
category = "ci_cd";
|
|
32
|
+
authType = "api_key";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"NIST_CSF",
|
|
38
|
+
"PCI_DSS",
|
|
39
|
+
];
|
|
40
|
+
async fetchApi(config, endpoint) {
|
|
41
|
+
const base = config.baseUrl || "https://artifactory.example.com";
|
|
42
|
+
const resp = await fetch(`${base}/artifactory/api${endpoint}`, {
|
|
43
|
+
headers: {
|
|
44
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
45
|
+
"Content-Type": "application/json",
|
|
46
|
+
},
|
|
47
|
+
});
|
|
48
|
+
if (!resp.ok)
|
|
49
|
+
throw new Error(`Artifactory API ${resp.status}: ${resp.statusText}`);
|
|
50
|
+
return (await resp.json());
|
|
51
|
+
}
|
|
52
|
+
async testConnection(config) {
|
|
53
|
+
try {
|
|
54
|
+
await this.fetchApi(config, "/system/ping");
|
|
55
|
+
return true;
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
return false;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
async collectEvidence(config) {
|
|
62
|
+
const artifacts = [];
|
|
63
|
+
const now = new Date().toISOString();
|
|
64
|
+
const repos = await this.fetchApi(config, "/repositories?type=local").catch(() => []);
|
|
65
|
+
artifacts.push({
|
|
66
|
+
id: generateEvidenceId(),
|
|
67
|
+
connectorId: this.id,
|
|
68
|
+
capabilityId: "artifactory-repos",
|
|
69
|
+
timestamp: now,
|
|
70
|
+
hash: hashEvidence(Array.isArray(repos) ? { count: repos.length } : repos),
|
|
71
|
+
framework: "SOC2",
|
|
72
|
+
controlId: "CC6.1",
|
|
73
|
+
source: "artifactory/repositories",
|
|
74
|
+
status: Array.isArray(repos) && repos.length > 0 ? "compliant" : "unknown",
|
|
75
|
+
data: { repositoryCount: Array.isArray(repos) ? repos.length : 0 },
|
|
76
|
+
metadata: {},
|
|
77
|
+
});
|
|
78
|
+
const storage = await this.fetchApi(config, "/storage").catch(() => ({}));
|
|
79
|
+
artifacts.push({
|
|
80
|
+
id: generateEvidenceId(),
|
|
81
|
+
connectorId: this.id,
|
|
82
|
+
capabilityId: "artifactory-artifacts",
|
|
83
|
+
timestamp: now,
|
|
84
|
+
hash: hashEvidence(storage),
|
|
85
|
+
framework: "ISO27001",
|
|
86
|
+
controlId: "A.8.3.1",
|
|
87
|
+
source: "artifactory/storage",
|
|
88
|
+
status: "partial",
|
|
89
|
+
data: storage,
|
|
90
|
+
metadata: {},
|
|
91
|
+
});
|
|
92
|
+
return artifacts;
|
|
93
|
+
}
|
|
94
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class AtlassianJiraConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "atlassian_jira";
|
|
4
|
+
readonly name = "Atlassian Jira";
|
|
5
|
+
readonly category: "project_management";
|
|
6
|
+
readonly authType: "bearer_token";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "jira-projects",
|
|
5
|
+
name: "Project Configuration",
|
|
6
|
+
description: "Fetch project settings, schemes, and workflow configurations",
|
|
7
|
+
evidenceCategories: ["configuration", "access_control"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "jira-permissions",
|
|
11
|
+
name: "Permission Schemes",
|
|
12
|
+
description: "Fetch permission schemes and role assignments",
|
|
13
|
+
evidenceCategories: ["access_control"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "jira-audit-log",
|
|
17
|
+
name: "Audit Log",
|
|
18
|
+
description: "Fetch audit trail of administrative and issue changes",
|
|
19
|
+
evidenceCategories: ["audit", "change_management"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "jira-security-issues",
|
|
23
|
+
name: "Security Issue Tracking",
|
|
24
|
+
description: "Fetch security-labeled issues and SLA compliance",
|
|
25
|
+
evidenceCategories: ["vulnerability_management", "incident_management"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class AtlassianJiraConnector {
|
|
29
|
+
id = "atlassian_jira";
|
|
30
|
+
name = "Atlassian Jira";
|
|
31
|
+
category = "project_management";
|
|
32
|
+
authType = "bearer_token";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"NIST_CSF",
|
|
38
|
+
];
|
|
39
|
+
async fetchApi(config, endpoint) {
|
|
40
|
+
const base = config.baseUrl || "https://your-domain.atlassian.net";
|
|
41
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
42
|
+
headers: {
|
|
43
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
44
|
+
Accept: "application/json",
|
|
45
|
+
},
|
|
46
|
+
});
|
|
47
|
+
if (!resp.ok)
|
|
48
|
+
throw new Error(`Jira API ${resp.status}: ${resp.statusText}`);
|
|
49
|
+
return (await resp.json());
|
|
50
|
+
}
|
|
51
|
+
async testConnection(config) {
|
|
52
|
+
try {
|
|
53
|
+
await this.fetchApi(config, "/rest/api/3/myself");
|
|
54
|
+
return true;
|
|
55
|
+
}
|
|
56
|
+
catch {
|
|
57
|
+
return false;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
async collectEvidence(config) {
|
|
61
|
+
const artifacts = [];
|
|
62
|
+
const now = new Date().toISOString();
|
|
63
|
+
const projectKey = config.extra?.projectKey || "SEC";
|
|
64
|
+
const myself = await this.fetchApi(config, "/rest/api/3/myself");
|
|
65
|
+
artifacts.push({
|
|
66
|
+
id: generateEvidenceId(),
|
|
67
|
+
connectorId: this.id,
|
|
68
|
+
capabilityId: "jira-projects",
|
|
69
|
+
timestamp: now,
|
|
70
|
+
hash: hashEvidence(myself),
|
|
71
|
+
framework: "SOC2",
|
|
72
|
+
controlId: "CC6.1",
|
|
73
|
+
source: `jira/${projectKey}/projects`,
|
|
74
|
+
status: "compliant",
|
|
75
|
+
data: {
|
|
76
|
+
user: myself.emailAddress,
|
|
77
|
+
locale: myself.locale,
|
|
78
|
+
active: myself.active,
|
|
79
|
+
},
|
|
80
|
+
metadata: { projectKey },
|
|
81
|
+
});
|
|
82
|
+
const permissions = await this.fetchApi(config, `/rest/api/3/permissionscheme`).catch(() => ({ values: [] }));
|
|
83
|
+
artifacts.push({
|
|
84
|
+
id: generateEvidenceId(),
|
|
85
|
+
connectorId: this.id,
|
|
86
|
+
capabilityId: "jira-permissions",
|
|
87
|
+
timestamp: now,
|
|
88
|
+
hash: hashEvidence(permissions),
|
|
89
|
+
framework: "SOC2",
|
|
90
|
+
controlId: "CC6.3",
|
|
91
|
+
source: `jira/${projectKey}/permissions`,
|
|
92
|
+
status: Array.isArray(permissions.values) && permissions.values.length > 0
|
|
93
|
+
? "compliant"
|
|
94
|
+
: "partial",
|
|
95
|
+
data: { schemeCount: Array.isArray(permissions.values) ? permissions.values.length : 0 },
|
|
96
|
+
metadata: { projectKey },
|
|
97
|
+
});
|
|
98
|
+
const auditLog = await this.fetchApi(config, `/rest/api/3/audit/record?limit=20`).catch(() => ({ records: [] }));
|
|
99
|
+
artifacts.push({
|
|
100
|
+
id: generateEvidenceId(),
|
|
101
|
+
connectorId: this.id,
|
|
102
|
+
capabilityId: "jira-audit-log",
|
|
103
|
+
timestamp: now,
|
|
104
|
+
hash: hashEvidence(auditLog),
|
|
105
|
+
framework: "ISO27001",
|
|
106
|
+
controlId: "A.12.4.1",
|
|
107
|
+
source: `jira/${projectKey}/audit`,
|
|
108
|
+
status: Array.isArray(auditLog.records) && auditLog.records.length > 0
|
|
109
|
+
? "compliant"
|
|
110
|
+
: "partial",
|
|
111
|
+
data: { recordCount: Array.isArray(auditLog.records) ? auditLog.records.length : 0 },
|
|
112
|
+
metadata: { projectKey },
|
|
113
|
+
});
|
|
114
|
+
const securityIssues = await this.fetchApi(config, `/rest/api/3/search?jql=project=${projectKey}%20AND%20labels=security&maxResults=10`).catch(() => ({ issues: [] }));
|
|
115
|
+
artifacts.push({
|
|
116
|
+
id: generateEvidenceId(),
|
|
117
|
+
connectorId: this.id,
|
|
118
|
+
capabilityId: "jira-security-issues",
|
|
119
|
+
timestamp: now,
|
|
120
|
+
hash: hashEvidence(securityIssues),
|
|
121
|
+
framework: "NIST_CSF",
|
|
122
|
+
controlId: "RS.AN",
|
|
123
|
+
source: `jira/${projectKey}/security-issues`,
|
|
124
|
+
status: Array.isArray(securityIssues.issues)
|
|
125
|
+
? securityIssues.issues.length === 0
|
|
126
|
+
? "compliant"
|
|
127
|
+
: "non_compliant"
|
|
128
|
+
: "unknown",
|
|
129
|
+
data: { openSecurityIssues: Array.isArray(securityIssues.issues) ? securityIssues.issues.length : 0 },
|
|
130
|
+
metadata: { projectKey },
|
|
131
|
+
});
|
|
132
|
+
return artifacts;
|
|
133
|
+
}
|
|
134
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class Auth0Connector implements IntegrationConnector {
|
|
3
|
+
readonly id = "auth0";
|
|
4
|
+
readonly name = "Auth0";
|
|
5
|
+
readonly category: "identity";
|
|
6
|
+
readonly authType: "bearer_token";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "auth0-users",
|
|
5
|
+
name: "User Accounts",
|
|
6
|
+
description: "Fetch Auth0 user accounts, email verification, and MFA enrollment status",
|
|
7
|
+
evidenceCategories: ["identity_management", "authentication"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "auth0-applications",
|
|
11
|
+
name: "Applications",
|
|
12
|
+
description: "Fetch registered applications and their OAuth/OIDC configurations",
|
|
13
|
+
evidenceCategories: ["access_control", "configuration"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "auth0-connections",
|
|
17
|
+
name: "Connections",
|
|
18
|
+
description: "Fetch identity provider connections and their configurations",
|
|
19
|
+
evidenceCategories: ["identity_management", "configuration"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "auth0-attack-protection",
|
|
23
|
+
name: "Attack Protection",
|
|
24
|
+
description: "Fetch Auth0 attack protection settings (brute force, suspicious IP, etc.)",
|
|
25
|
+
evidenceCategories: ["security_controls", "threat_protection"],
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
id: "auth0-roles",
|
|
29
|
+
name: "Roles & Permissions",
|
|
30
|
+
description: "Fetch assigned roles, permissions, and API authorizations",
|
|
31
|
+
evidenceCategories: ["access_control", "authorization"],
|
|
32
|
+
},
|
|
33
|
+
];
|
|
34
|
+
export class Auth0Connector {
|
|
35
|
+
id = "auth0";
|
|
36
|
+
name = "Auth0";
|
|
37
|
+
category = "identity";
|
|
38
|
+
authType = "bearer_token";
|
|
39
|
+
capabilities = capabilities;
|
|
40
|
+
frameworks = ["SOC2", "ISO27001", "NIST_CSF", "HIPAA", "PCI_DSS"];
|
|
41
|
+
async fetchApi(config, endpoint) {
|
|
42
|
+
const domain = config.extra?.domain || config.baseUrl || "";
|
|
43
|
+
const base = domain.startsWith("http") ? domain : `https://${domain}`;
|
|
44
|
+
const resp = await fetch(`${base}/api/v2${endpoint}`, {
|
|
45
|
+
headers: {
|
|
46
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
47
|
+
Accept: "application/json",
|
|
48
|
+
},
|
|
49
|
+
});
|
|
50
|
+
if (!resp.ok)
|
|
51
|
+
throw new Error(`Auth0 API ${resp.status}: ${resp.statusText}`);
|
|
52
|
+
return (await resp.json());
|
|
53
|
+
}
|
|
54
|
+
async testConnection(config) {
|
|
55
|
+
try {
|
|
56
|
+
await this.fetchApi(config, "/users?per_page=1");
|
|
57
|
+
return true;
|
|
58
|
+
}
|
|
59
|
+
catch {
|
|
60
|
+
return false;
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
async collectEvidence(config) {
|
|
64
|
+
const artifacts = [];
|
|
65
|
+
const now = new Date().toISOString();
|
|
66
|
+
const users = await this.fetchApi(config, "/users?per_page=100&include_totals=true").catch(() => ({ users: [], total: 0 }));
|
|
67
|
+
const userList = (users.users || []);
|
|
68
|
+
const mfaEnabled = userList.filter((u) => {
|
|
69
|
+
const factors = (u.multifactor || []);
|
|
70
|
+
return factors.length > 0;
|
|
71
|
+
});
|
|
72
|
+
artifacts.push({
|
|
73
|
+
id: generateEvidenceId(),
|
|
74
|
+
connectorId: this.id,
|
|
75
|
+
capabilityId: "auth0-users",
|
|
76
|
+
timestamp: now,
|
|
77
|
+
hash: hashEvidence({ total: userList.length, mfaEnabled: mfaEnabled.length }),
|
|
78
|
+
framework: "SOC2",
|
|
79
|
+
controlId: "CC6.1",
|
|
80
|
+
source: "auth0/users",
|
|
81
|
+
status: mfaEnabled.length > userList.length * 0.8 ? "compliant" : "partial",
|
|
82
|
+
data: {
|
|
83
|
+
userCount: userList.length,
|
|
84
|
+
mfaEnabledCount: mfaEnabled.length,
|
|
85
|
+
total: users.total,
|
|
86
|
+
},
|
|
87
|
+
metadata: { domain: config.extra?.domain || "" },
|
|
88
|
+
});
|
|
89
|
+
const apps = await this.fetchApi(config, "/clients?is_global=false&fields=name,app_type,callbacks").catch(() => ({ clients: [] }));
|
|
90
|
+
const appList = (apps.clients || []);
|
|
91
|
+
artifacts.push({
|
|
92
|
+
id: generateEvidenceId(),
|
|
93
|
+
connectorId: this.id,
|
|
94
|
+
capabilityId: "auth0-applications",
|
|
95
|
+
timestamp: now,
|
|
96
|
+
hash: hashEvidence({ appCount: appList.length }),
|
|
97
|
+
framework: "ISO27001",
|
|
98
|
+
controlId: "A.14.2.5",
|
|
99
|
+
source: "auth0/clients",
|
|
100
|
+
status: "unknown",
|
|
101
|
+
data: { appCount: appList.length },
|
|
102
|
+
metadata: { domain: config.extra?.domain || "" },
|
|
103
|
+
});
|
|
104
|
+
const connections = await this.fetchApi(config, "/connections?strategy=auth0,discord,facebook,google-oauth2,linkedin,samlp,oidc").catch(() => ({ connections: [] }));
|
|
105
|
+
const connList = (connections.connections || []);
|
|
106
|
+
artifacts.push({
|
|
107
|
+
id: generateEvidenceId(),
|
|
108
|
+
connectorId: this.id,
|
|
109
|
+
capabilityId: "auth0-connections",
|
|
110
|
+
timestamp: now,
|
|
111
|
+
hash: hashEvidence({ connectionCount: connList.length }),
|
|
112
|
+
framework: "SOC2",
|
|
113
|
+
controlId: "CC6.2",
|
|
114
|
+
source: "auth0/connections",
|
|
115
|
+
status: "unknown",
|
|
116
|
+
data: { connectionCount: connList.length },
|
|
117
|
+
metadata: { domain: config.extra?.domain || "" },
|
|
118
|
+
});
|
|
119
|
+
const attackProtection = await this.fetchApi(config, "/attack-protection").catch(() => ({}));
|
|
120
|
+
artifacts.push({
|
|
121
|
+
id: generateEvidenceId(),
|
|
122
|
+
connectorId: this.id,
|
|
123
|
+
capabilityId: "auth0-attack-protection",
|
|
124
|
+
timestamp: now,
|
|
125
|
+
hash: hashEvidence(attackProtection),
|
|
126
|
+
framework: "NIST_CSF",
|
|
127
|
+
controlId: "PR.AC-1",
|
|
128
|
+
source: "auth0/attack-protection",
|
|
129
|
+
status: "unknown",
|
|
130
|
+
data: { attackProtection },
|
|
131
|
+
metadata: { domain: config.extra?.domain || "" },
|
|
132
|
+
});
|
|
133
|
+
const roles = await this.fetchApi(config, "/roles").catch(() => ({ roles: [] }));
|
|
134
|
+
const roleList = (roles.roles || []);
|
|
135
|
+
artifacts.push({
|
|
136
|
+
id: generateEvidenceId(),
|
|
137
|
+
connectorId: this.id,
|
|
138
|
+
capabilityId: "auth0-roles",
|
|
139
|
+
timestamp: now,
|
|
140
|
+
hash: hashEvidence({ roleCount: roleList.length }),
|
|
141
|
+
framework: "ISO27001",
|
|
142
|
+
controlId: "A.9.2.3",
|
|
143
|
+
source: "auth0/roles",
|
|
144
|
+
status: "unknown",
|
|
145
|
+
data: { roleCount: roleList.length },
|
|
146
|
+
metadata: { domain: config.extra?.domain || "" },
|
|
147
|
+
});
|
|
148
|
+
return artifacts;
|
|
149
|
+
}
|
|
150
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class AzureADConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "azure-ad";
|
|
4
|
+
readonly name = "Azure Active Directory";
|
|
5
|
+
readonly category: "identity";
|
|
6
|
+
readonly authType: "oauth2";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private getAccessToken;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|