@greenarmor/ges 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/audit.js +44 -4
- package/dist/commands/badge.js +1 -1
- package/package.json +12 -12
package/dist/commands/audit.js
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import { Command } from "commander";
|
|
2
2
|
import { ensureGESInitialized, readJsonFile, writeJsonFile } from "../utils/project.js";
|
|
3
|
-
import { getAllPacks } from "@greenarmor/ges-policy-engine";
|
|
3
|
+
import { getPacksForProjectType, getAllPacks } from "@greenarmor/ges-policy-engine";
|
|
4
4
|
import { generateScoreFile, formatScoreOutput } from "@greenarmor/ges-scoring-engine";
|
|
5
5
|
import { runAudit, deduplicateFindings } from "@greenarmor/ges-audit-engine";
|
|
6
6
|
import { showNextStepsMenu } from "../utils/next-steps.js";
|
|
7
|
+
import * as fs from "node:fs";
|
|
7
8
|
import * as path from "node:path";
|
|
8
9
|
export const auditCommand = new Command("audit")
|
|
9
10
|
.description("Run a compliance audit on the project")
|
|
@@ -19,14 +20,29 @@ export const auditCommand = new Command("audit")
|
|
|
19
20
|
const findings = deduplicateFindings(rawFindings);
|
|
20
21
|
console.log(` Scanned ${scannedFiles} files\n`);
|
|
21
22
|
const frameworks = (config?.frameworks || ["GDPR", "OWASP"]);
|
|
22
|
-
const
|
|
23
|
-
const
|
|
24
|
-
const
|
|
23
|
+
const projectPacks = getPacksForProjectType(config?.project_type || "generic-web-application");
|
|
24
|
+
const packIds = new Set(projectPacks.map(p => p.id));
|
|
25
|
+
const fwLower = new Set(frameworks.map(f => f.toLowerCase()));
|
|
26
|
+
const allPacks = getAllPacks();
|
|
27
|
+
for (const p of allPacks) {
|
|
28
|
+
if (fwLower.has(p.id))
|
|
29
|
+
packIds.add(p.id);
|
|
30
|
+
}
|
|
31
|
+
const controls = allPacks.filter(p => packIds.has(p.id)).flatMap(p => p.controls);
|
|
32
|
+
const overrides = loadControlOverrides(root);
|
|
33
|
+
const updatedControls = applyControlOverrides(controls, overrides);
|
|
34
|
+
const auditedControls = updateControlsFromFindings(updatedControls, findings);
|
|
35
|
+
const scoreData = generateScoreFile(auditedControls, frameworks, findings);
|
|
25
36
|
writeJsonFile(path.join(root, ".ges", "score.json"), scoreData);
|
|
26
37
|
const critical = findings.filter(f => f.severity === "critical");
|
|
27
38
|
const high = findings.filter(f => f.severity === "high");
|
|
28
39
|
const medium = findings.filter(f => f.severity === "medium");
|
|
29
40
|
const low = findings.filter(f => f.severity === "low");
|
|
41
|
+
if (overrides.length > 0) {
|
|
42
|
+
const naCount = overrides.filter(o => o.status === "not-applicable").length;
|
|
43
|
+
const passCount = overrides.filter(o => o.status === "pass").length;
|
|
44
|
+
console.log(` Control overrides: ${naCount} not-applicable, ${passCount} pre-verified\n`);
|
|
45
|
+
}
|
|
30
46
|
if (options.json) {
|
|
31
47
|
console.log(JSON.stringify({ findings, score: scoreData }, null, 2));
|
|
32
48
|
if (options.ci && critical.length > 0)
|
|
@@ -67,8 +83,32 @@ export const auditCommand = new Command("audit")
|
|
|
67
83
|
}
|
|
68
84
|
await showNextStepsMenu("audit");
|
|
69
85
|
});
|
|
86
|
+
function loadControlOverrides(root) {
|
|
87
|
+
const overridePath = path.join(root, ".ges", "control-overrides.json");
|
|
88
|
+
if (!fs.existsSync(overridePath))
|
|
89
|
+
return [];
|
|
90
|
+
const overrides = readJsonFile(overridePath);
|
|
91
|
+
return Array.isArray(overrides) ? overrides : [];
|
|
92
|
+
}
|
|
93
|
+
function applyControlOverrides(controls, overrides) {
|
|
94
|
+
if (overrides.length === 0)
|
|
95
|
+
return controls;
|
|
96
|
+
const overrideMap = new Map(overrides.map(o => [o.control_id, o]));
|
|
97
|
+
return controls.map(control => {
|
|
98
|
+
const override = overrideMap.get(control.id);
|
|
99
|
+
if (!override)
|
|
100
|
+
return control;
|
|
101
|
+
return {
|
|
102
|
+
...control,
|
|
103
|
+
status: override.status,
|
|
104
|
+
checks: control.checks.map(check => ({ ...check, status: override.status })),
|
|
105
|
+
};
|
|
106
|
+
});
|
|
107
|
+
}
|
|
70
108
|
function updateControlsFromFindings(controls, findings) {
|
|
71
109
|
return controls.map(control => {
|
|
110
|
+
if (control.status === "pass" || control.status === "not-applicable")
|
|
111
|
+
return control;
|
|
72
112
|
const relevantFindings = findings.filter(f => f.controlIds.includes(control.id));
|
|
73
113
|
if (relevantFindings.length === 0)
|
|
74
114
|
return control;
|
package/dist/commands/badge.js
CHANGED
|
@@ -6,7 +6,7 @@ import * as fs from "node:fs";
|
|
|
6
6
|
import * as path from "node:path";
|
|
7
7
|
export const badgeCommand = new Command("badge")
|
|
8
8
|
.description("Generate compliance score badge for README")
|
|
9
|
-
.option("-o, --output <path>", "Output path for badge SVG", "
|
|
9
|
+
.option("-o, --output <path>", "Output path for badge SVG", "badge.svg")
|
|
10
10
|
.option("--readme <path>", "README file to inject badge into", "README.md")
|
|
11
11
|
.option("--no-readme", "Do not inject badge into README")
|
|
12
12
|
.action(async (options) => {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@greenarmor/ges",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.0",
|
|
4
4
|
"description": "Green Engineering Standard Framework - Compliance-as-Code CLI",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -13,17 +13,17 @@
|
|
|
13
13
|
],
|
|
14
14
|
"dependencies": {
|
|
15
15
|
"commander": "^13.0.0",
|
|
16
|
-
"@greenarmor/ges-audit-engine": "0.
|
|
17
|
-
"@greenarmor/ges-
|
|
18
|
-
"@greenarmor/ges-
|
|
19
|
-
"@greenarmor/ges-
|
|
20
|
-
"@greenarmor/ges-
|
|
21
|
-
"@greenarmor/ges-
|
|
22
|
-
"@greenarmor/ges-
|
|
23
|
-
"@greenarmor/ges-
|
|
24
|
-
"@greenarmor/ges-
|
|
25
|
-
"@greenarmor/ges-mcp-server": "0.
|
|
26
|
-
"@greenarmor/ges-
|
|
16
|
+
"@greenarmor/ges-audit-engine": "0.5.0",
|
|
17
|
+
"@greenarmor/ges-doc-generator": "0.5.0",
|
|
18
|
+
"@greenarmor/ges-cicd-generator": "0.5.0",
|
|
19
|
+
"@greenarmor/ges-compliance-engine": "0.5.0",
|
|
20
|
+
"@greenarmor/ges-policy-engine": "0.5.0",
|
|
21
|
+
"@greenarmor/ges-rules-engine": "0.5.0",
|
|
22
|
+
"@greenarmor/ges-report-generator": "0.5.0",
|
|
23
|
+
"@greenarmor/ges-scanner-integration": "0.5.0",
|
|
24
|
+
"@greenarmor/ges-scoring-engine": "0.5.0",
|
|
25
|
+
"@greenarmor/ges-mcp-server": "0.5.0",
|
|
26
|
+
"@greenarmor/ges-core": "0.5.0"
|
|
27
27
|
},
|
|
28
28
|
"devDependencies": {
|
|
29
29
|
"@types/node": "^22.0.0",
|