npm - @kubbisec/aspm - Versions diffs - 1.0.2 - Mend

@kubbisec/aspm 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 KubbiSec
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,101 @@
+# @kubbisec/aspm
+Official **KubbiSec ASPM** CLI — upload security findings, coverage, and SBOM data, and manage projects from the terminal.
+**ASPM** (Application Security Posture Management) centralizes scans, coverage gates, and reporting so teams can track risk in one place.
+## Features
+- **Authentication** — session-based login aligned with the KubbiSec web app.
+- **Scan ingestion** — push reports from common scanners into a project.
+- **Coverage** — upload LCOV or Clover for test coverage tracking and gates.
+- **Local tooling** — parse and validate reports without sending data (dry run).
+- **Native binaries** — per-platform executables via `optionalDependencies` (no `postinstall` scripts; works with `npm install --ignore-scripts`).
+## Requirements
+- **Node.js** 18 or newer.
+- A **KubbiSec** account and API access (URL, API key, organization/project identifiers as required by your tenant).
+## Installation
+```bash
+npm install -g @kubbisec/aspm
+```
+## Quick start
+```bash
+# Authenticate (follow the prompts or use your org’s SSO flow if configured)
+aspm login
+# Upload a vulnerability / scan report
+aspm scan report.json -s trivy -p <project-id>
+# Upload coverage
+aspm coverage lcov.info -p <project-id>
+# Parse locally without uploading
+aspm parse report.json -s trivy
+# Open the dashboard (browser)
+aspm dashboard
+# List projects
+aspm projects
+```
+Run `aspm --help` for subcommands and global options.
+## Supported scanners
+| Scanner  | Use case              | Typical format |
+|----------|-----------------------|----------------|
+| Trivy    | Container / deps      | JSON           |
+| Sonar    | SAST                  | JSON           |
+| Nmap     | Network               | XML            |
+| Skipfish | Web                   | JSON           |
+| OSV      | Dependency advisories | JSON           |
+| Gitleaks | Secrets               | JSON           |
+| Syft     | SBOM                  | JSON           |
+Exact flags and file expectations may vary by version; use `aspm scan --help` and your KubbiSec project settings.
+## Coverage formats
+- **LCOV** — e.g. `lcov.info` (Jest, Vitest, Istanbul, and similar).
+- **Clover** — e.g. `clover.xml` (Vitest, PHPUnit, OpenClover, and similar).
+## Configuration
+CLI configuration is stored at:
+`~/.kubbisec/config.json`
+You can override defaults with environment variables (typical):
+| Variable            | Purpose              |
+|---------------------|----------------------|
+| `KUBBISEC_API_URL`  | API base URL         |
+| `KUBBISEC_API_KEY`  | API key / token      |
+| `KUBBISEC_ORG_ID`   | Organization ID      |
+| `KUBBISEC_PROJECT`  | Default project ID   |
+## Supported platforms
+Installing `@kubbisec/aspm` selects the matching binary:
+| OS      | Architecture | npm package                     |
+|---------|--------------|---------------------------------|
+| Linux   | x64          | `@kubbisec/aspm-linux-x64`      |
+| Linux   | arm64        | `@kubbisec/aspm-linux-arm64`    |
+| macOS   | arm64        | `@kubbisec/aspm-darwin-arm64`   |
+| Windows | x64          | `@kubbisec/aspm-win32-x64`      |
+## License
+MIT — see `LICENSE` in this package.
+## Trademarks
+**KubbiSec** and related marks are property of their respective owners. This package is distributed for use with the KubbiSec ASPM platform.

package/bin/aspm.js ADDED Viewed

@@ -0,0 +1,82 @@
+#!/usr/bin/env node
+/**
+ * @kubbisec/aspm — Launcher
+ *
+ * Detects platform, resolves native binary from optionalDependencies, executes.
+ */
+"use strict";
+const { spawn } = require("child_process");
+const path = require("path");
+const fs = require("fs");
+const PLATFORM_MAP = {
+  "linux-x64": "@kubbisec/aspm-linux-x64",
+  "linux-arm64": "@kubbisec/aspm-linux-arm64",
+  "darwin-arm64": "@kubbisec/aspm-darwin-arm64",
+  "win32-x64": "@kubbisec/aspm-win32-x64",
+};
+const platformKey = `${process.platform}-${process.arch}`;
+const packageName = PLATFORM_MAP[platformKey];
+if (!packageName) {
+  console.error(
+    `[aspm] Unsupported platform: ${process.platform}/${process.arch}\n` +
+      `Supported: ${Object.keys(PLATFORM_MAP).map((k) => k.replace("-", "/")).join(", ")}`,
+  );
+  process.exit(1);
+}
+const binaryName = process.platform === "win32" ? "aspm.exe" : "aspm";
+let binaryPath = null;
+try {
+  const pkgDir = path.dirname(require.resolve(`${packageName}/package.json`));
+  const candidate = path.join(pkgDir, "bin", binaryName);
+  if (fs.existsSync(candidate)) binaryPath = candidate;
+} catch {}
+if (!binaryPath) {
+  const search = [
+    path.resolve(__dirname, "..", "..", packageName, "bin", binaryName),
+    path.resolve(__dirname, "..", "node_modules", packageName, "bin", binaryName),
+  ];
+  for (const c of search) {
+    if (fs.existsSync(c)) { binaryPath = c; break; }
+  }
+}
+if (!binaryPath) {
+  console.error(
+    `[aspm] Native binary not found for ${process.platform}/${process.arch}.\n` +
+      `Expected package: ${packageName}\n` +
+      `Try reinstalling: npm install -g @kubbisec/aspm`,
+  );
+  process.exit(1);
+}
+if (process.platform !== "win32") {
+  try { fs.chmodSync(binaryPath, 0o755); } catch {}
+}
+const child = spawn(binaryPath, process.argv.slice(2), {
+  stdio: "inherit",
+  env: process.env,
+  windowsHide: true,
+});
+process.on("SIGINT", () => { try { child.kill("SIGINT"); } catch {} });
+process.on("SIGTERM", () => { try { child.kill("SIGTERM"); } catch {} });
+child.on("error", (err) => {
+  console.error(`[aspm] Failed to execute binary: ${err.message}`);
+  process.exit(1);
+});
+child.on("exit", (code, signal) => {
+  if (signal) process.kill(process.pid, signal);
+  else process.exit(code ?? 1);
+});

package/package.json ADDED Viewed

@@ -0,0 +1,33 @@
+{
+  "name": "@kubbisec/aspm",
+  "version": "1.0.2",
+  "description": "KubbiSec ASPM — Application Security Posture Management CLI",
+  "license": "MIT",
+  "bin": {
+    "aspm": "bin/aspm.js"
+  },
+  "files": [
+    "bin",
+    "README.md",
+    "LICENSE"
+  ],
+  "optionalDependencies": {
+    "@kubbisec/aspm-linux-x64": "1.0.2",
+    "@kubbisec/aspm-linux-arm64": "1.0.2",
+    "@kubbisec/aspm-darwin-arm64": "1.0.2",
+    "@kubbisec/aspm-win32-x64": "1.0.2"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "aspm",
+    "security",
+    "scanner",
+    "vulnerability",
+    "sast",
+    "sca",
+    "sbom",
+    "coverage"
+  ]
+}