@nice2dev/ui-tools 1.0.10

package/dist/security-scanning.d.ts

@@ -0,0 +1,714 @@
+/**
+ * @file security-scanning.ts
+ * @module @nice2dev/ui-tools/security-scanning
+ * @description PRO-12.1 — Security Scanning types
+ *
+ * SAST, DAST, container scanning, dependency scanning,
+ * vulnerability dashboard, CVE database, risk scoring.
+ */
+/** Security dashboard */
+export interface SecurityDashboard {
+    readonly summary: VulnerabilitySummary;
+    readonly scanHistory: readonly ScanHistoryEntry[];
+    readonly topVulnerabilities: readonly Vulnerability[];
+    readonly riskTrend: readonly RiskTrendPoint[];
+    readonly complianceStatus: readonly ComplianceStatusItem[];
+    readonly lastUpdated: Date;
+}
+/** Vulnerability summary */
+export interface VulnerabilitySummary {
+    readonly critical: number;
+    readonly high: number;
+    readonly medium: number;
+    readonly low: number;
+    readonly informational: number;
+    readonly total: number;
+    readonly fixedLast30Days: number;
+    readonly newLast30Days: number;
+    readonly meanTimeToRemediate: number;
+}
+/** Scan history entry */
+export interface ScanHistoryEntry {
+    readonly scanId: string;
+    readonly scanType: SecurityScanType;
+    readonly timestamp: Date;
+    readonly duration: number;
+    readonly status: ScanStatus;
+    readonly findingsCount: number;
+    readonly newFindings: number;
+    readonly fixedFindings: number;
+}
+/** Security scan type */
+export type SecurityScanType = 'sast' | 'dast' | 'sca' | 'container' | 'iac' | 'secret' | 'penetration' | 'compliance';
+/** Scan status */
+export type ScanStatus = 'pending' | 'running' | 'completed' | 'failed' | 'cancelled';
+/** Risk trend point */
+export interface RiskTrendPoint {
+    readonly date: Date;
+    readonly riskScore: number;
+    readonly criticalCount: number;
+    readonly highCount: number;
+}
+/** Compliance status item */
+export interface ComplianceStatusItem {
+    readonly framework: ComplianceFramework;
+    readonly controlsPassed: number;
+    readonly controlsFailed: number;
+    readonly controlsTotal: number;
+    readonly compliancePercent: number;
+    readonly lastAssessed: Date;
+}
+/** Compliance framework */
+export type ComplianceFramework = 'soc2' | 'pci_dss' | 'hipaa' | 'gdpr' | 'iso27001' | 'nist_csf' | 'cis_benchmarks' | 'fedramp';
+/** Vulnerability */
+export interface Vulnerability {
+    readonly id: string;
+    readonly cveId?: string;
+    readonly cweId?: string;
+    readonly title: string;
+    readonly description: string;
+    readonly severity: VulnerabilitySeverity;
+    readonly cvssScore?: number;
+    readonly cvssVector?: string;
+    readonly epssScore?: number;
+    readonly category: VulnerabilityCategory;
+    readonly status: VulnerabilityStatus;
+    readonly source: VulnerabilitySource;
+    readonly firstDetected: Date;
+    readonly lastSeen: Date;
+    readonly fixedAt?: Date;
+    readonly dueDate?: Date;
+    readonly affectedAssets: readonly AffectedAsset[];
+    readonly remediation?: RemediationInfo;
+    readonly references: readonly VulnerabilityReference[];
+    readonly assignee?: string;
+    readonly tags: readonly string[];
+}
+/** Vulnerability severity */
+export type VulnerabilitySeverity = 'critical' | 'high' | 'medium' | 'low' | 'informational';
+/** Vulnerability category */
+export type VulnerabilityCategory = 'injection' | 'authentication' | 'authorization' | 'xss' | 'csrf' | 'ssrf' | 'xxe' | 'deserialization' | 'path_traversal' | 'information_disclosure' | 'misconfiguration' | 'cryptographic' | 'dependency' | 'container' | 'infrastructure' | 'secret_exposure' | 'other';
+/** Vulnerability status */
+export type VulnerabilityStatus = 'open' | 'in_progress' | 'fixed' | 'accepted' | 'false_positive' | 'wont_fix' | 'duplicate';
+/** Vulnerability source */
+export interface VulnerabilitySource {
+    readonly scanType: SecurityScanType;
+    readonly scanner: string;
+    readonly scanId: string;
+    readonly ruleId?: string;
+}
+/** Affected asset */
+export interface AffectedAsset {
+    readonly type: AssetType;
+    readonly name: string;
+    readonly version?: string;
+    readonly path?: string;
+    readonly location?: CodeLocation;
+    readonly environment?: string;
+}
+/** Asset type */
+export type AssetType = 'source_code' | 'dependency' | 'container_image' | 'infrastructure' | 'api_endpoint' | 'web_application' | 'configuration' | 'secret';
+/** Code location */
+export interface CodeLocation {
+    readonly file: string;
+    readonly startLine: number;
+    readonly endLine?: number;
+    readonly startColumn?: number;
+    readonly endColumn?: number;
+    readonly snippet?: string;
+}
+/** Remediation info */
+export interface RemediationInfo {
+    readonly description: string;
+    readonly effort: RemediationEffort;
+    readonly steps?: readonly string[];
+    readonly fixVersion?: string;
+    readonly patchAvailable: boolean;
+    readonly workaround?: string;
+}
+/** Remediation effort */
+export type RemediationEffort = 'trivial' | 'low' | 'medium' | 'high' | 'complex';
+/** Vulnerability reference */
+export interface VulnerabilityReference {
+    readonly type: ReferenceType;
+    readonly url: string;
+    readonly title?: string;
+}
+/** Reference type */
+export type ReferenceType = 'cve' | 'cwe' | 'nvd' | 'advisory' | 'article' | 'exploit' | 'patch' | 'other';
+/** SAST scan config */
+export interface SastScanConfig {
+    readonly id: string;
+    readonly name: string;
+    readonly enabled: boolean;
+    readonly language: SastLanguage;
+    readonly rules: readonly SastRuleConfig[];
+    readonly excludePaths: readonly string[];
+    readonly includePaths: readonly string[];
+    readonly severity: readonly VulnerabilitySeverity[];
+    readonly failOnSeverity?: VulnerabilitySeverity;
+    readonly maxIssues?: number;
+}
+/** SAST language */
+export type SastLanguage = 'javascript' | 'typescript' | 'python' | 'java' | 'csharp' | 'go' | 'ruby' | 'php' | 'kotlin' | 'swift' | 'rust' | 'cpp';
+/** SAST rule config */
+export interface SastRuleConfig {
+    readonly ruleId: string;
+    readonly enabled: boolean;
+    readonly severity?: VulnerabilitySeverity;
+    readonly parameters?: Record<string, unknown>;
+}
+/** SAST finding */
+export interface SastFinding {
+    readonly id: string;
+    readonly ruleId: string;
+    readonly ruleName: string;
+    readonly category: VulnerabilityCategory;
+    readonly severity: VulnerabilitySeverity;
+    readonly message: string;
+    readonly location: CodeLocation;
+    readonly dataFlow?: readonly DataFlowStep[];
+    readonly cweId?: string;
+    readonly owaspCategory?: string;
+    readonly confidence: ConfidenceLevel;
+    readonly remediation?: string;
+}
+/** Data flow step */
+export interface DataFlowStep {
+    readonly index: number;
+    readonly location: CodeLocation;
+    readonly description: string;
+    readonly type: 'source' | 'propagator' | 'sink';
+}
+/** Confidence level */
+export type ConfidenceLevel = 'high' | 'medium' | 'low';
+/** DAST scan config */
+export interface DastScanConfig {
+    readonly id: string;
+    readonly name: string;
+    readonly enabled: boolean;
+    readonly targetUrl: string;
+    readonly scanType: DastScanType;
+    readonly authentication?: DastAuthentication;
+    readonly crawlConfig: CrawlConfig;
+    readonly attackPolicies: readonly string[];
+    readonly excludeUrls: readonly string[];
+    readonly scanSpeed: DastScanSpeed;
+    readonly maxDuration?: number;
+}
+/** DAST scan type */
+export type DastScanType = 'passive' | 'active' | 'full' | 'api';
+/** DAST authentication */
+export interface DastAuthentication {
+    readonly type: DastAuthType;
+    readonly config: Record<string, unknown>;
+}
+/** DAST auth type */
+export type DastAuthType = 'none' | 'http_basic' | 'http_bearer' | 'form_based' | 'session_cookie' | 'oauth2';
+/** Crawl config */
+export interface CrawlConfig {
+    readonly maxDepth: number;
+    readonly maxUrls: number;
+    readonly timeout: number;
+    readonly userAgent?: string;
+    readonly respectRobotsTxt: boolean;
+    readonly includedDomains: readonly string[];
+    readonly excludedPatterns: readonly string[];
+}
+/** DAST scan speed */
+export type DastScanSpeed = 'fast' | 'normal' | 'thorough';
+/** DAST finding */
+export interface DastFinding {
+    readonly id: string;
+    readonly alertId: string;
+    readonly name: string;
+    readonly description: string;
+    readonly severity: VulnerabilitySeverity;
+    readonly url: string;
+    readonly method: string;
+    readonly parameter?: string;
+    readonly attack?: string;
+    readonly evidence?: string;
+    readonly cweId?: string;
+    readonly owaspCategory?: string;
+    readonly solution?: string;
+    readonly references: readonly string[];
+    readonly requestResponse?: HttpExchange;
+}
+/** HTTP exchange */
+export interface HttpExchange {
+    readonly request: HttpRequest;
+    readonly response: HttpResponse;
+}
+/** HTTP request */
+export interface HttpRequest {
+    readonly method: string;
+    readonly url: string;
+    readonly headers: Record<string, string>;
+    readonly body?: string;
+}
+/** HTTP response */
+export interface HttpResponse {
+    readonly statusCode: number;
+    readonly headers: Record<string, string>;
+    readonly body?: string;
+}
+/** Container scan config */
+export interface ContainerScanConfig {
+    readonly id: string;
+    readonly name: string;
+    readonly enabled: boolean;
+    readonly registries: readonly ContainerRegistry[];
+    readonly imagePatterns: readonly string[];
+    readonly excludePatterns: readonly string[];
+    readonly scanOnPush: boolean;
+    readonly scanSchedule?: string;
+    readonly severityThreshold?: VulnerabilitySeverity;
+}
+/** Container registry */
+export interface ContainerRegistry {
+    readonly type: RegistryType;
+    readonly url: string;
+    readonly credentialId?: string;
+}
+/** Registry type */
+export type RegistryType = 'docker_hub' | 'ecr' | 'gcr' | 'acr' | 'harbor' | 'artifactory' | 'quay' | 'ghcr';
+/** Container scan result */
+export interface ContainerScanResult {
+    readonly imageId: string;
+    readonly imageName: string;
+    readonly imageTag: string;
+    readonly digest: string;
+    readonly scannedAt: Date;
+    readonly os: OsInfo;
+    readonly layers: readonly ImageLayer[];
+    readonly vulnerabilities: readonly ContainerVulnerability[];
+    readonly baseImage?: string;
+    readonly size: number;
+    readonly configIssues: readonly ConfigurationIssue[];
+}
+/** OS info */
+export interface OsInfo {
+    readonly family: string;
+    readonly name: string;
+    readonly version?: string;
+}
+/** Image layer */
+export interface ImageLayer {
+    readonly digest: string;
+    readonly size: number;
+    readonly createdBy?: string;
+    readonly vulnerabilityCount: number;
+}
+/** Container vulnerability */
+export interface ContainerVulnerability extends Vulnerability {
+    readonly packageName: string;
+    readonly installedVersion: string;
+    readonly fixedVersion?: string;
+    readonly layer?: string;
+    readonly packageType: PackageType;
+}
+/** Package type */
+export type PackageType = 'apk' | 'apt' | 'rpm' | 'npm' | 'pip' | 'gem' | 'go' | 'cargo' | 'nuget' | 'jar';
+/** Configuration issue */
+export interface ConfigurationIssue {
+    readonly id: string;
+    readonly title: string;
+    readonly description: string;
+    readonly severity: VulnerabilitySeverity;
+    readonly category: ConfigIssueCategory;
+    readonly remediation?: string;
+}
+/** Config issue category */
+export type ConfigIssueCategory = 'root_user' | 'sensitive_data' | 'exposed_port' | 'outdated_base' | 'missing_healthcheck' | 'privileged_mode' | 'writable_filesystem';
+/** Dependency scan config */
+export interface DependencyScanConfig {
+    readonly id: string;
+    readonly name: string;
+    readonly enabled: boolean;
+    readonly ecosystems: readonly PackageEcosystem[];
+    readonly manifestPatterns: readonly string[];
+    readonly lockfilePatterns: readonly string[];
+    readonly excludePaths: readonly string[];
+    readonly devDependencies: boolean;
+    readonly licensePolicy?: LicensePolicy;
+}
+/** Package ecosystem */
+export type PackageEcosystem = 'npm' | 'yarn' | 'pnpm' | 'pip' | 'poetry' | 'pipenv' | 'maven' | 'gradle' | 'nuget' | 'go' | 'cargo' | 'gem' | 'composer' | 'pub';
+/** License policy */
+export interface LicensePolicy {
+    readonly allowed: readonly string[];
+    readonly denied: readonly string[];
+    readonly review: readonly string[];
+}
+/** Dependency */
+export interface Dependency {
+    readonly name: string;
+    readonly version: string;
+    readonly ecosystem: PackageEcosystem;
+    readonly scope: DependencyScope;
+    readonly direct: boolean;
+    readonly licenses: readonly string[];
+    readonly vulnerabilities: readonly DependencyVulnerability[];
+    readonly dependencyPath: readonly string[];
+    readonly latestVersion?: string;
+    readonly deprecated?: boolean;
+    readonly maintainerCount?: number;
+    readonly lastPublished?: Date;
+}
+/** Dependency scope */
+export type DependencyScope = 'runtime' | 'development' | 'optional' | 'peer';
+/** Dependency vulnerability */
+export interface DependencyVulnerability extends Vulnerability {
+    readonly vulnerableVersions: string;
+    readonly patchedVersions?: string;
+    readonly publishedDate: Date;
+    readonly advisoryUrl?: string;
+}
+/** Secret scan config */
+export interface SecretScanConfig {
+    readonly id: string;
+    readonly name: string;
+    readonly enabled: boolean;
+    readonly patterns: readonly SecretPattern[];
+    readonly includePaths: readonly string[];
+    readonly excludePaths: readonly string[];
+    readonly excludePatterns: readonly string[];
+    readonly commitHistory: boolean;
+    readonly historicalLimit?: number;
+}
+/** Secret pattern */
+export interface SecretPattern {
+    readonly id: string;
+    readonly name: string;
+    readonly type: SecretType;
+    readonly pattern: string;
+    readonly keywords?: readonly string[];
+    readonly enabled: boolean;
+    readonly severity: VulnerabilitySeverity;
+}
+/** Secret type */
+export type SecretType = 'api_key' | 'aws_access_key' | 'azure_key' | 'gcp_key' | 'private_key' | 'certificate' | 'password' | 'token' | 'jwt' | 'oauth_secret' | 'database_url' | 'ssh_key' | 'slack_webhook' | 'stripe_key' | 'twilio_key' | 'sendgrid_key' | 'generic';
+/** Secret finding */
+export interface SecretFinding {
+    readonly id: string;
+    readonly patternId: string;
+    readonly secretType: SecretType;
+    readonly severity: VulnerabilitySeverity;
+    readonly file: string;
+    readonly line: number;
+    readonly commit?: string;
+    readonly author?: string;
+    readonly date?: Date;
+    readonly redactedValue: string;
+    readonly verified?: boolean;
+    readonly status: SecretFindingStatus;
+    readonly rotated: boolean;
+    readonly rotatedAt?: Date;
+}
+/** Secret finding status */
+export type SecretFindingStatus = 'active' | 'rotated' | 'false_positive' | 'ignored';
+/** IaC scan config */
+export interface IacScanConfig {
+    readonly id: string;
+    readonly name: string;
+    readonly enabled: boolean;
+    readonly frameworks: readonly IacFramework[];
+    readonly includePaths: readonly string[];
+    readonly excludePaths: readonly string[];
+    readonly policies: readonly IacPolicy[];
+    readonly skipSoftFail: boolean;
+}
+/** IaC framework */
+export type IacFramework = 'terraform' | 'cloudformation' | 'arm' | 'kubernetes' | 'helm' | 'ansible' | 'docker' | 'pulumi';
+/** IaC policy */
+export interface IacPolicy {
+    readonly id: string;
+    readonly name: string;
+    readonly enabled: boolean;
+    readonly severity: VulnerabilitySeverity;
+    readonly category: IacPolicyCategory;
+    readonly check: string;
+}
+/** IaC policy category */
+export type IacPolicyCategory = 'networking' | 'iam' | 'encryption' | 'logging' | 'backup' | 'public_access' | 'compliance' | 'best_practice';
+/** IaC finding */
+export interface IacFinding {
+    readonly id: string;
+    readonly policyId: string;
+    readonly policyName: string;
+    readonly severity: VulnerabilitySeverity;
+    readonly category: IacPolicyCategory;
+    readonly resource: IacResource;
+    readonly message: string;
+    readonly remediation?: string;
+    readonly documentationUrl?: string;
+}
+/** IaC resource */
+export interface IacResource {
+    readonly type: string;
+    readonly name: string;
+    readonly file: string;
+    readonly line: number;
+    readonly address?: string;
+}
+/** CVE entry */
+export interface CveEntry {
+    readonly cveId: string;
+    readonly description: string;
+    readonly publishedDate: Date;
+    readonly modifiedDate: Date;
+    readonly status: CveStatus;
+    readonly cvss: CvssInfo;
+    readonly cwe: readonly string[];
+    readonly references: readonly CveReference[];
+    readonly affectedProducts: readonly CpeEntry[];
+    readonly exploitAvailable: boolean;
+    readonly patchAvailable: boolean;
+}
+/** CVE status */
+export type CveStatus = 'analyzed' | 'modified' | 'rejected' | 'reserved';
+/** CVSS info */
+export interface CvssInfo {
+    readonly version: '2.0' | '3.0' | '3.1' | '4.0';
+    readonly score: number;
+    readonly severity: VulnerabilitySeverity;
+    readonly vector: string;
+    readonly metrics: CvssMetrics;
+}
+/** CVSS metrics */
+export interface CvssMetrics {
+    readonly attackVector: 'network' | 'adjacent' | 'local' | 'physical';
+    readonly attackComplexity: 'low' | 'high';
+    readonly privilegesRequired: 'none' | 'low' | 'high';
+    readonly userInteraction: 'none' | 'required';
+    readonly scope: 'unchanged' | 'changed';
+    readonly confidentialityImpact: 'none' | 'low' | 'high';
+    readonly integrityImpact: 'none' | 'low' | 'high';
+    readonly availabilityImpact: 'none' | 'low' | 'high';
+    readonly exploitCodeMaturity?: string;
+    readonly remediationLevel?: string;
+    readonly reportConfidence?: string;
+}
+/** CVE reference */
+export interface CveReference {
+    readonly url: string;
+    readonly source: string;
+    readonly tags: readonly string[];
+}
+/** CPE entry */
+export interface CpeEntry {
+    readonly cpe: string;
+    readonly vendor: string;
+    readonly product: string;
+    readonly version: string;
+    readonly versionEndExcluding?: string;
+    readonly versionEndIncluding?: string;
+}
+/** Penetration test report */
+export interface PentestReport {
+    readonly id: string;
+    readonly title: string;
+    readonly type: PentestType;
+    readonly scope: PentestScope;
+    readonly methodology: string;
+    readonly startDate: Date;
+    readonly endDate: Date;
+    readonly tester: TesterInfo;
+    readonly executiveSummary: string;
+    readonly findings: readonly PentestFinding[];
+    readonly riskRating: RiskRating;
+    readonly recommendations: readonly Recommendation[];
+    readonly attachments: readonly Attachment[];
+}
+/** Pentest type */
+export type PentestType = 'black_box' | 'gray_box' | 'white_box' | 'red_team' | 'purple_team';
+/** Pentest scope */
+export interface PentestScope {
+    readonly inScope: readonly string[];
+    readonly outOfScope: readonly string[];
+    readonly constraints: readonly string[];
+    readonly objectives: readonly string[];
+}
+/** Tester info */
+export interface TesterInfo {
+    readonly name: string;
+    readonly organization: string;
+    readonly certifications: readonly string[];
+    readonly contact: string;
+}
+/** Pentest finding */
+export interface PentestFinding {
+    readonly id: string;
+    readonly title: string;
+    readonly severity: VulnerabilitySeverity;
+    readonly cvssScore: number;
+    readonly description: string;
+    readonly impact: string;
+    readonly likelihood: LikelihoodLevel;
+    readonly affectedAssets: readonly string[];
+    readonly proofOfConcept?: string;
+    readonly screenshots?: readonly string[];
+    readonly remediation: string;
+    readonly references: readonly string[];
+    readonly status: PentestFindingStatus;
+}
+/** Likelihood level */
+export type LikelihoodLevel = 'high' | 'medium' | 'low';
+/** Pentest finding status */
+export type PentestFindingStatus = 'open' | 'remediated' | 'verified' | 'accepted';
+/** Risk rating */
+export interface RiskRating {
+    readonly overall: VulnerabilitySeverity;
+    readonly score: number;
+    readonly breakdown: Record<VulnerabilitySeverity, number>;
+}
+/** Recommendation */
+export interface Recommendation {
+    readonly priority: number;
+    readonly title: string;
+    readonly description: string;
+    readonly effort: RemediationEffort;
+    readonly relatedFindings: readonly string[];
+}
+/** Attachment */
+export interface Attachment {
+    readonly id: string;
+    readonly name: string;
+    readonly type: string;
+    readonly size: number;
+    readonly url: string;
+}
+/** Remediation task */
+export interface RemediationTask {
+    readonly id: string;
+    readonly title: string;
+    readonly description: string;
+    readonly vulnerabilityIds: readonly string[];
+    readonly status: RemediationStatus;
+    readonly priority: TaskPriority;
+    readonly assignee?: string;
+    readonly team?: string;
+    readonly dueDate?: Date;
+    readonly createdAt: Date;
+    readonly updatedAt: Date;
+    readonly completedAt?: Date;
+    readonly effort: RemediationEffort;
+    readonly comments: readonly TaskComment[];
+    readonly linkedIssues: readonly LinkedIssue[];
+}
+/** Remediation status */
+export type RemediationStatus = 'open' | 'in_progress' | 'pending_verification' | 'verified' | 'closed' | 'wont_fix';
+/** Task priority */
+export type TaskPriority = 'urgent' | 'high' | 'medium' | 'low';
+/** Task comment */
+export interface TaskComment {
+    readonly id: string;
+    readonly author: string;
+    readonly content: string;
+    readonly createdAt: Date;
+}
+/** Linked issue */
+export interface LinkedIssue {
+    readonly system: IssueTracker;
+    readonly issueId: string;
+    readonly url: string;
+    readonly status?: string;
+}
+/** Issue tracker */
+export type IssueTracker = 'jira' | 'github' | 'gitlab' | 'azure_devops' | 'servicenow';
+/** Risk score */
+export interface RiskScore {
+    readonly overall: number;
+    readonly category: RiskCategory;
+    readonly factors: readonly RiskFactor[];
+    readonly trend: RiskTrend;
+    readonly lastCalculated: Date;
+}
+/** Risk category */
+export type RiskCategory = 'critical' | 'high' | 'medium' | 'low' | 'minimal';
+/** Risk factor */
+export interface RiskFactor {
+    readonly name: string;
+    readonly weight: number;
+    readonly score: number;
+    readonly maxScore: number;
+    readonly description: string;
+}
+/** Risk trend */
+export interface RiskTrend {
+    readonly direction: 'improving' | 'stable' | 'worsening';
+    readonly changePercent: number;
+    readonly period: string;
+}
+/** Scan schedule */
+export interface ScanSchedule {
+    readonly id: string;
+    readonly name: string;
+    readonly enabled: boolean;
+    readonly scanConfigs: readonly string[];
+    readonly cronExpression: string;
+    readonly timezone: string;
+    readonly notifyOnComplete: boolean;
+    readonly notifyOnFailure: boolean;
+    readonly notificationChannels: readonly string[];
+    readonly lastRun?: Date;
+    readonly nextRun?: Date;
+}
+/** Security policy */
+export interface SecurityPolicy {
+    readonly id: string;
+    readonly name: string;
+    readonly description: string;
+    readonly enabled: boolean;
+    readonly rules: readonly PolicyRule[];
+    readonly scope: PolicyScope;
+    readonly enforcement: PolicyEnforcement;
+    readonly createdAt: Date;
+    readonly updatedAt: Date;
+}
+/** Policy rule */
+export interface PolicyRule {
+    readonly id: string;
+    readonly name: string;
+    readonly condition: PolicyCondition;
+    readonly action: PolicyAction;
+}
+/** Policy condition */
+export interface PolicyCondition {
+    readonly field: string;
+    readonly operator: PolicyOperator;
+    readonly value: unknown;
+    readonly and?: readonly PolicyCondition[];
+    readonly or?: readonly PolicyCondition[];
+}
+/** Policy operator */
+export type PolicyOperator = 'equals' | 'not_equals' | 'contains' | 'not_contains' | 'greater_than' | 'less_than' | 'in' | 'not_in' | 'matches';
+/** Policy action */
+export interface PolicyAction {
+    readonly type: PolicyActionType;
+    readonly parameters?: Record<string, unknown>;
+}
+/** Policy action type */
+export type PolicyActionType = 'block' | 'warn' | 'notify' | 'audit' | 'fail_build' | 'require_approval';
+/** Policy scope */
+export interface PolicyScope {
+    readonly repositories?: readonly string[];
+    readonly environments?: readonly string[];
+    readonly teams?: readonly string[];
+}
+/** Policy enforcement */
+export interface PolicyEnforcement {
+    readonly mode: 'audit' | 'enforce';
+    readonly gracePeriod?: number;
+    readonly exceptions: readonly PolicyException[];
+}
+/** Policy exception */
+export interface PolicyException {
+    readonly id: string;
+    readonly reason: string;
+    readonly approvedBy: string;
+    readonly expiresAt?: Date;
+    readonly scope: PolicyScope;
+}
+//# sourceMappingURL=security-scanning.d.ts.map