@scantrix/cli 1.0.0

package/dist/sarifFormatter.js

@@ -0,0 +1,88 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toSarif = toSarif;
+function toSarifLevel(severity) {
+    switch (severity) {
+        case "high":
+            return "error";
+        case "medium":
+            return "warning";
+        case "low":
+            return "note";
+    }
+}
+/**
+ * Convert ScanResults into a SARIF 2.1.0 document.
+ * Usable with GitHub Code Scanning, Azure DevOps, and VS Code SARIF Viewer.
+ */
+function toSarif(results) {
+    const repoPath = results.repoPath.replace(/\\/g, "/");
+    // Deduplicate rules by findingId
+    const seenRuleIds = new Set();
+    const rules = [];
+    for (const f of results.findings) {
+        if (seenRuleIds.has(f.findingId))
+            continue;
+        seenRuleIds.add(f.findingId);
+        const rule = {
+            id: f.findingId,
+            shortDescription: { text: f.title },
+            fullDescription: { text: f.description },
+            defaultConfiguration: { level: toSarifLevel(f.severity) },
+            help: { text: f.recommendation, markdown: f.recommendation },
+        };
+        if (f.baseSeverity) {
+            rule.properties = {
+                baseSeverity: f.baseSeverity,
+                escalationReason: f.escalationReason,
+            };
+        }
+        rules.push(rule);
+    }
+    const sarifResults = [];
+    for (const f of results.findings) {
+        for (const e of f.evidence) {
+            const uri = e.file.replace(/\\/g, "/");
+            // Make path relative to repo root when possible
+            const relativeUri = uri.startsWith(repoPath)
+                ? uri.slice(repoPath.length + 1)
+                : uri;
+            // Skip synthetic/summary evidence that doesn't point to real files
+            if (relativeUri.includes("(CI summary)") ||
+                relativeUri.includes("(correlation") ||
+                relativeUri.includes("(analysis summary)")) {
+                continue;
+            }
+            sarifResults.push({
+                ruleId: f.findingId,
+                level: toSarifLevel(f.severity),
+                message: { text: `${f.title}: ${e.snippet}` },
+                locations: [
+                    {
+                        physicalLocation: {
+                            artifactLocation: { uri: relativeUri },
+                            region: { startLine: Math.max(e.line, 1) },
+                        },
+                    },
+                ],
+            });
+        }
+    }
+    return {
+        $schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
+        version: "2.1.0",
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        name: "scantrix",
+                        version: "6.3.0",
+                        informationUri: "https://github.com/scantrix/scantrix",
+                        rules,
+                    },
+                },
+                results: sarifResults,
+            },
+        ],
+    };
+}

package/dist/scanResult.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildScanResult = buildScanResult;
+const crypto_1 = require("crypto");
+const scoring_1 = require("./scoring");
+/**
+ * Build a canonical {@link ScanResult} from the raw scanner output.
+ *
+ * Call this after `scanRepo()` completes.  The function deterministically
+ * maps the scanner's internal types to the stable external contract.
+ */
+function buildScanResult(raw, opts) {
+    const risk = (0, scoring_1.calculateRiskScore)(raw.findings, {
+        testFiles: raw.inventory.testFiles,
+        cypressTestFiles: raw.inventory.cypressTestFiles,
+        seleniumTestFiles: raw.inventory.seleniumTestFiles,
+    });
+    const effectivePath = opts.repoPath ?? raw.repoPath;
+    // Use explicit display name if provided, otherwise derive from path
+    const repoName = raw.repoDisplayName ?? (effectivePath.split(/[/\\]/).pop() || "unknown").toLowerCase();
+    return {
+        tool: "scantrix",
+        version: opts.version,
+        runId: (0, crypto_1.randomUUID)(),
+        startedAt: opts.startedAt,
+        completedAt: new Date().toISOString(),
+        repo: {
+            path: effectivePath,
+            name: repoName,
+            branch: raw.gitBranch,
+            commit: raw.gitCommit,
+        },
+        findings: raw.findings,
+        summary: {
+            total: raw.findings.length,
+            high: raw.findings.filter(f => f.severity === "high").length,
+            medium: raw.findings.filter(f => f.severity === "medium").length,
+            low: raw.findings.filter(f => f.severity === "low").length,
+            riskScore: risk.riskScore,
+            riskGrade: risk.grade,
+            densityAdjustment: risk.densityInfo,
+        },
+        inventory: raw.inventory,
+    };
+}