@vyuhlabs/dxkit 1.5.1 → 1.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (257) hide show
  1. package/CHANGELOG.md +297 -0
  2. package/README.md +265 -352
  3. package/THIRD_PARTY_NOTICES.md +40 -0
  4. package/dist/analyzers/developer/detailed.d.ts +26 -0
  5. package/dist/analyzers/developer/detailed.d.ts.map +1 -0
  6. package/dist/analyzers/developer/detailed.js +193 -0
  7. package/dist/analyzers/developer/detailed.js.map +1 -0
  8. package/dist/analyzers/developer/gather.d.ts +11 -0
  9. package/dist/analyzers/developer/gather.d.ts.map +1 -0
  10. package/dist/analyzers/developer/gather.js +167 -0
  11. package/dist/analyzers/developer/gather.js.map +1 -0
  12. package/dist/analyzers/developer/index.d.ts +8 -0
  13. package/dist/analyzers/developer/index.d.ts.map +1 -0
  14. package/dist/analyzers/developer/index.js +168 -0
  15. package/dist/analyzers/developer/index.js.map +1 -0
  16. package/dist/analyzers/developer/types.d.ts +49 -0
  17. package/dist/analyzers/developer/types.d.ts.map +1 -0
  18. package/dist/analyzers/developer/types.js +6 -0
  19. package/dist/analyzers/developer/types.js.map +1 -0
  20. package/dist/analyzers/docs/shallow.d.ts +9 -0
  21. package/dist/analyzers/docs/shallow.d.ts.map +1 -0
  22. package/dist/analyzers/docs/shallow.js +8 -0
  23. package/dist/analyzers/docs/shallow.js.map +1 -0
  24. package/dist/analyzers/dx/shallow.d.ts +9 -0
  25. package/dist/analyzers/dx/shallow.d.ts.map +1 -0
  26. package/dist/analyzers/dx/shallow.js +8 -0
  27. package/dist/analyzers/dx/shallow.js.map +1 -0
  28. package/dist/analyzers/evidence.d.ts +36 -0
  29. package/dist/analyzers/evidence.d.ts.map +1 -0
  30. package/dist/analyzers/evidence.js +3 -0
  31. package/dist/analyzers/evidence.js.map +1 -0
  32. package/dist/analyzers/health/actions.d.ts +10 -0
  33. package/dist/analyzers/health/actions.d.ts.map +1 -0
  34. package/dist/analyzers/health/actions.js +284 -0
  35. package/dist/analyzers/health/actions.js.map +1 -0
  36. package/dist/analyzers/health/detailed.d.ts +26 -0
  37. package/dist/analyzers/health/detailed.d.ts.map +1 -0
  38. package/dist/analyzers/health/detailed.js +147 -0
  39. package/dist/analyzers/health/detailed.js.map +1 -0
  40. package/dist/analyzers/health.d.ts +22 -0
  41. package/dist/analyzers/health.d.ts.map +1 -0
  42. package/dist/analyzers/health.js +270 -0
  43. package/dist/analyzers/health.js.map +1 -0
  44. package/dist/analyzers/index.d.ts +3 -0
  45. package/dist/analyzers/index.d.ts.map +1 -0
  46. package/dist/analyzers/index.js +6 -0
  47. package/dist/analyzers/index.js.map +1 -0
  48. package/dist/analyzers/maintainability/shallow.d.ts +9 -0
  49. package/dist/analyzers/maintainability/shallow.d.ts.map +1 -0
  50. package/dist/analyzers/maintainability/shallow.js +8 -0
  51. package/dist/analyzers/maintainability/shallow.js.map +1 -0
  52. package/dist/analyzers/quality/actions.d.ts +5 -0
  53. package/dist/analyzers/quality/actions.d.ts.map +1 -0
  54. package/dist/analyzers/quality/actions.js +158 -0
  55. package/dist/analyzers/quality/actions.js.map +1 -0
  56. package/dist/analyzers/quality/detailed.d.ts +17 -0
  57. package/dist/analyzers/quality/detailed.d.ts.map +1 -0
  58. package/dist/analyzers/quality/detailed.js +122 -0
  59. package/dist/analyzers/quality/detailed.js.map +1 -0
  60. package/dist/analyzers/quality/gather.d.ts +38 -0
  61. package/dist/analyzers/quality/gather.d.ts.map +1 -0
  62. package/dist/analyzers/quality/gather.js +279 -0
  63. package/dist/analyzers/quality/gather.js.map +1 -0
  64. package/dist/analyzers/quality/index.d.ts +12 -0
  65. package/dist/analyzers/quality/index.d.ts.map +1 -0
  66. package/dist/analyzers/quality/index.js +281 -0
  67. package/dist/analyzers/quality/index.js.map +1 -0
  68. package/dist/analyzers/quality/shallow.d.ts +9 -0
  69. package/dist/analyzers/quality/shallow.d.ts.map +1 -0
  70. package/dist/analyzers/quality/shallow.js +8 -0
  71. package/dist/analyzers/quality/shallow.js.map +1 -0
  72. package/dist/analyzers/quality/types.d.ts +66 -0
  73. package/dist/analyzers/quality/types.d.ts.map +1 -0
  74. package/dist/analyzers/quality/types.js +3 -0
  75. package/dist/analyzers/quality/types.js.map +1 -0
  76. package/dist/analyzers/remediation.d.ts +42 -0
  77. package/dist/analyzers/remediation.d.ts.map +1 -0
  78. package/dist/analyzers/remediation.js +28 -0
  79. package/dist/analyzers/remediation.js.map +1 -0
  80. package/dist/analyzers/scoring.d.ts +32 -0
  81. package/dist/analyzers/scoring.d.ts.map +1 -0
  82. package/dist/analyzers/scoring.js +410 -0
  83. package/dist/analyzers/scoring.js.map +1 -0
  84. package/dist/analyzers/security/actions.d.ts +7 -0
  85. package/dist/analyzers/security/actions.d.ts.map +1 -0
  86. package/dist/analyzers/security/actions.js +104 -0
  87. package/dist/analyzers/security/actions.js.map +1 -0
  88. package/dist/analyzers/security/detailed.d.ts +14 -0
  89. package/dist/analyzers/security/detailed.d.ts.map +1 -0
  90. package/dist/analyzers/security/detailed.js +124 -0
  91. package/dist/analyzers/security/detailed.js.map +1 -0
  92. package/dist/analyzers/security/gather.d.ts +12 -0
  93. package/dist/analyzers/security/gather.d.ts.map +1 -0
  94. package/dist/analyzers/security/gather.js +195 -0
  95. package/dist/analyzers/security/gather.js.map +1 -0
  96. package/dist/analyzers/security/index.d.ts +8 -0
  97. package/dist/analyzers/security/index.d.ts.map +1 -0
  98. package/dist/analyzers/security/index.js +178 -0
  99. package/dist/analyzers/security/index.js.map +1 -0
  100. package/dist/analyzers/security/scoring.d.ts +29 -0
  101. package/dist/analyzers/security/scoring.d.ts.map +1 -0
  102. package/dist/analyzers/security/scoring.js +40 -0
  103. package/dist/analyzers/security/scoring.js.map +1 -0
  104. package/dist/analyzers/security/shallow.d.ts +10 -0
  105. package/dist/analyzers/security/shallow.d.ts.map +1 -0
  106. package/dist/analyzers/security/shallow.js +8 -0
  107. package/dist/analyzers/security/shallow.js.map +1 -0
  108. package/dist/analyzers/security/types.d.ts +43 -0
  109. package/dist/analyzers/security/types.d.ts.map +1 -0
  110. package/dist/analyzers/security/types.js +6 -0
  111. package/dist/analyzers/security/types.js.map +1 -0
  112. package/dist/analyzers/tests/actions.d.ts +6 -0
  113. package/dist/analyzers/tests/actions.d.ts.map +1 -0
  114. package/dist/analyzers/tests/actions.js +80 -0
  115. package/dist/analyzers/tests/actions.js.map +1 -0
  116. package/dist/analyzers/tests/detailed.d.ts +14 -0
  117. package/dist/analyzers/tests/detailed.d.ts.map +1 -0
  118. package/dist/analyzers/tests/detailed.js +121 -0
  119. package/dist/analyzers/tests/detailed.js.map +1 -0
  120. package/dist/analyzers/tests/gather.d.ts +5 -0
  121. package/dist/analyzers/tests/gather.d.ts.map +1 -0
  122. package/dist/analyzers/tests/gather.js +270 -0
  123. package/dist/analyzers/tests/gather.js.map +1 -0
  124. package/dist/analyzers/tests/import-graph.d.ts +48 -0
  125. package/dist/analyzers/tests/import-graph.d.ts.map +1 -0
  126. package/dist/analyzers/tests/import-graph.js +231 -0
  127. package/dist/analyzers/tests/import-graph.js.map +1 -0
  128. package/dist/analyzers/tests/index.d.ts +8 -0
  129. package/dist/analyzers/tests/index.d.ts.map +1 -0
  130. package/dist/analyzers/tests/index.js +247 -0
  131. package/dist/analyzers/tests/index.js.map +1 -0
  132. package/dist/analyzers/tests/scoring.d.ts +27 -0
  133. package/dist/analyzers/tests/scoring.d.ts.map +1 -0
  134. package/dist/analyzers/tests/scoring.js +38 -0
  135. package/dist/analyzers/tests/scoring.js.map +1 -0
  136. package/dist/analyzers/tests/shallow.d.ts +9 -0
  137. package/dist/analyzers/tests/shallow.d.ts.map +1 -0
  138. package/dist/analyzers/tests/shallow.js +8 -0
  139. package/dist/analyzers/tests/shallow.js.map +1 -0
  140. package/dist/analyzers/tests/types.d.ts +49 -0
  141. package/dist/analyzers/tests/types.d.ts.map +1 -0
  142. package/dist/analyzers/tests/types.js +6 -0
  143. package/dist/analyzers/tests/types.js.map +1 -0
  144. package/dist/analyzers/tools/cloc.d.ts +8 -0
  145. package/dist/analyzers/tools/cloc.d.ts.map +1 -0
  146. package/dist/analyzers/tools/cloc.js +49 -0
  147. package/dist/analyzers/tools/cloc.js.map +1 -0
  148. package/dist/analyzers/tools/coverage.d.ts +59 -0
  149. package/dist/analyzers/tools/coverage.d.ts.map +1 -0
  150. package/dist/analyzers/tools/coverage.js +280 -0
  151. package/dist/analyzers/tools/coverage.js.map +1 -0
  152. package/dist/analyzers/tools/cvss-v4-lookup.d.ts +10 -0
  153. package/dist/analyzers/tools/cvss-v4-lookup.d.ts.map +1 -0
  154. package/dist/analyzers/tools/cvss-v4-lookup.js +284 -0
  155. package/dist/analyzers/tools/cvss-v4-lookup.js.map +1 -0
  156. package/dist/analyzers/tools/cvss-v4.d.ts +24 -0
  157. package/dist/analyzers/tools/cvss-v4.d.ts.map +1 -0
  158. package/dist/analyzers/tools/cvss-v4.js +362 -0
  159. package/dist/analyzers/tools/cvss-v4.js.map +1 -0
  160. package/dist/analyzers/tools/default-exclusions.gitignore +56 -0
  161. package/dist/analyzers/tools/exclusions.d.ts +70 -0
  162. package/dist/analyzers/tools/exclusions.d.ts.map +1 -0
  163. package/dist/analyzers/tools/exclusions.js +250 -0
  164. package/dist/analyzers/tools/exclusions.js.map +1 -0
  165. package/dist/analyzers/tools/generic.d.ts +4 -0
  166. package/dist/analyzers/tools/generic.d.ts.map +1 -0
  167. package/dist/analyzers/tools/generic.js +198 -0
  168. package/dist/analyzers/tools/generic.js.map +1 -0
  169. package/dist/analyzers/tools/gitleaks.d.ts +8 -0
  170. package/dist/analyzers/tools/gitleaks.d.ts.map +1 -0
  171. package/dist/analyzers/tools/gitleaks.js +58 -0
  172. package/dist/analyzers/tools/gitleaks.js.map +1 -0
  173. package/dist/analyzers/tools/graphify.d.ts +4 -0
  174. package/dist/analyzers/tools/graphify.d.ts.map +1 -0
  175. package/dist/analyzers/tools/graphify.js +222 -0
  176. package/dist/analyzers/tools/graphify.js.map +1 -0
  177. package/dist/analyzers/tools/osv.d.ts +51 -0
  178. package/dist/analyzers/tools/osv.d.ts.map +1 -0
  179. package/dist/analyzers/tools/osv.js +188 -0
  180. package/dist/analyzers/tools/osv.js.map +1 -0
  181. package/dist/analyzers/tools/parallel.d.ts +8 -0
  182. package/dist/analyzers/tools/parallel.d.ts.map +1 -0
  183. package/dist/analyzers/tools/parallel.js +195 -0
  184. package/dist/analyzers/tools/parallel.js.map +1 -0
  185. package/dist/analyzers/tools/runner.d.ts +13 -0
  186. package/dist/analyzers/tools/runner.d.ts.map +1 -0
  187. package/dist/analyzers/tools/runner.js +109 -0
  188. package/dist/analyzers/tools/runner.js.map +1 -0
  189. package/dist/analyzers/tools/suppressions.d.ts +55 -0
  190. package/dist/analyzers/tools/suppressions.d.ts.map +1 -0
  191. package/dist/analyzers/tools/suppressions.js +203 -0
  192. package/dist/analyzers/tools/suppressions.js.map +1 -0
  193. package/dist/analyzers/tools/timing.d.ts +9 -0
  194. package/dist/analyzers/tools/timing.d.ts.map +1 -0
  195. package/dist/analyzers/tools/timing.js +29 -0
  196. package/dist/analyzers/tools/timing.js.map +1 -0
  197. package/dist/analyzers/tools/tool-registry.d.ts +86 -0
  198. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -0
  199. package/dist/analyzers/tools/tool-registry.js +705 -0
  200. package/dist/analyzers/tools/tool-registry.js.map +1 -0
  201. package/dist/analyzers/types.d.ts +125 -0
  202. package/dist/analyzers/types.d.ts.map +1 -0
  203. package/dist/analyzers/types.js +11 -0
  204. package/dist/analyzers/types.js.map +1 -0
  205. package/dist/cli.d.ts.map +1 -1
  206. package/dist/cli.js +413 -0
  207. package/dist/cli.js.map +1 -1
  208. package/dist/detect.d.ts.map +1 -1
  209. package/dist/detect.js +24 -15
  210. package/dist/detect.js.map +1 -1
  211. package/dist/languages/csharp.d.ts +5 -0
  212. package/dist/languages/csharp.d.ts.map +1 -0
  213. package/dist/languages/csharp.js +265 -0
  214. package/dist/languages/csharp.js.map +1 -0
  215. package/dist/languages/go.d.ts +11 -0
  216. package/dist/languages/go.d.ts.map +1 -0
  217. package/dist/languages/go.js +321 -0
  218. package/dist/languages/go.js.map +1 -0
  219. package/dist/languages/index.d.ts +6 -0
  220. package/dist/languages/index.d.ts.map +1 -0
  221. package/dist/languages/index.js +18 -0
  222. package/dist/languages/index.js.map +1 -0
  223. package/dist/languages/python.d.ts +3 -0
  224. package/dist/languages/python.d.ts.map +1 -0
  225. package/dist/languages/python.js +284 -0
  226. package/dist/languages/python.js.map +1 -0
  227. package/dist/languages/rust.d.ts +17 -0
  228. package/dist/languages/rust.d.ts.map +1 -0
  229. package/dist/languages/rust.js +333 -0
  230. package/dist/languages/rust.js.map +1 -0
  231. package/dist/languages/types.d.ts +38 -0
  232. package/dist/languages/types.d.ts.map +1 -0
  233. package/dist/languages/types.js +3 -0
  234. package/dist/languages/types.js.map +1 -0
  235. package/dist/languages/typescript.d.ts +15 -0
  236. package/dist/languages/typescript.d.ts.map +1 -0
  237. package/dist/languages/typescript.js +353 -0
  238. package/dist/languages/typescript.js.map +1 -0
  239. package/dist/logger.d.ts +1 -0
  240. package/dist/logger.d.ts.map +1 -1
  241. package/dist/logger.js +25 -12
  242. package/dist/logger.js.map +1 -1
  243. package/dist/project-yaml.d.ts.map +1 -1
  244. package/dist/project-yaml.js +1 -0
  245. package/dist/project-yaml.js.map +1 -1
  246. package/dist/tools-cli.d.ts +2 -0
  247. package/dist/tools-cli.d.ts.map +1 -0
  248. package/dist/tools-cli.js +231 -0
  249. package/dist/tools-cli.js.map +1 -0
  250. package/dist/types.d.ts +10 -0
  251. package/dist/types.d.ts.map +1 -1
  252. package/package.json +6 -2
  253. package/templates/.claude/commands/dev-report.md +34 -4
  254. package/templates/.claude/commands/health.md +45 -2
  255. package/templates/.claude/commands/quality.md.template +38 -15
  256. package/templates/.claude/commands/test-gaps.md +36 -2
  257. package/templates/.claude/commands/vulnerabilities.md +36 -2
@@ -0,0 +1,124 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.buildSecurityDetailed = buildSecurityDetailed;
4
+ exports.formatSecurityDetailedMarkdown = formatSecurityDetailedMarkdown;
5
+ const remediation_1 = require("../remediation");
6
+ const actions_1 = require("./actions");
7
+ const scoring_1 = require("./scoring");
8
+ function buildSecurityDetailed(report) {
9
+ const counts = (0, actions_1.countsFromReport)(report);
10
+ const actions = (0, remediation_1.rank)((0, actions_1.buildSecurityActions)(report), counts, scoring_1.scoreSecurityCounts);
11
+ return {
12
+ ...report,
13
+ schemaVersion: '10c.1',
14
+ securityScore: (0, scoring_1.scoreSecurityCounts)(counts).score,
15
+ actions,
16
+ };
17
+ }
18
+ const SEV_ORDER = { critical: 0, high: 1, medium: 2, low: 3 };
19
+ function formatSecurityDetailedMarkdown(detailed, elapsed) {
20
+ const L = [];
21
+ const s = detailed.summary.findings;
22
+ const d = detailed.summary.dependencies;
23
+ L.push('# Vulnerability Scan — Detailed');
24
+ L.push('');
25
+ L.push(`**Date:** ${detailed.analyzedAt.slice(0, 10)}`);
26
+ L.push(`**Repository:** ${detailed.repo}`);
27
+ L.push(`**Branch:** ${detailed.branch} (${detailed.commitSha})`);
28
+ L.push(`**Security Score:** ${detailed.securityScore}/100`);
29
+ L.push(`**Schema version:** ${detailed.schemaVersion}`);
30
+ L.push('');
31
+ L.push('---');
32
+ L.push('');
33
+ // Summary
34
+ L.push('## Summary');
35
+ L.push('');
36
+ L.push(`Code findings: ${s.critical}C ${s.high}H ${s.medium}M ${s.low}L (${s.total} total). ` +
37
+ (d.tool
38
+ ? `Dependency vulns: ${d.critical}C ${d.high}H ${d.medium}M ${d.low}L (${d.total}, via ${d.tool}).`
39
+ : 'No dependency audit data.'));
40
+ L.push('');
41
+ L.push('---');
42
+ L.push('');
43
+ // Ranked actions
44
+ L.push('## Recommended Actions');
45
+ L.push('');
46
+ if (detailed.actions.length === 0) {
47
+ L.push('No security findings — nothing to remediate.');
48
+ }
49
+ else {
50
+ L.push('Actions are ranked by projected score improvement.');
51
+ L.push('');
52
+ L.push('| # | Action | Score Δ | Projected |');
53
+ L.push('|---|--------|--------:|----------:|');
54
+ detailed.actions.forEach((a, i) => {
55
+ L.push(`| ${i + 1} | ${a.title} | +${a.scoreDelta} | ${a.projectedScore}/100 |`);
56
+ });
57
+ L.push('');
58
+ for (const a of detailed.actions) {
59
+ L.push(`### ${a.title} (+${a.scoreDelta})`);
60
+ L.push('');
61
+ L.push(`- **ID:** \`${a.id}\``);
62
+ L.push(`- **Baseline:** ${a.baselineScore}/100`);
63
+ L.push(`- **Projected:** ${a.projectedScore}/100`);
64
+ if (a.rationale)
65
+ L.push(`- **Why:** ${a.rationale}`);
66
+ if (a.evidence.length) {
67
+ L.push('- **Evidence:**');
68
+ for (const e of a.evidence.slice(0, 20)) {
69
+ const loc = e.line ? `:${e.line}` : '';
70
+ L.push(` - \`${e.file}${loc}\` — ${e.message || e.rule}`);
71
+ }
72
+ if (a.evidence.length > 20) {
73
+ L.push(` - … and ${a.evidence.length - 20} more`);
74
+ }
75
+ }
76
+ L.push('');
77
+ }
78
+ }
79
+ L.push('---');
80
+ L.push('');
81
+ // Full findings inventory
82
+ L.push('## Findings Inventory');
83
+ L.push('');
84
+ const sorted = [...detailed.findings].sort((a, b) => SEV_ORDER[a.severity] - SEV_ORDER[b.severity] || a.file.localeCompare(b.file));
85
+ if (sorted.length === 0) {
86
+ L.push('No code findings.');
87
+ }
88
+ else {
89
+ L.push('| Severity | Rule | File:Line | Tool | CWE |');
90
+ L.push('|----------|------|-----------|------|-----|');
91
+ for (const f of sorted) {
92
+ L.push(`| ${f.severity.toUpperCase()} | \`${f.rule}\` | \`${f.file}${f.line ? ':' + f.line : ''}\` | ${f.tool} | ${f.cwe || '—'} |`);
93
+ }
94
+ }
95
+ L.push('');
96
+ L.push('---');
97
+ L.push('');
98
+ // Dependencies
99
+ if (d.tool) {
100
+ L.push('## Dependency Vulnerabilities');
101
+ L.push('');
102
+ L.push(`Tool: ${d.tool}`);
103
+ L.push('');
104
+ L.push('| Severity | Count |');
105
+ L.push('|----------|------:|');
106
+ L.push(`| Critical | ${d.critical} |`);
107
+ L.push(`| High | ${d.high} |`);
108
+ L.push(`| Medium | ${d.medium} |`);
109
+ L.push(`| Low | ${d.low} |`);
110
+ L.push(`| **Total** | **${d.total}** |`);
111
+ L.push('');
112
+ L.push('---');
113
+ L.push('');
114
+ }
115
+ L.push(`**Tools used:** ${detailed.toolsUsed.join(', ')}`);
116
+ if (detailed.toolsUnavailable.length > 0) {
117
+ L.push(`**Tools unavailable:** ${detailed.toolsUnavailable.join(', ')}`);
118
+ }
119
+ L.push(`**Analysis time:** ${elapsed}s`);
120
+ L.push('');
121
+ L.push('*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit) — detailed mode*');
122
+ return L.join('\n');
123
+ }
124
+ //# sourceMappingURL=detailed.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"detailed.js","sourceRoot":"","sources":["../../../src/analyzers/security/detailed.ts"],"names":[],"mappings":";;AAcA,sDASC;AAID,wEAsHC;AA7ID,gDAAoD;AACpD,uCAAmE;AACnE,uCAAgE;AAQhE,SAAgB,qBAAqB,CAAC,MAAsB;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAC,MAAM,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,IAAA,kBAAI,EAAC,IAAA,8BAAoB,EAAC,MAAM,CAAC,EAAE,MAAM,EAAE,6BAAmB,CAAC,CAAC;IAChF,OAAO;QACL,GAAG,MAAM;QACT,aAAa,EAAE,OAAO;QACtB,aAAa,EAAE,IAAA,6BAAmB,EAAC,MAAM,CAAC,CAAC,KAAK;QAChD,OAAO;KACR,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAExF,SAAgB,8BAA8B,CAC5C,QAAgC,EAChC,OAAe;IAEf,MAAM,CAAC,GAAa,EAAE,CAAC;IACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;IACpC,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC;IAExC,CAAC,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAC1C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,eAAe,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,CAAC;IACjE,CAAC,CAAC,IAAI,CAAC,uBAAuB,QAAQ,CAAC,aAAa,MAAM,CAAC,CAAC;IAC5D,CAAC,CAAC,IAAI,CAAC,uBAAuB,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,UAAU;IACV,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CACJ,kBAAkB,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,WAAW;QACpF,CAAC,CAAC,CAAC,IAAI;YACL,CAAC,CAAC,qBAAqB,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,IAAI,IAAI;YACnG,CAAC,CAAC,2BAA2B,CAAC,CACnC,CAAC;IACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,iBAAiB;IACjB,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAChC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,UAAU,MAAM,CAAC,CAAC,cAAc,QAAQ,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,aAAa,MAAM,CAAC,CAAC;YACjD,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,cAAc,MAAM,CAAC,CAAC;YACnD,IAAI,CAAC,CAAC,SAAS;gBAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;YACrD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACtB,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBAC1B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;oBACxC,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,GAAG,GAAG,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC7D,CAAC;gBACD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAC3B,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC;YACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;IACH,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,0BAA0B;IAC1B,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAChC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,MAAM,MAAM,GAAsB,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAC3D,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CACxF,CAAC;IACF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvD,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAC7H,CAAC;QACJ,CAAC;IACH,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,eAAe;IACf,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACxC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3D,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,0BAA0B,QAAQ,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CACJ,gGAAgG,CACjG,CAAC;IACF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
@@ -0,0 +1,12 @@
1
+ import { SecurityFinding, DepVulnSummary } from './types';
2
+ export declare function gatherSecrets(cwd: string): {
3
+ findings: SecurityFinding[];
4
+ toolUsed: string | null;
5
+ };
6
+ export declare function gatherFileFindings(cwd: string): SecurityFinding[];
7
+ export declare function gatherCodePatterns(cwd: string): {
8
+ findings: SecurityFinding[];
9
+ toolUsed: string | null;
10
+ };
11
+ export declare function gatherDepVulns(cwd: string): DepVulnSummary;
12
+ //# sourceMappingURL=gather.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gather.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAW1D,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG;IAC1C,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAyCA;AAID,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,EAAE,CAuCjE;AAiCD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG;IAC/C,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CA8CA;AAuCD,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAgB1D"}
@@ -0,0 +1,195 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.gatherSecrets = gatherSecrets;
4
+ exports.gatherFileFindings = gatherFileFindings;
5
+ exports.gatherCodePatterns = gatherCodePatterns;
6
+ exports.gatherDepVulns = gatherDepVulns;
7
+ /**
8
+ * Security finding gatherers — one function per tool, no overlap.
9
+ *
10
+ * Tool boundaries:
11
+ * gitleaks → secrets (hardcoded credentials, API keys, private keys in source)
12
+ * find/git → private key files on disk (.key, .pem), .env tracked in git
13
+ * semgrep → code patterns (eval, exec, TLS, CORS, SQLi, XSS, SSRF, etc.)
14
+ * npm audit → dependency CVEs
15
+ */
16
+ const detect_1 = require("../../detect");
17
+ const runner_1 = require("../tools/runner");
18
+ const tool_registry_1 = require("../tools/tool-registry");
19
+ const exclusions_1 = require("../tools/exclusions");
20
+ function gatherSecrets(cwd) {
21
+ const status = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.gitleaks, cwd);
22
+ if (!status.available || !status.path)
23
+ return { findings: [], toolUsed: null };
24
+ const reportPath = `/tmp/dxkit-gitleaks-${Date.now()}.json`;
25
+ (0, runner_1.run)(`${status.path} detect --source '${cwd}' --report-format json --report-path '${reportPath}' --no-git --exit-code 0 2>/dev/null`, cwd, 120000);
26
+ const raw = (0, runner_1.run)(`cat '${reportPath}' 2>/dev/null`, cwd);
27
+ (0, runner_1.run)(`rm -f '${reportPath}'`, cwd);
28
+ if (!raw)
29
+ return { findings: [], toolUsed: 'gitleaks' };
30
+ try {
31
+ const entries = JSON.parse(raw);
32
+ if (!Array.isArray(entries))
33
+ return { findings: [], toolUsed: 'gitleaks' };
34
+ // Post-filter via the centralized exclusions predicate so we never drift
35
+ // between tools on what counts as "ignored".
36
+ const findings = entries
37
+ .filter((e) => {
38
+ const relPath = e.File.replace(cwd + '/', '').replace(cwd, '');
39
+ return !(0, exclusions_1.isExcludedPath)(cwd, relPath);
40
+ })
41
+ .map((e) => ({
42
+ severity: e.RuleID === 'private-key' ? 'critical' : 'high',
43
+ category: 'secret',
44
+ cwe: 'CWE-798',
45
+ rule: e.RuleID,
46
+ title: e.Description,
47
+ file: e.File.replace(cwd + '/', '').replace(cwd, ''),
48
+ line: e.StartLine,
49
+ tool: 'gitleaks',
50
+ }));
51
+ return { findings, toolUsed: 'gitleaks' };
52
+ }
53
+ catch {
54
+ return { findings: [], toolUsed: 'gitleaks' };
55
+ }
56
+ }
57
+ // ─── find/git: private key files, .env in git ───────────────────────────────
58
+ function gatherFileFindings(cwd) {
59
+ const findings = [];
60
+ const EXCLUDE = (0, exclusions_1.getFindExcludeFlags)(cwd, false); // don't exclude source paths for security scanning
61
+ // Private key / cert files on disk
62
+ const keyFiles = (0, runner_1.run)(`find . \\( -name "*.key" -o -name "*.pem" \\) ${EXCLUDE} 2>/dev/null`, cwd);
63
+ if (keyFiles) {
64
+ for (const f of keyFiles.split('\n').filter((l) => l.trim())) {
65
+ findings.push({
66
+ severity: 'critical',
67
+ category: 'secret',
68
+ cwe: 'CWE-798',
69
+ rule: 'private-key-file',
70
+ title: `Private key or certificate file: ${f.replace('./', '')}`,
71
+ file: f.replace('./', ''),
72
+ line: 0,
73
+ tool: 'find',
74
+ });
75
+ }
76
+ }
77
+ // .env tracked in git
78
+ const envFiles = (0, runner_1.run)('git ls-files .env .env.* 2>/dev/null', cwd);
79
+ if (envFiles) {
80
+ for (const f of envFiles.split('\n').filter((l) => l.trim())) {
81
+ findings.push({
82
+ severity: 'high',
83
+ category: 'config',
84
+ cwe: 'CWE-798',
85
+ rule: 'env-in-git',
86
+ title: `.env file tracked in git: ${f}`,
87
+ file: f,
88
+ line: 0,
89
+ tool: 'git',
90
+ });
91
+ }
92
+ }
93
+ return findings;
94
+ }
95
+ function mapSeverity(sgSeverity, impact) {
96
+ // Primary: use semgrep's impact field (most meaningful)
97
+ const imp = (impact || '').toUpperCase();
98
+ if (imp === 'HIGH')
99
+ return sgSeverity === 'ERROR' ? 'critical' : 'high';
100
+ if (imp === 'MEDIUM')
101
+ return 'medium';
102
+ if (imp === 'LOW')
103
+ return 'low';
104
+ // Fallback: semgrep severity
105
+ if (sgSeverity === 'ERROR')
106
+ return 'high';
107
+ if (sgSeverity === 'WARNING')
108
+ return 'medium';
109
+ return 'low';
110
+ }
111
+ function gatherCodePatterns(cwd) {
112
+ const status = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.semgrep ?? {}, cwd);
113
+ if (!status.available || !status.path)
114
+ return { findings: [], toolUsed: null };
115
+ // Derive rulesets from detected stack — not hardcoded
116
+ const stack = (0, detect_1.detect)(cwd);
117
+ const rulesets = (0, tool_registry_1.getSemgrepRulesets)(stack.languages);
118
+ const configs = rulesets.map((r) => `--config ${r}`).join(' ');
119
+ const excludes = (0, exclusions_1.getSemgrepExcludeFlags)(cwd);
120
+ const reportPath = `/tmp/dxkit-semgrep-${Date.now()}.json`;
121
+ (0, runner_1.run)(`${status.path} scan ${configs} --json --quiet --output '${reportPath}' ${excludes} '${cwd}' 2>/dev/null`, cwd, 300000);
122
+ const raw = (0, runner_1.run)(`cat '${reportPath}' 2>/dev/null`, cwd);
123
+ (0, runner_1.run)(`rm -f '${reportPath}'`, cwd);
124
+ if (!raw)
125
+ return { findings: [], toolUsed: 'semgrep' };
126
+ try {
127
+ const data = JSON.parse(raw);
128
+ if (!Array.isArray(data.results))
129
+ return { findings: [], toolUsed: 'semgrep' };
130
+ const findings = data.results
131
+ .filter((r) => {
132
+ // Skip LOW confidence to cut false positives
133
+ const conf = (r.extra.metadata?.confidence || '').toUpperCase();
134
+ return conf !== 'LOW';
135
+ })
136
+ .map((r) => ({
137
+ severity: mapSeverity(r.extra.severity, r.extra.metadata?.impact),
138
+ category: 'code',
139
+ cwe: r.extra.metadata?.cwe?.[0]?.split(':')[0] || '',
140
+ rule: r.check_id.split('.').slice(-1)[0],
141
+ title: r.extra.message.split('\n')[0].slice(0, 200),
142
+ file: r.path.replace(cwd + '/', '').replace(cwd, ''),
143
+ line: r.start.line,
144
+ tool: 'semgrep',
145
+ }));
146
+ return { findings, toolUsed: 'semgrep' };
147
+ }
148
+ catch {
149
+ return { findings: [], toolUsed: 'semgrep' };
150
+ }
151
+ }
152
+ function parseAuditJson(raw) {
153
+ try {
154
+ const data = JSON.parse(raw);
155
+ if (data.metadata?.vulnerabilities) {
156
+ const v = data.metadata.vulnerabilities;
157
+ return { c: v.critical || 0, h: v.high || 0, m: v.moderate || 0, l: v.low || 0 };
158
+ }
159
+ if (data.vulnerabilities) {
160
+ let c = 0, h = 0, m = 0, l = 0;
161
+ for (const v of Object.values(data.vulnerabilities)) {
162
+ if (v.severity === 'critical')
163
+ c++;
164
+ else if (v.severity === 'high')
165
+ h++;
166
+ else if (v.severity === 'moderate')
167
+ m++;
168
+ else if (v.severity === 'low')
169
+ l++;
170
+ }
171
+ return { c, h, m, l };
172
+ }
173
+ return null;
174
+ }
175
+ catch {
176
+ return null;
177
+ }
178
+ }
179
+ function gatherDepVulns(cwd) {
180
+ if (!(0, runner_1.fileExists)(cwd, 'package.json'))
181
+ return { critical: 0, high: 0, medium: 0, low: 0, total: 0, tool: null };
182
+ const raw = (0, runner_1.run)('npm audit --json 2>&1', cwd, 60000);
183
+ const result = raw ? parseAuditJson(raw) : null;
184
+ if (!result)
185
+ return { critical: 0, high: 0, medium: 0, low: 0, total: 0, tool: null };
186
+ return {
187
+ critical: result.c,
188
+ high: result.h,
189
+ medium: result.m,
190
+ low: result.l,
191
+ total: result.c + result.h + result.m + result.l,
192
+ tool: 'npm-audit',
193
+ };
194
+ }
195
+ //# sourceMappingURL=gather.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gather.js","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":";;AAwBA,sCA4CC;AAID,gDAuCC;AAiCD,gDAiDC;AAuCD,wCAgBC;AAxPD;;;;;;;;GAQG;AACH,yCAAsC;AACtC,4CAAkD;AAClD,0DAAiF;AACjF,oDAAkG;AAYlG,SAAgB,aAAa,CAAC,GAAW;IAIvC,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACjD,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAE/E,MAAM,UAAU,GAAG,uBAAuB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC5D,IAAA,YAAG,EACD,GAAG,MAAM,CAAC,IAAI,qBAAqB,GAAG,yCAAyC,UAAU,sCAAsC,EAC/H,GAAG,EACH,MAAM,CACP,CAAC;IACF,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,QAAQ,UAAU,eAAe,EAAE,GAAG,CAAC,CAAC;IACxD,IAAA,YAAG,EAAC,UAAU,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAExD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;QACnD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;QAE3E,yEAAyE;QACzE,6CAA6C;QAC7C,MAAM,QAAQ,GAAsB,OAAO;aACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACZ,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAA,2BAAc,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC,CAAC;aACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,QAAQ,EAAE,CAAC,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC,CAAE,UAAoB,CAAC,CAAC,CAAE,MAAgB;YAChF,QAAQ,EAAE,QAAiB;YAC3B,GAAG,EAAE,SAAS;YACd,IAAI,EAAE,CAAC,CAAC,MAAM;YACd,KAAK,EAAE,CAAC,CAAC,WAAW;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;YACpD,IAAI,EAAE,CAAC,CAAC,SAAS;YACjB,IAAI,EAAE,UAAU;SACjB,CAAC,CAAC,CAAC;QAEN,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAChD,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,mDAAmD;IAEpG,mCAAmC;IACnC,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,iDAAiD,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAClG,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,oCAAoC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE;gBAChE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACzB,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAClE,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,6BAA6B,CAAC,EAAE;gBACvC,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAqBD,SAAS,WAAW,CAAC,UAAkB,EAAE,MAAe;IACtD,wDAAwD;IACxD,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,GAAG,KAAK,MAAM;QAAE,OAAO,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;IACxE,IAAI,GAAG,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IACtC,IAAI,GAAG,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAChC,6BAA6B;IAC7B,IAAI,UAAU,KAAK,OAAO;QAAE,OAAO,MAAM,CAAC;IAC1C,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IAC9C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAgB,kBAAkB,CAAC,GAAW;IAI5C,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,OAAO,IAAK,EAAY,EAAE,GAAG,CAAC,CAAC;IACjE,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAE/E,sDAAsD;IACtD,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,GAAG,CAAC,CAAC;IAC1B,MAAM,QAAQ,GAAG,IAAA,kCAAkB,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,IAAA,mCAAsB,EAAC,GAAG,CAAC,CAAC;IAE7C,MAAM,UAAU,GAAG,sBAAsB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC3D,IAAA,YAAG,EACD,GAAG,MAAM,CAAC,IAAI,SAAS,OAAO,6BAA6B,UAAU,KAAK,QAAQ,KAAK,GAAG,eAAe,EACzG,GAAG,EACH,MAAM,CACP,CAAC;IACF,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,QAAQ,UAAU,eAAe,EAAE,GAAG,CAAC,CAAC;IACxD,IAAA,YAAG,EAAC,UAAU,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;QAE/E,MAAM,QAAQ,GAAsB,IAAI,CAAC,OAAO;aAC7C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACZ,6CAA6C;YAC7C,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YAChE,OAAO,IAAI,KAAK,KAAK,CAAC;QACxB,CAAC,CAAC;aACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC;YACjE,QAAQ,EAAE,MAAe;YACzB,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;YACpD,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YACnD,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;YACpD,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI;YAClB,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC,CAAC;QAEN,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;AACH,CAAC;AAaD,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QACxD,IAAI,IAAI,CAAC,QAAQ,EAAE,eAAe,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC;YACxC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC;QACnF,CAAC;QACD,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,IAAI,CAAC,GAAG,CAAC,EACP,CAAC,GAAG,CAAC,EACL,CAAC,GAAG,CAAC,EACL,CAAC,GAAG,CAAC,CAAC;YACR,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;gBACpD,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;oBAAE,CAAC,EAAE,CAAC;qBAC9B,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;oBAAE,CAAC,EAAE,CAAC;qBAC/B,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;oBAAE,CAAC,EAAE,CAAC;qBACnC,IAAI,CAAC,CAAC,QAAQ,KAAK,KAAK;oBAAE,CAAC,EAAE,CAAC;YACrC,CAAC;YACD,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;QACxB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,cAAc,CAAC,GAAW;IACxC,IAAI,CAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,cAAc,CAAC;QAClC,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAE3E,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,uBAAuB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEtF,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC,CAAC;QACd,MAAM,EAAE,MAAM,CAAC,CAAC;QAChB,GAAG,EAAE,MAAM,CAAC,CAAC;QACb,KAAK,EAAE,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;QAChD,IAAI,EAAE,WAAW;KAClB,CAAC;AACJ,CAAC"}
@@ -0,0 +1,8 @@
1
+ import { SecurityReport } from './types';
2
+ export type { SecurityReport, SecurityFinding } from './types';
3
+ export interface AnalyzeSecurityOptions {
4
+ verbose?: boolean;
5
+ }
6
+ export declare function analyzeSecurity(repoPath: string, options?: AnalyzeSecurityOptions): SecurityReport;
7
+ export declare function formatSecurityReport(report: SecurityReport, elapsed: string): string;
8
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,cAAc,EAA6B,MAAM,SAAS,CAAC;AAEpE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAQD,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,sBAA2B,GACnC,cAAc,CAwChB;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CA0FpF"}
@@ -0,0 +1,178 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.analyzeSecurity = analyzeSecurity;
37
+ exports.formatSecurityReport = formatSecurityReport;
38
+ /**
39
+ * Security analyzer — public API.
40
+ */
41
+ const path = __importStar(require("path"));
42
+ const detect_1 = require("../../detect");
43
+ const runner_1 = require("../tools/runner");
44
+ const timing_1 = require("../tools/timing");
45
+ const gather_1 = require("./gather");
46
+ function countBySeverity(findings) {
47
+ const counts = { critical: 0, high: 0, medium: 0, low: 0 };
48
+ for (const f of findings)
49
+ counts[f.severity]++;
50
+ return counts;
51
+ }
52
+ function analyzeSecurity(repoPath, options = {}) {
53
+ const verbose = !!options.verbose;
54
+ const stack = (0, detect_1.detect)(repoPath);
55
+ const toolsUsed = ['find', 'git'];
56
+ const toolsUnavailable = [];
57
+ // 1. Secrets (gitleaks)
58
+ const secrets = (0, timing_1.timed)('gitleaks', verbose, () => (0, gather_1.gatherSecrets)(repoPath));
59
+ if (secrets.toolUsed)
60
+ toolsUsed.push(secrets.toolUsed);
61
+ else
62
+ toolsUnavailable.push('gitleaks');
63
+ // 2. File findings (private keys, .env)
64
+ const files = (0, timing_1.timed)('file-findings', verbose, () => (0, gather_1.gatherFileFindings)(repoPath));
65
+ // 3. Code patterns (semgrep)
66
+ const code = (0, timing_1.timed)('semgrep', verbose, () => (0, gather_1.gatherCodePatterns)(repoPath));
67
+ if (code.toolUsed)
68
+ toolsUsed.push(code.toolUsed);
69
+ else
70
+ toolsUnavailable.push('semgrep');
71
+ // 4. Dependency CVEs (npm audit)
72
+ const deps = (0, timing_1.timed)('dep-audit', verbose, () => (0, gather_1.gatherDepVulns)(repoPath));
73
+ if (deps.tool)
74
+ toolsUsed.push(deps.tool);
75
+ else
76
+ toolsUnavailable.push('npm-audit');
77
+ const allFindings = [...secrets.findings, ...files, ...code.findings];
78
+ const counts = countBySeverity(allFindings);
79
+ return {
80
+ repo: stack.projectName || path.basename(repoPath),
81
+ analyzedAt: new Date().toISOString(),
82
+ commitSha: (0, runner_1.run)('git rev-parse --short HEAD 2>/dev/null', repoPath),
83
+ branch: (0, runner_1.run)('git rev-parse --abbrev-ref HEAD 2>/dev/null', repoPath),
84
+ summary: {
85
+ findings: { ...counts, total: allFindings.length },
86
+ dependencies: deps,
87
+ },
88
+ findings: allFindings,
89
+ toolsUsed,
90
+ toolsUnavailable,
91
+ };
92
+ }
93
+ function formatSecurityReport(report, elapsed) {
94
+ const L = [];
95
+ L.push('# Vulnerability Scan Report');
96
+ L.push('');
97
+ L.push(`**Date:** ${report.analyzedAt.slice(0, 10)}`);
98
+ L.push(`**Repository:** ${report.repo}`);
99
+ L.push(`**Branch:** ${report.branch} (${report.commitSha})`);
100
+ L.push('');
101
+ L.push('---');
102
+ L.push('');
103
+ // Executive summary
104
+ const s = report.summary.findings;
105
+ L.push('## Executive Summary');
106
+ L.push('');
107
+ L.push('| Severity | Count |');
108
+ L.push('|----------|-------|');
109
+ L.push(`| CRITICAL | ${s.critical} |`);
110
+ L.push(`| HIGH | ${s.high} |`);
111
+ L.push(`| MEDIUM | ${s.medium} |`);
112
+ L.push(`| LOW | ${s.low} |`);
113
+ L.push(`| **Total** | **${s.total}** |`);
114
+ L.push('');
115
+ const d = report.summary.dependencies;
116
+ if (d.tool) {
117
+ L.push(`Dependency audit: ${d.critical}C ${d.high}H ${d.medium}M ${d.low}L (${d.total} total, via ${d.tool}).`);
118
+ }
119
+ L.push('');
120
+ L.push('---');
121
+ L.push('');
122
+ // Findings grouped by category. Section numbers are assigned dynamically —
123
+ // empty categories are skipped entirely, so the rendered document never
124
+ // jumps from "## 1. ..." to "## 4. ..." when middle sections have no
125
+ // findings.
126
+ const categories = [
127
+ { key: 'secret', title: 'Secrets & Credentials' },
128
+ { key: 'code', title: 'Code Vulnerability Patterns' },
129
+ { key: 'config', title: 'Configuration Issues' },
130
+ ];
131
+ const SORDER = { critical: 0, high: 1, medium: 2, low: 3 };
132
+ let sectionNum = 1;
133
+ for (const cat of categories) {
134
+ const items = report.findings
135
+ .filter((f) => f.category === cat.key)
136
+ .sort((a, b) => SORDER[a.severity] - SORDER[b.severity]);
137
+ if (items.length === 0)
138
+ continue;
139
+ L.push(`## ${sectionNum}. ${cat.title}`);
140
+ L.push('');
141
+ for (const f of items) {
142
+ L.push(`### ${f.severity.toUpperCase()}: ${f.title}`);
143
+ L.push(`- **File:** \`${f.file}${f.line ? ':' + f.line : ''}\``);
144
+ if (f.cwe)
145
+ L.push(`- **CWE:** ${f.cwe}`);
146
+ L.push(`- **Tool:** ${f.tool} / ${f.rule}`);
147
+ L.push('');
148
+ }
149
+ L.push('---');
150
+ L.push('');
151
+ sectionNum++;
152
+ }
153
+ // Dependencies
154
+ if (d.tool) {
155
+ L.push(`## ${sectionNum}. Dependency Vulnerabilities`);
156
+ L.push('');
157
+ L.push('| Severity | Count |');
158
+ L.push('|----------|-------|');
159
+ L.push(`| Critical | ${d.critical} |`);
160
+ L.push(`| High | ${d.high} |`);
161
+ L.push(`| Medium | ${d.medium} |`);
162
+ L.push(`| Low | ${d.low} |`);
163
+ L.push(`| **Total** | **${d.total}** |`);
164
+ L.push('');
165
+ L.push('---');
166
+ L.push('');
167
+ }
168
+ // Footer
169
+ L.push(`**Tools used:** ${report.toolsUsed.join(', ')}`);
170
+ if (report.toolsUnavailable.length > 0) {
171
+ L.push(`**Tools unavailable:** ${report.toolsUnavailable.join(', ')}`);
172
+ }
173
+ L.push(`**Analysis time:** ${elapsed}s`);
174
+ L.push('');
175
+ L.push('*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*');
176
+ return L.join('\n');
177
+ }
178
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBA,0CA2CC;AAED,oDA0FC;AA7JD;;GAEG;AACH,2CAA6B;AAC7B,yCAAsC;AACtC,4CAAsC;AACtC,4CAAwC;AACxC,qCAAiG;AASjG,SAAS,eAAe,CAAC,QAA2B;IAClD,MAAM,MAAM,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IACrF,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC/C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,eAAe,CAC7B,QAAgB,EAChB,UAAkC,EAAE;IAEpC,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAClC,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAa,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAA,cAAK,EAAC,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,sBAAa,EAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,IAAI,OAAO,CAAC,QAAQ;QAAE,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;;QAClD,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAEvC,wCAAwC;IACxC,MAAM,KAAK,GAAG,IAAA,cAAK,EAAC,eAAe,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,2BAAkB,EAAC,QAAQ,CAAC,CAAC,CAAC;IAElF,6BAA6B;IAC7B,MAAM,IAAI,GAAG,IAAA,cAAK,EAAC,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,2BAAkB,EAAC,QAAQ,CAAC,CAAC,CAAC;IAC3E,IAAI,IAAI,CAAC,QAAQ;QAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;;QAC5C,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEtC,iCAAiC;IACjC,MAAM,IAAI,GAAG,IAAA,cAAK,EAAC,WAAW,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,uBAAc,EAAC,QAAQ,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,CAAC,IAAI;QAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;;QACpC,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAExC,MAAM,WAAW,GAAG,CAAC,GAAG,OAAO,CAAC,QAAQ,EAAE,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;IAE5C,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,OAAO,EAAE;YACP,QAAQ,EAAE,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,WAAW,CAAC,MAAM,EAAE;YAClD,YAAY,EAAE,IAAI;SACnB;QACD,QAAQ,EAAE,WAAW;QACrB,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,SAAgB,oBAAoB,CAAC,MAAsB,EAAE,OAAe;IAC1E,MAAM,CAAC,GAAa,EAAE,CAAC;IACvB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IACtC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oBAAoB;IACpB,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;IACnC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;IACtC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qBAAqB,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,IAAI,IAAI,CACxG,CAAC;IACJ,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,2EAA2E;IAC3E,wEAAwE;IACxE,qEAAqE;IACrE,YAAY;IACZ,MAAM,UAAU,GAA0C;QACxD,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,uBAAuB,EAAE;QACjD,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,6BAA6B,EAAE;QACrD,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,sBAAsB,EAAE;KACjD,CAAC;IACF,MAAM,MAAM,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAEnF,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ;aAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,GAAG,CAAC;aACrC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC3D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEjC,CAAC,CAAC,IAAI,CAAC,MAAM,UAAU,KAAK,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YACjE,IAAI,CAAC,CAAC,GAAG;gBAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACzC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,UAAU,EAAE,CAAC;IACf,CAAC;IAED,eAAe;IACf,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,MAAM,UAAU,8BAA8B,CAAC,CAAC;QACvD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,SAAS;IACT,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IACzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
@@ -0,0 +1,29 @@
1
+ /**
2
+ * Security scoring — internal scorer over finding+dep counts, used for
3
+ * RemediationAction ranking in detailed reports.
4
+ *
5
+ * Distinct from src/analyzers/scoring.ts scoreSecurity() which operates on
6
+ * HealthMetrics for the health dimension rollup. This scorer is scoped to
7
+ * SecurityReport's own shape so remediation actions can simulate deltas
8
+ * without going through HealthMetrics.
9
+ */
10
+ /** Counts summarized from a SecurityReport. Patches produce a new snapshot. */
11
+ export interface SecurityCounts {
12
+ critical: number;
13
+ high: number;
14
+ medium: number;
15
+ low: number;
16
+ depCritical: number;
17
+ depHigh: number;
18
+ depMedium: number;
19
+ depLow: number;
20
+ }
21
+ /**
22
+ * 0-100 security score from finding + dep counts.
23
+ * Mirrors the health-side scoreSecurity() thresholds so projected values stay
24
+ * intuitive to users who also read the health report.
25
+ */
26
+ export declare function scoreSecurityCounts(c: SecurityCounts): {
27
+ score: number;
28
+ };
29
+ //# sourceMappingURL=scoring.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scoring.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/scoring.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,+EAA+E;AAC/E,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,cAAc,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAiBxE"}
@@ -0,0 +1,40 @@
1
+ "use strict";
2
+ /**
3
+ * Security scoring — internal scorer over finding+dep counts, used for
4
+ * RemediationAction ranking in detailed reports.
5
+ *
6
+ * Distinct from src/analyzers/scoring.ts scoreSecurity() which operates on
7
+ * HealthMetrics for the health dimension rollup. This scorer is scoped to
8
+ * SecurityReport's own shape so remediation actions can simulate deltas
9
+ * without going through HealthMetrics.
10
+ */
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.scoreSecurityCounts = scoreSecurityCounts;
13
+ /**
14
+ * 0-100 security score from finding + dep counts.
15
+ * Mirrors the health-side scoreSecurity() thresholds so projected values stay
16
+ * intuitive to users who also read the health report.
17
+ */
18
+ function scoreSecurityCounts(c) {
19
+ let score = 100;
20
+ if (c.critical > 10)
21
+ score -= 25;
22
+ else if (c.critical > 5)
23
+ score -= 20;
24
+ else if (c.critical > 0)
25
+ score -= 15;
26
+ if (c.high > 5)
27
+ score -= 10;
28
+ else if (c.high > 0)
29
+ score -= 5;
30
+ if (c.medium > 10)
31
+ score -= 5;
32
+ if (c.depCritical > 0)
33
+ score -= 15;
34
+ if (c.depHigh > 5)
35
+ score -= 10;
36
+ else if (c.depHigh > 0)
37
+ score -= 5;
38
+ return { score: Math.max(0, Math.min(100, score)) };
39
+ }
40
+ //# sourceMappingURL=scoring.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scoring.js","sourceRoot":"","sources":["../../../src/analyzers/security/scoring.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;AAmBH,kDAiBC;AAtBD;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,CAAiB;IACnD,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,IAAI,CAAC,CAAC,QAAQ,GAAG,EAAE;QAAE,KAAK,IAAI,EAAE,CAAC;SAC5B,IAAI,CAAC,CAAC,QAAQ,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;SAChC,IAAI,CAAC,CAAC,QAAQ,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAErC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;SACvB,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC;QAAE,KAAK,IAAI,CAAC,CAAC;IAEhC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE;QAAE,KAAK,IAAI,CAAC,CAAC;IAE9B,IAAI,CAAC,CAAC,WAAW,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;SAC1B,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC;QAAE,KAAK,IAAI,CAAC,CAAC;IAEnC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;AACtD,CAAC"}