aura-security 0.5.2 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/database/index.js +13 -17
  2. package/dist/index.js +32 -4
  3. package/package.json +1 -1
package/dist/database/index.js CHANGED
@@ -478,24 +478,20 @@ export class AuditorDatabase {
478
478
  };
479
479
  }
480
480
  getAggregateScore() {
481
- // Get totals from all audits
482
- const stmt = this.db.prepare(`
483
- SELECT
484
- SUM(critical) as critical,
485
- SUM(high) as high,
486
- SUM(medium) as medium,
487
- SUM(low) as low
488
- FROM audits
489
- `);
490
- const row = stmt.get();
491
- const counts = {
492
- critical: row.critical || 0,
493
- high: row.high || 0,
494
- medium: row.medium || 0,
495
- low: row.low || 0
496
- };
497
- const score = calculateSecurityScore(counts);
481
+ // Get the latest score from score_history (most recent scan)
482
+ const latest = this.getLatestScore();
498
483
  const trend = this.getScoreTrend(undefined, 10);
484
+ if (latest) {
485
+ const score = calculateSecurityScore({
486
+ critical: latest.critical,
487
+ high: latest.high,
488
+ medium: latest.medium,
489
+ low: latest.low
490
+ });
491
+ return { ...score, trend };
492
+ }
493
+ // No scores yet - return perfect score
494
+ const score = calculateSecurityScore({ critical: 0, high: 0, medium: 0, low: 0 });
499
495
  return { ...score, trend };
500
496
  }
501
497
  // ============ CLEANUP ============
package/dist/index.js CHANGED
@@ -344,6 +344,30 @@ async function main() {
344
344
  });
345
345
  console.log(`[AURA] Remote scan complete in ${remoteResult.cloneDuration + remoteResult.scanDuration}ms`);
346
346
  console.log(`[AURA] Found: ${remoteResult.secrets.length} secrets, ${remoteResult.packages.length} vulns`);
347
+ // Save to database and calculate score
348
+ try {
349
+ const db = server.getDatabase();
350
+ const auditId = db.saveAudit('code', gitUrl, remoteResult);
351
+ console.log(`[AURA] Remote scan saved to database: ${auditId}`);
352
+ // Calculate and save security score
353
+ const scoreCounts = {
354
+ critical: (remoteResult.secrets?.filter((s) => s.severity === 'critical').length || 0) +
355
+ (remoteResult.packages?.filter((p) => p.severity === 'critical').length || 0),
356
+ high: (remoteResult.secrets?.filter((s) => s.severity === 'high').length || 0) +
357
+ (remoteResult.packages?.filter((p) => p.severity === 'high').length || 0),
358
+ medium: (remoteResult.secrets?.filter((s) => s.severity === 'medium').length || 0) +
359
+ (remoteResult.packages?.filter((p) => p.severity === 'medium').length || 0) +
360
+ (remoteResult.sastFindings?.length || 0),
361
+ low: (remoteResult.secrets?.filter((s) => s.severity === 'low').length || 0) +
362
+ (remoteResult.packages?.filter((p) => p.severity === 'low').length || 0) +
363
+ (remoteResult.envFiles?.length || 0)
364
+ };
365
+ const score = db.saveScore(gitUrl, auditId, scoreCounts);
366
+ console.log(`[AURA] Security score: ${score.score} (${score.grade})`);
367
+ }
368
+ catch (dbErr) {
369
+ console.error('[AURA] Failed to save remote scan to database:', dbErr);
370
+ }
347
371
  // Convert to audit input and run through pipeline
348
372
  const scanner = new LocalScanner({ targetPath: remoteResult.path });
349
373
  const auditInput = scanner.toAuditorInput(remoteResult);
@@ -500,11 +524,15 @@ async function main() {
500
524
  console.log(`[AURA] Scan result saved to database: ${auditId}`);
501
525
  // Calculate and save security score
502
526
  const scoreCounts = {
503
- critical: scanResult.secrets?.filter((s) => s.severity === 'critical').length || 0,
504
- high: scanResult.secrets?.filter((s) => s.severity === 'high').length || 0,
505
- medium: (scanResult.packages?.filter((p) => p.severity === 'medium').length || 0) +
527
+ critical: (scanResult.secrets?.filter((s) => s.severity === 'critical').length || 0) +
528
+ (scanResult.packages?.filter((p) => p.severity === 'critical').length || 0),
529
+ high: (scanResult.secrets?.filter((s) => s.severity === 'high').length || 0) +
530
+ (scanResult.packages?.filter((p) => p.severity === 'high').length || 0),
531
+ medium: (scanResult.secrets?.filter((s) => s.severity === 'medium').length || 0) +
532
+ (scanResult.packages?.filter((p) => p.severity === 'medium').length || 0) +
506
533
  (scanResult.sastFindings?.length || 0),
507
- low: (scanResult.packages?.filter((p) => p.severity === 'low').length || 0) +
534
+ low: (scanResult.secrets?.filter((s) => s.severity === 'low').length || 0) +
535
+ (scanResult.packages?.filter((p) => p.severity === 'low').length || 0) +
508
536
  (scanResult.envFiles?.length || 0)
509
537
  };
510
538
  const score = db.saveScore(scanResult.path, auditId, scoreCounts);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "aura-security",
3
- "version": "0.5.2",
3
+ "version": "0.5.4",
4
4
  "description": "Deterministic security auditing engine with optional AI advisory layer. Run as CLI, CI step, or service. AI does not make enforcement decisions.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",