codeslick-cli 1.2.2 → 1.2.4

package/dist/src/lib/security/triage-service.js

@@ -0,0 +1,318 @@
+"use strict";
+/**
+ * Smart Triage Service
+ *
+ * Computes priority scores for security issues using multiple signals:
+ * - CVSS Score (base severity)
+ * - EPSS Score (exploit prediction)
+ * - OWASP Category (criticality weight)
+ * - Environment Context (production vs dev)
+ *
+ * Feature 1 Phase 1 (Q1 2026): Alert Deduplication & AutoTriage
+ *
+ * Priority Formula:
+ * priority = cvss * 0.5 + epss * 0.3 + owasp_weight * 0.2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.triageSecurityIssues = triageSecurityIssues;
+exports.getTriageStats = getTriageStats;
+exports.filterByPriority = filterByPriority;
+const epss_service_1 = require("./epss-service");
+/**
+ * OWASP category weights for triage prioritization
+ * Based on OWASP Top 10 2025 criticality
+ */
+const OWASP_WEIGHTS = {
+    // Critical (10.0)
+    'A03:2021 - Injection': 10.0,
+    'A01:2021 - Broken Access Control': 10.0,
+    'A07:2021 - Identification and Authentication Failures': 10.0,
+    // High (8.0)
+    'A02:2021 - Cryptographic Failures': 8.0,
+    'A04:2021 - Insecure Design': 8.0,
+    'A05:2021 - Security Misconfiguration': 8.0,
+    'A08:2021 - Software and Data Integrity Failures': 8.0,
+    // Medium (6.0)
+    'A06:2021 - Vulnerable and Outdated Components': 6.0,
+    'A09:2021 - Security Logging and Monitoring Failures': 6.0,
+    'A10:2021 - Server-Side Request Forgery': 6.0,
+    // Default (5.0)
+    default: 5.0,
+};
+/**
+ * Convert severity to CVSS-like score (0-10)
+ *
+ * @param severity - Security severity level
+ * @param cvssScore - Existing CVSS score if available
+ * @returns CVSS score (0.0-10.0)
+ */
+function severityToCVSS(severity, cvssScore) {
+    if (cvssScore !== undefined) {
+        return cvssScore;
+    }
+    switch (severity) {
+        case 'critical':
+            return 9.5;
+        case 'high':
+            return 8.0;
+        case 'medium':
+            return 5.5;
+        case 'low':
+            return 3.0;
+        default:
+            return 1.0;
+    }
+}
+/**
+ * Get OWASP weight for issue
+ *
+ * @param issue - Security issue
+ * @returns OWASP weight (0.0-10.0)
+ */
+function getOwaspWeight(issue) {
+    if (!issue.owasp) {
+        return OWASP_WEIGHTS.default;
+    }
+    // Extract OWASP category (e.g., "A03:2021 - Injection")
+    const category = issue.owasp;
+    return OWASP_WEIGHTS[category] || OWASP_WEIGHTS.default;
+}
+/**
+ * Extract CVE ID from security issue message
+ *
+ * @param issue - Security issue
+ * @returns CVE ID or null
+ */
+function extractCVE(issue) {
+    const cveMatch = issue.message.match(/CVE-\d{4}-\d{4,7}/i);
+    return cveMatch ? cveMatch[0].toUpperCase() : null;
+}
+/**
+ * Map priority score to priority level
+ *
+ * @param score - Priority score (0.0-10.0)
+ * @returns Priority level
+ */
+function mapScoreToPriority(score) {
+    if (score >= 8.5)
+        return 'critical';
+    if (score >= 6.5)
+        return 'high';
+    if (score >= 4.0)
+        return 'medium';
+    if (score >= 2.0)
+        return 'low';
+    return 'info';
+}
+/**
+ * Generate human-readable triage reason
+ *
+ * @param issue - Security issue
+ * @param cvss - CVSS score
+ * @param epss - EPSS score (optional)
+ * @param owaspWeight - OWASP weight
+ * @param context - Environment context
+ * @returns Triage reason explanation
+ */
+function generateTriageReason(issue, cvss, epss, owaspWeight, context) {
+    const reasons = [];
+    // CVSS component
+    if (cvss >= 9.0) {
+        reasons.push(`CVSS ${cvss.toFixed(1)} (critical)`);
+    }
+    else if (cvss >= 7.0) {
+        reasons.push(`CVSS ${cvss.toFixed(1)} (high)`);
+    }
+    else if (cvss >= 4.0) {
+        reasons.push(`CVSS ${cvss.toFixed(1)}`);
+    }
+    // EPSS component
+    if (epss !== undefined) {
+        if (epss >= 0.7) {
+            reasons.push(`EPSS ${(epss * 100).toFixed(1)}% (high exploit probability)`);
+        }
+        else if (epss >= 0.3) {
+            reasons.push(`EPSS ${(epss * 100).toFixed(1)}% (medium exploit probability)`);
+        }
+        else if (epss >= 0.1) {
+            reasons.push(`EPSS ${(epss * 100).toFixed(1)}%`);
+        }
+    }
+    // OWASP component
+    if (issue.owasp) {
+        const category = issue.owasp.split(' - ')[1] || issue.owasp;
+        if (owaspWeight >= 9.0) {
+            reasons.push(`${category} (OWASP critical)`);
+        }
+        else if (owaspWeight >= 7.0) {
+            reasons.push(`${category} (OWASP high)`);
+        }
+        else {
+            reasons.push(category);
+        }
+    }
+    // Environment context
+    if (context?.isProduction) {
+        reasons.push('production code');
+    }
+    if (context?.hasPublicExposure) {
+        reasons.push('public exposure');
+    }
+    if (context?.hasSensitiveData) {
+        reasons.push('sensitive data');
+    }
+    if (reasons.length === 0) {
+        return `${issue.severity} severity issue`;
+    }
+    return reasons.join(' + ');
+}
+/**
+ * Compute priority score for a single security issue
+ *
+ * @param issue - Security issue
+ * @param epssScore - EPSS score (optional)
+ * @param config - Triage configuration
+ * @returns Priority score (0.0-10.0)
+ */
+function computePriorityScore(issue, epssScore, config) {
+    const cvssWeight = config.cvssWeight ?? 0.5;
+    const epssWeight = config.epssWeight ?? 0.3;
+    const owaspWeight = config.owaspWeight ?? 0.2;
+    // Component scores
+    const cvss = severityToCVSS(issue.severity, issue.cvssScore);
+    const epss = epssScore ?? 0.0; // Default to 0 if no EPSS data
+    const owasp = getOwaspWeight(issue);
+    // Compute weighted priority score
+    let priorityScore = (cvss * cvssWeight) + (epss * 10 * epssWeight) + (owasp * owaspWeight);
+    // Environment context modifiers
+    if (config.environmentContext?.isProduction) {
+        priorityScore *= 1.2; // +20% for production
+    }
+    if (config.environmentContext?.hasPublicExposure) {
+        priorityScore *= 1.15; // +15% for public exposure
+    }
+    if (config.environmentContext?.hasSensitiveData) {
+        priorityScore *= 1.1; // +10% for sensitive data
+    }
+    // Cap at 10.0
+    return Math.min(priorityScore, 10.0);
+}
+/**
+ * Triage a single security issue
+ *
+ * @param issue - Security issue to triage
+ * @param epssScores - Map of CVE -> EPSS score
+ * @param config - Triage configuration
+ * @returns Triage result with priority and reasoning
+ */
+function triageSingleIssue(issue, epssScores, config) {
+    // Extract CVE and get EPSS score
+    const cve = extractCVE(issue);
+    const epssData = cve ? epssScores.get(cve) : undefined;
+    const epssScore = epssData?.epssScore;
+    // Compute priority score
+    const priorityScore = computePriorityScore(issue, epssScore, config);
+    const priority = mapScoreToPriority(priorityScore);
+    // Generate triage reason
+    const cvss = severityToCVSS(issue.severity, issue.cvssScore);
+    const owaspWeight = getOwaspWeight(issue);
+    const triageReason = generateTriageReason(issue, cvss, epssScore, owaspWeight, config.environmentContext);
+    return {
+        issue: {
+            ...issue,
+            priority,
+            triageReason,
+            epssScore,
+            epssPercentile: epssData?.percentile,
+        },
+        priorityScore,
+        priority,
+        triageReason,
+        epssScore,
+    };
+}
+/**
+ * Triage multiple security issues with smart prioritization
+ *
+ * @param issues - Array of security issues to triage
+ * @param config - Triage configuration
+ * @returns Array of triage results sorted by priority (highest first)
+ */
+async function triageSecurityIssues(issues, config = {}) {
+    console.log('[TRIAGE] Service called with', issues.length, 'issues');
+    console.log('[TRIAGE] Config:', config);
+    if (!issues || issues.length === 0) {
+        console.log('[TRIAGE] No issues to triage, returning empty array');
+        return [];
+    }
+    // Extract all CVEs from issues
+    const cves = issues
+        .map(extractCVE)
+        .filter((cve) => cve !== null);
+    console.log('[TRIAGE] Extracted CVEs:', cves);
+    // Fetch EPSS scores for all CVEs
+    let epssScores = new Map();
+    if (cves.length > 0) {
+        try {
+            const scores = await (0, epss_service_1.getEPSSScores)(cves);
+            epssScores = new Map(scores.map(score => [score.cve, score]));
+        }
+        catch (error) {
+            console.warn('[TRIAGE] Failed to fetch EPSS scores:', error);
+            // Continue without EPSS data
+        }
+    }
+    // Triage each issue
+    const results = issues.map(issue => triageSingleIssue(issue, epssScores, config));
+    // Sort by priority score (highest first)
+    results.sort((a, b) => b.priorityScore - a.priorityScore);
+    console.log('[TRIAGE] Triage complete. Returning', results.length, 'results');
+    console.log('[TRIAGE] Sample result:', results[0] ? {
+        priority: results[0].priority,
+        triageReason: results[0].triageReason,
+        epssScore: results[0].epssScore,
+        priorityScore: results[0].priorityScore
+    } : 'No results');
+    return results;
+}
+/**
+ * Get triage statistics for a set of results
+ *
+ * @param results - Triage results
+ * @returns Triage statistics
+ */
+function getTriageStats(results) {
+    const stats = {
+        total: results.length,
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0,
+        info: 0,
+        withEPSS: 0,
+        averagePriority: 0,
+    };
+    let totalPriority = 0;
+    for (const result of results) {
+        stats[result.priority]++;
+        if (result.epssScore !== undefined) {
+            stats.withEPSS++;
+        }
+        totalPriority += result.priorityScore;
+    }
+    stats.averagePriority = stats.total > 0 ? totalPriority / stats.total : 0;
+    return stats;
+}
+/**
+ * Filter triage results by minimum priority level
+ *
+ * @param results - Triage results
+ * @param minPriority - Minimum priority level ('critical' | 'high' | 'medium' | 'low')
+ * @returns Filtered results
+ */
+function filterByPriority(results, minPriority) {
+    const priorityOrder = { critical: 4, high: 3, medium: 2, low: 1, info: 0 };
+    const minLevel = priorityOrder[minPriority];
+    return results.filter(result => priorityOrder[result.priority] >= minLevel);
+}
+//# sourceMappingURL=triage-service.js.map

package/dist/src/lib/security/triage-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"triage-service.js","sourceRoot":"","sources":["../../../../../../src/lib/security/triage-service.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAqSH,oDAgDC;AAQD,wCAkCC;AASD,4CAQC;AA5YD,iDAA0D;AAE1D;;;GAGG;AACH,MAAM,aAAa,GAA2B;IAC5C,kBAAkB;IAClB,sBAAsB,EAAE,IAAI;IAC5B,kCAAkC,EAAE,IAAI;IACxC,uDAAuD,EAAE,IAAI;IAE7D,aAAa;IACb,mCAAmC,EAAE,GAAG;IACxC,4BAA4B,EAAE,GAAG;IACjC,sCAAsC,EAAE,GAAG;IAC3C,iDAAiD,EAAE,GAAG;IAEtD,eAAe;IACf,+CAA+C,EAAE,GAAG;IACpD,qDAAqD,EAAE,GAAG;IAC1D,wCAAwC,EAAE,GAAG;IAE7C,gBAAgB;IAChB,OAAO,EAAE,GAAG;CACb,CAAC;AAiCF;;;;;;GAMG;AACH,SAAS,cAAc,CAAC,QAA0B,EAAE,SAAkB;IACpE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,GAAG,CAAC;QACb,KAAK,MAAM;YACT,OAAO,GAAG,CAAC;QACb,KAAK,QAAQ;YACX,OAAO,GAAG,CAAC;QACb,KAAK,KAAK;YACR,OAAO,GAAG,CAAC;QACb;YACE,OAAO,GAAG,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,KAA4B;IAClD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,wDAAwD;IACxD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC;IAC7B,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,aAAa,CAAC,OAAO,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,SAAS,UAAU,CAAC,KAA4B;IAC9C,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAC3D,OAAO,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACrD,CAAC;AAED;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC;IACpC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IAClC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IAC/B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,oBAAoB,CAC3B,KAA4B,EAC5B,IAAY,EACZ,IAAwB,EACxB,WAAmB,EACnB,OAA4B;IAE5B,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,iBAAiB;IACjB,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IACrD,CAAC;SAAM,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACjD,CAAC;SAAM,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,iBAAiB;IACjB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;YAChB,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC;QAC9E,CAAC;aAAM,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC;QAChF,CAAC;aAAM,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC;QAC5D,IAAI,WAAW,IAAI,GAAG,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,mBAAmB,CAAC,CAAC;QAC/C,CAAC;aAAM,IAAI,WAAW,IAAI,GAAG,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,eAAe,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;QAC1B,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAClC,CAAC;IACD,IAAI,OAAO,EAAE,iBAAiB,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAClC,CAAC;IACD,IAAI,OAAO,EAAE,gBAAgB,EAAE,CAAC;QAC9B,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACjC,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,KAAK,CAAC,QAAQ,iBAAiB,CAAC;IAC5C,CAAC;IAED,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,oBAAoB,CAC3B,KAA4B,EAC5B,SAA6B,EAC7B,MAAoB;IAEpB,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC;IAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,GAAG,CAAC;IAE9C,mBAAmB;IACnB,MAAM,IAAI,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7D,MAAM,IAAI,GAAG,SAAS,IAAI,GAAG,CAAC,CAAC,+BAA+B;IAC9D,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEpC,kCAAkC;IAClC,IAAI,aAAa,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,GAAG,WAAW,CAAC,CAAC;IAE3F,gCAAgC;IAChC,IAAI,MAAM,CAAC,kBAAkB,EAAE,YAAY,EAAE,CAAC;QAC5C,aAAa,IAAI,GAAG,CAAC,CAAC,sBAAsB;IAC9C,CAAC;IACD,IAAI,MAAM,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;QACjD,aAAa,IAAI,IAAI,CAAC,CAAC,2BAA2B;IACpD,CAAC;IACD,IAAI,MAAM,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;QAChD,aAAa,IAAI,GAAG,CAAC,CAAC,0BAA0B;IAClD,CAAC;IAED,cAAc;IACd,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,iBAAiB,CACxB,KAA4B,EAC5B,UAAkC,EAClC,MAAoB;IAEpB,iCAAiC;IACjC,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,MAAM,SAAS,GAAG,QAAQ,EAAE,SAAS,CAAC;IAEtC,yBAAyB;IACzB,MAAM,aAAa,GAAG,oBAAoB,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAEnD,yBAAyB;IACzB,MAAM,IAAI,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7D,MAAM,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,oBAAoB,CACvC,KAAK,EACL,IAAI,EACJ,SAAS,EACT,WAAW,EACX,MAAM,CAAC,kBAAkB,CAC1B,CAAC;IAEF,OAAO;QACL,KAAK,EAAE;YACL,GAAG,KAAK;YACR,QAAQ;YACR,YAAY;YACZ,SAAS;YACT,cAAc,EAAE,QAAQ,EAAE,UAAU;SACrC;QACD,aAAa;QACb,QAAQ;QACR,YAAY;QACZ,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAA+B,EAC/B,SAAuB,EAAE;IAEzB,OAAO,CAAC,GAAG,CAAC,8BAA8B,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;IAExC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QACnE,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,+BAA+B;IAC/B,MAAM,IAAI,GAAG,MAAM;SAChB,GAAG,CAAC,UAAU,CAAC;SACf,MAAM,CAAC,CAAC,GAAG,EAAiB,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IAEhD,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,IAAI,CAAC,CAAC;IAE9C,iCAAiC;IACjC,IAAI,UAAU,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC9C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAa,EAAC,IAAI,CAAC,CAAC;YACzC,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC7D,6BAA6B;QAC/B,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CACjC,iBAAiB,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,CAC7C,CAAC;IAEF,yCAAyC;IACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,aAAa,CAAC,CAAC;IAE1D,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClD,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ;QAC7B,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,YAAY;QACrC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;QAC/B,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,aAAa;KACxC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IAElB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,OAAuB;IAUpD,MAAM,KAAK,GAAG;QACZ,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,IAAI,EAAE,CAAC;QACP,QAAQ,EAAE,CAAC;QACX,eAAe,EAAE,CAAC;KACnB,CAAC;IAEF,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACnC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACnB,CAAC;QACD,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,eAAe,GAAG,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAE1E,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAC9B,OAAuB,EACvB,WAAmD;IAEnD,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC3E,MAAM,QAAQ,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IAE5C,OAAO,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,CAAC;AAC9E,CAAC"}

package/dist/src/lib/types/index.d.ts

@@ -91,6 +91,10 @@ export interface SecurityIssue {
     cvssScore?: number;
     exploitLikelihood?: ExploitLikelihood;
     impact?: SecurityImpact;
+    epssScore?: number;
+    epssPercentile?: number;
+    priority?: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    triageReason?: string;
     owasp?: string;
     cwe?: string;
     pciDss?: string;

package/dist/src/lib/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/types/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,cAAc,CAAC;IAC/B,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,CAAC,EAAE,UAAU,GAAG,OAAO,GAAG,aAAa,CAAC;IACrD,UAAU,CAAC,EAAE,eAAe,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE;QACN,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,UAAU,CAAC,EAAE,KAAK,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,KAAK,EAAE,MAAM,CAAC;YACd,UAAU,EAAE,MAAM,CAAC;YACnB,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;YACvC,UAAU,CAAC,EAAE,KAAK,CAAC;gBAAC,KAAK,EAAE,MAAM,CAAC;gBAAC,GAAG,EAAE,MAAM,CAAC;gBAAC,WAAW,EAAE,MAAM,CAAA;aAAC,CAAC,CAAC;SACvE,CAAC,CAAC;KACJ,CAAC;IACF,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,YAAY,EAAE,CAAC;KACxB,CAAC;IACF,WAAW,EAAE;QACX,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,EAAE,CAAC;KACvB,CAAC;IACF,QAAQ,EAAE;QACR,eAAe,EAAE,aAAa,EAAE,CAAC;KAClC,CAAC;IACF,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAC;QACnB,eAAe,EAAE,MAAM,CAAC;QACxB,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,gBAAgB,CAAC,EAAE,GAAG,CAAC;CACxB;AAED,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE;QACZ,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;QACpC,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,EAAE,CAAC;IACJ,aAAa,EAAE;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE;YACT,IAAI,EAAE,MAAM,CAAC;YACb,WAAW,EAAE,MAAM,CAAC;YACpB,UAAU,EAAE,MAAM,EAAE,CAAC;YACrB,OAAO,EAAE,MAAM,CAAC;SACjB,EAAE,CAAC;QACJ,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;IACF,WAAW,EAAE;QACX,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,KAAK,EAAE;QACL,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEtE,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE1D,MAAM,MAAM,cAAc,GACtB,aAAa,GACb,KAAK,GACL,KAAK,GACL,KAAK,GACL,iBAAiB,GACjB,sBAAsB,GACtB,uBAAuB,GACvB,gBAAgB,GAChB,cAAc,GACd,aAAa,GACb,MAAM,GACN,cAAc,GACd,iBAAiB,GACjB,eAAe,GACf,eAAe,CAAC;AAEpB,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,MAAM,CAAC,EAAE,cAAc,CAAC;IAExB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,YAAY,CAAC,EAAE;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IAEF,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,GAAG,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,MAAM,iBAAiB,GAAG,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,IAAI,CAAC;AAEvF,MAAM,WAAW,UAAU;IACzB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACnE,IAAI,EAAE,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,aAAa,CAAC;IACxD,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,CAAC,EAAE;QACX,QAAQ,EAAE,OAAO,CAAC;QAClB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,aAAa,CAAC;IAC3D,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAID,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/types/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,cAAc,CAAC;IAC/B,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,CAAC,EAAE,UAAU,GAAG,OAAO,GAAG,aAAa,CAAC;IACrD,UAAU,CAAC,EAAE,eAAe,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE;QACN,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,UAAU,CAAC,EAAE,KAAK,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,KAAK,EAAE,MAAM,CAAC;YACd,UAAU,EAAE,MAAM,CAAC;YACnB,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;YACvC,UAAU,CAAC,EAAE,KAAK,CAAC;gBAAC,KAAK,EAAE,MAAM,CAAC;gBAAC,GAAG,EAAE,MAAM,CAAC;gBAAC,WAAW,EAAE,MAAM,CAAA;aAAC,CAAC,CAAC;SACvE,CAAC,CAAC;KACJ,CAAC;IACF,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,YAAY,EAAE,CAAC;KACxB,CAAC;IACF,WAAW,EAAE;QACX,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,EAAE,CAAC;KACvB,CAAC;IACF,QAAQ,EAAE;QACR,eAAe,EAAE,aAAa,EAAE,CAAC;KAClC,CAAC;IACF,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAC;QACnB,eAAe,EAAE,MAAM,CAAC;QACxB,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,gBAAgB,CAAC,EAAE,GAAG,CAAC;CACxB;AAED,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE;QACZ,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;QACpC,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,EAAE,CAAC;IACJ,aAAa,EAAE;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE;YACT,IAAI,EAAE,MAAM,CAAC;YACb,WAAW,EAAE,MAAM,CAAC;YACpB,UAAU,EAAE,MAAM,EAAE,CAAC;YACrB,OAAO,EAAE,MAAM,CAAC;SACjB,EAAE,CAAC;QACJ,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;IACF,WAAW,EAAE;QACX,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,KAAK,EAAE;QACL,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEtE,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE1D,MAAM,MAAM,cAAc,GACtB,aAAa,GACb,KAAK,GACL,KAAK,GACL,KAAK,GACL,iBAAiB,GACjB,sBAAsB,GACtB,uBAAuB,GACvB,gBAAgB,GAChB,cAAc,GACd,aAAa,GACb,MAAM,GACN,cAAc,GACd,iBAAiB,GACjB,eAAe,GACf,eAAe,CAAC;AAEpB,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,MAAM,CAAC,EAAE,cAAc,CAAC;IAExB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,QAAQ,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,YAAY,CAAC,EAAE;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IAEF,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,GAAG,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,MAAM,iBAAiB,GAAG,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,IAAI,CAAC;AAEvF,MAAM,WAAW,UAAU;IACzB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACnE,IAAI,EAAE,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,aAAa,CAAC;IACxD,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,CAAC,EAAE;QACX,QAAQ,EAAE,OAAO,CAAC;QAClB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,aAAa,CAAC;IAC3D,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAID,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeslick-cli",
-  "version": "1.2.2",
+  "version": "1.2.4",
   "description": "CodeSlick CLI tool for pre-commit security scanning",
   "main": "dist/index.js",
   "bin": {

package/src/commands/scan.ts

@@ -22,7 +22,7 @@ import { resolve } from 'path';
 import { glob } from 'glob';
 import ora from 'ora';
 import chalk from 'chalk';
-import { scanFiles, exceedsThreshold, type ScannerConfig } from '../scanner/local-scanner';
+import { scanFiles, type ScannerConfig } from '../scanner/local-scanner';
 import {
   printScanStart,
   printScanComplete,
@@ -34,14 +34,24 @@ import {
   printJSONResults,
   generateMarkdownReport,
   printBriefSummary,
+  printTestStart,
+  printTestResult,
 } from '../reporters/cli-reporter';
+import { runTests, detectTestCommand } from '../utils/test-runner';
 import { loadConfig } from '../config/config-loader';
 import { trackScan } from '../utils/telemetry';
+import {
+  evaluateCLIThresholds,
+  printThresholdResult,
+} from '../utils/threshold-handler';
+import { DEFAULT_THRESHOLD_CONFIG, type ThresholdConfig } from '../../../../src/lib/security/threshold-evaluator';
 
 const execAsync = promisify(exec);
 
 /**
  * Command arguments type
+ *
+ * Winter Roadmap WR2: Added threshold configuration flags
  */
 interface ScanArgs {
   files?: string[];
@@ -52,6 +62,19 @@ interface ScanArgs {
   severity?: 'critical' | 'high' | 'medium' | 'low';
   fix?: boolean;
   json?: boolean;
+
+  // WR2: Threshold configuration flags
+  thresholdEnabled?: boolean;
+  thresholdBlockCritical?: boolean;
+  thresholdBlockHigh?: boolean;
+  thresholdMaxVulnerabilities?: number;
+  thresholdMaxEpss?: number;
+  thresholdExemptPaths?: string[];
+  thresholdFailureMessage?: string;
+
+  // WR2: Test execution integration
+  verify?: boolean; // Run tests after scan
+  testCommand?: string; // Custom test command
 }
 
 /**
@@ -259,10 +282,6 @@ export async function scanCommand(args: ScanArgs): Promise<void> {
       }
     }
 
-    // Check if results exceed threshold
-    const threshold = scannerConfig.severityThreshold || 'critical';
-    const shouldBlock = exceedsThreshold(results, threshold);
-
     // Calculate totals for telemetry and display
     const totalCritical = results.reduce((sum, r) => sum + r.critical, 0);
     const totalHigh = results.reduce((sum, r) => sum + r.high, 0);
@@ -285,15 +304,89 @@ export async function scanCommand(args: ScanArgs): Promise<void> {
       scanDuration: duration,
     }).catch(() => {}); // Ignore telemetry errors
 
-    if (shouldBlock) {
+    // WR2: Build threshold configuration from CLI args or use defaults
+    const thresholdConfig: ThresholdConfig = {
+      enabled: args.thresholdEnabled ?? config.thresholdEnabled ?? DEFAULT_THRESHOLD_CONFIG.enabled,
+      blockOnCritical: args.thresholdBlockCritical ?? config.thresholdBlockCritical ?? DEFAULT_THRESHOLD_CONFIG.blockOnCritical,
+      blockOnHigh: args.thresholdBlockHigh ?? config.thresholdBlockHigh ?? DEFAULT_THRESHOLD_CONFIG.blockOnHigh,
+      maxVulnerabilities: args.thresholdMaxVulnerabilities ?? config.thresholdMaxVulnerabilities ?? DEFAULT_THRESHOLD_CONFIG.maxVulnerabilities,
+      maxEpss: args.thresholdMaxEpss ?? config.thresholdMaxEpss ?? DEFAULT_THRESHOLD_CONFIG.maxEpss,
+      exemptPaths: args.thresholdExemptPaths ?? config.thresholdExemptPaths ?? DEFAULT_THRESHOLD_CONFIG.exemptPaths,
+      failureMessage: args.thresholdFailureMessage ?? config.thresholdFailureMessage,
+    };
+
+    // WR2: Evaluate thresholds using comprehensive threshold system
+    const thresholdResult = evaluateCLIThresholds(results, thresholdConfig);
+
+    // Print threshold evaluation result (if thresholds enabled and not JSON mode)
+    if (thresholdConfig.enabled && !args.json) {
+      printThresholdResult(thresholdResult);
+    }
+
+    // Check if scan failed based on threshold evaluation
+    const shouldBlock = !thresholdResult.passed;
+
+    // WR2: Test execution integration (--verify flag)
+    let testsPassed = true;
+    if (args.verify && !args.json) {
+      try {
+        // Get test command from args, config, or auto-detect
+        const testCommand = args.testCommand || config.testCommand || detectTestCommand();
+
+        if (!testCommand) {
+          console.log('');
+          console.log(chalk.yellow('  ⚠ No test command found'));
+          console.log(chalk.gray('  Specify a test command using --test-command or add "testCommand" to .codeslick.json'));
+          console.log('');
+        } else {
+          printTestStart(testCommand);
+
+          const testResult = await runTests(testCommand, {
+            cwd: process.cwd(),
+            timeout: config.testTimeout || 300000, // 5 minutes default
+            verbose: args.verbose,
+          });
+
+          printTestResult(testResult);
+          testsPassed = testResult.success;
+        }
+      } catch (error) {
+        console.log('');
+        console.log(chalk.red.bold('  ✖ Test execution failed'));
+        console.log(chalk.red(`  ${error instanceof Error ? error.message : 'Unknown error'}`));
+        console.log('');
+        testsPassed = false;
+      }
+    }
+
+    // Determine final exit code
+    // Both security scan and tests must pass
+    const finalSuccess = !shouldBlock && testsPassed;
+
+    if (!finalSuccess) {
       if (!args.json) {
-        printCommitBlocked(threshold, totalCritical, totalHigh, totalMedium, totalLow);
+        // Print failure summary
+        if (shouldBlock && !testsPassed) {
+          console.log(chalk.red.bold('\n  Both security scan and tests failed\n'));
+        } else if (shouldBlock) {
+          // Threshold failure message already printed by printThresholdResult
+          // Just show commit blocked banner if using legacy severity threshold
+          if (!thresholdConfig.enabled) {
+            const threshold = scannerConfig.severityThreshold || 'critical';
+            printCommitBlocked(threshold, totalCritical, totalHigh, totalMedium, totalLow);
+          }
+        } else if (!testsPassed) {
+          console.log(chalk.red.bold('\n  Tests failed - commit blocked\n'));
+        }
       }
 
       process.exit(1); // Exit with failure
     } else {
       if (!args.json) {
         printCommitAllowed();
+        if (args.verify && testsPassed) {
+          console.log(chalk.green('  ✓ Tests passed'));
+        }
       }
 
       process.exit(0); // Exit with success

package/src/config/config-loader.ts

@@ -24,6 +24,8 @@ import { existsSync } from 'fs';
 
 /**
  * CodeSlick configuration interface
+ *
+ * Winter Roadmap WR2: Added threshold configuration fields
  */
 export interface CodeSlickConfig {
   version: string;
@@ -32,6 +34,19 @@ export interface CodeSlickConfig {
   exclude: string[];
   languages: ('javascript' | 'typescript' | 'python' | 'java' | 'go')[];
   telemetry?: boolean; // Enable/disable anonymous usage tracking (default: true)
+
+  // WR2: Threshold configuration (Pass/Fail Gates)
+  thresholdEnabled?: boolean;
+  thresholdBlockCritical?: boolean;
+  thresholdBlockHigh?: boolean;
+  thresholdMaxVulnerabilities?: number;
+  thresholdMaxEpss?: number;
+  thresholdExemptPaths?: string[];
+  thresholdFailureMessage?: string;
+
+  // WR2: Test execution (Verify mode)
+  testCommand?: string; // Command to run tests (e.g., "npm test", "pytest", "go test")
+  testTimeout?: number; // Test timeout in milliseconds (default: 300000 = 5 min)
 }
 
 /**