cognium-ai 2.14.3 → 2.14.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +27 -4
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -14,6 +14,7 @@ npm install -g cognium-ai
14
14
  cognium-ai scan <path> # Scan for security vulnerabilities (LLM-enhanced)
15
15
  cognium-ai trust <path> # Trust score across 36 passes (supply chain, security, AI safety, compliance)
16
16
  cognium-ai quality <path> # Quality score (complexity, tests, docs, maintainability, performance)
17
+ cognium-ai secrets <path> # Scan working tree + Git history for hardcoded secrets (LLM-verified)
17
18
  cognium-ai spec-diff <path> # Spec-gap analysis (code vs Specifica spec alignment)
18
19
  cognium-ai generate-spec <path> # Generate Specifica spec from code
19
20
 
@@ -23,10 +24,10 @@ cognium-ai version # Show component versions
23
24
  ```
24
25
 
25
26
  Run `cognium-ai <command> --help` for command-specific options. Several
26
- additional commands (`dead-code`, `secrets`, `health`, `metrics`,
27
- `understand`, `cluster`, `compare`, `analyze-skill`, `benchmark`) are
28
- available but currently undergoing CLI polish — they remain callable but
29
- are hidden from the headline `--help` until they soak.
27
+ additional commands (`dead-code`, `health`, `metrics`, `understand`,
28
+ `cluster`, `compare`, `analyze-skill`, `benchmark`) are available but
29
+ currently undergoing CLI polish — they remain callable but are hidden
30
+ from the headline `--help` until they soak.
30
31
 
31
32
  ## Scan Options
32
33
 
@@ -47,6 +48,28 @@ cognium-ai scan src/ --exit-code # Exit 1 on findings (CI)
47
48
  across all 36 trust passes (richer than `scan -f sarif`, which is
48
49
  scoped to OWASP Top 10 findings only).
49
50
 
51
+ ## Secret Scanning
52
+
53
+ ```bash
54
+ cognium-ai secrets src/ # working tree + last 100 commits (LLM verify on)
55
+ cognium-ai secrets src/ --no-history # working tree only
56
+ cognium-ai secrets src/ --max-commits 500 # deeper Git history
57
+ cognium-ai secrets src/ --include-category aws --include-category github
58
+ cognium-ai secrets src/ --exclude-category high-entropy
59
+ cognium-ai secrets src/ --min-confidence 0.9 # keep only highly-confident findings
60
+ cognium-ai secrets src/ --min-confidence 0 # legacy: keep all (including raw high-entropy)
61
+ cognium-ai secrets src/ --llm-verify-budget 0 # disable LLM verify (static patterns only)
62
+ cognium-ai secrets src/ --severity high # high+ severity only
63
+ cognium-ai secrets src/ -f json -o secrets.json # JSON output
64
+ cognium-ai secrets src/ --exit-code # Exit 1 on findings (CI)
65
+ ```
66
+
67
+ `--severity` and `--min-confidence` are orthogonal: severity filters by
68
+ the detector's declared severity (`critical|high|medium|low`); confidence
69
+ filters by the per-finding score (raw bucket prior + optional LLM verify).
70
+ Run `cognium-ai secrets --help` for the full flag list and pattern
71
+ categories.
72
+
50
73
  ## LLM Configuration
51
74
 
52
75
  Configure via CLI flags or environment variables (flags take precedence):
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cognium-ai",
3
- "version": "2.14.3",
3
+ "version": "2.14.4",
4
4
  "description": "AI-powered static analysis CLI with LLM-enhanced vulnerability detection",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",