cognium-ai 2.14.3 → 2.14.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -4
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -14,6 +14,7 @@ npm install -g cognium-ai
|
|
|
14
14
|
cognium-ai scan <path> # Scan for security vulnerabilities (LLM-enhanced)
|
|
15
15
|
cognium-ai trust <path> # Trust score across 36 passes (supply chain, security, AI safety, compliance)
|
|
16
16
|
cognium-ai quality <path> # Quality score (complexity, tests, docs, maintainability, performance)
|
|
17
|
+
cognium-ai secrets <path> # Scan working tree + Git history for hardcoded secrets (LLM-verified)
|
|
17
18
|
cognium-ai spec-diff <path> # Spec-gap analysis (code vs Specifica spec alignment)
|
|
18
19
|
cognium-ai generate-spec <path> # Generate Specifica spec from code
|
|
19
20
|
|
|
@@ -23,10 +24,10 @@ cognium-ai version # Show component versions
|
|
|
23
24
|
```
|
|
24
25
|
|
|
25
26
|
Run `cognium-ai <command> --help` for command-specific options. Several
|
|
26
|
-
additional commands (`dead-code`, `
|
|
27
|
-
`
|
|
28
|
-
|
|
29
|
-
|
|
27
|
+
additional commands (`dead-code`, `health`, `metrics`, `understand`,
|
|
28
|
+
`cluster`, `compare`, `analyze-skill`, `benchmark`) are available but
|
|
29
|
+
currently undergoing CLI polish — they remain callable but are hidden
|
|
30
|
+
from the headline `--help` until they soak.
|
|
30
31
|
|
|
31
32
|
## Scan Options
|
|
32
33
|
|
|
@@ -47,6 +48,28 @@ cognium-ai scan src/ --exit-code # Exit 1 on findings (CI)
|
|
|
47
48
|
across all 36 trust passes (richer than `scan -f sarif`, which is
|
|
48
49
|
scoped to OWASP Top 10 findings only).
|
|
49
50
|
|
|
51
|
+
## Secret Scanning
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
cognium-ai secrets src/ # working tree + last 100 commits (LLM verify on)
|
|
55
|
+
cognium-ai secrets src/ --no-history # working tree only
|
|
56
|
+
cognium-ai secrets src/ --max-commits 500 # deeper Git history
|
|
57
|
+
cognium-ai secrets src/ --include-category aws --include-category github
|
|
58
|
+
cognium-ai secrets src/ --exclude-category high-entropy
|
|
59
|
+
cognium-ai secrets src/ --min-confidence 0.9 # keep only highly-confident findings
|
|
60
|
+
cognium-ai secrets src/ --min-confidence 0 # legacy: keep all (including raw high-entropy)
|
|
61
|
+
cognium-ai secrets src/ --llm-verify-budget 0 # disable LLM verify (static patterns only)
|
|
62
|
+
cognium-ai secrets src/ --severity high # high+ severity only
|
|
63
|
+
cognium-ai secrets src/ -f json -o secrets.json # JSON output
|
|
64
|
+
cognium-ai secrets src/ --exit-code # Exit 1 on findings (CI)
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
`--severity` and `--min-confidence` are orthogonal: severity filters by
|
|
68
|
+
the detector's declared severity (`critical|high|medium|low`); confidence
|
|
69
|
+
filters by the per-finding score (raw bucket prior + optional LLM verify).
|
|
70
|
+
Run `cognium-ai secrets --help` for the full flag list and pattern
|
|
71
|
+
categories.
|
|
72
|
+
|
|
50
73
|
## LLM Configuration
|
|
51
74
|
|
|
52
75
|
Configure via CLI flags or environment variables (flags take precedence):
|