configsentry 0.0.20 → 0.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +8 -3
  2. package/dist/cli.js +26 -12
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -15,7 +15,7 @@ npx configsentry ./docker-compose.yml
15
15
  ### GitHub Action (minimal)
16
16
 
17
17
  ```yml
18
- - uses: alfredMorgenstern/configsentry@v0.0.18
18
+ - uses: alfredMorgenstern/configsentry@v0.0.21
19
19
  with:
20
20
  target: .
21
21
  ```
@@ -27,7 +27,7 @@ permissions:
27
27
  contents: read
28
28
  security-events: write
29
29
 
30
- - uses: alfredMorgenstern/configsentry@v0.0.18
30
+ - uses: alfredMorgenstern/configsentry@v0.0.21
31
31
  with:
32
32
  target: .
33
33
  sarif: true
@@ -100,6 +100,11 @@ node dist/cli.js --target ./docker-compose.yml --baseline .configsentry-baseline
100
100
  - Troubleshooting / FAQ: [`docs/troubleshooting.md`](docs/troubleshooting.md)
101
101
  - Launch pack (links + demo assets): [`docs/launch-pack.md`](docs/launch-pack.md)
102
102
 
103
+ ### Footguns (short explainers)
104
+ - Docker socket mount: [`docs/footguns/docker-socket.md`](docs/footguns/docker-socket.md)
105
+ - Exposed DB ports: [`docs/footguns/exposed-db-ports.md`](docs/footguns/exposed-db-ports.md)
106
+ - Risky host mounts: [`docs/footguns/host-mounts.md`](docs/footguns/host-mounts.md)
107
+
103
108
  ## Use in GitHub Actions (copy/paste)
104
109
 
105
110
  More examples: [`docs/action-usage.md`](docs/action-usage.md)
@@ -139,7 +144,7 @@ jobs:
139
144
  runs-on: ubuntu-latest
140
145
  steps:
141
146
  - uses: actions/checkout@v4
142
- - uses: alfredMorgenstern/configsentry@v0.0.18
147
+ - uses: alfredMorgenstern/configsentry@v0.0.21
143
148
  with:
144
149
  target: .
145
150
  # optional: baseline: .configsentry-baseline.json
package/dist/cli.js CHANGED
@@ -14,7 +14,17 @@ function parseArgs(argv) {
14
14
  const version = args.includes('-v') || args.includes('--version');
15
15
  const json = args.includes('--json');
16
16
  const sarif = args.includes('--sarif');
17
- const output = json ? 'json' : sarif ? 'sarif' : 'pretty';
17
+ const formatIdx = args.indexOf('--format');
18
+ const format = formatIdx >= 0 ? args[formatIdx + 1] : undefined;
19
+ let output = json ? 'json' : sarif ? 'sarif' : 'pretty';
20
+ if (format) {
21
+ if (format === 'pretty' || format === 'json' || format === 'sarif') {
22
+ output = format;
23
+ }
24
+ else {
25
+ // Keep output as-is; main() will print a clear error.
26
+ }
27
+ }
18
28
  const baselineIdx = args.indexOf('--baseline');
19
29
  const baselinePath = baselineIdx >= 0 ? args[baselineIdx + 1] : undefined;
20
30
  const writeBaselineIdx = args.indexOf('--write-baseline');
@@ -25,18 +35,19 @@ function parseArgs(argv) {
25
35
  // Back-compat: first positional arg
26
36
  const targetFromPositional = args.find((a) => !a.startsWith('-'));
27
37
  const target = targetFromFlag ?? targetFromPositional;
28
- return { args, help, version, output, baselinePath, writeBaselinePath, target };
38
+ return { args, help, version, output, format, baselinePath, writeBaselinePath, target };
29
39
  }
30
40
  function usage() {
31
41
  console.log(`ConfigSentry (MVP)
32
42
 
33
43
  Usage:
34
- configsentry <file-or-dir> [--json|--sarif] [--baseline <file>] [--write-baseline <file>]
35
- configsentry --target <file-or-dir> [--json|--sarif] [--baseline <file>] [--write-baseline <file>]
44
+ configsentry <file-or-dir> [--json|--sarif|--format <pretty|json|sarif>] [--baseline <file>] [--write-baseline <file>]
45
+ configsentry --target <file-or-dir> [--json|--sarif|--format <pretty|json|sarif>] [--baseline <file>] [--write-baseline <file>]
36
46
 
37
47
  Output:
38
- --json machine-readable findings
39
- --sarif SARIF 2.1.0 (for GitHub code scanning)
48
+ --json machine-readable findings (deprecated; use --format json)
49
+ --sarif SARIF 2.1.0 (for GitHub code scanning) (deprecated; use --format sarif)
50
+ --format <pretty|json|sarif>
40
51
 
41
52
  Baselines:
42
53
  --baseline <file> suppress findings present in a baseline file
@@ -49,7 +60,7 @@ Exit codes:
49
60
  `);
50
61
  }
51
62
  async function main() {
52
- const { args, help, version, output, baselinePath, writeBaselinePath, target } = parseArgs(process.argv);
63
+ const { args, help, version, output, format, baselinePath, writeBaselinePath, target } = parseArgs(process.argv);
53
64
  if (version) {
54
65
  try {
55
66
  const here = path.dirname(fileURLToPath(import.meta.url));
@@ -67,13 +78,16 @@ async function main() {
67
78
  usage();
68
79
  process.exit(0);
69
80
  }
70
- if (output === 'json' && args.includes('--sarif')) {
71
- // should be impossible due to parseArgs, but keep a clear message
72
- console.error('Error: choose only one output mode: --json or --sarif');
81
+ if (format && format !== 'pretty' && format !== 'json' && format !== 'sarif') {
82
+ console.error(`Error: invalid --format '${format}'. Expected: pretty | json | sarif`);
83
+ process.exit(1);
84
+ }
85
+ if (args.includes('--json') && args.includes('--sarif')) {
86
+ console.error('Error: choose only one output mode: --json, --sarif, or --format');
73
87
  process.exit(1);
74
88
  }
75
- if (output === 'sarif' && args.includes('--json')) {
76
- console.error('Error: choose only one output mode: --json or --sarif');
89
+ if (format && (args.includes('--json') || args.includes('--sarif'))) {
90
+ console.error('Error: choose only one output mode: --json, --sarif, or --format');
77
91
  process.exit(1);
78
92
  }
79
93
  if (!target) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "configsentry",
3
- "version": "0.0.20",
3
+ "version": "0.0.22",
4
4
  "description": "Developer-first guardrails for docker-compose.yml (security + ops footguns).",
5
5
  "type": "module",
6
6
  "license": "MIT",