configsentry 0.0.23 → 0.0.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -3
- package/dist/cli.js +23 -4
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -15,7 +15,7 @@ npx configsentry ./docker-compose.yml
|
|
|
15
15
|
### GitHub Action (minimal)
|
|
16
16
|
|
|
17
17
|
```yml
|
|
18
|
-
- uses: alfredMorgenstern/configsentry@v0.0.
|
|
18
|
+
- uses: alfredMorgenstern/configsentry@v0.0.24
|
|
19
19
|
with:
|
|
20
20
|
target: .
|
|
21
21
|
```
|
|
@@ -27,7 +27,7 @@ permissions:
|
|
|
27
27
|
contents: read
|
|
28
28
|
security-events: write
|
|
29
29
|
|
|
30
|
-
- uses: alfredMorgenstern/configsentry@v0.0.
|
|
30
|
+
- uses: alfredMorgenstern/configsentry@v0.0.24
|
|
31
31
|
with:
|
|
32
32
|
target: .
|
|
33
33
|
sarif: true
|
|
@@ -146,7 +146,7 @@ jobs:
|
|
|
146
146
|
runs-on: ubuntu-latest
|
|
147
147
|
steps:
|
|
148
148
|
- uses: actions/checkout@v4
|
|
149
|
-
- uses: alfredMorgenstern/configsentry@v0.0.
|
|
149
|
+
- uses: alfredMorgenstern/configsentry@v0.0.24
|
|
150
150
|
with:
|
|
151
151
|
target: .
|
|
152
152
|
# optional: baseline: .configsentry-baseline.json
|
|
@@ -173,6 +173,11 @@ jobs:
|
|
|
173
173
|
node dist/cli.js --target ./example.docker-compose.yml
|
|
174
174
|
```
|
|
175
175
|
|
|
176
|
+
## Feedback / ideas
|
|
177
|
+
|
|
178
|
+
- Open an issue with a **sanitized minimal Compose snippet**:
|
|
179
|
+
https://github.com/alfredMorgenstern/configsentry/issues
|
|
180
|
+
|
|
176
181
|
## Next steps
|
|
177
182
|
- GitHub Marketplace listing (Action)
|
|
178
183
|
- more rules (policy packs for common stacks)
|
package/dist/cli.js
CHANGED
|
@@ -29,13 +29,15 @@ function parseArgs(argv) {
|
|
|
29
29
|
const baselinePath = baselineIdx >= 0 ? args[baselineIdx + 1] : undefined;
|
|
30
30
|
const writeBaselineIdx = args.indexOf('--write-baseline');
|
|
31
31
|
const writeBaselinePath = writeBaselineIdx >= 0 ? args[writeBaselineIdx + 1] : undefined;
|
|
32
|
+
const outputIdx = args.indexOf('--output');
|
|
33
|
+
const outputPath = outputIdx >= 0 ? args[outputIdx + 1] : undefined;
|
|
32
34
|
// Prefer explicit flag (matches the GitHub Action input)
|
|
33
35
|
const targetIdx = args.indexOf('--target');
|
|
34
36
|
const targetFromFlag = targetIdx >= 0 ? args[targetIdx + 1] : undefined;
|
|
35
37
|
// Back-compat: first positional arg
|
|
36
38
|
const targetFromPositional = args.find((a) => !a.startsWith('-'));
|
|
37
39
|
const target = targetFromFlag ?? targetFromPositional;
|
|
38
|
-
return { args, help, version, output, format, baselinePath, writeBaselinePath, target };
|
|
40
|
+
return { args, help, version, output, format, outputPath, baselinePath, writeBaselinePath, target };
|
|
39
41
|
}
|
|
40
42
|
function usage() {
|
|
41
43
|
console.log(`ConfigSentry (MVP)
|
|
@@ -48,6 +50,7 @@ Output:
|
|
|
48
50
|
--json machine-readable findings (deprecated; use --format json)
|
|
49
51
|
--sarif SARIF 2.1.0 (for GitHub code scanning) (deprecated; use --format sarif)
|
|
50
52
|
--format <pretty|json|sarif>
|
|
53
|
+
--output <file> write JSON/SARIF output to a file (use with --format)
|
|
51
54
|
|
|
52
55
|
Baselines:
|
|
53
56
|
--baseline <file> suppress findings present in a baseline file
|
|
@@ -60,7 +63,7 @@ Exit codes:
|
|
|
60
63
|
`);
|
|
61
64
|
}
|
|
62
65
|
async function main() {
|
|
63
|
-
const { args, help, version, output, format, baselinePath, writeBaselinePath, target } = parseArgs(process.argv);
|
|
66
|
+
const { args, help, version, output, format, outputPath, baselinePath, writeBaselinePath, target } = parseArgs(process.argv);
|
|
64
67
|
if (version) {
|
|
65
68
|
try {
|
|
66
69
|
const here = path.dirname(fileURLToPath(import.meta.url));
|
|
@@ -90,6 +93,10 @@ async function main() {
|
|
|
90
93
|
console.error('Error: choose only one output mode: --json, --sarif, or --format');
|
|
91
94
|
process.exit(1);
|
|
92
95
|
}
|
|
96
|
+
if (outputPath && output === 'pretty') {
|
|
97
|
+
console.error('Error: --output requires machine output (use --format json or --format sarif)');
|
|
98
|
+
process.exit(1);
|
|
99
|
+
}
|
|
93
100
|
if (!target) {
|
|
94
101
|
usage();
|
|
95
102
|
process.exit(1);
|
|
@@ -120,10 +127,22 @@ async function main() {
|
|
|
120
127
|
process.exit(0);
|
|
121
128
|
}
|
|
122
129
|
if (output === 'json') {
|
|
123
|
-
|
|
130
|
+
const payload = JSON.stringify({ targetPaths, findings, suppressedCount: suppressed.length }, null, 2);
|
|
131
|
+
if (outputPath) {
|
|
132
|
+
await fs.writeFile(path.resolve(outputPath), payload, 'utf8');
|
|
133
|
+
}
|
|
134
|
+
else {
|
|
135
|
+
console.log(payload);
|
|
136
|
+
}
|
|
124
137
|
}
|
|
125
138
|
else if (output === 'sarif') {
|
|
126
|
-
|
|
139
|
+
const payload = JSON.stringify(findingsToSarif(findings), null, 2);
|
|
140
|
+
if (outputPath) {
|
|
141
|
+
await fs.writeFile(path.resolve(outputPath), payload, 'utf8');
|
|
142
|
+
}
|
|
143
|
+
else {
|
|
144
|
+
console.log(payload);
|
|
145
|
+
}
|
|
127
146
|
}
|
|
128
147
|
else {
|
|
129
148
|
const scope = targetPaths.length === 1 ? targetPaths[0] : `${targetPaths.length} file(s)`;
|