coverme-scanner 1.4.0 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -6,9 +6,24 @@ Execute this 22-agent security scan with cross-validation.
|
|
|
6
6
|
|
|
7
7
|
---
|
|
8
8
|
|
|
9
|
-
## PHASE 0: PROJECT DISCOVERY &
|
|
9
|
+
## PHASE 0: PROJECT DISCOVERY & STATISTICS
|
|
10
10
|
|
|
11
|
-
Before scanning, understand what you're scanning:
|
|
11
|
+
Before scanning, understand what you're scanning and gather statistics:
|
|
12
|
+
|
|
13
|
+
### Step 1: Gather Project Statistics
|
|
14
|
+
|
|
15
|
+
```bash
|
|
16
|
+
# Count files and lines of code
|
|
17
|
+
find . -type f \( -name "*.ts" -o -name "*.js" -o -name "*.tsx" -o -name "*.jsx" -o -name "*.py" -o -name "*.go" -o -name "*.java" -o -name "*.rb" -o -name "*.php" -o -name "*.cs" -o -name "*.swift" -o -name "*.kt" \) -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/dist/*" -not -path "*/build/*" -not -path "*/__pycache__/*" | wc -l
|
|
18
|
+
|
|
19
|
+
# Count lines of code (approximate)
|
|
20
|
+
find . -type f \( -name "*.ts" -o -name "*.js" -o -name "*.tsx" -o -name "*.jsx" -o -name "*.py" -o -name "*.go" \) -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/dist/*" 2>/dev/null | head -100 | xargs wc -l 2>/dev/null | tail -1
|
|
21
|
+
|
|
22
|
+
# Generate project tree (max 3 levels deep, exclude node_modules etc)
|
|
23
|
+
find . -maxdepth 3 -type d -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/dist/*" -not -path "*/__pycache__/*" | head -30 | sort
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
### Step 2: Read Project Info
|
|
12
27
|
|
|
13
28
|
```bash
|
|
14
29
|
cat package.json 2>/dev/null | head -30
|
|
@@ -17,10 +32,15 @@ ls -la
|
|
|
17
32
|
ls src/ 2>/dev/null || ls app/ 2>/dev/null || ls lib/ 2>/dev/null
|
|
18
33
|
```
|
|
19
34
|
|
|
20
|
-
Create
|
|
35
|
+
### Step 3: Create Project Overview
|
|
36
|
+
|
|
37
|
+
Include these statistics in the final report:
|
|
21
38
|
|
|
22
39
|
```json
|
|
23
40
|
{
|
|
41
|
+
"filesScanned": 45,
|
|
42
|
+
"linesOfCode": 4850,
|
|
43
|
+
"projectTree": "project-name/\n├── src/\n│ ├── api/\n│ ├── services/\n│ └── utils/\n├── tests/\n└── package.json",
|
|
24
44
|
"projectOverview": {
|
|
25
45
|
"name": "project-name",
|
|
26
46
|
"type": "Backend API | Frontend SPA | Full-stack | CLI | Library | Microservice",
|
|
@@ -32,6 +52,11 @@ Create a **Project Overview** to include in the report:
|
|
|
32
52
|
}
|
|
33
53
|
```
|
|
34
54
|
|
|
55
|
+
**IMPORTANT**:
|
|
56
|
+
- `filesScanned` - Count of source code files analyzed (not node_modules/dist)
|
|
57
|
+
- `linesOfCode` - Total lines in source files (approximate is fine)
|
|
58
|
+
- `projectTree` - ASCII tree representation of main directories (use tree format with ├── and └──)
|
|
59
|
+
|
|
35
60
|
This context helps readers understand the security findings in context.
|
|
36
61
|
|
|
37
62
|
### Step 3: Check for Runtime Verification (SSH)
|
|
@@ -1594,6 +1619,9 @@ The final report should ONLY contain findings that are:
|
|
|
1594
1619
|
{
|
|
1595
1620
|
"projectName": "project-name",
|
|
1596
1621
|
"scanDate": "{{SCAN_DATE}}",
|
|
1622
|
+
"filesScanned": 45,
|
|
1623
|
+
"linesOfCode": 4850,
|
|
1624
|
+
"projectTree": "project-name/\n├── src/\n│ ├── api/\n│ ├── services/\n│ └── utils/\n├── tests/\n└── package.json",
|
|
1597
1625
|
|
|
1598
1626
|
"projectOverview": {
|
|
1599
1627
|
"name": "project-name",
|