coverme-security-scanner 3.7.2 → 3.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/commands/coverme.md +8 -23
  2. package/package.json +1 -1
package/commands/coverme.md CHANGED
@@ -1,36 +1,21 @@
1
1
  # Security Assessment
2
2
 
3
- You MUST follow these steps exactly. Do NOT deviate. Do NOT ask questions. Execute automatically.
3
+ Run a security scan and generate a PDF report. Execute automatically without asking questions.
4
4
 
5
- ## Step 1: Create directory
5
+ ## Step 1: Setup
6
6
  ```bash
7
7
  mkdir -p .coverme
8
8
  ```
9
9
 
10
- ## Step 2: Launch 7 agents IN PARALLEL
10
+ ## Step 2: Run Security Scan
11
+ Use ONE Task agent with subagent_type="general-purpose" to perform the full security assessment:
11
12
 
12
- You MUST use the Task tool 7 times in a SINGLE message. Each Task MUST have subagent_type="general-purpose" (NOT Explore).
13
+ prompt: "Perform a comprehensive security assessment of this codebase. Analyze: 1) Architecture and tech stack 2) API endpoints and attack surface 3) Security vulnerabilities (secrets, injection, XSS, auth issues) 4) Infrastructure (Docker, CI/CD, dependencies). When done, use the Write tool to create .coverme/scan.json with this structure: {\"project\":\"<name>\",\"date\":\"2026-02-19\",\"executiveSummary\":\"<summary>\",\"summary\":{\"critical\":0,\"high\":0,\"medium\":0,\"low\":0,\"total\":0},\"overallRiskLevel\":\"low|medium|high|critical\",\"findings\":[{\"id\":\"VULN-01\",\"title\":\"\",\"severity\":\"critical|high|medium|low\",\"file\":\"\",\"line\":0,\"issue\":\"\",\"why\":\"\",\"fix\":\"\",\"cwe\":\"\"}],\"architecture\":{\"overview\":\"\",\"components\":[]},\"positiveObservations\":[{\"title\":\"\",\"description\":\"\"}]}"
13
14
 
14
- Task 1: description="Security Executive", subagent_type="general-purpose", prompt="Analyze codebase architecture and security posture. Then use the Write tool to create .coverme/partial-01-executive.json with this exact structure: {\"project\":\"<name>\",\"date\":\"2026-02-19\",\"executiveSummary\":\"<summary>\",\"architecture\":{\"overview\":\"<text>\",\"components\":[{\"name\":\"\",\"technology\":\"\",\"description\":\"\"}],\"trustBoundaries\":[{\"id\":\"\",\"boundary\":\"\",\"trustLevel\":\"\",\"description\":\"\"}]},\"topPriorities\":[{\"finding\":\"\",\"severity\":\"\",\"action\":\"\"}]}"
15
-
16
- Task 2: description="Attack Surface", subagent_type="general-purpose", prompt="Map API endpoints and entry points. Then use the Write tool to create .coverme/partial-02-surface.json with: {\"network\":{\"diagram\":\"\",\"ports\":[],\"externalDeps\":[]},\"findings\":[]}"
17
-
18
- Task 3: description="Vulnerability Scan", subagent_type="general-purpose", prompt="Find security vulnerabilities with code evidence. Then use the Write tool to create .coverme/partial-03-vulns.json with: {\"findings\":[{\"id\":\"\",\"title\":\"\",\"severity\":\"\",\"file\":\"\",\"line\":0,\"issue\":\"\",\"why\":\"\",\"fix\":\"\",\"cwe\":\"\",\"codeEvidence\":[],\"proofOfConcept\":\"\"}]}"
19
-
20
- Task 4: description="Attack Chains", subagent_type="general-purpose", prompt="Identify attack chains. Then use the Write tool to create .coverme/partial-04-chains.json with: {\"attackChains\":[{\"id\":\"\",\"name\":\"\",\"description\":\"\",\"likelihood\":\"\",\"impact\":\"\",\"steps\":[],\"mitigationStrategy\":\"\"}],\"riskMatrix\":[]}"
21
-
22
- Task 5: description="Business Logic", subagent_type="general-purpose", prompt="Find business logic flaws. Then use the Write tool to create .coverme/partial-05-business.json with: {\"findings\":[],\"threatModel\":[]}"
23
-
24
- Task 6: description="Infrastructure", subagent_type="general-purpose", prompt="Check Docker, CI/CD, dependencies. Then use the Write tool to create .coverme/partial-06-infra.json with: {\"findings\":[],\"qualityReview\":{}}"
25
-
26
- Task 7: description="Compliance", subagent_type="general-purpose", prompt="Map to compliance frameworks. Then use the Write tool to create .coverme/partial-07-compliance.json with: {\"complianceMapping\":[],\"remediation\":{\"p0\":[],\"p1\":[],\"p2\":[],\"p3\":[]},\"positiveObservations\":[],\"privacyAnalysis\":[]}"
27
-
28
- ## Step 3: Wait for agents
29
- Use AgentOutputTool to wait for all 7 agents to complete.
15
+ ## Step 3: Wait for agent to complete
16
+ Use AgentOutputTool to wait for the agent.
30
17
 
31
18
  ## Step 4: Generate PDF
32
19
  ```bash
33
- coverme-merge .coverme && coverme .coverme/scan.json security-report.pdf && open security-report.pdf
20
+ coverme .coverme/scan.json security-report.pdf && open security-report.pdf
34
21
  ```
35
-
36
- CRITICAL: Use subagent_type="general-purpose" for ALL agents. They MUST write JSON files using the Write tool.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "coverme-security-scanner",
3
- "version": "3.7.2",
3
+ "version": "3.7.3",
4
4
  "description": "AI-powered security assessment reports with beautiful PDF output",
5
5
  "type": "module",
6
6
  "bin": {