guardrail-security 1.0.1 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/attack-surface/analyzer.d.ts.map +1 -1
- package/dist/attack-surface/analyzer.js +3 -2
- package/dist/license/engine.d.ts.map +1 -1
- package/dist/license/engine.js +3 -2
- package/dist/sbom/generator.d.ts +42 -0
- package/dist/sbom/generator.d.ts.map +1 -1
- package/dist/sbom/generator.js +168 -7
- package/dist/secrets/allowlist.d.ts +38 -0
- package/dist/secrets/allowlist.d.ts.map +1 -0
- package/dist/secrets/allowlist.js +131 -0
- package/dist/secrets/config-loader.d.ts +25 -0
- package/dist/secrets/config-loader.d.ts.map +1 -0
- package/dist/secrets/config-loader.js +103 -0
- package/dist/secrets/contextual-risk.d.ts +19 -0
- package/dist/secrets/contextual-risk.d.ts.map +1 -0
- package/dist/secrets/contextual-risk.js +88 -0
- package/dist/secrets/git-scanner.d.ts +29 -0
- package/dist/secrets/git-scanner.d.ts.map +1 -0
- package/dist/secrets/git-scanner.js +109 -0
- package/dist/secrets/guardian.d.ts +70 -57
- package/dist/secrets/guardian.d.ts.map +1 -1
- package/dist/secrets/guardian.js +532 -240
- package/dist/secrets/index.d.ts +4 -0
- package/dist/secrets/index.d.ts.map +1 -1
- package/dist/secrets/index.js +11 -1
- package/dist/secrets/patterns.d.ts +39 -10
- package/dist/secrets/patterns.d.ts.map +1 -1
- package/dist/secrets/patterns.js +129 -71
- package/dist/secrets/pre-commit.d.ts.map +1 -1
- package/dist/secrets/pre-commit.js +1 -1
- package/dist/secrets/vault-integration.d.ts.map +1 -1
- package/dist/secrets/vault-integration.js +1 -0
- package/dist/supply-chain/detector.d.ts.map +1 -1
- package/dist/supply-chain/detector.js +4 -3
- package/dist/supply-chain/vulnerability-db.d.ts +89 -16
- package/dist/supply-chain/vulnerability-db.d.ts.map +1 -1
- package/dist/supply-chain/vulnerability-db.js +404 -115
- package/dist/utils/semver.d.ts +37 -0
- package/dist/utils/semver.d.ts.map +1 -0
- package/dist/utils/semver.js +109 -0
- package/package.json +17 -4
- package/src/__tests__/license/engine.test.ts +0 -250
- package/src/__tests__/supply-chain/typosquat.test.ts +0 -191
- package/src/attack-surface/analyzer.ts +0 -152
- package/src/attack-surface/index.ts +0 -5
- package/src/index.ts +0 -21
- package/src/languages/index.ts +0 -91
- package/src/languages/java-analyzer.ts +0 -490
- package/src/languages/python-analyzer.ts +0 -498
- package/src/license/compatibility-matrix.ts +0 -366
- package/src/license/engine.ts +0 -345
- package/src/license/index.ts +0 -6
- package/src/sbom/generator.ts +0 -355
- package/src/sbom/index.ts +0 -5
- package/src/secrets/guardian.ts +0 -448
- package/src/secrets/index.ts +0 -10
- package/src/secrets/patterns.ts +0 -186
- package/src/secrets/pre-commit.ts +0 -158
- package/src/secrets/vault-integration.ts +0 -360
- package/src/secrets/vault-providers.ts +0 -446
- package/src/supply-chain/detector.ts +0 -252
- package/src/supply-chain/index.ts +0 -11
- package/src/supply-chain/malicious-db.ts +0 -103
- package/src/supply-chain/script-analyzer.ts +0 -194
- package/src/supply-chain/typosquat.ts +0 -302
- package/src/supply-chain/vulnerability-db.ts +0 -386
package/dist/secrets/index.d.ts
CHANGED
|
@@ -7,4 +7,8 @@ export * from './patterns';
|
|
|
7
7
|
export { secretsGuardian, SecretsGuardian } from './guardian';
|
|
8
8
|
export { preCommitHook } from './pre-commit';
|
|
9
9
|
export { vaultIntegration } from './vault-integration';
|
|
10
|
+
export { loadCustomPatterns, ConfigValidationError } from './config-loader';
|
|
11
|
+
export { Allowlist } from './allowlist';
|
|
12
|
+
export { adjustRiskByContext, getContextDescription } from './contextual-risk';
|
|
13
|
+
export { scanGitHistory } from './git-scanner';
|
|
10
14
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/secrets/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/secrets/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC5E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC/E,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC"}
|
package/dist/secrets/index.js
CHANGED
|
@@ -19,7 +19,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
19
19
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
20
20
|
};
|
|
21
21
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
22
|
-
exports.vaultIntegration = exports.preCommitHook = exports.SecretsGuardian = exports.secretsGuardian = void 0;
|
|
22
|
+
exports.scanGitHistory = exports.getContextDescription = exports.adjustRiskByContext = exports.Allowlist = exports.ConfigValidationError = exports.loadCustomPatterns = exports.vaultIntegration = exports.preCommitHook = exports.SecretsGuardian = exports.secretsGuardian = void 0;
|
|
23
23
|
__exportStar(require("./patterns"), exports);
|
|
24
24
|
var guardian_1 = require("./guardian");
|
|
25
25
|
Object.defineProperty(exports, "secretsGuardian", { enumerable: true, get: function () { return guardian_1.secretsGuardian; } });
|
|
@@ -28,3 +28,13 @@ var pre_commit_1 = require("./pre-commit");
|
|
|
28
28
|
Object.defineProperty(exports, "preCommitHook", { enumerable: true, get: function () { return pre_commit_1.preCommitHook; } });
|
|
29
29
|
var vault_integration_1 = require("./vault-integration");
|
|
30
30
|
Object.defineProperty(exports, "vaultIntegration", { enumerable: true, get: function () { return vault_integration_1.vaultIntegration; } });
|
|
31
|
+
var config_loader_1 = require("./config-loader");
|
|
32
|
+
Object.defineProperty(exports, "loadCustomPatterns", { enumerable: true, get: function () { return config_loader_1.loadCustomPatterns; } });
|
|
33
|
+
Object.defineProperty(exports, "ConfigValidationError", { enumerable: true, get: function () { return config_loader_1.ConfigValidationError; } });
|
|
34
|
+
var allowlist_1 = require("./allowlist");
|
|
35
|
+
Object.defineProperty(exports, "Allowlist", { enumerable: true, get: function () { return allowlist_1.Allowlist; } });
|
|
36
|
+
var contextual_risk_1 = require("./contextual-risk");
|
|
37
|
+
Object.defineProperty(exports, "adjustRiskByContext", { enumerable: true, get: function () { return contextual_risk_1.adjustRiskByContext; } });
|
|
38
|
+
Object.defineProperty(exports, "getContextDescription", { enumerable: true, get: function () { return contextual_risk_1.getContextDescription; } });
|
|
39
|
+
var git_scanner_1 = require("./git-scanner");
|
|
40
|
+
Object.defineProperty(exports, "scanGitHistory", { enumerable: true, get: function () { return git_scanner_1.scanGitHistory; } });
|
|
@@ -7,36 +7,65 @@ export declare enum SecretType {
|
|
|
7
7
|
DATABASE_URL = "database_url",
|
|
8
8
|
JWT_SECRET = "jwt_secret",
|
|
9
9
|
AWS_ACCESS_KEY = "aws_access_key",
|
|
10
|
-
OTHER = "other",
|
|
11
10
|
AWS_SECRET_KEY = "aws_secret_key",
|
|
12
11
|
GITHUB_TOKEN = "github_token",
|
|
13
12
|
GOOGLE_API_KEY = "google_api_key",
|
|
14
13
|
STRIPE_KEY = "stripe_key",
|
|
15
|
-
JWT_TOKEN = "jwt_token",
|
|
16
14
|
SLACK_TOKEN = "slack_token",
|
|
17
|
-
|
|
15
|
+
JWT_TOKEN = "jwt_token",
|
|
16
|
+
API_KEY_GENERIC = "api_key_generic",
|
|
17
|
+
PASSWORD_GENERIC = "password_generic",
|
|
18
|
+
OTHER = "other"
|
|
18
19
|
}
|
|
19
|
-
|
|
20
|
-
* Secret detection pattern
|
|
21
|
-
*/
|
|
20
|
+
export type RiskLevel = 'high' | 'medium' | 'low';
|
|
22
21
|
export interface SecretPattern {
|
|
23
22
|
type: SecretType;
|
|
24
23
|
name: string;
|
|
24
|
+
/**
|
|
25
|
+
* IMPORTANT:
|
|
26
|
+
* - Store patterns WITHOUT the `g` flag (we clone to global during scanning).
|
|
27
|
+
* - Keep needed flags like `i` on this regex; the scanner preserves them.
|
|
28
|
+
*/
|
|
25
29
|
pattern: RegExp;
|
|
30
|
+
/**
|
|
31
|
+
* Which capture group contains the actual secret value.
|
|
32
|
+
* If omitted, scanner will use group 1 if present, else group 0.
|
|
33
|
+
*/
|
|
34
|
+
valueGroup?: number;
|
|
35
|
+
/**
|
|
36
|
+
* Entropy threshold (Shannon). Used to reduce false positives.
|
|
37
|
+
*/
|
|
26
38
|
minEntropy?: number;
|
|
39
|
+
/**
|
|
40
|
+
* Risk drives recommendations & severity.
|
|
41
|
+
*/
|
|
42
|
+
risk: RiskLevel;
|
|
27
43
|
description: string;
|
|
28
44
|
examples: string[];
|
|
45
|
+
/**
|
|
46
|
+
* Optional custom redaction for display (safe logging/UI).
|
|
47
|
+
* If omitted, the scanner uses a default masking strategy.
|
|
48
|
+
*/
|
|
49
|
+
redact?: (value: string, match: RegExpMatchArray) => string;
|
|
29
50
|
}
|
|
30
51
|
/**
|
|
31
52
|
* Comprehensive secret detection patterns
|
|
53
|
+
* Notes:
|
|
54
|
+
* - Examples are clearly fake.
|
|
55
|
+
* - Patterns are designed to be high-signal; add more vendors as needed.
|
|
56
|
+
*/
|
|
57
|
+
export declare const SECRET_PATTERNS: ReadonlyArray<SecretPattern>;
|
|
58
|
+
/**
|
|
59
|
+
* Test/example value patterns (used for down-weighting confidence, optional exclusion).
|
|
32
60
|
*/
|
|
33
|
-
export declare const
|
|
61
|
+
export declare const TEST_PATTERNS: ReadonlyArray<RegExp>;
|
|
34
62
|
/**
|
|
35
|
-
*
|
|
63
|
+
* Context patterns that are strongly associated with false positives (schemas/validators/etc).
|
|
64
|
+
* Scanner uses these to skip matches in certain code lines.
|
|
36
65
|
*/
|
|
37
|
-
export declare const
|
|
66
|
+
export declare const CONTEXT_EXCLUSION_PATTERNS: ReadonlyArray<RegExp>;
|
|
38
67
|
/**
|
|
39
|
-
* Common false positive values
|
|
68
|
+
* Common false positive literal values
|
|
40
69
|
*/
|
|
41
70
|
export declare const FALSE_POSITIVE_VALUES: Set<string>;
|
|
42
71
|
//# sourceMappingURL=patterns.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/secrets/patterns.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/secrets/patterns.ts"],"names":[],"mappings":"AAIA,oBAAY,UAAU;IACpB,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,KAAK,UAAU;IACf,WAAW,gBAAgB;IAC3B,WAAW,gBAAgB;IAC3B,YAAY,iBAAiB;IAC7B,UAAU,eAAe;IAEzB,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IAEjC,YAAY,iBAAiB;IAC7B,cAAc,mBAAmB;IACjC,UAAU,eAAe;IACzB,WAAW,gBAAgB;IAE3B,SAAS,cAAc;IACvB,eAAe,oBAAoB;IACnC,gBAAgB,qBAAqB;IAErC,KAAK,UAAU;CAChB;AAED,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAElD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,UAAU,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IAEb;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,IAAI,EAAE,SAAS,CAAC;IAEhB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,EAAE,CAAC;IAEnB;;;OAGG;IACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,KAAK,MAAM,CAAC;CAC7D;AAED;;;;;GAKG;AACH,eAAO,MAAM,eAAe,EAAE,aAAa,CAAC,aAAa,CAwIxD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,aAAa,CAAC,MAAM,CAY/C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAE,aAAa,CAAC,MAAM,CA2B5D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,aAiBhC,CAAC"}
|
package/dist/secrets/patterns.js
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
/* patterns.ts
|
|
3
|
+
* Enterprise-grade secret patterns & false-positive controls
|
|
4
|
+
*/
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.FALSE_POSITIVE_VALUES = exports.TEST_PATTERNS = exports.SECRET_PATTERNS = exports.SecretType = void 0;
|
|
4
|
-
// Define SecretType locally since it's not exported from database
|
|
6
|
+
exports.FALSE_POSITIVE_VALUES = exports.CONTEXT_EXCLUSION_PATTERNS = exports.TEST_PATTERNS = exports.SECRET_PATTERNS = exports.SecretType = void 0;
|
|
5
7
|
var SecretType;
|
|
6
8
|
(function (SecretType) {
|
|
7
9
|
SecretType["API_KEY"] = "api_key";
|
|
@@ -12,116 +14,148 @@ var SecretType;
|
|
|
12
14
|
SecretType["DATABASE_URL"] = "database_url";
|
|
13
15
|
SecretType["JWT_SECRET"] = "jwt_secret";
|
|
14
16
|
SecretType["AWS_ACCESS_KEY"] = "aws_access_key";
|
|
15
|
-
SecretType["OTHER"] = "other";
|
|
16
17
|
SecretType["AWS_SECRET_KEY"] = "aws_secret_key";
|
|
17
18
|
SecretType["GITHUB_TOKEN"] = "github_token";
|
|
18
19
|
SecretType["GOOGLE_API_KEY"] = "google_api_key";
|
|
19
20
|
SecretType["STRIPE_KEY"] = "stripe_key";
|
|
20
|
-
SecretType["JWT_TOKEN"] = "jwt_token";
|
|
21
21
|
SecretType["SLACK_TOKEN"] = "slack_token";
|
|
22
|
+
SecretType["JWT_TOKEN"] = "jwt_token";
|
|
22
23
|
SecretType["API_KEY_GENERIC"] = "api_key_generic";
|
|
24
|
+
SecretType["PASSWORD_GENERIC"] = "password_generic";
|
|
25
|
+
SecretType["OTHER"] = "other";
|
|
23
26
|
})(SecretType || (exports.SecretType = SecretType = {}));
|
|
24
27
|
/**
|
|
25
28
|
* Comprehensive secret detection patterns
|
|
29
|
+
* Notes:
|
|
30
|
+
* - Examples are clearly fake.
|
|
31
|
+
* - Patterns are designed to be high-signal; add more vendors as needed.
|
|
26
32
|
*/
|
|
27
33
|
exports.SECRET_PATTERNS = [
|
|
28
|
-
// AWS
|
|
34
|
+
// ---------- AWS ----------
|
|
29
35
|
{
|
|
30
|
-
type:
|
|
36
|
+
type: SecretType.AWS_ACCESS_KEY,
|
|
31
37
|
name: 'AWS Access Key ID',
|
|
32
|
-
pattern:
|
|
38
|
+
pattern: /\b(AKIA|ASIA)[0-9A-Z]{16}\b/,
|
|
39
|
+
valueGroup: 0,
|
|
33
40
|
minEntropy: 3.5,
|
|
34
|
-
|
|
35
|
-
|
|
41
|
+
risk: 'high',
|
|
42
|
+
description: 'AWS Access Key ID (AKIA/ASIA + 16 chars)',
|
|
43
|
+
examples: ['AKIAIOSFODNN7EXAMPLE', 'ASIAIOSFODNN7EXAMPLE'],
|
|
36
44
|
},
|
|
37
|
-
// AWS Secret Keys
|
|
38
45
|
{
|
|
39
|
-
type:
|
|
46
|
+
type: SecretType.AWS_SECRET_KEY,
|
|
40
47
|
name: 'AWS Secret Access Key',
|
|
41
|
-
pattern:
|
|
48
|
+
pattern: /\baws[_\s-]*secret[_\s-]*access[_\s-]*key\b\s*[=:]\s*['"]?([A-Za-z0-9/+=]{40})['"]?/i,
|
|
49
|
+
valueGroup: 1,
|
|
42
50
|
minEntropy: 4.5,
|
|
43
|
-
|
|
51
|
+
risk: 'high',
|
|
52
|
+
description: 'AWS Secret Access Key assigned in config (40 chars)',
|
|
44
53
|
examples: ['aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'],
|
|
45
54
|
},
|
|
46
|
-
// GitHub
|
|
55
|
+
// ---------- GitHub ----------
|
|
47
56
|
{
|
|
48
|
-
type:
|
|
49
|
-
name: 'GitHub
|
|
50
|
-
pattern:
|
|
51
|
-
|
|
57
|
+
type: SecretType.GITHUB_TOKEN,
|
|
58
|
+
name: 'GitHub Token',
|
|
59
|
+
pattern: /\b(ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9]{36}\b/,
|
|
60
|
+
valueGroup: 0,
|
|
61
|
+
risk: 'high',
|
|
62
|
+
description: 'GitHub personal/app tokens (ghp_/gho_/...)',
|
|
52
63
|
examples: ['ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'],
|
|
53
64
|
},
|
|
54
|
-
// Google
|
|
65
|
+
// ---------- Google ----------
|
|
55
66
|
{
|
|
56
|
-
type:
|
|
67
|
+
type: SecretType.GOOGLE_API_KEY,
|
|
57
68
|
name: 'Google API Key',
|
|
58
|
-
pattern:
|
|
59
|
-
|
|
69
|
+
pattern: /\bAIza[0-9A-Za-z\-_]{35}\b/,
|
|
70
|
+
valueGroup: 0,
|
|
71
|
+
risk: 'medium',
|
|
72
|
+
description: 'Google API Key (AIzA...)',
|
|
60
73
|
examples: ['AIzaSyDaGmWKa4JsXZ-HjGw7ISLn_3namBGewQe'],
|
|
61
74
|
},
|
|
62
|
-
// Stripe
|
|
75
|
+
// ---------- Stripe ----------
|
|
63
76
|
{
|
|
64
|
-
type:
|
|
65
|
-
name: 'Stripe
|
|
66
|
-
pattern:
|
|
67
|
-
|
|
77
|
+
type: SecretType.STRIPE_KEY,
|
|
78
|
+
name: 'Stripe Live Secret/Public/Restricted Key',
|
|
79
|
+
pattern: /\b(sk_live|pk_live|rk_live)_[0-9A-Za-z]{24,}\b/,
|
|
80
|
+
valueGroup: 0,
|
|
81
|
+
risk: 'high',
|
|
82
|
+
description: 'Stripe live keys (sk_live / pk_live / rk_live)',
|
|
68
83
|
examples: ['sk_live_1234567890abcdefghijklmn'],
|
|
69
84
|
},
|
|
70
|
-
//
|
|
85
|
+
// ---------- Slack ----------
|
|
71
86
|
{
|
|
72
|
-
type:
|
|
87
|
+
type: SecretType.SLACK_TOKEN,
|
|
88
|
+
name: 'Slack Token',
|
|
89
|
+
pattern: /\b(xox[pboa]-\d{10,13}-\d{10,13}-\d{10,13}-[a-z0-9]{32})\b/,
|
|
90
|
+
valueGroup: 1,
|
|
91
|
+
risk: 'high',
|
|
92
|
+
description: 'Slack bot/user/app tokens (xoxb/xoxp/xoxa/xoxo)',
|
|
93
|
+
examples: ['xoxb-0000000000-0000000000-0000000000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'],
|
|
94
|
+
},
|
|
95
|
+
// ---------- JWT ----------
|
|
96
|
+
{
|
|
97
|
+
type: SecretType.JWT_TOKEN,
|
|
73
98
|
name: 'JWT Token',
|
|
74
|
-
pattern:
|
|
99
|
+
pattern: /\b(eyJ[0-9A-Za-z_-]*\.[0-9A-Za-z_-]*\.[0-9A-Za-z_-]+)\b/,
|
|
100
|
+
valueGroup: 1,
|
|
75
101
|
minEntropy: 4.0,
|
|
76
|
-
|
|
77
|
-
|
|
102
|
+
risk: 'medium',
|
|
103
|
+
description: 'JSON Web Token (header.payload.signature)',
|
|
104
|
+
examples: [
|
|
105
|
+
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U',
|
|
106
|
+
],
|
|
78
107
|
},
|
|
79
|
-
// Private
|
|
108
|
+
// ---------- Private keys / certs ----------
|
|
80
109
|
{
|
|
81
|
-
type:
|
|
82
|
-
name: 'Private Key',
|
|
83
|
-
pattern: /(-----BEGIN (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----[\s\S]*?-----END (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----)/,
|
|
84
|
-
|
|
110
|
+
type: SecretType.PRIVATE_KEY,
|
|
111
|
+
name: 'Private Key Block',
|
|
112
|
+
pattern: /(-----BEGIN (?:RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----)/,
|
|
113
|
+
valueGroup: 1,
|
|
114
|
+
risk: 'high',
|
|
115
|
+
description: 'PEM private key blocks (RSA/EC/OpenSSH/DSA)',
|
|
85
116
|
examples: ['-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgk...\\n-----END PRIVATE KEY-----'],
|
|
86
117
|
},
|
|
87
|
-
// Database URLs
|
|
118
|
+
// ---------- Database URLs (credentials embedded) ----------
|
|
88
119
|
{
|
|
89
|
-
type:
|
|
90
|
-
name: 'Database URL with
|
|
91
|
-
pattern:
|
|
92
|
-
|
|
93
|
-
|
|
120
|
+
type: SecretType.DATABASE_URL,
|
|
121
|
+
name: 'Database URL with Embedded Credentials',
|
|
122
|
+
pattern: /\b(postgres(?:ql)?|mysql|mongodb(?:\+srv)?|redis):\/\/([^:\s\/]+):([^@\s\/]+)@([A-Za-z0-9.-]+)(?::(\d{2,5}))?(\/[^\s'"]*)?/i,
|
|
123
|
+
valueGroup: 0,
|
|
124
|
+
risk: 'high',
|
|
125
|
+
description: 'Connection string contains username:password@host',
|
|
94
126
|
examples: ['postgresql://user:password123@localhost:5432/dbname'],
|
|
127
|
+
redact: (_value, match) => {
|
|
128
|
+
const scheme = match[1] ?? 'db';
|
|
129
|
+
const host = match[4] ?? 'host';
|
|
130
|
+
const port = match[5] ? `:${match[5]}` : '';
|
|
131
|
+
return `${scheme}://***:***@${host}${port}/***`;
|
|
132
|
+
},
|
|
95
133
|
},
|
|
96
|
-
//
|
|
134
|
+
// ---------- Generic high-entropy API keys ----------
|
|
97
135
|
{
|
|
98
|
-
type:
|
|
99
|
-
name: '
|
|
100
|
-
pattern:
|
|
101
|
-
|
|
102
|
-
examples: ['xoxb-0000000000-0000000000-0000000000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'],
|
|
103
|
-
},
|
|
104
|
-
// Generic API Keys (high entropy)
|
|
105
|
-
{
|
|
106
|
-
type: 'API_KEY_GENERIC',
|
|
107
|
-
name: 'Generic API Key',
|
|
108
|
-
pattern: /(?:api[_\s-]?key|apikey|access[_\s-]?token|auth[_\s-]?token|secret[_\s-]?key)[_\s]*[=:]\s*['"]?([a-zA-Z0-9_\-]{32,})['"]?/i,
|
|
136
|
+
type: SecretType.API_KEY_GENERIC,
|
|
137
|
+
name: 'Generic API Key / Token Assignment',
|
|
138
|
+
pattern: /\b(?:api[_\s-]?key|apikey|access[_\s-]?token|auth[_\s-]?token|secret[_\s-]?key)\b[_\s]*[=:]\s*['"]?([A-Za-z0-9_\-]{32,})['"]?/i,
|
|
139
|
+
valueGroup: 1,
|
|
109
140
|
minEntropy: 4.0,
|
|
110
|
-
|
|
141
|
+
risk: 'medium',
|
|
142
|
+
description: 'Generic API key/token (assignment + long value)',
|
|
111
143
|
examples: ['api_key = abcdef1234567890abcdef1234567890'],
|
|
112
144
|
},
|
|
113
|
-
// Generic
|
|
145
|
+
// ---------- Generic password assignment ----------
|
|
114
146
|
{
|
|
115
|
-
type:
|
|
116
|
-
name: 'Generic Password',
|
|
117
|
-
pattern:
|
|
118
|
-
|
|
119
|
-
|
|
147
|
+
type: SecretType.PASSWORD_GENERIC,
|
|
148
|
+
name: 'Generic Password Assignment',
|
|
149
|
+
pattern: /\b(?:password|passwd|pwd)\b\s*[=:]\s*['"]([^'"]{8,128})['"]/i,
|
|
150
|
+
valueGroup: 1,
|
|
151
|
+
minEntropy: 3.5,
|
|
152
|
+
risk: 'medium',
|
|
153
|
+
description: 'Password-like assignment (quoted, 8–128 chars)',
|
|
120
154
|
examples: ['password = "MySecretP@ssw0rd"'],
|
|
121
155
|
},
|
|
122
156
|
];
|
|
123
157
|
/**
|
|
124
|
-
* Test/example value patterns (
|
|
158
|
+
* Test/example value patterns (used for down-weighting confidence, optional exclusion).
|
|
125
159
|
*/
|
|
126
160
|
exports.TEST_PATTERNS = [
|
|
127
161
|
/test/i,
|
|
@@ -131,19 +165,43 @@ exports.TEST_PATTERNS = [
|
|
|
131
165
|
/fake/i,
|
|
132
166
|
/dummy/i,
|
|
133
167
|
/placeholder/i,
|
|
134
|
-
/\*{3,}/,
|
|
135
|
-
/x{3,}/i,
|
|
136
|
-
/0{5,}/,
|
|
137
|
-
/1{5,}/,
|
|
138
|
-
/abc{3,}/i,
|
|
139
|
-
/qwerty/i,
|
|
140
|
-
/password123/i,
|
|
141
168
|
/changeme/i,
|
|
142
169
|
/your[_-]?key/i,
|
|
143
170
|
/your[_-]?secret/i,
|
|
171
|
+
/password123/i,
|
|
172
|
+
];
|
|
173
|
+
/**
|
|
174
|
+
* Context patterns that are strongly associated with false positives (schemas/validators/etc).
|
|
175
|
+
* Scanner uses these to skip matches in certain code lines.
|
|
176
|
+
*/
|
|
177
|
+
exports.CONTEXT_EXCLUSION_PATTERNS = [
|
|
178
|
+
/\.min\s*\(/i,
|
|
179
|
+
/\.max\s*\(/i,
|
|
180
|
+
/\.length\b/i,
|
|
181
|
+
/\bschema\b/i,
|
|
182
|
+
/\bvalidation\b/i,
|
|
183
|
+
/\bvalidator\b/i,
|
|
184
|
+
/\.string\s*\(/i,
|
|
185
|
+
/\.required\b/i,
|
|
186
|
+
/\.optional\b/i,
|
|
187
|
+
/\bzod\./i,
|
|
188
|
+
/\byup\./i,
|
|
189
|
+
/\bjoi\./i,
|
|
190
|
+
/__tests__/i,
|
|
191
|
+
/__mocks__/i,
|
|
192
|
+
/\bmock\b/i,
|
|
193
|
+
/\bstub\b/i,
|
|
194
|
+
/\bfixture\b/i,
|
|
195
|
+
/\bprocess\.env\b/i,
|
|
196
|
+
/\benv\./i,
|
|
197
|
+
/\bconfig\./i,
|
|
198
|
+
/\bsettings\./i,
|
|
199
|
+
/\boptions\./i,
|
|
200
|
+
/\bparams\./i,
|
|
201
|
+
/\bprops\./i,
|
|
144
202
|
];
|
|
145
203
|
/**
|
|
146
|
-
* Common false positive values
|
|
204
|
+
* Common false positive literal values
|
|
147
205
|
*/
|
|
148
206
|
exports.FALSE_POSITIVE_VALUES = new Set([
|
|
149
207
|
'example',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pre-commit.d.ts","sourceRoot":"","sources":["../../src/secrets/pre-commit.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,aAAa;IACxB;;OAEG;IACH,kBAAkB,IAAI,MAAM;IAoB5B;;OAEG;IACG,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"pre-commit.d.ts","sourceRoot":"","sources":["../../src/secrets/pre-commit.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,aAAa;IACxB;;OAEG;IACH,kBAAkB,IAAI,MAAM;IAoB5B;;OAEG;IACG,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAgDpE;;OAEG;IACH,OAAO,CAAC,cAAc;IAqCtB;;OAEG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;CAWnC;AAGD,eAAO,MAAM,aAAa,eAAsB,CAAC"}
|
|
@@ -49,7 +49,7 @@ exit 0
|
|
|
49
49
|
// Scan each staged file
|
|
50
50
|
const allDetections = [];
|
|
51
51
|
for (const file of stagedFiles) {
|
|
52
|
-
const detections = await guardian_1.secretsGuardian.scanContent(file.content, file.path, {
|
|
52
|
+
const detections = await guardian_1.secretsGuardian.scanContent(file.content, file.path, 'pre-commit', {
|
|
53
53
|
excludeTests: true,
|
|
54
54
|
minConfidence: 0.7,
|
|
55
55
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vault-integration.d.ts","sourceRoot":"","sources":["../../src/secrets/vault-integration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAI7C;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,qBAAqB,GAAG,iBAAiB,GAAG,gBAAgB,GAAG,oBAAoB,CAAC;IAC1F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE;QACZ,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,aAAa,CAAyC;IAE9D;;OAEG;IACH,OAAO,CAAC,WAAW;IAuBnB;;OAEG;IACG,cAAc,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAY/F;;;OAGG;IACG,cAAc,CAClB,UAAU,EAAE,eAAe,EAAE,EAC7B,WAAW,EAAE,WAAW,GACvB,OAAO,CAAC,oBAAoB,EAAE,CAAC;IA2DlC;;OAEG;IACG,SAAS,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKrF;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAK9D;;OAEG;IACG,YAAY,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlF;;OAEG;IACH,kBAAkB,CAAC,SAAS,EAAE,eAAe,GAAG,MAAM;
|
|
1
|
+
{"version":3,"file":"vault-integration.d.ts","sourceRoot":"","sources":["../../src/secrets/vault-integration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAI7C;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,qBAAqB,GAAG,iBAAiB,GAAG,gBAAgB,GAAG,oBAAoB,CAAC;IAC1F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE;QACZ,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,aAAa,CAAyC;IAE9D;;OAEG;IACH,OAAO,CAAC,WAAW;IAuBnB;;OAEG;IACG,cAAc,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAY/F;;;OAGG;IACG,cAAc,CAClB,UAAU,EAAE,eAAe,EAAE,EAC7B,WAAW,EAAE,WAAW,GACvB,OAAO,CAAC,oBAAoB,EAAE,CAAC;IA2DlC;;OAEG;IACG,SAAS,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKrF;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAK9D;;OAEG;IACG,YAAY,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlF;;OAEG;IACH,kBAAkB,CAAC,SAAS,EAAE,eAAe,GAAG,MAAM;IA6BtD;;OAEG;IACH,mBAAmB,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM;IAyDzE;;OAEG;IACH,sBAAsB,CAAC,OAAO,EAAE,oBAAoB,EAAE,GAAG,MAAM;IA0B/D;;OAEG;IACG,YAAY,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlF;;OAEG;IACG,mBAAmB,CACvB,UAAU,EAAE,eAAe,EAAE,EAC7B,WAAW,EAAE,WAAW,EACxB,UAAU,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,GACvE,OAAO,CAAC,oBAAoB,EAAE,CAAC;CAoDnC;AAGD,eAAO,MAAM,gBAAgB,kBAAyB,CAAC"}
|
|
@@ -147,6 +147,7 @@ class VaultIntegration {
|
|
|
147
147
|
[patterns_1.SecretType.CERTIFICATE]: 'CERTIFICATE',
|
|
148
148
|
[patterns_1.SecretType.JWT_SECRET]: 'JWT_SECRET',
|
|
149
149
|
[patterns_1.SecretType.PASSWORD]: 'PASSWORD',
|
|
150
|
+
[patterns_1.SecretType.PASSWORD_GENERIC]: 'PASSWORD',
|
|
150
151
|
[patterns_1.SecretType.OTHER]: 'SECRET'
|
|
151
152
|
};
|
|
152
153
|
const baseName = typeMap[detection.secretType] || 'SECRET';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"detector.d.ts","sourceRoot":"","sources":["../../src/supply-chain/detector.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"detector.d.ts","sourceRoot":"","sources":["../../src/supply-chain/detector.ts"],"names":[],"mappings":"AAEA,OAAO,EAAqB,eAAe,EAAE,MAAM,aAAa,CAAC;AAEjE,OAAO,EAAkB,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAIzE;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,OAAO,CAAC;IACrB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,cAAc,CAAC,EAAE,oBAAoB,EAAE,CAAC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,MAAM,WAAW,MAAM;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,WAAW,GAAG,MAAM,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,WAAW,EAAE,IAAI,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,SAAS,GAAG,aAAa,GAAG,WAAW,CAAC;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAChD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;GAEG;AACH,qBAAa,mBAAmB;IAC9B;;OAEG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAIxE;;OAEG;IACG,yBAAyB,CAC7B,YAAY,EAAE,MAAM,EACpB,gBAAgB,CAAC,EAAE,MAAM,GACxB,OAAO,CAAC;QAAE,qBAAqB,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAoB9D;;OAEG;IACG,cAAc,CAClB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,qBAAqB,CAAC;IAiFjC;;OAEG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CA2D1E;AAGD,eAAO,MAAM,mBAAmB,qBAA4B,CAAC"}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.supplyChainDetector = exports.SupplyChainDetector = void 0;
|
|
4
|
-
|
|
4
|
+
// Stub prisma for standalone use
|
|
5
|
+
const prisma = null;
|
|
5
6
|
const typosquat_1 = require("./typosquat");
|
|
6
7
|
const malicious_db_1 = require("./malicious-db");
|
|
7
8
|
const script_analyzer_1 = require("./script-analyzer");
|
|
@@ -79,7 +80,7 @@ class SupplyChainDetector {
|
|
|
79
80
|
}
|
|
80
81
|
}
|
|
81
82
|
// Save to database
|
|
82
|
-
await
|
|
83
|
+
await prisma.dependencyAnalysis.create({
|
|
83
84
|
data: {
|
|
84
85
|
projectId,
|
|
85
86
|
packageName,
|
|
@@ -141,7 +142,7 @@ class SupplyChainDetector {
|
|
|
141
142
|
generatedAt: new Date(),
|
|
142
143
|
};
|
|
143
144
|
// @ts-ignore - SBOM model exists in schema, Prisma client may need regeneration
|
|
144
|
-
const savedSBOM = await
|
|
145
|
+
const savedSBOM = await prisma.sBOM.create({
|
|
145
146
|
data: {
|
|
146
147
|
id: sbom.id,
|
|
147
148
|
projectId,
|