nsauditor-ai 0.1.25 → 0.1.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -3
- package/cli.mjs +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -49,13 +49,18 @@ NSAuditor AI is available in three editions:
|
|
|
49
49
|
| Advanced CTEM + trend analysis | — | ✅ | ✅ |
|
|
50
50
|
| Cloud scanners (AWS/GCP/Azure) | — | — | ✅ |
|
|
51
51
|
| Zero Trust assessment | — | — | ✅ |
|
|
52
|
-
|
|
|
52
|
+
| SOC 2 compliance (7 covered + 5 partial controls) | — | — | ✅ |
|
|
53
|
+
| SLA/MTTR tracking + compensating controls | — | — | ✅ |
|
|
54
|
+
| Recurring-scan attestation (Type II evidence) | — | — | ✅ |
|
|
55
|
+
| GRC platform connector (Vanta) | — | — | ✅ |
|
|
56
|
+
| WORM evidence storage (S3 Object Lock) | — | — | ✅ |
|
|
57
|
+
| Tabletop simulation + SIEM correlation | — | — | ✅ |
|
|
53
58
|
| Docker per-scan isolation | — | — | ✅ |
|
|
54
59
|
| Air-gapped deployment | — | — | ✅ |
|
|
55
60
|
|
|
56
61
|
**This repository is the Community Edition** — fully functional, MIT-licensed, no restrictions. Pro and Enterprise features are available via the [`@nsasoft/nsauditor-ai-ee`](https://www.nsauditor.com/ai/pricing) package.
|
|
57
62
|
|
|
58
|
-
→ [
|
|
63
|
+
→ [Get Pro or Enterprise](https://www.nsauditor.com/ai/pricing/)
|
|
59
64
|
|
|
60
65
|
---
|
|
61
66
|
|
|
@@ -165,6 +170,12 @@ Results land in `./out/<host>_<timestamp>/`:
|
|
|
165
170
|
| 021 | GCP Cloud Scanner | Enterprise | Firewall rules + IAM bindings |
|
|
166
171
|
| 022 | Azure Cloud Scanner | Enterprise | NSG rules + RBAC analysis |
|
|
167
172
|
| 023 | Zero Trust Checker | Enterprise | Segmentation, encryption, identity, lateral movement scoring |
|
|
173
|
+
| — | SOC 2 Compliance Engine | Enterprise | AICPA TSC 2017 control mapping, chain-of-custody, RFC 3161 timestamps, suppression workflow |
|
|
174
|
+
| — | SLA & MTTR Tracking | Enterprise | Per-severity SLA targets, compensating-control flow, finding lifecycle |
|
|
175
|
+
| — | Recurring-Scan Attestation | Enterprise | Multi-scan chronological matrix, cadence gap detection, scope drift (CC8.1) |
|
|
176
|
+
| — | GRC Platform Connector | Enterprise | Native API push to Vanta with retry/backoff, idempotency, rate-limit handling |
|
|
177
|
+
| — | WORM Evidence Storage | Enterprise | S3 Object Lock COMPLIANCE-mode, resource redaction, SHA-256 manifest |
|
|
178
|
+
| — | Tabletop Simulation | Enterprise | Probe-event manifest + SIEM detection correlation, configurable coverage bands |
|
|
168
179
|
|
|
169
180
|
---
|
|
170
181
|
|
|
@@ -588,7 +599,7 @@ License keys are delivered automatically via Stripe webhook — no manual proces
|
|
|
588
599
|
|
|
589
600
|
No license key? Everything in this repository works perfectly without one. The CE is not crippled — it's a complete, production-ready security scanner.
|
|
590
601
|
|
|
591
|
-
→ [Pricing](https://www.nsauditor.com/ai/pricing
|
|
602
|
+
→ [Pricing](https://www.nsauditor.com/ai/pricing/) · [Enterprise contact](https://www.nsauditor.com/ai/enterprise)
|
|
592
603
|
|
|
593
604
|
---
|
|
594
605
|
|
package/cli.mjs
CHANGED
|
@@ -350,7 +350,7 @@ async function maybeSendToOpenAI({ host, results, conclusion, promptMode = 'basi
|
|
|
350
350
|
|
|
351
351
|
resp = await client.messages.create({
|
|
352
352
|
model,
|
|
353
|
-
max_tokens:
|
|
353
|
+
max_tokens: 16384,
|
|
354
354
|
system: promptText,
|
|
355
355
|
messages: [
|
|
356
356
|
{ role: 'user', content: userContent }
|