ship-safe 5.0.1 → 6.1.0

package/README.md

@@ -2,6 +2,7 @@
   <img src=".github/assets/logo%20ship%20safe.png" alt="Ship Safe Logo" width="180" />
 </p>
 <p align="center"><strong>AI-powered application security platform for developers.</strong></p>
+<p align="center"><a href="https://shipsafecli.com">shipsafecli.com</a></p>
 
 <p align="center">
   <a href="https://www.npmjs.com/package/ship-safe"><img src="https://badge.fury.io/js/ship-safe.svg" alt="npm version" /></a>
@@ -14,32 +15,43 @@
 
 ---
 
-16 security agents. 80+ attack classes. One command.
+18 security agents. 80+ attack classes. One command.
 
-**Ship Safe v5.0** is an AI-powered security platform that runs 16 specialized agents in parallel against your codebase — scanning for secrets, injection vulnerabilities, auth bypass, SSRF, supply chain attacks, Supabase RLS misconfigs, Docker/Terraform/Kubernetes misconfigs, CI/CD pipeline poisoning, LLM/agentic AI security, MCP server misuse, RAG poisoning, PII compliance, and more. LLM-powered deep analysis verifies exploitability of critical findings. Secrets verification probes provider APIs to check if leaked keys are still active. A dedicated CI command (`ship-safe ci`) integrates into any pipeline with threshold-based gating and SARIF output.
+**Ship Safe v6.1** is an AI-powered security platform that runs 18 specialized agents in parallel against your codebase — scanning for secrets, injection vulnerabilities, auth bypass, SSRF, supply chain attacks, Supabase RLS misconfigs, Docker/Terraform/Kubernetes misconfigs, CI/CD pipeline poisoning, LLM/agentic AI security, MCP server misuse, RAG poisoning, PII compliance, vibe coding patterns, exception handling, AI agent config security, and more. OWASP 2025 scoring with EPSS exploit probability. LLM-powered deep analysis verifies exploitability of critical findings. Secrets verification probes provider APIs to check if leaked keys are still active. Compliance mapping to SOC 2, ISO 27001, and NIST AI RMF. Built-in threat intelligence feed with offline-first IOC matching. CI integration with GitHub PR comments, threshold gating, and SARIF output.
 
 ---
 
 ## Quick Start
 
 ```bash
-# Full security audit — secrets + 16 agents + deps + remediation plan
+# Full security audit — secrets + 18 agents + deps + remediation plan
 npx ship-safe audit .
 
 # LLM-powered deep analysis (Anthropic, OpenAI, Google, Ollama)
 npx ship-safe audit . --deep
 
-# Red team scan only (16 agents, 80+ attack classes)
+# Red team scan only (18 agents, 80+ attack classes)
 npx ship-safe red-team .
 
+# Scan only changed files (fast pre-commit & PR scanning)
+npx ship-safe diff
+npx ship-safe diff --staged
+
+# Fun emoji security grade with shareable badge
+npx ship-safe vibe-check .
+
+# Compare your score against industry averages
+npx ship-safe benchmark .
+
 # Quick secret scan
 npx ship-safe scan .
 
 # Security health score (0-100)
 npx ship-safe score .
 
-# CI/CD pipeline mode — compact output, exit codes, SARIF
+# CI/CD pipeline mode — compact output, exit codes, PR comments
 npx ship-safe ci .
+npx ship-safe ci . --github-pr
 
 # Accept current findings, only report regressions
 npx ship-safe baseline .
@@ -66,11 +78,11 @@ npx ship-safe audit .
 
 ```
 ════════════════════════════════════════════════════════════
-  Ship Safe v5.0 — Full Security Audit
+  Ship Safe v6.0 — Full Security Audit
 ════════════════════════════════════════════════════════════
 
   [Phase 1/4] Scanning for secrets...         ✔ 49 found
-  [Phase 2/4] Running 16 security agents...   ✔ 103 findings
+  [Phase 2/4] Running 18 security agents...   ✔ 103 findings
   [Phase 3/4] Auditing dependencies...        ✔ 44 CVEs
   [Phase 4/4] Computing security score...     ✔ 25/100 F
 
@@ -97,14 +109,15 @@ npx ship-safe audit .
 
 **What it runs:**
 1. **Secret scan** — 50+ patterns with entropy scoring (API keys, passwords, tokens)
-2. **16 security agents** — run in parallel with per-agent timeouts and framework-aware filtering (injection, auth, SSRF, supply chain, config, Supabase RLS, LLM, MCP, agentic AI, RAG, PII, mobile, git history, CI/CD, API)
-3. **Dependency audit** — npm/pip/bundler CVE scanning
+2. **18 security agents** — run in parallel with per-agent timeouts and framework-aware filtering (injection, auth, SSRF, supply chain, config, Supabase RLS, LLM, MCP, agentic AI, RAG, PII, vibe coding, exception handling, agent config, mobile, git history, CI/CD, API)
+3. **Dependency audit** — npm/pip/bundler CVE scanning with EPSS exploit probability scores
 4. **Secrets verification** — probes provider APIs (GitHub, Stripe, OpenAI, etc.) to check if leaked keys are still active
 5. **Deep analysis** — LLM-powered taint analysis verifies exploitability of critical/high findings (optional)
-6. **Score computation** — confidence-weighted scoring across 8 categories (0-100, A-F)
+6. **Score computation** — OWASP 2025 weighted scoring across 8 categories (0-100, A-F)
 7. **Context-aware confidence tuning** — downgrades findings in test files, docs, and comments
-8. **Remediation plan** — prioritized fix list grouped by severity
-9. **HTML report** — standalone dark-themed report with code context
+8. **Compliance mapping** — maps findings to SOC 2 Type II, ISO 27001:2022, and NIST AI Risk Management Framework controls
+9. **Remediation plan** — prioritized fix list grouped by severity
+10. **Interactive HTML report** — standalone dark-themed report with severity filtering, search, collapsible findings, compliance summary, and click-to-copy ignore annotations
 
 **Flags:**
 - `--json` — structured JSON output (clean for piping)
@@ -127,21 +140,24 @@ npx ship-safe audit .
 
 ---
 
-## 16 Security Agents
+## 18 Security Agents
 
 | Agent | Category | What It Detects |
 |-------|----------|-----------------|
 | **InjectionTester** | Code Vulns | SQL/NoSQL injection, command injection, code injection (eval), XSS, path traversal, XXE, ReDoS, prototype pollution, Python f-string SQL injection, Python subprocess shell injection |
 | **AuthBypassAgent** | Auth | JWT vulnerabilities (alg:none, weak secrets), cookie security, CSRF, OAuth misconfig, BOLA/IDOR, weak crypto, timing attacks, TLS bypass, Django `DEBUG = True`, Flask hardcoded secret keys |
 | **SSRFProber** | SSRF | User input in fetch/axios, cloud metadata endpoints, internal IPs, redirect following |
-| **SupplyChainAudit** | Supply Chain | Typosquatting (Levenshtein distance), git/URL dependencies, wildcard versions, suspicious install scripts, dependency confusion, scoped packages without registry pinning |
+| **SupplyChainAudit** | Supply Chain | Typosquatting (Levenshtein distance), git/URL dependencies, wildcard versions, suspicious install scripts, dependency confusion, lockfile integrity |
 | **ConfigAuditor** | Config | Dockerfile (running as root, :latest tags), Terraform (public S3/RDS, open SG, CloudFront HTTP, Lambda admin, S3 no versioning), Kubernetes (privileged containers, `:latest` tags, missing NetworkPolicy), CORS, CSP, Firebase, Nginx |
 | **SupabaseRLSAgent** | Auth | Supabase Row Level Security — `service_role` key in client code, `CREATE TABLE` without RLS, anon key inserts, unprotected storage operations |
 | **LLMRedTeam** | AI/LLM | OWASP LLM Top 10 — prompt injection, excessive agency, system prompt leakage, unbounded consumption, RAG poisoning |
-| **MCPSecurityAgent** | AI/LLM | MCP server security — unvalidated tool inputs, missing auth, excessive permissions, tool poisoning |
+| **MCPSecurityAgent** | AI/LLM | MCP server security — unvalidated tool inputs, missing auth, excessive permissions, tool poisoning, typosquatting detection, over-permissioned tools, shadow config discovery |
 | **AgenticSecurityAgent** | AI/LLM | OWASP Agentic AI Top 10 — agent hijacking, privilege escalation, unsafe code execution, memory poisoning |
 | **RAGSecurityAgent** | AI/LLM | RAG pipeline security — unvalidated embeddings, context injection, document poisoning, vector DB access control |
 | **PIIComplianceAgent** | Compliance | PII detection — SSNs, credit cards, emails, phone numbers in source code, logs, and configs |
+| **VibeCodingAgent** | Code Vulns | AI-generated code patterns — no input validation, empty catch blocks, hardcoded secrets, disabled security features, TODO-auth patterns |
+| **ExceptionHandlerAgent** | Code Vulns | OWASP A10:2025 — empty catch blocks, unhandled promise rejections, missing React error boundaries, leaked stack traces, generic catch-all without rethrow |
+| **AgentConfigScanner** | AI/LLM | AI agent config security — prompt injection in .cursorrules/CLAUDE.md/AGENTS.md/.windsurfrules, malicious Claude Code hooks (CVE-2026), OpenClaw public binding & malicious skills, encoded/obfuscated payloads, data exfiltration instructions, agent memory poisoning |
 | **MobileScanner** | Mobile | OWASP Mobile Top 10 2024 — insecure storage, WebView JS injection, HTTP endpoints, excessive permissions, debug mode |
 | **GitHistoryScanner** | Secrets | Leaked secrets in git commit history (checks if still active in working tree) |
 | **CICDScanner** | CI/CD | OWASP CI/CD Top 10 — pipeline poisoning, unpinned actions, secret logging, self-hosted runners, script injection |
@@ -160,7 +176,7 @@ npx ship-safe audit .
 # Full audit with remediation plan + HTML report
 npx ship-safe audit .
 
-# Red team: 16 agents, 80+ attack classes
+# Red team: 18 agents, 80+ attack classes
 npx ship-safe red-team .
 npx ship-safe red-team . --agents injection,auth    # Run specific agents
 npx ship-safe red-team . --html report.html         # HTML report
@@ -209,6 +225,28 @@ npx ship-safe baseline --diff
 npx ship-safe baseline --clear
 ```
 
+### Diff Scanning
+
+```bash
+# Scan only changed files (fast pre-commit & PR scanning)
+npx ship-safe diff                   # All uncommitted changes
+npx ship-safe diff --staged          # Only staged changes
+npx ship-safe diff HEAD~3            # Changes in last 3 commits
+npx ship-safe diff --json            # JSON output
+```
+
+### Vibe Check & Benchmark
+
+```bash
+# Fun emoji security grade
+npx ship-safe vibe-check .
+npx ship-safe vibe-check . --badge   # Generate shields.io README badge
+
+# Compare your score against industry averages (OWASP, Synopsys, Snyk)
+npx ship-safe benchmark .
+npx ship-safe benchmark . --json     # JSON output
+```
+
 ### CI/CD Pipeline
 
 ```bash
@@ -217,6 +255,7 @@ npx ship-safe ci .
 npx ship-safe ci . --threshold 80    # Custom passing score
 npx ship-safe ci . --fail-on critical # Fail on severity
 npx ship-safe ci . --sarif out.sarif  # SARIF for GitHub
+npx ship-safe ci . --github-pr       # Post results as PR comment
 ```
 
 ### Deep Analysis & Verification
@@ -238,6 +277,52 @@ npx ship-safe audit . --verify
 npx ship-safe doctor
 ```
 
+### OpenClaw Security
+
+```bash
+# Focused OpenClaw security scan
+npx ship-safe openclaw .
+
+# Auto-harden OpenClaw configs (0.0.0.0→127.0.0.1, add auth, ws→wss)
+npx ship-safe openclaw . --fix
+
+# Red team: simulate ClawJacked, prompt injection, data exfil attacks
+npx ship-safe openclaw . --red-team
+
+# CI preflight — exit non-zero on critical findings
+npx ship-safe openclaw . --preflight
+
+# Scan a skill before installing it
+npx ship-safe scan-skill https://clawhub.io/skills/some-skill
+npx ship-safe scan-skill ./local-skill.json
+npx ship-safe scan-skill --all              # Scan all skills from openclaw.json
+
+# Generate hardened OpenClaw config
+npx ship-safe init --openclaw
+
+# Generate Agent Bill of Materials (CycloneDX 1.5)
+npx ship-safe abom .
+```
+
+### Threat Intelligence
+
+```bash
+# Update threat intel feed (ClawHavoc IOCs, malicious skills, config signatures)
+npx ship-safe update-intel
+
+# Ships with offline-first seed data — no internet required for scanning
+```
+
+### Defensive Hooks
+
+```bash
+# Install Claude Code defensive hooks (blocks curl|bash, exfil domains, rm -rf /)
+npx ship-safe guard --generate-hooks
+
+# Watch agent config files for drift (.cursorrules, CLAUDE.md, openclaw.json)
+npx ship-safe watch . --configs
+```
+
 ### Infrastructure Commands
 
 ```bash
@@ -275,7 +360,7 @@ claude plugin add github:asamassekou10/ship-safe
 
 | Command | Description |
 |---------|-------------|
-| `/ship-safe` | Full security audit — 16 agents, remediation plan, auto-fix |
+| `/ship-safe` | Full security audit — 18 agents, remediation plan, auto-fix |
 | `/ship-safe-scan` | Quick scan for leaked secrets |
 | `/ship-safe-score` | Security health score (0-100) |
 | `/ship-safe-deep` | LLM-powered deep taint analysis |
@@ -344,12 +429,14 @@ Starts at 100. Each finding deducts points by severity and category, weighted by
 |----------|--------|----------|------|--------|-----|
 | Secrets | 15% | -25 | -15 | -5 | -15 |
 | Code Vulnerabilities | 15% | -20 | -10 | -3 | -15 |
-| Dependencies | 15% | -20 | -10 | -5 | -15 |
+| Dependencies | 13% | -20 | -10 | -5 | -13 |
 | Auth & Access Control | 15% | -20 | -10 | -3 | -15 |
-| Configuration | 10% | -15 | -8 | -3 | -10 |
-| Supply Chain | 10% | -15 | -8 | -3 | -10 |
+| Configuration | 8% | -15 | -8 | -3 | -8 |
+| Supply Chain | 12% | -15 | -8 | -3 | -12 |
 | API Security | 10% | -15 | -8 | -3 | -10 |
-| AI/LLM Security | 10% | -15 | -8 | -3 | -10 |
+| AI/LLM Security | 12% | -15 | -8 | -3 | -12 |
+
+*Weights aligned with OWASP Top 10 2025 risk rankings.*
 
 **Grades:** A (90-100), B (75-89), C (60-74), D (40-59), F (0-39)
 
@@ -411,7 +498,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Security gate
-        run: npx ship-safe ci . --threshold 75 --sarif results.sarif
+        run: npx ship-safe ci . --threshold 75 --sarif results.sarif --github-pr
 
       - uses: github/codeql-action/upload-sarif@v3
         if: always()
@@ -504,4 +591,4 @@ MIT - Use it, share it, secure your stuff.
 
 ---
 
-**Ship fast. Ship safe.**
+**Ship fast. Ship safe.** — [shipsafecli.com](https://shipsafecli.com)

package/cli/agents/abom-generator.js

@@ -0,0 +1,225 @@
+/**
+ * Agent Bill of Materials (ABOM) Generator
+ * ==========================================
+ *
+ * Generates an Agent-focused BOM in CycloneDX 1.5 format.
+ * Lists all AI agent components: MCP servers, OpenClaw skills,
+ * agent config files, LLM providers.
+ *
+ * This complements the SBOMGenerator (software dependencies)
+ * with agent-specific component inventory for compliance and
+ * supply chain visibility.
+ */
+
+import fs from 'fs';
+import path from 'path';
+import fg from 'fast-glob';
+
+// Agent config files to discover (from AgentConfigScanner)
+const AGENT_CONFIG_FILES = [
+  '.cursorrules', '.windsurfrules', 'CLAUDE.md', 'AGENTS.md',
+  '.github/copilot-instructions.md', '.aider.conf.yml', '.continue/config.json',
+];
+
+const MCP_CONFIG_FILES = [
+  'mcp.json', '.cursor/mcp.json', '.vscode/mcp.json',
+  'claude_desktop_config.json', '.claude/settings.json',
+];
+
+const OPENCLAW_FILES = ['openclaw.json', 'openclaw.config.json', 'clawhub.json'];
+
+const LLM_ENV_VARS = [
+  'OPENAI_API_KEY', 'ANTHROPIC_API_KEY', 'GOOGLE_AI_API_KEY',
+  'AZURE_OPENAI_API_KEY', 'OLLAMA_HOST', 'GROQ_API_KEY',
+  'MISTRAL_API_KEY', 'COHERE_API_KEY',
+];
+
+export class ABOMGenerator {
+  /**
+   * Generate a CycloneDX 1.5 ABOM.
+   * @param {string} rootPath — Project root directory
+   * @returns {object} — CycloneDX JSON with agent components
+   */
+  generate(rootPath) {
+    const components = [];
+    let componentIndex = 0;
+
+    // ── MCP Servers ──────────────────────────────────────────────────────────
+    for (const rel of MCP_CONFIG_FILES) {
+      const full = path.join(rootPath, rel);
+      if (!fs.existsSync(full)) continue;
+      try {
+        const data = JSON.parse(fs.readFileSync(full, 'utf-8'));
+        const servers = data.mcpServers || data.servers || {};
+        for (const [name, config] of Object.entries(servers)) {
+          components.push({
+            'bom-ref': `agent-${componentIndex++}`,
+            type: 'framework',
+            name,
+            version: config.version || 'unknown',
+            description: `MCP server from ${rel}`,
+            purl: config.command ? `pkg:mcp/${encodeURIComponent(name)}` : undefined,
+            properties: [
+              { name: 'agent:type', value: 'mcp-server' },
+              { name: 'agent:source', value: rel },
+              { name: 'agent:command', value: config.command || 'N/A' },
+              { name: 'agent:transport', value: config.transport || 'stdio' },
+            ],
+          });
+        }
+      } catch { /* skip */ }
+    }
+
+    // ── OpenClaw Skills ──────────────────────────────────────────────────────
+    for (const rel of OPENCLAW_FILES) {
+      const full = path.join(rootPath, rel);
+      if (!fs.existsSync(full)) continue;
+      try {
+        const data = JSON.parse(fs.readFileSync(full, 'utf-8'));
+        const skills = data.skills || [];
+        for (const skill of skills) {
+          const skillName = typeof skill === 'string' ? skill : skill.name || skill.id || 'unnamed';
+          const skillSource = typeof skill === 'object' ? (skill.source || skill.url || 'local') : 'config';
+          components.push({
+            'bom-ref': `agent-${componentIndex++}`,
+            type: 'library',
+            name: skillName,
+            version: (typeof skill === 'object' ? skill.version : null) || 'unknown',
+            description: `OpenClaw skill from ${rel}`,
+            purl: `pkg:openclaw/${encodeURIComponent(skillName)}`,
+            properties: [
+              { name: 'agent:type', value: 'openclaw-skill' },
+              { name: 'agent:source', value: skillSource },
+              { name: 'agent:verified', value: String(typeof skill === 'object' ? !!skill.verified : false) },
+            ],
+          });
+        }
+
+        // Record OpenClaw config itself
+        components.push({
+          'bom-ref': `agent-${componentIndex++}`,
+          type: 'data',
+          name: `openclaw-config:${rel}`,
+          version: data.version || '1.0.0',
+          description: `OpenClaw gateway configuration`,
+          properties: [
+            { name: 'agent:type', value: 'openclaw-config' },
+            { name: 'agent:host', value: data.host || 'localhost' },
+            { name: 'agent:auth', value: data.auth ? 'enabled' : 'disabled' },
+          ],
+        });
+      } catch { /* skip */ }
+    }
+
+    // ── Agent Config Files ───────────────────────────────────────────────────
+    for (const rel of AGENT_CONFIG_FILES) {
+      const full = path.join(rootPath, rel);
+      if (!fs.existsSync(full)) continue;
+      try {
+        const stat = fs.statSync(full);
+        components.push({
+          'bom-ref': `agent-${componentIndex++}`,
+          type: 'data',
+          name: `agent-config:${rel}`,
+          version: stat.mtime.toISOString().split('T')[0],
+          description: `AI agent instruction file`,
+          properties: [
+            { name: 'agent:type', value: 'agent-rules' },
+            { name: 'agent:file', value: rel },
+            { name: 'agent:size', value: String(stat.size) },
+          ],
+        });
+      } catch { /* skip */ }
+    }
+
+    // ── Glob-based config files ──────────────────────────────────────────────
+    try {
+      const globs = ['.cursor/rules/*.mdc', '.openclaw/**/*.json', '.claude/commands/*.md'];
+      const found = fg.sync(globs, { cwd: rootPath, absolute: true, dot: true });
+      for (const full of found) {
+        const rel = path.relative(rootPath, full).replace(/\\/g, '/');
+        try {
+          const stat = fs.statSync(full);
+          components.push({
+            'bom-ref': `agent-${componentIndex++}`,
+            type: 'data',
+            name: `agent-config:${rel}`,
+            version: stat.mtime.toISOString().split('T')[0],
+            description: `AI agent configuration file`,
+            properties: [
+              { name: 'agent:type', value: 'agent-config' },
+              { name: 'agent:file', value: rel },
+            ],
+          });
+        } catch { /* skip */ }
+      }
+    } catch { /* skip */ }
+
+    // ── LLM Providers ────────────────────────────────────────────────────────
+    for (const envVar of LLM_ENV_VARS) {
+      if (process.env[envVar]) {
+        const provider = envVar.replace(/_API_KEY$/, '').replace(/_HOST$/, '').toLowerCase();
+        components.push({
+          'bom-ref': `agent-${componentIndex++}`,
+          type: 'service',
+          name: `llm-provider:${provider}`,
+          version: 'detected',
+          description: `LLM provider detected via ${envVar} environment variable`,
+          properties: [
+            { name: 'agent:type', value: 'llm-provider' },
+            { name: 'agent:env-var', value: envVar },
+            { name: 'agent:key-present', value: 'true' },
+          ],
+        });
+      }
+    }
+
+    // ── Build CycloneDX BOM ──────────────────────────────────────────────────
+    return {
+      bomFormat: 'CycloneDX',
+      specVersion: '1.5',
+      serialNumber: `urn:uuid:${this._uuid()}`,
+      version: 1,
+      metadata: {
+        timestamp: new Date().toISOString(),
+        tools: [{ vendor: 'ship-safe', name: 'ship-safe-abom', version: '6.1.0' }],
+        component: this._getProjectMeta(rootPath),
+        lifecycles: [{ phase: 'build' }],
+      },
+      components,
+      compositions: [{
+        aggregate: 'incomplete',
+        assemblies: components.map(c => c['bom-ref']),
+      }],
+    };
+  }
+
+  /**
+   * Generate ABOM and write to file.
+   */
+  generateToFile(rootPath, outputPath) {
+    const bom = this.generate(rootPath);
+    fs.writeFileSync(outputPath, JSON.stringify(bom, null, 2));
+    return outputPath;
+  }
+
+  _getProjectMeta(rootPath) {
+    try {
+      const pkgPath = path.join(rootPath, 'package.json');
+      if (fs.existsSync(pkgPath)) {
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+        return { type: 'application', name: pkg.name || path.basename(rootPath), version: pkg.version || '0.0.0' };
+      }
+    } catch { /* skip */ }
+    return { type: 'application', name: path.basename(rootPath), version: '0.0.0' };
+  }
+
+  _uuid() {
+    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, c => {
+      const r = Math.random() * 16 | 0;
+      return (c === 'x' ? r : (r & 0x3 | 0x8)).toString(16);
+    });
+  }
+}
+
+export default ABOMGenerator;