tc-scanner 0.1.0 → 0.1.1

package/README.md

@@ -1,46 +1,177 @@
 # tc-scanner
 
-CI security scanner for Dockerfiles, dependencies, and secrets. Powered by Trivy.
+A CI security scanner for Dockerfiles, container images, dependencies, and secrets. Powered by [Trivy](https://trivy.dev/).
 
 ## Requirements
 
-**Docker is required.** Trivy runs inside a container - no other installation needed. All major CI platforms (Bitbucket, GitHub Actions, GitLab CI, CircleCI) have Docker available.
+**Docker is required.** The scanner runs Trivy inside a container, so no additional installation is needed. All major CI platforms (Bitbucket Pipelines, GitHub Actions, GitLab CI, CircleCI) have Docker available by default.
 
-## One-Line Usage
+## Installation
+
+No installation required. Use directly with `npx`:
+
+```bash
+npx tc-scanner scan ./Dockerfile
+```
+
+Or install globally:
+
+```bash
+npm install -g tc-scanner
+tc-scan scan ./Dockerfile
+```
+
+## Quick Start
 
 ```bash
-# Scan a Dockerfile
+# Scan a Dockerfile for misconfigurations
 npx tc-scanner scan ./Dockerfile
 
-# Scan dependencies (requires package-lock.json, yarn.lock, or pnpm-lock.yaml)
-npx tc-scanner deps ./my-project
+# Scan project dependencies for known vulnerabilities
+npx tc-scanner deps .
 
-# Scan for secrets
+# Scan code for hardcoded secrets
 npx tc-scanner secrets ./src
 
 # Scan a container image
 npx tc-scanner image nginx:latest
 ```
 
-## Send Results to Webhook
+## Commands
+
+### `scan` - Dockerfile Security
+
+Scans Dockerfiles for security misconfigurations.
+
+```bash
+npx tc-scanner scan ./Dockerfile
+npx tc-scanner scan ./Dockerfile --severity HIGH
+npx tc-scanner scan ./Dockerfile --output ./reports/dockerfile-scan
+```
+
+**What it detects:**
+- Running as root user
+- Missing HEALTHCHECK instruction
+- Using `latest` tag instead of pinned versions
+- Insecure `ADD` instead of `COPY`
+- Exposed sensitive ports
+- Missing USER instruction
+
+### `deps` - Dependency Vulnerabilities
+
+Scans package lockfiles for known CVEs (similar to Snyk/npm audit).
+
+```bash
+npx tc-scanner deps .
+npx tc-scanner deps ./backend --severity CRITICAL
+npx tc-scanner deps . --include-dev
+```
+
+**Supported lockfiles:**
+- `package-lock.json` (npm)
+- `yarn.lock` (Yarn)
+- `pnpm-lock.yaml` (pnpm)
+- `Gemfile.lock` (Ruby)
+- `requirements.txt` / `Pipfile.lock` (Python)
+- `go.sum` (Go)
+- `composer.lock` (PHP)
+
+### `secrets` - Secret Detection
+
+Scans code for hardcoded secrets and sensitive data.
+
+```bash
+npx tc-scanner secrets .
+npx tc-scanner secrets ./src --output ./reports/secrets
+```
+
+**What it detects:**
+- AWS access keys and secrets
+- API tokens (Stripe, GitHub, Slack, etc.)
+- Private keys (RSA, SSH, PGP)
+- Database connection strings
+- Hardcoded passwords
+- JWT secrets
+
+### `image` - Container Image Scanning
+
+Scans container images for OS and application vulnerabilities.
+
+```bash
+npx tc-scanner image nginx:latest
+npx tc-scanner image myapp:v1.2.3 --severity HIGH,CRITICAL
+```
+
+**What it detects:**
+- OS package vulnerabilities (Alpine, Debian, Ubuntu, RHEL, etc.)
+- Application dependencies inside the image
+- Embedded secrets and misconfigurations
+
+## Options
+
+| Option | Alias | Description | Default |
+|--------|-------|-------------|---------|
+| `--severity` | `-s` | Minimum severity level: `LOW`, `MEDIUM`, `HIGH`, `CRITICAL` | `HIGH` |
+| `--output` | `-o` | Save reports to file (creates `.json`, `.txt`, `.html`) | - |
+| `--webhook` | `-w` | Send results to a webhook URL | - |
+| `--exit-code` | - | Exit code when issues are found | `1` |
+| `--include-dev` | - | Include dev dependencies (deps command only) | `false` |
+
+## Reports
+
+Generate reports in multiple formats:
+
+```bash
+npx tc-scanner scan ./Dockerfile --output ./reports/scan-report
+```
+
+This creates:
+- `scan-report.json` - Structured data for APIs and integrations
+- `scan-report.txt` - Plain text for email notifications
+- `scan-report.html` - Styled HTML report for attachments
+
+## Webhooks
+
+Send scan results to any webhook endpoint:
 
 ```bash
-npx tc-scanner scan ./Dockerfile --webhook https://your-webhook.com/endpoint
-npx tc-scanner deps . --webhook https://hooks.slack.com/services/xxx
+# Generic webhook
+npx tc-scanner scan ./Dockerfile --webhook https://your-api.com/security-alerts
+
+# Slack incoming webhook
+npx tc-scanner scan ./Dockerfile --webhook https://hooks.slack.com/services/xxx/yyy/zzz
 ```
 
-Webhook payload:
+**Webhook payload:**
+
 ```json
 {
   "scanner": "tc-scanner",
   "scanType": "dockerfile",
   "timestamp": "2024-01-15T10:30:00.000Z",
-  "summary": { "total": 2, "critical": 0, "high": 1, "medium": 1, "low": 0 },
-  "issues": [...]
+  "target": "./Dockerfile",
+  "summary": {
+    "total": 3,
+    "critical": 0,
+    "high": 1,
+    "medium": 2,
+    "low": 0
+  },
+  "issues": [
+    {
+      "id": "DS-0002",
+      "severity": "HIGH",
+      "title": "Last USER command should not be 'root'",
+      "description": "Running containers with 'root' user can lead to container escape.",
+      "url": "https://avd.aquasec.com/misconfig/ds-0002"
+    }
+  ]
 }
 ```
 
-## Bitbucket Pipelines
+## CI/CD Integration
+
+### Bitbucket Pipelines
 
 ```yaml
 image: node:20
@@ -59,72 +190,138 @@ pipelines:
         script:
           - npx tc-scanner scan ./Dockerfile --severity HIGH
           - npx tc-scanner deps . --severity HIGH
+
+  pull-requests:
+    '**':
+      - step:
+          name: PR Security Check
+          services:
+            - docker
+          script:
+            - npx tc-scanner scan ./Dockerfile --severity CRITICAL
+            - npx tc-scanner secrets ./src
 ```
 
-## GitHub Actions
+### GitHub Actions
 
 ```yaml
+name: Security Scan
+
+on: [push, pull_request]
+
 jobs:
   security:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Security Scan
-        run: |
-          npx tc-scanner scan ./Dockerfile --severity HIGH
-          npx tc-scanner deps . --severity HIGH
+      
+      - name: Scan Dockerfile
+        run: npx tc-scanner scan ./Dockerfile --severity HIGH
+      
+      - name: Scan Dependencies
+        run: npx tc-scanner deps . --severity HIGH
+      
+      - name: Scan for Secrets
+        run: npx tc-scanner secrets ./src
 ```
 
-## GitLab CI
+### GitLab CI
 
 ```yaml
 security-scan:
   image: node:20
   services:
     - docker:dind
+  variables:
+    DOCKER_HOST: tcp://docker:2375
   script:
     - npx tc-scanner scan ./Dockerfile --severity HIGH
     - npx tc-scanner deps . --severity HIGH
+    - npx tc-scanner secrets ./src
+  artifacts:
+    paths:
+      - reports/
+    when: always
+```
+
+### CircleCI
+
+```yaml
+version: 2.1
+
+jobs:
+  security-scan:
+    docker:
+      - image: cimg/node:20.0
+    steps:
+      - checkout
+      - setup_remote_docker
+      - run:
+          name: Security Scan
+          command: |
+            npx tc-scanner scan ./Dockerfile --severity HIGH
+            npx tc-scanner deps . --severity HIGH
+
+workflows:
+  main:
+    jobs:
+      - security-scan
 ```
 
-## CLI Options
+## Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| `0` | No issues found (or below severity threshold) |
+| `1` | Issues found at or above severity threshold |
 
+Use `--exit-code 0` to always pass (useful for non-blocking scans):
+
+```bash
+npx tc-scanner scan ./Dockerfile --exit-code 0
 ```
-Usage: tc-scan [command] [options]
 
-Commands:
-  scan [path]      Scan a Dockerfile
-  deps [path]      Scan project dependencies
-  secrets [path]   Scan for secrets in code
-  image <name>     Scan a container image
+## Severity Levels
+
+| Level | Description |
+|-------|-------------|
+| `CRITICAL` | Severe vulnerabilities requiring immediate action |
+| `HIGH` | Important security issues that should be fixed soon |
+| `MEDIUM` | Moderate issues to address in regular maintenance |
+| `LOW` | Minor issues or best practice recommendations |
 
-Options:
-  -s, --severity   Minimum severity: LOW, MEDIUM, HIGH, CRITICAL (default: HIGH)
-  -o, --output     Save report to file (generates .json, .txt, .html)
-  --exit-code      Exit code when issues found (default: 1)
-  --include-dev    Include dev dependencies in scan
+## Examples
+
+**Fail CI only on critical issues:**
+```bash
+npx tc-scanner scan ./Dockerfile --severity CRITICAL
 ```
 
-## Generate Reports
+**Full security audit with reports:**
+```bash
+npx tc-scanner scan ./Dockerfile --output ./reports/dockerfile --severity LOW
+npx tc-scanner deps . --output ./reports/deps --severity LOW --include-dev
+npx tc-scanner secrets ./src --output ./reports/secrets
+```
 
+**Send alerts to Slack on failures:**
 ```bash
-# Generates scan-report.json, scan-report.txt, scan-report.html
-npx tc-scanner scan ./Dockerfile --output ./reports/scan-report
+npx tc-scanner scan ./Dockerfile --webhook $SLACK_WEBHOOK_URL
 ```
 
-Reports can be:
-- Attached to CI artifacts
-- Sent via email
-- Posted to Slack/webhooks
+## Troubleshooting
+
+**"Docker is required"**
+- Ensure Docker is installed and running
+- In CI, enable the Docker service (see examples above)
 
-## What It Detects
+**"No lockfile found" (deps command)**
+- The scanner needs `package-lock.json`, `yarn.lock`, or similar
+- Run `npm install` or your package manager to generate a lockfile
 
-| Scan Type | Detects |
-|-----------|---------|
-| `scan` | Dockerfile misconfigurations (missing HEALTHCHECK, running as root, etc.) |
-| `deps` | Known CVEs in npm/yarn/pnpm packages |
-| `secrets` | API keys, tokens, passwords, private keys in code |
-| `image` | OS package vulnerabilities + app dependencies in containers |
+**Slow first run**
+- First run downloads the Trivy Docker image (~50MB) and vulnerability database (~80MB)
+- Subsequent runs are faster due to caching
 
 ## License
 

package/bin/cli.js

@@ -6,128 +6,239 @@ import { scanDockerfile, scanImage, scanFilesystem, sendWebhook } from '../src/s
 const main = defineCommand({
   meta: {
     name: 'tc-scan',
-    version: '0.1.0',
-    description: 'CI security scanner for Dockerfiles, dependencies, and secrets. Requires Docker.',
+    version: '0.1.1',
+    description: 'CI security scanner for Dockerfiles, images, dependencies, and secrets.\n\nRequires Docker. Powered by Trivy.',
   },
   subCommands: {
     scan: defineCommand({
-      meta: { description: 'Scan a Dockerfile for misconfigurations' },
+      meta: {
+        name: 'scan',
+        description: 'Scan a Dockerfile for security misconfigurations.\n\nDetects: running as root, missing HEALTHCHECK, unpinned versions, insecure ADD, and more.',
+      },
       args: {
-        path: { type: 'positional', description: 'Path to Dockerfile', default: './Dockerfile' },
-        severity: { type: 'string', alias: 's', description: 'Minimum severity (LOW, MEDIUM, HIGH, CRITICAL)', default: 'HIGH' },
-        output: { type: 'string', alias: 'o', description: 'Save report to file (generates .json, .txt, .html)' },
-        webhook: { type: 'string', alias: 'w', description: 'Send results to webhook URL' },
-        'exit-code': { type: 'string', description: 'Exit code when issues found', default: '1' },
+        path: {
+          type: 'positional',
+          description: 'Path to Dockerfile',
+          default: './Dockerfile',
+        },
+        severity: {
+          type: 'string',
+          alias: 's',
+          description: 'Minimum severity to report (LOW, MEDIUM, HIGH, CRITICAL)',
+          default: 'HIGH',
+        },
+        output: {
+          type: 'string',
+          alias: 'o',
+          description: 'Save report to file (creates .json, .txt, .html)',
+        },
+        webhook: {
+          type: 'string',
+          alias: 'w',
+          description: 'Send results to webhook URL (Slack, custom endpoint)',
+        },
+        'exit-code': {
+          type: 'string',
+          description: 'Exit code when issues found (use 0 to never fail)',
+          default: '1',
+        },
       },
       async run({ args }) {
-        console.log('━'.repeat(50));
-        console.log('  TC-Secure Scanner');
-        console.log('━'.repeat(50));
-        console.log();
-
-        const result = await scanDockerfile(args.path, {
-          severity: args.severity,
-          output: args.output,
-          exitCode: args['exit-code'],
-        });
-
-        if (args.webhook && result.json) {
-          await sendWebhook(args.webhook, result.json, 'dockerfile');
+        printHeader('Dockerfile Scanner');
+        
+        try {
+          const result = await scanDockerfile(args.path, {
+            severity: args.severity,
+            output: args.output,
+            exitCode: args['exit-code'],
+          });
+
+          if (args.webhook && result.json) {
+            await sendWebhook(args.webhook, result.json, 'dockerfile');
+          }
+
+          process.exit(result.exitCode);
+        } catch (error) {
+          console.error(`\nError: ${error.message}`);
+          process.exit(1);
         }
-
-        process.exit(result.exitCode);
       },
     }),
 
     image: defineCommand({
-      meta: { description: 'Scan a container image for vulnerabilities' },
+      meta: {
+        name: 'image',
+        description: 'Scan a container image for vulnerabilities.\n\nDetects: OS package CVEs, application dependency vulnerabilities, embedded secrets.',
+      },
       args: {
-        image: { type: 'positional', description: 'Image name (e.g., nginx:latest)', required: true },
-        severity: { type: 'string', alias: 's', description: 'Minimum severity', default: 'HIGH' },
-        output: { type: 'string', alias: 'o', description: 'Save report to file' },
-        webhook: { type: 'string', alias: 'w', description: 'Send results to webhook URL' },
-        'exit-code': { type: 'string', description: 'Exit code when issues found', default: '1' },
+        image: {
+          type: 'positional',
+          description: 'Image name (e.g., nginx:latest, myapp:v1.2.3)',
+          required: true,
+        },
+        severity: {
+          type: 'string',
+          alias: 's',
+          description: 'Minimum severity to report (LOW, MEDIUM, HIGH, CRITICAL)',
+          default: 'HIGH',
+        },
+        output: {
+          type: 'string',
+          alias: 'o',
+          description: 'Save report to file (creates .json, .txt, .html)',
+        },
+        webhook: {
+          type: 'string',
+          alias: 'w',
+          description: 'Send results to webhook URL',
+        },
+        'exit-code': {
+          type: 'string',
+          description: 'Exit code when issues found',
+          default: '1',
+        },
       },
       async run({ args }) {
-        console.log('━'.repeat(50));
-        console.log('  TC-Secure Image Scanner');
-        console.log('━'.repeat(50));
-        console.log();
-
-        const result = await scanImage(args.image, {
-          severity: args.severity,
-          output: args.output,
-          exitCode: args['exit-code'],
-        });
-
-        if (args.webhook && result.json) {
-          await sendWebhook(args.webhook, result.json, 'image');
+        printHeader('Image Scanner');
+
+        try {
+          const result = await scanImage(args.image, {
+            severity: args.severity,
+            output: args.output,
+            exitCode: args['exit-code'],
+          });
+
+          if (args.webhook && result.json) {
+            await sendWebhook(args.webhook, result.json, 'image');
+          }
+
+          process.exit(result.exitCode);
+        } catch (error) {
+          console.error(`\nError: ${error.message}`);
+          process.exit(1);
         }
-
-        process.exit(result.exitCode);
       },
     }),
 
     deps: defineCommand({
-      meta: { description: 'Scan project dependencies (package-lock.json, yarn.lock, etc.)' },
+      meta: {
+        name: 'deps',
+        description: 'Scan project dependencies for known vulnerabilities (CVEs).\n\nSupports: npm, yarn, pnpm, pip, bundler, composer, go modules.',
+      },
       args: {
-        path: { type: 'positional', description: 'Path to project directory', default: '.' },
-        severity: { type: 'string', alias: 's', description: 'Minimum severity', default: 'HIGH' },
-        output: { type: 'string', alias: 'o', description: 'Save report to file' },
-        webhook: { type: 'string', alias: 'w', description: 'Send results to webhook URL' },
-        'exit-code': { type: 'string', description: 'Exit code when issues found', default: '1' },
-        'include-dev': { type: 'boolean', description: 'Include dev dependencies', default: false },
+        path: {
+          type: 'positional',
+          description: 'Path to project directory containing lockfile',
+          default: '.',
+        },
+        severity: {
+          type: 'string',
+          alias: 's',
+          description: 'Minimum severity to report (LOW, MEDIUM, HIGH, CRITICAL)',
+          default: 'HIGH',
+        },
+        output: {
+          type: 'string',
+          alias: 'o',
+          description: 'Save report to file (creates .json, .txt, .html)',
+        },
+        webhook: {
+          type: 'string',
+          alias: 'w',
+          description: 'Send results to webhook URL',
+        },
+        'exit-code': {
+          type: 'string',
+          description: 'Exit code when issues found',
+          default: '1',
+        },
+        'include-dev': {
+          type: 'boolean',
+          description: 'Include development dependencies in scan',
+          default: false,
+        },
       },
       async run({ args }) {
-        console.log('━'.repeat(50));
-        console.log('  TC-Secure Dependency Scanner');
-        console.log('━'.repeat(50));
-        console.log();
-
-        const result = await scanFilesystem(args.path, {
-          severity: args.severity,
-          output: args.output,
-          exitCode: args['exit-code'],
-          includeDev: args['include-dev'],
-          scanType: 'vuln',
-        });
-
-        if (args.webhook && result.json) {
-          await sendWebhook(args.webhook, result.json, 'dependencies');
+        printHeader('Dependency Scanner');
+
+        try {
+          const result = await scanFilesystem(args.path, {
+            severity: args.severity,
+            output: args.output,
+            exitCode: args['exit-code'],
+            includeDev: args['include-dev'],
+            scanType: 'vuln',
+          });
+
+          if (args.webhook && result.json) {
+            await sendWebhook(args.webhook, result.json, 'dependencies');
+          }
+
+          process.exit(result.exitCode);
+        } catch (error) {
+          console.error(`\nError: ${error.message}`);
+          process.exit(1);
         }
-
-        process.exit(result.exitCode);
       },
     }),
 
     secrets: defineCommand({
-      meta: { description: 'Scan for secrets and sensitive data in code' },
+      meta: {
+        name: 'secrets',
+        description: 'Scan code for hardcoded secrets and sensitive data.\n\nDetects: API keys, tokens, passwords, private keys, connection strings.',
+      },
       args: {
-        path: { type: 'positional', description: 'Path to project directory', default: '.' },
-        output: { type: 'string', alias: 'o', description: 'Save report to file' },
-        webhook: { type: 'string', alias: 'w', description: 'Send results to webhook URL' },
-        'exit-code': { type: 'string', description: 'Exit code when secrets found', default: '1' },
+        path: {
+          type: 'positional',
+          description: 'Path to directory to scan',
+          default: '.',
+        },
+        output: {
+          type: 'string',
+          alias: 'o',
+          description: 'Save report to file (creates .json, .txt, .html)',
+        },
+        webhook: {
+          type: 'string',
+          alias: 'w',
+          description: 'Send results to webhook URL',
+        },
+        'exit-code': {
+          type: 'string',
+          description: 'Exit code when secrets found',
+          default: '1',
+        },
       },
       async run({ args }) {
-        console.log('━'.repeat(50));
-        console.log('  TC-Secure Secrets Scanner');
-        console.log('━'.repeat(50));
-        console.log();
-
-        const result = await scanFilesystem(args.path, {
-          output: args.output,
-          exitCode: args['exit-code'],
-          scanType: 'secret',
-        });
-
-        if (args.webhook && result.json) {
-          await sendWebhook(args.webhook, result.json, 'secrets');
+        printHeader('Secrets Scanner');
+
+        try {
+          const result = await scanFilesystem(args.path, {
+            output: args.output,
+            exitCode: args['exit-code'],
+            scanType: 'secret',
+          });
+
+          if (args.webhook && result.json) {
+            await sendWebhook(args.webhook, result.json, 'secrets');
+          }
+
+          process.exit(result.exitCode);
+        } catch (error) {
+          console.error(`\nError: ${error.message}`);
+          process.exit(1);
         }
-
-        process.exit(result.exitCode);
       },
     }),
   },
 });
 
+function printHeader(title) {
+  console.log();
+  console.log('━'.repeat(50));
+  console.log(`  TC-Secure ${title}`);
+  console.log('━'.repeat(50));
+  console.log();
+}
+
 runMain(main);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tc-scanner",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "CI security scanner for Dockerfiles, dependencies, and secrets using Trivy",
   "type": "module",
   "bin": {

package/.env

@@ -1 +0,0 @@
-NPM_TOKEN=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

package/reports/scan-report.html

@@ -1,61 +0,0 @@
-
-<!DOCTYPE html>
-<html>
-<head>
-  <style>
-    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; max-width: 800px; margin: 0 auto; padding: 20px; }
-    .header { background: #1e293b; color: white; padding: 20px; border-radius: 8px 8px 0 0; }
-    .content { border: 1px solid #e2e8f0; border-top: none; padding: 20px; border-radius: 0 0 8px 8px; }
-    .summary-grid { display: grid; grid-template-columns: repeat(4, 1fr); gap: 10px; margin: 20px 0; }
-    .stat { text-align: center; padding: 15px; border-radius: 8px; }
-    .stat-critical { background: #fef2f2; border: 1px solid #fecaca; }
-    .stat-high { background: #fff7ed; border: 1px solid #fed7aa; }
-    .stat-medium { background: #fefce8; border: 1px solid #fef08a; }
-    .stat-low { background: #eff6ff; border: 1px solid #bfdbfe; }
-    .stat-value { font-size: 24px; font-weight: bold; }
-    .issue { border-left: 4px solid; padding: 12px; margin: 10px 0; background: #f8fafc; }
-    .issue-critical { border-color: #dc2626; }
-    .issue-high { border-color: #ea580c; }
-    .issue-medium { border-color: #ca8a04; }
-    .issue-low { border-color: #2563eb; }
-    .badge { display: inline-block; padding: 2px 8px; border-radius: 4px; font-size: 12px; font-weight: 600; color: white; }
-    a { color: #2563eb; }
-  </style>
-</head>
-<body>
-  <div class="header">
-    <h1 style="margin: 0;">TC-Secure Scan Report</h1>
-    <p style="margin: 5px 0 0 0; opacity: 0.8;">Target: /Users/themba/Teamcoda/teamcoda/tc-secure/pentest/Dockerfile</p>
-    <p style="margin: 5px 0 0 0; opacity: 0.8;">Scan Time: 2026-02-02T00:06:36.733Z</p>
-  </div>
-  <div class="content">
-    <h2>Summary</h2>
-    <div class="summary-grid">
-      <div class="stat stat-critical">
-        <div class="stat-value" style="color: #dc2626">0</div>
-        <div>Critical</div>
-      </div>
-      <div class="stat stat-high">
-        <div class="stat-value" style="color: #ea580c">0</div>
-        <div>High</div>
-      </div>
-      <div class="stat stat-medium">
-        <div class="stat-value" style="color: #ca8a04">0</div>
-        <div>Medium</div>
-      </div>
-      <div class="stat stat-low">
-        <div class="stat-value" style="color: #2563eb">1</div>
-        <div>Low</div>
-      </div>
-    </div>
-<h2>Issues (1)</h2>
-      <div class="issue issue-low">
-        <span class="badge" style="background: #2563eb">LOW</span>
-        <strong>DS-0026</strong>
-        <p style="margin: 8px 0;">No HEALTHCHECK defined</p>
-        
-        <a href="https://avd.aquasec.com/misconfig/ds-0026" style="font-size: 14px;">View details →</a>
-      </div>
-  </div>
-</body>
-</html>

package/reports/scan-report.json

@@ -1,21 +0,0 @@
-{
-  "target": "/Users/themba/Teamcoda/teamcoda/tc-secure/pentest/Dockerfile",
-  "scanTime": "2026-02-02T00:06:36.733Z",
-  "totalIssues": 1,
-  "bySeverity": {
-    "CRITICAL": 0,
-    "HIGH": 0,
-    "MEDIUM": 0,
-    "LOW": 1
-  },
-  "issues": [
-    {
-      "id": "DS-0026",
-      "severity": "LOW",
-      "title": "No HEALTHCHECK defined",
-      "description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
-      "resolution": "Add HEALTHCHECK instruction in Dockerfile",
-      "url": "https://avd.aquasec.com/misconfig/ds-0026"
-    }
-  ]
-}

package/reports/scan-report.txt

@@ -1,20 +0,0 @@
-
-TC-SECURE SCAN REPORT
-=====================
-Target: /Users/themba/Teamcoda/teamcoda/tc-secure/pentest/Dockerfile
-Scan Time: 2026-02-02T00:06:36.733Z
-
-SUMMARY
--------
-Total Issues: 1
-  CRITICAL: 0
-  HIGH: 0
-  MEDIUM: 0
-  LOW: 1
-
-DETAILS
--------
-
-[LOW] DS-0026
-  No HEALTHCHECK defined
-  More info: https://avd.aquasec.com/misconfig/ds-0026