vaspera 2.7.0 → 2.9.0

package/dist/evidence/types.d.ts

@@ -0,0 +1,175 @@
+/**
+ * Evidence Collection Types
+ *
+ * Types for collecting and packaging audit evidence for compliance.
+ *
+ * @module evidence/types
+ */
+import type { ComplianceFramework } from "../compliance/types.js";
+/**
+ * Evidence artifact type
+ */
+export type EvidenceArtifactType = "scan_result" | "compliance_report" | "config_file" | "sbom" | "history_snapshot" | "verification_result" | "certification_result";
+/**
+ * Individual evidence artifact
+ */
+export interface EvidenceArtifact {
+    /** Artifact type */
+    type: EvidenceArtifactType;
+    /** Human-readable name */
+    name: string;
+    /** Description of what this artifact contains */
+    description: string;
+    /** SHA-256 hash of the artifact content */
+    contentDigest: string;
+    /** Size in bytes */
+    sizeBytes: number;
+    /** When the artifact was collected */
+    collectedAt: string;
+    /** Source path (if file-based) */
+    sourcePath?: string;
+    /** Inline content (for small artifacts) or path to stored file */
+    content?: string;
+    /** Path to stored artifact file (for large artifacts) */
+    storedPath?: string;
+}
+/**
+ * CI environment metadata
+ */
+export interface CIEnvironment {
+    /** CI provider (github, gitlab, jenkins, etc.) */
+    provider: string;
+    /** Build/workflow ID */
+    buildId: string;
+    /** Git commit SHA */
+    commitSha: string;
+    /** Git branch or tag */
+    ref?: string;
+    /** Actor/user who triggered the build */
+    actor?: string;
+    /** Run number/ID */
+    runId?: string;
+    /** Repository information */
+    repository?: {
+        owner: string;
+        name: string;
+        url: string;
+    };
+    /** Pull request information if applicable */
+    pullRequest?: {
+        number: number;
+        title?: string;
+        url?: string;
+    };
+}
+/**
+ * Runtime environment metadata
+ */
+export interface RuntimeEnvironment {
+    /** Operating system */
+    os: string;
+    /** OS version */
+    osVersion: string;
+    /** Node.js version */
+    nodeVersion: string;
+    /** Vaspera version */
+    vasperaVersion: string;
+    /** Hostname (sanitized for privacy) */
+    hostname?: string;
+    /** CI environment if running in CI */
+    ci?: CIEnvironment;
+    /** Timestamp when environment was captured */
+    capturedAt: string;
+}
+/**
+ * Evidence bundle
+ */
+export interface EvidenceBundle {
+    /** Unique bundle ID */
+    id: string;
+    /** Associated certification ID */
+    certificationId?: string;
+    /** When the bundle was created */
+    createdAt: string;
+    /** Project path */
+    projectPath: string;
+    /** Compliance frameworks this evidence supports */
+    frameworks: ComplianceFramework[];
+    /** Runtime environment metadata */
+    environment: RuntimeEnvironment;
+    /** Collected artifacts */
+    artifacts: EvidenceArtifact[];
+    /** Overall bundle digest (SHA-256 of all artifact digests) */
+    bundleDigest: string;
+    /** Sigstore signature of the bundle */
+    signature?: {
+        /** Base64-encoded signature */
+        value: string;
+        /** Signing certificate (Base64 PEM) */
+        certificate?: string;
+        /** Rekor transparency log index */
+        rekorLogIndex?: number;
+        /** Rekor log ID */
+        rekorLogId?: string;
+    };
+    /** Bundle metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Options for collecting evidence
+ */
+export interface CollectEvidenceOptions {
+    /** Project path to collect evidence from */
+    projectPath: string;
+    /** Certification ID to associate with */
+    certificationId?: string;
+    /** Compliance frameworks to include reports for */
+    frameworks?: ComplianceFramework[];
+    /** Include SBOM */
+    includeSbom?: boolean;
+    /** Include history snapshot */
+    includeHistory?: boolean;
+    /** Include scan results */
+    includeScanResults?: boolean;
+    /** Include config files (.vaspera/config.json, etc.) */
+    includeConfig?: boolean;
+    /** Sign the bundle with Sigstore */
+    sign?: boolean;
+    /** Maximum artifact size to inline (larger artifacts are stored) */
+    maxInlineSize?: number;
+}
+/**
+ * Evidence collection result
+ */
+export interface CollectEvidenceResult {
+    /** Whether collection succeeded */
+    success: boolean;
+    /** The collected evidence bundle */
+    bundle?: EvidenceBundle;
+    /** Error message if failed */
+    error?: string;
+    /** Warnings encountered during collection */
+    warnings: string[];
+    /** Path where bundle was stored */
+    storedPath?: string;
+}
+/**
+ * Evidence verification result
+ */
+export interface VerifyEvidenceResult {
+    /** Whether verification succeeded */
+    verified: boolean;
+    /** Bundle ID verified */
+    bundleId: string;
+    /** Whether all artifact digests match */
+    artifactsIntact: boolean;
+    /** Whether signature is valid (if present) */
+    signatureValid?: boolean;
+    /** List of artifacts that failed verification */
+    failedArtifacts: string[];
+    /** Verification timestamp */
+    verifiedAt: string;
+    /** Error message if verification failed */
+    error?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/evidence/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/evidence/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAElE;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAC5B,aAAa,GACb,mBAAmB,GACnB,aAAa,GACb,MAAM,GACN,kBAAkB,GAClB,qBAAqB,GACrB,sBAAsB,CAAC;AAE3B;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB;IACpB,IAAI,EAAE,oBAAoB,CAAC;IAE3B,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IAEb,iDAAiD;IACjD,WAAW,EAAE,MAAM,CAAC;IAEpB,2CAA2C;IAC3C,aAAa,EAAE,MAAM,CAAC;IAEtB,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAElB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IAEpB,kCAAkC;IAClC,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;IAEjB,wBAAwB;IACxB,OAAO,EAAE,MAAM,CAAC;IAEhB,qBAAqB;IACrB,SAAS,EAAE,MAAM,CAAC;IAElB,wBAAwB;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,oBAAoB;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,6BAA6B;IAC7B,UAAU,CAAC,EAAE;QACX,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IAEF,6CAA6C;IAC7C,WAAW,CAAC,EAAE;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,uBAAuB;IACvB,EAAE,EAAE,MAAM,CAAC;IAEX,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAElB,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IAEpB,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAC;IAEvB,uCAAuC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,sCAAsC;IACtC,EAAE,CAAC,EAAE,aAAa,CAAC;IAEnB,8CAA8C;IAC9C,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,uBAAuB;IACvB,EAAE,EAAE,MAAM,CAAC;IAEX,kCAAkC;IAClC,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;IAElB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IAEpB,mDAAmD;IACnD,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAElC,mCAAmC;IACnC,WAAW,EAAE,kBAAkB,CAAC;IAEhC,0BAA0B;IAC1B,SAAS,EAAE,gBAAgB,EAAE,CAAC;IAE9B,8DAA8D;IAC9D,YAAY,EAAE,MAAM,CAAC;IAErB,uCAAuC;IACvC,SAAS,CAAC,EAAE;QACV,+BAA+B;QAC/B,KAAK,EAAE,MAAM,CAAC;QAEd,uCAAuC;QACvC,WAAW,CAAC,EAAE,MAAM,CAAC;QAErB,mCAAmC;QACnC,aAAa,CAAC,EAAE,MAAM,CAAC;QAEvB,mBAAmB;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IAEF,sBAAsB;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,yCAAyC;IACzC,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB,mDAAmD;IACnD,UAAU,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAEnC,mBAAmB;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,+BAA+B;IAC/B,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,2BAA2B;IAC3B,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B,wDAAwD;IACxD,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,oCAAoC;IACpC,IAAI,CAAC,EAAE,OAAO,CAAC;IAEf,oEAAoE;IACpE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,MAAM,CAAC,EAAE,cAAc,CAAC;IAExB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,EAAE,CAAC;IAEnB,mCAAmC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,qCAAqC;IACrC,QAAQ,EAAE,OAAO,CAAC;IAElB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IAEjB,yCAAyC;IACzC,eAAe,EAAE,OAAO,CAAC;IAEzB,8CAA8C;IAC9C,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,iDAAiD;IACjD,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IAEnB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB"}

package/dist/evidence/types.js

@@ -0,0 +1,9 @@
+/**
+ * Evidence Collection Types
+ *
+ * Types for collecting and packaging audit evidence for compliance.
+ *
+ * @module evidence/types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/evidence/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/evidence/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}

package/dist/exporters/checkmarx.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Checkmarx Exporter
+ *
+ * Exports findings to Checkmarx XML format.
+ *
+ * @module exporters/checkmarx
+ */
+import type { Certification } from "../certification/types.js";
+import type { ExportOptions, ExportResult, Exporter } from "./types.js";
+/**
+ * Export certification to Checkmarx format
+ */
+export declare function exportToCheckmarx(certification: Certification, options?: ExportOptions): Promise<ExportResult>;
+/**
+ * Checkmarx exporter instance
+ */
+export declare const checkmarxExporter: Exporter;
+//# sourceMappingURL=checkmarx.d.ts.map

package/dist/exporters/checkmarx.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkmarx.d.ts","sourceRoot":"","sources":["../../src/exporters/checkmarx.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAqB,MAAM,2BAA2B,CAAC;AAClF,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,QAAQ,EAGT,MAAM,YAAY,CAAC;AA+JpB;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,aAAa,EAAE,aAAa,EAC5B,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC,CAgDvB;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,QAG/B,CAAC"}

package/dist/exporters/checkmarx.js

@@ -0,0 +1,203 @@
+/**
+ * Checkmarx Exporter
+ *
+ * Exports findings to Checkmarx XML format.
+ *
+ * @module exporters/checkmarx
+ */
+import { writeFile } from "fs/promises";
+import { createHash } from "crypto";
+/**
+ * Map Vaspera severity to Checkmarx severity
+ */
+const SEVERITY_MAP = {
+    critical: "High",
+    high: "High",
+    medium: "Medium",
+    low: "Low",
+    info: "Information",
+};
+/**
+ * Map confidence to Checkmarx state
+ */
+function confidenceToState(confidence) {
+    if (confidence >= 90)
+        return "Confirmed";
+    if (confidence >= 70)
+        return "Urgent";
+    return "To Verify";
+}
+/**
+ * Generate a result hash
+ */
+function generateHash(finding) {
+    const hashInput = `${finding.file || "unknown"}:${finding.line || 0}:${finding.category}:${finding.description.slice(0, 100)}`;
+    return createHash("md5").update(hashInput).digest("hex").slice(0, 16);
+}
+/**
+ * Convert a finding to Checkmarx result
+ */
+function findingToResult(finding, projectRoot) {
+    let sourceFile = finding.file || "unknown";
+    if (projectRoot && sourceFile.startsWith(projectRoot)) {
+        sourceFile = sourceFile.slice(projectRoot.length).replace(/^\//, "");
+    }
+    return {
+        queryId: finding.scanner_rule_id || `vaspera-${finding.category}`,
+        queryName: finding.category.charAt(0).toUpperCase() + finding.category.slice(1).replace(/-/g, " "),
+        queryGroup: getCategoryGroup(finding.category),
+        cweId: finding.cwe_ids?.[0],
+        severity: SEVERITY_MAP[finding.severity],
+        state: confidenceToState(finding.confidence),
+        sourceFile,
+        sourceLine: finding.line || 1,
+        sourceObject: extractObjectName(finding.evidence || finding.description),
+        resultHash: generateHash(finding),
+        detectionDate: finding.created_at || new Date().toISOString(),
+        comment: finding.evidence,
+    };
+}
+/**
+ * Get category group for Checkmarx
+ */
+function getCategoryGroup(category) {
+    const groups = {
+        injection: "Input Validation",
+        xss: "Input Validation",
+        authentication: "Authentication",
+        authorization: "Authorization",
+        cryptography: "Cryptography",
+        secrets: "Sensitive Data",
+        "api-security": "API Security",
+        "error-handling": "Error Handling",
+        "type-safety": "Type Safety",
+        "null-safety": "Null Safety",
+        logging: "Logging",
+        performance: "Performance",
+        "code-quality": "Code Quality",
+    };
+    for (const [key, group] of Object.entries(groups)) {
+        if (category.toLowerCase().includes(key)) {
+            return group;
+        }
+    }
+    return "General";
+}
+/**
+ * Extract object name from code snippet or description
+ */
+function extractObjectName(text) {
+    // Try to find function name
+    const funcMatch = text.match(/function\s+(\w+)/);
+    if (funcMatch)
+        return funcMatch[1];
+    // Try to find variable name
+    const varMatch = text.match(/(?:const|let|var)\s+(\w+)/);
+    if (varMatch)
+        return varMatch[1];
+    // Try to find class/method
+    const classMatch = text.match(/(?:class|interface)\s+(\w+)/);
+    if (classMatch)
+        return classMatch[1];
+    return "unknown";
+}
+/**
+ * Convert report to XML string
+ */
+function toXml(report) {
+    const escapeXml = (str) => str
+        .replace(/&/g, "&")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&apos;");
+    const lines = [
+        '<?xml version="1.0" encoding="UTF-8"?>',
+        "<CxXMLResults>",
+        `  <ProjectName>${escapeXml(report.projectName)}</ProjectName>`,
+        `  <ProjectId>${escapeXml(report.projectId)}</ProjectId>`,
+        `  <ScanId>${escapeXml(report.scanId)}</ScanId>`,
+        `  <ScanDate>${escapeXml(report.scanDate)}</ScanDate>`,
+        `  <ScanStatus>${escapeXml(report.scanStatus)}</ScanStatus>`,
+        `  <ResultsCount>${report.resultsCount}</ResultsCount>`,
+        "  <Results>",
+    ];
+    for (const result of report.results) {
+        lines.push("    <Result>");
+        lines.push(`      <QueryId>${escapeXml(result.queryId)}</QueryId>`);
+        lines.push(`      <QueryName>${escapeXml(result.queryName)}</QueryName>`);
+        lines.push(`      <QueryGroup>${escapeXml(result.queryGroup)}</QueryGroup>`);
+        if (result.cweId) {
+            lines.push(`      <CweId>${escapeXml(result.cweId)}</CweId>`);
+        }
+        lines.push(`      <Severity>${escapeXml(result.severity)}</Severity>`);
+        lines.push(`      <State>${escapeXml(result.state)}</State>`);
+        lines.push(`      <SourceFile>${escapeXml(result.sourceFile)}</SourceFile>`);
+        lines.push(`      <SourceLine>${result.sourceLine}</SourceLine>`);
+        lines.push(`      <SourceObject>${escapeXml(result.sourceObject)}</SourceObject>`);
+        if (result.destFile) {
+            lines.push(`      <DestFile>${escapeXml(result.destFile)}</DestFile>`);
+            lines.push(`      <DestLine>${result.destLine || 0}</DestLine>`);
+            lines.push(`      <DestObject>${escapeXml(result.destObject || "")}</DestObject>`);
+        }
+        lines.push(`      <ResultHash>${escapeXml(result.resultHash)}</ResultHash>`);
+        lines.push(`      <DetectionDate>${escapeXml(result.detectionDate)}</DetectionDate>`);
+        if (result.comment) {
+            lines.push(`      <Comment>${escapeXml(result.comment)}</Comment>`);
+        }
+        lines.push("    </Result>");
+    }
+    lines.push("  </Results>");
+    lines.push("</CxXMLResults>");
+    return lines.join("\n");
+}
+/**
+ * Export certification to Checkmarx format
+ */
+export async function exportToCheckmarx(certification, options = {}) {
+    const { outputPath, minSeverity = "info", projectRoot, includeResolved = false } = options;
+    const severityOrder = ["critical", "high", "medium", "low", "info"];
+    const minIndex = severityOrder.indexOf(minSeverity);
+    // Collect all findings
+    const allFindings = [];
+    for (const [, agentData] of Object.entries(certification.agents)) {
+        if (agentData?.findings) {
+            allFindings.push(...agentData.findings);
+        }
+    }
+    // Filter by severity
+    const filteredFindings = allFindings.filter((f) => {
+        const sevIndex = severityOrder.indexOf(f.severity);
+        return sevIndex <= minIndex;
+    });
+    // Convert to Checkmarx format
+    const results = filteredFindings.map((f) => findingToResult(f, projectRoot));
+    const report = {
+        projectName: certification.metadata.project_name,
+        projectId: certification.metadata.id,
+        scanId: certification.metadata.id,
+        scanDate: certification.metadata.started_at,
+        scanStatus: certification.metadata.status === "completed" ? "Finished" : "In Progress",
+        resultsCount: results.length,
+        results,
+    };
+    const content = toXml(report);
+    // Write to file if path provided
+    if (outputPath) {
+        await writeFile(outputPath, content, "utf-8");
+    }
+    return {
+        format: "checkmarx",
+        outputPath,
+        findingsExported: results.length,
+        content,
+    };
+}
+/**
+ * Checkmarx exporter instance
+ */
+export const checkmarxExporter = {
+    format: "checkmarx",
+    export: exportToCheckmarx,
+};
+//# sourceMappingURL=checkmarx.js.map

package/dist/exporters/checkmarx.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkmarx.js","sourceRoot":"","sources":["../../src/exporters/checkmarx.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAUpC;;GAEG;AACH,MAAM,YAAY,GAAkD;IAClE,QAAQ,EAAE,MAAM;IAChB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,aAAa;CACpB,CAAC;AAEF;;GAEG;AACH,SAAS,iBAAiB,CAAC,UAAkB;IAC3C,IAAI,UAAU,IAAI,EAAE;QAAE,OAAO,WAAW,CAAC;IACzC,IAAI,UAAU,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IACtC,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,OAAgB;IACpC,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,IAAI,IAAI,SAAS,IAAI,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IAC/H,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,OAAgB,EAAE,WAAoB;IAC7D,IAAI,UAAU,GAAG,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;IAC3C,IAAI,WAAW,IAAI,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACtD,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,eAAe,IAAI,WAAW,OAAO,CAAC,QAAQ,EAAE;QACjE,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;QAClG,UAAU,EAAE,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC;QAC9C,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC3B,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC;QACxC,KAAK,EAAE,iBAAiB,CAAC,OAAO,CAAC,UAAU,CAAC;QAC5C,UAAU;QACV,UAAU,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC;QAC7B,YAAY,EAAE,iBAAiB,CAAC,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,CAAC;QACxE,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC;QACjC,aAAa,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC7D,OAAO,EAAE,OAAO,CAAC,QAAQ;KAC1B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,MAAM,GAA2B;QACrC,SAAS,EAAE,kBAAkB;QAC7B,GAAG,EAAE,kBAAkB;QACvB,cAAc,EAAE,gBAAgB;QAChC,aAAa,EAAE,eAAe;QAC9B,YAAY,EAAE,cAAc;QAC5B,OAAO,EAAE,gBAAgB;QACzB,cAAc,EAAE,cAAc;QAC9B,gBAAgB,EAAE,gBAAgB;QAClC,aAAa,EAAE,aAAa;QAC5B,aAAa,EAAE,aAAa;QAC5B,OAAO,EAAE,SAAS;QAClB,WAAW,EAAE,aAAa;QAC1B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACzC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAY;IACrC,4BAA4B;IAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACjD,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IAEnC,4BAA4B;IAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;IACzD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;IAEjC,2BAA2B;IAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;IAC7D,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;IAErC,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,KAAK,CAAC,MAAuB;IACpC,MAAM,SAAS,GAAG,CAAC,GAAW,EAAU,EAAE,CACxC,GAAG;SACA,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAE7B,MAAM,KAAK,GAAa;QACtB,wCAAwC;QACxC,gBAAgB;QAChB,kBAAkB,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,gBAAgB;QAC/D,gBAAgB,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc;QACzD,aAAa,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW;QAChD,eAAe,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa;QACtD,iBAAiB,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,eAAe;QAC5D,mBAAmB,MAAM,CAAC,YAAY,iBAAiB;QACvD,aAAa;KACd,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,kBAAkB,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACpE,KAAK,CAAC,IAAI,CAAC,oBAAoB,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAC1E,KAAK,CAAC,IAAI,CAAC,qBAAqB,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAC7E,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChE,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,mBAAmB,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvE,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC9D,KAAK,CAAC,IAAI,CAAC,qBAAqB,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAC7E,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,UAAU,eAAe,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,uBAAuB,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC;QACnF,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CAAC,mBAAmB,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YACvE,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,QAAQ,IAAI,CAAC,aAAa,CAAC,CAAC;YACjE,KAAK,CAAC,IAAI,CAAC,qBAAqB,SAAS,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,eAAe,CAAC,CAAC;QACrF,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,qBAAqB,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAC7E,KAAK,CAAC,IAAI,CAAC,wBAAwB,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QACtF,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,kBAAkB,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACtE,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAE9B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,aAA4B,EAC5B,UAAyB,EAAE;IAE3B,MAAM,EAAE,UAAU,EAAE,WAAW,GAAG,MAAM,EAAE,WAAW,EAAE,eAAe,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAE3F,MAAM,aAAa,GAAe,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAChF,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAEpD,uBAAuB;IACvB,MAAM,WAAW,GAAc,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QACjE,IAAI,SAAS,EAAE,QAAQ,EAAE,CAAC;YACxB,WAAW,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAChD,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACnD,OAAO,QAAQ,IAAI,QAAQ,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,8BAA8B;IAC9B,MAAM,OAAO,GAAsB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5D,eAAe,CAAC,CAAC,EAAE,WAAW,CAAC,CAChC,CAAC;IAEF,MAAM,MAAM,GAAoB;QAC9B,WAAW,EAAE,aAAa,CAAC,QAAQ,CAAC,YAAY;QAChD,SAAS,EAAE,aAAa,CAAC,QAAQ,CAAC,EAAE;QACpC,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,EAAE;QACjC,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC,UAAU;QAC3C,UAAU,EAAE,aAAa,CAAC,QAAQ,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,aAAa;QACtF,YAAY,EAAE,OAAO,CAAC,MAAM;QAC5B,OAAO;KACR,CAAC;IAEF,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAE9B,iCAAiC;IACjC,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,UAAU;QACV,gBAAgB,EAAE,OAAO,CAAC,MAAM;QAChC,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAa;IACzC,MAAM,EAAE,WAAW;IACnB,MAAM,EAAE,iBAAiB;CAC1B,CAAC"}

package/dist/exporters/index.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Exporters Module
+ *
+ * Exports findings to various security tool formats.
+ *
+ * @module exporters
+ */
+export type { ExportFormat, ExportOptions, ExportResult, Exporter, SonarQubeReport, SonarQubeIssue, SnykReport, SnykVulnerability, CheckmarxReport, CheckmarxResult, } from "./types.js";
+export { exportToSonarQube, sonarqubeExporter, } from "./sonarqube.js";
+export { exportToSnyk, snykExporter, } from "./snyk.js";
+export { exportToCheckmarx, checkmarxExporter, } from "./checkmarx.js";
+import type { Certification } from "../certification/types.js";
+import type { ExportFormat, ExportOptions, ExportResult } from "./types.js";
+/**
+ * Export certification to specified format
+ */
+export declare function exportCertification(certification: Certification, format: ExportFormat, options?: ExportOptions): Promise<ExportResult>;
+/**
+ * Get all supported export formats
+ */
+export declare function getSupportedFormats(): ExportFormat[];
+//# sourceMappingURL=index.d.ts.map

package/dist/exporters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/exporters/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,cAAc,EACd,UAAU,EACV,iBAAiB,EACjB,eAAe,EACf,eAAe,GAChB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,YAAY,EACZ,YAAY,GACb,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAExB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAK5E;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,aAAa,EAC5B,MAAM,EAAE,YAAY,EACpB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC,CAcvB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,YAAY,EAAE,CAEpD"}

package/dist/exporters/index.js

@@ -0,0 +1,41 @@
+/**
+ * Exporters Module
+ *
+ * Exports findings to various security tool formats.
+ *
+ * @module exporters
+ */
+// SonarQube
+export { exportToSonarQube, sonarqubeExporter, } from "./sonarqube.js";
+// Snyk
+export { exportToSnyk, snykExporter, } from "./snyk.js";
+// Checkmarx
+export { exportToCheckmarx, checkmarxExporter, } from "./checkmarx.js";
+import { exportToSonarQube } from "./sonarqube.js";
+import { exportToSnyk } from "./snyk.js";
+import { exportToCheckmarx } from "./checkmarx.js";
+/**
+ * Export certification to specified format
+ */
+export async function exportCertification(certification, format, options = {}) {
+    switch (format) {
+        case "sonarqube":
+            return exportToSonarQube(certification, options);
+        case "snyk":
+            return exportToSnyk(certification, options);
+        case "checkmarx":
+            return exportToCheckmarx(certification, options);
+        case "sarif":
+            // SARIF is handled by the existing certification/sarif.ts module
+            throw new Error("SARIF export is handled by certification_sarif tool");
+        default:
+            throw new Error(`Unsupported export format: ${format}`);
+    }
+}
+/**
+ * Get all supported export formats
+ */
+export function getSupportedFormats() {
+    return ["sarif", "sonarqube", "snyk", "checkmarx"];
+}
+//# sourceMappingURL=index.js.map

package/dist/exporters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/exporters/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAgBH,YAAY;AACZ,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAExB,OAAO;AACP,OAAO,EACL,YAAY,EACZ,YAAY,GACb,MAAM,WAAW,CAAC;AAEnB,YAAY;AACZ,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAIxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAEnD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,aAA4B,EAC5B,MAAoB,EACpB,UAAyB,EAAE;IAE3B,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,WAAW;YACd,OAAO,iBAAiB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACnD,KAAK,MAAM;YACT,OAAO,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC9C,KAAK,WAAW;YACd,OAAO,iBAAiB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACnD,KAAK,OAAO;YACV,iEAAiE;YACjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE;YACE,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;AACrD,CAAC"}

package/dist/exporters/snyk.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Snyk Exporter
+ *
+ * Exports findings to Snyk JSON format.
+ *
+ * @module exporters/snyk
+ */
+import type { Certification } from "../certification/types.js";
+import type { ExportOptions, ExportResult, Exporter } from "./types.js";
+/**
+ * Export certification to Snyk format
+ */
+export declare function exportToSnyk(certification: Certification, options?: ExportOptions): Promise<ExportResult>;
+/**
+ * Snyk exporter instance
+ */
+export declare const snykExporter: Exporter;
+//# sourceMappingURL=snyk.d.ts.map

package/dist/exporters/snyk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"snyk.d.ts","sourceRoot":"","sources":["../../src/exporters/snyk.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAqB,MAAM,2BAA2B,CAAC;AAClF,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,QAAQ,EAGT,MAAM,YAAY,CAAC;AA4DpB;;GAEG;AACH,wBAAsB,YAAY,CAChC,aAAa,EAAE,aAAa,EAC5B,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC,CA0DvB;AAED;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,QAG1B,CAAC"}

package/dist/exporters/snyk.js

@@ -0,0 +1,119 @@
+/**
+ * Snyk Exporter
+ *
+ * Exports findings to Snyk JSON format.
+ *
+ * @module exporters/snyk
+ */
+import { writeFile } from "fs/promises";
+/**
+ * Map Vaspera severity to Snyk severity
+ */
+const SEVERITY_MAP = {
+    critical: "critical",
+    high: "high",
+    medium: "medium",
+    low: "low",
+    info: "low", // Snyk doesn't have "info", map to low
+};
+/**
+ * Generate a unique vulnerability ID
+ */
+function generateVulnId(finding) {
+    const prefix = finding.scanner_rule_id ? finding.scanner_rule_id.toUpperCase().replace(/[^A-Z0-9]/g, "-") : "VASPERA";
+    return `${prefix}-${finding.id}`;
+}
+/**
+ * Convert a finding to Snyk vulnerability
+ */
+function findingToVulnerability(finding) {
+    const vuln = {
+        id: generateVulnId(finding),
+        title: finding.category.charAt(0).toUpperCase() + finding.category.slice(1).replace(/-/g, " "),
+        description: finding.description,
+        severity: SEVERITY_MAP[finding.severity],
+        identifiers: {},
+        from: [finding.file || "unknown"],
+        isPatchable: false,
+        isUpgradable: false,
+    };
+    // Add CWE IDs if available
+    if (finding.cwe_ids && finding.cwe_ids.length > 0) {
+        vuln.identifiers.CWE = finding.cwe_ids;
+    }
+    // Add CVE IDs if available
+    if (finding.cve_ids && finding.cve_ids.length > 0) {
+        vuln.identifiers.CVE = finding.cve_ids;
+    }
+    // Add line info to description
+    if (finding.line) {
+        vuln.description = `[Line ${finding.line}] ${vuln.description}`;
+    }
+    // Map evidence if available (remediation stored in description)
+    if (finding.evidence) {
+        vuln.upgradePath = [finding.evidence];
+        vuln.isUpgradable = true;
+    }
+    return vuln;
+}
+/**
+ * Export certification to Snyk format
+ */
+export async function exportToSnyk(certification, options = {}) {
+    const { outputPath, minSeverity = "info", includeResolved = false } = options;
+    const severityOrder = ["critical", "high", "medium", "low", "info"];
+    const minIndex = severityOrder.indexOf(minSeverity);
+    // Collect all findings
+    const allFindings = [];
+    for (const [, agentData] of Object.entries(certification.agents)) {
+        if (agentData?.findings) {
+            allFindings.push(...agentData.findings);
+        }
+    }
+    // Filter by severity
+    const filteredFindings = allFindings.filter((f) => {
+        const sevIndex = severityOrder.indexOf(f.severity);
+        return sevIndex <= minIndex;
+    });
+    // Convert to Snyk format
+    const vulnerabilities = filteredFindings.map(findingToVulnerability);
+    // Count by severity
+    const bySeverity = {
+        critical: vulnerabilities.filter((v) => v.severity === "critical").length,
+        high: vulnerabilities.filter((v) => v.severity === "high").length,
+        medium: vulnerabilities.filter((v) => v.severity === "medium").length,
+        low: vulnerabilities.filter((v) => v.severity === "low").length,
+    };
+    const report = {
+        ok: vulnerabilities.length === 0,
+        vulnerabilities,
+        dependencyCount: 0,
+        org: "vaspera",
+        policy: "",
+        isPrivate: true,
+        licensesPolicy: {},
+        packageManager: "unknown",
+        projectName: certification.metadata.project_name,
+        summary: `Found ${vulnerabilities.length} issues (${bySeverity.critical} critical, ${bySeverity.high} high, ${bySeverity.medium} medium, ${bySeverity.low} low)`,
+        filesystemPolicy: false,
+    };
+    const content = JSON.stringify(report, null, 2);
+    // Write to file if path provided
+    if (outputPath) {
+        await writeFile(outputPath, content, "utf-8");
+    }
+    return {
+        format: "snyk",
+        outputPath,
+        findingsExported: vulnerabilities.length,
+        content,
+    };
+}
+/**
+ * Snyk exporter instance
+ */
+export const snykExporter = {
+    format: "snyk",
+    export: exportToSnyk,
+};
+//# sourceMappingURL=snyk.js.map

package/dist/exporters/snyk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"snyk.js","sourceRoot":"","sources":["../../src/exporters/snyk.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAUxC;;GAEG;AACH,MAAM,YAAY,GAAoD;IACpE,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,KAAK,EAAE,uCAAuC;CACrD,CAAC;AAEF;;GAEG;AACH,SAAS,cAAc,CAAC,OAAgB;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtH,OAAO,GAAG,MAAM,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,OAAgB;IAC9C,MAAM,IAAI,GAAsB;QAC9B,EAAE,EAAE,cAAc,CAAC,OAAO,CAAC;QAC3B,KAAK,EAAE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;QAC9F,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC;QACxC,WAAW,EAAE,EAAE;QACf,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;QACjC,WAAW,EAAE,KAAK;QAClB,YAAY,EAAE,KAAK;KACpB,CAAC;IAEF,2BAA2B;IAC3B,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,IAAI,CAAC,WAAY,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC;IAC1C,CAAC;IAED,2BAA2B;IAC3B,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,IAAI,CAAC,WAAY,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC;IAC1C,CAAC;IAED,+BAA+B;IAC/B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC,WAAW,GAAG,SAAS,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;IAClE,CAAC;IAED,gEAAgE;IAChE,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,aAA4B,EAC5B,UAAyB,EAAE;IAE3B,MAAM,EAAE,UAAU,EAAE,WAAW,GAAG,MAAM,EAAE,eAAe,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAE9E,MAAM,aAAa,GAAe,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAChF,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAEpD,uBAAuB;IACvB,MAAM,WAAW,GAAc,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QACjE,IAAI,SAAS,EAAE,QAAQ,EAAE,CAAC;YACxB,WAAW,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAChD,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACnD,OAAO,QAAQ,IAAI,QAAQ,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,yBAAyB;IACzB,MAAM,eAAe,GAAwB,gBAAgB,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE1F,oBAAoB;IACpB,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QACzE,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QACjE,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QACrE,GAAG,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;KAChE,CAAC;IAEF,MAAM,MAAM,GAAe;QACzB,EAAE,EAAE,eAAe,CAAC,MAAM,KAAK,CAAC;QAChC,eAAe;QACf,eAAe,EAAE,CAAC;QAClB,GAAG,EAAE,SAAS;QACd,MAAM,EAAE,EAAE;QACV,SAAS,EAAE,IAAI;QACf,cAAc,EAAE,EAAE;QAClB,cAAc,EAAE,SAAS;QACzB,WAAW,EAAE,aAAa,CAAC,QAAQ,CAAC,YAAY;QAChD,OAAO,EAAE,SAAS,eAAe,CAAC,MAAM,YAAY,UAAU,CAAC,QAAQ,cAAc,UAAU,CAAC,IAAI,UAAU,UAAU,CAAC,MAAM,YAAY,UAAU,CAAC,GAAG,OAAO;QAChK,gBAAgB,EAAE,KAAK;KACxB,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAEhD,iCAAiC;IACjC,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,OAAO;QACL,MAAM,EAAE,MAAM;QACd,UAAU;QACV,gBAAgB,EAAE,eAAe,CAAC,MAAM;QACxC,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAa;IACpC,MAAM,EAAE,MAAM;IACd,MAAM,EAAE,YAAY;CACrB,CAAC"}