veracarto 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -59
- package/dist/cli/index.js +1937 -1800
- package/dist/cli/index.js.map +4 -4
- package/package.json +8 -6
- package/setup.sh +68 -0
package/README.md
CHANGED
|
@@ -1,76 +1,50 @@
|
|
|
1
|
-
#
|
|
1
|
+
# Veracarto
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Ingests GCP and GitHub security findings, traces them to your running
|
|
4
|
+
infrastructure, and surfaces the few that are actually exploitable.
|
|
4
5
|
|
|
5
|
-
##
|
|
6
|
-
|
|
7
|
-
- **Server** -- Express API + background agent loops. Deployed to Railway (or any Node.js host).
|
|
8
|
-
- **CLI** -- Ink-based terminal UI. Published to npm as `vcarto`. Connects to the server over HTTPS.
|
|
9
|
-
|
|
10
|
-
## Quick start
|
|
11
|
-
|
|
12
|
-
### 1. Deploy the server
|
|
13
|
-
|
|
14
|
-
[](https://railway.app/template)
|
|
15
|
-
|
|
16
|
-
Or manually:
|
|
6
|
+
## Setup (5 minutes)
|
|
17
7
|
|
|
8
|
+
### 1. Grant read-only access + enable APIs
|
|
18
9
|
```bash
|
|
19
|
-
|
|
20
|
-
cp .env.example .env # fill in ENCRYPTION_KEY + ANTHROPIC_API_KEY
|
|
21
|
-
npm install
|
|
22
|
-
npm run build:server
|
|
23
|
-
npm start
|
|
10
|
+
bash <(curl -s https://api.veracarto.com/setup.sh) YOUR_PROJECT_ID
|
|
24
11
|
```
|
|
25
12
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
13
|
+
### 2. Install
|
|
14
|
+
```bash
|
|
15
|
+
npm install -g veracarto
|
|
16
|
+
```
|
|
29
17
|
|
|
18
|
+
### 3. Initialize
|
|
30
19
|
```bash
|
|
31
|
-
|
|
32
|
-
veracarto
|
|
20
|
+
veracarto init
|
|
33
21
|
```
|
|
34
22
|
|
|
35
|
-
|
|
23
|
+
### 4. Install the GitHub App
|
|
24
|
+
https://github.com/apps/veracarto/installations/new
|
|
36
25
|
|
|
37
|
-
##
|
|
26
|
+
## What it does
|
|
38
27
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
| `DATABASE_PATH` | No | SQLite path (default: `./data/veracarto.db`) |
|
|
45
|
-
| `GITHUB_APP_ID` | No | GitHub App for Dependabot ingestion |
|
|
46
|
-
| `SLACK_CLIENT_ID` | No | Slack App for approval workflows |
|
|
28
|
+
- Ingests GCP SCC findings and GitHub Dependabot alerts
|
|
29
|
+
- Traces vulnerabilities to running Cloud Run services
|
|
30
|
+
- Surfaces only what's actually exploitable; filters the rest
|
|
31
|
+
- Sends gcloud fix commands to Slack; opens draft dependency PRs
|
|
32
|
+
- Read-only: never modifies your infrastructure
|
|
47
33
|
|
|
48
|
-
|
|
34
|
+
## Permissions (all read-only)
|
|
49
35
|
|
|
50
|
-
|
|
36
|
+
- `roles/securitycenter.findingsViewer`
|
|
37
|
+
- `roles/cloudasset.viewer`
|
|
38
|
+
- `roles/logging.viewer`
|
|
39
|
+
- `roles/run.viewer`
|
|
40
|
+
- `roles/cloudbuild.builds.viewer`
|
|
51
41
|
|
|
52
|
-
|
|
53
|
-
# Terminal 1 -- server
|
|
54
|
-
cp .env.example .env # fill in values
|
|
55
|
-
npm install
|
|
56
|
-
npm run dev:server
|
|
42
|
+
## Commands
|
|
57
43
|
|
|
58
|
-
# Terminal 2 -- CLI (watch mode)
|
|
59
|
-
npm run dev:cli
|
|
60
|
-
node dist/cli/index.js
|
|
61
44
|
```
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
| `npm run dev:cli` | Build CLI in watch mode |
|
|
69
|
-
| `npm run build` | Build both server and CLI |
|
|
70
|
-
| `npm run build:cli` | Build CLI only |
|
|
71
|
-
| `npm run build:server` | Build server only |
|
|
72
|
-
| `npm start` | Start the production server |
|
|
73
|
-
|
|
74
|
-
## License
|
|
75
|
-
|
|
76
|
-
MIT
|
|
45
|
+
veracarto TUI dashboard
|
|
46
|
+
veracarto logs Agent activity feed
|
|
47
|
+
veracarto mapping Deployment pipeline map
|
|
48
|
+
veracarto status Non-interactive status
|
|
49
|
+
veracarto integrations Connection health
|
|
50
|
+
```
|