verimu 0.0.6 → 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/cli.mjs +92 -7
  2. package/dist/cli.mjs.map +1 -1
  3. package/dist/index.cjs +2 -1
  4. package/dist/index.cjs.map +1 -1
  5. package/dist/index.d.cts +56 -55
  6. package/dist/index.d.ts +56 -55
  7. package/dist/index.mjs +2 -1
  8. package/dist/index.mjs.map +1 -1
  9. package/package.json +1 -1
package/dist/cli.mjs CHANGED
@@ -1654,20 +1654,21 @@ async function uploadToVerimu(report, config) {
1654
1654
  projectCreated: upsertRes.created,
1655
1655
  totalDependencies: scanRes.summary.total_dependencies,
1656
1656
  vulnerableDependencies: scanRes.summary.vulnerable_dependencies,
1657
- dashboardUrl: `https://app.verimu.com/dashboard/projects/${projectId}`
1657
+ dashboardUrl: `https://app.verimu.com/dashboard/projects/${projectId}`,
1658
+ scanResponse: scanRes
1658
1659
  };
1659
1660
  }
1660
1661
  function shouldFailCi(report, threshold) {
1661
- const severityOrder2 = {
1662
+ const severityOrder3 = {
1662
1663
  CRITICAL: 0,
1663
1664
  HIGH: 1,
1664
1665
  MEDIUM: 2,
1665
1666
  LOW: 3,
1666
1667
  UNKNOWN: 4
1667
1668
  };
1668
- const thresholdLevel = severityOrder2[threshold] ?? 4;
1669
+ const thresholdLevel = severityOrder3[threshold] ?? 4;
1669
1670
  return report.cveCheck.vulnerabilities.some(
1670
- (v) => severityOrder2[v.severity] <= thresholdLevel
1671
+ (v) => severityOrder3[v.severity] <= thresholdLevel
1671
1672
  );
1672
1673
  }
1673
1674
 
@@ -1693,6 +1694,92 @@ function logWarn(msg) {
1693
1694
  function logError(msg) {
1694
1695
  console.error(` \u2717 ${msg}`);
1695
1696
  }
1697
+ function renderPlatformScan(projectPath, result) {
1698
+ const lines = [];
1699
+ const vulns = result.scanResponse.scan_results.flatMap(
1700
+ (scanResult) => scanResult.vulnerabilities.map((vuln) => ({
1701
+ dependencyName: scanResult.dependency_name,
1702
+ version: scanResult.version,
1703
+ cveId: vuln.cve_id,
1704
+ severity: normalizeSeverity(vuln.severity),
1705
+ summary: vuln.summary,
1706
+ fixedVersion: vuln.fixed_version
1707
+ }))
1708
+ );
1709
+ const summary = summarizeBySeverity(vulns.map((vuln) => vuln.severity));
1710
+ lines.push("");
1711
+ lines.push("\u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
1712
+ lines.push("\u2502 VERIMU PLATFORM SCAN RESULTS \u2502");
1713
+ lines.push("\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
1714
+ lines.push("");
1715
+ lines.push(` Project: ${projectPath}`);
1716
+ lines.push(" Source: Verimu platform backend");
1717
+ lines.push(` Dependencies: ${result.totalDependencies}`);
1718
+ lines.push("");
1719
+ if (vulns.length === 0) {
1720
+ lines.push(" \u2713 No platform vulnerabilities found");
1721
+ } else {
1722
+ lines.push(` \u26A0 ${vulns.length} backend vulnerabilit${vulns.length === 1 ? "y" : "ies"} found:`);
1723
+ lines.push("");
1724
+ const sorted = [...vulns].sort((a, b) => severityOrder2(a.severity) - severityOrder2(b.severity));
1725
+ for (const vuln of sorted) {
1726
+ const fix = vuln.fixedVersion ? ` \u2192 fix: ${vuln.fixedVersion}` : "";
1727
+ lines.push(` ${severityBadge2(vuln.severity)} ${vuln.cveId}`);
1728
+ lines.push(` ${vuln.dependencyName}@${vuln.version}${fix}`);
1729
+ lines.push(` ${vuln.summary.slice(0, 100)}`);
1730
+ lines.push("");
1731
+ }
1732
+ }
1733
+ lines.push(" \u2500\u2500\u2500 Summary \u2500\u2500\u2500");
1734
+ lines.push(` Total: ${vulns.length} | Critical: ${summary.CRITICAL} | High: ${summary.HIGH} | Medium: ${summary.MEDIUM} | Low: ${summary.LOW}`);
1735
+ lines.push("");
1736
+ return lines.join("\n");
1737
+ }
1738
+ function normalizeSeverity(severity) {
1739
+ const value = severity.trim().toUpperCase();
1740
+ switch (value) {
1741
+ case "CRITICAL":
1742
+ case "HIGH":
1743
+ case "MEDIUM":
1744
+ case "LOW":
1745
+ return value;
1746
+ default:
1747
+ return "UNKNOWN";
1748
+ }
1749
+ }
1750
+ function summarizeBySeverity(severities) {
1751
+ const summary = {
1752
+ CRITICAL: 0,
1753
+ HIGH: 0,
1754
+ MEDIUM: 0,
1755
+ LOW: 0,
1756
+ UNKNOWN: 0
1757
+ };
1758
+ for (const severity of severities) {
1759
+ summary[severity] += 1;
1760
+ }
1761
+ return summary;
1762
+ }
1763
+ function severityOrder2(severity) {
1764
+ const order = {
1765
+ CRITICAL: 0,
1766
+ HIGH: 1,
1767
+ MEDIUM: 2,
1768
+ LOW: 3,
1769
+ UNKNOWN: 4
1770
+ };
1771
+ return order[severity] ?? 5;
1772
+ }
1773
+ function severityBadge2(severity) {
1774
+ const badges = {
1775
+ CRITICAL: "[CRIT]",
1776
+ HIGH: "[HIGH]",
1777
+ MEDIUM: "[MED] ",
1778
+ LOW: "[LOW] ",
1779
+ UNKNOWN: "[???] "
1780
+ };
1781
+ return badges[severity] ?? "[???] ";
1782
+ }
1696
1783
  function parseArgs(argv) {
1697
1784
  const args = argv.slice(2);
1698
1785
  const result = {
@@ -1786,9 +1873,7 @@ async function main() {
1786
1873
  logSuccess(`Project created: ${report.project.path}`);
1787
1874
  }
1788
1875
  logSuccess(`${result.totalDependencies} dependencies tracked`);
1789
- if (result.vulnerableDependencies > 0) {
1790
- logWarn(`${result.vulnerableDependencies} vulnerable dependencies flagged`);
1791
- }
1876
+ console.log(renderPlatformScan(report.project.path, result));
1792
1877
  logSuccess(`Dashboard: ${result.dashboardUrl}`);
1793
1878
  } catch (err) {
1794
1879
  const msg = err instanceof Error ? err.message : String(err);