xploitscan 1.0.19 → 1.0.20

package/dist/index.js

@@ -1262,7 +1262,7 @@ function calculateGrade(findings, _totalFiles) {
   else if (medium >= 1) grade = capGrade("A");
   let summary;
   if (critical > 0) {
-    summary = `${critical} critical ${critical === 1 ? "vulnerability" : "vulnerabilities"} require immediate attention.`;
+    summary = `${critical} critical ${critical === 1 ? "vulnerability requires" : "vulnerabilities require"} immediate attention.`;
   } else if (high >= 3) {
     summary = `${high} high-severity issues require urgent attention.`;
   } else if (high > 0) {
@@ -3472,6 +3472,102 @@ Suggested fix: ${f.fix}` : `${f.title}: ${f.description}`;
   console.log(JSON.stringify(sarif, null, 2));
 }
 
+// src/reporters/siem.ts
+var ECS_SEVERITY = {
+  // Elastic Common Schema uses 0–100 integer severity.
+  critical: 90,
+  high: 70,
+  medium: 50,
+  low: 30
+};
+var DATADOG_STATUS = {
+  // Datadog Logs status field accepts emergency/alert/critical/error/warning/notice/info/debug.
+  critical: "critical",
+  high: "error",
+  medium: "warning",
+  low: "info"
+};
+function commonFields(result, finding) {
+  return {
+    rule: finding.rule,
+    title: finding.title,
+    description: finding.description,
+    severity: finding.severity,
+    file: finding.file,
+    line: finding.line,
+    category: finding.category,
+    cwe: finding.cwe ?? null,
+    owasp: finding.owasp ?? null,
+    fix: finding.fix ?? null,
+    scan_timestamp: result.timestamp,
+    scan_directory: result.directory,
+    files_scanned: result.filesScanned,
+    scan_duration_ms: result.duration
+  };
+}
+function renderSplunkReport(result) {
+  for (const finding of result.findings) {
+    const event = {
+      time: Math.floor(new Date(result.timestamp).getTime() / 1e3),
+      sourcetype: "xploitscan:finding",
+      source: "xploitscan",
+      event: commonFields(result, finding)
+    };
+    console.log(JSON.stringify(event));
+  }
+}
+function renderElasticReport(result) {
+  for (const finding of result.findings) {
+    const event = {
+      "@timestamp": result.timestamp,
+      ecs: { version: "8.11.0" },
+      event: {
+        kind: "alert",
+        category: ["vulnerability"],
+        type: ["info"],
+        dataset: "xploitscan.finding",
+        module: "xploitscan",
+        severity: ECS_SEVERITY[finding.severity] ?? 50,
+        action: finding.rule
+      },
+      vulnerability: {
+        id: finding.rule,
+        category: [finding.category],
+        description: finding.description,
+        severity: finding.severity,
+        classification: finding.owasp ?? "",
+        reference: finding.cwe ? `https://cwe.mitre.org/data/definitions/${finding.cwe.replace(/[^\d]/g, "")}.html` : ""
+      },
+      file: { path: finding.file },
+      log: { level: finding.severity },
+      message: `${finding.rule}: ${finding.title}`,
+      xploitscan: commonFields(result, finding)
+    };
+    console.log(JSON.stringify(event));
+  }
+}
+function renderDatadogReport(result) {
+  for (const finding of result.findings) {
+    const event = {
+      ddsource: "xploitscan",
+      ddtags: [
+        `severity:${finding.severity}`,
+        `rule:${finding.rule}`,
+        `category:${finding.category.toLowerCase().replace(/\s+/g, "_")}`,
+        finding.owasp ? `owasp:${finding.owasp.replace(/\s+/g, "_")}` : "",
+        finding.cwe ? `cwe:${finding.cwe}` : ""
+      ].filter(Boolean).join(","),
+      service: "xploitscan",
+      hostname: "xploitscan-cli",
+      status: DATADOG_STATUS[finding.severity] ?? "info",
+      message: `${finding.rule}: ${finding.title} \u2014 ${finding.description}`,
+      timestamp: result.timestamp,
+      xploitscan: commonFields(result, finding)
+    };
+    console.log(JSON.stringify(event));
+  }
+}
+
 // src/commands/scan.ts
 async function scanCommand(directory, options) {
   const dir = resolve2(directory || ".");
@@ -3738,6 +3834,15 @@ async function scanCommand(directory, options) {
     case "sarif":
       renderSarifReport(result);
       break;
+    case "splunk-hec":
+      renderSplunkReport(result);
+      break;
+    case "elastic-ecs":
+      renderElasticReport(result);
+      break;
+    case "datadog-logs":
+      renderDatadogReport(result);
+      break;
     default:
       renderTerminalReport(result, fileContentsForAnalysis);
       break;
@@ -4143,8 +4248,12 @@ async function cursorInstallCommand(opts = {}) {
 var program = new Command();
 program.name("xploitscan").description(
   "AI security scanner for vibe-coded apps. Find vulnerabilities before attackers do."
-).version("1.0.19");
-program.command("scan").description("Scan a directory for security vulnerabilities").argument("[directory]", "Directory to scan", ".").option("--no-ai", "Skip AI-powered analysis").option("-f, --format <format>", "Output format: terminal, json, sarif", "terminal").option("-v, --verbose", "Show detailed output", false).option("--diff [base]", "Scan only files changed vs base branch (default: main)").option("-w, --watch", "Watch for file changes and re-scan automatically", false).action(async (directory, opts) => {
+).version("1.0.20");
+program.command("scan").description("Scan a directory for security vulnerabilities").argument("[directory]", "Directory to scan", ".").option("--no-ai", "Skip AI-powered analysis").option(
+  "-f, --format <format>",
+  "Output format: terminal, json, sarif, splunk-hec, elastic-ecs, datadog-logs",
+  "terminal"
+).option("-v, --verbose", "Show detailed output", false).option("--diff [base]", "Scan only files changed vs base branch (default: main)").option("-w, --watch", "Watch for file changes and re-scan automatically", false).action(async (directory, opts) => {
   await scanCommand(directory, {
     directory,
     aiAnalysis: opts.ai,