PyPI - code-audit-23 - Versions diffs - 0.1.1__py3-none-any.whl - Mend

code-audit-23 0.1.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

code_audit_23/__init__.py +0 -0
code_audit_23/logger.py +62 -0
code_audit_23/main.py +286 -0
code_audit_23/sonar-scanner/bin/sonar-scanner +74 -0
code_audit_23/sonar-scanner/bin/sonar-scanner-debug +19 -0
code_audit_23/sonar-scanner/bin/sonar-scanner-debug.bat +18 -0
code_audit_23/sonar-scanner/bin/sonar-scanner.bat +92 -0
code_audit_23/sonar-scanner/conf/sonar-scanner.properties +8 -0
code_audit_23/sonar-scanner/lib/sonar-scanner-cli-7.3.0.5189.jar +0 -0
code_audit_23/sonarqube_cli.py +292 -0
code_audit_23/trivy_cli.py +302 -0
code_audit_23-0.1.1.dist-info/METADATA +184 -0
code_audit_23-0.1.1.dist-info/RECORD +17 -0
code_audit_23-0.1.1.dist-info/WHEEL +5 -0
code_audit_23-0.1.1.dist-info/entry_points.txt +2 -0
code_audit_23-0.1.1.dist-info/licenses/LICENSE +21 -0
code_audit_23-0.1.1.dist-info/top_level.txt +1 -0

code_audit_23-0.1.1.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,184 @@
+Metadata-Version: 2.4
+Name: code-audit-23
+Version: 0.1.1
+Summary: A simple local scanner for code audits (Trivy, SonarQube, for Brain Station 23)
+Author-email: Ahmad Al-Sajid <ahmad.sajid@brainstation23.com>
+License-Expression: MIT
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click<9.0,>=8.1.7
+Requires-Dist: python-dotenv<2.0,>=1.0
+Requires-Dist: requests<3.0,>=2.31
+Dynamic: license-file
+# Code Audit 23
+[![PyPI Version](https://img.shields.io/pypi/v/code-audit-23.svg)](https://pypi.org/project/code-audit-23/)
+[![Python Version](https://img.shields.io/pypi/pyversions/code-audit-23.svg)](https://pypi.org/project/code-audit-23/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+Code Audit 23 is a comprehensive command-line interface (CLI) tool that unifies multiple code quality and security scanning tools into a single, easy-to-use interface. It's designed to help developers maintain high code quality and security standards across their projects.
+## ✨ Features
+- **Unified Interface**: Single command to run multiple code quality and security scans
+- **Multiple Tools Integration**:
+  - **SonarQube** - Code quality and security analysis
+  - **Gitleaks** - Detect hardcoded secrets and credentials
+  - **Trivy** - Vulnerability scanning for dependencies and container images
+- **Interactive Menu**: User-friendly command-line interface
+- **Cross-Platform**: Works on Windows, macOS, and Linux
+- **SARIF Reports**: Standardized output format for all scan results
+- **No Installation Required**: Self-contained executable available
+## 🚀 Installation
+### Prerequisites
+- Python 3.9 or higher
+- Java 11+ (for SonarQube Scanner)
+- [Git](https://git-scm.com/) (for Gitleaks)
+### Install from PyPI
+```bash
+pip install code-audit-23
+```
+### Install from Source
+1. Clone the repository:
+   ```bash
+   git clone https://github.com/BrainStation-23/CodeAudit23.git
+   cd CodeAudit23
+   ```
+2. Create and activate a virtual environment:
+   ```bash
+   # Linux/macOS
+   python -m venv venv
+   source venv/bin/activate
+   # Windows
+   python -m venv venv
+   .\venv\Scripts\activate
+   ```
+3. Install dependencies:
+   ```bash
+   pip install -e .
+   ```
+## 🔧 Configuration
+1. Create a `.env` file in your project root with the following variables:
+   ```env
+   SONAR_HOST_URL=https://your-sonarqube-instance.com
+   SONAR_LOGIN=your_sonarqube_token
+   ```
+2. The first time you run a scan, the tool will prompt you for SonarQube credentials if they're not in the `.env` file.
+## 🛠 Usage
+### Basic Usage
+Run the interactive menu:
+```bash
+code-audit-23
+```
+### Command Line Options
+```
+Usage: code-audit-23 [OPTIONS]
+  Interactive entrypoint for Audit Scanner
+Options:
+  --help  Show this message and exit.
+```
+### Menu Options
+1. **Quick Scan** - Run all security scans in sequence (SonarQube + Gitleaks + Trivy)
+2. **Gitleaks Scan** - Scan for secrets and sensitive information
+3. **Trivy Scan** - Scan for vulnerabilities in dependencies and container images
+4. **SonarQube Scan** - Analyze code quality and security issues
+## 📊 Output
+All scan reports are saved in the `reports/` directory in SARIF format:
+- `reports/gitleaks.sarif` - Results from Gitleaks scan
+- `reports/trivy.sarif` - Results from Trivy scan
+- SonarQube results are available on your SonarQube server
+## 🧪 Development
+### Project Structure
+```
+code_audit_23/
+├── __init__.py
+├── main.py           # Main CLI entry point
+├── sonarqube_cli.py  # SonarQube scanner implementation
+└── logger.py         # Logging configuration
+```
+### Dependencies
+- `click` - Command line interface creation
+- `requests` - HTTP requests
+- `python-dotenv` - Environment variable management
+### Building & Publishing to PyPI
+1. Update the version in `pyproject.toml` (and optionally `__init__.py` if you mirror it there). Commit the change.
+2. Ensure you have the packaging tooling:
+   ```bash
+   python -m pip install --upgrade build twine
+   ```
+3. Clean any previous artifacts:
+   ```bash
+   rm -rf dist build *.egg-info
+   ```
+4. Build the source distribution and wheel:
+   ```bash
+   python -m build
+   ```
+5. (Optional but recommended) Validate the archives locally:
+   ```bash
+   twine check dist/*
+   ```
+6. (Optional) Publish to TestPyPI before the main release:
+   ```bash
+   python -m twine upload --repository testpypi dist/*
+   ```
+7. Once satisfied, publish to PyPI:
+   ```bash
+   python -m twine upload dist/*
+   ```
+8. Tag the release in git, e.g.:
+   ```bash
+   git tag -a v0.1.0 -m "Release v0.1.0"
+   git push origin v0.1.0
+   ```
+## 🤝 Contributing
+Contributions are welcome! Please read our [Contributing Guidelines](./CONTRIBUTING.md) for details on how to submit pull requests, report issues, or suggest new features.
+## 📄 License
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+## 🙏 Acknowledgments
+- [SonarQube](https://www.sonarqube.org/) - For the amazing code quality platform
+- [Gitleaks](https://github.com/gitleaks/gitleaks) - For the secrets detection
+- [Trivy](https://github.com/aquasecurity/trivy) - For the vulnerability scanning
+## 📧 Contact
+For any questions or feedback, please contact [Ahmad Al-Sajid](mailto:ahmad.sajid@brainstation-23.com).

code_audit_23-0.1.1.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,17 @@
+code_audit_23/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+code_audit_23/logger.py,sha256=4L0-vzS8INLfC3FrfO-buGRiLjiM3f68_dOpMuo96c8,1589
+code_audit_23/main.py,sha256=ELRb8lNw2A7_62_THrTlsAuK_CQCX79HmX3dJOh8lzc,10933
+code_audit_23/sonarqube_cli.py,sha256=a0V4hvX__2AJTLXqWBjdG5eMp7_-X3PpngXSmhqtyfA,9394
+code_audit_23/trivy_cli.py,sha256=mzhkLxiFQV737lqdNJBM_2ajcGA0Ulsq4G45iNDUdeA,11071
+code_audit_23/sonar-scanner/bin/sonar-scanner,sha256=jDQsz5j4LEy0_2hbXrHF25I5TwPFdqOHRqWVQrhgqF0,1854
+code_audit_23/sonar-scanner/bin/sonar-scanner-debug,sha256=UUTT52N5kqHcZ7wm6s1gGpfqx7UYXJJmBAW-LhKfpaA,921
+code_audit_23/sonar-scanner/bin/sonar-scanner-debug.bat,sha256=dbjbmmHNPdCMcjoH2MCT22s9B5vUAe4ioZbdonyQnII,805
+code_audit_23/sonar-scanner/bin/sonar-scanner.bat,sha256=ulQfLMfB80yaewaLrCA1qIgDhFpS7F8UPJsAOOvfbWo,2554
+code_audit_23/sonar-scanner/conf/sonar-scanner.properties,sha256=Rm-t0muBwFYadaUz6COggNxZxRyHD9lpHnBWHwpKbwY,356
+code_audit_23/sonar-scanner/lib/sonar-scanner-cli-7.3.0.5189.jar,sha256=UoOVgUI3opT_DPDG58AzNiCLz-J4UaQzujlM4PlK91w,13285690
+code_audit_23-0.1.1.dist-info/licenses/LICENSE,sha256=fOwD7XDNaZSTv2l_oHfnmHzRA0nOBW1_s5ET2-a4Yl4,1103
+code_audit_23-0.1.1.dist-info/METADATA,sha256=Ih_O6u12MJk70aUaDToA6bTJs5cszQzAtnfoNi7kiLM,5384
+code_audit_23-0.1.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+code_audit_23-0.1.1.dist-info/entry_points.txt,sha256=bmrlNiAXXmyjdfeNa0xMwpyAV4SfWYI4IfWmqdjxSUo,58
+code_audit_23-0.1.1.dist-info/top_level.txt,sha256=ynOYCHFyYQ221NVQIzc-S3PKuTlhCPu_dWflN9sLG3I,14
+code_audit_23-0.1.1.dist-info/RECORD,,

code_audit_23-0.1.1.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.9.0)
+Root-Is-Purelib: true
+Tag: py3-none-any

code_audit_23-0.1.1.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ code-audit-23 = code_audit_23.main:main

code_audit_23-0.1.1.dist-info/licenses/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 BrainStation-23 (https://brainstation-23.com/)
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

code_audit_23-0.1.1.dist-info/top_level.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ code_audit_23