code-audit-23 0.1.1__tar.gz

code_audit_23-0.1.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 BrainStation-23 (https://brainstation-23.com/)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

code_audit_23-0.1.1/MANIFEST.in

@@ -0,0 +1 @@
+recursive-include code_audit_23/sonar-scanner *

code_audit_23-0.1.1/PKG-INFO

@@ -0,0 +1,184 @@
+Metadata-Version: 2.4
+Name: code-audit-23
+Version: 0.1.1
+Summary: A simple local scanner for code audits (Trivy, SonarQube, for Brain Station 23)
+Author-email: Ahmad Al-Sajid <ahmad.sajid@brainstation23.com>
+License-Expression: MIT
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click<9.0,>=8.1.7
+Requires-Dist: python-dotenv<2.0,>=1.0
+Requires-Dist: requests<3.0,>=2.31
+Dynamic: license-file
+
+# Code Audit 23
+
+[![PyPI Version](https://img.shields.io/pypi/v/code-audit-23.svg)](https://pypi.org/project/code-audit-23/)
+[![Python Version](https://img.shields.io/pypi/pyversions/code-audit-23.svg)](https://pypi.org/project/code-audit-23/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+Code Audit 23 is a comprehensive command-line interface (CLI) tool that unifies multiple code quality and security scanning tools into a single, easy-to-use interface. It's designed to help developers maintain high code quality and security standards across their projects.
+
+## ✨ Features
+
+- **Unified Interface**: Single command to run multiple code quality and security scans
+- **Multiple Tools Integration**:
+  - **SonarQube** - Code quality and security analysis
+  - **Gitleaks** - Detect hardcoded secrets and credentials
+  - **Trivy** - Vulnerability scanning for dependencies and container images
+- **Interactive Menu**: User-friendly command-line interface
+- **Cross-Platform**: Works on Windows, macOS, and Linux
+- **SARIF Reports**: Standardized output format for all scan results
+- **No Installation Required**: Self-contained executable available
+
+## 🚀 Installation
+
+### Prerequisites
+
+- Python 3.9 or higher
+- Java 11+ (for SonarQube Scanner)
+- [Git](https://git-scm.com/) (for Gitleaks)
+
+### Install from PyPI
+
+```bash
+pip install code-audit-23
+```
+
+### Install from Source
+
+1. Clone the repository:
+   ```bash
+   git clone https://github.com/BrainStation-23/CodeAudit23.git
+   cd CodeAudit23
+   ```
+
+2. Create and activate a virtual environment:
+   ```bash
+   # Linux/macOS
+   python -m venv venv
+   source venv/bin/activate
+   
+   # Windows
+   python -m venv venv
+   .\venv\Scripts\activate
+   ```
+
+3. Install dependencies:
+   ```bash
+   pip install -e .
+   ```
+
+## 🔧 Configuration
+
+1. Create a `.env` file in your project root with the following variables:
+   ```env
+   SONAR_HOST_URL=https://your-sonarqube-instance.com
+   SONAR_LOGIN=your_sonarqube_token
+   ```
+
+2. The first time you run a scan, the tool will prompt you for SonarQube credentials if they're not in the `.env` file.
+
+## 🛠 Usage
+
+### Basic Usage
+
+Run the interactive menu:
+```bash
+code-audit-23
+```
+
+### Command Line Options
+
+```
+Usage: code-audit-23 [OPTIONS]
+
+  Interactive entrypoint for Audit Scanner
+
+Options:
+  --help  Show this message and exit.
+```
+
+### Menu Options
+
+1. **Quick Scan** - Run all security scans in sequence (SonarQube + Gitleaks + Trivy)
+2. **Gitleaks Scan** - Scan for secrets and sensitive information
+3. **Trivy Scan** - Scan for vulnerabilities in dependencies and container images
+4. **SonarQube Scan** - Analyze code quality and security issues
+
+## 📊 Output
+
+All scan reports are saved in the `reports/` directory in SARIF format:
+- `reports/gitleaks.sarif` - Results from Gitleaks scan
+- `reports/trivy.sarif` - Results from Trivy scan
+- SonarQube results are available on your SonarQube server
+
+## 🧪 Development
+
+### Project Structure
+
+```
+code_audit_23/
+├── __init__.py
+├── main.py           # Main CLI entry point
+├── sonarqube_cli.py  # SonarQube scanner implementation
+└── logger.py         # Logging configuration
+```
+
+### Dependencies
+
+- `click` - Command line interface creation
+- `requests` - HTTP requests
+- `python-dotenv` - Environment variable management
+
+### Building & Publishing to PyPI
+
+1. Update the version in `pyproject.toml` (and optionally `__init__.py` if you mirror it there). Commit the change.
+2. Ensure you have the packaging tooling:
+   ```bash
+   python -m pip install --upgrade build twine
+   ```
+3. Clean any previous artifacts:
+   ```bash
+   rm -rf dist build *.egg-info
+   ```
+4. Build the source distribution and wheel:
+   ```bash
+   python -m build
+   ```
+5. (Optional but recommended) Validate the archives locally:
+   ```bash
+   twine check dist/*
+   ```
+6. (Optional) Publish to TestPyPI before the main release:
+   ```bash
+   python -m twine upload --repository testpypi dist/*
+   ```
+7. Once satisfied, publish to PyPI:
+   ```bash
+   python -m twine upload dist/*
+   ```
+8. Tag the release in git, e.g.:
+   ```bash
+   git tag -a v0.1.0 -m "Release v0.1.0"
+   git push origin v0.1.0
+   ```
+
+## 🤝 Contributing
+
+Contributions are welcome! Please read our [Contributing Guidelines](./CONTRIBUTING.md) for details on how to submit pull requests, report issues, or suggest new features.
+
+## 📄 License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## 🙏 Acknowledgments
+
+- [SonarQube](https://www.sonarqube.org/) - For the amazing code quality platform
+- [Gitleaks](https://github.com/gitleaks/gitleaks) - For the secrets detection
+- [Trivy](https://github.com/aquasecurity/trivy) - For the vulnerability scanning
+
+## 📧 Contact
+
+For any questions or feedback, please contact [Ahmad Al-Sajid](mailto:ahmad.sajid@brainstation-23.com).

code_audit_23-0.1.1/README.md

@@ -0,0 +1,170 @@
+# Code Audit 23
+
+[![PyPI Version](https://img.shields.io/pypi/v/code-audit-23.svg)](https://pypi.org/project/code-audit-23/)
+[![Python Version](https://img.shields.io/pypi/pyversions/code-audit-23.svg)](https://pypi.org/project/code-audit-23/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+Code Audit 23 is a comprehensive command-line interface (CLI) tool that unifies multiple code quality and security scanning tools into a single, easy-to-use interface. It's designed to help developers maintain high code quality and security standards across their projects.
+
+## ✨ Features
+
+- **Unified Interface**: Single command to run multiple code quality and security scans
+- **Multiple Tools Integration**:
+  - **SonarQube** - Code quality and security analysis
+  - **Gitleaks** - Detect hardcoded secrets and credentials
+  - **Trivy** - Vulnerability scanning for dependencies and container images
+- **Interactive Menu**: User-friendly command-line interface
+- **Cross-Platform**: Works on Windows, macOS, and Linux
+- **SARIF Reports**: Standardized output format for all scan results
+- **No Installation Required**: Self-contained executable available
+
+## 🚀 Installation
+
+### Prerequisites
+
+- Python 3.9 or higher
+- Java 11+ (for SonarQube Scanner)
+- [Git](https://git-scm.com/) (for Gitleaks)
+
+### Install from PyPI
+
+```bash
+pip install code-audit-23
+```
+
+### Install from Source
+
+1. Clone the repository:
+   ```bash
+   git clone https://github.com/BrainStation-23/CodeAudit23.git
+   cd CodeAudit23
+   ```
+
+2. Create and activate a virtual environment:
+   ```bash
+   # Linux/macOS
+   python -m venv venv
+   source venv/bin/activate
+   
+   # Windows
+   python -m venv venv
+   .\venv\Scripts\activate
+   ```
+
+3. Install dependencies:
+   ```bash
+   pip install -e .
+   ```
+
+## 🔧 Configuration
+
+1. Create a `.env` file in your project root with the following variables:
+   ```env
+   SONAR_HOST_URL=https://your-sonarqube-instance.com
+   SONAR_LOGIN=your_sonarqube_token
+   ```
+
+2. The first time you run a scan, the tool will prompt you for SonarQube credentials if they're not in the `.env` file.
+
+## 🛠 Usage
+
+### Basic Usage
+
+Run the interactive menu:
+```bash
+code-audit-23
+```
+
+### Command Line Options
+
+```
+Usage: code-audit-23 [OPTIONS]
+
+  Interactive entrypoint for Audit Scanner
+
+Options:
+  --help  Show this message and exit.
+```
+
+### Menu Options
+
+1. **Quick Scan** - Run all security scans in sequence (SonarQube + Gitleaks + Trivy)
+2. **Gitleaks Scan** - Scan for secrets and sensitive information
+3. **Trivy Scan** - Scan for vulnerabilities in dependencies and container images
+4. **SonarQube Scan** - Analyze code quality and security issues
+
+## 📊 Output
+
+All scan reports are saved in the `reports/` directory in SARIF format:
+- `reports/gitleaks.sarif` - Results from Gitleaks scan
+- `reports/trivy.sarif` - Results from Trivy scan
+- SonarQube results are available on your SonarQube server
+
+## 🧪 Development
+
+### Project Structure
+
+```
+code_audit_23/
+├── __init__.py
+├── main.py           # Main CLI entry point
+├── sonarqube_cli.py  # SonarQube scanner implementation
+└── logger.py         # Logging configuration
+```
+
+### Dependencies
+
+- `click` - Command line interface creation
+- `requests` - HTTP requests
+- `python-dotenv` - Environment variable management
+
+### Building & Publishing to PyPI
+
+1. Update the version in `pyproject.toml` (and optionally `__init__.py` if you mirror it there). Commit the change.
+2. Ensure you have the packaging tooling:
+   ```bash
+   python -m pip install --upgrade build twine
+   ```
+3. Clean any previous artifacts:
+   ```bash
+   rm -rf dist build *.egg-info
+   ```
+4. Build the source distribution and wheel:
+   ```bash
+   python -m build
+   ```
+5. (Optional but recommended) Validate the archives locally:
+   ```bash
+   twine check dist/*
+   ```
+6. (Optional) Publish to TestPyPI before the main release:
+   ```bash
+   python -m twine upload --repository testpypi dist/*
+   ```
+7. Once satisfied, publish to PyPI:
+   ```bash
+   python -m twine upload dist/*
+   ```
+8. Tag the release in git, e.g.:
+   ```bash
+   git tag -a v0.1.0 -m "Release v0.1.0"
+   git push origin v0.1.0
+   ```
+
+## 🤝 Contributing
+
+Contributions are welcome! Please read our [Contributing Guidelines](./CONTRIBUTING.md) for details on how to submit pull requests, report issues, or suggest new features.
+
+## 📄 License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## 🙏 Acknowledgments
+
+- [SonarQube](https://www.sonarqube.org/) - For the amazing code quality platform
+- [Gitleaks](https://github.com/gitleaks/gitleaks) - For the secrets detection
+- [Trivy](https://github.com/aquasecurity/trivy) - For the vulnerability scanning
+
+## 📧 Contact
+
+For any questions or feedback, please contact [Ahmad Al-Sajid](mailto:ahmad.sajid@brainstation-23.com).

code_audit_23-0.1.1/code_audit_23/logger.py

@@ -0,0 +1,62 @@
+import logging
+import os
+import sys
+from logging.handlers import RotatingFileHandler
+from pathlib import Path
+
+from dotenv import load_dotenv
+
+load_dotenv()
+
+LOG_LEVEL = os.getenv("LOG_LEVEL", "WARNING").upper()
+
+
+def setup_logger(name):
+    """
+    Set up a logger with both file and console handlers.
+    Logs are stored in the directory where the command is executed.
+    """
+
+    # Always use the current working directory for logs
+    log_dir = Path.cwd() / "logs"
+
+    # Create logs directory if missing
+    log_dir.mkdir(parents=True, exist_ok=True)
+
+    # Initialize logger
+    logger = logging.getLogger(name)
+    logger.setLevel(LOG_LEVEL)
+
+    # Prevent duplicate handlers
+    if logger.hasHandlers():
+        return logger
+
+    # Formatters
+    file_formatter = logging.Formatter(
+        "%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+        datefmt="%Y-%m-%d %H:%M:%S",
+    )
+    console_formatter = logging.Formatter("%(levelname)-8s %(message)s")
+
+    # File handler (rotating)
+    log_file = log_dir / "audit_scanner.log"
+    file_handler = RotatingFileHandler(
+        log_file, maxBytes=5 * 1024 * 1024, backupCount=3, encoding="utf-8"
+    )
+    file_handler.setLevel(LOG_LEVEL)
+    file_handler.setFormatter(file_formatter)
+
+    # Console handler
+    console_handler = logging.StreamHandler()
+    console_handler.setLevel(LOG_LEVEL)
+    console_handler.setFormatter(console_formatter)
+
+    # Add handlers
+    logger.addHandler(file_handler)
+    logger.addHandler(console_handler)
+
+    return logger
+
+
+# Default logger instance
+logger = setup_logger(__name__)