conviso-cli 2.7.5__tar.gz → 2.7.6__tar.gz

{conviso_cli-2.7.5 → conviso_cli-2.7.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: conviso-cli
-Version: 2.7.5
+Version: 2.7.6
 Maintainer: Conviso
 Maintainer-email: development@convisoappsec.com
 Project-URL: Source, https://github.com/convisoappsec/convisocli/

{conviso_cli-2.7.5 → conviso_cli-2.7.6}/conviso_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: conviso-cli
-Version: 2.7.5
+Version: 2.7.6
 Maintainer: Conviso
 Maintainer-email: development@convisoappsec.com
 Project-URL: Source, https://github.com/convisoappsec/convisocli/

{conviso_cli-2.7.5 → conviso_cli-2.7.6}/convisoappsec/flow/graphql_api/v1/client.py

@@ -1,6 +1,6 @@
 from convisoappsec.common.graphql.low_client import GraphQLClient
 from convisoappsec.flow.graphql_api.v1.resources_api import AssetsAPI, CompaniesApi, IssuesApi, DeploysApi, \
-    SbomApi, LogAstError, ContainerApi, ControlSyncStatus
+    SbomApi, LogAstError, ContainerApi, ControlSyncStatus, SecurityGateApi
 
 
 class ConvisoGraphQLClient():
@@ -44,3 +44,7 @@ class ConvisoGraphQLClient():
     @property
     def control_sync_status(self):
         return ControlSyncStatus(self.__low_client)
+
+    @property
+    def security_gate(self):
+        return SecurityGateApi(self.__low_client)

{conviso_cli-2.7.5 → conviso_cli-2.7.6}/convisoappsec/flow/graphql_api/v1/resources_api.py

@@ -487,3 +487,31 @@ class ControlSyncStatus:
         )
 
         return result
+
+
+class SecurityGateApi(object):
+    """ To operations on Security Gate resources in Conviso Platform. """
+
+    def __init__(self, conviso_graphql_client):
+        self.__conviso_graphql_client = conviso_graphql_client
+
+    def run_security_gate(self, asset_id):
+        """ Execute security gate check for an asset using platform rules """
+
+        graphql_variables = {
+            'assetId': str(asset_id)
+        }
+
+        graphql_body_response = self.__conviso_graphql_client.execute(
+            resolvers.SECURITY_GATE_RUN,
+            graphql_variables
+        )
+
+        expected_path = 'securityGateRun'
+
+        result = jmespath.search(
+            expected_path,
+            graphql_body_response,
+        )
+
+        return result

{conviso_cli-2.7.5 → conviso_cli-2.7.6}/convisoappsec/flow/graphql_api/v1/schemas/resolvers/__init__.py

@@ -177,4 +177,23 @@ query GetDeploysByAsset(
     }
   }
 }
+"""
+
+SECURITY_GATE_RUN = """
+query SecurityGateRun($assetId: ID!) {
+  securityGateRun(assetId: $assetId) {
+    asset {
+      id
+      name
+    }
+    executionDate
+    reason {
+      low { limit count }
+      medium { limit count }
+      high { limit count }
+      critical { limit count }
+    }
+    status
+  }
+}
 """

{conviso_cli-2.7.5 → conviso_cli-2.7.6}/convisoappsec/flowcli/iac/run.py

@@ -181,6 +181,8 @@ def deploy_results_to_conviso(
                 except ResponseError as error:
                     if error.code == 'RECORD_NOT_UNIQUE':
                         continue
+                    elif error.code == "Record not found" or "Record not found" in str(error):
+                        continue
                     else:
                         retry_handler = RetryHandler(
                             flow_context=flow_context, company_id=company_id, asset_id=asset_id

{conviso_cli-2.7.5 → conviso_cli-2.7.6}/convisoappsec/flowcli/sbom/generate.py

@@ -182,7 +182,7 @@ def generate(context, flow_context, asset_id, company_id, repository_dir, send_t
                 stderr=subprocess.DEVNULL
             )
             command = [f"./conviso/syft scan {repository_dir} -o cyclonedx-json={file_name} "
-                       f"--select-catalogers '{','.join(catalogers)}'"]
+                       f"--select-catalogers '{','.join(catalogers)}' --exclude ./conviso"]
 
             subprocess.run(command, shell=True, check=True, capture_output=True)
 

{conviso_cli-2.7.5 → conviso_cli-2.7.6}/convisoappsec/flowcli/vulnerability/assert_security_rules.py

@@ -43,7 +43,8 @@ click_log.basic_config(logger)
     '--rules-file',
     'rules_file',
     type=click.File('r'),
-    required=True
+    required=False,
+    help="Path to local YAML rules file. If not provided, uses platform-configured rules."
 )
 @click.option(
     '--asset-name',
@@ -66,6 +67,12 @@ def assert_security_rules(
         company_id = company[0]['id']
 
     try:
+        # If no rules file provided, use platform rules (default behavior)
+        if not rules_file:
+            run_platform_security_gate(flow_context, asset_id)
+            return
+
+        # Otherwise use local rules file
         rules = yaml.load(
             rules_file,
             Loader=yaml.Loader
@@ -149,6 +156,60 @@ def tolerated_days_by_severity(rules):
     return days_by_severity
 
 
+def run_platform_security_gate(flow_context, asset_id):
+    """Execute security gate using platform-configured rules."""
+    conviso_api = flow_context.create_conviso_graphql_client()
+
+    click.secho(
+        '💬 Running security gate with platform rules...',
+        bold=True
+    )
+
+    result = conviso_api.security_gate.run_security_gate(asset_id)
+
+    if result is None:
+        raise click.ClickException(
+            'Failed to execute security gate on platform. No result returned.'
+        )
+
+    asset_info = result.get('asset', {})
+    asset_name = asset_info.get('name', 'Unknown')
+    status = result.get('status')
+    reason = result.get('reason', {})
+    execution_date = result.get('executionDate', 'Unknown')
+
+    click.secho(
+        f'💬 Security Gate Result for Asset: {asset_name} (ID: {asset_id})',
+        bold=True
+    )
+    click.echo(f'   Execution Date: {execution_date}')
+    click.echo('')
+
+    # Display severity counts
+    click.secho('   Severity Summary:', bold=True)
+    for severity in ['critical', 'high', 'medium', 'low']:
+        severity_data = reason.get(severity) if reason else None
+        if severity_data is None:
+            click.echo(f'   ⚪ {severity.upper()}: N/A (not configured)')
+            continue
+        limit = severity_data.get('limit', 'N/A')
+        count = severity_data.get('count', 0)
+        status_icon = '❌' if limit != 'N/A' and count > limit else '✅'
+        click.echo(f'   {status_icon} {severity.upper()}: {count}/{limit}')
+
+    click.echo('')
+
+    if status == 'FAIL':
+        raise click.ClickException(
+            f'Security gate FAILED. Vulnerabilities exceed configured limits.'
+        )
+
+    click.secho(
+        f'✅ Security gate PASSED.',
+        bold=True
+    )
+
+
 def __raise_if_gate_locked(response):
     if response['locked']:
         click.secho('💬 Vulnerabilities summary...', bold=True)

conviso_cli-2.7.6/convisoappsec/version.py

@@ -0,0 +1 @@
+__version__ = '2.7.6'

conviso_cli-2.7.5/convisoappsec/version.py

@@ -1 +0,0 @@
-__version__ = '2.7.5'