cycode 3.0.2.dev2__tar.gz → 3.1.1.dev1__tar.gz

{cycode-3.0.2.dev2 → cycode-3.1.1.dev1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 3.0.2.dev2
+Version: 3.1.1.dev1
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT

cycode-3.1.1.dev1/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '3.1.1.dev1'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-3.0.2.dev2 → cycode-3.1.1.dev1}/cycode/cli/consts.py

@@ -14,38 +14,40 @@ IAC_SCAN_TYPE = 'iac'
 SCA_SCAN_TYPE = 'sca'
 SAST_SCAN_TYPE = 'sast'
 
-IAC_SCAN_SUPPORTED_FILES = ('.tf', '.tf.json', '.json', '.yaml', '.yml', 'dockerfile')
+IAC_SCAN_SUPPORTED_FILE_EXTENSIONS = ('.tf', '.tf.json', '.json', '.yaml', '.yml', '.dockerfile', '.containerfile')
+IAC_SCAN_SUPPORTED_FILE_PREFIXES = ('dockerfile', 'containerfile')
 
 SECRET_SCAN_FILE_EXTENSIONS_TO_IGNORE = (
-    '.7z',
+    '.DS_Store',
     '.bmp',
-    '.bz2',
-    '.dmg',
-    '.exe',
     '.gif',
-    '.gz',
     '.ico',
-    '.jar',
-    '.jpg',
-    '.jpeg',
-    '.png',
-    '.rar',
-    '.realm',
-    '.s7z',
-    '.svg',
-    '.tar',
     '.tif',
     '.tiff',
     '.webp',
-    '.zi',
+    '.mp3',
+    '.mp4',
+    '.mkv',
+    '.avi',
+    '.mov',
+    '.mpg',
+    '.mpeg',
+    '.wav',
+    '.vob',
+    '.aac',
+    '.flac',
+    '.ogg',
+    '.mka',
+    '.wma',
+    '.wmv',
+    '.psd',
+    '.ai',
+    '.model',
     '.lock',
     '.css',
-    '.less',
-    '.dll',
-    '.enc',
-    '.deb',
-    '.obj',
-    '.model',
+    '.pdf',
+    '.odt',
+    '.iso',
 )
 
 SCA_CONFIGURATION_SCAN_SUPPORTED_FILES = (  # keep in lowercase
@@ -55,11 +57,18 @@ SCA_CONFIGURATION_SCAN_SUPPORTED_FILES = (  # keep in lowercase
     'composer.lock',
     'go.sum',
     'go.mod',
+    'go.mod.graph',
     'gopkg.lock',
     'pom.xml',
+    'bom.json',
+    'bcde.mvndeps',
     'build.gradle',
+    '.gradle',
     'gradle.lockfile',
     'build.gradle.kts',
+    '.gradle.kts',
+    '.properties',
+    '.kt',  # config KT files
     'package.json',
     'package-lock.json',
     'yarn.lock',
@@ -69,9 +78,10 @@ SCA_CONFIGURATION_SCAN_SUPPORTED_FILES = (  # keep in lowercase
     'packages.lock.json',
     'nuget.config',
     '.csproj',
+    '.vbproj',
     'gemfile',
     'gemfile.lock',
-    'build.sbt',
+    '.sbt',
     'build.scala',
     'build.sbt.lock',
     'pyproject.toml',
@@ -84,14 +94,36 @@ SCA_CONFIGURATION_SCAN_SUPPORTED_FILES = (  # keep in lowercase
     'mix.lock',
     'package.swift',
     'package.resolved',
+    'pubspec.yaml',
+    'pubspec.lock',
+    'conanfile.py',
+    'conanfile.txt',
+    'maven_install.json',
+    'conan.lock',
 )
 
-SCA_EXCLUDED_PATHS = ('node_modules',)
+SCA_EXCLUDED_PATHS = (
+    'node_modules',
+    'venv',
+    '.venv',
+    '__pycache__',
+    '.pytest_cache',
+    '.tox',
+    '.mvn',
+    '.gradle',
+    '.npm',
+    '.yarn',
+    '.bundle',
+    '.bloop',
+    '.build',
+    '.dart_tool',
+    '.pub',
+)
 
 PROJECT_FILES_BY_ECOSYSTEM_MAP = {
     'crates': ['Cargo.lock', 'Cargo.toml'],
     'composer': ['composer.json', 'composer.lock'],
-    'go': ['go.sum', 'go.mod', 'Gopkg.lock'],
+    'go': ['go.sum', 'go.mod', 'go.mod.graph', 'Gopkg.lock'],
     'maven_pom': ['pom.xml'],
     'maven_gradle': ['build.gradle', 'build.gradle.kts', 'gradle.lockfile'],
     'npm': ['package.json', 'package-lock.json', 'yarn.lock', 'npm-shrinkwrap.json', '.npmrc'],
@@ -104,6 +136,8 @@ PROJECT_FILES_BY_ECOSYSTEM_MAP = {
     'pypi_setup': ['setup.py'],
     'hex': ['mix.exs', 'mix.lock'],
     'swift_pm': ['Package.swift', 'Package.resolved'],
+    'dart': ['pubspec.yaml', 'pubspec.lock'],
+    'conan': ['conanfile.py', 'conanfile.txt', 'conan.lock'],
 }
 
 COMMIT_RANGE_SCAN_SUPPORTED_SCAN_TYPES = [SECRET_SCAN_TYPE, SCA_SCAN_TYPE]

{cycode-3.0.2.dev2 → cycode-3.1.1.dev1}/cycode/cli/files_collector/excluder.py

@@ -51,8 +51,11 @@ def _is_file_relevant_for_sca_scan(filename: str) -> bool:
 
 class Excluder:
     def __init__(self) -> None:
+        self._scannable_prefixes: dict[str, tuple[str, ...]] = {
+            consts.IAC_SCAN_TYPE: consts.IAC_SCAN_SUPPORTED_FILE_PREFIXES,
+        }
         self._scannable_extensions: dict[str, tuple[str, ...]] = {
-            consts.IAC_SCAN_TYPE: consts.IAC_SCAN_SUPPORTED_FILES,
+            consts.IAC_SCAN_TYPE: consts.IAC_SCAN_SUPPORTED_FILE_EXTENSIONS,
             consts.SCA_SCAN_TYPE: consts.SCA_CONFIGURATION_SCAN_SUPPORTED_FILES,
         }
         self._non_scannable_extensions: dict[str, tuple[str, ...]] = {
@@ -74,6 +77,10 @@ class Excluder:
         if non_scannable_extensions:
             return not filename.endswith(non_scannable_extensions)
 
+        scannable_prefixes = self._scannable_prefixes.get(scan_type)
+        if scannable_prefixes:
+            return filename.startswith(scannable_prefixes)
+
         return True
 
     def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> bool:

{cycode-3.0.2.dev2 → cycode-3.1.1.dev1}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cycode"
-version = "3.0.2.dev2" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+version = "3.1.1.dev1" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
 description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
 keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
 authors = ["Cycode <support@cycode.com>"]

cycode-3.0.2.dev2/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '3.0.2.dev2'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag