devguard 0.2.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. devguard-0.2.0/.cursor/rules/snyk_rules.mdc +14 -0
  2. devguard-0.2.0/.dockerignore +23 -0
  3. devguard-0.2.0/.github/workflows/devguard-self-scan.yml +26 -0
  4. devguard-0.2.0/.github/workflows/publish.yml +24 -0
  5. devguard-0.2.0/.gitignore +74 -0
  6. devguard-0.2.0/.guardian-email-history.json +2802 -0
  7. devguard-0.2.0/.guardian-email-thread +1 -0
  8. devguard-0.2.0/.pre-commit-hooks.yaml +33 -0
  9. devguard-0.2.0/Dockerfile +44 -0
  10. devguard-0.2.0/PKG-INFO +225 -0
  11. devguard-0.2.0/README.md +169 -0
  12. devguard-0.2.0/README_SPEC.md +157 -0
  13. devguard-0.2.0/devguard/INTEGRATION_SUMMARY.md +121 -0
  14. devguard-0.2.0/devguard/__init__.py +3 -0
  15. devguard-0.2.0/devguard/__main__.py +6 -0
  16. devguard-0.2.0/devguard/checkers/__init__.py +41 -0
  17. devguard-0.2.0/devguard/checkers/api_usage.py +523 -0
  18. devguard-0.2.0/devguard/checkers/aws_cost.py +331 -0
  19. devguard-0.2.0/devguard/checkers/aws_iam.py +284 -0
  20. devguard-0.2.0/devguard/checkers/base.py +25 -0
  21. devguard-0.2.0/devguard/checkers/container.py +137 -0
  22. devguard-0.2.0/devguard/checkers/domain.py +189 -0
  23. devguard-0.2.0/devguard/checkers/firecrawl.py +117 -0
  24. devguard-0.2.0/devguard/checkers/fly.py +225 -0
  25. devguard-0.2.0/devguard/checkers/github.py +210 -0
  26. devguard-0.2.0/devguard/checkers/npm.py +327 -0
  27. devguard-0.2.0/devguard/checkers/npm_security.py +244 -0
  28. devguard-0.2.0/devguard/checkers/redteam.py +290 -0
  29. devguard-0.2.0/devguard/checkers/secret.py +279 -0
  30. devguard-0.2.0/devguard/checkers/swarm.py +376 -0
  31. devguard-0.2.0/devguard/checkers/tailscale.py +143 -0
  32. devguard-0.2.0/devguard/checkers/tailsnitch.py +303 -0
  33. devguard-0.2.0/devguard/checkers/tavily.py +179 -0
  34. devguard-0.2.0/devguard/checkers/vercel.py +192 -0
  35. devguard-0.2.0/devguard/cli.py +1510 -0
  36. devguard-0.2.0/devguard/cli_helpers.py +189 -0
  37. devguard-0.2.0/devguard/config.py +249 -0
  38. devguard-0.2.0/devguard/core.py +293 -0
  39. devguard-0.2.0/devguard/dashboard.py +715 -0
  40. devguard-0.2.0/devguard/discovery.py +363 -0
  41. devguard-0.2.0/devguard/http_client.py +142 -0
  42. devguard-0.2.0/devguard/llm_service.py +481 -0
  43. devguard-0.2.0/devguard/mcp_server.py +259 -0
  44. devguard-0.2.0/devguard/metrics.py +144 -0
  45. devguard-0.2.0/devguard/models.py +208 -0
  46. devguard-0.2.0/devguard/reporting.py +1571 -0
  47. devguard-0.2.0/devguard/sarif.py +295 -0
  48. devguard-0.2.0/devguard/scripts/ANALYSIS_SUMMARY.md +141 -0
  49. devguard-0.2.0/devguard/scripts/README.md +221 -0
  50. devguard-0.2.0/devguard/scripts/auto_fix_recommendations.py +145 -0
  51. devguard-0.2.0/devguard/scripts/generate_npmignore.py +175 -0
  52. devguard-0.2.0/devguard/scripts/generate_security_report.py +324 -0
  53. devguard-0.2.0/devguard/scripts/prepublish_check.sh +29 -0
  54. devguard-0.2.0/devguard/scripts/redteam_npm_packages.py +1262 -0
  55. devguard-0.2.0/devguard/scripts/review_all_repos.py +300 -0
  56. devguard-0.2.0/devguard/spec.py +617 -0
  57. devguard-0.2.0/devguard/sweeps/__init__.py +23 -0
  58. devguard-0.2.0/devguard/sweeps/ai_editor_config_audit.py +697 -0
  59. devguard-0.2.0/devguard/sweeps/cargo_publish_audit.py +655 -0
  60. devguard-0.2.0/devguard/sweeps/dependency_audit.py +419 -0
  61. devguard-0.2.0/devguard/sweeps/gitignore_audit.py +336 -0
  62. devguard-0.2.0/devguard/sweeps/local_dev.py +260 -0
  63. devguard-0.2.0/devguard/sweeps/local_dirty_worktree_secrets.py +521 -0
  64. devguard-0.2.0/devguard/sweeps/project_flaudit.py +636 -0
  65. devguard-0.2.0/devguard/sweeps/public_github_secrets.py +680 -0
  66. devguard-0.2.0/devguard/sweeps/publish_audit.py +478 -0
  67. devguard-0.2.0/devguard/sweeps/ssh_key_audit.py +327 -0
  68. devguard-0.2.0/devguard/utils.py +174 -0
  69. devguard-0.2.0/devguard.spec.example.yaml +208 -0
  70. devguard-0.2.0/examples/docker/README.md +44 -0
  71. devguard-0.2.0/examples/github-workflow.yml +56 -0
  72. devguard-0.2.0/grafana/README.md +110 -0
  73. devguard-0.2.0/grafana/dashboards/devguard.json +266 -0
  74. devguard-0.2.0/justfile +135 -0
  75. devguard-0.2.0/ops/scripts/infra/check-repo-health.sh +0 -0
  76. devguard-0.2.0/package.json +16 -0
  77. devguard-0.2.0/pyproject.toml +93 -0
  78. devguard-0.2.0/test_email_history.py +216 -0
  79. devguard-0.2.0/tests/README_VISUAL_TESTING.md +58 -0
  80. devguard-0.2.0/tests/__init__.py +1 -0
  81. devguard-0.2.0/tests/test_cli.py +178 -0
  82. devguard-0.2.0/tests/test_config.py +47 -0
  83. devguard-0.2.0/tests/test_core.py +189 -0
  84. devguard-0.2.0/tests/test_dashboard_visual.mjs +189 -0
  85. devguard-0.2.0/tests/test_dependency_audit.py +300 -0
  86. devguard-0.2.0/tests/test_discovery.py +114 -0
  87. devguard-0.2.0/tests/test_error_handling.py +177 -0
  88. devguard-0.2.0/tests/test_gitignore_audit.py +144 -0
  89. devguard-0.2.0/tests/test_http_client.py +149 -0
  90. devguard-0.2.0/tests/test_integration_dashboard.py +86 -0
  91. devguard-0.2.0/tests/test_integration_discovery.py +121 -0
  92. devguard-0.2.0/tests/test_integration_email.py +238 -0
  93. devguard-0.2.0/tests/test_integration_mcp.py +159 -0
  94. devguard-0.2.0/tests/test_models.py +81 -0
  95. devguard-0.2.0/tests/test_project_flaudit.py +277 -0
  96. devguard-0.2.0/tests/test_property_models.py +233 -0
  97. devguard-0.2.0/tests/test_reporting.py +167 -0
  98. devguard-0.2.0/tests/test_secret_checker.py +168 -0
  99. devguard-0.2.0/tests/test_ssh_key_audit.py +418 -0
  100. devguard-0.2.0/tools/sweep_public_repos.py +220 -0
  101. devguard-0.2.0/uv.lock +1626 -0
  102. devguard-0.2.0/validate_email_system.py +273 -0
devguard-0.2.0/.cursor/rules/snyk_rules.mdc ADDED
@@ -0,0 +1,14 @@
1
+ ---
2
+ alwaysApply: true
3
+ always_on: true
4
+ trigger: always_on
5
+ applyTo: "**"
6
+ description: Snyk Security At Inception
7
+ ---
8
+
9
+ # Project security best practices
10
+
11
+ - Always run snyk_code_scan tool for new first party code that is generated in a Snyk-supported language.
12
+ - If any security issues are found based on newly introduced or modified code or dependencies, attempt to fix the issues using the results context from Snyk.
13
+ - Rescan the code after fixing the issues to ensure that the issues were fixed and that there are no newly introduced issues.
14
+ - Repeat this process until no new issues are found.
devguard-0.2.0/.dockerignore ADDED
@@ -0,0 +1,23 @@
1
+ .git
2
+ .github
3
+ .cursor
4
+ .claude
5
+ .venv
6
+ __pycache__
7
+ *.pyc
8
+ .pytest_cache
9
+ .mypy_cache
10
+ .ruff_cache
11
+ .hypothesis
12
+ .DS_Store
13
+ dist
14
+ build
15
+ htmlcov
16
+ archive
17
+ .state
18
+ *.log
19
+ *.db
20
+ *.sqlite
21
+ *.sqlite3
22
+ node_modules
23
+ examples
devguard-0.2.0/.github/workflows/devguard-self-scan.yml ADDED
@@ -0,0 +1,26 @@
1
+ name: devguard-self-scan
2
+
3
+ on:
4
+ pull_request:
5
+ push:
6
+ workflow_dispatch:
7
+ schedule:
8
+ - cron: "0 6 * * *" # daily 06:00 UTC
9
+
10
+ permissions:
11
+ contents: read
12
+
13
+ jobs:
14
+ trufflehog:
15
+ runs-on: ubuntu-latest
16
+ steps:
17
+ - uses: actions/checkout@v4
18
+ with:
19
+ fetch-depth: 0
20
+ - name: TruffleHog (verified + unknown)
21
+ uses: trufflesecurity/trufflehog@main
22
+ with:
23
+ path: ./
24
+ extra_args: >-
25
+ --results=verified,unknown
26
+ --no-update
devguard-0.2.0/.github/workflows/publish.yml ADDED
@@ -0,0 +1,24 @@
1
+ name: Publish to PyPI
2
+
3
+ on:
4
+ push:
5
+ tags:
6
+ - "v*"
7
+
8
+ permissions:
9
+ id-token: write
10
+
11
+ jobs:
12
+ publish:
13
+ runs-on: ubuntu-latest
14
+ environment: pypi
15
+ steps:
16
+ - uses: actions/checkout@v4
17
+
18
+ - uses: astral-sh/setup-uv@v4
19
+
20
+ - name: Build
21
+ run: uv build
22
+
23
+ - name: Publish to PyPI
24
+ uses: pypa/gh-action-pypi-publish@release/v1
devguard-0.2.0/.gitignore ADDED
@@ -0,0 +1,74 @@
1
+ # Python
2
+ __pycache__/
3
+ *.py[cod]
4
+ *$py.class
5
+ *.so
6
+ .Python
7
+ build/
8
+ develop-eggs/
9
+ dist/
10
+ downloads/
11
+ eggs/
12
+ .eggs/
13
+ lib/
14
+ lib64/
15
+ parts/
16
+ sdist/
17
+ var/
18
+ wheels/
19
+ *.egg-info/
20
+ .installed.cfg
21
+ *.egg
22
+
23
+ # Virtual environments
24
+ .venv/
25
+ venv/
26
+ ENV/
27
+ env/
28
+
29
+ # Testing
30
+ .pytest_cache/
31
+ .coverage
32
+ htmlcov/
33
+ .tox/
34
+ .hypothesis/
35
+
36
+ # IDEs
37
+ .vscode/
38
+ .idea/
39
+ *.swp
40
+ *.swo
41
+ *~
42
+
43
+ # Environment
44
+ .env
45
+ .env.local
46
+
47
+ # OS
48
+ .DS_Store
49
+ Thumbs.db
50
+
51
+
52
+ # Local env backups
53
+ .env.*
54
+
55
+ # Local-only lists
56
+ private_repos.txt
57
+
58
+
59
+ # Devguard local artifacts / reports (do not commit)
60
+ .devguard-email-history.json
61
+ .devguard-email-thread
62
+ repo_review_results.json
63
+ npm_security_report.json
64
+ npm_security_report.md
65
+
66
+ # Devguard dogfooding outputs (spec-driven sweeps)
67
+ .state/
68
+
69
+ # Local operational archives (personal infra docs)
70
+ archive/
71
+
72
+ # Personal spec files (copy devguard.spec.example.yaml to get started)
73
+ devguard.spec.yaml
74
+ devguard.spec.fast.yaml