devsecops-radar 0.2.5__tar.gz → 0.2.6__tar.gz

{devsecops_radar-0.2.5/devsecops_radar.egg-info → devsecops_radar-0.2.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.2.5
+Version: 0.2.6
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT
@@ -21,6 +21,7 @@ Requires-Dist: loguru>=0.7
 Requires-Dist: reportlab>=4.0
 Requires-Dist: litellm>=1.50
 Requires-Dist: sqlalchemy>=2.0
+Requires-Dist: pydantic>=2.0
 Dynamic: license-file
 
 <!-- markdownlint-disable MD033 MD041 -->

{devsecops_radar-0.2.5 → devsecops_radar-0.2.6}/devsecops_radar/cli/scanner.py

@@ -4,11 +4,13 @@ import os
 import sys
 from importlib.metadata import entry_points
 from loguru import logger
+from devsecops_radar.scanners.adapter import ScannerAdapter
 from devsecops_radar.core.analyzer import get_analyzer
 from devsecops_radar.core.database import save_scan
 from devsecops_radar.core.rule_fusion import RuleFusion
 from devsecops_radar.core.remediation import auto_fix, generate_pr
 from devsecops_radar.core.reporting import generate_pdf_report
+from devsecops_radar.core.valuation import compute_dynamic_risk_score
 
 def discover_plugins():
     plugins = {}
@@ -47,13 +49,15 @@ def run_scans(args, plugins):
         if target:
             scanner = plugins.get(name)
             if scanner:
+                adapter = ScannerAdapter(scanner)
                 try:
                     if os.path.isfile(target):
                         logger.info(f"Parsing {name} JSON file: {target}")
-                        all_findings.extend(scanner.parse(target))
+                        validated = adapter.parse(target)
                     else:
                         logger.info(f"Running {name} on: {target}")
-                        all_findings.extend(scanner.run(target))
+                        validated = adapter.run(target)
+                    all_findings.extend([v.dict() for v in validated])
                 except Exception as e:
                     logger.error(f"{name} failed: {e}")
     return all_findings
@@ -121,6 +125,11 @@ def main():
 
     ai_summary = run_analysis(args, findings, topology)
 
+    # Compute dynamic risk scores
+    if findings and topology:
+        for f in findings:
+            f['dynamic_risk_score'] = compute_dynamic_risk_score(f, topology)
+
     if args.fix and ai_summary:
         fixed = auto_fix(findings, ai_summary)
         if fixed:

{devsecops_radar-0.2.5 → devsecops_radar-0.2.6}/devsecops_radar/core/analyzer.py

@@ -2,28 +2,50 @@ import json
 import os
 import re
 import requests
+from requests.adapters import HTTPAdapter
+from urllib3.util.retry import Retry
 from typing import List, Dict, Any, Optional
 
+# --- Retry logic for LLM calls ---
+def _session_with_retries(total=3, backoff_factor=0.5, status_forcelist=[429, 500, 502, 503, 504]):
+    session = requests.Session()
+    retries = Retry(
+        total=total,
+        backoff_factor=backoff_factor,
+        status_forcelist=status_forcelist,
+        allowed_methods=["POST"]
+    )
+    adapter = HTTPAdapter(max_retries=retries)
+    session.mount('http://', adapter)
+    session.mount('https://', adapter)
+    return session
+
+# Default maximum findings sent to LLM (configurable via env)
+MAX_ANALYZER_FINDINGS = int(os.environ.get("ANALYZER_MAX_FINDINGS", "100"))
+
 FEW_SHOT_EXAMPLE = {
-    "executive_summary": "The pipeline shows a critical vulnerability in the web server...",
-    "risk_score": 85,
+    "executive_summary": "A leaked CI/CD credential combined with an unpatched container image creates a critical supply chain attack path. Immediate action is required.",
+    "risk_score": 92,
     "attack_paths": [
         {
-            "name": "Example Attack Path",
-            "description": "...",
-            "involved_findings": ["CVE-2026-1234"],
-            "mitre_tactics": ["TA0001"],
-            "mitre_techniques": ["T1190"]
+            "name": "Supply Chain Compromise via Credential Leak",
+            "description": "An exposed GitHub Actions secret (ID: SECRET-001) allows an attacker to push malicious images to the container registry. Combined with a known RCE vulnerability in the web server (CVE-2026-1234), this chain grants full control over the production environment.",
+            "involved_findings": ["SECRET-001", "CVE-2026-1234"],
+            "mitre_tactics": ["TA0001", "TA0042"],
+            "mitre_techniques": ["T1078", "T1578"],
+            "potential_impact": "Full compromise of production services",
+            "difficulty": "medium"
         }
     ],
     "top_remediations": [
         {
             "priority": 1,
-            "finding_id": "CVE-2026-1234",
-            "action": "Upgrade package X to version Y",
-            "fix_diff": "--- a/requirements.txt\n+++ b/requirements.txt\n-package==1.0\n+package==1.1"
+            "finding_id": "SECRET-001",
+            "action": "Rotate the exposed secret and remove it from the workflow log. Use GitHub's masked variables.",
+            "fix_diff": "--- a/.github/workflows/deploy.yml\n+++ b/.github/workflows/deploy.yml\n- run: echo ${{ secrets.DEPLOY_KEY }}\n+ run: echo '**redacted**'"
         }
-    ]
+    ],
+    "false_positives_likely": []
 }
 
 class BaseAnalyzer:
@@ -42,7 +64,7 @@ def extract_json(text: str) -> Dict[str, Any]:
                 pass
     return {"executive_summary": text, "attack_paths": [], "top_remediations": []}
 
-def select_findings_for_llm(findings: List[Dict], max_items: int = 100) -> List[Dict]:
+def select_findings_for_llm(findings: List[Dict], max_items: int = MAX_ANALYZER_FINDINGS) -> List[Dict]:
     if len(findings) <= max_items:
         return findings
     critical_high = [f for f in findings if f.get('severity') in ('CRITICAL', 'HIGH')]
@@ -57,6 +79,7 @@ class OllamaAnalyzer(BaseAnalyzer):
     def __init__(self, model: str = None, endpoint: str = None):
         self.model = model or os.environ.get("PIPELINE_LLM_MODEL", "llama3.2:latest")
         self.endpoint = endpoint or os.environ.get("OPENAI_API_BASE", "http://localhost:11434/api/generate")
+        self.session = _session_with_retries()
 
     def analyze(self, findings: List[Dict[str, Any]], topology: Dict[str, Any] = None) -> Dict[str, Any]:
         if not findings:
@@ -71,7 +94,7 @@ class OllamaAnalyzer(BaseAnalyzer):
 Example output structure:
 {json.dumps(FEW_SHOT_EXAMPLE, indent=2)}
 
-IMPORTANT: Each remediation must reference the exact 'id' of the finding.
+IMPORTANT: Each remediation must reference the exact 'id' of the finding. Identify multi-step attack chains.
 
 Findings:
 {json.dumps(selected, indent=2)}
@@ -80,7 +103,7 @@ Findings:
 Respond ONLY with valid JSON in the same format as the example."""
 
         try:
-            resp = requests.post(
+            resp = self.session.post(
                 self.endpoint,
                 json={"model": self.model, "prompt": prompt, "stream": False, "format": "json"},
                 timeout=180

devsecops_radar-0.2.6/devsecops_radar/core/attack_simulation.py

@@ -0,0 +1,22 @@
+import subprocess
+import tempfile
+import os
+
+def simulate_attack(finding: dict) -> str:
+    script = f"#!/bin/bash\n# PoC for {finding.get('id')}\necho 'Simulating {finding.get('title')}'"
+    tmpdir = tempfile.mkdtemp()
+    script_path = os.path.join(tmpdir, "poc.sh")
+    with open(script_path, 'w') as f:
+        f.write(script)
+    os.chmod(script_path, 0o700)
+    return script_path
+
+def run_sandboxed_poc(script_path: str) -> str:
+    try:
+        result = subprocess.run(
+            ['docker', 'run', '--rm', '-v', f'{script_path}:/poc.sh:ro', 'alpine', 'sh', '/poc.sh'],
+            capture_output=True, text=True, timeout=30
+        )
+        return result.stdout
+    except Exception as e:
+        return f"Sandbox execution failed: {e}"

devsecops_radar-0.2.6/devsecops_radar/core/database.py

@@ -0,0 +1,104 @@
+from contextlib import contextmanager
+from devsecops_radar.core.models import (
+    init_db, SessionLocal, Scan, Finding
+)
+from typing import List, Dict, Any, Optional
+
+@contextmanager
+def get_session():
+    session = SessionLocal()
+    try:
+        yield session
+        session.commit()
+    except:
+        session.rollback()
+        raise
+    finally:
+        session.close()
+
+def save_scan(findings: List[Dict[str, Any]]):
+    from devsecops_radar.core.models import save_scan_to_db
+    save_scan_to_db(findings)
+
+def get_all_scans() -> List[Dict[str, Any]]:
+    init_db()
+    with get_session() as session:
+        scans = []
+        for scan in session.query(Scan).order_by(Scan.timestamp.asc()).all():
+            findings = session.query(Finding).filter(Finding.scan_id == scan.id).all()
+            counts = {"CRITICAL": 0, "HIGH": 0, "MEDIUM": 0, "LOW": 0}
+            for f in findings:
+                sev = f.severity.upper() if f.severity else "UNKNOWN"
+                counts[sev] = counts.get(sev, 0) + 1
+            scans.append({
+                "id": scan.id,
+                "timestamp": scan.timestamp.isoformat(),
+                "total": len(findings),
+                "critical": counts["CRITICAL"],
+                "high": counts["HIGH"],
+                "medium": counts["MEDIUM"],
+                "low": counts["LOW"],
+            })
+    return scans
+
+def get_scan_by_id(scan_id: int) -> Optional[Dict[str, Any]]:
+    with get_session() as session:
+        scan = session.query(Scan).filter(Scan.id == scan_id).first()
+        if not scan:
+            return None
+        findings = session.query(Finding).filter(Finding.scan_id == scan_id).all()
+        findings_list = []
+        for f in findings:
+            findings_list.append({
+                "tool": f.tool,
+                "id": f.id,
+                "severity": f.severity,
+                "target": f.target,
+                "title": f.title,
+                "description": f.description,
+                "line": f.line
+            })
+        return {
+            "id": scan.id,
+            "timestamp": scan.timestamp.isoformat(),
+            "findings": findings_list,
+            "total": len(findings_list)
+        }
+
+def compare_scans(scan_id_1: int, scan_id_2: int) -> Dict[str, Any]:
+    scan1 = get_scan_by_id(scan_id_1)
+    scan2 = get_scan_by_id(scan_id_2)
+    if not scan1 or not scan2:
+        return {"error": "One or both scans not found"}
+    ids1 = {f.get("id") for f in scan1["findings"]}
+    ids2 = {f.get("id") for f in scan2["findings"]}
+    added = [f for f in scan2["findings"] if f.get("id") not in ids1]
+    removed = [f for f in scan1["findings"] if f.get("id") not in ids2]
+    return {
+        "scan1": {"id": scan1["id"], "timestamp": scan1["timestamp"], "total": scan1["total"]},
+        "scan2": {"id": scan2["id"], "timestamp": scan2["timestamp"], "total": scan2["total"]},
+        "added": len(added),
+        "removed": len(removed),
+        "unchanged": len(scan1["findings"]) - len(removed),
+        "added_findings": added,
+        "removed_findings": removed,
+    }
+
+def get_findings_paginated(page: int = 1, per_page: int = 50) -> Dict[str, Any]:
+    with get_session() as session:
+        total = session.query(Finding).count()
+        findings = session.query(Finding).order_by(Finding.id.desc()).offset(
+            (page - 1) * per_page
+        ).limit(per_page).all()
+        items = []
+        for f in findings:
+            items.append({
+                "tool": f.tool,
+                "id": f.id,
+                "severity": f.severity,
+                "target": f.target,
+                "title": f.title,
+                "description": f.description,
+                "line": f.line
+            })
+        return {"items": items, "total": total, "page": page, "per_page": per_page}

{devsecops_radar-0.2.5 → devsecops_radar-0.2.6}/devsecops_radar/core/models.py

@@ -1,10 +1,30 @@
 from sqlalchemy import create_engine, Column, Integer, String, DateTime, JSON, ForeignKey
 from sqlalchemy.orm import declarative_base, sessionmaker, relationship
+from pydantic import BaseModel, Field, validator
+from typing import List, Optional
 import datetime
 import os
 
 Base = declarative_base()
 
+class FindingSchema(BaseModel):
+    tool: str
+    id: str
+    severity: str
+    target: str
+    title: str
+    description: Optional[str] = ""
+    line: Optional[int] = None
+
+    @validator('severity')
+    def severity_upper(cls, v):
+        return v.upper()
+
+class ScanMetadata(BaseModel):
+    findings: List[FindingSchema]
+    scan_id: Optional[int] = None
+    timestamp: Optional[str] = None
+
 class Scan(Base):
     __tablename__ = 'scans'
     id = Column(Integer, primary_key=True)
@@ -32,20 +52,27 @@ def init_db():
     Base.metadata.create_all(engine)
 
 def save_scan_to_db(findings: list):
+    # Validate with Pydantic before storing
+    validated = [FindingSchema(**f) for f in findings]
     init_db()
     session = SessionLocal()
-    scan = Scan()
-    session.add(scan)
-    for f in findings:
-        finding = Finding(
-            scan_id=scan.id,
-            tool=f.get('tool'),
-            severity=f.get('severity'),
-            target=f.get('target'),
-            title=f.get('title'),
-            description=f.get('description'),
-            line=f.get('line')
-        )
-        session.add(finding)
-    session.commit()
-    session.close()
+    try:
+        scan = Scan()
+        session.add(scan)
+        for f in validated:
+            finding = Finding(
+                scan_id=scan.id,
+                tool=f.tool,
+                severity=f.severity,
+                target=f.target,
+                title=f.title,
+                description=f.description,
+                line=f.line
+            )
+            session.add(finding)
+        session.commit()
+    except Exception:
+        session.rollback()
+        raise
+    finally:
+        session.close()

devsecops_radar-0.2.6/devsecops_radar/core/rag.py

@@ -0,0 +1,21 @@
+from devsecops_radar.core.models import SessionLocal, Finding
+from typing import List, Dict, Any
+
+def rag_search(query: str, limit: int = 5) -> List[Dict[str, Any]]:
+    session = SessionLocal()
+    results = session.query(Finding).filter(
+        Finding.title.ilike(f'%{query}%') | Finding.description.ilike(f'%{query}%')
+    ).order_by(Finding.id.desc()).limit(limit).all()
+    findings = []
+    for f in results:
+        findings.append({
+            "tool": f.tool,
+            "id": f.id,
+            "severity": f.severity,
+            "target": f.target,
+            "title": f.title,
+            "description": f.description,
+            "line": f.line
+        })
+    session.close()
+    return findings

devsecops_radar-0.2.6/devsecops_radar/core/reporting.py

@@ -0,0 +1,71 @@
+import re
+import datetime
+from reportlab.platypus import SimpleDocTemplate, Table, TableStyle, Paragraph
+from reportlab.lib.pagesizes import A4
+from reportlab.lib.styles import getSampleStyleSheet
+from reportlab.lib import colors
+from typing import List, Dict, Any
+
+def redact_sensitive(text: str, patterns: List[str] = None) -> str:
+    if patterns is None:
+        patterns = [
+            r'(?i)(password|secret|token|key)\s*[:=]\s*\S+',
+            r'ghp_[a-zA-Z0-9]{36}',
+            r'eyJ[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+'
+        ]
+    for pat in patterns:
+        text = re.sub(pat, '***REDACTED***', text)
+    return text
+
+def generate_pdf_report(findings: List[Dict[str, Any]], ai_summary: Dict[str, Any], output_file: str = "report.pdf", redact: bool = True):
+    try:
+        from reportlab.platypus import SimpleDocTemplate, Table, TableStyle, Paragraph
+    except ImportError:
+        print("[ERROR] reportlab not installed.")
+        return
+
+    doc = SimpleDocTemplate(output_file, pagesize=A4)
+    elements = []
+    styles = getSampleStyleSheet()
+    title = "Pipeline Sentinel Security Report"
+    if redact:
+        title += " (Sensitive Data Redacted)"
+    elements.append(Paragraph(title, styles['Title']))
+    elements.append(Paragraph(f"Generated: {datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')}", styles['Normal']))
+
+    if ai_summary.get("executive_summary"):
+        summary = ai_summary['executive_summary']
+        if redact:
+            summary = redact_sensitive(summary)
+        elements.append(Paragraph("Executive Summary", styles['Heading2']))
+        elements.append(Paragraph(summary, styles['Normal']))
+        if ai_summary.get("risk_score"):
+            elements.append(Paragraph(f"Risk Score: {ai_summary['risk_score']}/100", styles['Normal']))
+
+    if findings:
+        elements.append(Paragraph("Findings", styles['Heading2']))
+        table_data = [["Tool", "ID", "Severity", "Target", "Title"]]
+        for f in findings[:50]:
+            title = f.get('title', '')
+            if redact:
+                title = redact_sensitive(title)
+            table_data.append([
+                f.get('tool',''),
+                f.get('id',''),
+                f.get('severity',''),
+                redact_sensitive(f.get('target','')) if redact else f.get('target',''),
+                title[:80]
+            ])
+        t = Table(table_data)
+        t.setStyle(TableStyle([
+            ('BACKGROUND', (0,0), (-1,0), colors.grey),
+            ('TEXTCOLOR',(0,0),(-1,0), colors.whitesmoke),
+            ('ALIGN',(0,0),(-1,-1),'CENTER'),
+            ('FONTNAME', (0,0), (-1,0), 'Helvetica-Bold'),
+            ('BOTTOMPADDING', (0,0), (-1,0), 12),
+            ('GRID', (0,0), (-1,-1), 1, colors.black)
+        ]))
+        elements.append(t)
+
+    doc.build(elements)
+    print(f"[REPORT] PDF saved to {output_file}")

devsecops_radar-0.2.6/devsecops_radar/core/sbom.py

@@ -0,0 +1,37 @@
+import subprocess
+import json
+import os
+from typing import List, Dict, Any, Optional
+
+def generate_sbom(target_dir: str, output_file: str = "sbom.json") -> Optional[Dict]:
+    try:
+        subprocess.run(['syft', 'scan', target_dir, '-o', 'cyclonedx-json', '--output', output_file], check=True)
+        with open(output_file) as f:
+            return json.load(f)
+    except Exception as e:
+        print(f"SBOM generation failed: {e}")
+        return None
+
+def detect_dependency_confusion(manifest_path: str, internal_prefixes: List[str] = None) -> List[Dict]:
+    findings = []
+    if not internal_prefixes:
+        internal_prefixes = ['mycompany-', 'internal-']
+    try:
+        with open(manifest_path) as f:
+            content = f.read()
+        import re
+        if manifest_path.endswith('package.json'):
+            pkg_pattern = re.findall(r'"([^"]+)":\s*"([^"]*)"', content)
+            for name, ver in pkg_pattern:
+                if any(name.startswith(p) for p in internal_prefixes):
+                    findings.append({"package": name, "version": ver, "risk": "Potential dependency confusion"})
+        elif manifest_path.endswith('requirements.txt'):
+            for line in content.splitlines():
+                line = line.strip()
+                if line and not line.startswith('#'):
+                    pkg = line.split('==')[0].strip()
+                    if any(pkg.startswith(p) for p in internal_prefixes):
+                        findings.append({"package": pkg, "version": line, "risk": "Potential dependency confusion"})
+    except Exception:
+        pass
+    return findings

devsecops_radar-0.2.6/devsecops_radar/core/valuation.py

@@ -0,0 +1,20 @@
+from typing import Dict, Any, Optional
+
+def compute_dynamic_risk_score(finding: Dict[str, Any], topology: Optional[Dict[str, Any]] = None) -> float:
+    severity_weights = {'CRITICAL': 10.0, 'HIGH': 7.0, 'MEDIUM': 4.0, 'LOW': 1.0}
+    base = severity_weights.get(finding.get('severity', 'LOW'), 1.0)
+    exposure_mult = 1.0
+    if topology:
+        target = finding.get('target', '')
+        for server in topology.get('servers', []):
+            if server.get('name') in target:
+                if server.get('exposed', False):
+                    exposure_mult = 2.5
+                if server.get('data_classification') == 'sensitive':
+                    exposure_mult *= 1.5
+                break
+    likelihood_mult = 1.0
+    if finding.get('exploit_available', False):
+        likelihood_mult *= 2.0
+    score = base * exposure_mult * likelihood_mult
+    return round(min(10.0, score), 1)

devsecops_radar-0.2.6/devsecops_radar/scanners/adapter.py

@@ -0,0 +1,15 @@
+from typing import List
+from devsecops_radar.plugins import ScannerPlugin
+from devsecops_radar.core.models import FindingSchema
+
+class ScannerAdapter:
+    def __init__(self, scanner: ScannerPlugin):
+        self.scanner = scanner
+
+    def parse(self, file_path: str) -> List[FindingSchema]:
+        raw = self.scanner.parse(file_path)
+        return [FindingSchema(**f) for f in raw]
+
+    def run(self, target: str) -> List[FindingSchema]:
+        raw = self.scanner.run(target)
+        return [FindingSchema(**f) for f in raw]

{devsecops_radar-0.2.5 → devsecops_radar-0.2.6}/devsecops_radar/web/dashboard/routes.py

@@ -1,7 +1,8 @@
-from flask import Blueprint, jsonify, render_template_string
+from flask import Blueprint, jsonify, render_template_string, request
 import json
 import os
-from devsecops_radar.core.database import get_all_scans
+from devsecops_radar.core.database import get_all_scans, get_findings_paginated
+from devsecops_radar.core.rag import rag_search
 
 dashboard_bp = Blueprint('dashboard', __name__)
 
@@ -408,7 +409,7 @@ DASHBOARD_HTML = r"""
     </script>
 </body>
 </html>
-"""
+"""  
 
 def load_findings():
     if not os.path.exists(FINDINGS_FILE):
@@ -427,8 +428,17 @@ def index():
 
 @dashboard_bp.route('/api/findings')
 def api_findings():
-    return jsonify(load_findings())
+    page = request.args.get('page', 1, type=int)
+    per_page = request.args.get('per_page', 50, type=int)
+    return jsonify(get_findings_paginated(page, per_page))
 
 @dashboard_bp.route('/api/history')
 def api_history():
-    return jsonify(get_all_scans())
+    return jsonify(get_all_scans())
+
+@dashboard_bp.route('/api/rag')
+def api_rag():
+    q = request.args.get('q', '')
+    if not q:
+        return jsonify([])
+    return jsonify(rag_search(q))

{devsecops_radar-0.2.5 → devsecops_radar-0.2.6/devsecops_radar.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.2.5
+Version: 0.2.6
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT
@@ -21,6 +21,7 @@ Requires-Dist: loguru>=0.7
 Requires-Dist: reportlab>=4.0
 Requires-Dist: litellm>=1.50
 Requires-Dist: sqlalchemy>=2.0
+Requires-Dist: pydantic>=2.0
 Dynamic: license-file
 
 <!-- markdownlint-disable MD033 MD041 -->

{devsecops_radar-0.2.5 → devsecops_radar-0.2.6}/devsecops_radar.egg-info/SOURCES.txt

@@ -13,15 +13,18 @@ devsecops_radar/cli/__init__.py
 devsecops_radar/cli/scanner.py
 devsecops_radar/core/__init__.py
 devsecops_radar/core/analyzer.py
+devsecops_radar/core/attack_simulation.py
 devsecops_radar/core/database.py
 devsecops_radar/core/models.py
 devsecops_radar/core/parser.py
+devsecops_radar/core/rag.py
 devsecops_radar/core/remediation.py
 devsecops_radar/core/reporting.py
 devsecops_radar/core/rule_fusion.py
 devsecops_radar/core/sbom.py
 devsecops_radar/core/valuation.py
 devsecops_radar/plugins/__init__.py
+devsecops_radar/scanners/adapter.py
 devsecops_radar/scanners/base.py
 devsecops_radar/scanners/poutine.py
 devsecops_radar/scanners/semgrep.py

{devsecops_radar-0.2.5 → devsecops_radar-0.2.6}/devsecops_radar.egg-info/requires.txt

@@ -6,3 +6,4 @@ loguru>=0.7
 reportlab>=4.0
 litellm>=1.50
 sqlalchemy>=2.0
+pydantic>=2.0

{devsecops_radar-0.2.5 → devsecops_radar-0.2.6}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "devsecops-radar"
-version = "0.2.5"
+version = "0.2.6"
 description = "Unified CI/CD Security Dashboard — Pipeline Sentinel"
 readme = "README.md"
 license = "MIT"
@@ -27,6 +27,7 @@ dependencies = [
     "reportlab>=4.0",
     "litellm>=1.50",
     "sqlalchemy>=2.0",
+    "pydantic>=2.0",
 ]
 
 [project.urls]

devsecops_radar-0.2.5/devsecops_radar/core/database.py

@@ -1,92 +0,0 @@
-from devsecops_radar.core.models import (
-    init_db, SessionLocal, Scan, Finding
-)
-from typing import List, Dict, Any, Optional
-
-def save_scan(findings: List[Dict[str, Any]]):
-    from devsecops_radar.core.models import save_scan_to_db
-    save_scan_to_db(findings)
-
-def get_all_scans() -> List[Dict[str, Any]]:
-    init_db()
-    session = SessionLocal()
-    scans = []
-    for scan in session.query(Scan).order_by(Scan.timestamp.asc()).all():
-        findings = session.query(Finding).filter(Finding.scan_id == scan.id).all()
-        counts = {"CRITICAL": 0, "HIGH": 0, "MEDIUM": 0, "LOW": 0}
-        for f in findings:
-            sev = f.severity.upper() if f.severity else "UNKNOWN"
-            counts[sev] = counts.get(sev, 0) + 1
-        scans.append({
-            "id": scan.id,
-            "timestamp": scan.timestamp.isoformat(),
-            "total": len(findings),
-            "critical": counts["CRITICAL"],
-            "high": counts["HIGH"],
-            "medium": counts["MEDIUM"],
-            "low": counts["LOW"],
-        })
-    session.close()
-    return scans
-
-def get_scan_by_id(scan_id: int) -> Optional[Dict[str, Any]]:
-    session = SessionLocal()
-    scan = session.query(Scan).filter(Scan.id == scan_id).first()
-    if not scan:
-        session.close()
-        return None
-    findings = session.query(Finding).filter(Finding.scan_id == scan_id).all()
-    findings_list = []
-    for f in findings:
-        findings_list.append({
-            "tool": f.tool,
-            "id": f.id,
-            "severity": f.severity,
-            "target": f.target,
-            "title": f.title,
-            "description": f.description,
-            "line": f.line
-        })
-    session.close()
-    return {
-        "id": scan.id,
-        "timestamp": scan.timestamp.isoformat(),
-        "findings": findings_list,
-        "total": len(findings_list)
-    }
-
-def compare_scans(scan_id_1: int, scan_id_2: int) -> Dict[str, Any]:
-    scan1 = get_scan_by_id(scan_id_1)
-    scan2 = get_scan_by_id(scan_id_2)
-    if not scan1 or not scan2:
-        return {"error": "One or both scans not found"}
-    ids1 = {f.get("id") for f in scan1["findings"]}
-    ids2 = {f.get("id") for f in scan2["findings"]}
-    added = [f for f in scan2["findings"] if f.get("id") not in ids1]
-    removed = [f for f in scan1["findings"] if f.get("id") not in ids2]
-    return {
-        "scan1": {"id": scan1["id"], "timestamp": scan1["timestamp"], "total": scan1["total"]},
-        "scan2": {"id": scan2["id"], "timestamp": scan2["timestamp"], "total": scan2["total"]},
-        "added": len(added),
-        "removed": len(removed),
-        "unchanged": len(scan1["findings"]) - len(removed),
-        "added_findings": added,
-        "removed_findings": removed,
-    }
-
-def get_findings_by_severity(severity: str, limit: int = 100) -> List[Dict[str, Any]]:
-    session = SessionLocal()
-    findings = session.query(Finding).filter(Finding.severity == severity.upper()).limit(limit).all()
-    result = []
-    for f in findings:
-        result.append({
-            "tool": f.tool,
-            "id": f.id,
-            "severity": f.severity,
-            "target": f.target,
-            "title": f.title,
-            "description": f.description,
-            "line": f.line
-        })
-    session.close()
-    return result

devsecops_radar-0.2.5/devsecops_radar/core/reporting.py

@@ -1,55 +0,0 @@
-import json
-import os
-from datetime import datetime
-from typing import List, Dict, Any
-
-def generate_pdf_report(findings: List[Dict[str, Any]], ai_summary: Dict[str, Any], output_file: str = "report.pdf"):
-    try:
-        from reportlab.lib.pagesizes import A4
-        from reportlab.platypus import SimpleDocTemplate, Table, TableStyle, Paragraph
-        from reportlab.lib.styles import getSampleStyleSheet
-        from reportlab.lib import colors
-    except ImportError:
-        print("[ERROR] reportlab not installed. Install with 'pip install reportlab'")
-        return
-
-    doc = SimpleDocTemplate(output_file, pagesize=A4)
-    elements = []
-    styles = getSampleStyleSheet()
-
-    # Title
-    elements.append(Paragraph("Pipeline Sentinel Security Report", styles['Title']))
-    elements.append(Paragraph(f"Generated: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}", styles['Normal']))
-
-    # Executive Summary
-    if ai_summary.get("executive_summary"):
-        elements.append(Paragraph("Executive Summary", styles['Heading2']))
-        elements.append(Paragraph(ai_summary['executive_summary'], styles['Normal']))
-        if ai_summary.get("risk_score"):
-            elements.append(Paragraph(f"Risk Score: {ai_summary['risk_score']}/100", styles['Normal']))
-
-    # Findings Table
-    if findings:
-        elements.append(Paragraph("Findings", styles['Heading2']))
-        table_data = [["Tool", "ID", "Severity", "Target", "Title"]]
-        for f in findings[:50]:  # limit rows
-            table_data.append([
-                f.get('tool',''),
-                f.get('id',''),
-                f.get('severity',''),
-                f.get('target',''),
-                f.get('title','')[:80]
-            ])
-        t = Table(table_data)
-        t.setStyle(TableStyle([
-            ('BACKGROUND', (0,0), (-1,0), colors.grey),
-            ('TEXTCOLOR',(0,0),(-1,0), colors.whitesmoke),
-            ('ALIGN',(0,0),(-1,-1),'CENTER'),
-            ('FONTNAME', (0,0), (-1,0), 'Helvetica-Bold'),
-            ('BOTTOMPADDING', (0,0), (-1,0), 12),
-            ('GRID', (0,0), (-1,-1), 1, colors.black)
-        ]))
-        elements.append(t)
-
-    doc.build(elements)
-    print(f"[REPORT] PDF saved to {output_file}")

devsecops_radar-0.2.5/devsecops_radar/core/sbom.py

@@ -1,27 +0,0 @@
-import subprocess
-import json
-import os
-
-def generate_sbom(target_dir: str, output_file: str = "sbom.json"):
-    try:
-        subprocess.run(['syft', 'scan', target_dir, '-o', 'cyclonedx-json', '--output', output_file], check=True)
-        with open(output_file) as f:
-            sbom = json.load(f)
-        return sbom
-    except Exception as e:
-        print(f"SBOM generation failed: {e}")
-        return None
-
-def sbom_health(sbom: dict) -> dict:
-    components = sbom.get('components', [])
-    total = len(components)
-    outdated = 0
-    for comp in components:
-        if comp.get('version', '').endswith('-SNAPSHOT'):
-            outdated += 1
-    return {
-        "total_components": total,
-        "outdated": outdated,
-        "healthy": total - outdated,
-        "health_percent": round((total - outdated) / total * 100, 1) if total else 0
-    }

devsecops_radar-0.2.5/devsecops_radar/core/valuation.py

@@ -1,10 +0,0 @@
-def compute_fix_value(finding: dict, topology: dict = None) -> float:
-    weights = {'CRITICAL': 100, 'HIGH': 70, 'MEDIUM': 40, 'LOW': 10}
-    score = weights.get(finding.get('severity', 'LOW'), 10)
-    if topology:
-        target = finding.get('target', '')
-        for server in topology.get('servers', []):
-            if target in server.get('name', ''):
-                score *= (1 + server.get('importance', 0.5))
-                break
-    return round(score, 2)