PyPI - devsecops-radar - Versions diffs - 0.2.9__tar.gz → 0.3.2__tar.gz - Mend

devsecops-radar 0.2.9tar.gz → 0.3.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

{devsecops_radar-0.2.9/devsecops_radar.egg-info → devsecops_radar-0.3.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.2.9
+Version: 0.3.2
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT
@@ -22,6 +22,9 @@ Requires-Dist: reportlab>=4.0
 Requires-Dist: litellm>=1.50
 Requires-Dist: sqlalchemy>=2.0
 Requires-Dist: pydantic>=2.0
+Requires-Dist: pyjwt>=2.8
+Requires-Dist: pytest>=8.0
+Requires-Dist: pytest-flask>=1.3
 Dynamic: license-file
 <!-- markdownlint-disable MD033 MD041 -->

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar/cli/scanner.py RENAMED Viewed

@@ -1,4 +1,5 @@
 import argparse
+import asyncio
 import json
 import os
 import sys
@@ -40,8 +41,20 @@ def parse_args():
     parser.add_argument('--wizard', action='store_true', help='Interactive first-time setup wizard')
     return parser.parse_args()
-def run_scans(args, plugins):
-    all_findings = []
+async def run_scanner_async(name, target, adapter):
+    try:
+        if os.path.isfile(target):
+            logger.info(f"Parsing {name} JSON file: {target}")
+            validated = await asyncio.to_thread(adapter.parse, target)
+        else:
+            logger.info(f"Running {name} on: {target}")
+            validated = await asyncio.to_thread(adapter.run, target)
+        return [v.dict() for v in validated]
+    except Exception as e:
+        logger.error(f"{name} failed: {e}")
+        return []
+async def run_scans(args, plugins):
     scanner_targets = {
         'trivy': args.trivy,
         'semgrep': args.semgrep,
@@ -49,21 +62,20 @@ def run_scans(args, plugins):
         'zizmor': args.zizmor,
         'gitleaks': getattr(args, 'gitleaks', None),
     }
+    tasks = []
     for name, target in scanner_targets.items():
         if target:
-            scanner = plugins.get(name)
-            if scanner:
-                adapter = ScannerAdapter(scanner)
-                try:
-                    if os.path.isfile(target):
-                        logger.info(f"Parsing {name} JSON file: {target}")
-                        validated = adapter.parse(target)
-                    else:
-                        logger.info(f"Running {name} on: {target}")
-                        validated = adapter.run(target)
-                    all_findings.extend([v.dict() for v in validated])
-                except Exception as e:
-                    logger.error(f"{name} failed: {e}")
+            plugin = plugins.get(name)
+            if plugin:
+                adapter = ScannerAdapter(plugin)
+                tasks.append(run_scanner_async(name, target, adapter))
+    results = await asyncio.gather(*tasks, return_exceptions=True)
+    all_findings = []
+    for res in results:
+        if isinstance(res, list):
+            all_findings.extend(res)
+        elif isinstance(res, Exception):
+            logger.error(f"Scan task failed with exception: {res}")
     return all_findings
 def load_custom_rules(args):
@@ -109,27 +121,32 @@ def run_analysis(args, findings, topology=None):
 def wizard():
     """Interactive setup wizard for first-time users."""
     print("🛡️  Welcome to Pipeline Sentinel – Quick Setup Wizard")
-    print("This will guide you through scanning a sample project.\n")
-    # 1. Ollama check
+    print("This will install necessary components.\n")
     import subprocess
+    # 1. Ollama check
     try:
         subprocess.run(['ollama', '--version'], capture_output=True, check=True)
+        print("[✔] Ollama found.")
     except:
         print("[!] Ollama not found. Installing...")
-        subprocess.run(['curl', '-fsSL', 'https://ollama.com/install.sh', '|', 'sh'], shell=True)
-    # 2. Pull model
-    print("📥 Pulling AI model llama3.2 ...")
+        subprocess.run('curl -fsSL https://ollama.com/install.sh | sh', shell=True)
+    # 2. Pull AI model
+    print("📥 Pulling AI model (llama3.2)...")
     subprocess.run(['ollama', 'pull', 'llama3.2:latest'])
-    # 3. Scan current directory with Semgrep and Trivy if available
-    print("🔍 Scanning current directory with Semgrep...")
+    # 3. Suggestions for optional tools
     if subprocess.run(['which', 'semgrep'], capture_output=True).returncode == 0:
-        subprocess.run(['semgrep', '--config=auto', '--json', '--output', 'semgrep.json', '.'], check=False)
-    print("🐳 Scanning with Trivy (if Docker installed)...")
+        print("[✔] Semgrep available.")
+    else:
+        print("[ ] Semgrep not found (optional).")
     if subprocess.run(['which', 'docker'], capture_output=True).returncode == 0:
-        subprocess.run(['trivy', 'image', '--format', 'json', '--output', 'trivy.json', 'alpine:latest'], check=False)
-    # 4. Merge and start dashboard
-    os.system('devsecops-radar --trivy trivy.json --semgrep semgrep.json')
-    os.system('devsecops-radar-web')
+        print("[✔] Docker available.")
+    else:
+        print("[ ] Docker not found (optional).")
+    # 4. Final instructions
+    print("\n✅ Setup complete! You can now run:")
+    print("   devsecops-radar --trivy sample_trivy.json --semgrep sample_semgrep.json")
+    print("   devsecops-radar-web")
+    print("\nThen open http://localhost:8080 in your browser.")
 def main():
     args = parse_args()
@@ -140,8 +157,7 @@ def main():
     logger.add(sys.stderr, format="<green>{time:HH:mm:ss}</green> | <level>{level: <8}</level> | {message}")
     plugins = discover_plugins()
-    findings = []
-    findings.extend(run_scans(args, plugins))
+    findings = asyncio.run(run_scans(args, plugins))
     findings.extend(load_custom_rules(args))
     if not findings:
@@ -163,7 +179,6 @@ def main():
     if args.fix and ai_summary:
         if args.review:
-            # Human-in-the-loop: show diff and ask confirmation
             from devsecops_radar.core.remediation import generate_fix_commands
             cmds = generate_fix_commands(findings, ai_summary)
             print("Proposed fixes:\n", cmds)

devsecops_radar-0.3.2/devsecops_radar/core/auth.py ADDED Viewed

@@ -0,0 +1,28 @@
+import jwt
+import datetime
+from functools import wraps
+from flask import request, jsonify
+from devsecops_radar.core.settings import settings
+def create_token(user: str = "admin") -> str:
+    payload = {
+        "user": user,
+        "exp": datetime.datetime.utcnow() + datetime.timedelta(hours=settings.JWT_EXPIRATION_HOURS),
+        "iat": datetime.datetime.utcnow()
+    }
+    return jwt.encode(payload, settings.JWT_SECRET, algorithm=settings.JWT_ALGORITHM)
+def verify_token(token: str) -> dict:
+    return jwt.decode(token, settings.JWT_SECRET, algorithms=[settings.JWT_ALGORITHM])
+def login_required(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        # Only enforce authentication if the admin has configured an API key.
+        if settings.PIPELINE_API_KEY != "disabled":
+            key = request.headers.get("X-API-Key")
+            if key != settings.PIPELINE_API_KEY:
+                return jsonify({"error": "API key required"}), 401
+        # Without an API key, all requests are permitted (default for local use).
+        return f(*args, **kwargs)
+    return decorated

devsecops_radar-0.3.2/devsecops_radar/core/settings.py ADDED Viewed

@@ -0,0 +1,19 @@
+import os
+import secrets
+class Settings:
+    JWT_SECRET: str = os.environ.get("JWT_SECRET", "")
+    JWT_ALGORITHM: str = "HS256"
+    JWT_EXPIRATION_HOURS: int = 24
+    PIPELINE_API_KEY: str = os.environ.get("PIPELINE_API_KEY", "disabled")
+    DEBUG: bool = os.environ.get("DEBUG", "false").lower() == "true"
+    HOST: str = os.environ.get("HOST", "127.0.0.1")
+    PORT: int = int(os.environ.get("PORT", "8080"))
+    def __init__(self):
+        if not self.JWT_SECRET:
+            self.JWT_SECRET = secrets.token_hex(32)
+            print("WARNING: JWT_SECRET not set. Using temporary secret:", self.JWT_SECRET)
+            print("Set the JWT_SECRET environment variable for production use.")
+settings = Settings()

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar/scanners/gitleaks.py RENAMED Viewed

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 class GitleaksScanner(ScannerPlugin):
@@ -15,17 +16,24 @@ class GitleaksScanner(ScannerPlugin):
         with tempfile.NamedTemporaryFile(suffix='.json', delete=False) as tmp:
             outfile = tmp.name
         try:
-            subprocess.run(['gitleaks', 'detect', '--source', target, '--report-format', 'json', '--report-path', outfile], check=True)
+            subprocess.run(
+                ['gitleaks', 'detect', '--source', target, '--report-format', 'json', '--report-path', outfile],
+                check=True
+            )
             return self.parse(outfile)
         finally:
             if os.path.exists(outfile):
                 os.unlink(outfile)
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Gitleaks output: {e}")
+            return []
         findings = []
-        for item in data:
+        for item in data if isinstance(data, list) else data.get("Findings", []):
             findings.append({
                 "tool": "Gitleaks",
                 "target": item.get("file", ""),

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar/scanners/poutine.py RENAMED Viewed

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 class PoutineScanner(ScannerPlugin):
@@ -25,15 +26,19 @@ class PoutineScanner(ScannerPlugin):
                 os.unlink(outfile)
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Poutine output: {e}")
+            return []
         findings = []
         for result in data.get("findings", []):
             findings.append({
                 "tool": "Poutine",
                 "target": result.get("location", {}).get("file", ""),
                 "id": result.get("rule_id", ""),
-                "severity": result.get("severity", "UNKNOWN").upper(),
+                "severity": (result.get("severity", "UNKNOWN") or "UNKNOWN").upper(),
                 "title": result.get("message", ""),
                 "description": result.get("description", ""),
                 "line": result.get("location", {}).get("line", 0)

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar/scanners/semgrep.py RENAMED Viewed

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 class SemgrepScanner(ScannerPlugin):
@@ -25,15 +26,19 @@ class SemgrepScanner(ScannerPlugin):
                 os.unlink(outfile)
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Semgrep output: {e}")
+            return []
         findings = []
         for result in data.get("results", []):
             findings.append({
                 "tool": "Semgrep",
                 "target": result.get("path", ""),
                 "id": result.get("check_id", ""),
-                "severity": result.get("extra", {}).get("severity", "WARNING").upper(),
+                "severity": (result.get("extra", {}).get("severity", "WARNING") or "WARNING").upper(),
                 "title": result.get("check_id", ""),
                 "description": result.get("extra", {}).get("message", ""),
                 "line": result.get("start", {}).get("line", 0)

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar/scanners/trivy.py RENAMED Viewed

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 class TrivyScanner(ScannerPlugin):
@@ -25,8 +26,12 @@ class TrivyScanner(ScannerPlugin):
                 os.unlink(outfile)
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Trivy output: {e}")
+            return []
         findings = []
         for result in data.get("Results", []):
             target_name = result.get("Target", "Unknown")
@@ -34,8 +39,8 @@ class TrivyScanner(ScannerPlugin):
                 findings.append({
                     "tool": "Trivy",
                     "target": target_name,
-                    "id": vuln.get("VulnerabilityID"),
-                    "severity": vuln.get("Severity", "UNKNOWN").upper(),
+                    "id": vuln.get("VulnerabilityID", ""),
+                    "severity": (vuln.get("Severity", "UNKNOWN") or "UNKNOWN").upper(),
                     "title": vuln.get("Title", ""),
                     "description": vuln.get("Description", ""),
                     "package": vuln.get("PkgName", ""),

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar/scanners/zizmor.py RENAMED Viewed

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 class ZizmorScanner(ScannerPlugin):
@@ -25,15 +26,19 @@ class ZizmorScanner(ScannerPlugin):
                 os.unlink(outfile)
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Zizmor output: {e}")
+            return []
         findings = []
         for result in data.get("findings", []):
             findings.append({
                 "tool": "Zizmor",
                 "target": result.get("path", ""),
                 "id": result.get("rule_id", ""),
-                "severity": result.get("severity", "UNKNOWN").upper(),
+                "severity": (result.get("severity", "UNKNOWN") or "UNKNOWN").upper(),
                 "title": result.get("message", ""),
                 "description": result.get("description", ""),
                 "line": result.get("location", {}).get("line", 0)

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar/web/app.py RENAMED Viewed

@@ -1,9 +1,11 @@
-from flask import Flask
+from flask import Flask, jsonify, request
 from devsecops_radar.web.dashboard.routes import dashboard_bp
 from devsecops_radar.web.attack_paths.routes import attack_paths_bp
 from devsecops_radar.web.topology.routes import topology_bp
 from devsecops_radar.web.summary.routes import summary_bp
 from devsecops_radar.web.sentry.routes import sentry_bp
+from devsecops_radar.core.auth import login_required, create_token
+from devsecops_radar.core.settings import settings
 def create_app():
     app = Flask(__name__)
@@ -12,11 +14,20 @@ def create_app():
     app.register_blueprint(topology_bp)
     app.register_blueprint(summary_bp)
     app.register_blueprint(sentry_bp)
+    @app.route('/api/auth/login', methods=['POST'])
+    def login():
+        data = request.get_json() or {}
+        if data.get("password") == settings.PIPELINE_API_KEY:
+            token = create_token()
+            return jsonify({"token": token})
+        return jsonify({"error": "Invalid credentials"}), 403
     return app
-def start_server(host='0.0.0.0', port=8080):
+def start_server():
     app = create_app()
-    app.run(host=host, port=port, debug=True)
+    app.run(host=settings.HOST, port=settings.PORT, debug=settings.DEBUG)
 if __name__ == '__main__':
     start_server()

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar/web/dashboard/routes.py RENAMED Viewed

@@ -3,6 +3,7 @@ import json
 import os
 from devsecops_radar.core.database import get_all_scans, get_findings_paginated
 from devsecops_radar.core.rag import rag_search
+from devsecops_radar.core.auth import login_required
 dashboard_bp = Blueprint('dashboard', __name__)
@@ -174,10 +175,16 @@ DASHBOARD_HTML = r"""
     <script>
         const API_KEY = "{{ api_key }}";
         function getHeaders() {
+            const headers = {};
             if (API_KEY && API_KEY !== 'disabled') {
-                return { 'X-API-Key': API_KEY };
+                headers['X-API-Key'] = API_KEY;
             }
-            return {};
+            // Optionally add JWT token if stored
+            const token = localStorage.getItem('jwt_token');
+            if (token) {
+                headers['Authorization'] = 'Bearer ' + token;
+            }
+            return headers;
         }
         let allFindings = [];
@@ -226,6 +233,7 @@ DASHBOARD_HTML = r"""
             .then(data => {
                 allFindings = data.items;
                 renderTable(allFindings);
                 const counts = {CRITICAL:0, HIGH:0, MEDIUM:0, LOW:0};
                 allFindings.forEach(f => {
                     const sev = f.severity.toUpperCase();
@@ -242,6 +250,7 @@ DASHBOARD_HTML = r"""
                     },
                     options: { plugins: { legend: { labels: { color: 'white' } } } }
                 });
                 const pipeline = allFindings.filter(f => f.tool === 'Poutine' || f.tool === 'Zizmor');
                 const pCounts = {CRITICAL:0, HIGH:0, MEDIUM:0, LOW:0};
                 pipeline.forEach(f => {
@@ -252,6 +261,7 @@ DASHBOARD_HTML = r"""
                 document.getElementById('pipeline-high').textContent = pCounts.HIGH;
                 document.getElementById('pipeline-medium').textContent = pCounts.MEDIUM;
                 document.getElementById('pipeline-low').textContent = pCounts.LOW;
                 document.getElementById('searchInput').addEventListener('input', applyFilters);
                 document.getElementById('toolFilter').addEventListener('change', applyFilters);
                 document.getElementById('severityFilter').addEventListener('change', applyFilters);
@@ -290,6 +300,7 @@ DASHBOARD_HTML = r"""
                 }
                 if (!data.nodes || data.nodes.length === 0) return;
                 const container = document.getElementById('attack-graph');
+                container.innerHTML = '';
                 const width = container.clientWidth;
                 const height = container.clientHeight;
                 const svg = d3.select('#attack-graph')
@@ -372,6 +383,7 @@ DASHBOARD_HTML = r"""
                 const nodes = topo.servers.map(s => ({ id: s.name, group: s.ip }));
                 const links = topo.connections.map(c => ({ source: c.source, target: c.target, label: c.protocol }));
                 const container = document.getElementById('topology-graph');
+                container.innerHTML = '';
                 const width = container.clientWidth;
                 const height = container.clientHeight;
                 const svg = d3.select('#topology-graph')
@@ -435,16 +447,19 @@ def index():
     )
 @dashboard_bp.route('/api/findings')
+@login_required
 def api_findings():
     page = request.args.get('page', 1, type=int)
     per_page = request.args.get('per_page', 50, type=int)
     return jsonify(get_findings_paginated(page, per_page))
 @dashboard_bp.route('/api/history')
+@login_required
 def api_history():
     return jsonify(get_all_scans())
 @dashboard_bp.route('/api/rag')
+@login_required
 def api_rag():
     q = request.args.get('q', '')
     if not q:

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2/devsecops_radar.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.2.9
+Version: 0.3.2
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT
@@ -22,6 +22,9 @@ Requires-Dist: reportlab>=4.0
 Requires-Dist: litellm>=1.50
 Requires-Dist: sqlalchemy>=2.0
 Requires-Dist: pydantic>=2.0
+Requires-Dist: pyjwt>=2.8
+Requires-Dist: pytest>=8.0
+Requires-Dist: pytest-flask>=1.3
 Dynamic: license-file
 <!-- markdownlint-disable MD033 MD041 -->

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar.egg-info/SOURCES.txt RENAMED Viewed

@@ -14,6 +14,7 @@ devsecops_radar/cli/scanner.py
 devsecops_radar/core/__init__.py
 devsecops_radar/core/analyzer.py
 devsecops_radar/core/attack_simulation.py
+devsecops_radar/core/auth.py
 devsecops_radar/core/database.py
 devsecops_radar/core/models.py
 devsecops_radar/core/parser.py
@@ -22,6 +23,7 @@ devsecops_radar/core/remediation.py
 devsecops_radar/core/reporting.py
 devsecops_radar/core/rule_fusion.py
 devsecops_radar/core/sbom.py
+devsecops_radar/core/settings.py
 devsecops_radar/core/valuation.py
 devsecops_radar/plugins/__init__.py
 devsecops_radar/scanners/adapter.py
@@ -48,5 +50,6 @@ devsecops_radar/web/summary/routes.py
 devsecops_radar/web/templates/index.html
 devsecops_radar/web/topology/__init__.py
 devsecops_radar/web/topology/routes.py
+tests/test_api.py
 tests/test_cli.py
 tests/test_scanners.py

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/devsecops_radar.egg-info/requires.txt RENAMED Viewed

@@ -7,3 +7,6 @@ reportlab>=4.0
 litellm>=1.50
 sqlalchemy>=2.0
 pydantic>=2.0
+pyjwt>=2.8
+pytest>=8.0
+pytest-flask>=1.3

{devsecops_radar-0.2.9 → devsecops_radar-0.3.2}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "devsecops-radar"
-version = "0.2.9"
+version = "0.3.2"
 description = "Unified CI/CD Security Dashboard — Pipeline Sentinel"
 readme = "README.md"
 license = "MIT"
@@ -28,6 +28,9 @@ dependencies = [
     "litellm>=1.50",
     "sqlalchemy>=2.0",
     "pydantic>=2.0",
+    "pyjwt>=2.8",
+    "pytest>=8.0",
+    "pytest-flask>=1.3",
 ]
 [project.urls]

devsecops_radar-0.3.2/tests/test_api.py ADDED Viewed

@@ -0,0 +1,16 @@
+import pytest
+from devsecops_radar.web.app import create_app
+@pytest.fixture
+def app():
+    app = create_app()
+    app.config['TESTING'] = True
+    return app
+@pytest.fixture
+def client(app):
+    return app.test_client()
+def test_dashboard_route(client):
+    response = client.get('/')
+    assert response.status_code == 200

devsecops_radar-0.3.2/tests/test_scanners.py ADDED Viewed

@@ -0,0 +1,26 @@
+import json
+import tempfile
+import os
+from devsecops_radar.scanners.trivy import TrivyScanner
+def test_trivy_parse():
+    scanner = TrivyScanner()
+    data = {
+        "Results": [{
+            "Target": "test-image",
+            "Vulnerabilities": [{
+                "VulnerabilityID": "CVE-2026-0001",
+                "Severity": "HIGH",
+                "Title": "Test vuln",
+                "Description": "Test"
+            }]
+        }]
+    }
+    with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+        json.dump(data, f)
+        f.flush()
+        findings = scanner.parse(f.name)
+    os.unlink(f.name)
+    assert len(findings) == 1
+    assert findings[0]["severity"] == "HIGH"
+    assert findings[0]["id"] == "CVE-2026-0001"

devsecops_radar-0.2.9/tests/test_scanners.py DELETED Viewed

@@ -1,70 +0,0 @@
-import json
-import tempfile
-import os
-from devsecops_radar.scanners.trivy import TrivyScanner
-from devsecops_radar.scanners.semgrep import SemgrepScanner
-from devsecops_radar.scanners.poutine import PoutineScanner
-sample_trivy = {
-    "Results": [{
-        "Target": "test-app",
-        "Vulnerabilities": [{
-            "VulnerabilityID": "CVE-TEST-1",
-            "Severity": "CRITICAL",
-            "Title": "Test vuln",
-            "Description": "Test description",
-            "PkgName": "test-pkg",
-            "InstalledVersion": "1.0",
-            "FixedVersion": "2.0"
-        }]
-    }]
-}
-sample_semgrep = {
-    "results": [{
-        "path": "test.py",
-        "check_id": "test.rule",
-        "extra": {"severity": "HIGH", "message": "Test finding"},
-        "start": {"line": 10}
-    }]
-}
-sample_poutine = {
-    "findings": [{
-        "rule_id": "test-rule",
-        "severity": "MEDIUM",
-        "message": "Test poutine",
-        "description": "Desc",
-        "location": {"file": ".gitlab-ci.yml", "line": 1}
-    }]
-}
-def write_temp(data):
-    tmp = tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False)
-    json.dump(data, tmp)
-    tmp.close()
-    return tmp.name
-def test_trivy_parse():
-    path = write_temp(sample_trivy)
-    findings = TrivyScanner().parse(path)
-    os.unlink(path)
-    assert len(findings) == 1
-    assert findings[0]['tool'] == 'Trivy'
-    assert findings[0]['severity'] == 'CRITICAL'
-def test_semgrep_parse():
-    path = write_temp(sample_semgrep)
-    findings = SemgrepScanner().parse(path)
-    os.unlink(path)
-    assert len(findings) == 1
-    assert findings[0]['tool'] == 'Semgrep'
-    assert findings[0]['severity'] == 'HIGH'
-def test_poutine_parse():
-    path = write_temp(sample_poutine)
-    findings = PoutineScanner().parse(path)
-    os.unlink(path)
-    assert len(findings) == 1
-    assert findings[0]['tool'] == 'Poutine'
-    assert findings[0]['severity'] == 'MEDIUM'