devsecops-radar 0.3.0__tar.gz → 0.3.3__tar.gz

{devsecops_radar-0.3.0/devsecops_radar.egg-info → devsecops_radar-0.3.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.3.0
+Version: 0.3.3
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT
@@ -22,6 +22,9 @@ Requires-Dist: reportlab>=4.0
 Requires-Dist: litellm>=1.50
 Requires-Dist: sqlalchemy>=2.0
 Requires-Dist: pydantic>=2.0
+Requires-Dist: pyjwt>=2.8
+Requires-Dist: pytest>=8.0
+Requires-Dist: pytest-flask>=1.3
 Dynamic: license-file
 
 <!-- markdownlint-disable MD033 MD041 -->

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar/cli/scanner.py

@@ -1,4 +1,5 @@
 import argparse
+import asyncio
 import json
 import os
 import sys
@@ -40,8 +41,20 @@ def parse_args():
     parser.add_argument('--wizard', action='store_true', help='Interactive first-time setup wizard')
     return parser.parse_args()
 
-def run_scans(args, plugins):
-    all_findings = []
+async def run_scanner_async(name, target, adapter):
+    try:
+        if os.path.isfile(target):
+            logger.info(f"Parsing {name} JSON file: {target}")
+            validated = await asyncio.to_thread(adapter.parse, target)
+        else:
+            logger.info(f"Running {name} on: {target}")
+            validated = await asyncio.to_thread(adapter.run, target)
+        return [v.dict() for v in validated]
+    except Exception as e:
+        logger.error(f"{name} failed: {e}")
+        return []
+
+async def run_scans(args, plugins):
     scanner_targets = {
         'trivy': args.trivy,
         'semgrep': args.semgrep,
@@ -49,21 +62,20 @@ def run_scans(args, plugins):
         'zizmor': args.zizmor,
         'gitleaks': getattr(args, 'gitleaks', None),
     }
+    tasks = []
     for name, target in scanner_targets.items():
         if target:
-            scanner = plugins.get(name)
-            if scanner:
-                adapter = ScannerAdapter(scanner)
-                try:
-                    if os.path.isfile(target):
-                        logger.info(f"Parsing {name} JSON file: {target}")
-                        validated = adapter.parse(target)
-                    else:
-                        logger.info(f"Running {name} on: {target}")
-                        validated = adapter.run(target)
-                    all_findings.extend([v.dict() for v in validated])
-                except Exception as e:
-                    logger.error(f"{name} failed: {e}")
+            plugin = plugins.get(name)
+            if plugin:
+                adapter = ScannerAdapter(plugin)
+                tasks.append(run_scanner_async(name, target, adapter))
+    results = await asyncio.gather(*tasks, return_exceptions=True)
+    all_findings = []
+    for res in results:
+        if isinstance(res, list):
+            all_findings.extend(res)
+        elif isinstance(res, Exception):
+            logger.error(f"Scan task failed with exception: {res}")
     return all_findings
 
 def load_custom_rules(args):
@@ -109,27 +121,32 @@ def run_analysis(args, findings, topology=None):
 def wizard():
     """Interactive setup wizard for first-time users."""
     print("🛡️  Welcome to Pipeline Sentinel – Quick Setup Wizard")
-    print("This will guide you through scanning a sample project.\n")
-    # 1. Ollama check
+    print("This will install necessary components.\n")
     import subprocess
+    # 1. Ollama check
     try:
         subprocess.run(['ollama', '--version'], capture_output=True, check=True)
+        print("[✔] Ollama found.")
     except:
         print("[!] Ollama not found. Installing...")
-        subprocess.run(['curl', '-fsSL', 'https://ollama.com/install.sh', '|', 'sh'], shell=True)
-    # 2. Pull model
-    print("📥 Pulling AI model llama3.2 ...")
+        subprocess.run('curl -fsSL https://ollama.com/install.sh | sh', shell=True)
+    # 2. Pull AI model
+    print("📥 Pulling AI model (llama3.2)...")
     subprocess.run(['ollama', 'pull', 'llama3.2:latest'])
-    # 3. Scan current directory with Semgrep and Trivy if available
-    print("🔍 Scanning current directory with Semgrep...")
+    # 3. Suggestions for optional tools
     if subprocess.run(['which', 'semgrep'], capture_output=True).returncode == 0:
-        subprocess.run(['semgrep', '--config=auto', '--json', '--output', 'semgrep.json', '.'], check=False)
-    print("🐳 Scanning with Trivy (if Docker installed)...")
+        print("[✔] Semgrep available.")
+    else:
+        print("[ ] Semgrep not found (optional).")
     if subprocess.run(['which', 'docker'], capture_output=True).returncode == 0:
-        subprocess.run(['trivy', 'image', '--format', 'json', '--output', 'trivy.json', 'alpine:latest'], check=False)
-    # 4. Merge and start dashboard
-    os.system('devsecops-radar --trivy trivy.json --semgrep semgrep.json')
-    os.system('devsecops-radar-web')
+        print("[✔] Docker available.")
+    else:
+        print("[ ] Docker not found (optional).")
+    # 4. Final instructions
+    print("\n✅ Setup complete! You can now run:")
+    print("   devsecops-radar --trivy sample_trivy.json --semgrep sample_semgrep.json")
+    print("   devsecops-radar-web")
+    print("\nThen open http://localhost:8080 in your browser.")
 
 def main():
     args = parse_args()
@@ -140,8 +157,7 @@ def main():
     logger.add(sys.stderr, format="<green>{time:HH:mm:ss}</green> | <level>{level: <8}</level> | {message}")
 
     plugins = discover_plugins()
-    findings = []
-    findings.extend(run_scans(args, plugins))
+    findings = asyncio.run(run_scans(args, plugins))
     findings.extend(load_custom_rules(args))
 
     if not findings:
@@ -163,7 +179,6 @@ def main():
 
     if args.fix and ai_summary:
         if args.review:
-            # Human-in-the-loop: show diff and ask confirmation
             from devsecops_radar.core.remediation import generate_fix_commands
             cmds = generate_fix_commands(findings, ai_summary)
             print("Proposed fixes:\n", cmds)

devsecops_radar-0.3.3/devsecops_radar/core/auth.py

@@ -0,0 +1,28 @@
+import jwt
+import datetime
+from functools import wraps
+from flask import request, jsonify
+from devsecops_radar.core.settings import settings
+
+def create_token(user: str = "admin") -> str:
+    payload = {
+        "user": user,
+        "exp": datetime.datetime.utcnow() + datetime.timedelta(hours=settings.JWT_EXPIRATION_HOURS),
+        "iat": datetime.datetime.utcnow()
+    }
+    return jwt.encode(payload, settings.JWT_SECRET, algorithm=settings.JWT_ALGORITHM)
+
+def verify_token(token: str) -> dict:
+    return jwt.decode(token, settings.JWT_SECRET, algorithms=[settings.JWT_ALGORITHM])
+
+def login_required(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        # Only enforce authentication if the admin has configured an API key.
+        if settings.PIPELINE_API_KEY != "disabled":
+            key = request.headers.get("X-API-Key")
+            if key != settings.PIPELINE_API_KEY:
+                return jsonify({"error": "API key required"}), 401
+        # Without an API key, all requests are permitted (default for local use).
+        return f(*args, **kwargs)
+    return decorated

devsecops_radar-0.3.3/devsecops_radar/core/settings.py

@@ -0,0 +1,19 @@
+import os
+import secrets
+
+class Settings:
+    JWT_SECRET: str = os.environ.get("JWT_SECRET", "")
+    JWT_ALGORITHM: str = "HS256"
+    JWT_EXPIRATION_HOURS: int = 24
+    PIPELINE_API_KEY: str = os.environ.get("PIPELINE_API_KEY", "disabled")
+    DEBUG: bool = os.environ.get("DEBUG", "false").lower() == "true"
+    HOST: str = os.environ.get("HOST", "127.0.0.1")
+    PORT: int = int(os.environ.get("PORT", "8080"))
+
+    def __init__(self):
+        if not self.JWT_SECRET:
+            self.JWT_SECRET = secrets.token_hex(32)
+            print("WARNING: JWT_SECRET not set. Using temporary secret:", self.JWT_SECRET)
+            print("Set the JWT_SECRET environment variable for production use.")
+
+settings = Settings()

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar/scanners/gitleaks.py

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 
 class GitleaksScanner(ScannerPlugin):
@@ -15,17 +16,24 @@ class GitleaksScanner(ScannerPlugin):
         with tempfile.NamedTemporaryFile(suffix='.json', delete=False) as tmp:
             outfile = tmp.name
         try:
-            subprocess.run(['gitleaks', 'detect', '--source', target, '--report-format', 'json', '--report-path', outfile], check=True)
+            subprocess.run(
+                ['gitleaks', 'detect', '--source', target, '--report-format', 'json', '--report-path', outfile],
+                check=True
+            )
             return self.parse(outfile)
         finally:
             if os.path.exists(outfile):
                 os.unlink(outfile)
 
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Gitleaks output: {e}")
+            return []
         findings = []
-        for item in data:
+        for item in data if isinstance(data, list) else data.get("Findings", []):
             findings.append({
                 "tool": "Gitleaks",
                 "target": item.get("file", ""),

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar/scanners/poutine.py

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 
 class PoutineScanner(ScannerPlugin):
@@ -25,15 +26,19 @@ class PoutineScanner(ScannerPlugin):
                 os.unlink(outfile)
 
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Poutine output: {e}")
+            return []
         findings = []
         for result in data.get("findings", []):
             findings.append({
                 "tool": "Poutine",
                 "target": result.get("location", {}).get("file", ""),
                 "id": result.get("rule_id", ""),
-                "severity": result.get("severity", "UNKNOWN").upper(),
+                "severity": (result.get("severity", "UNKNOWN") or "UNKNOWN").upper(),
                 "title": result.get("message", ""),
                 "description": result.get("description", ""),
                 "line": result.get("location", {}).get("line", 0)

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar/scanners/semgrep.py

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 
 class SemgrepScanner(ScannerPlugin):
@@ -25,15 +26,19 @@ class SemgrepScanner(ScannerPlugin):
                 os.unlink(outfile)
 
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Semgrep output: {e}")
+            return []
         findings = []
         for result in data.get("results", []):
             findings.append({
                 "tool": "Semgrep",
                 "target": result.get("path", ""),
                 "id": result.get("check_id", ""),
-                "severity": result.get("extra", {}).get("severity", "WARNING").upper(),
+                "severity": (result.get("extra", {}).get("severity", "WARNING") or "WARNING").upper(),
                 "title": result.get("check_id", ""),
                 "description": result.get("extra", {}).get("message", ""),
                 "line": result.get("start", {}).get("line", 0)

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar/scanners/trivy.py

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 
 class TrivyScanner(ScannerPlugin):
@@ -25,8 +26,12 @@ class TrivyScanner(ScannerPlugin):
                 os.unlink(outfile)
 
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Trivy output: {e}")
+            return []
         findings = []
         for result in data.get("Results", []):
             target_name = result.get("Target", "Unknown")
@@ -34,8 +39,8 @@ class TrivyScanner(ScannerPlugin):
                 findings.append({
                     "tool": "Trivy",
                     "target": target_name,
-                    "id": vuln.get("VulnerabilityID"),
-                    "severity": vuln.get("Severity", "UNKNOWN").upper(),
+                    "id": vuln.get("VulnerabilityID", ""),
+                    "severity": (vuln.get("Severity", "UNKNOWN") or "UNKNOWN").upper(),
                     "title": vuln.get("Title", ""),
                     "description": vuln.get("Description", ""),
                     "package": vuln.get("PkgName", ""),

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar/scanners/zizmor.py

@@ -3,6 +3,7 @@ import subprocess
 import tempfile
 import os
 from typing import List, Dict, Any
+from loguru import logger
 from devsecops_radar.plugins import ScannerPlugin
 
 class ZizmorScanner(ScannerPlugin):
@@ -25,15 +26,19 @@ class ZizmorScanner(ScannerPlugin):
                 os.unlink(outfile)
 
     def parse(self, file_path: str) -> List[Dict[str, Any]]:
-        with open(file_path) as f:
-            data = json.load(f)
+        try:
+            with open(file_path) as f:
+                data = json.load(f)
+        except Exception as e:
+            logger.error(f"Could not parse Zizmor output: {e}")
+            return []
         findings = []
         for result in data.get("findings", []):
             findings.append({
                 "tool": "Zizmor",
                 "target": result.get("path", ""),
                 "id": result.get("rule_id", ""),
-                "severity": result.get("severity", "UNKNOWN").upper(),
+                "severity": (result.get("severity", "UNKNOWN") or "UNKNOWN").upper(),
                 "title": result.get("message", ""),
                 "description": result.get("description", ""),
                 "line": result.get("location", {}).get("line", 0)

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar/web/app.py

@@ -1,9 +1,11 @@
-from flask import Flask
+from flask import Flask, jsonify, request
 from devsecops_radar.web.dashboard.routes import dashboard_bp
 from devsecops_radar.web.attack_paths.routes import attack_paths_bp
 from devsecops_radar.web.topology.routes import topology_bp
 from devsecops_radar.web.summary.routes import summary_bp
 from devsecops_radar.web.sentry.routes import sentry_bp
+from devsecops_radar.core.auth import login_required, create_token
+from devsecops_radar.core.settings import settings
 
 def create_app():
     app = Flask(__name__)
@@ -12,11 +14,20 @@ def create_app():
     app.register_blueprint(topology_bp)
     app.register_blueprint(summary_bp)
     app.register_blueprint(sentry_bp)
+
+    @app.route('/api/auth/login', methods=['POST'])
+    def login():
+        data = request.get_json() or {}
+        if data.get("password") == settings.PIPELINE_API_KEY:
+            token = create_token()
+            return jsonify({"token": token})
+        return jsonify({"error": "Invalid credentials"}), 403
+
     return app
 
-def start_server(host='0.0.0.0', port=8080):
+def start_server():
     app = create_app()
-    app.run(host=host, port=port, debug=True)
+    app.run(host=settings.HOST, port=settings.PORT, debug=settings.DEBUG)
 
 if __name__ == '__main__':
     start_server()

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar/web/dashboard/routes.py

@@ -3,6 +3,7 @@ import json
 import os
 from devsecops_radar.core.database import get_all_scans, get_findings_paginated
 from devsecops_radar.core.rag import rag_search
+from devsecops_radar.core.auth import login_required
 
 dashboard_bp = Blueprint('dashboard', __name__)
 
@@ -38,7 +39,7 @@ DASHBOARD_HTML = r"""
     <nav class="navbar navbar-dark border-bottom border-secondary mb-4" style="background:#1e293b;">
         <div class="container-fluid">
             <span class="navbar-brand mb-0 h1">🛡️ Pipeline Sentinel</span>
-            <span class="text-muted">v0.3.2</span>
+            <span class="text-muted">v0.3.3</span>
         </div>
     </nav>
 
@@ -174,10 +175,16 @@ DASHBOARD_HTML = r"""
     <script>
         const API_KEY = "{{ api_key }}";
         function getHeaders() {
+            const headers = {};
             if (API_KEY && API_KEY !== 'disabled') {
-                return { 'X-API-Key': API_KEY };
+                headers['X-API-Key'] = API_KEY;
             }
-            return {};
+            // Optionally add JWT token if stored
+            const token = localStorage.getItem('jwt_token');
+            if (token) {
+                headers['Authorization'] = 'Bearer ' + token;
+            }
+            return headers;
         }
 
         let allFindings = [];
@@ -221,14 +228,12 @@ DASHBOARD_HTML = r"""
             renderTable(filtered);
         }
 
-        // ✅ FIX: use data.items for the array, and use allFindings for charts & stats
         fetch('/api/findings', { headers: getHeaders() })
             .then(res => res.json())
             .then(data => {
                 allFindings = data.items;
                 renderTable(allFindings);
 
-                // Doughnut chart counts
                 const counts = {CRITICAL:0, HIGH:0, MEDIUM:0, LOW:0};
                 allFindings.forEach(f => {
                     const sev = f.severity.toUpperCase();
@@ -246,7 +251,6 @@ DASHBOARD_HTML = r"""
                     options: { plugins: { legend: { labels: { color: 'white' } } } }
                 });
 
-                // Pipeline stats (Poutine + Zizmor)
                 const pipeline = allFindings.filter(f => f.tool === 'Poutine' || f.tool === 'Zizmor');
                 const pCounts = {CRITICAL:0, HIGH:0, MEDIUM:0, LOW:0};
                 pipeline.forEach(f => {
@@ -258,7 +262,6 @@ DASHBOARD_HTML = r"""
                 document.getElementById('pipeline-medium').textContent = pCounts.MEDIUM;
                 document.getElementById('pipeline-low').textContent = pCounts.LOW;
 
-                // Attach filter events
                 document.getElementById('searchInput').addEventListener('input', applyFilters);
                 document.getElementById('toolFilter').addEventListener('change', applyFilters);
                 document.getElementById('severityFilter').addEventListener('change', applyFilters);
@@ -297,7 +300,6 @@ DASHBOARD_HTML = r"""
                 }
                 if (!data.nodes || data.nodes.length === 0) return;
                 const container = document.getElementById('attack-graph');
-                // ✅ Clean previous SVG before drawing new one
                 container.innerHTML = '';
                 const width = container.clientWidth;
                 const height = container.clientHeight;
@@ -445,16 +447,19 @@ def index():
     )
 
 @dashboard_bp.route('/api/findings')
+@login_required
 def api_findings():
     page = request.args.get('page', 1, type=int)
     per_page = request.args.get('per_page', 50, type=int)
     return jsonify(get_findings_paginated(page, per_page))
 
 @dashboard_bp.route('/api/history')
+@login_required
 def api_history():
     return jsonify(get_all_scans())
 
 @dashboard_bp.route('/api/rag')
+@login_required
 def api_rag():
     q = request.args.get('q', '')
     if not q:

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3/devsecops_radar.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.3.0
+Version: 0.3.3
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT
@@ -22,6 +22,9 @@ Requires-Dist: reportlab>=4.0
 Requires-Dist: litellm>=1.50
 Requires-Dist: sqlalchemy>=2.0
 Requires-Dist: pydantic>=2.0
+Requires-Dist: pyjwt>=2.8
+Requires-Dist: pytest>=8.0
+Requires-Dist: pytest-flask>=1.3
 Dynamic: license-file
 
 <!-- markdownlint-disable MD033 MD041 -->

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar.egg-info/SOURCES.txt

@@ -14,6 +14,7 @@ devsecops_radar/cli/scanner.py
 devsecops_radar/core/__init__.py
 devsecops_radar/core/analyzer.py
 devsecops_radar/core/attack_simulation.py
+devsecops_radar/core/auth.py
 devsecops_radar/core/database.py
 devsecops_radar/core/models.py
 devsecops_radar/core/parser.py
@@ -22,6 +23,7 @@ devsecops_radar/core/remediation.py
 devsecops_radar/core/reporting.py
 devsecops_radar/core/rule_fusion.py
 devsecops_radar/core/sbom.py
+devsecops_radar/core/settings.py
 devsecops_radar/core/valuation.py
 devsecops_radar/plugins/__init__.py
 devsecops_radar/scanners/adapter.py
@@ -48,5 +50,9 @@ devsecops_radar/web/summary/routes.py
 devsecops_radar/web/templates/index.html
 devsecops_radar/web/topology/__init__.py
 devsecops_radar/web/topology/routes.py
+tests/test_analyzer.py
+tests/test_api.py
 tests/test_cli.py
+tests/test_database.py
+tests/test_rule_fusion.py
 tests/test_scanners.py

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/devsecops_radar.egg-info/requires.txt

@@ -7,3 +7,6 @@ reportlab>=4.0
 litellm>=1.50
 sqlalchemy>=2.0
 pydantic>=2.0
+pyjwt>=2.8
+pytest>=8.0
+pytest-flask>=1.3

{devsecops_radar-0.3.0 → devsecops_radar-0.3.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "devsecops-radar"
-version = "0.3.0"
+version = "0.3.3"
 description = "Unified CI/CD Security Dashboard — Pipeline Sentinel"
 readme = "README.md"
 license = "MIT"
@@ -28,6 +28,9 @@ dependencies = [
     "litellm>=1.50",
     "sqlalchemy>=2.0",
     "pydantic>=2.0",
+    "pyjwt>=2.8",
+    "pytest>=8.0",
+    "pytest-flask>=1.3",
 ]
 
 [project.urls]

devsecops_radar-0.3.3/tests/test_analyzer.py

@@ -0,0 +1,39 @@
+import pytest
+from unittest.mock import patch, MagicMock
+from devsecops_radar.core.analyzer import OllamaAnalyzer, extract_json, select_findings_for_llm
+
+def test_extract_json_plain():
+    text = '{"executive_summary": "test", "attack_paths": [], "top_remediations": []}'
+    result = extract_json(text)
+    assert result["executive_summary"] == "test"
+
+def test_extract_json_malformed():
+    result = extract_json("some text {invalid")
+    assert "executive_summary" in result  # falls back to wrapping the text
+
+def test_select_findings_for_llm():
+    findings = [{"severity": "CRITICAL"}] * 120 + [{"severity": "LOW"}] * 50
+    selected = select_findings_for_llm(findings, max_items=100)
+    assert len(selected) == 100
+    # All criticals should be included
+    criticals = [f for f in selected if f["severity"] == "CRITICAL"]
+    assert len(criticals) == 100
+
+@patch('requests.Session.post')
+def test_ollama_analyzer_success(mock_post):
+    mock_response = MagicMock()
+    mock_response.json.return_value = {"response": '{"executive_summary": "ok", "attack_paths": [], "top_remediations": []}'}
+    mock_response.raise_for_status.return_value = None
+    mock_post.return_value = mock_response
+    analyzer = OllamaAnalyzer()
+    findings = [{"severity": "CRITICAL", "id": "1", "tool": "test"}]
+    analysis = analyzer.analyze(findings)
+    assert analysis["executive_summary"] == "ok"
+
+@patch('requests.Session.post')
+def test_ollama_analyzer_network_error(mock_post):
+    mock_post.side_effect = Exception("Network down")
+    analyzer = OllamaAnalyzer()
+    findings = [{"severity": "CRITICAL", "id": "1", "tool": "test"}]
+    analysis = analyzer.analyze(findings)
+    assert "AI failed" in analysis["executive_summary"]

devsecops_radar-0.3.3/tests/test_api.py

@@ -0,0 +1,29 @@
+import pytest
+from devsecops_radar.web.app import create_app
+import os
+
+@pytest.fixture
+def app():
+    app = create_app()
+    app.config['TESTING'] = True
+    return app
+
+@pytest.fixture
+def client(app):
+    return app.test_client()
+
+def test_dashboard_page(client):
+    resp = client.get('/')
+    assert resp.status_code == 200
+
+def test_findings_api_requires_key_when_set(monkeypatch, client):
+    monkeypatch.setenv("PIPELINE_API_KEY", "secret")
+    resp = client.get('/api/findings')
+    assert resp.status_code == 401
+    resp = client.get('/api/findings', headers={"X-API-Key": "secret"})
+    assert resp.status_code == 200
+
+def test_findings_api_open_when_disabled(monkeypatch, client):
+    monkeypatch.setenv("PIPELINE_API_KEY", "disabled")
+    resp = client.get('/api/findings')
+    assert resp.status_code == 200

devsecops_radar-0.3.3/tests/test_cli.py

@@ -0,0 +1,30 @@
+import subprocess
+import os
+import tempfile
+import pytest
+
+def test_cli_help():
+    result = subprocess.run(['devsecops-radar', '--help'], capture_output=True, text=True)
+    assert result.returncode == 0
+    assert '--trivy' in result.stdout
+
+def test_cli_wizard_flag():
+    result = subprocess.run(['devsecops-radar', '--wizard'], capture_output=True, text=True)
+    assert result.returncode == 0
+    assert 'Quick Setup Wizard' in result.stdout or 'Welcome' in result.stdout
+
+def test_cli_merge_sample_files():
+    sample_dir = os.path.join(os.path.dirname(__file__), '..')
+    trivy_sample = os.path.join(sample_dir, 'sample_trivy.json')
+    semgrep_sample = os.path.join(sample_dir, 'sample_semgrep.json')
+    if not os.path.exists(trivy_sample) or not os.path.exists(semgrep_sample):
+        pytest.skip("Sample files not found")
+    with tempfile.NamedTemporaryFile(suffix='.json', delete=False) as outfile:
+        outpath = outfile.name
+    result = subprocess.run(
+        ['devsecops-radar', '--trivy', trivy_sample, '--semgrep', semgrep_sample, '--output', outpath],
+        capture_output=True, text=True
+    )
+    assert result.returncode == 0
+    assert 'Merged' in result.stdout
+    os.unlink(outpath)

devsecops_radar-0.3.3/tests/test_database.py

@@ -0,0 +1,43 @@
+import os
+import tempfile
+import pytest
+
+# Set a temporary database BEFORE importing any devsecops_radar modules
+@pytest.fixture(scope="module")
+def temp_db():
+    # Create a unique temp file path for the database
+    fd, tmpfile = tempfile.mkstemp(suffix='.db')
+    os.close(fd)
+    old_val = os.environ.get("DATABASE_URL")
+    os.environ["DATABASE_URL"] = f"sqlite:///{tmpfile}"
+
+    # Now import the database functions — they will use the temp DB
+    from devsecops_radar.core.database import save_scan, get_all_scans, get_findings_paginated
+
+    yield tmpfile, save_scan, get_all_scans, get_findings_paginated
+
+    # Cleanup
+    os.unlink(tmpfile)
+    if old_val is None:
+        del os.environ["DATABASE_URL"]
+    else:
+        os.environ["DATABASE_URL"] = old_val
+
+
+def test_save_and_retrieve(temp_db):
+    tmpfile, save_scan, get_all_scans, get_findings_paginated = temp_db
+    findings = [
+        {
+            "tool": "test",
+            "severity": "HIGH",
+            "id": "1",
+            "target": "t",
+            "title": "t",
+            "description": "d"
+        }
+    ]
+    save_scan(findings)
+    scans = get_all_scans()
+    assert len(scans) > 0
+    paginated = get_findings_paginated(1, 10)
+    assert paginated["total"] >= 1

devsecops_radar-0.3.3/tests/test_rule_fusion.py

@@ -0,0 +1,30 @@
+import json
+import tempfile
+import os
+from devsecops_radar.core.rule_fusion import RuleFusion
+
+class TestPolicyEvaluation:
+    def test_policy_pass(self):
+        findings = [{"severity": "CRITICAL"}] * 3
+        policy = {"max_critical": 5, "on_violation": "fail"}
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+            json.dump(policy, f)
+            f.flush()
+            passed, msg = RuleFusion.evaluate_policy(findings, f.name)
+        os.unlink(f.name)
+        assert passed
+        assert "passed" in msg
+
+    def test_policy_fail(self):
+        findings = [{"severity": "CRITICAL"}] * 6
+        policy = {"max_critical": 5, "on_violation": "fail"}
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+            json.dump(policy, f)
+            f.flush()
+            passed, msg = RuleFusion.evaluate_policy(findings, f.name)
+        os.unlink(f.name)
+        assert not passed
+
+    def test_policy_file_not_found(self):
+        passed, msg = RuleFusion.evaluate_policy([], "/nonexistent/policy.json")
+        assert passed

devsecops_radar-0.3.3/tests/test_scanners.py

@@ -0,0 +1,81 @@
+import json
+import tempfile
+import os
+import pytest
+from devsecops_radar.scanners.trivy import TrivyScanner
+from devsecops_radar.scanners.semgrep import SemgrepScanner
+from devsecops_radar.scanners.poutine import PoutineScanner
+from devsecops_radar.scanners.zizmor import ZizmorScanner
+from devsecops_radar.scanners.gitleaks import GitleaksScanner
+
+def write_temp_json(data):
+    tmp = tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False)
+    json.dump(data, tmp)
+    tmp.close()
+    return tmp.name
+
+class TestTrivyScanner:
+    def test_valid_json(self):
+        data = {"Results": [{"Target": "img", "Vulnerabilities": [{"VulnerabilityID": "CVE-1", "Severity": "HIGH"}]}]}
+        path = write_temp_json(data)
+        findings = TrivyScanner().parse(path)
+        os.unlink(path)
+        assert len(findings) == 1
+        assert findings[0]["severity"] == "HIGH"
+
+    def test_invalid_json(self):
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+            f.write("not json")
+            path = f.name
+        findings = TrivyScanner().parse(path)
+        os.unlink(path)
+        assert findings == []
+
+    def test_missing_results(self):
+        data = {"not_results": []}
+        path = write_temp_json(data)
+        findings = TrivyScanner().parse(path)
+        os.unlink(path)
+        assert findings == []
+
+class TestSemgrepScanner:
+    def test_valid(self):
+        data = {"results": [{"path": "a.py", "check_id": "x", "extra": {"severity": "ERROR", "message": "bad"}}]}
+        path = write_temp_json(data)
+        findings = SemgrepScanner().parse(path)
+        os.unlink(path)
+        assert len(findings) == 1
+        assert findings[0]["severity"] == "ERROR"
+
+    def test_invalid(self):
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+            f.write("{invalid")
+            path = f.name
+        findings = SemgrepScanner().parse(path)
+        os.unlink(path)
+        assert findings == []
+
+class TestPoutineScanner:
+    def test_valid(self):
+        data = {"findings": [{"rule_id": "x", "severity": "HIGH", "message": "bad", "location": {"file": "f", "line": 1}}]}
+        path = write_temp_json(data)
+        findings = PoutineScanner().parse(path)
+        os.unlink(path)
+        assert findings[0]["severity"] == "HIGH"
+
+class TestZizmorScanner:
+    def test_valid(self):
+        data = {"findings": [{"rule_id": "z1", "severity": "LOW", "message": "m", "path": "p", "location": {"line": 2}}]}
+        path = write_temp_json(data)
+        findings = ZizmorScanner().parse(path)
+        os.unlink(path)
+        assert findings[0]["severity"] == "LOW"
+
+class TestGitleaksScanner:
+    def test_valid_list(self):
+        data = [{"file": "f", "ruleID": "r", "description": "d", "line": 1}]
+        path = write_temp_json(data)
+        findings = GitleaksScanner().parse(path)
+        os.unlink(path)
+        assert len(findings) == 1
+        assert findings[0]["severity"] == "HIGH"

devsecops_radar-0.3.0/tests/test_scanners.py

@@ -1,70 +0,0 @@
-import json
-import tempfile
-import os
-from devsecops_radar.scanners.trivy import TrivyScanner
-from devsecops_radar.scanners.semgrep import SemgrepScanner
-from devsecops_radar.scanners.poutine import PoutineScanner
-
-sample_trivy = {
-    "Results": [{
-        "Target": "test-app",
-        "Vulnerabilities": [{
-            "VulnerabilityID": "CVE-TEST-1",
-            "Severity": "CRITICAL",
-            "Title": "Test vuln",
-            "Description": "Test description",
-            "PkgName": "test-pkg",
-            "InstalledVersion": "1.0",
-            "FixedVersion": "2.0"
-        }]
-    }]
-}
-
-sample_semgrep = {
-    "results": [{
-        "path": "test.py",
-        "check_id": "test.rule",
-        "extra": {"severity": "HIGH", "message": "Test finding"},
-        "start": {"line": 10}
-    }]
-}
-
-sample_poutine = {
-    "findings": [{
-        "rule_id": "test-rule",
-        "severity": "MEDIUM",
-        "message": "Test poutine",
-        "description": "Desc",
-        "location": {"file": ".gitlab-ci.yml", "line": 1}
-    }]
-}
-
-def write_temp(data):
-    tmp = tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False)
-    json.dump(data, tmp)
-    tmp.close()
-    return tmp.name
-
-def test_trivy_parse():
-    path = write_temp(sample_trivy)
-    findings = TrivyScanner().parse(path)
-    os.unlink(path)
-    assert len(findings) == 1
-    assert findings[0]['tool'] == 'Trivy'
-    assert findings[0]['severity'] == 'CRITICAL'
-
-def test_semgrep_parse():
-    path = write_temp(sample_semgrep)
-    findings = SemgrepScanner().parse(path)
-    os.unlink(path)
-    assert len(findings) == 1
-    assert findings[0]['tool'] == 'Semgrep'
-    assert findings[0]['severity'] == 'HIGH'
-
-def test_poutine_parse():
-    path = write_temp(sample_poutine)
-    findings = PoutineScanner().parse(path)
-    os.unlink(path)
-    assert len(findings) == 1
-    assert findings[0]['tool'] == 'Poutine'
-    assert findings[0]['severity'] == 'MEDIUM'