PyPI - devsecops-radar - Versions diffs - 0.3.2__tar.gz → 0.3.4__tar.gz - Mend

devsecops-radar 0.3.2tar.gz → 0.3.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

{devsecops_radar-0.3.2/devsecops_radar.egg-info → devsecops_radar-0.3.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.3.2
+Version: 0.3.4
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/cli/scanner.py RENAMED Viewed

@@ -123,17 +123,16 @@ def wizard():
     print("🛡️  Welcome to Pipeline Sentinel – Quick Setup Wizard")
     print("This will install necessary components.\n")
     import subprocess
-    # 1. Ollama check
     try:
         subprocess.run(['ollama', '--version'], capture_output=True, check=True)
         print("[✔] Ollama found.")
-    except:
+    except FileNotFoundError:
         print("[!] Ollama not found. Installing...")
         subprocess.run('curl -fsSL https://ollama.com/install.sh | sh', shell=True)
-    # 2. Pull AI model
+    except Exception:
+        print("[!] Could not verify Ollama. Please install manually.")
     print("📥 Pulling AI model (llama3.2)...")
     subprocess.run(['ollama', 'pull', 'llama3.2:latest'])
-    # 3. Suggestions for optional tools
     if subprocess.run(['which', 'semgrep'], capture_output=True).returncode == 0:
         print("[✔] Semgrep available.")
     else:
@@ -142,7 +141,6 @@ def wizard():
         print("[✔] Docker available.")
     else:
         print("[ ] Docker not found (optional).")
-    # 4. Final instructions
     print("\n✅ Setup complete! You can now run:")
     print("   devsecops-radar --trivy sample_trivy.json --semgrep sample_semgrep.json")
     print("   devsecops-radar-web")

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/core/analyzer.py RENAMED Viewed

@@ -4,9 +4,8 @@ import re
 import requests
 from requests.adapters import HTTPAdapter
 from urllib3.util.retry import Retry
-from typing import List, Dict, Any, Optional
+from typing import List, Dict, Any
-# --- Retry logic for LLM calls ---
 def _session_with_retries(total=3, backoff_factor=0.5, status_forcelist=[429, 500, 502, 503, 504]):
     session = requests.Session()
     retries = Retry(
@@ -20,7 +19,6 @@ def _session_with_retries(total=3, backoff_factor=0.5, status_forcelist=[429, 50
     session.mount('https://', adapter)
     return session
-# Default maximum findings sent to LLM (configurable via env)
 MAX_ANALYZER_FINDINGS = int(os.environ.get("ANALYZER_MAX_FINDINGS", "100"))
 FEW_SHOT_EXAMPLE = {
@@ -60,7 +58,7 @@ def extract_json(text: str) -> Dict[str, Any]:
         if match:
             try:
                 return json.loads(match.group(0))
-            except:
+            except json.JSONDecodeError:
                 pass
     return {"executive_summary": text, "attack_paths": [], "top_remediations": []}

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/core/models.py RENAMED Viewed

@@ -1,6 +1,6 @@
 from sqlalchemy import create_engine, Column, Integer, String, DateTime, JSON, ForeignKey
 from sqlalchemy.orm import declarative_base, sessionmaker, relationship
-from pydantic import BaseModel, Field, validator
+from pydantic import BaseModel, validator
 from typing import List, Optional
 import datetime
 import os
@@ -20,11 +20,6 @@ class FindingSchema(BaseModel):
     def severity_upper(cls, v):
         return v.upper()
-class ScanMetadata(BaseModel):
-    findings: List[FindingSchema]
-    scan_id: Optional[int] = None
-    timestamp: Optional[str] = None
 class Scan(Base):
     __tablename__ = 'scans'
     id = Column(Integer, primary_key=True)
@@ -52,7 +47,6 @@ def init_db():
     Base.metadata.create_all(engine)
 def save_scan_to_db(findings: list):
-    # Validate with Pydantic before storing
     validated = [FindingSchema(**f) for f in findings]
     init_db()
     session = SessionLocal()

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/core/parser.py RENAMED Viewed

@@ -1,4 +1,6 @@
+import json
 import warnings
+from typing import List, Dict, Any
 warnings.warn(
     "devsecops_radar.core.parser is deprecated and will be removed in v0.3.0. "
@@ -7,10 +9,6 @@ warnings.warn(
     stacklevel=2,
 )
-import json
-from typing import List, Dict, Any
 def parse_trivy_json(file_path: str) -> List[Dict[str, Any]]:
     with open(file_path) as f:
         data = json.load(f)

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/core/reporting.py RENAMED Viewed

@@ -1,6 +1,6 @@
 import re
 import datetime
-from reportlab.platypus import SimpleDocTemplate, Table, TableStyle, Paragraph
+from reportlab.platypus import Table, TableStyle, Paragraph
 from reportlab.lib.pagesizes import A4
 from reportlab.lib.styles import getSampleStyleSheet
 from reportlab.lib import colors
@@ -18,12 +18,6 @@ def redact_sensitive(text: str, patterns: List[str] = None) -> str:
     return text
 def generate_pdf_report(findings: List[Dict[str, Any]], ai_summary: Dict[str, Any], output_file: str = "report.pdf", redact: bool = True):
-    try:
-        from reportlab.platypus import SimpleDocTemplate, Table, TableStyle, Paragraph
-    except ImportError:
-        print("[ERROR] reportlab not installed.")
-        return
     doc = SimpleDocTemplate(output_file, pagesize=A4)
     elements = []
     styles = getSampleStyleSheet()

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/core/rule_fusion.py RENAMED Viewed

@@ -2,7 +2,7 @@ import json
 import os
 import subprocess
 from pathlib import Path
-from typing import List, Dict, Any, Optional, Tuple
+from typing import List, Dict, Any, Tuple
 class RuleFusion:
@@ -26,10 +26,7 @@ class RuleFusion:
         )
         self.findings: List[Dict[str, Any]] = []
-    # ── public API ──────────────────────────────────────────────
     def load_all_rules(self) -> List[Dict[str, Any]]:
-        """Load rules from both local and community sources."""
         if self.local_rules_path and self.local_rules_path.exists():
             self._load_from_directory(self.local_rules_path)
@@ -40,7 +37,6 @@ class RuleFusion:
         return self.findings
     def update_community_rules(self) -> None:
-        """Clone or pull the latest community rules repository."""
         target_dir = Path.home() / ".devsecops-radar" / "community-rules"
         target_dir.parent.mkdir(parents=True, exist_ok=True)
@@ -63,7 +59,6 @@ class RuleFusion:
         )
     def generate_template(self, scanner_name: str) -> str:
-        """Generate a sample rule file for the user to start with."""
         template = {
             "findings": [
                 {
@@ -82,18 +77,10 @@ class RuleFusion:
         }
         return json.dumps(template, indent=2)
-    # ── policy engine ─────────────────────────────────────────
     @staticmethod
     def evaluate_policy(
         findings: List[Dict[str, Any]], policy_file: str
     ) -> Tuple[bool, str]:
-        """
-        Evaluate a policy file against the findings.
-        Returns (pass, message).
-        The policy file is a JSON object with conditions.
-        Example: {"max_critical": 5, "on_violation": "fail"}
-        """
         if not os.path.exists(policy_file):
             return True, (
                 f"Policy file '{policy_file}' not found. "
@@ -120,10 +107,7 @@ class RuleFusion:
         return True, "Policy checks passed."
-    # ── internal helpers ────────────────────────────────────────
     def _load_from_directory(self, directory: Path) -> None:
-        """Recursively load all JSON files from a directory."""
         for json_file in sorted(directory.rglob("*.json")):
             try:
                 with open(json_file, "r", encoding="utf-8") as f:
@@ -143,7 +127,6 @@ class RuleFusion:
             print(f"📄 Loaded {len(parsed)} findings from {json_file.name}")
     def _validate_json(self, data: Any, filename: str) -> bool:
-        """Structural validation with better list handling."""
         if isinstance(data, list):
             if len(data) == 0:
                 print(f"[WARNING] {filename}: empty list, skipping")
@@ -171,10 +154,8 @@ class RuleFusion:
     def _parse_scanner_output(
         self, data: Any, filename: str
     ) -> List[Dict[str, Any]]:
-        """Parse any known scanner format."""
         findings: List[Dict[str, Any]] = []
-        # Already a plain list of findings
         if isinstance(data, list):
             for item in data:
                 if isinstance(item, dict) and self._is_finding(item):
@@ -184,7 +165,6 @@ class RuleFusion:
         if not isinstance(data, dict):
             return findings
-        # Trivy format
         for result in data.get("Results", []):
             for vuln in result.get("Vulnerabilities", []):
                 findings.append(
@@ -203,7 +183,6 @@ class RuleFusion:
                     }
                 )
-        # Semgrep format
         for result in data.get("results", []):
             findings.append(
                 {
@@ -222,7 +201,6 @@ class RuleFusion:
                 }
             )
-        # Poutine / Zizmor / Generic format
         for item in data.get("findings", []):
             if isinstance(item, dict):
                 findings.append(self._normalize(item, filename))

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/core/sbom.py RENAMED Viewed

@@ -1,7 +1,6 @@
 import subprocess
 import json
-import os
-from typing import List, Dict, Any, Optional
+from typing import List, Dict, Optional
 def generate_sbom(target_dir: str, output_file: str = "sbom.json") -> Optional[Dict]:
     try:

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/web/app.py RENAMED Viewed

@@ -4,7 +4,7 @@ from devsecops_radar.web.attack_paths.routes import attack_paths_bp
 from devsecops_radar.web.topology.routes import topology_bp
 from devsecops_radar.web.summary.routes import summary_bp
 from devsecops_radar.web.sentry.routes import sentry_bp
-from devsecops_radar.core.auth import login_required, create_token
+from devsecops_radar.core.auth import create_token
 from devsecops_radar.core.settings import settings
 def create_app():

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/web/dashboard/routes.py RENAMED Viewed

@@ -39,7 +39,7 @@ DASHBOARD_HTML = r"""
     <nav class="navbar navbar-dark border-bottom border-secondary mb-4" style="background:#1e293b;">
         <div class="container-fluid">
             <span class="navbar-brand mb-0 h1">🛡️ Pipeline Sentinel</span>
-            <span class="text-muted">v0.3.2</span>
+            <span class="text-muted">v0.3.3</span>
         </div>
     </nav>

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar/web/sentry/routes.py RENAMED Viewed

@@ -1,6 +1,4 @@
 from flask import Blueprint, request, jsonify
-import json
-import os
 sentry_bp = Blueprint('sentry', __name__)

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4/devsecops_radar.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.3.2
+Version: 0.3.4
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/devsecops_radar.egg-info/SOURCES.txt RENAMED Viewed

@@ -50,6 +50,9 @@ devsecops_radar/web/summary/routes.py
 devsecops_radar/web/templates/index.html
 devsecops_radar/web/topology/__init__.py
 devsecops_radar/web/topology/routes.py
+tests/test_analyzer.py
 tests/test_api.py
 tests/test_cli.py
+tests/test_database.py
+tests/test_rule_fusion.py
 tests/test_scanners.py

{devsecops_radar-0.3.2 → devsecops_radar-0.3.4}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "devsecops-radar"
-version = "0.3.2"
+version = "0.3.4"
 description = "Unified CI/CD Security Dashboard — Pipeline Sentinel"
 readme = "README.md"
 license = "MIT"

devsecops_radar-0.3.4/tests/test_analyzer.py ADDED Viewed

@@ -0,0 +1,37 @@
+from unittest.mock import patch, MagicMock
+from devsecops_radar.core.analyzer import OllamaAnalyzer, extract_json, select_findings_for_llm
+def test_extract_json_plain():
+    text = '{"executive_summary": "test", "attack_paths": [], "top_remediations": []}'
+    result = extract_json(text)
+    assert result["executive_summary"] == "test"
+def test_extract_json_malformed():
+    result = extract_json("some text {invalid")
+    assert "executive_summary" in result
+def test_select_findings_for_llm():
+    findings = [{"severity": "CRITICAL"}] * 120 + [{"severity": "LOW"}] * 50
+    selected = select_findings_for_llm(findings, max_items=100)
+    assert len(selected) == 100
+    criticals = [f for f in selected if f["severity"] == "CRITICAL"]
+    assert len(criticals) == 100
+@patch('requests.Session.post')
+def test_ollama_analyzer_success(mock_post):
+    mock_response = MagicMock()
+    mock_response.json.return_value = {"response": '{"executive_summary": "ok", "attack_paths": [], "top_remediations": []}'}
+    mock_response.raise_for_status.return_value = None
+    mock_post.return_value = mock_response
+    analyzer = OllamaAnalyzer()
+    findings = [{"severity": "CRITICAL", "id": "1", "tool": "test"}]
+    analysis = analyzer.analyze(findings)
+    assert analysis["executive_summary"] == "ok"
+@patch('requests.Session.post')
+def test_ollama_analyzer_network_error(mock_post):
+    mock_post.side_effect = Exception("Network down")
+    analyzer = OllamaAnalyzer()
+    findings = [{"severity": "CRITICAL", "id": "1", "tool": "test"}]
+    analysis = analyzer.analyze(findings)
+    assert "AI failed" in analysis["executive_summary"]

devsecops_radar-0.3.4/tests/test_api.py ADDED Viewed

@@ -0,0 +1,28 @@
+import pytest
+from devsecops_radar.web.app import create_app
+@pytest.fixture
+def app():
+    app = create_app()
+    app.config['TESTING'] = True
+    return app
+@pytest.fixture
+def client(app):
+    return app.test_client()
+def test_dashboard_page(client):
+    resp = client.get('/')
+    assert resp.status_code == 200
+def test_findings_api_requires_key_when_set(monkeypatch, client):
+    monkeypatch.setenv("PIPELINE_API_KEY", "secret")
+    resp = client.get('/api/findings')
+    assert resp.status_code == 401
+    resp = client.get('/api/findings', headers={"X-API-Key": "secret"})
+    assert resp.status_code == 200
+def test_findings_api_open_when_disabled(monkeypatch, client):
+    monkeypatch.setenv("PIPELINE_API_KEY", "disabled")
+    resp = client.get('/api/findings')
+    assert resp.status_code == 200

devsecops_radar-0.3.4/tests/test_cli.py ADDED Viewed

@@ -0,0 +1,30 @@
+import subprocess
+import os
+import tempfile
+import pytest
+def test_cli_help():
+    result = subprocess.run(['devsecops-radar', '--help'], capture_output=True, text=True)
+    assert result.returncode == 0
+    assert '--trivy' in result.stdout
+def test_cli_wizard_flag():
+    result = subprocess.run(['devsecops-radar', '--wizard'], capture_output=True, text=True)
+    assert result.returncode == 0
+    assert 'Quick Setup Wizard' in result.stdout or 'Welcome' in result.stdout
+def test_cli_merge_sample_files():
+    sample_dir = os.path.join(os.path.dirname(__file__), '..')
+    trivy_sample = os.path.join(sample_dir, 'sample_trivy.json')
+    semgrep_sample = os.path.join(sample_dir, 'sample_semgrep.json')
+    if not os.path.exists(trivy_sample) or not os.path.exists(semgrep_sample):
+        pytest.skip("Sample files not found")
+    with tempfile.NamedTemporaryFile(suffix='.json', delete=False) as outfile:
+        outpath = outfile.name
+    result = subprocess.run(
+        ['devsecops-radar', '--trivy', trivy_sample, '--semgrep', semgrep_sample, '--output', outpath],
+        capture_output=True, text=True
+    )
+    assert result.returncode == 0
+    assert 'Merged' in result.stdout
+    os.unlink(outpath)

devsecops_radar-0.3.4/tests/test_database.py ADDED Viewed

@@ -0,0 +1,43 @@
+import os
+import tempfile
+import pytest
+# Set a temporary database BEFORE importing any devsecops_radar modules
+@pytest.fixture(scope="module")
+def temp_db():
+    # Create a unique temp file path for the database
+    fd, tmpfile = tempfile.mkstemp(suffix='.db')
+    os.close(fd)
+    old_val = os.environ.get("DATABASE_URL")
+    os.environ["DATABASE_URL"] = f"sqlite:///{tmpfile}"
+    # Now import the database functions — they will use the temp DB
+    from devsecops_radar.core.database import save_scan, get_all_scans, get_findings_paginated
+    yield tmpfile, save_scan, get_all_scans, get_findings_paginated
+    # Cleanup
+    os.unlink(tmpfile)
+    if old_val is None:
+        del os.environ["DATABASE_URL"]
+    else:
+        os.environ["DATABASE_URL"] = old_val
+def test_save_and_retrieve(temp_db):
+    tmpfile, save_scan, get_all_scans, get_findings_paginated = temp_db
+    findings = [
+        {
+            "tool": "test",
+            "severity": "HIGH",
+            "id": "1",
+            "target": "t",
+            "title": "t",
+            "description": "d"
+        }
+    ]
+    save_scan(findings)
+    scans = get_all_scans()
+    assert len(scans) > 0
+    paginated = get_findings_paginated(1, 10)
+    assert paginated["total"] >= 1

devsecops_radar-0.3.4/tests/test_rule_fusion.py ADDED Viewed

@@ -0,0 +1,30 @@
+import json
+import tempfile
+import os
+from devsecops_radar.core.rule_fusion import RuleFusion
+class TestPolicyEvaluation:
+    def test_policy_pass(self):
+        findings = [{"severity": "CRITICAL"}] * 3
+        policy = {"max_critical": 5, "on_violation": "fail"}
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+            json.dump(policy, f)
+            f.flush()
+            passed, msg = RuleFusion.evaluate_policy(findings, f.name)
+        os.unlink(f.name)
+        assert passed
+        assert "passed" in msg
+    def test_policy_fail(self):
+        findings = [{"severity": "CRITICAL"}] * 6
+        policy = {"max_critical": 5, "on_violation": "fail"}
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+            json.dump(policy, f)
+            f.flush()
+            passed, msg = RuleFusion.evaluate_policy(findings, f.name)
+        os.unlink(f.name)
+        assert not passed
+    def test_policy_file_not_found(self):
+        passed, msg = RuleFusion.evaluate_policy([], "/nonexistent/policy.json")
+        assert passed

devsecops_radar-0.3.4/tests/test_scanners.py ADDED Viewed

@@ -0,0 +1,80 @@
+import json
+import tempfile
+import os
+from devsecops_radar.scanners.trivy import TrivyScanner
+from devsecops_radar.scanners.semgrep import SemgrepScanner
+from devsecops_radar.scanners.poutine import PoutineScanner
+from devsecops_radar.scanners.zizmor import ZizmorScanner
+from devsecops_radar.scanners.gitleaks import GitleaksScanner
+def write_temp_json(data):
+    tmp = tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False)
+    json.dump(data, tmp)
+    tmp.close()
+    return tmp.name
+class TestTrivyScanner:
+    def test_valid_json(self):
+        data = {"Results": [{"Target": "img", "Vulnerabilities": [{"VulnerabilityID": "CVE-1", "Severity": "HIGH"}]}]}
+        path = write_temp_json(data)
+        findings = TrivyScanner().parse(path)
+        os.unlink(path)
+        assert len(findings) == 1
+        assert findings[0]["severity"] == "HIGH"
+    def test_invalid_json(self):
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+            f.write("not json")
+            path = f.name
+        findings = TrivyScanner().parse(path)
+        os.unlink(path)
+        assert findings == []
+    def test_missing_results(self):
+        data = {"not_results": []}
+        path = write_temp_json(data)
+        findings = TrivyScanner().parse(path)
+        os.unlink(path)
+        assert findings == []
+class TestSemgrepScanner:
+    def test_valid(self):
+        data = {"results": [{"path": "a.py", "check_id": "x", "extra": {"severity": "ERROR", "message": "bad"}}]}
+        path = write_temp_json(data)
+        findings = SemgrepScanner().parse(path)
+        os.unlink(path)
+        assert len(findings) == 1
+        assert findings[0]["severity"] == "ERROR"
+    def test_invalid(self):
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+            f.write("{invalid")
+            path = f.name
+        findings = SemgrepScanner().parse(path)
+        os.unlink(path)
+        assert findings == []
+class TestPoutineScanner:
+    def test_valid(self):
+        data = {"findings": [{"rule_id": "x", "severity": "HIGH", "message": "bad", "location": {"file": "f", "line": 1}}]}
+        path = write_temp_json(data)
+        findings = PoutineScanner().parse(path)
+        os.unlink(path)
+        assert findings[0]["severity"] == "HIGH"
+class TestZizmorScanner:
+    def test_valid(self):
+        data = {"findings": [{"rule_id": "z1", "severity": "LOW", "message": "m", "path": "p", "location": {"line": 2}}]}
+        path = write_temp_json(data)
+        findings = ZizmorScanner().parse(path)
+        os.unlink(path)
+        assert findings[0]["severity"] == "LOW"
+class TestGitleaksScanner:
+    def test_valid_list(self):
+        data = [{"file": "f", "ruleID": "r", "description": "d", "line": 1}]
+        path = write_temp_json(data)
+        findings = GitleaksScanner().parse(path)
+        os.unlink(path)
+        assert len(findings) == 1
+        assert findings[0]["severity"] == "HIGH"

devsecops_radar-0.3.2/tests/test_api.py DELETED Viewed

@@ -1,16 +0,0 @@
-import pytest
-from devsecops_radar.web.app import create_app
-@pytest.fixture
-def app():
-    app = create_app()
-    app.config['TESTING'] = True
-    return app
-@pytest.fixture
-def client(app):
-    return app.test_client()
-def test_dashboard_route(client):
-    response = client.get('/')
-    assert response.status_code == 200

devsecops_radar-0.3.2/tests/test_cli.py DELETED Viewed

File without changes

devsecops_radar-0.3.2/tests/test_scanners.py DELETED Viewed

@@ -1,26 +0,0 @@
-import json
-import tempfile
-import os
-from devsecops_radar.scanners.trivy import TrivyScanner
-def test_trivy_parse():
-    scanner = TrivyScanner()
-    data = {
-        "Results": [{
-            "Target": "test-image",
-            "Vulnerabilities": [{
-                "VulnerabilityID": "CVE-2026-0001",
-                "Severity": "HIGH",
-                "Title": "Test vuln",
-                "Description": "Test"
-            }]
-        }]
-    }
-    with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
-        json.dump(data, f)
-        f.flush()
-        findings = scanner.parse(f.name)
-    os.unlink(f.name)
-    assert len(findings) == 1
-    assert findings[0]["severity"] == "HIGH"
-    assert findings[0]["id"] == "CVE-2026-0001"