owasp-guard-cli 0.2.0__tar.gz

owasp_guard_cli-0.2.0/PKG-INFO

@@ -0,0 +1,150 @@
+Metadata-Version: 2.4
+Name: owasp-guard-cli
+Version: 0.2.0
+Summary: OWASP Guard CLI: prompt-engineered secure code inspector
+Author: CBRS503 Team
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/jeanclaudegeage/owasp-guard
+Project-URL: Issues, https://github.com/jeanclaudegeage/owasp-guard/issues
+Keywords: security,owasp,sast,cli,code-scanner
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Environment :: Console
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+Requires-Dist: langchain>=0.3.0
+Requires-Dist: langchain-groq>=0.2.0
+Requires-Dist: pydantic>=2.7.0
+Requires-Dist: python-dotenv>=1.0.1
+Requires-Dist: rich>=13.7.0
+
+# OWASP Guard CLI
+
+OWASP Guard is a prompt-engineered secure code inspection CLI for identifying OWASP Top 10 (2021) issues in source code.
+
+It scans a repository or single file, performs chunked LLM analysis with a verification pass, then generates:
+- `report.json` for pipelines and automation
+- `report.md` for human review and audit
+
+## Key Features
+- OWASP-focused findings with confidence scoring
+- Chunk-based analysis with route/function-aware heuristics
+- Verification pass to reduce false positives
+- Deduplication of repeated findings
+- Progress-rich terminal UI
+- Broad multi-language and config/IaC file support
+
+## Requirements
+- Python `3.11+`
+- Groq API key
+
+## Installation
+From PyPI:
+```bash
+pip install owasp-guard-cli
+```
+
+From source:
+```bash
+pip install -r requirements.txt
+pip install -e .
+```
+
+## Quick Start
+1. Configure API key:
+```bash
+owasp-guard init
+```
+
+2. Run scan:
+```bash
+owasp-guard scan ./project --output-dir outputs
+```
+
+3. Review outputs:
+- `outputs/report.json`
+- `outputs/report.md`
+
+## CLI Usage
+Main help:
+```bash
+owasp-guard --help
+owasp-guard help
+```
+
+Topic help:
+```bash
+owasp-guard help init
+owasp-guard help scan
+owasp-guard help reports
+owasp-guard help errors
+```
+
+Alias entrypoint:
+```bash
+owasp help
+owasp help scan
+```
+
+## Common Commands
+Initialize with provided key:
+```bash
+owasp-guard init --api-key gsk_xxx
+```
+
+Scan repo:
+```bash
+owasp-guard scan "D:\path\to\repo" --output-dir outputs
+```
+
+Scan single file:
+```bash
+owasp-guard scan "D:\path\to\file.py" --output-dir outputs
+```
+
+Fixed-scope evaluation:
+```bash
+owasp-guard scan "D:\path\to\repo" --max-files 10 --output-dir outputs
+```
+
+Custom model:
+```bash
+owasp-guard scan ./project --model llama-3.1-8b-instant
+```
+
+## Report Schema Summary
+`report.json` includes:
+- tool metadata and report version
+- methodology metadata
+- scope metrics (`total_files`, `total_chunks`, `total_findings`)
+- summary metrics (`risk_score_10`, severity and OWASP distributions)
+- full findings list
+
+`report.md` includes:
+- executive summary and risk score
+- OWASP and file impact distribution
+- findings index and detailed evidence/fix sections
+- priority action plan and remediation roadmap
+
+## Exit Codes
+- `0`: scan completed with no findings
+- `1`: scan completed with findings
+- `2`: invalid CLI usage
+- `3`: runtime error
+
+## Error Types
+- `Configuration Error`: missing/invalid API key or unreadable config
+- `Input Error`: bad path, unsupported file type, invalid `--max-files`, empty scope
+- `API Error`: model/provider failures
+- `Report Error`: output write/serialization failures
+- `Scan Error`: chunking or scan pipeline failures
+
+## Repository Docs
+- Project prompt evolution: `PROMPT_LOG.md`
+- Tool benchmark worksheet: `comparison.md`
+- Sample outputs: `report.md`, `testotpt/report.md`, `juiceotpt/report.md`

owasp_guard_cli-0.2.0/README.md

@@ -0,0 +1,125 @@
+# OWASP Guard CLI
+
+OWASP Guard is a prompt-engineered secure code inspection CLI for identifying OWASP Top 10 (2021) issues in source code.
+
+It scans a repository or single file, performs chunked LLM analysis with a verification pass, then generates:
+- `report.json` for pipelines and automation
+- `report.md` for human review and audit
+
+## Key Features
+- OWASP-focused findings with confidence scoring
+- Chunk-based analysis with route/function-aware heuristics
+- Verification pass to reduce false positives
+- Deduplication of repeated findings
+- Progress-rich terminal UI
+- Broad multi-language and config/IaC file support
+
+## Requirements
+- Python `3.11+`
+- Groq API key
+
+## Installation
+From PyPI:
+```bash
+pip install owasp-guard-cli
+```
+
+From source:
+```bash
+pip install -r requirements.txt
+pip install -e .
+```
+
+## Quick Start
+1. Configure API key:
+```bash
+owasp-guard init
+```
+
+2. Run scan:
+```bash
+owasp-guard scan ./project --output-dir outputs
+```
+
+3. Review outputs:
+- `outputs/report.json`
+- `outputs/report.md`
+
+## CLI Usage
+Main help:
+```bash
+owasp-guard --help
+owasp-guard help
+```
+
+Topic help:
+```bash
+owasp-guard help init
+owasp-guard help scan
+owasp-guard help reports
+owasp-guard help errors
+```
+
+Alias entrypoint:
+```bash
+owasp help
+owasp help scan
+```
+
+## Common Commands
+Initialize with provided key:
+```bash
+owasp-guard init --api-key gsk_xxx
+```
+
+Scan repo:
+```bash
+owasp-guard scan "D:\path\to\repo" --output-dir outputs
+```
+
+Scan single file:
+```bash
+owasp-guard scan "D:\path\to\file.py" --output-dir outputs
+```
+
+Fixed-scope evaluation:
+```bash
+owasp-guard scan "D:\path\to\repo" --max-files 10 --output-dir outputs
+```
+
+Custom model:
+```bash
+owasp-guard scan ./project --model llama-3.1-8b-instant
+```
+
+## Report Schema Summary
+`report.json` includes:
+- tool metadata and report version
+- methodology metadata
+- scope metrics (`total_files`, `total_chunks`, `total_findings`)
+- summary metrics (`risk_score_10`, severity and OWASP distributions)
+- full findings list
+
+`report.md` includes:
+- executive summary and risk score
+- OWASP and file impact distribution
+- findings index and detailed evidence/fix sections
+- priority action plan and remediation roadmap
+
+## Exit Codes
+- `0`: scan completed with no findings
+- `1`: scan completed with findings
+- `2`: invalid CLI usage
+- `3`: runtime error
+
+## Error Types
+- `Configuration Error`: missing/invalid API key or unreadable config
+- `Input Error`: bad path, unsupported file type, invalid `--max-files`, empty scope
+- `API Error`: model/provider failures
+- `Report Error`: output write/serialization failures
+- `Scan Error`: chunking or scan pipeline failures
+
+## Repository Docs
+- Project prompt evolution: `PROMPT_LOG.md`
+- Tool benchmark worksheet: `comparison.md`
+- Sample outputs: `report.md`, `testotpt/report.md`, `juiceotpt/report.md`

owasp_guard_cli-0.2.0/pyproject.toml

@@ -0,0 +1,47 @@
+[build-system]
+requires = ["setuptools>=69", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "owasp-guard-cli"
+version = "0.2.0"
+description = "OWASP Guard CLI: prompt-engineered secure code inspector"
+readme = "README.md"
+requires-python = ">=3.11"
+license = "MIT"
+authors = [
+  { name = "CBRS503 Team" }
+]
+dependencies = [
+  "langchain>=0.3.0",
+  "langchain-groq>=0.2.0",
+  "pydantic>=2.7.0",
+  "python-dotenv>=1.0.1",
+  "rich>=13.7.0",
+]
+classifiers = [
+  "Development Status :: 3 - Alpha",
+  "Intended Audience :: Developers",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Topic :: Security",
+  "Topic :: Software Development :: Quality Assurance",
+  "Environment :: Console",
+]
+keywords = ["security", "owasp", "sast", "cli", "code-scanner"]
+
+[project.scripts]
+owasp-guard = "owasp_guard.cli:main"
+owasp = "owasp_guard.cli:main"
+
+[project.urls]
+Homepage = "https://github.com/jeanclaudegeage/owasp-guard"
+Issues = "https://github.com/jeanclaudegeage/owasp-guard/issues"
+
+[tool.setuptools]
+package-dir = {"" = "src"}
+
+[tool.setuptools.packages.find]
+where = ["src"]
+include = ["owasp_guard", "owasp_guard.*"]

owasp_guard_cli-0.2.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

owasp_guard_cli-0.2.0/setup.py

@@ -0,0 +1,3 @@
+from setuptools import setup
+
+setup()

owasp_guard_cli-0.2.0/src/owasp_guard/__init__.py

@@ -0,0 +1,3 @@
+__all__ = ['__version__']
+__version__ = '0.2.0'
+

owasp_guard_cli-0.2.0/src/owasp_guard/__main__.py

@@ -0,0 +1,5 @@
+from .cli import main
+
+if __name__ == '__main__':
+    main()
+