PyPI - prismor - Versions diffs - 0.1.0__py3-none-any.whl - Mend

prismor 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

prismor/__init__.py +6 -0
prismor/api.py +118 -0
prismor/cli.py +210 -0
prismor-0.1.0.dist-info/METADATA +371 -0
prismor-0.1.0.dist-info/RECORD +9 -0
prismor-0.1.0.dist-info/WHEEL +5 -0
prismor-0.1.0.dist-info/entry_points.txt +2 -0
prismor-0.1.0.dist-info/licenses/LICENSE +22 -0
prismor-0.1.0.dist-info/top_level.txt +1 -0

prismor/__init__.py ADDED Viewed

@@ -0,0 +1,6 @@
+"""Prismor CLI - Security scanning tool for GitHub repositories."""
+__version__ = "0.1.0"
+__author__ = "Prismor"
+__description__ = "A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs"

prismor/api.py ADDED Viewed

@@ -0,0 +1,118 @@
+"""API client for Prismor security scanning service."""
+import os
+import requests
+from typing import Optional, Dict, Any
+class PrismorAPIError(Exception):
+    """Custom exception for Prismor API errors."""
+    pass
+class PrismorClient:
+    """Client for interacting with Prismor API."""
+    def __init__(self, api_key: Optional[str] = None):
+        """Initialize the Prismor API client.
+        Args:
+            api_key: Prismor API key. If not provided, will look for PRISMOR_API_KEY env var.
+        """
+        self.api_key = api_key or os.environ.get("PRISMOR_API_KEY")
+        if not self.api_key:
+            raise PrismorAPIError(
+                "PRISMOR_API_KEY environment variable is not set. "
+                "Please set it with: export PRISMOR_API_KEY=your_api_key"
+            )
+        self.base_url = "https://api.prismor.dev"
+        self.headers = {
+            "Authorization": f"Bearer {self.api_key}",
+            "Content-Type": "application/json"
+        }
+    def normalize_repo_url(self, repo: str) -> str:
+        """Normalize repository input to a full GitHub URL.
+        Args:
+            repo: Repository in format 'username/repo' or full GitHub URL
+        Returns:
+            Full GitHub repository URL
+        """
+        if repo.startswith("http://") or repo.startswith("https://"):
+            return repo
+        # Assume it's in username/repo format
+        if "/" in repo:
+            return f"https://github.com/{repo}"
+        raise PrismorAPIError(
+            f"Invalid repository format: {repo}. "
+            "Please use 'username/repo' or full GitHub URL"
+        )
+    def scan(
+        self,
+        repo: str,
+        vex: bool = False,
+        sbom: bool = False,
+        detect_secret: bool = False,
+        fullscan: bool = False
+    ) -> Dict[str, Any]:
+        """Perform security scan on a GitHub repository.
+        Args:
+            repo: Repository URL or username/repo format
+            vex: Enable vulnerability scanning
+            sbom: Enable SBOM generation
+            detect_secret: Enable secret detection
+            fullscan: Enable all scan types
+        Returns:
+            Dictionary containing scan results
+        """
+        repo_url = self.normalize_repo_url(repo)
+        # Prepare request payload
+        payload = {
+            "repo_url": repo_url,
+            "vex": vex or fullscan,
+            "sbom": sbom or fullscan,
+            "detect_secret": detect_secret or fullscan,
+            "fullscan": fullscan
+        }
+        try:
+            response = requests.post(
+                f"{self.base_url}/scan",
+                json=payload,
+                headers=self.headers,
+                timeout=300  # 5 minute timeout
+            )
+            if response.status_code == 401:
+                raise PrismorAPIError("Invalid API key. Please check your PRISMOR_API_KEY.")
+            if response.status_code == 404:
+                raise PrismorAPIError("API endpoint not found. Please check the API URL.")
+            if response.status_code >= 400:
+                error_msg = response.json().get("error", "Unknown error")
+                raise PrismorAPIError(f"API error: {error_msg}")
+            response.raise_for_status()
+            return response.json()
+        except requests.exceptions.Timeout:
+            raise PrismorAPIError(
+                "Request timed out. The repository scan is taking longer than expected."
+            )
+        except requests.exceptions.ConnectionError:
+            raise PrismorAPIError(
+                "Failed to connect to Prismor API. Please check your internet connection."
+            )
+        except requests.exceptions.RequestException as e:
+            raise PrismorAPIError(f"Request failed: {str(e)}")

prismor/cli.py ADDED Viewed

@@ -0,0 +1,210 @@
+"""Command-line interface for Prismor security scanning tool."""
+import sys
+import json
+import click
+from typing import Optional
+from .api import PrismorClient, PrismorAPIError
+def print_success(message: str):
+    """Print success message in green."""
+    click.secho(f"✓ {message}", fg="green")
+def print_error(message: str):
+    """Print error message in red."""
+    click.secho(f"✗ {message}", fg="red", err=True)
+def print_info(message: str):
+    """Print info message in blue."""
+    click.secho(f"ℹ {message}", fg="blue")
+def print_warning(message: str):
+    """Print warning message in yellow."""
+    click.secho(f"⚠ {message}", fg="yellow")
+def format_scan_results(results: dict, scan_type: str):
+    """Format and display scan results."""
+    click.echo("\n" + "=" * 60)
+    click.secho(f"  Scan Results - {scan_type}", fg="cyan", bold=True)
+    click.echo("=" * 60 + "\n")
+    # Display repository information
+    if "repository" in results:
+        click.secho("Repository:", fg="yellow", bold=True)
+        click.echo(f"  {results['repository']}\n")
+    # Display scan status
+    if "status" in results:
+        status_color = "green" if results["status"] == "success" else "red"
+        click.secho(f"Status: ", fg="yellow", bold=True, nl=False)
+        click.secho(results["status"], fg=status_color)
+        click.echo()
+    # Display scan results based on type
+    if "scan_results" in results:
+        scan_data = results["scan_results"]
+        # Vulnerability scan results
+        if "vulnerabilities" in scan_data or "Results" in scan_data:
+            click.secho("Vulnerabilities Found:", fg="yellow", bold=True)
+            vuln_data = scan_data.get("vulnerabilities", scan_data.get("Results", []))
+            if isinstance(vuln_data, list):
+                click.echo(f"  Total: {len(vuln_data)}")
+            else:
+                click.echo(f"  Data available in detailed output")
+            click.echo()
+        # Secret scan results
+        if "secrets" in scan_data or "findings_summary" in scan_data:
+            click.secho("Secrets Detected:", fg="yellow", bold=True)
+            secrets = scan_data.get("secrets", scan_data.get("findings_summary", {}))
+            if isinstance(secrets, dict):
+                for key, value in secrets.items():
+                    click.echo(f"  {key}: {value}")
+            else:
+                click.echo(f"  {len(secrets) if isinstance(secrets, list) else 'Data available'}")
+            click.echo()
+        # SBOM results
+        if "sbom" in scan_data or "artifacts" in scan_data:
+            click.secho("SBOM Generated:", fg="yellow", bold=True)
+            sbom_data = scan_data.get("sbom", scan_data.get("artifacts", []))
+            if isinstance(sbom_data, list):
+                click.echo(f"  Total artifacts: {len(sbom_data)}")
+            else:
+                click.echo(f"  SBOM data available")
+            click.echo()
+    # Display result URLs if available
+    if "public_url" in results:
+        click.secho("Results URL:", fg="yellow", bold=True)
+        click.echo(f"  {results['public_url']}\n")
+    if "presigned_url" in results:
+        click.secho("Download URL:", fg="yellow", bold=True)
+        click.echo(f"  {results['presigned_url']}\n")
+    click.echo("=" * 60 + "\n")
+@click.group(invoke_without_command=True)
+@click.option(
+    "--scan",
+    type=str,
+    help="Repository to scan (username/repo or full GitHub URL)"
+)
+@click.option("--vex", is_flag=True, help="Perform vulnerability scanning")
+@click.option("--sbom", is_flag=True, help="Generate Software Bill of Materials")
+@click.option("--detect-secret", is_flag=True, help="Detect secrets in repository")
+@click.option("--fullscan", is_flag=True, help="Perform all scan types")
+@click.option("--json", "output_json", is_flag=True, help="Output results in JSON format")
+@click.version_option(version="0.1.0", prog_name="prismor")
+@click.pass_context
+def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool,
+        fullscan: bool, output_json: bool):
+    """Prismor CLI - Security scanning tool for GitHub repositories.
+    Examples:
+        prismor --scan username/repo --vex
+        prismor --scan username/repo --fullscan
+        prismor --scan https://github.com/username/repo --detect-secret
+    """
+    # If no command and no scan option, show help
+    if ctx.invoked_subcommand is None and not scan:
+        click.echo(ctx.get_help())
+        return
+    # If scan option is provided, perform the scan
+    if scan:
+        # Check if at least one scan type is selected
+        if not any([vex, sbom, detect_secret, fullscan]):
+            print_error("Please specify at least one scan type: --vex, --sbom, --detect-secret, or --fullscan")
+            sys.exit(1)
+        try:
+            # Initialize API client
+            print_info(f"Initializing Prismor scan for: {scan}")
+            client = PrismorClient()
+            # Determine scan type for display
+            scan_types = []
+            if fullscan:
+                scan_types.append("Full Scan (VEX + SBOM + Secret Detection)")
+            else:
+                if vex:
+                    scan_types.append("VEX")
+                if sbom:
+                    scan_types.append("SBOM")
+                if detect_secret:
+                    scan_types.append("Secret Detection")
+            print_info(f"Scan type: {', '.join(scan_types)}")
+            print_info("Starting scan... (this may take a few minutes)")
+            # Perform scan
+            results = client.scan(
+                repo=scan,
+                vex=vex,
+                sbom=sbom,
+                detect_secret=detect_secret,
+                fullscan=fullscan
+            )
+            # Output results
+            if output_json:
+                click.echo(json.dumps(results, indent=2))
+            else:
+                print_success("Scan completed successfully!")
+                format_scan_results(results, ', '.join(scan_types))
+        except PrismorAPIError as e:
+            print_error(str(e))
+            sys.exit(1)
+        except Exception as e:
+            print_error(f"Unexpected error: {str(e)}")
+            sys.exit(1)
+@cli.command()
+def version():
+    """Display the version of Prismor CLI."""
+    click.echo("Prismor CLI v0.1.0")
+@cli.command()
+def config():
+    """Display current configuration."""
+    import os
+    click.echo("\n" + "=" * 60)
+    click.secho("  Prismor CLI Configuration", fg="cyan", bold=True)
+    click.echo("=" * 60 + "\n")
+    # Check API key
+    api_key = os.environ.get("PRISMOR_API_KEY")
+    if api_key:
+        # Show only first and last 4 characters
+        masked_key = f"{api_key[:4]}...{api_key[-4:]}" if len(api_key) > 8 else "***"
+        print_success(f"PRISMOR_API_KEY: {masked_key}")
+    else:
+        print_error("PRISMOR_API_KEY: Not set")
+        click.echo("\nTo set your API key, run:")
+        click.echo("  export PRISMOR_API_KEY=your_api_key")
+    click.echo("\nAPI Endpoint: https://api.prismor.dev")
+    click.echo("=" * 60 + "\n")
+def main():
+    """Entry point for the CLI."""
+    cli()
+if __name__ == "__main__":
+    main()

prismor-0.1.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,371 @@
+Metadata-Version: 2.4
+Name: prismor
+Version: 0.1.0
+Summary: A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs
+Home-page: https://github.com/PrismorSec/prismor-cli
+Author: Prismor
+Author-email: support@prismor.dev
+Project-URL: Bug Reports, https://github.com/PrismorSec/prismor-cli/issues
+Project-URL: Source, https://github.com/PrismorSec/prismor-cli
+Project-URL: Documentation, https://docs.prismor.dev
+Project-URL: Homepage, https://prismor.dev
+Keywords: security scanning vulnerability sbom secrets github
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click>=8.0.0
+Requires-Dist: requests>=2.25.0
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: keywords
+Dynamic: license-file
+Dynamic: project-url
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+# Prismor CLI
+A powerful command-line tool for scanning GitHub repositories for security vulnerabilities, secrets, and generating Software Bill of Materials (SBOM).
+**Get started at [https://prismor.dev](https://prismor.dev)** - Sign up for free to get your API key and access full dashboarding and analysis features!
+## Features
+- 🔍 **Vulnerability Scanning (VEX)** - Detect security vulnerabilities in your codebase
+- 🔐 **Secret Detection** - Find exposed secrets, API keys, and credentials
+- 📦 **SBOM Generation** - Generate comprehensive Software Bill of Materials
+- ⚡ **Full Scan** - Run all security checks in one command
+- 🎨 **Beautiful CLI Output** - Colorful, easy-to-read results
+- 🔗 **Flexible Repository Input** - Support for `username/repo` or full GitHub URLs
+## Quick Start
+1. **Sign up** at [https://prismor.dev](https://prismor.dev)
+2. **Generate your API Key** from the dashboard
+3. **Install** the CLI: `pip install prismor`
+4. **Set your API key**: `export PRISMOR_API_KEY=your_api_key`
+5. **Run your first scan**: `prismor --scan username/repo --fullscan`
+For the complete analysis with dashboards and reports, visit [Prismor.dev](https://prismor.dev) after running scans!
+## Installation
+Install Prismor CLI via pip:
+```bash
+pip install prismor
+```
+## Prerequisites
+### Getting Your API Key
+Before using Prismor CLI, you need to get your API key from [Prismor.dev](https://prismor.dev):
+1. Visit [https://prismor.dev](https://prismor.dev)
+2. **Sign up** for a free account
+3. Navigate to your dashboard
+4. **Generate an API Key**
+5. Copy your API key
+### Setting Up Your API Key
+Once you have your API key, set it as an environment variable:
+```bash
+export PRISMOR_API_KEY=your_api_key_here
+```
+To make this permanent, add it to your shell configuration file (`~/.bashrc`, `~/.zshrc`, etc.):
+```bash
+echo 'export PRISMOR_API_KEY=your_api_key_here' >> ~/.zshrc
+source ~/.zshrc
+```
+### Private Repositories
+To scan **private repositories**, you need to integrate your GitHub account:
+1. Go to [Prismor.dev](https://prismor.dev)
+2. Navigate to **Settings** or **Integrations**
+3. **Connect your GitHub account**
+4. Authorize Prismor to access your private repositories
+This allows Prismor to securely access and scan your private repositories.
+## Usage
+### Basic Syntax
+```bash
+prismor --scan <repository> [scan-type]
+```
+### Repository Format
+You can specify repositories in two ways:
+1. **Username/Repository format:**
+   ```bash
+   prismor --scan Ar9av/trychai-web-revamped --fullscan
+   ```
+2. **Full GitHub URL:**
+   ```bash
+   prismor --scan https://github.com/Ar9av/trychai-web-revamped --fullscan
+   ```
+### Scan Types
+#### 1. Vulnerability Scanning (VEX)
+Scan for security vulnerabilities in your dependencies and code:
+```bash
+prismor --scan myrepository --vex
+```
+#### 2. Secret Detection
+Detect exposed secrets, API keys, passwords, and other sensitive information:
+```bash
+prismor --scan myrepository --detect-secret
+```
+#### 3. SBOM Generation
+Generate a Software Bill of Materials for your repository:
+```bash
+prismor --scan myrepository --sbom
+```
+#### 4. Full Scan
+Run all security checks (VEX + Secret Detection + SBOM):
+```bash
+prismor --scan myrepository --fullscan
+```
+### Multiple Scan Types
+You can combine multiple scan types:
+```bash
+prismor --scan myrepository --vex --detect-secret
+```
+### JSON Output
+Get results in JSON format for automation and integration:
+```bash
+prismor --scan myrepository --fullscan --json
+```
+## Examples
+### Example 1: Quick Vulnerability Scan
+```bash
+prismor --scan facebook/react --vex
+```
+### Example 2: Comprehensive Security Audit
+```bash
+prismor --scan https://github.com/microsoft/vscode --fullscan
+```
+### Example 3: Secret Detection Only
+```bash
+prismor --scan openai/gpt-3 --detect-secret
+```
+### Example 4: SBOM Generation with JSON Output
+```bash
+prismor --scan kubernetes/kubernetes --sbom --json > sbom-results.json
+```
+## Additional Commands
+### Check Configuration
+View your current Prismor CLI configuration:
+```bash
+prismor config
+```
+### Version Information
+Display the version of Prismor CLI:
+```bash
+prismor version
+```
+Or:
+```bash
+prismor --version
+```
+### Help
+Get help and see all available options:
+```bash
+prismor --help
+```
+## Output
+Prismor CLI provides clear, colorful output with:
+- ✓ Success indicators
+- ✗ Error messages
+- ℹ Information updates
+- ⚠ Warnings
+- Detailed scan results including:
+  - Repository information
+  - Vulnerability counts
+  - Secret detection findings
+  - SBOM artifact counts
+  - Download links for detailed reports
+## Full Analysis & Dashboarding
+For comprehensive analysis and visualization of your scan results, visit the **[Prismor Dashboard](https://prismor.dev)**:
+### Features Available on Prismor.dev:
+- 📊 **Interactive Dashboards** - Visualize security trends and metrics
+- 📈 **Historical Analysis** - Track vulnerabilities over time
+- 🎯 **Detailed Reports** - In-depth analysis of all findings
+- 🔔 **Alerts & Notifications** - Get notified of critical issues
+- 👥 **Team Collaboration** - Share reports with your team
+- 🔄 **CI/CD Integration** - Automate scans in your pipeline
+- 📁 **Repository Management** - Manage multiple repositories in one place
+### Accessing Full Reports:
+After running a scan with the CLI, you can:
+1. Visit [https://prismor.dev](https://prismor.dev)
+2. Log into your dashboard
+3. View all your scan results with rich visualizations
+4. Export reports in various formats
+5. Set up automated scanning schedules
+The CLI provides quick results in your terminal, while the web dashboard offers comprehensive analysis and long-term security monitoring.
+## API Information
+Prismor CLI communicates with the Prismor API at `https://api.prismor.dev`. The CLI handles:
+- Authentication via API key
+- Request formatting
+- Error handling
+- Response parsing
+- Result presentation
+## Troubleshooting
+### API Key Not Set
+If you see an error about `PRISMOR_API_KEY` not being set:
+```bash
+export PRISMOR_API_KEY=your_api_key_here
+```
+### Invalid Repository Format
+Ensure your repository is in one of these formats:
+- `username/repository`
+- `https://github.com/username/repository`
+### Connection Issues
+If you experience connection issues:
+1. Check your internet connection
+2. Verify the API endpoint is accessible
+3. Ensure your API key is valid
+## Development
+### Local Installation
+For development, clone the repository and install in editable mode:
+```bash
+git clone https://github.com/PrismorSec/prismor-cli.git
+cd prismor-cli
+pip install -e .
+```
+### Project Structure
+```
+prismor-cli/
+├── prismor/
+│   ├── __init__.py      # Package initialization
+│   ├── cli.py           # CLI interface and commands
+│   └── api.py           # API client and communication
+├── setup.py             # Package configuration
+├── requirements.txt     # Dependencies
+└── README.md            # Documentation
+```
+## Requirements
+- Python 3.7 or higher
+- `click` >= 8.0.0
+- `requests` >= 2.25.0
+## License
+MIT License - See LICENSE file for details
+## Support
+- **Website**: [https://prismor.dev](https://prismor.dev)
+- **Dashboard**: [https://prismor.dev](https://prismor.dev) (Sign up for full features)
+- **Documentation**: [https://docs.prismor.dev](https://docs.prismor.dev)
+- **Issues**: [https://github.com/PrismorSec/prismor-cli/issues](https://github.com/prismor/prismor-cli/issues)
+### Need Help?
+1. Visit [Prismor.dev](https://prismor.dev) for full documentation and support
+2. Check the dashboard for detailed scan results and analysis
+3. Join our community for questions and discussions
+## Contributing
+Contributions are welcome! Please feel free to submit a Pull Request.
+---
+Made with ❤️ by Prismor

prismor-0.1.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,9 @@
+prismor/__init__.py,sha256=d_7a1UaXHGT7kAzI5fERetpR2vEj349becGSTKatQU0,230
+prismor/api.py,sha256=jnbxgzDJjYLGxC5viT18xVjcmbupFecvlb-ph8J0yik,3938
+prismor/cli.py,sha256=zjRJH9li_0_2CNquI4Y14alGpmiq1d-P_rZBTp4bS6I,7310
+prismor-0.1.0.dist-info/licenses/LICENSE,sha256=qWFF8Eh6gpZOq_3effdd6hfeMN2WN9ZG4vOyFk2MyhU,1065
+prismor-0.1.0.dist-info/METADATA,sha256=2boiqdtLo65Do3pxw_P7wWmU-FjVv95S43b3xfNT7Ps,9394
+prismor-0.1.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+prismor-0.1.0.dist-info/entry_points.txt,sha256=Uiu0HW04eq2Gb6sQC9o-LqMKMyW1SKwkojxrkFeVfqg,45
+prismor-0.1.0.dist-info/top_level.txt,sha256=nlJGoJ3fQXRL27RXQ5LJU2LX1kl1VSgKXyKjcSR28lw,8
+prismor-0.1.0.dist-info/RECORD,,

prismor-0.1.0.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.9.0)
+Root-Is-Purelib: true
+Tag: py3-none-any

prismor-0.1.0.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ prismor = prismor.cli:main

prismor-0.1.0.dist-info/licenses/LICENSE ADDED Viewed

@@ -0,0 +1,22 @@
+MIT License
+Copyright (c) 2025 Prismor
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

prismor-0.1.0.dist-info/top_level.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ prismor