prismor 0.1.1__tar.gz → 1.0.5__tar.gz

{prismor-0.1.1/prismor.egg-info → prismor-1.0.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prismor
-Version: 0.1.1
+Version: 1.0.5
 Summary: A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs
 Home-page: https://github.com/PrismorSec/prismor-cli
 Author: Prismor
@@ -48,12 +48,12 @@ A powerful command-line tool for scanning GitHub repositories for security vulne
 
 ## Features
 
-- 🔍 **Vulnerability Scanning (VEX)** - Detect security vulnerabilities in your codebase
+- 🔍 **Vulnerability Scanning (scan)** - Detect security vulnerabilities in your codebase
 - 🔐 **Secret Detection** - Find exposed secrets, API keys, and credentials
 - 📦 **SBOM Generation** - Generate comprehensive Software Bill of Materials
 - ⚡ **Full Scan** - Run all security checks in one command
 - 🎨 **Beautiful CLI Output** - Colorful, easy-to-read results
-- 🔗 **Flexible Repository Input** - Support for `username/repo` or full GitHub URLs
+- 🔗 **Flexible Repository Input** - Support for multiple GitHub URL formats including SSH, HTTPS, and bare domain formats
 
 ## Quick Start
 
@@ -61,7 +61,7 @@ A powerful command-line tool for scanning GitHub repositories for security vulne
 2. **Generate your API Key** from the dashboard
 3. **Install** the CLI: `pip install prismor`
 4. **Set your API key**: `export PRISMOR_API_KEY=your_api_key`
-5. **Run your first scan**: `prismor --scan username/repo --fullscan`
+5. **Run your first scan**: `prismor --repo username/repo --fullscan`
 
 For the complete analysis with dashboards and reports, visit [Prismor.dev](https://prismor.dev) after running scans!
 
@@ -116,39 +116,91 @@ This allows Prismor to securely access and scan your private repositories.
 ### Basic Syntax
 
 ```bash
-prismor --scan <repository> [scan-type]
+prismor --repo <repository> [scan-type]
 ```
 
+**Note**: The `--scan` flag is used to enable vulnerability scanning, while `--repo` specifies the repository to scan.
+
 ### Repository Format
 
-You can specify repositories in two ways:
+Prismor CLI supports multiple GitHub repository URL formats for maximum flexibility:
+
+#### 1. **Username/Repository format** (recommended):
+```bash
+prismor --repo Ar9av/trychai-web-revamped --fullscan
+```
+
+#### 2. **HTTPS URLs**:
+```bash
+prismor --repo https://github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo https://www.github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo https://github.com/Ar9av/trychai-web-revamped.git --fullscan
+```
+
+#### 3. **HTTP URLs**:
+```bash
+prismor --repo http://github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo http://www.github.com/Ar9av/trychai-web-revamped --fullscan
+```
+
+#### 4. **Bare domain formats**:
+```bash
+prismor --repo github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo www.github.com/Ar9av/trychai-web-revamped --fullscan
+```
+
+#### 5. **SSH format**:
+```bash
+prismor --repo git@github.com:Ar9av/trychai-web-revamped.git --fullscan
+```
+
+#### 6. **URLs with paths and fragments**:
+```bash
+prismor --repo https://github.com/Ar9av/trychai-web-revamped/tree/main --fullscan
+prismor --repo https://github.com/Ar9av/trychai-web-revamped/blob/main/file.py --fullscan
+prismor --repo https://github.com/Ar9av/trychai-web-revamped#branch --fullscan
+```
+
+**All formats are automatically parsed and normalized to extract the `user/repo_name` format for processing.**
 
-1. **Username/Repository format:**
-   ```bash
-   prismor --scan Ar9av/trychai-web-revamped --fullscan
-   ```
+### Smart URL Parsing
 
-2. **Full GitHub URL:**
-   ```bash
-   prismor --scan https://github.com/Ar9av/trychai-web-revamped --fullscan
-   ```
+Prismor CLI features intelligent GitHub URL parsing that automatically:
+
+- ✅ **Detects and extracts** repository information from any supported format
+- ✅ **Handles edge cases** like trailing slashes, `.git` suffixes, and branch references
+- ✅ **Validates input** to ensure it's a valid GitHub repository
+- ✅ **Provides clear error messages** for unsupported formats
+- ✅ **Supports special characters** in repository names (hyphens, underscores, numbers)
+
+**Examples of what gets automatically parsed:**
+```bash
+# All of these resolve to "facebook/react":
+prismor --repo facebook/react --scan
+prismor --repo https://github.com/facebook/react --scan
+prismor --repo git@github.com:facebook/react.git --scan
+prismor --repo github.com/facebook/react --scan
+prismor --repo https://github.com/facebook/react/tree/main --scan
+```
 
 ### Scan Types
 
-#### 1. Vulnerability Scanning (VEX)
+#### 1. Vulnerability Scanning (scan)
 
 Scan for security vulnerabilities in your dependencies and code:
 
 ```bash
-prismor --scan myrepository --vex
+prismor --repo myrepository --scan
 ```
 
+**Note**: Vulnerability scans now run asynchronously for large repositories. The CLI will wait for completion automatically, but you can also use `prismor start-scan` to get a job ID and check status separately.
+
 #### 2. Secret Detection
 
 Detect exposed secrets, API keys, passwords, and other sensitive information:
 
 ```bash
-prismor --scan myrepository --detect-secret
+prismor --repo myrepository --detect-secret
 ```
 
 #### 3. SBOM Generation
@@ -156,15 +208,15 @@ prismor --scan myrepository --detect-secret
 Generate a Software Bill of Materials for your repository:
 
 ```bash
-prismor --scan myrepository --sbom
+prismor --repo myrepository --sbom
 ```
 
 #### 4. Full Scan
 
-Run all security checks (VEX + Secret Detection + SBOM):
+Run all security checks (scan + Secret Detection + SBOM):
 
 ```bash
-prismor --scan myrepository --fullscan
+prismor --repo myrepository --fullscan
 ```
 
 ### Multiple Scan Types
@@ -172,7 +224,7 @@ prismor --scan myrepository --fullscan
 You can combine multiple scan types:
 
 ```bash
-prismor --scan myrepository --vex --detect-secret
+prismor --repo myrepository --scan --detect-secret
 ```
 
 ### JSON Output
@@ -180,37 +232,127 @@ prismor --scan myrepository --vex --detect-secret
 Get results in JSON format for automation and integration:
 
 ```bash
-prismor --scan myrepository --fullscan --json
+prismor --repo myrepository --fullscan --json
 ```
 
 ## Examples
 
-### Example 1: Quick Vulnerability Scan
+### Example 1: Quick Vulnerability Scan (Username/Repo format)
+
+```bash
+prismor --repo facebook/react --scan
+```
+
+### Example 2: Comprehensive Security Audit (HTTPS URL)
+
+```bash
+prismor --repo https://github.com/microsoft/vscode --fullscan
+```
+
+### Example 3: Secret Detection with SSH URL
+
+```bash
+prismor --repo git@github.com:openai/gpt-3.git --detect-secret
+```
+
+### Example 4: SBOM Generation with Bare Domain
 
 ```bash
-prismor --scan facebook/react --vex
+prismor --repo github.com/kubernetes/kubernetes --sbom --json > sbom-results.json
 ```
 
-### Example 2: Comprehensive Security Audit
+### Example 5: Full Scan with Branch Reference
 
 ```bash
-prismor --scan https://github.com/microsoft/vscode --fullscan
+prismor --repo https://github.com/tensorflow/tensorflow/tree/v2.13.0 --fullscan
 ```
 
-### Example 3: Secret Detection Only
+### Example 6: Multiple Scan Types with Different URL Formats
 
 ```bash
-prismor --scan openai/gpt-3 --detect-secret
+# Using HTTPS URL
+prismor --repo https://github.com/pytorch/pytorch --scan --sbom
+
+# Using SSH URL
+prismor --repo git@github.com:nodejs/node.git --detect-secret --sbom
+
+# Using bare domain
+prismor --repo www.github.com/vercel/next.js --fullscan
 ```
 
-### Example 4: SBOM Generation with JSON Output
+### Example 7: Async Scan with Status Checking
 
 ```bash
-prismor --scan kubernetes/kubernetes --sbom --json > sbom-results.json
+# Start a scan and get job ID
+prismor start-scan username/repo --branch main
+
+# Check scan status (use job ID from previous command)
+prismor scan-status <job_id>
+
+# Check status with JSON output
+prismor scan-status <job_id> --json
 ```
 
 ## Additional Commands
 
+### Start Async Vulnerability Scan
+
+Start a vulnerability scan asynchronously and get a job ID for status checking:
+
+```bash
+prismor start-scan username/repo
+prismor start-scan username/repo --branch develop
+prismor start-scan username/repo --token ghp_xxxxx
+```
+
+**Note**: Requires GitHub token. Set `GITHUB_TOKEN` environment variable or use `--token` option.
+
+### Check Scan Status
+
+Check the status of a running or completed vulnerability scan:
+
+```bash
+prismor scan-status <job_id>
+prismor scan-status <job_id> --json
+```
+
+**Status Response Includes**:
+- Job status (running/completed/failed)
+- Repository and branch information
+- Results URLs (public and presigned)
+- Vulnerability summary with severity breakdown
+- Scan date and duration
+
+**Example Output**:
+```
+============================================================
+  Scan Status
+============================================================
+
+Job ID: abc123def456...
+
+Status: completed
+
+Repository:
+  https://github.com/username/repo
+
+Branch:
+  main
+
+Vulnerability Summary:
+  Total Vulnerabilities: 15
+  Total Targets Scanned: 3
+
+  Severity Breakdown:
+    CRITICAL: 2
+    HIGH: 5
+    MEDIUM: 6
+    LOW: 2
+
+Results URL:
+  https://prismor-sbom-public-dev.s3.amazonaws.com/...
+```
+
 ### Check Configuration
 
 View your current Prismor CLI configuration:
@@ -303,9 +445,24 @@ export PRISMOR_API_KEY=your_api_key_here
 
 ### Invalid Repository Format
 
-Ensure your repository is in one of these formats:
-- `username/repository`
+Ensure your repository is in one of the supported formats:
+
+**Supported formats:**
+- `username/repository` (recommended)
 - `https://github.com/username/repository`
+- `https://www.github.com/username/repository`
+- `http://github.com/username/repository`
+- `http://www.github.com/username/repository`
+- `github.com/username/repository`
+- `www.github.com/username/repository`
+- `git@github.com:username/repository.git`
+- `https://github.com/username/repository/tree/branch`
+- `https://github.com/username/repository/blob/branch/file`
+
+**Not supported:**
+- Non-GitHub URLs (GitLab, Bitbucket, etc.)
+- Invalid URL formats
+- Empty or malformed repository names
 
 ### Connection Issues
 

{prismor-0.1.1 → prismor-1.0.5}/README.md

@@ -6,12 +6,12 @@ A powerful command-line tool for scanning GitHub repositories for security vulne
 
 ## Features
 
-- 🔍 **Vulnerability Scanning (VEX)** - Detect security vulnerabilities in your codebase
+- 🔍 **Vulnerability Scanning (scan)** - Detect security vulnerabilities in your codebase
 - 🔐 **Secret Detection** - Find exposed secrets, API keys, and credentials
 - 📦 **SBOM Generation** - Generate comprehensive Software Bill of Materials
 - ⚡ **Full Scan** - Run all security checks in one command
 - 🎨 **Beautiful CLI Output** - Colorful, easy-to-read results
-- 🔗 **Flexible Repository Input** - Support for `username/repo` or full GitHub URLs
+- 🔗 **Flexible Repository Input** - Support for multiple GitHub URL formats including SSH, HTTPS, and bare domain formats
 
 ## Quick Start
 
@@ -19,7 +19,7 @@ A powerful command-line tool for scanning GitHub repositories for security vulne
 2. **Generate your API Key** from the dashboard
 3. **Install** the CLI: `pip install prismor`
 4. **Set your API key**: `export PRISMOR_API_KEY=your_api_key`
-5. **Run your first scan**: `prismor --scan username/repo --fullscan`
+5. **Run your first scan**: `prismor --repo username/repo --fullscan`
 
 For the complete analysis with dashboards and reports, visit [Prismor.dev](https://prismor.dev) after running scans!
 
@@ -74,39 +74,91 @@ This allows Prismor to securely access and scan your private repositories.
 ### Basic Syntax
 
 ```bash
-prismor --scan <repository> [scan-type]
+prismor --repo <repository> [scan-type]
 ```
 
+**Note**: The `--scan` flag is used to enable vulnerability scanning, while `--repo` specifies the repository to scan.
+
 ### Repository Format
 
-You can specify repositories in two ways:
+Prismor CLI supports multiple GitHub repository URL formats for maximum flexibility:
+
+#### 1. **Username/Repository format** (recommended):
+```bash
+prismor --repo Ar9av/trychai-web-revamped --fullscan
+```
+
+#### 2. **HTTPS URLs**:
+```bash
+prismor --repo https://github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo https://www.github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo https://github.com/Ar9av/trychai-web-revamped.git --fullscan
+```
+
+#### 3. **HTTP URLs**:
+```bash
+prismor --repo http://github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo http://www.github.com/Ar9av/trychai-web-revamped --fullscan
+```
+
+#### 4. **Bare domain formats**:
+```bash
+prismor --repo github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo www.github.com/Ar9av/trychai-web-revamped --fullscan
+```
+
+#### 5. **SSH format**:
+```bash
+prismor --repo git@github.com:Ar9av/trychai-web-revamped.git --fullscan
+```
+
+#### 6. **URLs with paths and fragments**:
+```bash
+prismor --repo https://github.com/Ar9av/trychai-web-revamped/tree/main --fullscan
+prismor --repo https://github.com/Ar9av/trychai-web-revamped/blob/main/file.py --fullscan
+prismor --repo https://github.com/Ar9av/trychai-web-revamped#branch --fullscan
+```
+
+**All formats are automatically parsed and normalized to extract the `user/repo_name` format for processing.**
 
-1. **Username/Repository format:**
-   ```bash
-   prismor --scan Ar9av/trychai-web-revamped --fullscan
-   ```
+### Smart URL Parsing
 
-2. **Full GitHub URL:**
-   ```bash
-   prismor --scan https://github.com/Ar9av/trychai-web-revamped --fullscan
-   ```
+Prismor CLI features intelligent GitHub URL parsing that automatically:
+
+- ✅ **Detects and extracts** repository information from any supported format
+- ✅ **Handles edge cases** like trailing slashes, `.git` suffixes, and branch references
+- ✅ **Validates input** to ensure it's a valid GitHub repository
+- ✅ **Provides clear error messages** for unsupported formats
+- ✅ **Supports special characters** in repository names (hyphens, underscores, numbers)
+
+**Examples of what gets automatically parsed:**
+```bash
+# All of these resolve to "facebook/react":
+prismor --repo facebook/react --scan
+prismor --repo https://github.com/facebook/react --scan
+prismor --repo git@github.com:facebook/react.git --scan
+prismor --repo github.com/facebook/react --scan
+prismor --repo https://github.com/facebook/react/tree/main --scan
+```
 
 ### Scan Types
 
-#### 1. Vulnerability Scanning (VEX)
+#### 1. Vulnerability Scanning (scan)
 
 Scan for security vulnerabilities in your dependencies and code:
 
 ```bash
-prismor --scan myrepository --vex
+prismor --repo myrepository --scan
 ```
 
+**Note**: Vulnerability scans now run asynchronously for large repositories. The CLI will wait for completion automatically, but you can also use `prismor start-scan` to get a job ID and check status separately.
+
 #### 2. Secret Detection
 
 Detect exposed secrets, API keys, passwords, and other sensitive information:
 
 ```bash
-prismor --scan myrepository --detect-secret
+prismor --repo myrepository --detect-secret
 ```
 
 #### 3. SBOM Generation
@@ -114,15 +166,15 @@ prismor --scan myrepository --detect-secret
 Generate a Software Bill of Materials for your repository:
 
 ```bash
-prismor --scan myrepository --sbom
+prismor --repo myrepository --sbom
 ```
 
 #### 4. Full Scan
 
-Run all security checks (VEX + Secret Detection + SBOM):
+Run all security checks (scan + Secret Detection + SBOM):
 
 ```bash
-prismor --scan myrepository --fullscan
+prismor --repo myrepository --fullscan
 ```
 
 ### Multiple Scan Types
@@ -130,7 +182,7 @@ prismor --scan myrepository --fullscan
 You can combine multiple scan types:
 
 ```bash
-prismor --scan myrepository --vex --detect-secret
+prismor --repo myrepository --scan --detect-secret
 ```
 
 ### JSON Output
@@ -138,37 +190,127 @@ prismor --scan myrepository --vex --detect-secret
 Get results in JSON format for automation and integration:
 
 ```bash
-prismor --scan myrepository --fullscan --json
+prismor --repo myrepository --fullscan --json
 ```
 
 ## Examples
 
-### Example 1: Quick Vulnerability Scan
+### Example 1: Quick Vulnerability Scan (Username/Repo format)
+
+```bash
+prismor --repo facebook/react --scan
+```
+
+### Example 2: Comprehensive Security Audit (HTTPS URL)
+
+```bash
+prismor --repo https://github.com/microsoft/vscode --fullscan
+```
+
+### Example 3: Secret Detection with SSH URL
+
+```bash
+prismor --repo git@github.com:openai/gpt-3.git --detect-secret
+```
+
+### Example 4: SBOM Generation with Bare Domain
 
 ```bash
-prismor --scan facebook/react --vex
+prismor --repo github.com/kubernetes/kubernetes --sbom --json > sbom-results.json
 ```
 
-### Example 2: Comprehensive Security Audit
+### Example 5: Full Scan with Branch Reference
 
 ```bash
-prismor --scan https://github.com/microsoft/vscode --fullscan
+prismor --repo https://github.com/tensorflow/tensorflow/tree/v2.13.0 --fullscan
 ```
 
-### Example 3: Secret Detection Only
+### Example 6: Multiple Scan Types with Different URL Formats
 
 ```bash
-prismor --scan openai/gpt-3 --detect-secret
+# Using HTTPS URL
+prismor --repo https://github.com/pytorch/pytorch --scan --sbom
+
+# Using SSH URL
+prismor --repo git@github.com:nodejs/node.git --detect-secret --sbom
+
+# Using bare domain
+prismor --repo www.github.com/vercel/next.js --fullscan
 ```
 
-### Example 4: SBOM Generation with JSON Output
+### Example 7: Async Scan with Status Checking
 
 ```bash
-prismor --scan kubernetes/kubernetes --sbom --json > sbom-results.json
+# Start a scan and get job ID
+prismor start-scan username/repo --branch main
+
+# Check scan status (use job ID from previous command)
+prismor scan-status <job_id>
+
+# Check status with JSON output
+prismor scan-status <job_id> --json
 ```
 
 ## Additional Commands
 
+### Start Async Vulnerability Scan
+
+Start a vulnerability scan asynchronously and get a job ID for status checking:
+
+```bash
+prismor start-scan username/repo
+prismor start-scan username/repo --branch develop
+prismor start-scan username/repo --token ghp_xxxxx
+```
+
+**Note**: Requires GitHub token. Set `GITHUB_TOKEN` environment variable or use `--token` option.
+
+### Check Scan Status
+
+Check the status of a running or completed vulnerability scan:
+
+```bash
+prismor scan-status <job_id>
+prismor scan-status <job_id> --json
+```
+
+**Status Response Includes**:
+- Job status (running/completed/failed)
+- Repository and branch information
+- Results URLs (public and presigned)
+- Vulnerability summary with severity breakdown
+- Scan date and duration
+
+**Example Output**:
+```
+============================================================
+  Scan Status
+============================================================
+
+Job ID: abc123def456...
+
+Status: completed
+
+Repository:
+  https://github.com/username/repo
+
+Branch:
+  main
+
+Vulnerability Summary:
+  Total Vulnerabilities: 15
+  Total Targets Scanned: 3
+
+  Severity Breakdown:
+    CRITICAL: 2
+    HIGH: 5
+    MEDIUM: 6
+    LOW: 2
+
+Results URL:
+  https://prismor-sbom-public-dev.s3.amazonaws.com/...
+```
+
 ### Check Configuration
 
 View your current Prismor CLI configuration:
@@ -261,9 +403,24 @@ export PRISMOR_API_KEY=your_api_key_here
 
 ### Invalid Repository Format
 
-Ensure your repository is in one of these formats:
-- `username/repository`
+Ensure your repository is in one of the supported formats:
+
+**Supported formats:**
+- `username/repository` (recommended)
 - `https://github.com/username/repository`
+- `https://www.github.com/username/repository`
+- `http://github.com/username/repository`
+- `http://www.github.com/username/repository`
+- `github.com/username/repository`
+- `www.github.com/username/repository`
+- `git@github.com:username/repository.git`
+- `https://github.com/username/repository/tree/branch`
+- `https://github.com/username/repository/blob/branch/file`
+
+**Not supported:**
+- Non-GitHub URLs (GitLab, Bitbucket, etc.)
+- Invalid URL formats
+- Empty or malformed repository names
 
 ### Connection Issues
 

{prismor-0.1.1 → prismor-1.0.5}/prismor/__init__.py

@@ -1,6 +1,6 @@
 """Prismor CLI - Security scanning tool for GitHub repositories."""
 
-__version__ = "0.1.1"
+__version__ = "1.0.4"
 __author__ = "Prismor"
 __description__ = "A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs"