regscale-cli 6.20.10.0__py3-none-any.whl → 6.21.1.0__py3-none-any.whl

regscale/integrations/commercial/cpe.py

@@ -109,6 +109,23 @@ def extract_product_name_and_version(cpe_string: str) -> Dict:
     :rtype: Dict
     """
     # convert to version 2.3 if 2.2
+    # TODO: Note this is an incomplete conversion as the additional properties
+    # in the URI format (which is still supported in 2.3) are separated by
+    # tildes (~) after the final colon. We should extend this to support them
+    # at some point to be safe. Example from NISTIR7697 the 2.3 dictionary
+    # specification:
+    #
+    # WFN:
+    #     wfn:[part="o",vendor="microsoft",product="windows_vista",version="6\.0",
+    #     update="sp1",edition=NA,language=NA,sw_edition="home_premium",
+    #     target_sw=NA,target_hw="x64",other=NA]
+    #
+    # WFN bound to a URI:
+    #     cpe:/o:microsoft:windows_vista:6.0:sp1:~-~home_premium~-~x64~-
+    #
+    # WFN bound to a formatted string:
+    #     cpe:2.3:o:microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:x64:-
+    #
     if cpe_string.startswith("cpe:/"):
         cpe_string = cpe_string.replace("cpe:/", "cpe:2.3:")
 
@@ -117,7 +134,7 @@ def extract_product_name_and_version(cpe_string: str) -> Dict:
 
     # Extract the product name and version
     # parts[3] is the product name, parts[4] is the version
-    part = parts[2]
+    part = parts[2] if len(parts) > 2 else None
     logger.debug(f"part: {part}")
     vendor_name = parts[3] if len(parts) > 3 else None
     product_name = parts[4] if len(parts) > 4 else None

regscale/integrations/commercial/nessus/scanner.py

@@ -83,6 +83,8 @@ class NessusIntegration(ScannerIntegration):
         for file in iterate_files(file_collection):
             content = read_file(file)
             root = ET.fromstring(content)
+            if scan_dt := nfr.scan.scan_time_start(root):
+                self.scan_date = scan_dt.strftime("%Y-%m-%d")
             for nessus_asset in nfr.scan.report_hosts(root):
                 asset_name = nfr.host.report_host_name(nessus_asset)
                 for nessus_vulnerability in root.iterfind(f"./Report/ReportHost[@name='{asset_name}']/ReportItem"):

regscale/integrations/commercial/sonarcloud.py

@@ -2,100 +2,93 @@
 # -*- coding: utf-8 -*-
 """RegScale SonarCloud Integration"""
 
-# standard python imports
+import logging
 import math
-import sys
 from typing import Optional
+from urllib.parse import urljoin
 
 import click
 import requests  # type: ignore
 
 from regscale.core.app.api import Api
 from regscale.core.app.application import Application
-from regscale.core.app.logz import create_logger
 from regscale.core.app.utils.app_utils import (
-    get_current_datetime,
     days_between,
+    error_and_exit,
+    get_current_datetime,
 )
 from regscale.models import regscale_id, regscale_module
 from regscale.models.regscale_models.assessment import Assessment
 from regscale.models.regscale_models.issue import Issue
 
-# create logger function to log to the console
-logger = create_logger()
+logger = logging.getLogger("regscale")
 
 
-def get_sonarcloud_results(config: dict) -> list[list[dict]]:
+def get_sonarcloud_results(config: dict, branch: Optional[str] = None) -> list[list[dict]]:
     """
     Retrieve Sonarcloud Results from the Sonarcloud.io API
+
     :param dict config: RegScale CLI configuration
+    :param Optional[str] branch: Branch name to filter results, defaults to None
     :return: json response data from API GET request
     :rtype: list[list[dict]]
     """
+    # create an empty list to hold multiple pages of data
+    complete = []
     # api endpoint
-    url = "https://sonarcloud.io/api/issues/search"
+    url = urljoin(config["sonarUrl"], "/api/issues/search")
     # SONAR_TOKEN from Sonarcloud
     token = config["sonarToken"]
     # arguments to pass to the API call
-    query = {
-        "organization": "regscale",
-        "projects": "RegScale_regscale",
-        "branch": "main",
-        "projectKey": "RegScale_regscale",
+    params = {
         "statuses": "OPEN, CONFIRMED, REOPENED",
-        "createdInLast": "1m",
         "ps": 500,
     }
+    if branch:
+        params["branch"] = branch
     # GET request pulls in data to check results size
-    r = requests.get(url, auth=(str(token), ""), params=query)
+    r = requests.get(url, auth=(str(token), ""), params=params)
     # if the status code does not equal 200
     if r and not r.ok:
         # exit the script gracefully
-        sys.exit("Sonarcloud API call failed please check the configuration")
+        error_and_exit(f"Sonarcloud API call failed please check the configuration\n{r.status_code}: {r.text}")
     # pull in response data to a dictionary
     data = r.json()
     # find the total results number
     total = data["paging"]["total"]
+    complete.extend(data.get("issues", []))
+    logger.info(f"Found {total} issue(s) from SonarCloud/Qube.")
     # find the number of results in each result page
     size = data["paging"]["pageSize"]
     # calculate the number of pages to iterate through sequentially
     pages = math.ceil(total / size)
-    # create an empty list to hold multiple pages of data
-    complete = []
     # loop through each page number
     for i in range(1, pages + 1, 1):
         # parameters to pass to the API call
-        filters = {
-            "organization": "regscale",
-            "projects": "RegScale_regscale",
-            "branch": "main",
-            "projectKey": "RegScale_regscale",
-            "statuses": "OPEN, CONFIRMED, REOPENED",
-            "createdInLast": "1m",
-            "ps": 500,
-            "p": f"{i}",
-        }
+        params["p"] = str(i)
         # for each page make a GET request to pull in the data
-        r = requests.get(url, auth=(str(token), ""), params=filters)
+        r = requests.get(url, auth=(str(token), ""), params=params)
         # pull in response data to a dictionary
         data = r.json()
         # extract only the issues from the data
         issues = data["issues"]
         # add each page to the total results page
-        complete.append(issues)
+        complete.extend(issues)
     # return the list of json response objects for use
+    logger.info(f"Retrieved {len(complete)}/{total} issue(s) from SonarCloud/Qube.")
     return complete
 
 
-def build_data(api: Api) -> list[dict]:
+def build_data(api: Api, branch: Optional[str] = None) -> list[dict]:
     """
     Build vulnerability alert data list
     :param Api api: API object
+    :param Optional[str] branch: Branch name to filter results, defaults to None
     :return: vulnerability data list
     :rtype: list[dict]
     """
     # execute GET request
-    data = get_sonarcloud_results(config=api.config)
+    data = get_sonarcloud_results(config=api.config, branch=branch)
     # create empty list to hold json response dicts
     vulnerability_data_list = []
     # loop through the lists in API response data
@@ -196,11 +189,14 @@ def create_alert_assessment(
         return None
 
 
-def create_alert_issues(parent_id: Optional[int] = None, parent_module: Optional[str] = None) -> None:
+def create_alert_issues(
+    parent_id: Optional[int] = None, parent_module: Optional[str] = None, branch: Optional[str] = None
+) -> None:
     """
     Create child issues from the alert assessment
     :param Optional[int] parent_id: Parent ID record to associate the assessment to, defaults to None
     :param Optional[str] parent_module: Parent module to associate the assessment to, defaults to None
+    :param Optional[str] branch: Branch name to filter results, defaults to None
     :rtype: None
     """
     # set environment and application configuration
@@ -210,7 +206,7 @@ def create_alert_issues(parent_id: Optional[int] = None, parent_module: Optional
     assessment_id = create_alert_assessment(api=api, parent_id=parent_id, parent_module=parent_module)
 
     # create vulnerability data list
-    vuln_data_list = build_data(api)
+    vuln_data_list = build_data(api, branch)
     # loop through each vulnerability alert in the list
     for vulnerability in vuln_data_list:
         # create issue model
@@ -253,8 +249,11 @@ def sonarcloud() -> None:
 @sonarcloud.command(name="sync_alerts")
 @regscale_id(required=False, default=None)
 @regscale_module(required=False, default=None)
-def create_alerts(regscale_id: Optional[int] = None, regscale_module: Optional[str] = None) -> None:
+@click.option("--branch", help="Branch name to filter results, defaults to None")
+def create_alerts(
+    regscale_id: Optional[int] = None, regscale_module: Optional[str] = None, branch: Optional[str] = None
+) -> None:
     """
     Create a child assessment and child issues in RegScale from SonarCloud alerts.
     """
-    create_alert_issues(regscale_id, regscale_module)
+    create_alert_issues(regscale_id, regscale_module, branch)

regscale/integrations/commercial/synqly/ticketing.py

@@ -100,6 +100,57 @@ def sync_jira(
     )
 
 
+@ticketing.command(name="sync_jira_service_management")
+@regscale_id()
+@regscale_module()
+@click.option(
+    "--project",
+    type=click.STRING,
+    help="jira_service_management project",
+    required=True,
+    prompt="jira_service_management project",
+)
+@click.option(
+    "--default_issue_type",
+    type=click.STRING,
+    help="Default issue type when creating tickets.",
+    required=False,
+)
+@click.option(
+    "--default_project",
+    type=click.STRING,
+    help="Default project when listing, creating, or editing tickets.",
+    required=False,
+)
+@click.option(
+    "--sync_attachments",
+    type=click.BOOL,
+    help="Whether to sync attachments between Jira Service Management and RegScale",
+    required=False,
+    default=True,
+)
+def sync_jira_service_management(
+    regscale_id: int,
+    regscale_module: str,
+    project: str,
+    default_issue_type: str,
+    default_project: str,
+    sync_attachments: bool,
+) -> None:
+    """Sync Ticketing data between Jira Service Management and RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Ticketing
+
+    ticketing_jira_service_management = Ticketing("jira_service_management")
+    ticketing_jira_service_management.run_sync(
+        regscale_id=regscale_id,
+        regscale_module=regscale_module,
+        project=project,
+        default_issue_type=default_issue_type,
+        default_project=default_project,
+        sync_attachments=sync_attachments,
+    )
+
+
 @ticketing.command(name="sync_pagerduty")
 @regscale_id()
 @regscale_module()

regscale/integrations/commercial/tenablev2/jsonl_scanner.py

@@ -446,7 +446,7 @@ class TenableSCJsonlScanner(JSONLScannerIntegration):
             # If no findings were created, return a basic finding
             # Get the IP from the vulnerability directly rather than using passed asset_identifier
             finding_asset_id = vuln.ip or asset_identifier
-
+            logger.debug(item)
             return IntegrationFinding(
                 title=item.get("pluginName", "Unknown Finding"),
                 description=item.get("description", "No description available"),
@@ -456,6 +456,7 @@ class TenableSCJsonlScanner(JSONLScannerIntegration):
                 category="Vulnerability",
                 scan_date=self.scan_date,
                 plugin_name=item.get("pluginName", UNKNOWN_PLUGIN),
+                control_labels=item.get("controlLabels", []),
             )
 
         except Exception as e:

regscale/integrations/commercial/wizv2/async_client.py

@@ -10,6 +10,7 @@ import anyio
 import httpx
 
 from regscale.core.app.utils.app_utils import error_and_exit
+from regscale.integrations.variables import ScannerVariables
 
 logger = logging.getLogger("regscale")
 
@@ -72,7 +73,9 @@ class AsyncWizGraphQLClient:
             logger.debug(f"Variables: {variables}")
 
             try:
-                async with httpx.AsyncClient(timeout=self.timeout) as client:
+                # Get SSL verify setting from scanner variables config
+                ssl_verify = getattr(ScannerVariables, "sslVerify", True)
+                async with httpx.AsyncClient(timeout=self.timeout, verify=ssl_verify) as client:
                     if progress_callback:
                         progress_callback(task_name, "requesting")
 
@@ -81,7 +84,7 @@ class AsyncWizGraphQLClient:
                     if progress_callback:
                         progress_callback(task_name, "processing")
 
-                    if response.raise_for_status():
+                    if not response.is_success:
                         error_and_exit(
                             f"Received non-200 response from GraphQL API: {response.status_code}: {response.text}"
                         )
@@ -304,6 +307,7 @@ def run_async_queries(
     query_configs: List[Dict[str, Any]],
     progress_tracker: Optional[Any] = None,
     max_concurrent: int = 5,
+    timeout: int = 60,
 ) -> List[Tuple[str, List[Dict[str, Any]], Optional[Exception]]]:
     """
     Convenience function to run async queries from synchronous code.
@@ -313,12 +317,15 @@ def run_async_queries(
     :param List[Dict[str, Any]] query_configs: Query configurations
     :param Optional[Any] progress_tracker: Progress tracker
     :param int max_concurrent: Maximum concurrent requests
+    :param int timeout: Request timeout in seconds
     :return: Query results
     :rtype: List[Tuple[str, List[Dict[str, Any]], Optional[Exception]]]
     """
 
     async def _run():
-        client = AsyncWizGraphQLClient(endpoint=endpoint, headers=headers, max_concurrent=max_concurrent)
+        client = AsyncWizGraphQLClient(
+            endpoint=endpoint, headers=headers, max_concurrent=max_concurrent, timeout=timeout
+        )
         return await client.execute_concurrent_queries(query_configs, progress_tracker)
 
     # Use anyio.run for better compatibility

regscale/integrations/commercial/wizv2/click.py

@@ -9,7 +9,7 @@ from typing import Optional
 import click
 
 from regscale.integrations.commercial.wizv2.variables import WizVariables
-from regscale.models import regscale_id, regscale_module
+from regscale.models import regscale_id
 from regscale.models.app_models.click import regscale_ssp_id
 
 logger = logging.getLogger("regscale")
@@ -333,12 +333,10 @@ def add_report_evidence(
     "--wiz_project_id",
     "-p",
     prompt="Enter the Wiz project ID",
-    help="Enter the Wiz Project ID.  Options include: projects, \
-          policies, supplychain, securityplans, components.",
+    help="Enter the Wiz Project ID for policy compliance sync.",
     required=True,
 )
-@regscale_id(help="RegScale will create and update issues as children of this record.")
-@regscale_module()
+@regscale_id(help="RegScale will create and update control assessments as children of this record.")
 @click.option(  # type: ignore
     "--client_id",
     "-i",
@@ -356,44 +354,122 @@ def add_report_evidence(
     required=False,
 )
 @click.option(  # type: ignore
-    "--catalog_id",
-    "-c",
-    help="RegScale Catalog ID for the selected framework.",
-    hide_input=False,
+    "--framework_id",
+    "-f",
+    help="Wiz framework ID or shorthand (e.g., 'nist', 'aws', 'wf-id-4'). Use --list-frameworks to see options. Default: wf-id-4 (NIST SP 800-53 Rev 5)",
+    default="wf-id-4",
     required=False,
-    default=None,
 )
 @click.option(  # type: ignore
-    "--framework",
-    "-f",
-    type=click.Choice(["CSF", "NIST800-53R5", "NIST800-53R4"], case_sensitive=False),  # type: ignore
-    help="Choose either one of the Frameworks",
-    default="NIST800-53R5",
-    required=True,
+    "--list-frameworks",
+    "-lf",
+    is_flag=True,
+    help="List all available framework options and shortcuts",
+    default=False,
+)
+@click.option(  # type: ignore
+    "--create-issues/--no-create-issues",
+    "-ci/-ni",
+    default=True,
+    help="Create issues for failed policy assessments (default: enabled)",
+)
+@click.option(  # type: ignore
+    "--update-control-status/--no-update-control-status",
+    "-ucs/-nucs",
+    default=True,
+    help="Update control implementation status based on assessment results (default: enabled)",
+)
+@click.option(  # type: ignore
+    "--create-poams/--no-create-poams",
+    "-cp/-ncp",
+    default=False,
+    help="Mark created issues as POAMs (default: disabled)",
+)
+@click.option(  # type: ignore
+    "--refresh/--no-refresh",
+    "-r/-nr",
+    default=False,
+    help="Force refresh and ignore cached data (default: use cache if available)",
+)
+@click.option(  # type: ignore
+    "--cache-duration",
+    "-cd",
+    type=click.INT,
+    default=1440,
+    help="Cache duration in minutes - reuse cached data if newer than this (default: 1440 minutes / 1 day)",
 )
 def sync_compliance(
     wiz_project_id,
     regscale_id,
-    regscale_module,
     client_id,
     client_secret,
-    catalog_id,
-    framework,
+    framework_id,
+    list_frameworks,
+    create_issues,
+    update_control_status,
+    create_poams,
+    refresh,
+    cache_duration,
 ):
-    """Sync compliance posture from Wiz to RegScale"""
-    from regscale.integrations.commercial.wizv2.utils import _sync_compliance
+    """
+    Sync policy compliance assessments from Wiz to RegScale.
+
+    This command fetches policy assessment data from Wiz and creates:
+    - Control assessments based on policy compliance results
+    - Issues for failed policy assessments (if --create-issues enabled)
+    - Updates to control implementation status (if --update-control-status enabled)
+    - JSON output file with policy compliance data in artifacts/wiz/ directory
+    - Cached framework mapping for improved performance
+
+    CACHING:
+    By default, the command will reuse cached policy data if it's newer than the cache
+    duration (default: 60 minutes). Use --refresh to force fresh data from Wiz.
+    Use --cache-duration to adjust how long cached data is considered valid.
+    """
+    from regscale.integrations.commercial.wizv2.policy_compliance import (
+        WizPolicyComplianceIntegration,
+        list_available_frameworks,
+        resolve_framework_id,
+    )
+
+    # Handle --list-frameworks flag
+    if list_frameworks:
+        click.echo(list_available_frameworks())
+        return
 
+    # Use environment variables if not provided
     if not client_secret:
         client_secret = WizVariables.wizClientSecret
     if not client_id:
         client_id = WizVariables.wizClientId
 
-    _sync_compliance(
+    # Resolve framework ID using the enhanced framework resolution
+    try:
+        resolved_framework_id = resolve_framework_id(framework_id.lower())
+        if resolved_framework_id != framework_id:
+            from regscale.integrations.commercial.wizv2.policy_compliance import FRAMEWORK_MAPPINGS
+
+            framework_name = FRAMEWORK_MAPPINGS.get(resolved_framework_id, resolved_framework_id)
+            click.echo(f"🔍 Resolved '{framework_id}' to '{framework_name}' ({resolved_framework_id})")
+    except ValueError as e:
+        click.echo(f"❌ {str(e)}")
+        click.echo("\nUse --list-frameworks to see all available options.")
+        return
+
+    # Create and run the policy compliance integration
+    policy_integration = WizPolicyComplianceIntegration(
+        plan_id=regscale_id,
         wiz_project_id=wiz_project_id,
-        regscale_id=regscale_id,
-        regscale_module=regscale_module,
         client_id=client_id,
         client_secret=client_secret,
-        catalog_id=catalog_id,
-        framework=framework,
+        framework_id=resolved_framework_id,
+        create_poams=create_poams,
+        cache_duration_minutes=cache_duration,
+        force_refresh=refresh,
+    )
+
+    # Run the policy compliance sync
+    policy_integration.sync_policy_compliance(
+        create_issues=create_issues,
+        update_control_status=update_control_status,
     )