regscale-cli 6.23.0.0__py3-none-any.whl → 6.24.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (44) hide show
  1. regscale/_version.py +1 -1
  2. regscale/core/app/application.py +2 -0
  3. regscale/integrations/commercial/__init__.py +1 -0
  4. regscale/integrations/commercial/sarif/sarif_converter.py +1 -1
  5. regscale/integrations/commercial/wizv2/click.py +109 -2
  6. regscale/integrations/commercial/wizv2/compliance_report.py +1485 -0
  7. regscale/integrations/commercial/wizv2/constants.py +72 -2
  8. regscale/integrations/commercial/wizv2/data_fetcher.py +61 -0
  9. regscale/integrations/commercial/wizv2/file_cleanup.py +104 -0
  10. regscale/integrations/commercial/wizv2/issue.py +775 -27
  11. regscale/integrations/commercial/wizv2/policy_compliance.py +599 -181
  12. regscale/integrations/commercial/wizv2/reports.py +243 -0
  13. regscale/integrations/commercial/wizv2/scanner.py +668 -245
  14. regscale/integrations/compliance_integration.py +304 -51
  15. regscale/integrations/due_date_handler.py +210 -0
  16. regscale/integrations/public/cci_importer.py +444 -0
  17. regscale/integrations/scanner_integration.py +718 -153
  18. regscale/models/integration_models/CCI_List.xml +1 -0
  19. regscale/models/integration_models/cisa_kev_data.json +61 -3
  20. regscale/models/integration_models/synqly_models/capabilities.json +1 -1
  21. regscale/models/integration_models/synqly_models/connectors/vulnerabilities.py +3 -3
  22. regscale/models/regscale_models/form_field_value.py +1 -1
  23. regscale/models/regscale_models/milestone.py +1 -0
  24. regscale/models/regscale_models/regscale_model.py +225 -60
  25. regscale/models/regscale_models/security_plan.py +3 -2
  26. regscale/regscale.py +7 -0
  27. {regscale_cli-6.23.0.0.dist-info → regscale_cli-6.24.0.0.dist-info}/METADATA +9 -9
  28. {regscale_cli-6.23.0.0.dist-info → regscale_cli-6.24.0.0.dist-info}/RECORD +44 -27
  29. tests/fixtures/test_fixture.py +13 -8
  30. tests/regscale/integrations/public/__init__.py +0 -0
  31. tests/regscale/integrations/public/test_alienvault.py +220 -0
  32. tests/regscale/integrations/public/test_cci.py +458 -0
  33. tests/regscale/integrations/public/test_cisa.py +1021 -0
  34. tests/regscale/integrations/public/test_emass.py +518 -0
  35. tests/regscale/integrations/public/test_fedramp.py +851 -0
  36. tests/regscale/integrations/public/test_fedramp_cis_crm.py +3661 -0
  37. tests/regscale/integrations/public/test_file_uploads.py +506 -0
  38. tests/regscale/integrations/public/test_oscal.py +453 -0
  39. tests/regscale/models/test_form_field_value_integration.py +304 -0
  40. tests/regscale/models/test_module_integration.py +582 -0
  41. {regscale_cli-6.23.0.0.dist-info → regscale_cli-6.24.0.0.dist-info}/LICENSE +0 -0
  42. {regscale_cli-6.23.0.0.dist-info → regscale_cli-6.24.0.0.dist-info}/WHEEL +0 -0
  43. {regscale_cli-6.23.0.0.dist-info → regscale_cli-6.24.0.0.dist-info}/entry_points.txt +0 -0
  44. {regscale_cli-6.23.0.0.dist-info → regscale_cli-6.24.0.0.dist-info}/top_level.txt +0 -0
regscale/models/integration_models/cisa_kev_data.json CHANGED
@@ -1,9 +1,67 @@
1
1
  {
2
2
  "title": "CISA Catalog of Known Exploited Vulnerabilities",
3
- "catalogVersion": "2025.09.03",
4
- "dateReleased": "2025-09-03T17:00:44.122Z",
5
- "count": 1410,
3
+ "catalogVersion": "2025.09.11",
4
+ "dateReleased": "2025-09-11T17:00:46.0046Z",
5
+ "count": 1414,
6
6
  "vulnerabilities": [
7
+ {
8
+ "cveID": "CVE-2025-5086",
9
+ "vendorProject": "Dassault Syst\u00e8mes",
10
+ "product": "DELMIA Apriso",
11
+ "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Deserialization of Untrusted Data Vulnerability",
12
+ "dateAdded": "2025-09-11",
13
+ "shortDescription": "Dassault Syst\u00e8mes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution.",
14
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
15
+ "dueDate": "2025-10-02",
16
+ "knownRansomwareCampaignUse": "Unknown",
17
+ "notes": "https:\/\/www.3ds.com\/trust-center\/security\/security-advisories\/cve-2025-5086 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-5086",
18
+ "cwes": [
19
+ "CWE-502"
20
+ ]
21
+ },
22
+ {
23
+ "cveID": "CVE-2025-38352",
24
+ "vendorProject": "Linux",
25
+ "product": "Kernel",
26
+ "vulnerabilityName": "Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability",
27
+ "dateAdded": "2025-09-04",
28
+ "shortDescription": "Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability.",
29
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
30
+ "dueDate": "2025-09-25",
31
+ "knownRansomwareCampaignUse": "Unknown",
32
+ "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git\/commit\/?id=2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff ; https:\/\/source.android.com\/docs\/security\/bulletin\/2025-09-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-38352",
33
+ "cwes": [
34
+ "CWE-367"
35
+ ]
36
+ },
37
+ {
38
+ "cveID": "CVE-2025-48543",
39
+ "vendorProject": "Android",
40
+ "product": "Runtime",
41
+ "vulnerabilityName": "Android Runtime Use-After-Free Vulnerability",
42
+ "dateAdded": "2025-09-04",
43
+ "shortDescription": "Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.",
44
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
45
+ "dueDate": "2025-09-25",
46
+ "knownRansomwareCampaignUse": "Unknown",
47
+ "notes": "https:\/\/source.android.com\/docs\/security\/bulletin\/2025-09-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-48543",
48
+ "cwes": []
49
+ },
50
+ {
51
+ "cveID": "CVE-2025-53690",
52
+ "vendorProject": "Sitecore",
53
+ "product": "Multiple Products",
54
+ "vulnerabilityName": "Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability",
55
+ "dateAdded": "2025-09-04",
56
+ "shortDescription": "Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution. ",
57
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
58
+ "dueDate": "2025-09-25",
59
+ "knownRansomwareCampaignUse": "Unknown",
60
+ "notes": "https:\/\/support.sitecore.com\/kb?id=kb_article_view&sysparm_article=KB1003865 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53690",
61
+ "cwes": [
62
+ "CWE-502"
63
+ ]
64
+ },
7
65
  {
8
66
  "cveID": "CVE-2023-50224",
9
67
  "vendorProject": "TP-Link",