PyPI - thothctl - Versions diffs - 0.15.4__tar.gz → 0.16.2__tar.gz - Mend

thothctl 0.15.4tar.gz → 0.16.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (504) hide show

{thothctl-0.15.4 → thothctl-0.16.2}/PKG-INFO RENAMED Viewed

@@ -1,8 +1,9 @@
 Metadata-Version: 2.4
 Name: thothctl
-Version: 0.15.4
+Version: 0.16.2
 Summary: A CLI for Developer Control Plane. Accelerate your cloud IaC deployments.
-Project-URL: Homepage, https://github.com/thothforge/thothctl
+Project-URL: SourceCode, https://github.com/thothforge/thothctl
+Project-URL: HomePage, https://github.com/thothforge/thothctl
 Author-email: Alejandro Velez <velez94@pm.me>
 License-Expression: Apache-2.0
 License-File: LICENSE

{thothctl-0.15.4 → thothctl-0.16.2}/docs/framework/commands/scan/iac.md RENAMED Viewed

@@ -19,7 +19,6 @@ thothctl scan iac -t checkov -t opa --enforcement hard
 ## Features
-- **Multi-Scanner Support**: Checkov, Trivy, TFSec, KICS, OPA/Conftest integration
 - **Custom Policy Evaluation**: Write Rego policies for organization-specific rules via OPA
 - **Enforcement Modes**: Soft (report only) or hard (fail pipeline) for all tools
 - **Security Policy Checking**: CIS benchmarks and best practices
@@ -33,7 +32,6 @@ thothctl scan iac -t checkov -t opa --enforcement hard
 |---------|-------------|
 | **Checkov** | Policy-as-code scanning with built-in rules |
 | **Trivy** | Vulnerability and misconfiguration detection |
-| **TFSec** | Terraform security scanner |
 | **KICS** | Static analysis via Docker |
 | **OPA/Conftest** | Custom Rego policy evaluation (static HCL + plan-based) |

{thothctl-0.15.4 → thothctl-0.16.2}/docs/framework/commands/scan/scan_iac.md RENAMED Viewed

@@ -12,17 +12,19 @@ thothctl scan iac [OPTIONS]
 | Option | Description |
 |--------|-------------|
-| `-t, --tools [checkov\|trivy\|tfsec\|kics\|terraform-compliance\|opa]` | Specify which security scanning tools to use |
+| `-t, --tools [checkov\|trivy\\|kics\|terraform-compliance\|opa]` | Specify which security scanning tools to use |
 | `--reports-dir PATH` | Directory to store scan reports (default: `Reports`) |
 | `-p, --project-name TEXT` | Name of the project being scanned |
 | `-o, --options TEXT` | Additional options for scanning tools (key=value,key2=value2) |
 | `--tftool [terraform\|tofu]` | Specify which Terraform tool to use (default: tofu) |
-| `--verbose` | Enable verbose output with detailed scan information |
-| `--html-reports-format [simple\|xunit]` | Generate HTML reports in simple or xunit format |
+| `--output [text\|json\|sarif]` | Output format: text (default), json, or sarif |
 | `--enforcement [soft\|hard]` | Enforcement mode: `soft` reports violations (exit 0), `hard` fails the pipeline (exit 1) |
 | `--post-to-pr` | Post scan summary as a PR comment (Azure DevOps or GitHub) |
 | `--vcs-provider [auto\|azure_repos\|github]` | VCS provider for PR comments (default: auto-detect) |
 | `--space TEXT` | Space name for credential resolution (Azure DevOps) |
+| `--max-workers INT` | Max parallel Checkov scans (default: 2) |
+| `--compact` | Use Checkov compact mode to reduce memory on CI agents |
+| `--verbose` | Enable verbose output |
 | `--help` | Show help message and exit |
 ## Scanning Tools
@@ -45,15 +47,6 @@ thothctl scan iac -t checkov
 thothctl scan iac -t trivy
 ```
-### TFSec
-[TFSec](https://github.com/aquasecurity/tfsec) is a security scanner for Terraform code that checks for potential security issues.
-```bash
-# Scan with TFSec only
-thothctl scan iac -t tfsec
-```
 ### KICS
 [KICS](https://kics.io/) (Keeping Infrastructure as Code Secure) is an open source solution for static code analysis of IaC. Requires Docker.
@@ -306,23 +299,154 @@ thothctl scan iac -t checkov -t trivy -t opa --enforcement hard --post-to-pr
 ## Report Output
-Every scan produces:
+Every scan produces multiple output formats:
+### Always Generated
+| Output | File | Description |
+|--------|------|-------------|
+| **Terminal table** | — | Rich table with per-tool pass/fail/warnings/errors/success rate |
+| **Severity breakdown** | — | Terminal table showing CRITICAL/HIGH/MEDIUM/LOW counts |
+| **Trend comparison** | — | Delta vs previous scan (stored in local SQLite at `~/.thothcf/scan_history.db`) |
+| **Unified HTML report** | `Reports/scan_report.html` | Single-page professional report with summary, per-tool bars, severity badges, findings table, and trend |
+| **Markdown summary** | `Reports/scan_summary.md` | Machine-readable summary with severity section |
+### Conditional Outputs
+| Output | Flag | File | Description |
+|--------|------|------|-------------|
+| **JSON report** | `--output json` | `Reports/scan_report.json` | Structured data for CI/CD pipelines |
+| **SARIF report** | `--output sarif` | `Reports/scan_results.sarif` | GitHub Code Scanning / IDE integration |
+| **PR comment** | `--post-to-pr` | — | Posts summary to PR (GitHub/Azure DevOps) |
+### Output Formats
+#### JSON (`--output json`)
+Structured JSON for CI/CD machine consumption:
+```bash
+thothctl scan iac -t checkov -t trivy --output json
+```
+```json
+{
+  "timestamp": "2026-06-14T15:30:00",
+  "directory": "/path/to/project",
+  "total_findings": 5,
+  "severity_counts": {"CRITICAL": 1, "HIGH": 2, "MEDIUM": 2},
+  "tools": [
+    {
+      "tool": "checkov",
+      "status": "COMPLETE",
+      "passed": 40,
+      "failed": 3,
+      "findings": [{"id": "CKV_AWS_19", "severity": "CRITICAL", "title": "...", "file": "main.tf", "line": 12}]
+    }
+  ]
+}
+```
+#### SARIF (`--output sarif`)
-- **Rich terminal table** with per-tool breakdown (passed, failed, warnings, errors, skipped, success rate)
-- **`scan_summary.md`** saved to the reports directory (always generated)
-- **HTML reports** per tool in the reports directory
-- **PR comment** (when `--post-to-pr` is set)
+[SARIF 2.1.0](https://sarifweb.azurewebsites.net/) format for integration with:
+- GitHub Code Scanning / Advanced Security
+- Azure DevOps
+- VS Code SARIF Viewer extension
+- JetBrains IDE plugins
-The markdown summary includes a Warnings column for tools that produce warnings (e.g., Conftest `warn` rules):
+```bash
+# Generate SARIF report
+thothctl scan iac -t checkov --output sarif
+# Upload to GitHub Code Scanning
+gh api repos/:owner/:repo/code-scanning/sarifs -f "sarif=@Reports/scan_results.sarif"
+```
+#### Unified HTML Report
+A single self-contained `scan_report.html` with:
+- Summary cards (total/passed/failed/rate)
+- Per-tool success rate bars
+- Severity badge breakdown
+- Sortable findings table with file/resource/rule details
+- Trend comparison (if previous scan exists)
+- Print-optimized styling
+Generated automatically on every scan — no flag needed.
+### Trend / Historical Comparison
+ThothCTL automatically stores scan results in a local SQLite database (`~/.thothcf/scan_history.db`) and shows improvement/regression vs the previous scan for the same directory:
 ```
-| Tool    | Status   | Total | Passed | Failed | Warnings | Errors | Skipped | Success Rate |
-|---------|----------|-------|--------|--------|----------|--------|---------|--------------|
-| checkov | COMPLETE | 55    | 50     | 3      | 0        | 0      | 2       | 90.9%        |
-| opa     | COMPLETE | 10    | 8      | 1      | 1        | 0      | 0       | 80.0%        |
-| TOTAL   |          | 65    | 58     | 4      | 1        | 0      | 2       | 89.2%        |
+📈 Trend (vs 2026-06-13)
+┌──────────┬──────────┬─────────┬─────────┐
+│ Metric   │ Previous │ Current │ Delta   │
+├──────────┼──────────┼─────────┼─────────┤
+│ Findings │ 8        │ 5       │ ↓ -3    │
+│ Passed   │ 38       │ 44      │ ↑ +6    │
+│ Failed   │ 8        │ 5       │ ↓ -3    │
+│ CRITICAL │ 2        │ 1       │ ↓ -1    │
+│ HIGH     │ 4        │ 3       │ ↓ -1    │
+└──────────┴──────────┴─────────┴─────────┘
 ```
+- **No configuration needed** — history is always saved automatically
+- **Per-directory tracking** — each project gets its own history
+- **Shown in HTML report** — trend is included in `scan_report.html`
+### CI/CD: Comparing Across Runs
+For CI/CD pipelines (where local SQLite isn't persistent), use artifact-based comparison:
+```yaml
+# GitHub Actions — compare vs previous scan
+- uses: actions/download-artifact@v4
+  with:
+    name: scan-baseline
+  continue-on-error: true
+- run: thothctl scan iac -t checkov -t trivy --output json --enforcement hard
+- uses: actions/upload-artifact@v4
+  with:
+    name: scan-baseline
+    path: Reports/scan_report.json
+```
+### Report Directory Structure
+```
+Reports/
+├── scan_report.html              ← Unified multi-tool report (summary, severity, findings, trend)
+├── scan_summary.md               ← Markdown summary
+├── scan_report.json              ← JSON (--output json)
+├── scan_results.sarif            ← SARIF (--output sarif)
+├── checkov/
+│   └── security-scan/
+│       ├── html_reports/
+│       │   ├── index.html        ← Per-stack browser with links to individual reports
+│       │   ├── report_network_vpc.html
+│       │   ├── report_data_rds.html
+│       │   └── ...
+│       ├── report_network_vpc/
+│       │   ├── results_junitxml.xml   ← Raw JUnit XML
+│       │   └── results_json.json      ← Raw Checkov JSON
+│       ├── report_data_rds/
+│       │   └── ...
+│       └── checkov_log_report.txt
+├── trivy/                        ← Raw Trivy output
+│   └── results.json
+└── opa/                          ← Raw OPA/Conftest output
+    ├── conftest_results.json
+    └── results_junitxml.xml
+```
+**Browsing reports:**
+- Open `Reports/scan_report.html` for the unified summary with severity and trend
+- Open `Reports/checkov/security-scan/html_reports/index.html` to browse individual stack results with detailed check-level findings
 ## Examples
 ### Basic Scan
@@ -336,14 +460,14 @@ thothctl scan iac
 ```bash
 # Comprehensive scan with multiple tools
-thothctl scan iac -t checkov -t trivy -t opa --html-reports-format simple --verbose
+thothctl scan iac -t checkov -t trivy -t opa
 ```
-### CI/CD with Hard Enforcement
+### CI/CD with Hard Enforcement and SARIF
 ```bash
-# Fail the pipeline if any violations are found
-thothctl scan iac -t checkov -t opa --enforcement hard --post-to-pr
+# Fail pipeline on violations + produce SARIF for GitHub Security tab
+thothctl scan iac -t checkov -t opa --enforcement hard --output sarif --post-to-pr
 ```
 ### Custom Report Directory
@@ -416,7 +540,9 @@ jobs:
 1. **Use `--enforcement hard` in CI/CD** — Gate deployments on security compliance to prevent insecure infrastructure from reaching production.
 2. **Use multiple scanning tools** — Different tools catch different types of issues. Combine Checkov (built-in rules) with OPA (custom policies) for best coverage.
-3. **Write custom OPA policies** — Encode your organization's specific security requirements as Rego policies. Start with the `policy/` directory convention.
-4. **Use Conftest mode for fast feedback** — Static HCL analysis doesn't require a Terraform plan, making it ideal for pre-commit hooks and early CI stages.
-5. **Use OPA mode for change analysis** — Plan-based evaluation catches issues that static analysis can't, like blast radius and IAM changes.
-6. **Always review the `scan_summary.md`** — The markdown summary is generated on every scan and provides a quick overview of all findings.
+3. **Use `--output sarif` for GitHub** — Upload SARIF to GitHub Code Scanning for findings directly in PR diffs and the Security tab.
+4. **Write custom OPA policies** — Encode your organization's specific security requirements as Rego policies. Use Git repos as policy source for centralized management.
+5. **Track trends** — Scan history is automatic. Review the trend table to catch regressions early.
+6. **Use Conftest mode for fast feedback** — Static HCL analysis doesn't require a Terraform plan, making it ideal for pre-commit hooks and early CI stages.
+7. **Use OPA mode for change analysis** — Plan-based evaluation catches issues that static analysis can't, like blast radius and IAM changes.
+8. **Use `--output json` in CI/CD** — Machine-readable output for custom integrations, dashboards, and artifact-based comparison across runs.

{thothctl-0.15.4 → thothctl-0.16.2}/docs/framework/commands/scan/scan_overview.md RENAMED Viewed

@@ -9,9 +9,11 @@ The scan command helps DevSecOps teams and developers to:
 - Identify security vulnerabilities in IaC templates
 - Check for compliance with best practices and security standards
 - Enforce custom organizational policies using OPA/Rego
-- Generate detailed reports in various formats (HTML, Markdown, JSON)
+- Generate detailed reports in various formats (HTML, Markdown, JSON, SARIF)
+- Track scan trends over time with local SQLite history
 - Gate CI/CD pipelines with hard enforcement mode
 - Post scan summaries to pull requests
+- Integrate with GitHub Code Scanning via SARIF output
 ## Subcommands
@@ -31,29 +33,51 @@ thothctl scan iac -t checkov -t trivy -t opa
 # Fail pipeline on violations
 thothctl scan iac -t checkov -t opa --enforcement hard
-# Generate HTML reports
-thothctl scan iac --html-reports-format simple
+# JSON output for CI/CD
+thothctl scan iac -t checkov --output json
+# SARIF output for GitHub Code Scanning
+thothctl scan iac -t checkov --output sarif
 ```
 ## Common Options
 | Option | Description |
 |--------|-------------|
-| `-t, --tools` | Specify scanning tools to use |
+| `-t, --tools` | Specify scanning tools: `checkov`, `trivy`, `kics`, `terraform-compliance`, `opa` |
 | `--enforcement [soft\|hard]` | Exit 0 (soft) or exit 1 on violations (hard) |
+| `--output [text\|json\|sarif]` | Output format (default: text) |
 | `--reports-dir` | Directory to store scan reports |
-| `--verbose` | Enable verbose output |
 | `--post-to-pr` | Post scan summary to pull request |
+| `--verbose` | Enable verbose output |
-## Supported Scanning Tools
+## Report Outputs
+Every scan automatically produces:
+| Output | Description |
+|--------|-------------|
+| `scan_report.html` | Unified multi-tool HTML report with severity, findings, and trend |
+| `scan_summary.md` | Markdown summary |
+| Terminal tables | Pass/fail per tool + severity breakdown + trend comparison |
-ThothCTL integrates with multiple security scanning tools to provide comprehensive coverage:
+Optional outputs via `--output` flag:
+| Flag | File | Use Case |
+|------|------|----------|
+| `--output json` | `scan_report.json` | CI/CD pipeline consumption |
+| `--output sarif` | `scan_results.sarif` | GitHub Code Scanning, IDE integration |
+## Scan History & Trends
+ThothCTL automatically tracks scan results in `~/.thothcf/scan_history.db` (SQLite). On each scan, it compares against the previous run for the same directory and shows improvement or regression.
+## Supported Scanning Tools
 | Tool | Type | Requires |
 |------|------|----------|
 | **Checkov** | Static analysis with built-in rules | `checkov` binary |
 | **Trivy** | Vulnerability and misconfiguration detection | `trivy` binary |
-| **TFSec** | Terraform security scanner | `tfsec` binary |
 | **KICS** | Static analysis via Docker | Docker |
 | **Terraform-compliance** | BDD-style compliance testing | `terraform-compliance` binary |
 | **OPA/Conftest** | Custom policy evaluation with Rego | `conftest` and/or `opa` binary |

{thothctl-0.15.4 → thothctl-0.16.2}/docs/framework/framework_architecture.md RENAMED Viewed

@@ -38,7 +38,7 @@ graph TB
     subgraph layer3["<b>⚡ Platform Capabilities Layer</b><br/><i>Core IDP functionality</i>"]
         direction LR
-        SEC["<b>Security</b><br/>Checkov • Trivy<br/>TFSec • Snyk<br/>Compliance"]
+        SEC["<b>Security</b><br/>Checkov • Trivy<br/>KICS • OPA<br/>Compliance"]
         COST["<b>Cost Analysis</b><br/>Real-time pricing<br/>14 AWS services<br/>Optimization"]
         INV["<b>Inventory</b><br/>Dependencies<br/>Version tracking<br/>Reports"]
         VAL["<b>Validation</b><br/>Environment<br/>IaC checks<br/>Blast radius"]
@@ -150,9 +150,8 @@ ThothCTL aligns with IDP business objectives through five core principles:
 **Core IDP functionality**
 #### Security & Compliance
-Multi-tool security scanning with Checkov, Trivy, TFSec, and Snyk.
+Multi-tool security scanning with Checkov, Trivy, KICS, and Snyk.
-**Commands:** `thothctl scan iac`, `thothctl scan iac -t checkov -t trivy -t tfsec`
 📖 **Details:** [Security Scanning](commands/scan/scan_overview.md)

{thothctl-0.15.4 → thothctl-0.16.2}/docs/framework/software_architecture.md RENAMED Viewed

@@ -364,7 +364,7 @@ Coordinates multiple services for complex operations.
 **Purpose**: Security scanning and compliance
 **Capabilities:**
-- Execute scanners (Checkov, Trivy, TFSec, Snyk)
+- Execute scanners (Checkov, Trivy, KICS, Snyk)
 - Aggregate scan results
 - Generate reports (HTML, JSON, SARIF)
 - Compliance review
@@ -512,7 +512,7 @@ Development environment configuration.
 **Supported Tools:**
 - Infrastructure: Terraform, Terragrunt, OpenTofu, TFSwitch
-- Security: Checkov, Trivy, TFSec, Snyk
+- Security: Checkov, Trivy, KICS, Snyk
 - Development: Pre-commit, Commitizen, TFLint
 - Documentation: Terraform-docs, Terramate
 - AI: Kiro CLI
@@ -545,7 +545,7 @@ Integration with external IaC and security tools.
 | Category | Tools |
 |----------|-------|
 | **IaC** | Terraform, Terragrunt, OpenTofu, TFSwitch |
-| **Security** | Checkov, Trivy, TFSec, Snyk |
+| **Security** | Checkov, Trivy, KICS, Snyk |
 | **Compliance** | Terraform-compliance |
 | **Documentation** | Terraform-docs, Terramate |
 | **Development** | Pre-commit, Commitizen, TFLint |

{thothctl-0.15.4 → thothctl-0.16.2}/docs/framework/use_cases/README.md RENAMED Viewed

@@ -31,7 +31,7 @@ Complete AI-assisted IaC development workflow with Kiro CLI and MCP integration.
 - CI/CD integration patterns
 **Key Features:**
-- Multi-tool security scanning (Checkov, Trivy, TFSec, Snyk)
+- Multi-tool security scanning (Checkov, Trivy, KICS, OPA)
 - Real-time AWS cost estimation
 - ITIL v4 change impact assessment
 - Compliance enforcement
@@ -146,7 +146,7 @@ kiro-cli chat --agent thoth
 ### Security & Compliance
 - `thothctl scan iac` - Security scanning with Checkov (default)
-- `thothctl scan iac -t checkov -t trivy -t tfsec` - Multi-tool scanning
+- `thothctl scan iac -t checkov -t trivy -t trivy` - Multi-tool scanning
 ### Documentation
 - `thothctl document iac` - Generate documentation

{thothctl-0.15.4 → thothctl-0.16.2}/docs/framework/use_cases/ai_dlc.md RENAMED Viewed

@@ -242,7 +242,7 @@ You: "Generate documentation for all modules"
 ```bash
 thothctl scan iac --tool checkov
 thothctl scan iac --tool trivy
-thothctl scan iac --tool tfsec
+thothctl scan iac --tool trivy
 # Review multiple reports...
 ```
@@ -369,7 +369,7 @@ thothctl init env
 # This will install:
 # - Kiro CLI
 # - Terraform/OpenTofu
-# - Security scanners (Checkov, Trivy, TFSec)
+# - Security scanners (Checkov, Trivy, Trivy)
 # - Other DevSecOps tools
 ```
@@ -430,7 +430,7 @@ Kiro: "I'll run a comprehensive security scan using ThothCTL.
 📊 Security Scan Results:
 - Checkov: 3 HIGH, 5 MEDIUM, 12 LOW
 - Trivy: 1 CRITICAL, 2 HIGH
-- TFSec: 4 HIGH, 8 MEDIUM
+- Trivy: 4 HIGH, 8 MEDIUM
 🔴 Critical Issues:
 1. S3 bucket without encryption (s3.tf:15)
@@ -516,7 +516,7 @@ thothctl document iac --recursive
 # Step 5: Run security scans
 thothctl scan iac --tool checkov
 thothctl scan iac --tool trivy
-thothctl scan iac --tool tfsec
+thothctl scan iac --tool trivy
 # Step 6: Create Terraform plan
 terraform init

{thothctl-0.15.4 → thothctl-0.16.2}/docs/framework/use_cases/devsecops_quickstart.md RENAMED Viewed

@@ -45,7 +45,6 @@ thothctl dashboard launch
 # Run all security scanners
 thothctl scan iac --tool checkov
 thothctl scan iac --tool trivy
-thothctl scan iac --tool tfsec
 # View consolidated results
 thothctl dashboard launch

{thothctl-0.15.4 → thothctl-0.16.2}/docs/framework/use_cases/devsecops_sdlc.md RENAMED Viewed

@@ -45,7 +45,7 @@ graph TB
 | **Develop** | Environment validation, Structure enforcement, Standards | `check environment`, `check iac --type structure` |
 | **Build** | Dependency management, Version tracking, Inventory | `inventory iac --check-versions` |
 | **Test** | Plan validation, Impact analysis, Change assessment | `check iac --type plan`, `--type blast-radius` |
-| **Secure** | Security scanning, Compliance validation, CVE detection | `scan iac --tool checkov/trivy/tfsec` |
+| **Secure** | Security scanning, Compliance validation, CVE detection | `scan iac --tool checkov/trivy/opa` |
 | **Deploy** | Pre-deployment validation, Risk gates, Approval workflow | `check iac --type all` |
 | **Operate** | Configuration management, Updates, Documentation | `project upgrade`, `document iac` |
 | **Monitor** | Continuous monitoring, Drift detection, Dashboards | `dashboard launch`, scheduled scans |
@@ -115,7 +115,7 @@ thothctl check environment
 **Validates:**
 - Terraform/OpenTofu/Terragrunt
-- Security scanners (Checkov, Trivy, TFSec)
+- Security scanners (Checkov, Trivy, KICS)
 - Documentation tools
 - Version control
@@ -246,10 +246,8 @@ thothctl scan iac --tool trivy --recursive
 - Insecure configurations
 - License issues
-#### 5.3 Scan with TFSec
 ```bash
 # Terraform-specific security
-thothctl scan iac --tool tfsec --recursive
 ```
 **Checks:**
@@ -408,7 +406,7 @@ thothctl check iac --type plan --plan-file tfplan.json
 # 5. SECURE: Run security scans
 thothctl scan iac --tool checkov
 thothctl scan iac --tool trivy
-thothctl scan iac --tool tfsec
+thothctl scan iac --tool trivy
 # 6. ASSESS: Check blast radius
 thothctl check iac --type blast-radius --plan-file tfplan.json

{thothctl-0.15.4 → thothctl-0.16.2}/docs/iac_devsecops_use_case.md RENAMED Viewed

@@ -55,7 +55,7 @@ Enable Check project structure and standard practices.
 ## Scan Code
 You can use the peerbot for scanning code using open source tools, the available tools are:
-* tfsec
+* trivy
 * checkov
 * terraform-compliance
@@ -65,17 +65,17 @@ You can use the peerbot for scanning code using open source tools, the available
 ```bash
 $ thothctl scan -h
-usage: thothctl scan [-h] [-s] [-t {tfsec,terraform-compliance,checkov}] [-op TOOL_OPTIONS] [-r REPORTS_PATH] [-b {single,xunit}] [-m {Teams}] [-w WEBHOOK] [-f FEATURE_PATH]
+usage: thothctl scan [-h] [-s] [-t {trivy,terraform-compliance,checkov}] [-op TOOL_OPTIONS] [-r REPORTS_PATH] [-b {single,xunit}] [-m {Teams}] [-w WEBHOOK] [-f FEATURE_PATH]
-Scan code using tools like checkov, tfsec, terraform-compliance
+Scan code using tools like checkov, trivy, terraform-compliance
 optional arguments:
   -h, --help            show this help message and exit
 Scan code options and flags:
   -s, --scan            Scan project
-  -t {tfsec,terraform-compliance,checkov}, --tool {tfsec,terraform-compliance,checkov}
-                        Use this flag for setting the tool of scanning tool. Allowed values are: tfsec, terraform-compliance or checkov, (default: checkov)
+  -t {trivy,terraform-compliance,checkov}, --tool {trivy,terraform-compliance,checkov}
+                        Use this flag for setting the tool of scanning tool. Allowed values are: trivy, terraform-compliance or checkov, (default: checkov)
   -op TOOL_OPTIONS, --tool_options TOOL_OPTIONS
                         Use for passing more arguments for your tool. Use with -t option
   -r REPORTS_PATH, --reports_path REPORTS_PATH
@@ -93,7 +93,7 @@ Scan code options and flags:
 The command line example:
 ```commandline
-# thothctl -d . scan --tool tfsec   --browser_reports xunit
+# thothctl -d . scan --tool trivy   --browser_reports xunit
 ```

{thothctl-0.15.4 → thothctl-0.16.2}/docs/index.md RENAMED Viewed

@@ -26,7 +26,7 @@ pip install thothctl
 |---------|-------------|
 | `init` | Initialize and configure projects, spaces, environments |
 | `check` | Validate IaC structure, cost analysis, blast radius, drift detection |
-| `scan` | Security scanning with Checkov, Trivy, KICS, TFSec |
+| `scan` | Security scanning with Checkov, Trivy, KICS, OPA |
 | `inventory` | Dependency tracking, version analysis, professional reports |
 | `document` | Auto-generate documentation for IaC modules |
 | `generate` | Generate components and stacks from rules |
@@ -52,7 +52,6 @@ pip install thothctl
 | **Security** | [Checkov](https://www.checkov.io/) | Native (pip) |
 | **Security** | [Trivy](https://trivy.dev/) | CLI binary |
 | **Security** | [KICS](https://docs.kics.io/) | Docker container |
-| **Security** | [TFSec](https://aquasecurity.github.io/tfsec/) | CLI binary |
 | **Docs** | [Terraform-docs](https://terraform-docs.io/) | CLI binary |
 | **AI** | [OpenAI](https://platform.openai.com/) | GPT-4 Turbo |
 | **AI** | [AWS Bedrock](https://aws.amazon.com/bedrock/) | Claude Sonnet (InvokeModel + Agent) |

{thothctl-0.15.4 → thothctl-0.16.2}/pyproject.toml RENAMED Viewed

@@ -74,7 +74,8 @@ classifiers = [
 ]
 [project.urls]
-"Homepage" = "https://github.com/thothforge/thothctl"
+"SourceCode" = "https://github.com/thothforge/thothctl"
+"HomePage" = "https://github.com/thothforge/thothctl"
 [tool.hatch.version]
 path = "src/thothctl/version.py"

thothctl 0.15.4__tar.gz → 0.16.2__tar.gz

thothctl 0.15.4tar.gz → 0.16.2tar.gz