@bobmatnyc/ai-code-review
Version:
A TypeScript-based tool for automated code reviews using AI models from Google Gemini, Anthropic Claude, and OpenRouter
37 lines (36 loc) • 1.35 kB
TypeScript
/**
* @fileoverview OWASP Dependency-Check integration for package security analysis
*
* This module integrates with OWASP Dependency-Check to provide comprehensive
* dependency scanning and vulnerability detection for architectural and security reviews.
* OWASP Dependency-Check is an open-source solution that detects publicly disclosed
* vulnerabilities in project dependencies.
*/
/**
* Interface for security analysis results
*/
export interface SecurityAnalysisResults {
techStackReport: string;
vulnerabilityReport: string;
totalDependencies: number;
totalVulnerabilities: number;
criticalVulnerabilities: number;
highVulnerabilities: number;
mediumVulnerabilities: number;
lowVulnerabilities: number;
unmappedVulnerabilities: number;
scanSuccessful: boolean;
error?: string;
}
/**
* Run security analysis with OWASP Dependency-Check
* @param projectPath The path to the project
* @returns Security analysis results
*/
export declare function analyzeSecurityWithOwasp(projectPath: string): Promise<SecurityAnalysisResults>;
/**
* Create a dependency security section for reviews
* @param projectPath The path to the project
* @returns Security information formatted for inclusion in reviews
*/
export declare function createOwaspSecuritySection(projectPath: string): Promise<string>;