@re-shell/cli
Version:
Full-stack development platform uniting microservices and microfrontends. Build complete applications with .NET (ASP.NET Core Web API, Minimal API), Java (Spring Boot, Quarkus, Micronaut, Vert.x), Rust (Actix-Web, Warp, Rocket, Axum), Python (FastAPI, Dja
364 lines (363 loc) • 10.5 kB
TypeScript
import { EventEmitter } from 'events';
export interface SecurityScanConfig {
scanners?: SecurityScannerConfig[];
vulnerabilityDatabase?: VulnerabilityDatabase;
customRules?: SecurityRule[];
thresholds?: SecurityThresholds;
includePatterns?: string[];
excludePatterns?: string[];
generateReport?: boolean;
outputPath?: string;
integrations?: SecurityIntegration[];
}
export interface SecurityScannerConfig {
name: 'npm-audit' | 'snyk' | 'semgrep' | 'bandit' | 'eslint-security' | 'custom';
config?: any;
enabled?: boolean;
severity?: SecuritySeverity[];
}
export interface VulnerabilityDatabase {
source: 'nvd' | 'snyk' | 'github' | 'custom';
updateInterval?: number;
customFeed?: string;
}
export interface SecurityRule {
id: string;
name: string;
description: string;
severity: SecuritySeverity;
category: SecurityCategory;
cwe?: string;
owasp?: string;
pattern?: RegExp;
check: (file: FileContent) => SecurityViolation[];
remediation?: string;
}
export interface SecurityThresholds {
critical: number;
high: number;
medium: number;
low: number;
total: number;
}
export interface SecurityIntegration {
type: 'github' | 'slack' | 'jira' | 'email' | 'webhook';
config: any;
events: SecurityEvent[];
}
export type SecuritySeverity = 'critical' | 'high' | 'medium' | 'low' | 'info';
export type SecurityCategory = 'injection' | 'authentication' | 'authorization' | 'cryptography' | 'configuration' | 'sensitive-data' | 'dependency' | 'xss' | 'csrf' | 'xxe' | 'deserialization' | 'other';
export type SecurityEvent = 'vulnerability-found' | 'threshold-exceeded' | 'scan-complete' | 'critical-issue';
export interface FileContent {
path: string;
content: string;
type: 'source' | 'config' | 'dependency' | 'build' | 'other';
language?: string;
}
export interface SecurityViolation {
line: number;
column?: number;
message: string;
severity: SecuritySeverity;
category: SecurityCategory;
cwe?: string;
owasp?: string;
evidence?: string;
remediation?: string;
}
export interface SecurityVulnerability {
id: string;
title: string;
description: string;
severity: SecuritySeverity;
category: SecurityCategory;
cwe?: string;
cvss?: CVSSScore;
affected: AffectedComponent[];
discovered: Date;
source: string;
references: string[];
remediation: RemediationAdvice;
}
export interface CVSSScore {
version: '2.0' | '3.0' | '3.1';
score: number;
vector: string;
impact: number;
exploitability: number;
}
export interface AffectedComponent {
type: 'dependency' | 'code' | 'configuration';
name: string;
version?: string;
path?: string;
fixedVersion?: string;
}
export interface RemediationAdvice {
priority: 'immediate' | 'high' | 'medium' | 'low';
effort: string;
steps: string[];
alternativeApproaches?: string[];
automatedFix?: boolean;
}
export interface SecurityScanResult {
projectPath: string;
timestamp: Date;
summary: SecuritySummary;
vulnerabilities: SecurityVulnerability[];
dependencies: DependencyAnalysis;
codeAnalysis: CodeSecurityAnalysis;
configurationAnalysis: ConfigurationAnalysis;
scanners: ScannerResult[];
metrics: SecurityMetrics;
trends?: SecurityTrend[];
}
export interface SecuritySummary {
totalVulnerabilities: number;
criticalCount: number;
highCount: number;
mediumCount: number;
lowCount: number;
riskScore: number;
complianceScore: number;
recommendations: string[];
}
export interface DependencyAnalysis {
totalDependencies: number;
vulnerableDependencies: number;
outdatedDependencies: number;
licenseIssues: LicenseIssue[];
dependencyTree: DependencyNode[];
recommendations: DependencyRecommendation[];
}
export interface LicenseIssue {
dependency: string;
version: string;
license: string;
risk: 'high' | 'medium' | 'low';
reason: string;
}
export interface DependencyNode {
name: string;
version: string;
vulnerabilities: number;
children: DependencyNode[];
}
export interface DependencyRecommendation {
dependency: string;
currentVersion: string;
recommendedVersion: string;
reason: string;
urgency: 'critical' | 'high' | 'medium' | 'low';
}
export interface CodeSecurityAnalysis {
totalFiles: number;
vulnerableFiles: number;
patterns: SecurityPattern[];
hotspots: SecurityHotspot[];
recommendations: string[];
}
export interface SecurityPattern {
pattern: string;
category: SecurityCategory;
occurrences: number;
files: string[];
severity: SecuritySeverity;
}
export interface SecurityHotspot {
file: string;
line: number;
function?: string;
category: SecurityCategory;
severity: SecuritySeverity;
description: string;
remediation: string;
}
export interface ConfigurationAnalysis {
files: ConfigFile[];
issues: ConfigurationIssue[];
recommendations: string[];
}
export interface ConfigFile {
path: string;
type: 'package.json' | 'dockerfile' | 'nginx' | 'env' | 'ci' | 'other';
issues: ConfigurationIssue[];
securityScore: number;
}
export interface ConfigurationIssue {
file: string;
line?: number;
setting: string;
issue: string;
severity: SecuritySeverity;
remediation: string;
}
export interface ScannerResult {
scanner: string;
success: boolean;
duration: number;
vulnerabilities: number;
errors?: string[];
rawOutput?: string;
}
export interface SecurityMetrics {
riskDistribution: Record<SecuritySeverity, number>;
categoryDistribution: Record<SecurityCategory, number>;
coverageMetrics: SecurityCoverage;
complianceMetrics: ComplianceMetrics;
}
export interface SecurityCoverage {
codeScanned: number;
dependenciesScanned: number;
configurationScanned: number;
totalCoverage: number;
}
export interface ComplianceMetrics {
owasp: OWASPCompliance;
cwe: CWECompliance;
pci: boolean;
hipaa: boolean;
gdpr: boolean;
}
export interface OWASPCompliance {
top10Coverage: number;
issuesFound: Array<{
category: string;
count: number;
}>;
}
export interface CWECompliance {
top25Coverage: number;
issuesFound: Array<{
cwe: string;
count: number;
}>;
}
export interface SecurityTrend {
date: Date;
vulnerabilities: number;
riskScore: number;
newVulnerabilities: number;
fixedVulnerabilities: number;
}
export interface SecurityReport {
summary: SecurityReportSummary;
scan: SecurityScanResult;
actionPlan: SecurityActionItem[];
compliance: ComplianceReport;
trends: SecurityTrendAnalysis;
timestamp: Date;
}
export interface SecurityReportSummary {
riskLevel: 'critical' | 'high' | 'medium' | 'low';
totalVulnerabilities: number;
criticalIssues: number;
complianceScore: number;
trend: 'improving' | 'degrading' | 'stable';
lastScan: Date;
}
export interface SecurityActionItem {
priority: 'critical' | 'high' | 'medium' | 'low';
category: SecurityCategory;
title: string;
description: string;
effort: string;
impact: string;
vulnerabilities: string[];
automatedFix: boolean;
}
export interface ComplianceReport {
frameworks: ComplianceFramework[];
overallScore: number;
gaps: ComplianceGap[];
}
export interface ComplianceFramework {
name: string;
score: number;
requirements: ComplianceRequirement[];
}
export interface ComplianceRequirement {
id: string;
description: string;
status: 'compliant' | 'non-compliant' | 'partial';
issues: string[];
}
export interface ComplianceGap {
framework: string;
requirement: string;
severity: SecuritySeverity;
description: string;
remediation: string;
}
export interface SecurityTrendAnalysis {
historical: SecurityTrend[];
predictions: SecurityPrediction[];
patterns: SecurityTrendPattern[];
}
export interface SecurityPrediction {
date: Date;
predictedVulnerabilities: number;
confidence: number;
factors: string[];
}
export interface SecurityTrendPattern {
pattern: string;
frequency: number;
impact: SecuritySeverity;
description: string;
}
export declare class SecurityScanner extends EventEmitter {
private config;
constructor(config: SecurityScanConfig);
scan(projectPath: string): Promise<SecurityScanResult>;
private analyzeDependencies;
private analyzeLicenses;
private analyzeCode;
private analyzeSourceFile;
private getBuiltInSecurityRules;
private getFileType;
private getLanguage;
private identifySecurityPatterns;
private generateCodeRecommendations;
private analyzeConfiguration;
private analyzeConfigFile;
private getConfigFileType;
private analyzePackageJson;
private analyzeDockerfile;
private analyzeEnvFile;
private analyzeGenericConfig;
private generateConfigRecommendations;
private runScanner;
private runNpmAudit;
private runSnyk;
private runSemgrep;
private runESLintSecurity;
private aggregateVulnerabilities;
private calculateSecurityMetrics;
private calculateOWASPCoverage;
private getOWASPIssues;
private calculateCWECoverage;
private getCWEIssues;
private generateSummary;
private calculateRiskScore;
private calculateComplianceScore;
private generateSummaryRecommendations;
private calculateTrends;
generateReport(scanResult: SecurityScanResult): Promise<SecurityReport>;
private determineRiskLevel;
private generateActionPlan;
private generateComplianceReport;
private generateOWASPRequirements;
private generateCWERequirements;
private identifyComplianceGaps;
private generateTrendAnalysis;
private saveReport;
private generateHtmlReport;
private createEmptySummary;
private createEmptyDependencyAnalysis;
private createEmptyCodeAnalysis;
private createEmptyConfigAnalysis;
private createEmptyMetrics;
}
export declare function createSecurityRule(id: string, name: string, check: (file: FileContent) => SecurityViolation[]): SecurityRule;
export declare function scanSecurity(projectPath: string, config?: Partial<SecurityScanConfig>): Promise<SecurityReport>;