UNPKG

ctrlshiftleft

Version:

AI-powered toolkit for embedding QA and security testing into development workflows

github.com/johngaspar/ctrlshiftleft

johngaspar/ctrlshiftleft

78 lines (69 loc) 2.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/** * Risk impact levels for security issues */ export type ImpactLevel = 'critical' | 'high' | 'medium' | 'low' | 'info'; /** * Likelihood levels for security issues */ export type LikelihoodLevel = 'very-high' | 'high' | 'medium' | 'low' | 'very-low'; /** * Security vulnerability classification using Common Weakness Enumeration */ export interface SecurityReference { cwe?: string; // Common Weakness Enumeration ID (e.g., 'CWE-79') owasp?: string; // OWASP category (e.g., 'A1:2021-Broken Access Control') description?: string; // Description of the standard url?: string; // Link to more information } /** * Detailed remediation guidance for security issues */ export interface RemediationInfo { description: string; // Human-readable remediation guidance codeExample?: string; // Code example showing fixed implementation effort?: 'high' | 'medium' | 'low'; // Estimated remediation effort priority?: 'immediate' | 'high' | 'medium' | 'low'; // Suggested fix priority } /** * Risk score calculation using CVSS or similar methodology */ export interface RiskScoreInfo { score: number; // Numeric score (e.g., 0-10 for CVSS) vector?: string; // Vector string (e.g., CVSS vector) impact: ImpactLevel; // Impact if exploited likelihood: LikelihoodLevel; // Likelihood of exploitation calculator?: string; // Method used (e.g., 'CVSS-3.1', 'OWASP Risk') } /** * Checklist item representing a QA or security check */ export interface ChecklistItem { id: string; title: string; description: string; category: string; severity: 'critical' | 'high' | 'medium' | 'low' | 'info'; verification?: string; status?: 'pending' | 'passed' | 'failed' | 'na'; comments?: string; file?: string; // Source file containing the issue lineNumber?: number; // Approximate line number of the issue codeSnippet?: string; // Relevant code snippet // Enhanced security information (only for security items) references?: SecurityReference[]; remediation?: RemediationInfo; riskScore?: RiskScoreInfo; // Additional metadata createdAt?: string; // ISO date string when the item was created updatedAt?: string; // ISO date string when the item was last updated } /** * Complete checklist with metadata and items */ export interface Checklist { title: string; description: string; categories: string[]; items: ChecklistItem[]; markdown?: string; // Optional markdown representation }