supamend
Version:
Pluggable DevSecOps Security Scanner with 10+ scanners and multiple reporting channels
117 lines • 4.83 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.ProjectDetector = void 0;
const fs = __importStar(require("fs-extra"));
const path = __importStar(require("path"));
class ProjectDetector {
static async detectProject(repoPath) {
const types = [];
const scanners = [];
// Always include basic scanners
scanners.push('gitleaks'); // Always scan for secrets
// Check for Node.js project
if (await fs.pathExists(path.join(repoPath, 'package.json'))) {
types.push('Node.js');
scanners.push('npm-audit');
// Check for yarn
if (await fs.pathExists(path.join(repoPath, 'yarn.lock'))) {
scanners.push('yarn-audit');
}
// Check for JavaScript/TypeScript files
const hasJsTs = await this.hasFiles(repoPath, ['.js', '.ts', '.jsx', '.tsx']);
if (hasJsTs) {
scanners.push('eslint-security');
}
}
// Check for Python project
const hasPython = await this.hasFiles(repoPath, ['.py']) ||
await fs.pathExists(path.join(repoPath, 'requirements.txt')) ||
await fs.pathExists(path.join(repoPath, 'setup.py')) ||
await fs.pathExists(path.join(repoPath, 'pyproject.toml'));
if (hasPython) {
types.push('Python');
scanners.push('bandit', 'safety');
}
// Check for Docker
if (await fs.pathExists(path.join(repoPath, 'Dockerfile')) ||
await fs.pathExists(path.join(repoPath, 'docker-compose.yml'))) {
types.push('Docker');
scanners.push('hadolint');
}
// Check for Infrastructure as Code
const hasIaC = await this.hasFiles(repoPath, ['.tf', '.yaml', '.yml']) ||
await this.hasFiles(repoPath, ['.json'], ['cloudformation', 'template']);
if (hasIaC) {
types.push('Infrastructure');
scanners.push('checkov');
}
// Always add comprehensive scanners
scanners.push('trivy', 'semgrep');
// Remove duplicates
const uniqueScanners = [...new Set(scanners)];
return {
type: types.length > 0 ? types : ['Generic'],
suggestedScanners: uniqueScanners,
description: this.generateDescription(types)
};
}
static async hasFiles(repoPath, extensions, keywords = []) {
try {
const files = await fs.readdir(repoPath, { recursive: true });
return files.some(file => {
const ext = path.extname(file.toString());
const name = path.basename(file.toString()).toLowerCase();
const hasExtension = extensions.includes(ext);
const hasKeyword = keywords.length === 0 || keywords.some(keyword => name.includes(keyword));
return hasExtension && hasKeyword;
});
}
catch {
return false;
}
}
static generateDescription(types) {
if (types.length === 0)
return 'Generic project';
if (types.length === 1)
return `${types[0]} project`;
if (types.length === 2)
return `${types[0]} and ${types[1]} project`;
return `Multi-technology project (${types.join(', ')})`;
}
}
exports.ProjectDetector = ProjectDetector;
//# sourceMappingURL=project-detector.js.map