UNPKG

supamend

Version:

Pluggable DevSecOps Security Scanner with 10+ scanners and multiple reporting channels

github.com/zmelliti/supamend

zmelliti/supamend

107 lines 4.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.CheckovScanner = void 0; const child_process_1 = require("child_process"); class CheckovScanner { constructor() { this.name = 'checkov'; this.description = 'Scan infrastructure as code for security misconfigurations using Checkov'; this.version = '1.0.0'; } async init() { const isAvailable = await this.isAvailable(); if (!isAvailable) { throw new Error('Checkov is not installed. Please install it with: pip install checkov'); } } async scan(repoPath) { return new Promise((resolve, reject) => { const results = []; const args = [ '--directory', repoPath, '--output', 'json', '--quiet' ]; const isWindows = process.platform === 'win32'; const checkov = (0, child_process_1.spawn)('checkov', args, { shell: isWindows }); let stdout = ''; let stderr = ''; checkov.stdout.on('data', (data) => { stdout += data.toString(); }); checkov.stderr.on('data', (data) => { stderr += data.toString(); }); checkov.on('close', (code) => { try { // Checkov returns 1 when issues are found, 0 when no issues if (code === 0 || code === 1) { if (stdout.trim()) { const report = JSON.parse(stdout); const failedChecks = report.results?.failed_checks || []; for (const result of failedChecks) { results.push({ id: `checkov-${result.check_id}-${result.file_path}`, type: 'misconfiguration', severity: this.mapSeverity(result.severity), title: `Checkov: ${result.check_name}`, description: result.check_name, file: result.file_path.replace(/^\//, ''), line: result.file_line_range?.[0] || 0, column: 0, rule: result.check_id, scanner: this.name, timestamp: new Date(), metadata: { resource: result.resource, guideline: result.guideline, check_class: result.check_class } }); } } } resolve(results); } catch (error) { reject(new Error(`Failed to parse Checkov results: ${error}`)); } }); checkov.on('error', (error) => { reject(new Error(`Checkov execution failed: ${error.message}`)); }); }); } async isAvailable() { return new Promise((resolve) => { try { const isWindows = process.platform === 'win32'; const checkov = (0, child_process_1.spawn)('checkov', ['--version'], { shell: isWindows }); checkov.on('close', (code) => { resolve(code === 0); }); checkov.on('error', () => { resolve(false); }); } catch (error) { resolve(false); } }); } mapSeverity(severity) { if (!severity) return 'medium'; const sev = severity.toLowerCase(); if (sev.includes('critical')) return 'critical'; if (sev.includes('high')) return 'high'; if (sev.includes('medium')) return 'medium'; return 'low'; } } exports.CheckovScanner = CheckovScanner; exports.default = new CheckovScanner(); //# sourceMappingURL=checkov.js.map