UNPKG

tops-bmad

Version:

CLI tool to install BMAD workflow files into any project with integrated Shai-Hulud 2.0 security scanning

57 lines (53 loc) 1.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: 'Shai-Hulud 2.0 Detector' description: 'Detect Shai-Hulud 2.0 npm supply chain attack - 790+ packages, SHA256 hashing, runner & backdoor detection' author: 'gensecaihq' branding: icon: 'shield' color: 'red' inputs: fail-on-critical: description: 'Fail the action if critical severity issues are found' required: false default: 'true' fail-on-high: description: 'Fail the action if high or critical severity issues are found' required: false default: 'false' fail-on-any: description: 'Fail the action if any compromised packages or security findings are detected' required: false default: 'false' scan-lockfiles: description: 'Scan lockfiles (package-lock.json, yarn.lock) for transitive dependencies' required: false default: 'true' scan-node-modules: description: 'Scan node_modules directory for installed packages' required: false default: 'false' output-format: description: 'Output format: text, json, or sarif' required: false default: 'text' working-directory: description: 'Directory to scan (defaults to repository root)' required: false default: '.' outputs: affected-count: description: 'Number of compromised packages found' security-findings-count: description: 'Number of security findings (suspicious scripts, TruffleHog, malicious runners, etc.)' status: description: 'Scan status: clean or affected' scan-time: description: 'Time taken to complete the scan in milliseconds' results: description: 'JSON array of compromised packages' security-findings: description: 'JSON array of security findings (suspicious scripts, exfiltration, runners, etc.)' sarif-file: description: 'Path to SARIF report file (when output-format is sarif)' runs: using: 'node20' main: 'dist/index.js'