From 63ebefd43d7878def53100fb77a4deea37be1fd6 Mon Sep 17 00:00:00 2001 From: 7000pctAUTO Date: Mon, 2 Feb 2026 21:30:24 +0000 Subject: [PATCH] Initial commit: project structure and configuration --- README.md | 281 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 279 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3328f7f..1a85556 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,280 @@ -# depaudit-cli +# DepAudit CLI -A comprehensive CLI tool that audits project dependencies for security vulnerabilities, outdated packages, license compliance, and unused dependencies. \ No newline at end of file +A comprehensive CLI tool that audits project dependencies across multiple languages for security vulnerabilities, outdated packages, license compliance issues, and unused dependencies. + +## Features + +- **Multi-language support**: JavaScript/Node.js, Python, Go, Rust, Java/Maven +- **Security vulnerability scanning**: Query OSV and NVD databases for CVEs +- **Outdated package detection**: Check for newer versions on package registries +- **License compliance checking**: Validate against allowlist/blocklist +- **Unused dependency detection**: Find dependencies that aren't imported +- **Multiple output formats**: Table (with colors), JSON, or quiet mode +- **CI/CD integration**: Generate GitHub Actions and GitLab CI configurations + +## Installation + +### From PyPI + +```bash +pip install depaudit-cli +``` + +### From Source + +```bash +git clone https://github.com/depaudit/depaudit-cli +cd depaudit-cli +pip install -e . +``` + +### Using pipx + +```bash +pipx install depaudit-cli +``` + +## Quick Start + +Audit the current directory: + +```bash +depaudit audit . +``` + +Audit a specific project: + +```bash +depaudit audit /path/to/project +``` + +Output as JSON: + +```bash +depaudit audit . --format json --output results.json +``` + +Skip specific checks: + +```bash +depaudit audit . --skip-vulnerabilities --skip-licenses +``` + +Filter by severity: + +```bash +depaudit audit . --severity high +``` + +## Supported Languages + +| Language | Dependency Files | +|----------|-----------------| +| JavaScript/Node.js | `package.json`, `package-lock.json`, `yarn.lock` | +| Python | `requirements.txt`, `setup.py`, `pyproject.toml`, `Pipfile` | +| Go | `go.mod` | +| Rust | `Cargo.toml`, `Cargo.lock` | +| Java/Maven | `pom.xml`, `build.gradle` | + +## Usage + +### Command Options + +| Option | Description | +|--------|-------------| +| `--format` | Output format: `table`, `json`, or `quiet` | +| `--output` | Write output to file | +| `--no-color` | Disable colored output | +| `--no-cache` | Disable API response caching | +| `--severity` | Minimum severity: `critical`, `high`, `medium`, `low`, `all` | +| `--skip-vulnerabilities` | Skip CVE vulnerability scanning | +| `--skip-outdated` | Skip outdated package checking | +| `--skip-licenses` | Skip license compliance checking | +| `--skip-unused` | Skip unused dependency detection | +| `--verbose` | Enable verbose output | + +### CI/CD Generation + +Generate GitHub Actions workflow: + +```bash +depaudit generate-cicd github --schedule "0 0 * * 0" +``` + +Generate GitLab CI configuration: + +```bash +depaudit generate-cicd gitlab +``` + +## Configuration + +Create a `.depauditrc` file in your project root: + +```yaml +output: + format: table + color: true + verbosity: info + +vulnerabilities: + enabled: true + severity_filter: all + api: osv + cache_ttl: 86400 + +licenses: + enabled: true + allowlist: + - MIT + - Apache-2.0 + - BSD-3-Clause + blocklist: + - GPL-3.0 + - AGPL-3.0 + +cicd: + fail_on: + - critical + - high +``` + +## Output Formats + +### Table Output + +``` +============================================================ +DepAudit Report +============================================================ +Scanned Files: 5 +Scan Duration: 2.45s + +[VULNERABILITIES] ++-----------+-------------------------+---------+--------+--------+ +| Severity | Package | Current | Fixed | ID | ++-----------+-------------------------+---------+--------+--------+ +| CRITICAL | lodash | 4.17.15 | 4.17.21| CVE... | ++-----------+-------------------------+---------+--------+--------+ + +[OUTDATED PACKAGES] ++----------------------------+---------+---------+------------+ +| Package | Current | Latest | Update Type| ++----------------------------+---------+---------+------------+ +| express | 4.17.1 | 4.18.2 | minor | ++----------------------------+---------+---------+------------+ + +SEVERITY SUMMARY: + CRITICAL: 1 + HIGH: 0 + MEDIUM: 2 + LOW: 1 +============================================================ +``` + +### JSON Output + +```json +{ + "vulnerabilities": [...], + "outdated": [...], + "license_issues": [...], + "unused": [...], + "scanned_files": [...], + "scanned_count": 5, + "error_count": 0, + "scan_duration": 2.45, + "summary": { + "total_vulnerabilities": 4, + "severity_breakdown": { + "critical": 1, + "high": 0, + "medium": 2, + "low": 1 + }, + "total_outdated": 3, + "total_license_issues": 1, + "total_unused": 2 + } +} +``` + +## CI/CD Integration + +### GitHub Actions + +Generate a workflow file: + +```bash +depaudit generate-cicd github +``` + +This creates `.github/workflows/depaudit.yml` with: +- Scheduled scans (weekly by default) +- Scan on push to main +- Scan on PR creation +- Results uploaded as artifacts +- Comment on PR with summary + +### GitLab CI + +Generate a `.gitlab-ci.yml` section: + +```bash +depaudit generate-cicd gitlab +``` + +## Environment Variables + +| Variable | Description | +|----------|-------------| +| `DEPAUDIT_API_KEY` | API key for premium vulnerability databases | +| `DEPAUDIT_CACHE_DIR` | Custom cache directory | +| `DEPAUDIT_CONFIG_FILE` | Path to configuration file | +| `HTTP_PROXY` | HTTP proxy for API requests | +| `HTTPS_PROXY` | HTTPS proxy for API requests | + +## Exit Codes + +| Code | Description | +|------|-------------| +| 0 | No issues found or scan completed successfully | +| 1 | Issues found (configurable via `cicd.fail_on`) | +| 2 | Error during scan | + +## Development + +### Setup + +```bash +git clone https://github.com/depaudit/depaudit-cli +cd depaudit-cli +pip install -e ".[dev]" +``` + +### Running Tests + +```bash +pytest tests/ -v --cov=depaudit +``` + +### Linting + +```bash +black depaudit tests +ruff check depaudit tests +mypy depaudit +``` + +## Contributing + +1. Fork the repository +2. Create a feature branch +3. Make your changes +4. Add tests for new functionality +5. Run the test suite +6. Submit a pull request + +## License + +MIT License - see [LICENSE](LICENSE) for details.