Expand description
cc-audit - Security scanner for Claude Code configurations.
This crate is organized into the following 7-layer architecture:
- L1 (input/): Input handling (CLI, stdin)
- L2 (config/): Configuration loading and validation
- L3 (discovery/): Target file discovery and filtering
- L4 (parser/): Content parsing for various file formats
- L5 (engine/): Detection engine and rule matching
- L6 (aggregator/): Result aggregation and scoring
- L7 (output/): Output formatting and reporting
Cross-cutting modules:
- rules/: Rule definitions and custom rules
- external/: External integrations (hooks, MCP, watch)
- runtime/: Execution control and pipeline (v1.x skeleton)
- types/: Common type definitions
Re-exports§
pub use cli::BadgeFormat;pub use cli::Cli;pub use cli::OutputFormat;pub use cli::ScanType;pub use client::ClientType;pub use client::DetectedClient;pub use client::detect_client;pub use client::detect_installed_clients;pub use client::list_installed_clients;pub use config::Config;pub use config::ConfigError;pub use config::TextFilesConfig;pub use config::WatchConfig;pub use profile::Profile;pub use profile::profile_from_cli;pub use discovery::DirectoryWalker;pub use discovery::WalkConfig;pub use ignore::IgnoreFilter;pub use parser::ContentParser;pub use parser::ContentType;pub use parser::DockerfileParser;pub use parser::FrontmatterParser;pub use parser::JsonParser;pub use parser::MarkdownParser;pub use parser::ParsedContent;pub use parser::ParserRegistry;pub use parser::TomlParser;pub use parser::YamlParser;pub use context::ContentContext;pub use context::ContextDetector;pub use cve_db::CveDatabase;pub use cve_db::CveDbError;pub use cve_db::CveEntry;pub use deobfuscation::DecodedContent;pub use deobfuscation::Deobfuscator;pub use engine::traits::AnalysisMetadata;pub use engine::traits::AnalysisResult;pub use engine::traits::DetectionEngine;pub use engine::traits::EngineConfig;pub use engine::CommandScanner;pub use engine::ContentScanner;pub use engine::DependencyScanner;pub use engine::DockerScanner;pub use engine::HookScanner;pub use engine::McpScanner;pub use engine::PluginScanner;pub use engine::RulesDirScanner;pub use engine::ScanError;pub use engine::Scanner;pub use engine::ScannerConfig;pub use engine::SkillScanner;pub use engine::SubagentScanner;pub use malware_db::MalwareDatabase;pub use malware_db::MalwareDbError;pub use rules::Confidence;pub use rules::CustomRuleError;pub use rules::CustomRuleLoader;pub use rules::DynamicRule;pub use rules::Finding;pub use rules::RuleEngine;pub use rules::RuleSeverity;pub use rules::ScanResult;pub use rules::Severity;pub use rules::Summary;pub use aggregator::FindingCollector;pub use aggregator::SummaryBuilder;pub use baseline::Baseline;pub use baseline::DriftEntry;pub use baseline::DriftReport;pub use scoring::CategoryScore;pub use scoring::RiskLevel;pub use scoring::RiskScore;pub use scoring::SeverityBreakdown;pub use output::OutputFormatter;pub use reporter::Reporter;pub use reporter::html::HtmlReporter;pub use reporter::json::JsonReporter;pub use reporter::markdown::MarkdownReporter;pub use reporter::sarif::SarifReporter;pub use reporter::terminal::TerminalReporter;pub use run::ScanMode;pub use run::WatchModeResult;pub use run::format_result;pub use run::is_text_file;pub use run::is_text_file_with_config;pub use run::run_scan;pub use run::scan_path_with_cve_db;pub use run::scan_path_with_malware_db;pub use run::setup_watch_mode;pub use run::watch_iteration;pub use runtime::HookRunner;pub use runtime::Pipeline;pub use runtime::PipelineStage;pub use runtime::ScanContext;pub use runtime::ScanExecutor;pub use error::AuditError;pub use error::Result;pub use feedback::FalsePositiveReport;pub use feedback::ReportSubmitter;pub use feedback::SubmitResult;pub use feedback::SubmitTarget;pub use fix::AutoFixer;pub use fix::Fix;pub use fix::FixResult;pub use hooks::HookError;pub use hooks::HookInstaller;pub use mcp_server::McpServer;pub use pinning::PinMismatch;pub use pinning::PinVerifyResult;pub use pinning::PinnedTool;pub use pinning::ToolPins;pub use proxy::InterceptAction;pub use proxy::MessageInterceptor;pub use proxy::ProxyConfig;pub use proxy::ProxyLogger;pub use proxy::ProxyServer;pub use remote::ClonedRepo;pub use remote::GitCloner;pub use remote::RemoteError;pub use remote::parse_github_url;pub use sbom::Component;pub use sbom::ComponentType;pub use sbom::CycloneDxBom;pub use sbom::DependencyExtractor;pub use sbom::SbomBuilder;pub use sbom::SbomFormat;pub use trusted_domains::TrustedDomain;pub use trusted_domains::TrustedDomainMatcher;pub use types::AuthToken;pub use types::FileHash;pub use types::GitRef;pub use types::PathValidationError;pub use types::RuleId;pub use types::ScanTarget;pub use watch::FileWatcher;
Modules§
- aggregator
- Aggregation layer (L6).
- baseline
- cli
- client
- AI coding client detection and configuration paths.
- config
- Configuration layer (L2) for cc-audit.
- context
- Content context detection for reducing false positives.
- cve_db
- CVE database for known vulnerabilities in AI coding tools.
- deobfuscation
- discovery
- Discovery layer (L3) for scan target enumeration.
- engine
- Detection engine layer (L5).
- error
- Error types for cc-audit.
- external
- External integrations (横断層).
- feedback
- Feedback module for false positive reporting.
- fix
- handlers
- CLI command handlers.
- hook_
mode - Claude Code Hook integration module.
- hooks
- ignore
- input
- Input layer (L1) for input source abstraction.
- malware_
db - mcp_
server - output
- Output layer (L7).
- parser
- Content parsing layer (L4).
- pinning
- MCP tool pinning for rug-pull attack detection.
- profile
- proxy
- Proxy module for runtime MCP message interception.
- remote
- Remote repository scanning module
- reporter
- rules
- run
- Scan execution and orchestration.
- runtime
- Runtime execution control (横断層).
- sbom
- SBOM (Software Bill of Materials) generation module.
- scanner
- Security scanner module.
- scoring
- suppression
- trusted_
domains - Trusted domain matcher for reducing false positives.
- types
- Type-safe wrapper types for improved compile-time guarantees.
- watch
Macros§
- impl_
content_ scanner - Implements the ContentScanner trait for scanners that use default content scanning.
- impl_
scanner_ builder - Implements common scanner builder methods for structs with a
config: ScannerConfigfield. - impl_
simple_ file_ scanner - Implements a simple Scanner trait for file-based scanners.