linthis/security/mod.rs
1// Copyright 2024 zhlinh and linthis Project Authors. All rights reserved.
2// Use of this source code is governed by a MIT-style
3// license that can be found at
4//
5// https://opensource.org/license/MIT
6//
7// The above copyright notice and this permission
8// notice shall be included in all copies or
9// substantial portions of the Software.
10
11//! Security scanning module for dependency vulnerability detection.
12//!
13//! This module provides unified security scanning across multiple languages
14//! by integrating with language-specific security tools:
15//!
16//! ## SCA (Dependency Vulnerability Detection)
17//!
18//! - **Rust**: cargo-audit (RustSec Advisory Database)
19//! - **JavaScript/TypeScript**: npm audit
20//! - **Python**: pip-audit / safety
21//! - **Go**: govulncheck
22//! - **Java**: dependency-check (OWASP)
23//!
24//! ## SAST (Source Code Security Analysis)
25//!
26//! - **Multi-language**: OpenGrep / Semgrep (30+ languages)
27//! - **Python**: Bandit
28//! - **Go**: Gosec
29//! - **C/C++**: Flawfinder
30//!
31//! # Example
32//!
33//! ```rust,no_run
34//! use linthis::security::{SecurityScanner, ScanOptions};
35//! use std::path::PathBuf;
36//!
37//! let scanner = SecurityScanner::new();
38//! let options = ScanOptions {
39//! path: PathBuf::from("."),
40//! severity_threshold: Some("high".to_string()),
41//! ..Default::default()
42//! };
43//!
44//! let result = scanner.scan(&options).expect("Scan failed");
45//! println!("Found {} vulnerabilities", result.vulnerabilities.len());
46//! ```
47
48mod advisories;
49mod languages;
50pub mod report;
51pub mod sast;
52mod scanner;
53mod vulnerability;
54
55pub use advisories::AdvisoryDatabase;
56pub use report::{format_security_report, SecurityReport};
57pub use sast::{SastAggregator, SastResult, SastScanOptions};
58pub use scanner::{ScanOptions, ScanResult, SecurityScanner};
59pub use vulnerability::{Advisory, AffectedPackage, Severity, Vulnerability};