fixes

2026-06-10 23:29:22 +00:00 · 2026-01-02 15:29:43 +00:00
parent 1cbf6c5d9e
commit c6edad4402
34 changed files with 2842 additions and 449 deletions
@@ -125,9 +125,14 @@ type VulnerabilityThresholds struct {

 // ScannersConfig contains individual scanner configurations
 type ScannersConfig struct {
-	Trivy  TrivyConfig  `mapstructure:"trivy" json:"trivy"`
-	OSV    OSVConfig    `mapstructure:"osv" json:"osv"`
-	Static StaticConfig `mapstructure:"static" json:"static"`
+	Trivy        TrivyConfig        `mapstructure:"trivy" json:"trivy"`
+	OSV          OSVConfig          `mapstructure:"osv" json:"osv"`
+	Static       StaticConfig       `mapstructure:"static" json:"static"`
+	Grype        GrypeConfig        `mapstructure:"grype" json:"grype"`
+	Govulncheck  GovulncheckConfig  `mapstructure:"govulncheck" json:"govulncheck"`
+	NpmAudit     NpmAuditConfig     `mapstructure:"npm_audit" json:"npm_audit"`
+	PipAudit     PipAuditConfig     `mapstructure:"pip_audit" json:"pip_audit"`
+	GHSA         GHSAConfig         `mapstructure:"ghsa" json:"ghsa"`
 }

 // TrivyConfig contains Trivy scanner configuration
@@ -153,6 +158,37 @@ type StaticConfig struct {
 	AllowedLicenses []string `mapstructure:"allowed_licenses" json:"allowed_licenses"`
 }

+// GrypeConfig contains Grype scanner configuration
+type GrypeConfig struct {
+	Enabled bool          `mapstructure:"enabled" json:"enabled"`
+	Timeout time.Duration `mapstructure:"timeout" json:"timeout"`
+}
+
+// GovulncheckConfig contains govulncheck scanner configuration
+type GovulncheckConfig struct {
+	Enabled bool          `mapstructure:"enabled" json:"enabled"`
+	Timeout time.Duration `mapstructure:"timeout" json:"timeout"`
+}
+
+// NpmAuditConfig contains npm audit scanner configuration
+type NpmAuditConfig struct {
+	Enabled bool          `mapstructure:"enabled" json:"enabled"`
+	Timeout time.Duration `mapstructure:"timeout" json:"timeout"`
+}
+
+// PipAuditConfig contains pip-audit scanner configuration
+type PipAuditConfig struct {
+	Enabled bool          `mapstructure:"enabled" json:"enabled"`
+	Timeout time.Duration `mapstructure:"timeout" json:"timeout"`
+}
+
+// GHSAConfig contains GitHub Advisory Database scanner configuration
+type GHSAConfig struct {
+	Enabled bool          `mapstructure:"enabled" json:"enabled"`
+	Timeout time.Duration `mapstructure:"timeout" json:"timeout"`
+	Token   string        `mapstructure:"token" json:"-"` // GitHub token for higher rate limits (don't serialize)
+}
+
 // AuthConfig contains authentication configuration
 type AuthConfig struct {
 	Enabled       bool          `mapstructure:"enabled" json:"enabled"`
@@ -287,6 +323,27 @@ func Default() *Config {
 					CheckChecksums:  true,
 					BlockSuspicious: false,
 				},
+				Grype: GrypeConfig{
+					Enabled: false,
+					Timeout: 5 * time.Minute,
+				},
+				Govulncheck: GovulncheckConfig{
+					Enabled: false,
+					Timeout: 5 * time.Minute,
+				},
+				NpmAudit: NpmAuditConfig{
+					Enabled: false,
+					Timeout: 2 * time.Minute,
+				},
+				PipAudit: PipAuditConfig{
+					Enabled: false,
+					Timeout: 2 * time.Minute,
+				},
+				GHSA: GHSAConfig{
+					Enabled: false,
+					Timeout: 30 * time.Second,
+					Token:   "",
+				},
 			},
 		},
 		Auth: AuthConfig{