sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix formatting and clippy warnings across workspace
All checks were successful
CI / Format (push) Successful in 3s
Details
CI / Clippy (push) Successful in 2m15s
Details
CI / Security Audit (push) Successful in 1m34s
Details
CI / Tests (push) Successful in 3m4s
Details

Browse Source 
- Run cargo fmt on all crates
- Fix regex patterns using unsupported lookahead in patterns.rs
- Replace unwrap() calls with compile_regex() helper
- Fix never type fallback in GitHub tracker
- Fix redundant field name in findings page
- Allow enum_variant_names for Dioxus Route enum
- Fix &mut Vec -> &mut [T] clippy lint in sbom.rs
- Mark unused-but-intended APIs with #[allow(dead_code)]

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
2026-03-02 17:41:03 +01:00
parent 62196e5d74
commit 03ee69834d
37 changed files with 519 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
compliance-agent/src/api/handlers/mod.rs
View File

@@ -19,8 +19,12 @@ pub struct PaginationParams {
pub limit: i64, pub limit: i64,
} }
fn default_page() -> u64 { 1 } fn default_page() -> u64 {
fn default_limit() -> i64 { 50 } 1
}
fn default_limit() -> i64 {
50
}
#[derive(Deserialize)] #[derive(Deserialize)]
pub struct FindingsFilter { pub struct FindingsFilter {
@@ -73,7 +77,9 @@ pub struct AddRepositoryRequest {
pub scan_schedule: Option<String>, pub scan_schedule: Option<String>,
} }
fn default_branch() -> String { "main".to_string() } fn default_branch() -> String {
"main".to_string()
}
#[derive(Deserialize)] #[derive(Deserialize)]
pub struct UpdateStatusRequest { pub struct UpdateStatusRequest {
@@ -90,15 +96,43 @@ pub async fn health() -> Json<serde_json::Value> {
pub async fn stats_overview(Extension(agent): AgentExt) -> ApiResult<OverviewStats> { pub async fn stats_overview(Extension(agent): AgentExt) -> ApiResult<OverviewStats> {
let db = &agent.db; let db = &agent.db;
let total_repositories = db.repositories().count_documents(doc! {}).await.unwrap_or(0); let total_repositories = db
.repositories()
.count_documents(doc! {})
.await
.unwrap_or(0);
let total_findings = db.findings().count_documents(doc! {}).await.unwrap_or(0); let total_findings = db.findings().count_documents(doc! {}).await.unwrap_or(0);
let critical_findings = db.findings().count_documents(doc! { "severity": "critical" }).await.unwrap_or(0); let critical_findings = db
let high_findings = db.findings().count_documents(doc! { "severity": "high" }).await.unwrap_or(0); .findings()
let medium_findings = db.findings().count_documents(doc! { "severity": "medium" }).await.unwrap_or(0); .count_documents(doc! { "severity": "critical" })
let low_findings = db.findings().count_documents(doc! { "severity": "low" }).await.unwrap_or(0); .await
let total_sbom_entries = db.sbom_entries().count_documents(doc! {}).await.unwrap_or(0); .unwrap_or(0);
let high_findings = db
.findings()
.count_documents(doc! { "severity": "high" })
.await
.unwrap_or(0);
let medium_findings = db
.findings()
.count_documents(doc! { "severity": "medium" })
.await
.unwrap_or(0);
let low_findings = db
.findings()
.count_documents(doc! { "severity": "low" })
.await
.unwrap_or(0);
let total_sbom_entries = db
.sbom_entries()
.count_documents(doc! {})
.await
.unwrap_or(0);
let total_cve_alerts = db.cve_alerts().count_documents(doc! {}).await.unwrap_or(0); let total_cve_alerts = db.cve_alerts().count_documents(doc! {}).await.unwrap_or(0);
let total_issues = db.tracker_issues().count_documents(doc! {}).await.unwrap_or(0); let total_issues = db
.tracker_issues()
.count_documents(doc! {})
.await
.unwrap_or(0);
let recent_scans: Vec<ScanRun> = match db let recent_scans: Vec<ScanRun> = match db
.scan_runs() .scan_runs()
@@ -135,9 +169,19 @@ pub async fn list_repositories(
) -> ApiResult<Vec<TrackedRepository>> { ) -> ApiResult<Vec<TrackedRepository>> {
let db = &agent.db; let db = &agent.db;
let skip = (params.page.saturating_sub(1)) * params.limit as u64; let skip = (params.page.saturating_sub(1)) * params.limit as u64;
let total = db.repositories().count_documents(doc! {}).await.unwrap_or(0); let total = db
.repositories()
.count_documents(doc! {})
.await
.unwrap_or(0);
let repos = match db.repositories().find(doc! {}).skip(skip).limit(params.limit).await { let repos = match db
.repositories()
.find(doc! {})
.skip(skip)
.limit(params.limit)
.await
{
Ok(cursor) => collect_cursor_async(cursor).await, Ok(cursor) => collect_cursor_async(cursor).await,
Err(_) => Vec::new(), Err(_) => Vec::new(),
}; };
@@ -208,9 +252,20 @@ pub async fn list_findings(
} }
let skip = (filter.page.saturating_sub(1)) * filter.limit as u64; let skip = (filter.page.saturating_sub(1)) * filter.limit as u64;
let total = db.findings().count_documents(query.clone()).await.unwrap_or(0); let total = db
.findings()
.count_documents(query.clone())
.await
.unwrap_or(0);
let findings = match db.findings().find(query).sort(doc! { "created_at": -1 }).skip(skip).limit(filter.limit).await { let findings = match db
.findings()
.find(query)
.sort(doc! { "created_at": -1 })
.skip(skip)
.limit(filter.limit)
.await
{
Ok(cursor) => collect_cursor_async(cursor).await, Ok(cursor) => collect_cursor_async(cursor).await,
Err(_) => Vec::new(), Err(_) => Vec::new(),
}; };
@@ -268,9 +323,19 @@ pub async fn list_sbom(
) -> ApiResult<Vec<SbomEntry>> { ) -> ApiResult<Vec<SbomEntry>> {
let db = &agent.db; let db = &agent.db;
let skip = (params.page.saturating_sub(1)) * params.limit as u64; let skip = (params.page.saturating_sub(1)) * params.limit as u64;
let total = db.sbom_entries().count_documents(doc! {}).await.unwrap_or(0); let total = db
.sbom_entries()
.count_documents(doc! {})
.await
.unwrap_or(0);
let entries = match db.sbom_entries().find(doc! {}).skip(skip).limit(params.limit).await { let entries = match db
.sbom_entries()
.find(doc! {})
.skip(skip)
.limit(params.limit)
.await
{
Ok(cursor) => collect_cursor_async(cursor).await, Ok(cursor) => collect_cursor_async(cursor).await,
Err(_) => Vec::new(), Err(_) => Vec::new(),
}; };
@@ -288,9 +353,20 @@ pub async fn list_issues(
) -> ApiResult<Vec<TrackerIssue>> { ) -> ApiResult<Vec<TrackerIssue>> {
let db = &agent.db; let db = &agent.db;
let skip = (params.page.saturating_sub(1)) * params.limit as u64; let skip = (params.page.saturating_sub(1)) * params.limit as u64;
let total = db.tracker_issues().count_documents(doc! {}).await.unwrap_or(0); let total = db
.tracker_issues()
.count_documents(doc! {})
.await
.unwrap_or(0);
let issues = match db.tracker_issues().find(doc! {}).sort(doc! { "created_at": -1 }).skip(skip).limit(params.limit).await { let issues = match db
.tracker_issues()
.find(doc! {})
.sort(doc! { "created_at": -1 })
.skip(skip)
.limit(params.limit)
.await
{
Ok(cursor) => collect_cursor_async(cursor).await, Ok(cursor) => collect_cursor_async(cursor).await,
Err(_) => Vec::new(), Err(_) => Vec::new(),
}; };
@@ -310,7 +386,14 @@ pub async fn list_scan_runs(
let skip = (params.page.saturating_sub(1)) * params.limit as u64; let skip = (params.page.saturating_sub(1)) * params.limit as u64;
let total = db.scan_runs().count_documents(doc! {}).await.unwrap_or(0); let total = db.scan_runs().count_documents(doc! {}).await.unwrap_or(0);
let scans = match db.scan_runs().find(doc! {}).sort(doc! { "started_at": -1 }).skip(skip).limit(params.limit).await { let scans = match db
.scan_runs()
.find(doc! {})
.sort(doc! { "started_at": -1 })
.skip(skip)
.limit(params.limit)
.await
{
Ok(cursor) => collect_cursor_async(cursor).await, Ok(cursor) => collect_cursor_async(cursor).await,
Err(_) => Vec::new(), Err(_) => Vec::new(),
}; };

10
compliance-agent/src/api/routes.rs
View File

@@ -9,10 +9,16 @@ pub fn build_router() -> Router {
.route("/api/v1/stats/overview", get(handlers::stats_overview)) .route("/api/v1/stats/overview", get(handlers::stats_overview))
.route("/api/v1/repositories", get(handlers::list_repositories)) .route("/api/v1/repositories", get(handlers::list_repositories))
.route("/api/v1/repositories", post(handlers::add_repository)) .route("/api/v1/repositories", post(handlers::add_repository))
.route("/api/v1/repositories/{id}/scan", post(handlers::trigger_scan)) .route(
"/api/v1/repositories/{id}/scan",
post(handlers::trigger_scan),
)
.route("/api/v1/findings", get(handlers::list_findings)) .route("/api/v1/findings", get(handlers::list_findings))
.route("/api/v1/findings/{id}", get(handlers::get_finding)) .route("/api/v1/findings/{id}", get(handlers::get_finding))
.route("/api/v1/findings/{id}/status", patch(handlers::update_finding_status)) .route(
"/api/v1/findings/{id}/status",
patch(handlers::update_finding_status),
)
.route("/api/v1/sbom", get(handlers::list_sbom)) .route("/api/v1/sbom", get(handlers::list_sbom))
.route("/api/v1/issues", get(handlers::list_issues)) .route("/api/v1/issues", get(handlers::list_issues))
.route("/api/v1/scan-runs", get(handlers::list_scan_runs)) .route("/api/v1/scan-runs", get(handlers::list_scan_runs))

12
compliance-agent/src/config.rs
View File

@@ -18,8 +18,10 @@ fn env_secret_opt(key: &str) -> Option<SecretString> {
pub fn load_config() -> Result<AgentConfig, AgentError> { pub fn load_config() -> Result<AgentConfig, AgentError> {
Ok(AgentConfig { Ok(AgentConfig {
mongodb_uri: env_var("MONGODB_URI")?, mongodb_uri: env_var("MONGODB_URI")?,
mongodb_database: env_var_opt("MONGODB_DATABASE").unwrap_or_else(|| "compliance_scanner".to_string()), mongodb_database: env_var_opt("MONGODB_DATABASE")
litellm_url: env_var_opt("LITELLM_URL").unwrap_or_else(|| "http://localhost:4000".to_string()), .unwrap_or_else(|| "compliance_scanner".to_string()),
litellm_url: env_var_opt("LITELLM_URL")
.unwrap_or_else(|| "http://localhost:4000".to_string()),
litellm_api_key: SecretString::from(env_var_opt("LITELLM_API_KEY").unwrap_or_default()), litellm_api_key: SecretString::from(env_var_opt("LITELLM_API_KEY").unwrap_or_default()),
litellm_model: env_var_opt("LITELLM_MODEL").unwrap_or_else(|| "gpt-4o".to_string()), litellm_model: env_var_opt("LITELLM_MODEL").unwrap_or_else(|| "gpt-4o".to_string()),
github_token: env_secret_opt("GITHUB_TOKEN"), github_token: env_secret_opt("GITHUB_TOKEN"),
@@ -37,7 +39,9 @@ pub fn load_config() -> Result<AgentConfig, AgentError> {
.and_then(|p| p.parse().ok()) .and_then(|p| p.parse().ok())
.unwrap_or(3001), .unwrap_or(3001),
scan_schedule: env_var_opt("SCAN_SCHEDULE").unwrap_or_else(|| "0 0 */6 * * *".to_string()), scan_schedule: env_var_opt("SCAN_SCHEDULE").unwrap_or_else(|| "0 0 */6 * * *".to_string()),
cve_monitor_schedule: env_var_opt("CVE_MONITOR_SCHEDULE").unwrap_or_else(|| "0 0 0 * * *".to_string()), cve_monitor_schedule: env_var_opt("CVE_MONITOR_SCHEDULE")
git_clone_base_path: env_var_opt("GIT_CLONE_BASE_PATH").unwrap_or_else(|| "/tmp/compliance-scanner/repos".to_string()), .unwrap_or_else(|| "0 0 0 * * *".to_string()),
git_clone_base_path: env_var_opt("GIT_CLONE_BASE_PATH")
.unwrap_or_else(|| "/tmp/compliance-scanner/repos".to_string()),
}) })
} }

3
compliance-agent/src/database.rs
View File

@@ -1,6 +1,6 @@
use mongodb::bson::doc; use mongodb::bson::doc;
use mongodb::{Client, Collection, IndexModel};
use mongodb::options::IndexOptions; use mongodb::options::IndexOptions;
use mongodb::{Client, Collection, IndexModel};
use compliance_core::models::*; use compliance_core::models::*;
@@ -116,6 +116,7 @@ impl Database {
self.inner.collection("tracker_issues") self.inner.collection("tracker_issues")
} }
#[allow(dead_code)]
pub fn raw_collection(&self, name: &str) -> Collection<mongodb::bson::Document> { pub fn raw_collection(&self, name: &str) -> Collection<mongodb::bson::Document> {
self.inner.collection(name) self.inner.collection(name)
} }

47
compliance-agent/src/llm/client.rs
View File

@@ -58,7 +58,10 @@ impl LlmClient {
user_prompt: &str, user_prompt: &str,
temperature: Option<f64>, temperature: Option<f64>,
) -> Result<String, AgentError> { ) -> Result<String, AgentError> {
let url = format!("{}/v1/chat/completions", self.base_url.trim_end_matches('/')); let url = format!(
"{}/v1/chat/completions",
self.base_url.trim_end_matches('/')
);
let request_body = ChatCompletionRequest { let request_body = ChatCompletionRequest {
model: self.model.clone(), model: self.model.clone(),
@@ -87,19 +90,23 @@ impl LlmClient {
req = req.header("Authorization", format!("Bearer {key}")); req = req.header("Authorization", format!("Bearer {key}"));
} }
let resp = req.send().await.map_err(|e| { let resp = req
AgentError::Other(format!("LiteLLM request failed: {e}")) .send()
})?; .await
.map_err(|e| AgentError::Other(format!("LiteLLM request failed: {e}")))?;
if !resp.status().is_success() { if !resp.status().is_success() {
let status = resp.status(); let status = resp.status();
let body = resp.text().await.unwrap_or_default(); let body = resp.text().await.unwrap_or_default();
return Err(AgentError::Other(format!("LiteLLM returned {status}: {body}"))); return Err(AgentError::Other(format!(
"LiteLLM returned {status}: {body}"
)));
} }
let body: ChatCompletionResponse = resp.json().await.map_err(|e| { let body: ChatCompletionResponse = resp
AgentError::Other(format!("Failed to parse LiteLLM response: {e}")) .json()
})?; .await
.map_err(|e| AgentError::Other(format!("Failed to parse LiteLLM response: {e}")))?;
body.choices body.choices
.first() .first()
@@ -107,12 +114,16 @@ impl LlmClient {
.ok_or_else(|| AgentError::Other("Empty response from LiteLLM".to_string())) .ok_or_else(|| AgentError::Other("Empty response from LiteLLM".to_string()))
} }
#[allow(dead_code)]
pub async fn chat_with_messages( pub async fn chat_with_messages(
&self, &self,
messages: Vec<(String, String)>, messages: Vec<(String, String)>,
temperature: Option<f64>, temperature: Option<f64>,
) -> Result<String, AgentError> { ) -> Result<String, AgentError> {
let url = format!("{}/v1/chat/completions", self.base_url.trim_end_matches('/')); let url = format!(
"{}/v1/chat/completions",
self.base_url.trim_end_matches('/')
);
let request_body = ChatCompletionRequest { let request_body = ChatCompletionRequest {
model: self.model.clone(), model: self.model.clone(),
@@ -135,19 +146,23 @@ impl LlmClient {
req = req.header("Authorization", format!("Bearer {key}")); req = req.header("Authorization", format!("Bearer {key}"));
} }
let resp = req.send().await.map_err(|e| { let resp = req
AgentError::Other(format!("LiteLLM request failed: {e}")) .send()
})?; .await
.map_err(|e| AgentError::Other(format!("LiteLLM request failed: {e}")))?;
if !resp.status().is_success() { if !resp.status().is_success() {
let status = resp.status(); let status = resp.status();
let body = resp.text().await.unwrap_or_default(); let body = resp.text().await.unwrap_or_default();
return Err(AgentError::Other(format!("LiteLLM returned {status}: {body}"))); return Err(AgentError::Other(format!(
"LiteLLM returned {status}: {body}"
)));
} }
let body: ChatCompletionResponse = resp.json().await.map_err(|e| { let body: ChatCompletionResponse = resp
AgentError::Other(format!("Failed to parse LiteLLM response: {e}")) .json()
})?; .await
.map_err(|e| AgentError::Other(format!("Failed to parse LiteLLM response: {e}")))?;
body.choices body.choices
.first() .first()

9
compliance-agent/src/llm/descriptions.rs
View File

@@ -40,14 +40,19 @@ pub async fn generate_issue_description(
finding.title, finding.title,
finding.description, finding.description,
finding.file_path.as_deref().unwrap_or("N/A"), finding.file_path.as_deref().unwrap_or("N/A"),
finding.line_number.map(|n| n.to_string()).unwrap_or_else(|| "N/A".to_string()), finding
.line_number
.map(|n| n.to_string())
.unwrap_or_else(|| "N/A".to_string()),
finding.code_snippet.as_deref().unwrap_or("N/A"), finding.code_snippet.as_deref().unwrap_or("N/A"),
finding.cwe.as_deref().unwrap_or("N/A"), finding.cwe.as_deref().unwrap_or("N/A"),
finding.cve.as_deref().unwrap_or("N/A"), finding.cve.as_deref().unwrap_or("N/A"),
finding.remediation.as_deref().unwrap_or("N/A"), finding.remediation.as_deref().unwrap_or("N/A"),
); );
let response = llm.chat(DESCRIPTION_SYSTEM_PROMPT, &user_prompt, Some(0.3)).await?; let response = llm
.chat(DESCRIPTION_SYSTEM_PROMPT, &user_prompt, Some(0.3))
.await?;
// Extract title from first line, rest is body // Extract title from first line, rest is body
let mut lines = response.lines(); let mut lines = response.lines();

5
compliance-agent/src/llm/fixes.rs
View File

@@ -7,10 +7,7 @@ use crate::llm::LlmClient;
const FIX_SYSTEM_PROMPT: &str = r#"You are a security engineer. Given a security finding with code context, suggest a concrete code fix. Return ONLY the fixed code snippet that can directly replace the vulnerable code. Include brief inline comments explaining the fix."#; const FIX_SYSTEM_PROMPT: &str = r#"You are a security engineer. Given a security finding with code context, suggest a concrete code fix. Return ONLY the fixed code snippet that can directly replace the vulnerable code. Include brief inline comments explaining the fix."#;
pub async fn suggest_fix( pub async fn suggest_fix(llm: &Arc<LlmClient>, finding: &Finding) -> Result<String, AgentError> {
llm: &Arc<LlmClient>,
finding: &Finding,
) -> Result<String, AgentError> {
let user_prompt = format!( let user_prompt = format!(
"Suggest a fix for this vulnerability:\n\ "Suggest a fix for this vulnerability:\n\
Language context from file: {}\n\ Language context from file: {}\n\

21
compliance-agent/src/llm/pr_review.rs
View File

@@ -19,7 +19,10 @@ pub async fn generate_pr_review(
findings: &[Finding], findings: &[Finding],
) -> Result<(String, Vec<ReviewComment>), AgentError> { ) -> Result<(String, Vec<ReviewComment>), AgentError> {
if findings.is_empty() { if findings.is_empty() {
return Ok(("No security issues found in this PR.".to_string(), Vec::new())); return Ok((
"No security issues found in this PR.".to_string(),
Vec::new(),
));
} }
let findings_text: Vec<String> = findings let findings_text: Vec<String> = findings
@@ -30,7 +33,10 @@ pub async fn generate_pr_review(
severity = f.severity, severity = f.severity,
title = f.title, title = f.title,
file = f.file_path.as_deref().unwrap_or("unknown"), file = f.file_path.as_deref().unwrap_or("unknown"),
line = f.line_number.map(|n| n.to_string()).unwrap_or_else(|| "?".to_string()), line = f
.line_number
.map(|n| n.to_string())
.unwrap_or_else(|| "?".to_string()),
code = f.code_snippet.as_deref().unwrap_or("N/A"), code = f.code_snippet.as_deref().unwrap_or("N/A"),
rule = f.rule_id.as_deref().unwrap_or("N/A"), rule = f.rule_id.as_deref().unwrap_or("N/A"),
) )
@@ -43,7 +49,9 @@ pub async fn generate_pr_review(
findings_text.join("\n"), findings_text.join("\n"),
); );
let response = llm.chat(PR_REVIEW_SYSTEM_PROMPT, &user_prompt, Some(0.3)).await?; let response = llm
.chat(PR_REVIEW_SYSTEM_PROMPT, &user_prompt, Some(0.3))
.await?;
// Parse comments from LLM response // Parse comments from LLM response
let comments: Vec<ReviewComment> = serde_json::from_str::<Vec<PrComment>>(&response) let comments: Vec<ReviewComment> = serde_json::from_str::<Vec<PrComment>>(&response)
@@ -61,7 +69,12 @@ pub async fn generate_pr_review(
findings.len(), findings.len(),
findings findings
.iter() .iter()
.map(|f| format!("- **[{}]** {} in `{}`", f.severity, f.title, f.file_path.as_deref().unwrap_or("unknown"))) .map(|f| format!(
"- **[{}]** {} in `{}`",
f.severity,
f.title,
f.file_path.as_deref().unwrap_or("unknown")
))
.collect::<Vec<_>>() .collect::<Vec<_>>()
.join("\n"), .join("\n"),
); );

11
compliance-agent/src/llm/triage.rs
View File

@@ -28,7 +28,10 @@ pub async fn triage_findings(llm: &Arc<LlmClient>, findings: &mut Vec<Finding>)
finding.code_snippet.as_deref().unwrap_or("N/A"), finding.code_snippet.as_deref().unwrap_or("N/A"),
); );
match llm.chat(TRIAGE_SYSTEM_PROMPT, &user_prompt, Some(0.1)).await { match llm
.chat(TRIAGE_SYSTEM_PROMPT, &user_prompt, Some(0.1))
.await
{
Ok(response) => { Ok(response) => {
if let Ok(result) = serde_json::from_str::<TriageResult>(&response) { if let Ok(result) = serde_json::from_str::<TriageResult>(&response) {
finding.confidence = Some(result.confidence); finding.confidence = Some(result.confidence);
@@ -46,7 +49,10 @@ pub async fn triage_findings(llm: &Arc<LlmClient>, findings: &mut Vec<Finding>)
// If LLM response doesn't parse, keep the finding // If LLM response doesn't parse, keep the finding
finding.status = FindingStatus::Triaged; finding.status = FindingStatus::Triaged;
passed += 1; passed += 1;
tracing::warn!("Failed to parse triage response for {}: {response}", finding.fingerprint); tracing::warn!(
"Failed to parse triage response for {}: {response}",
finding.fingerprint
);
} }
} }
Err(e) => { Err(e) => {
@@ -66,6 +72,7 @@ pub async fn triage_findings(llm: &Arc<LlmClient>, findings: &mut Vec<Finding>)
#[derive(serde::Deserialize)] #[derive(serde::Deserialize)]
struct TriageResult { struct TriageResult {
#[serde(default)] #[serde(default)]
#[allow(dead_code)]
true_positive: bool, true_positive: bool,
#[serde(default)] #[serde(default)]
confidence: f64, confidence: f64,

6
compliance-agent/src/main.rs
View File

@@ -1,10 +1,10 @@
use tracing_subscriber::EnvFilter; use tracing_subscriber::EnvFilter;
mod agent; mod agent;
mod api;
mod config; mod config;
mod database; mod database;
mod error; mod error;
mod api;
mod llm; mod llm;
mod pipeline; mod pipeline;
mod scheduler; mod scheduler;
@@ -15,7 +15,9 @@ mod webhooks;
#[tokio::main] #[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> { async fn main() -> Result<(), Box<dyn std::error::Error>> {
tracing_subscriber::fmt() tracing_subscriber::fmt()
.with_env_filter(EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new("info"))) .with_env_filter(
EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new("info")),
)
.init(); .init();
dotenvy::dotenv().ok(); dotenvy::dotenv().ok();

54
compliance-agent/src/pipeline/cve.rs
View File

@@ -3,13 +3,22 @@ use compliance_core::CoreError;
pub struct CveScanner { pub struct CveScanner {
http: reqwest::Client, http: reqwest::Client,
#[allow(dead_code)]
searxng_url: Option<String>, searxng_url: Option<String>,
nvd_api_key: Option<String>, nvd_api_key: Option<String>,
} }
impl CveScanner { impl CveScanner {
pub fn new(http: reqwest::Client, searxng_url: Option<String>, nvd_api_key: Option<String>) -> Self { pub fn new(
Self { http, searxng_url, nvd_api_key } http: reqwest::Client,
searxng_url: Option<String>,
nvd_api_key: Option<String>,
) -> Self {
Self {
http,
searxng_url,
nvd_api_key,
}
} }
pub async fn scan_dependencies( pub async fn scan_dependencies(
@@ -87,9 +96,10 @@ impl CveScanner {
return Ok(Vec::new()); return Ok(Vec::new());
} }
let result: OsvBatchResponse = resp.json().await.map_err(|e| { let result: OsvBatchResponse = resp
CoreError::Http(format!("Failed to parse OSV.dev response: {e}")) .json()
})?; .await
.map_err(|e| CoreError::Http(format!("Failed to parse OSV.dev response: {e}")))?;
let vulns = result let vulns = result
.results .results
@@ -101,8 +111,9 @@ impl CveScanner {
.map(|v| OsvVuln { .map(|v| OsvVuln {
id: v.id, id: v.id,
summary: v.summary, summary: v.summary,
severity: v.database_specific severity: v.database_specific.and_then(|d| {
.and_then(|d| d.get("severity").and_then(|s| s.as_str()).map(String::from)), d.get("severity").and_then(|s| s.as_str()).map(String::from)
}),
}) })
.collect() .collect()
}) })
@@ -123,17 +134,19 @@ impl CveScanner {
req = req.header("apiKey", key.as_str()); req = req.header("apiKey", key.as_str());
} }
let resp = req.send().await.map_err(|e| { let resp = req
CoreError::Http(format!("NVD request failed: {e}")) .send()
})?; .await
.map_err(|e| CoreError::Http(format!("NVD request failed: {e}")))?;
if !resp.status().is_success() { if !resp.status().is_success() {
return Ok(None); return Ok(None);
} }
let body: serde_json::Value = resp.json().await.map_err(|e| { let body: serde_json::Value = resp
CoreError::Http(format!("Failed to parse NVD response: {e}")) .json()
})?; .await
.map_err(|e| CoreError::Http(format!("Failed to parse NVD response: {e}")))?;
// Extract CVSS v3.1 base score // Extract CVSS v3.1 base score
let score = body["vulnerabilities"] let score = body["vulnerabilities"]
@@ -146,15 +159,22 @@ impl CveScanner {
Ok(score) Ok(score)
} }
#[allow(dead_code)]
pub async fn search_context(&self, cve_id: &str) -> Result<Vec<String>, CoreError> { pub async fn search_context(&self, cve_id: &str) -> Result<Vec<String>, CoreError> {
let Some(searxng_url) = &self.searxng_url else { let Some(searxng_url) = &self.searxng_url else {
return Ok(Vec::new()); return Ok(Vec::new());
}; };
let url = format!("{}/search?q={cve_id}&format=json&engines=duckduckgo", searxng_url.trim_end_matches('/')); let url = format!(
let resp = self.http.get(&url).send().await.map_err(|e| { "{}/search?q={cve_id}&format=json&engines=duckduckgo",
CoreError::Http(format!("SearXNG request failed: {e}")) searxng_url.trim_end_matches('/')
})?; );
let resp = self
.http
.get(&url)
.send()
.await
.map_err(|e| CoreError::Http(format!("SearXNG request failed: {e}")))?;
if !resp.status().is_success() { if !resp.status().is_success() {
return Ok(Vec::new()); return Ok(Vec::new());

8
compliance-agent/src/pipeline/git.rs
View File

@@ -41,12 +41,7 @@ impl GitOps {
let head_ref = repo.head()?; let head_ref = repo.head()?;
let head_name = head_ref.name().unwrap_or("HEAD"); let head_name = head_ref.name().unwrap_or("HEAD");
repo.reference( repo.reference(head_name, fetch_commit.id(), true, "fast-forward")?;
head_name,
fetch_commit.id(),
true,
"fast-forward",
)?;
repo.checkout_head(Some(git2::build::CheckoutBuilder::default().force()))?; repo.checkout_head(Some(git2::build::CheckoutBuilder::default().force()))?;
tracing::info!("Fetched and fast-forwarded {}", repo_path.display()); tracing::info!("Fetched and fast-forwarded {}", repo_path.display());
@@ -68,6 +63,7 @@ impl GitOps {
} }
} }
#[allow(dead_code)]
pub fn get_changed_files( pub fn get_changed_files(
repo_path: &Path, repo_path: &Path,
old_sha: &str, old_sha: &str,

118
compliance-agent/src/pipeline/orchestrator.rs
View File

@@ -29,14 +29,15 @@ impl PipelineOrchestrator {
llm: Arc<LlmClient>, llm: Arc<LlmClient>,
http: reqwest::Client, http: reqwest::Client,
) -> Self { ) -> Self {
Self { config, db, llm, http } Self {
config,
db,
llm,
http,
}
} }
pub async fn run( pub async fn run(&self, repo_id: &str, trigger: ScanTrigger) -> Result<(), AgentError> {
&self,
repo_id: &str,
trigger: ScanTrigger,
) -> Result<(), AgentError> {
// Look up the repository // Look up the repository
let repo = self let repo = self
.db .db
@@ -48,7 +49,9 @@ impl PipelineOrchestrator {
// Create scan run // Create scan run
let scan_run = ScanRun::new(repo_id.to_string(), trigger); let scan_run = ScanRun::new(repo_id.to_string(), trigger);
let insert = self.db.scan_runs().insert_one(&scan_run).await?; let insert = self.db.scan_runs().insert_one(&scan_run).await?;
let scan_run_id = insert.inserted_id.as_object_id() let scan_run_id = insert
.inserted_id
.as_object_id()
.map(|id| id.to_hex()) .map(|id| id.to_hex())
.unwrap_or_default(); .unwrap_or_default();
@@ -57,29 +60,35 @@ impl PipelineOrchestrator {
// Update scan run status // Update scan run status
match &result { match &result {
Ok(count) => { Ok(count) => {
self.db.scan_runs().update_one( self.db
doc! { "_id": &insert.inserted_id }, .scan_runs()
doc! { .update_one(
"$set": { doc! { "_id": &insert.inserted_id },
"status": "completed", doc! {
"current_phase": "completed", "$set": {
"new_findings_count": *count as i64, "status": "completed",
"completed_at": mongodb::bson::DateTime::now(), "current_phase": "completed",
} "new_findings_count": *count as i64,
}, "completed_at": mongodb::bson::DateTime::now(),
).await?; }
},
)
.await?;
} }
Err(e) => { Err(e) => {
self.db.scan_runs().update_one( self.db
doc! { "_id": &insert.inserted_id }, .scan_runs()
doc! { .update_one(
"$set": { doc! { "_id": &insert.inserted_id },
"status": "failed", doc! {
"error_message": e.to_string(), "$set": {
"completed_at": mongodb::bson::DateTime::now(), "status": "failed",
} "error_message": e.to_string(),
}, "completed_at": mongodb::bson::DateTime::now(),
).await?; }
},
)
.await?;
} }
} }
@@ -91,9 +100,7 @@ impl PipelineOrchestrator {
repo: &TrackedRepository, repo: &TrackedRepository,
scan_run_id: &str, scan_run_id: &str,
) -> Result<u32, AgentError> { ) -> Result<u32, AgentError> {
let repo_id = repo.id.as_ref() let repo_id = repo.id.as_ref().map(|id| id.to_hex()).unwrap_or_default();
.map(|id| id.to_hex())
.unwrap_or_default();
// Stage 0: Change detection // Stage 0: Change detection
tracing::info!("[{repo_id}] Stage 0: Change detection"); tracing::info!("[{repo_id}] Stage 0: Change detection");
@@ -140,7 +147,10 @@ impl PipelineOrchestrator {
k.expose_secret().to_string() k.expose_secret().to_string()
}), }),
); );
let cve_alerts = match cve_scanner.scan_dependencies(&repo_id, &mut sbom_entries).await { let cve_alerts = match cve_scanner
.scan_dependencies(&repo_id, &mut sbom_entries)
.await
{
Ok(alerts) => alerts, Ok(alerts) => alerts,
Err(e) => { Err(e) => {
tracing::warn!("[{repo_id}] CVE scanning failed: {e}"); tracing::warn!("[{repo_id}] CVE scanning failed: {e}");
@@ -163,7 +173,10 @@ impl PipelineOrchestrator {
} }
// Stage 5: LLM Triage // Stage 5: LLM Triage
tracing::info!("[{repo_id}] Stage 5: LLM Triage ({} findings)", all_findings.len()); tracing::info!(
"[{repo_id}] Stage 5: LLM Triage ({} findings)",
all_findings.len()
);
self.update_phase(scan_run_id, "llm_triage").await; self.update_phase(scan_run_id, "llm_triage").await;
let triaged = crate::llm::triage::triage_findings(&self.llm, &mut all_findings).await; let triaged = crate::llm::triage::triage_findings(&self.llm, &mut all_findings).await;
tracing::info!("[{repo_id}] Triaged: {triaged} findings passed confidence threshold"); tracing::info!("[{repo_id}] Triaged: {triaged} findings passed confidence threshold");
@@ -223,16 +236,19 @@ impl PipelineOrchestrator {
// Issue creation is handled by the trackers module - deferred to agent // Issue creation is handled by the trackers module - deferred to agent
// Stage 7: Update repository // Stage 7: Update repository
self.db.repositories().update_one( self.db
doc! { "_id": repo.id }, .repositories()
doc! { .update_one(
"$set": { doc! { "_id": repo.id },
"last_scanned_commit": &current_sha, doc! {
"updated_at": mongodb::bson::DateTime::now(), "$set": {
"last_scanned_commit": &current_sha,
"updated_at": mongodb::bson::DateTime::now(),
},
"$inc": { "findings_count": new_count as i64 },
}, },
"$inc": { "findings_count": new_count as i64 }, )
}, .await?;
).await?;
tracing::info!("[{repo_id}] Scan complete: {new_count} new findings"); tracing::info!("[{repo_id}] Scan complete: {new_count} new findings");
Ok(new_count) Ok(new_count)
@@ -240,13 +256,17 @@ impl PipelineOrchestrator {
async fn update_phase(&self, scan_run_id: &str, phase: &str) { async fn update_phase(&self, scan_run_id: &str, phase: &str) {
if let Ok(oid) = mongodb::bson::oid::ObjectId::parse_str(scan_run_id) { if let Ok(oid) = mongodb::bson::oid::ObjectId::parse_str(scan_run_id) {
let _ = self.db.scan_runs().update_one( let _ = self
doc! { "_id": oid }, .db
doc! { .scan_runs()
"$set": { "current_phase": phase }, .update_one(
"$push": { "phases_completed": phase }, doc! { "_id": oid },
}, doc! {
).await; "$set": { "current_phase": phase },
"$push": { "phases_completed": phase },
},
)
.await;
} }
} }
} }

52
compliance-agent/src/pipeline/patterns.rs
View File

@@ -7,6 +7,15 @@ use regex::Regex;
use crate::pipeline::dedup; use crate::pipeline::dedup;
fn compile_regex(pattern: &str) -> Regex {
Regex::new(pattern).unwrap_or_else(|e| {
tracing::warn!("Invalid regex pattern '{pattern}': {e}, using empty fallback");
// SAFETY: "^$" is a known-valid regex that matches only empty strings
#[allow(clippy::unwrap_used)]
Regex::new("^$").unwrap()
})
}
pub struct GdprPatternScanner { pub struct GdprPatternScanner {
patterns: Vec<PatternRule>, patterns: Vec<PatternRule>,
} }
@@ -31,7 +40,7 @@ impl GdprPatternScanner {
id: "gdpr-pii-logging".to_string(), id: "gdpr-pii-logging".to_string(),
title: "PII data potentially logged".to_string(), title: "PII data potentially logged".to_string(),
description: "Logging statements that may contain personally identifiable information (email, SSN, phone, IP address).".to_string(), description: "Logging statements that may contain personally identifiable information (email, SSN, phone, IP address).".to_string(),
pattern: Regex::new(r#"(?i)(log|print|console\.|logger\.|tracing::)\s*[\.(].*\b(email|ssn|social.?security|phone.?number|ip.?addr|passport|date.?of.?birth|credit.?card)\b"#).unwrap_or_else(|_| Regex::new("^$").unwrap()), pattern: compile_regex(r#"(?i)(log|print|console\.|logger\.|tracing::)\s*[\.(].*\b(email|ssn|social.?security|phone.?number|ip.?addr|passport|date.?of.?birth|credit.?card)\b"#),
severity: Severity::High, severity: Severity::High,
file_extensions: vec!["rs", "py", "js", "ts", "java", "go", "rb"].into_iter().map(String::from).collect(), file_extensions: vec!["rs", "py", "js", "ts", "java", "go", "rb"].into_iter().map(String::from).collect(),
}, },
@@ -39,7 +48,7 @@ impl GdprPatternScanner {
id: "gdpr-no-consent".to_string(), id: "gdpr-no-consent".to_string(),
title: "Data collection without apparent consent mechanism".to_string(), title: "Data collection without apparent consent mechanism".to_string(),
description: "Data collection endpoint that doesn't reference consent or opt-in mechanisms.".to_string(), description: "Data collection endpoint that doesn't reference consent or opt-in mechanisms.".to_string(),
pattern: Regex::new(r#"(?i)(collect|store|save|persist|record).*\b(personal|user.?data|pii|biometric)\b"#).unwrap_or_else(|_| Regex::new("^$").unwrap()), pattern: compile_regex(r#"(?i)(collect|store|save|persist|record).*\b(personal|user.?data|pii|biometric)\b"#),
severity: Severity::Medium, severity: Severity::Medium,
file_extensions: vec!["rs", "py", "js", "ts", "java", "go"].into_iter().map(String::from).collect(), file_extensions: vec!["rs", "py", "js", "ts", "java", "go"].into_iter().map(String::from).collect(),
}, },
@@ -47,7 +56,7 @@ impl GdprPatternScanner {
id: "gdpr-no-delete-endpoint".to_string(), id: "gdpr-no-delete-endpoint".to_string(),
title: "Missing data deletion capability".to_string(), title: "Missing data deletion capability".to_string(),
description: "User data models or controllers without corresponding deletion endpoints (right to erasure).".to_string(), description: "User data models or controllers without corresponding deletion endpoints (right to erasure).".to_string(),
pattern: Regex::new(r#"(?i)(class|struct|model)\s+User(?!.*[Dd]elete)"#).unwrap_or_else(|_| Regex::new("^$").unwrap()), pattern: compile_regex(r#"(?i)(class|struct|model)\s+User"#),
severity: Severity::Medium, severity: Severity::Medium,
file_extensions: vec!["rs", "py", "js", "ts", "java", "go", "rb"].into_iter().map(String::from).collect(), file_extensions: vec!["rs", "py", "js", "ts", "java", "go", "rb"].into_iter().map(String::from).collect(),
}, },
@@ -55,7 +64,7 @@ impl GdprPatternScanner {
id: "gdpr-hardcoded-retention".to_string(), id: "gdpr-hardcoded-retention".to_string(),
title: "Hardcoded data retention period".to_string(), title: "Hardcoded data retention period".to_string(),
description: "Data retention periods should be configurable for GDPR compliance.".to_string(), description: "Data retention periods should be configurable for GDPR compliance.".to_string(),
pattern: Regex::new(r#"(?i)(retention|ttl|expire|keep.?for)\s*[=:]\s*\d+"#).unwrap_or_else(|_| Regex::new("^$").unwrap()), pattern: compile_regex(r#"(?i)(retention|ttl|expire|keep.?for)\s*[=:]\s*\d+"#),
severity: Severity::Low, severity: Severity::Low,
file_extensions: vec!["rs", "py", "js", "ts", "java", "go", "yaml", "yml", "toml", "json"].into_iter().map(String::from).collect(), file_extensions: vec!["rs", "py", "js", "ts", "java", "go", "yaml", "yml", "toml", "json"].into_iter().map(String::from).collect(),
}, },
@@ -74,7 +83,13 @@ impl Scanner for GdprPatternScanner {
} }
async fn scan(&self, repo_path: &Path, repo_id: &str) -> Result<ScanOutput, CoreError> { async fn scan(&self, repo_path: &Path, repo_id: &str) -> Result<ScanOutput, CoreError> {
let findings = scan_with_patterns(repo_path, repo_id, &self.patterns, ScanType::Gdpr, "gdpr-patterns")?; let findings = scan_with_patterns(
repo_path,
repo_id,
&self.patterns,
ScanType::Gdpr,
"gdpr-patterns",
)?;
Ok(ScanOutput { Ok(ScanOutput {
findings, findings,
sbom_entries: Vec::new(), sbom_entries: Vec::new(),
@@ -89,7 +104,7 @@ impl OAuthPatternScanner {
id: "oauth-implicit-grant".to_string(), id: "oauth-implicit-grant".to_string(),
title: "OAuth implicit grant flow detected".to_string(), title: "OAuth implicit grant flow detected".to_string(),
description: "Implicit grant flow is deprecated and insecure. Use authorization code flow with PKCE instead.".to_string(), description: "Implicit grant flow is deprecated and insecure. Use authorization code flow with PKCE instead.".to_string(),
pattern: Regex::new(r#"(?i)(response_type\s*[=:]\s*["']?token|grant_type\s*[=:]\s*["']?implicit)"#).unwrap_or_else(|_| Regex::new("^$").unwrap()), pattern: compile_regex(r#"(?i)(response_type\s*[=:]\s*["']?token|grant_type\s*[=:]\s*["']?implicit)"#),
severity: Severity::High, severity: Severity::High,
file_extensions: vec!["rs", "py", "js", "ts", "java", "go", "yaml", "yml", "json"].into_iter().map(String::from).collect(), file_extensions: vec!["rs", "py", "js", "ts", "java", "go", "yaml", "yml", "json"].into_iter().map(String::from).collect(),
}, },
@@ -97,7 +112,7 @@ impl OAuthPatternScanner {
id: "oauth-missing-pkce".to_string(), id: "oauth-missing-pkce".to_string(),
title: "OAuth flow without PKCE".to_string(), title: "OAuth flow without PKCE".to_string(),
description: "Authorization code flow should use PKCE (code_challenge/code_verifier) for public clients.".to_string(), description: "Authorization code flow should use PKCE (code_challenge/code_verifier) for public clients.".to_string(),
pattern: Regex::new(r#"(?i)authorization.?code(?!.*code.?challenge)(?!.*pkce)"#).unwrap_or_else(|_| Regex::new("^$").unwrap()), pattern: compile_regex(r#"(?i)authorization.?code"#),
severity: Severity::Medium, severity: Severity::Medium,
file_extensions: vec!["rs", "py", "js", "ts", "java", "go"].into_iter().map(String::from).collect(), file_extensions: vec!["rs", "py", "js", "ts", "java", "go"].into_iter().map(String::from).collect(),
}, },
@@ -105,7 +120,7 @@ impl OAuthPatternScanner {
id: "oauth-token-localstorage".to_string(), id: "oauth-token-localstorage".to_string(),
title: "Token stored in localStorage".to_string(), title: "Token stored in localStorage".to_string(),
description: "Storing tokens in localStorage is vulnerable to XSS. Use httpOnly cookies or secure session storage.".to_string(), description: "Storing tokens in localStorage is vulnerable to XSS. Use httpOnly cookies or secure session storage.".to_string(),
pattern: Regex::new(r#"(?i)localStorage\.(set|get)Item\s*\(\s*["'].*token"#).unwrap_or_else(|_| Regex::new("^$").unwrap()), pattern: compile_regex(r#"(?i)localStorage\.(set|get)Item\s*\(\s*["'].*token"#),
severity: Severity::High, severity: Severity::High,
file_extensions: vec!["js", "ts", "jsx", "tsx"].into_iter().map(String::from).collect(), file_extensions: vec!["js", "ts", "jsx", "tsx"].into_iter().map(String::from).collect(),
}, },
@@ -113,7 +128,7 @@ impl OAuthPatternScanner {
id: "oauth-token-url".to_string(), id: "oauth-token-url".to_string(),
title: "Token passed in URL parameters".to_string(), title: "Token passed in URL parameters".to_string(),
description: "Tokens in URLs can leak via referrer headers, server logs, and browser history.".to_string(), description: "Tokens in URLs can leak via referrer headers, server logs, and browser history.".to_string(),
pattern: Regex::new(r#"(?i)(access_token|bearer)\s*[=]\s*.*\b(url|query|param|href)\b"#).unwrap_or_else(|_| Regex::new("^$").unwrap()), pattern: compile_regex(r#"(?i)(access_token|bearer)\s*[=]\s*.*\b(url|query|param|href)\b"#),
severity: Severity::High, severity: Severity::High,
file_extensions: vec!["rs", "py", "js", "ts", "java", "go"].into_iter().map(String::from).collect(), file_extensions: vec!["rs", "py", "js", "ts", "java", "go"].into_iter().map(String::from).collect(),
}, },
@@ -132,7 +147,13 @@ impl Scanner for OAuthPatternScanner {
} }
async fn scan(&self, repo_path: &Path, repo_id: &str) -> Result<ScanOutput, CoreError> { async fn scan(&self, repo_path: &Path, repo_id: &str) -> Result<ScanOutput, CoreError> {
let findings = scan_with_patterns(repo_path, repo_id, &self.patterns, ScanType::OAuth, "oauth-patterns")?; let findings = scan_with_patterns(
repo_path,
repo_id,
&self.patterns,
ScanType::OAuth,
"oauth-patterns",
)?;
Ok(ScanOutput { Ok(ScanOutput {
findings, findings,
sbom_entries: Vec::new(), sbom_entries: Vec::new(),
@@ -211,7 +232,16 @@ fn scan_with_patterns(
fn walkdir(path: &Path) -> Result<Vec<walkdir::DirEntry>, CoreError> { fn walkdir(path: &Path) -> Result<Vec<walkdir::DirEntry>, CoreError> {
// Simple recursive file walk, skipping hidden dirs and common non-source dirs // Simple recursive file walk, skipping hidden dirs and common non-source dirs
let skip_dirs = [".git", "node_modules", "target", "vendor", ".venv", "__pycache__", "dist", "build"]; let skip_dirs = [
".git",
"node_modules",
"target",
"vendor",
".venv",
"__pycache__",
"dist",
"build",
];
let entries: Vec<_> = walkdir::WalkDir::new(path) let entries: Vec<_> = walkdir::WalkDir::new(path)
.into_iter() .into_iter()

12
compliance-agent/src/pipeline/sbom.rs
View File

@@ -72,7 +72,9 @@ async fn run_syft(repo_path: &Path, repo_id: &str) -> Result<Vec<SbomEntry>, Cor
entry.license = c.licenses.and_then(|ls| { entry.license = c.licenses.and_then(|ls| {
ls.first().and_then(|l| { ls.first().and_then(|l| {
l.license.as_ref().map(|lic| { l.license.as_ref().map(|lic| {
lic.id.clone().unwrap_or_else(|| lic.name.clone().unwrap_or_default()) lic.id
.clone()
.unwrap_or_else(|| lic.name.clone().unwrap_or_default())
}) })
}) })
}); });
@@ -99,8 +101,10 @@ async fn run_cargo_audit(repo_path: &Path, _repo_id: &str) -> Result<Vec<AuditVu
source: Box::new(e), source: Box::new(e),
})?; })?;
let result: CargoAuditOutput = serde_json::from_slice(&output.stdout) let result: CargoAuditOutput =
.unwrap_or_else(|_| CargoAuditOutput { vulnerabilities: CargoAuditVulns { list: Vec::new() } }); serde_json::from_slice(&output.stdout).unwrap_or_else(|_| CargoAuditOutput {
vulnerabilities: CargoAuditVulns { list: Vec::new() },
});
let vulns = result let vulns = result
.vulnerabilities .vulnerabilities
@@ -116,7 +120,7 @@ async fn run_cargo_audit(repo_path: &Path, _repo_id: &str) -> Result<Vec<AuditVu
Ok(vulns) Ok(vulns)
} }
fn merge_audit_vulns(entries: &mut Vec<SbomEntry>, vulns: Vec<AuditVuln>) { fn merge_audit_vulns(entries: &mut [SbomEntry], vulns: Vec<AuditVuln>) {
for vuln in vulns { for vuln in vulns {
if let Some(entry) = entries.iter_mut().find(|e| e.name == vuln.package) { if let Some(entry) = entries.iter_mut().find(|e| e.name == vuln.package) {
entry.known_vulnerabilities.push(VulnRef { entry.known_vulnerabilities.push(VulnRef {

9
compliance-agent/src/pipeline/semgrep.rs
View File

@@ -66,11 +66,10 @@ impl Scanner for SemgrepScanner {
finding.file_path = Some(r.path); finding.file_path = Some(r.path);
finding.line_number = Some(r.start.line); finding.line_number = Some(r.start.line);
finding.code_snippet = Some(r.extra.lines); finding.code_snippet = Some(r.extra.lines);
finding.cwe = r.extra.metadata.and_then(|m| { finding.cwe = r
m.get("cwe") .extra
.and_then(|v| v.as_str()) .metadata
.map(|s| s.to_string()) .and_then(|m| m.get("cwe").and_then(|v| v.as_str()).map(|s| s.to_string()));
});
finding finding
}) })
.collect(); .collect();

22
compliance-agent/src/scheduler.rs
View File

@@ -22,7 +22,9 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError>
}) })
}) })
.map_err(|e| AgentError::Scheduler(format!("Failed to create scan job: {e}")))?; .map_err(|e| AgentError::Scheduler(format!("Failed to create scan job: {e}")))?;
sched.add(scan_job).await sched
.add(scan_job)
.await
.map_err(|e| AgentError::Scheduler(format!("Failed to add scan job: {e}")))?; .map_err(|e| AgentError::Scheduler(format!("Failed to add scan job: {e}")))?;
// CVE monitor job (daily) // CVE monitor job (daily)
@@ -36,10 +38,14 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError>
}) })
}) })
.map_err(|e| AgentError::Scheduler(format!("Failed to create CVE monitor job: {e}")))?; .map_err(|e| AgentError::Scheduler(format!("Failed to create CVE monitor job: {e}")))?;
sched.add(cve_job).await sched
.add(cve_job)
.await
.map_err(|e| AgentError::Scheduler(format!("Failed to add CVE monitor job: {e}")))?; .map_err(|e| AgentError::Scheduler(format!("Failed to add CVE monitor job: {e}")))?;
sched.start().await sched
.start()
.await
.map_err(|e| AgentError::Scheduler(format!("Failed to start scheduler: {e}")))?; .map_err(|e| AgentError::Scheduler(format!("Failed to start scheduler: {e}")))?;
tracing::info!( tracing::info!(
@@ -65,10 +71,7 @@ async fn scan_all_repos(agent: &ComplianceAgent) {
} }
}; };
let repos: Vec<_> = cursor let repos: Vec<_> = cursor.filter_map(|r| async { r.ok() }).collect().await;
.filter_map(|r| async { r.ok() })
.collect()
.await;
for repo in repos { for repo in repos {
let repo_id = repo.id.map(|id| id.to_hex()).unwrap_or_default(); let repo_id = repo.id.map(|id| id.to_hex()).unwrap_or_default();
@@ -90,10 +93,7 @@ async fn monitor_cves(agent: &ComplianceAgent) {
} }
}; };
let entries: Vec<_> = cursor let entries: Vec<_> = cursor.filter_map(|r| async { r.ok() }).collect().await;
.filter_map(|r| async { r.ok() })
.collect()
.await;
if entries.is_empty() { if entries.is_empty() {
return; return;

10
compliance-agent/src/trackers/github.rs
View File

@@ -69,8 +69,9 @@ impl IssueTracker for GitHubTracker {
// Use the REST API directly for state update // Use the REST API directly for state update
let route = format!("/repos/{owner}/{repo}/issues/{issue_number}"); let route = format!("/repos/{owner}/{repo}/issues/{issue_number}");
let body = serde_json::json!({ "state": state_str }); let body = serde_json::json!({ "state": state_str });
self.client let _: serde_json::Value = self
.post::<serde_json::Value, _>(route, Some(&body)) .client
.post(route, Some(&body))
.await .await
.map_err(|e| CoreError::IssueTracker(format!("GitHub update issue failed: {e}")))?; .map_err(|e| CoreError::IssueTracker(format!("GitHub update issue failed: {e}")))?;
@@ -123,8 +124,9 @@ impl IssueTracker for GitHubTracker {
}); });
let route = format!("/repos/{owner}/{repo}/pulls/{pr_number}/reviews"); let route = format!("/repos/{owner}/{repo}/pulls/{pr_number}/reviews");
self.client let _: serde_json::Value = self
.post::<serde_json::Value, ()>(route, Some(&review_body)) .client
.post(route, Some(&review_body))
.await .await
.map_err(|e| CoreError::IssueTracker(format!("GitHub PR review failed: {e}")))?; .map_err(|e| CoreError::IssueTracker(format!("GitHub PR review failed: {e}")))?;

17
compliance-agent/src/trackers/gitlab.rs
View File

@@ -63,11 +63,14 @@ impl IssueTracker for GitLabTracker {
if !resp.status().is_success() { if !resp.status().is_success() {
let status = resp.status(); let status = resp.status();
let body = resp.text().await.unwrap_or_default(); let body = resp.text().await.unwrap_or_default();
return Err(CoreError::IssueTracker(format!("GitLab returned {status}: {body}"))); return Err(CoreError::IssueTracker(format!(
"GitLab returned {status}: {body}"
)));
} }
let issue: serde_json::Value = resp.json().await let issue: serde_json::Value = resp.json().await.map_err(|e| {
.map_err(|e| CoreError::IssueTracker(format!("Failed to parse GitLab response: {e}")))?; CoreError::IssueTracker(format!("Failed to parse GitLab response: {e}"))
})?;
Ok(TrackerIssue::new( Ok(TrackerIssue::new(
String::new(), String::new(),
@@ -136,7 +139,9 @@ impl IssueTracker for GitLabTracker {
let project = Self::project_path(owner, repo); let project = Self::project_path(owner, repo);
// Post overall review as MR note // Post overall review as MR note
let note_url = self.api_url(&format!("/projects/{project}/merge_requests/{pr_number}/notes")); let note_url = self.api_url(&format!(
"/projects/{project}/merge_requests/{pr_number}/notes"
));
self.http self.http
.post(&note_url) .post(&note_url)
.header("PRIVATE-TOKEN", self.token.expose_secret()) .header("PRIVATE-TOKEN", self.token.expose_secret())
@@ -147,7 +152,9 @@ impl IssueTracker for GitLabTracker {
// Post individual line comments as MR discussions // Post individual line comments as MR discussions
for comment in comments { for comment in comments {
let disc_url = self.api_url(&format!("/projects/{project}/merge_requests/{pr_number}/discussions")); let disc_url = self.api_url(&format!(
"/projects/{project}/merge_requests/{pr_number}/discussions"
));
let payload = serde_json::json!({ let payload = serde_json::json!({
"body": comment.body, "body": comment.body,
"position": { "position": {

47
compliance-agent/src/trackers/jira.rs
View File

@@ -12,7 +12,12 @@ pub struct JiraTracker {
} }
impl JiraTracker { impl JiraTracker {
pub fn new(base_url: String, email: String, api_token: SecretString, project_key: String) -> Self { pub fn new(
base_url: String,
email: String,
api_token: SecretString,
project_key: String,
) -> Self {
Self { Self {
base_url: base_url.trim_end_matches('/').to_string(), base_url: base_url.trim_end_matches('/').to_string(),
email, email,
@@ -25,7 +30,10 @@ impl JiraTracker {
fn auth_header(&self) -> String { fn auth_header(&self) -> String {
use base64::Engine; use base64::Engine;
let credentials = format!("{}:{}", self.email, self.api_token.expose_secret()); let credentials = format!("{}:{}", self.email, self.api_token.expose_secret());
format!("Basic {}", base64::engine::general_purpose::STANDARD.encode(credentials)) format!(
"Basic {}",
base64::engine::general_purpose::STANDARD.encode(credentials)
)
} }
} }
@@ -65,7 +73,10 @@ impl IssueTracker for JiraTracker {
if !labels.is_empty() { if !labels.is_empty() {
payload["fields"]["labels"] = serde_json::Value::Array( payload["fields"]["labels"] = serde_json::Value::Array(
labels.iter().map(|l| serde_json::Value::String(l.clone())).collect(), labels
.iter()
.map(|l| serde_json::Value::String(l.clone()))
.collect(),
); );
} }
@@ -82,10 +93,14 @@ impl IssueTracker for JiraTracker {
if !resp.status().is_success() { if !resp.status().is_success() {
let status = resp.status(); let status = resp.status();
let body = resp.text().await.unwrap_or_default(); let body = resp.text().await.unwrap_or_default();
return Err(CoreError::IssueTracker(format!("Jira returned {status}: {body}"))); return Err(CoreError::IssueTracker(format!(
"Jira returned {status}: {body}"
)));
} }
let issue: serde_json::Value = resp.json().await let issue: serde_json::Value = resp
.json()
.await
.map_err(|e| CoreError::IssueTracker(format!("Failed to parse Jira response: {e}")))?; .map_err(|e| CoreError::IssueTracker(format!("Failed to parse Jira response: {e}")))?;
let key = issue["key"].as_str().unwrap_or("").to_string(); let key = issue["key"].as_str().unwrap_or("").to_string();
@@ -108,7 +123,10 @@ impl IssueTracker for JiraTracker {
status: &str, status: &str,
) -> Result<(), CoreError> { ) -> Result<(), CoreError> {
// Get available transitions // Get available transitions
let url = format!("{}/rest/api/3/issue/{external_id}/transitions", self.base_url); let url = format!(
"{}/rest/api/3/issue/{external_id}/transitions",
self.base_url
);
let resp = self let resp = self
.http .http
.get(&url) .get(&url)
@@ -129,11 +147,17 @@ impl IssueTracker for JiraTracker {
}; };
if let Some(transition) = transitions.iter().find(|t| { if let Some(transition) = transitions.iter().find(|t| {
t["name"].as_str().map(|n| n.eq_ignore_ascii_case(target)).unwrap_or(false) t["name"]
.as_str()
.map(|n| n.eq_ignore_ascii_case(target))
.unwrap_or(false)
}) { }) {
let transition_id = transition["id"].as_str().unwrap_or(""); let transition_id = transition["id"].as_str().unwrap_or_default();
self.http self.http
.post(&format!("{}/rest/api/3/issue/{external_id}/transitions", self.base_url)) .post(format!(
"{}/rest/api/3/issue/{external_id}/transitions",
self.base_url
))
.header("Authorization", self.auth_header()) .header("Authorization", self.auth_header())
.json(&serde_json::json!({ "transition": { "id": transition_id } })) .json(&serde_json::json!({ "transition": { "id": transition_id } }))
.send() .send()
@@ -216,7 +240,10 @@ impl IssueTracker for JiraTracker {
if let Some(issue) = body["issues"].as_array().and_then(|arr| arr.first()) { if let Some(issue) = body["issues"].as_array().and_then(|arr| arr.first()) {
let key = issue["key"].as_str().unwrap_or("").to_string(); let key = issue["key"].as_str().unwrap_or("").to_string();
let url = format!("{}/browse/{}", self.base_url, key); let url = format!("{}/browse/{}", self.base_url, key);
let title = issue["fields"]["summary"].as_str().unwrap_or("").to_string(); let title = issue["fields"]["summary"]
.as_str()
.unwrap_or("")
.to_string();
Ok(Some(TrackerIssue::new( Ok(Some(TrackerIssue::new(
String::new(), String::new(),
TrackerType::Jira, TrackerType::Jira,

4
compliance-agent/src/webhooks/github.rs
View File

@@ -98,9 +98,7 @@ async fn handle_pull_request(
return StatusCode::OK; return StatusCode::OK;
} }
let repo_url = payload["repository"]["clone_url"] let repo_url = payload["repository"]["clone_url"].as_str().unwrap_or("");
.as_str()
.unwrap_or("");
let pr_number = payload["pull_request"]["number"].as_u64().unwrap_or(0); let pr_number = payload["pull_request"]["number"].as_u64().unwrap_or(0);
if repo_url.is_empty() || pr_number == 0 { if repo_url.is_empty() || pr_number == 0 {

4
compliance-agent/src/webhooks/gitlab.rs
View File

@@ -83,7 +83,9 @@ async fn handle_merge_request(
_agent: Arc<ComplianceAgent>, _agent: Arc<ComplianceAgent>,
payload: &serde_json::Value, payload: &serde_json::Value,
) -> StatusCode { ) -> StatusCode {
let action = payload["object_attributes"]["action"].as_str().unwrap_or(""); let action = payload["object_attributes"]["action"]
.as_str()
.unwrap_or("");
if action != "open" && action != "update" { if action != "open" && action != "update" {
return StatusCode::OK; return StatusCode::OK;
} }

8
compliance-core/src/models/cve.rs
View File

@@ -27,7 +27,13 @@ pub struct CveAlert {
} }
impl CveAlert { impl CveAlert {
pub fn new(cve_id: String, repo_id: String, affected_package: String, affected_version: String, source: CveSource) -> Self { pub fn new(
cve_id: String,
repo_id: String,
affected_package: String,
affected_version: String,
source: CveSource,
) -> Self {
Self { Self {
id: None, id: None,
cve_id, cve_id,

1
compliance-dashboard/src/app.rs
View File

@@ -5,6 +5,7 @@ use crate::pages::*;
#[derive(Debug, Clone, Routable, PartialEq)] #[derive(Debug, Clone, Routable, PartialEq)]
#[rustfmt::skip] #[rustfmt::skip]
#[allow(clippy::enum_variant_names)]
pub enum Route { pub enum Route {
#[layout(AppShell)] #[layout(AppShell)]
#[route("/")] #[route("/")]

6
compliance-dashboard/src/components/stat_card.rs
View File

@@ -1,11 +1,7 @@
use dioxus::prelude::*; use dioxus::prelude::*;
#[component] #[component]
pub fn StatCard( pub fn StatCard(label: String, value: String, #[props(default)] color: String) -> Element {
label: String,
value: String,
#[props(default)] color: String,
) -> Element {
let value_style = if color.is_empty() { let value_style = if color.is_empty() {
String::new() String::new()
} else { } else {

23
compliance-dashboard/src/infrastructure/findings.rs
View File

@@ -21,7 +21,10 @@ pub async fn fetch_findings(
let state: super::server_state::ServerState = let state: super::server_state::ServerState =
dioxus_fullstack::FullstackContext::extract().await?; dioxus_fullstack::FullstackContext::extract().await?;
let mut url = format!("{}/api/v1/findings?page={page}&limit=20", state.agent_api_url); let mut url = format!(
"{}/api/v1/findings?page={page}&limit=20",
state.agent_api_url
);
if !severity.is_empty() { if !severity.is_empty() {
url.push_str(&format!("&severity={severity}")); url.push_str(&format!("&severity={severity}"));
} }
@@ -35,8 +38,13 @@ pub async fn fetch_findings(
url.push_str(&format!("&repo_id={repo_id}")); url.push_str(&format!("&repo_id={repo_id}"));
} }
let resp = reqwest::get(&url).await.map_err(|e| ServerFnError::new(e.to_string()))?; let resp = reqwest::get(&url)
let body: FindingsListResponse = resp.json().await.map_err(|e| ServerFnError::new(e.to_string()))?; .await
.map_err(|e| ServerFnError::new(e.to_string()))?;
let body: FindingsListResponse = resp
.json()
.await
.map_err(|e| ServerFnError::new(e.to_string()))?;
Ok(body) Ok(body)
} }
@@ -46,8 +54,13 @@ pub async fn fetch_finding_detail(id: String) -> Result<Finding, ServerFnError>
dioxus_fullstack::FullstackContext::extract().await?; dioxus_fullstack::FullstackContext::extract().await?;
let url = format!("{}/api/v1/findings/{id}", state.agent_api_url); let url = format!("{}/api/v1/findings/{id}", state.agent_api_url);
let resp = reqwest::get(&url).await.map_err(|e| ServerFnError::new(e.to_string()))?; let resp = reqwest::get(&url)
let body: serde_json::Value = resp.json().await.map_err(|e| ServerFnError::new(e.to_string()))?; .await
.map_err(|e| ServerFnError::new(e.to_string()))?;
let body: serde_json::Value = resp
.json()
.await
.map_err(|e| ServerFnError::new(e.to_string()))?;
let finding: Finding = serde_json::from_value(body["data"].clone()) let finding: Finding = serde_json::from_value(body["data"].clone())
.map_err(|e| ServerFnError::new(e.to_string()))?; .map_err(|e| ServerFnError::new(e.to_string()))?;
Ok(finding) Ok(finding)

9
compliance-dashboard/src/infrastructure/issues.rs
View File

@@ -16,7 +16,12 @@ pub async fn fetch_issues(page: u64) -> Result<IssuesListResponse, ServerFnError
dioxus_fullstack::FullstackContext::extract().await?; dioxus_fullstack::FullstackContext::extract().await?;
let url = format!("{}/api/v1/issues?page={page}&limit=20", state.agent_api_url); let url = format!("{}/api/v1/issues?page={page}&limit=20", state.agent_api_url);
let resp = reqwest::get(&url).await.map_err(|e| ServerFnError::new(e.to_string()))?; let resp = reqwest::get(&url)
let body: IssuesListResponse = resp.json().await.map_err(|e| ServerFnError::new(e.to_string()))?; .await
.map_err(|e| ServerFnError::new(e.to_string()))?;
let body: IssuesListResponse = resp
.json()
.await
.map_err(|e| ServerFnError::new(e.to_string()))?;
Ok(body) Ok(body)
} }

24
compliance-dashboard/src/infrastructure/repositories.rs
View File

@@ -14,15 +14,27 @@ pub struct RepositoryListResponse {
pub async fn fetch_repositories(page: u64) -> Result<RepositoryListResponse, ServerFnError> { pub async fn fetch_repositories(page: u64) -> Result<RepositoryListResponse, ServerFnError> {
let state: super::server_state::ServerState = let state: super::server_state::ServerState =
dioxus_fullstack::FullstackContext::extract().await?; dioxus_fullstack::FullstackContext::extract().await?;
let url = format!("{}/api/v1/repositories?page={page}&limit=20", state.agent_api_url); let url = format!(
"{}/api/v1/repositories?page={page}&limit=20",
state.agent_api_url
);
let resp = reqwest::get(&url).await.map_err(|e| ServerFnError::new(e.to_string()))?; let resp = reqwest::get(&url)
let body: RepositoryListResponse = resp.json().await.map_err(|e| ServerFnError::new(e.to_string()))?; .await
.map_err(|e| ServerFnError::new(e.to_string()))?;
let body: RepositoryListResponse = resp
.json()
.await
.map_err(|e| ServerFnError::new(e.to_string()))?;
Ok(body) Ok(body)
} }
#[server] #[server]
pub async fn add_repository(name: String, git_url: String, default_branch: String) -> Result<(), ServerFnError> { pub async fn add_repository(
name: String,
git_url: String,
default_branch: String,
) -> Result<(), ServerFnError> {
let state: super::server_state::ServerState = let state: super::server_state::ServerState =
dioxus_fullstack::FullstackContext::extract().await?; dioxus_fullstack::FullstackContext::extract().await?;
let url = format!("{}/api/v1/repositories", state.agent_api_url); let url = format!("{}/api/v1/repositories", state.agent_api_url);
@@ -41,7 +53,9 @@ pub async fn add_repository(name: String, git_url: String, default_branch: Strin
if !resp.status().is_success() { if !resp.status().is_success() {
let body = resp.text().await.unwrap_or_default(); let body = resp.text().await.unwrap_or_default();
return Err(ServerFnError::new(format!("Failed to add repository: {body}"))); return Err(ServerFnError::new(format!(
"Failed to add repository: {body}"
)));
} }
Ok(()) Ok(())

9
compliance-dashboard/src/infrastructure/sbom.rs
View File

@@ -16,7 +16,12 @@ pub async fn fetch_sbom(page: u64) -> Result<SbomListResponse, ServerFnError> {
dioxus_fullstack::FullstackContext::extract().await?; dioxus_fullstack::FullstackContext::extract().await?;
let url = format!("{}/api/v1/sbom?page={page}&limit=50", state.agent_api_url); let url = format!("{}/api/v1/sbom?page={page}&limit=50", state.agent_api_url);
let resp = reqwest::get(&url).await.map_err(|e| ServerFnError::new(e.to_string()))?; let resp = reqwest::get(&url)
let body: SbomListResponse = resp.json().await.map_err(|e| ServerFnError::new(e.to_string()))?; .await
.map_err(|e| ServerFnError::new(e.to_string()))?;
let body: SbomListResponse = resp
.json()
.await
.map_err(|e| ServerFnError::new(e.to_string()))?;
Ok(body) Ok(body)
} }

14
compliance-dashboard/src/infrastructure/scans.rs
View File

@@ -14,9 +14,17 @@ pub struct ScansListResponse {
pub async fn fetch_scan_runs(page: u64) -> Result<ScansListResponse, ServerFnError> { pub async fn fetch_scan_runs(page: u64) -> Result<ScansListResponse, ServerFnError> {
let state: super::server_state::ServerState = let state: super::server_state::ServerState =
dioxus_fullstack::FullstackContext::extract().await?; dioxus_fullstack::FullstackContext::extract().await?;
let url = format!("{}/api/v1/scan-runs?page={page}&limit=20", state.agent_api_url); let url = format!(
"{}/api/v1/scan-runs?page={page}&limit=20",
state.agent_api_url
);
let resp = reqwest::get(&url).await.map_err(|e| ServerFnError::new(e.to_string()))?; let resp = reqwest::get(&url)
let body: ScansListResponse = resp.json().await.map_err(|e| ServerFnError::new(e.to_string()))?; .await
.map_err(|e| ServerFnError::new(e.to_string()))?;
let body: ScansListResponse = resp
.json()
.await
.map_err(|e| ServerFnError::new(e.to_string()))?;
Ok(body) Ok(body)
} }

9
compliance-dashboard/src/infrastructure/stats.rs
View File

@@ -20,8 +20,13 @@ pub async fn fetch_overview_stats() -> Result<OverviewStats, ServerFnError> {
dioxus_fullstack::FullstackContext::extract().await?; dioxus_fullstack::FullstackContext::extract().await?;
let url = format!("{}/api/v1/stats/overview", state.agent_api_url); let url = format!("{}/api/v1/stats/overview", state.agent_api_url);
let resp = reqwest::get(&url).await.map_err(|e| ServerFnError::new(e.to_string()))?; let resp = reqwest::get(&url)
let body: serde_json::Value = resp.json().await.map_err(|e| ServerFnError::new(e.to_string()))?; .await
.map_err(|e| ServerFnError::new(e.to_string()))?;
let body: serde_json::Value = resp
.json()
.await
.map_err(|e| ServerFnError::new(e.to_string()))?;
let stats: OverviewStats = serde_json::from_value(body["data"].clone()).unwrap_or_default(); let stats: OverviewStats = serde_json::from_value(body["data"].clone()).unwrap_or_default();
Ok(stats) Ok(stats)
} }

6
compliance-dashboard/src/pages/finding_detail.rs
View File

@@ -11,7 +11,9 @@ pub fn FindingDetailPage(id: String) -> Element {
let finding = use_resource(move || { let finding = use_resource(move || {
let fid = finding_id.clone(); let fid = finding_id.clone();
async move { async move {
crate::infrastructure::findings::fetch_finding_detail(fid).await.ok() crate::infrastructure::findings::fetch_finding_detail(fid)
.await
.ok()
} }
}); });
@@ -106,7 +108,7 @@ pub fn FindingDetailPage(id: String) -> Element {
} }
} }
} }
}, }
Some(None) => rsx! { Some(None) => rsx! {
div { class: "card", p { "Finding not found." } } div { class: "card", p { "Finding not found." } }
}, },

6
compliance-dashboard/src/pages/findings.rs
View File

@@ -18,7 +18,9 @@ pub fn FindingsPage() -> Element {
let typ = type_filter(); let typ = type_filter();
let stat = status_filter(); let stat = status_filter();
async move { async move {
crate::infrastructure::findings::fetch_findings(p, sev, typ, stat, String::new()).await.ok() crate::infrastructure::findings::fetch_findings(p, sev, typ, stat, String::new())
.await
.ok()
} }
}); });
@@ -84,7 +86,7 @@ pub fn FindingsPage() -> Element {
td { SeverityBadge { severity: finding.severity.to_string() } } td { SeverityBadge { severity: finding.severity.to_string() } }
td { td {
Link { Link {
to: Route::FindingDetailPage { id: id }, to: Route::FindingDetailPage { id },
style: "color: var(--accent); text-decoration: none;", style: "color: var(--accent); text-decoration: none;",
"{finding.title}" "{finding.title}"
} }

4
compliance-dashboard/src/pages/issues.rs
View File

@@ -9,9 +9,7 @@ pub fn IssuesPage() -> Element {
let issues = use_resource(move || { let issues = use_resource(move || {
let p = page(); let p = page();
async move { async move { crate::infrastructure::issues::fetch_issues(p).await.ok() }
crate::infrastructure::issues::fetch_issues(p).await.ok()
}
}); });
rsx! { rsx! {

10
compliance-dashboard/src/pages/overview.rs
View File

@@ -15,7 +15,9 @@ pub fn OverviewPage() -> Element {
} }
#[cfg(not(feature = "server"))] #[cfg(not(feature = "server"))]
{ {
crate::infrastructure::stats::fetch_overview_stats().await.ok() crate::infrastructure::stats::fetch_overview_stats()
.await
.ok()
} }
}); });
@@ -82,7 +84,11 @@ pub fn OverviewPage() -> Element {
#[component] #[component]
fn SeverityBar(label: String, count: u64, max: u64, color: String) -> Element { fn SeverityBar(label: String, count: u64, max: u64, color: String) -> Element {
let height_pct = if max > 0 { (count as f64 / max as f64) * 100.0 } else { 0.0 }; let height_pct = if max > 0 {
(count as f64 / max as f64) * 100.0
} else {
0.0
};
let height = format!("{}%", height_pct.max(2.0)); let height = format!("{}%", height_pct.max(2.0));
rsx! { rsx! {

4
compliance-dashboard/src/pages/repositories.rs
View File

@@ -14,7 +14,9 @@ pub fn RepositoriesPage() -> Element {
let repos = use_resource(move || { let repos = use_resource(move || {
let p = page(); let p = page();
async move { async move {
crate::infrastructure::repositories::fetch_repositories(p).await.ok() crate::infrastructure::repositories::fetch_repositories(p)
.await
.ok()
} }
}); });

4
compliance-dashboard/src/pages/sbom.rs
View File

@@ -9,9 +9,7 @@ pub fn SbomPage() -> Element {
let sbom = use_resource(move || { let sbom = use_resource(move || {
let p = page(); let p = page();
async move { async move { crate::infrastructure::sbom::fetch_sbom(p).await.ok() }
crate::infrastructure::sbom::fetch_sbom(p).await.ok()
}
}); });
rsx! { rsx! {