sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

feat: AI-driven automated penetration testing (#12)
Some checks failed
CI / Clippy (push) Failing after 1m51s
Details
CI / Security Audit (push) Successful in 2m1s
Details
CI / Tests (push) Has been skipped
Details
CI / Detect Changes (push) Has been skipped
Details
CI / Deploy Agent (push) Has been skipped
Details
CI / Deploy Dashboard (push) Has been skipped
Details
CI / Deploy Docs (push) Has been skipped
Details
CI / Format (push) Failing after 42s
Details
CI / Deploy MCP (push) Has been skipped
Details

Browse Source
This commit was merged in pull request #12.
This commit is contained in:
Sharang Parnerkar
2026-03-12 14:42:54 +00:00
parent 3ec1456b0d
commit acc5b86aa4
52 changed files with 11729 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
compliance-core/src/traits/mod.rs
View File

@@ -1,9 +1,11 @@
pub mod dast_agent;
pub mod graph_builder;
pub mod issue_tracker;
pub mod pentest_tool;
pub mod scanner;
pub use dast_agent::{DastAgent, DastContext, DiscoveredEndpoint, EndpointParameter};
pub use graph_builder::{LanguageParser, ParseOutput};
pub use issue_tracker::IssueTracker;
pub use pentest_tool::{PentestTool, PentestToolContext, PentestToolResult};
pub use scanner::{ScanOutput, Scanner};

63
compliance-core/src/traits/pentest_tool.rs Normal file
View File

@@ -0,0 +1,63 @@
use std::future::Future;
use std::pin::Pin;
use crate::error::CoreError;
use crate::models::dast::{DastFinding, DastTarget};
use crate::models::finding::Finding;
use crate::models::pentest::CodeContextHint;
use crate::models::sbom::SbomEntry;
/// Context passed to pentest tools during execution.
///
/// The HTTP client is not included here because `compliance-core` does not
/// depend on `reqwest`. Tools that need HTTP should hold their own client
/// or receive one via the `compliance-dast` orchestrator.
pub struct PentestToolContext {
/// The DAST target being tested
pub target: DastTarget,
/// Session ID for this pentest run
pub session_id: String,
/// SAST findings for the linked repo (if any)
pub sast_findings: Vec<Finding>,
/// SBOM entries with known CVEs (if any)
pub sbom_entries: Vec<SbomEntry>,
/// Code knowledge graph hints mapping endpoints to source code
pub code_context: Vec<CodeContextHint>,
/// Rate limit (requests per second)
pub rate_limit: u32,
/// Whether destructive operations are allowed
pub allow_destructive: bool,
}
/// Result from a pentest tool execution
pub struct PentestToolResult {
/// Human-readable summary of what the tool found
pub summary: String,
/// DAST findings produced by this tool
pub findings: Vec<DastFinding>,
/// Tool-specific structured output data
pub data: serde_json::Value,
}
/// A tool that the LLM pentest orchestrator can invoke.
///
/// Each tool represents a specific security testing capability
/// (e.g., SQL injection scanner, DNS checker, TLS analyzer).
/// Uses boxed futures for dyn-compatibility.
pub trait PentestTool: Send + Sync {
/// Tool name for LLM tool_use (e.g., "sql_injection_scanner")
fn name(&self) -> &str;
/// Human-readable description for the LLM system prompt
fn description(&self) -> &str;
/// JSON Schema for the tool's input parameters
fn input_schema(&self) -> serde_json::Value;
/// Execute the tool with the given input
fn execute<'a>(
&'a self,
input: serde_json::Value,
context: &'a PentestToolContext,
) -> Pin<Box<dyn Future<Output = Result<PentestToolResult, CoreError>> + Send + 'a>>;
}