sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

feat: pentest onboarding — streaming, browser automation, reports, user cleanup #16

Merged
sharang merged 5 commits from feat/pentest-onboarding into main 2026-03-17 20:32:21 +00:00
Conversation 0 Commits 5 Files Changed 57 +1310 -186
4 changed files with 1310 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a737c36bc9 - Show all commits

7
docs/.vitepress/config.mts
View File

@@ -1,6 +1,7 @@
import { defineConfig } from 'vitepress'
import { withMermaid } from 'vitepress-plugin-mermaid'
export default defineConfig({
export default withMermaid(defineConfig({
title: 'Certifai',
description: 'AI-powered security compliance scanning platform',
ignoreDeadLinks: [
@@ -31,6 +32,7 @@ export default defineConfig({
{ text: 'Dashboard Overview', link: '/features/overview' },
{ text: 'DAST Scanning', link: '/features/dast' },
{ text: 'AI Pentest', link: '/features/pentest' },
{ text: 'Pentest Architecture', link: '/features/pentest-architecture' },
{ text: 'AI Chat', link: '/features/ai-chat' },
{ text: 'Code Knowledge Graph', link: '/features/graph' },
{ text: 'MCP Integration', link: '/features/mcp-server' },
@@ -51,4 +53,5 @@ export default defineConfig({
message: 'Certifai Documentation',
},
},
})
mermaid: {},
}))

14
docs/features/pentest-architecture.md
View File

@@ -230,7 +230,7 @@ A finding like "Reflected XSS in /api/search" would show:
### Pentest Dashboard
![Pentest Dashboard](../public/screenshots/pentest-dashboard.png)
![Pentest Dashboard](/screenshots/pentest-dashboard.png)
The dashboard shows aggregate statistics, severity distribution, and recent sessions with status badges. Running sessions can be paused, resumed, or stopped.
@@ -238,29 +238,29 @@ The dashboard shows aggregate statistics, severity distribution, and recent sess
**Step 1 — Target & Scope** (with dropdown showing existing DAST targets):
![Wizard Step 1 — Target dropdown](../public/screenshots/pentest-wizard-step1-dropdown.png)
![Wizard Step 1 — Target dropdown](/screenshots/pentest-wizard-step1-dropdown.png)
**Step 2 — Authentication** (Auto-Register mode with optional registration URL, verification email, IMAP settings):
![Wizard Step 2 — Auth](../public/screenshots/pentest-wizard-step2-auth.png)
![Wizard Step 2 — Auth](/screenshots/pentest-wizard-step2-auth.png)
**Step 3 — Strategy & Instructions** (strategy selection, scope exclusions, duration, tester info):
![Wizard Step 3 — Strategy](../public/screenshots/pentest-wizard-step3-strategy.png)
![Wizard Step 3 — Strategy](/screenshots/pentest-wizard-step3-strategy.png)
**Step 4 — Review & Confirm** (summary + authorization disclaimer):
![Wizard Step 4 — Confirm](../public/screenshots/pentest-wizard-step4-confirm.png)
![Wizard Step 4 — Confirm](/screenshots/pentest-wizard-step4-confirm.png)
### Session — Findings
![Session Findings](../public/screenshots/pentest-session-findings.png)
![Session Findings](/screenshots/pentest-session-findings.png)
Each finding shows severity, CWE, endpoint, description, and remediation. Exploitable findings are flagged. SAST correlations are shown when available.
### Session — Attack Chain
![Attack Chain](../public/screenshots/pentest-attack-chain.png)
![Attack Chain](/screenshots/pentest-attack-chain.png)
The attack chain visualizes the DAG of tool executions grouped into phases (Reconnaissance, Analysis, Boundary Testing, Exploitation). Each node shows tool name, category, duration, findings count, and risk score. Running nodes pulse with an animation.

1471
docs/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

4
docs/package.json
View File

@@ -8,5 +8,9 @@
},
"devDependencies": {
"vitepress": "^1.6.4"
},
"dependencies": {
"mermaid": "^11.13.0",
"vitepress-plugin-mermaid": "^2.0.17"
}
}