/** * @fileoverview CI/CD Integration for Security Scanning * @module @nahisaho/musubix-security/integrations/ci-integration * * Provides integration with GitHub Actions, GitLab CI, and other CI/CD platforms * for automated security scanning in pipelines. */ import type { ScanResult, Severity } from '../types/index.js'; /** * Supported CI/CD platforms */ export type CIPlatform = 'github-actions' | 'gitlab-ci' | 'azure-pipelines' | 'jenkins' | 'circleci' | 'generic'; /** * CI environment detection result */ export interface CIEnvironment { /** Detected CI platform */ platform: CIPlatform; /** Whether running in CI environment */ isCI: boolean; /** CI-specific metadata */ metadata: CIMetadata; } /** * CI-specific metadata */ export interface CIMetadata { /** Repository name */ repository?: string; /** Branch name */ branch?: string; /** Commit SHA */ commitSha?: string; /** Pull request number */ pullRequest?: string; /** Build number/ID */ buildId?: string; /** Actor/user who triggered the build */ actor?: string; /** Event type that triggered the build */ event?: string; /** Workflow/job name */ workflow?: string; /** Runner OS */ runnerOS?: string; } /** * CI integration options */ export interface CIIntegrationOptions { /** Fail on specific severity levels */ failOn?: Severity[]; /** Output format for CI */ outputFormat?: 'json' | 'sarif' | 'checkrun' | 'annotations'; /** Enable GitHub annotations */ annotations?: boolean; /** Create/update PR comment */ prComment?: boolean; /** Upload to code scanning */ uploadToCodeScanning?: boolean; /** Custom threshold for failure */ thresholds?: CIThresholds; /** Enable caching */ enableCache?: boolean; /** Cache key prefix */ cacheKeyPrefix?: string; } /** * CI failure thresholds */ export interface CIThresholds { /** Maximum critical vulnerabilities */ maxCritical?: number; /** Maximum high vulnerabilities */ maxHigh?: number; /** Maximum medium vulnerabilities */ maxMedium?: number; /** Maximum total vulnerabilities */ maxTotal?: number; /** Minimum security score (0-100) */ minSecurityScore?: number; } /** * GitHub annotation for PR checks */ export interface GitHubAnnotation { /** Annotation level */ level: 'notice' | 'warning' | 'error'; /** File path */ file: string; /** Start line */ startLine: number; /** End line */ endLine: number; /** Annotation title */ title: string; /** Annotation message */ message: string; } /** * CI scan result with platform-specific formatting */ export interface CIScanResult { /** Original scan result */ scanResult: ScanResult; /** CI environment */ environment: CIEnvironment; /** Whether to fail the build */ shouldFail: boolean; /** Failure reasons */ failureReasons: string[]; /** GitHub annotations */ annotations: GitHubAnnotation[]; /** Formatted output for CI logs */ formattedOutput: string; /** Exit code for CI */ exitCode: number; /** Summary for PR comment */ summary: CISummary; } /** * Summary for CI/PR display */ export interface CISummary { /** Total vulnerabilities */ total: number; /** Breakdown by severity */ bySeverity: Record; /** Security score */ securityScore: number; /** Pass/fail status */ passed: boolean; /** Human-readable status */ statusEmoji: string; /** Short description */ shortDescription: string; } /** * CI/CD Integration for automated security scanning * * @example * ```typescript * const ci = createCIIntegration({ * failOn: ['critical', 'high'], * annotations: true, * prComment: true, * }); * * const env = ci.detectEnvironment(); * const result = ci.processScanResult(scanResult); * * if (result.shouldFail) { * process.exit(result.exitCode); * } * ``` */ export declare class CIIntegration { private options; constructor(options?: CIIntegrationOptions); /** * Detect CI environment */ detectEnvironment(): CIEnvironment; /** * Process scan result for CI output */ processScanResult(scanResult: ScanResult): CIScanResult; /** * Generate GitHub-style annotations */ generateAnnotations(scanResult: ScanResult): GitHubAnnotation[]; /** * Generate summary for display */ generateSummary(scanResult: ScanResult): CISummary; /** * Check if build should fail based on thresholds */ checkThresholds(scanResult: ScanResult, summary: CISummary): { shouldFail: boolean; failureReasons: string[]; }; /** * Format output for CI logs */ formatOutput(scanResult: ScanResult, environment: CIEnvironment, summary: CISummary): string; /** * Generate workflow file content */ generateWorkflowFile(platform: CIPlatform): string; /** * Generate GitHub Actions workflow */ private generateGitHubActionsWorkflow; /** * Generate GitLab CI config */ private generateGitLabCIConfig; /** * Generate Azure Pipelines config */ private generateAzurePipelinesConfig; /** * Generate generic shell script */ private generateGenericScript; /** * Generate cache key for CI */ generateCacheKey(files: string[]): string; private severityToAnnotationLevel; private shouldFailOnSeverity; private shouldFailOnThresholds; } /** * Create a CI integration instance */ export declare function createCIIntegration(options?: CIIntegrationOptions): CIIntegration; /** * Quick check if running in CI environment */ export declare function isCI(): boolean; /** * Detect CI platform */ export declare function detectCIPlatform(): CIPlatform; //# sourceMappingURL=ci-integration.d.ts.map