/** * QA360 OSV Dependencies Adapter (Sécurité Réelle) * Scan vulnerabilities in package-lock.json / pnpm-lock.yaml */ import { PackSecurity } from '../types/pack-v1.js'; export interface OsvScanConfig { workingDir: string; security?: PackSecurity; timeout?: number; lockFiles?: string[]; } export interface OsvVulnerability { id: string; summary: string; severity: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' | 'UNKNOWN'; package: { name: string; version: string; ecosystem: string; }; affected: Array<{ package: { name: string; ecosystem: string; }; ranges: Array<{ type: string; events: Array<{ introduced?: string; fixed?: string; }>; }>; }>; references: Array<{ type: string; url: string; }>; } export interface OsvScanResult { success: boolean; vulnerabilities: OsvVulnerability[]; summary: { total: number; critical: number; high: number; medium: number; low: number; unknown: number; }; budgetCheck: { critical_passed: boolean; high_passed: boolean; medium_passed: boolean; }; scannedFiles: string[]; error?: string; rawOutput?: string; junit?: string; errorCode?: string; } export declare class OsvDepsAdapter { private redactor; private workingDir; constructor(workingDir?: string); /** * Execute OSV dependency scan */ runDependencyScan(config: OsvScanConfig): Promise; /** * Find lock files in working directory */ private findLockFiles; /** * Execute OSV scanner on lock files */ private executeOsvScan; /** * Parse OSV scanner results */ private parseOsvResults; /** * Fallback API-based scanning when osv-scanner not available */ private fallbackApiScan; /** * Map severity from various formats to standard levels */ private mapSeverity; /** * Calculate vulnerability summary */ private calculateSummary; /** * Generate budget check based on security config */ private generateBudgetCheck; /** * Get empty summary structure */ private getEmptySummary; /** * Get default budget check structure */ private getDefaultBudgetCheck; /** * Generate JUnit XML report */ private generateJUnit; /** * Validate OSV scan configuration */ static validateConfig(config: OsvScanConfig): { valid: boolean; errors: string[]; }; /** * Check if OSV scanner is available */ static isAvailable(): Promise<{ available: boolean; error?: string; }>; }