safedep/vet
1
0
Fork 0
mirror of https://github.com/safedep/vet.git synced 2025-12-10 00:22:08 -06:00
Code Issues Packages Projects Releases 68 Wiki Activity
645 Commits 45 Branches 79 Tags
Commit Graph

645 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kunal Singh
30a7b484d1 feat: new vet ascii banner 2025-08-21 21:51:58 +05:30
Copilot
41684afa80
Fix OSV schema for PyPI ecosystem: use proper case "PyPI" and ECOSYSTEM range type (#570) 
* Initial plan

* Fix OSV schema for PyPI ecosystem - use proper case and ECOSYSTEM range type

Co-authored-by: KunalSin9h <82411321+KunalSin9h@users.noreply.github.com>

* Add clarifying comments and rename ecosystem mapping variables for better intention revealing

Co-authored-by: abhisek <31844+abhisek@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: KunalSin9h <82411321+KunalSin9h@users.noreply.github.com>
Co-authored-by: abhisek <31844+abhisek@users.noreply.github.com>
 2025-08-21 19:08:38 +05:30
Sahil Bansal
2d06114eb7
add cloud session refresh using refresh token functionality (#565) 
* add cloud session refresh using refresh token functionality

* add ui msg & update globalConfig to fallback to default when nil

* rm unnecessary comment

* refactor access token checks and error handling for cloud session refresh

* print error to user for automatic re-login

---------

Co-authored-by: Abhisek Datta <abhisek.datta@gmail.com>
 2025-08-19 06:26:24 +00:00
Sahil Bansal
52aa033fe4
add IsSuspicious value for reporting suspicious packages too (#567) 2025-08-18 17:56:24 +05:30
Kunal Singh
d8b83e2bc2
Merge pull request #566 from safedep/chore/misc-cleanup-20250815 
chore: Misc cleanup and test improvements
 2025-08-18 09:52:04 +05:30
Kunal Singh
b9ebcc71da
Merge branch 'main' into chore/misc-cleanup-20250815 2025-08-18 09:33:52 +05:30
Sahil Bansal
0f4c01b83a
add html reporter & create template for report (#559) 
* add html reporter & create template for report

* updated table colors

* chore: rm unused code block

* add policy violations

* chore: rm extra var

* Update pkg/reporter/templates/report.templ

Co-authored-by: Kunal Singh <kunalsin9h@gmail.com>
Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>

* chore: rm extra file

* chore: rm unsued css property

* add html reporter & create template for report

* updated table colors

* chore: rm unused code block

* add policy violations

* chore: rm extra var

* Update pkg/reporter/templates/report.templ

Co-authored-by: Kunal Singh <kunalsin9h@gmail.com>
Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>

* chore: rm extra file

* chore: rm unsued css property

* return error when failing to create html reporter

---------

Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>
Co-authored-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-08-18 09:33:18 +05:30
abhisek
7cb923b2fd
fix: safely handle global config in test runner 2025-08-15 21:28:23 +05:30
abhisek
e32784a09e
fix: Test to use t.Setenv instead of os 2025-08-15 20:36:20 +05:30
abhisek
db6832e782
chore: Misc cleanup and test improvements 2025-08-15 20:26:55 +05:30
Kunal Singh
4b80c4a624
Fix: truffle hog, invalid commit hash. (#564) 
Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-08-13 08:49:43 +00:00
Sahil Bansal
12785f9c05
add support for publishing vet to npm (#563) 
* add support for publishing vet to npm

* Update .github/workflows/publish-npm.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>

* update npm package readme

---------

Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-08-12 22:02:33 +05:30
Sahil Bansal
7d4569fb3d
use tag version instead of commit hash (#557) 2025-08-11 12:14:32 +00:00
Teja Kummarikuntla
47939fafaf
fix(report): Add commas between tags in generated markdown (#553) 
* Seperate Tags with Comma in Report

* Delete pkg/.DS_Store

Signed-off-by: Teja Kummarikuntla <34749692+tejakummarikuntla@users.noreply.github.com>

* Update pkg/reporter/markdown.go

Co-authored-by: Kunal Singh <kunalsin9h@gmail.com>
Signed-off-by: Teja Kummarikuntla <34749692+tejakummarikuntla@users.noreply.github.com>

---------

Signed-off-by: Teja Kummarikuntla <34749692+tejakummarikuntla@users.noreply.github.com>
Co-authored-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-07-31 21:23:10 +05:30
Sahil Bansal
e68ead129b
add support for extensions purl (#551) 
* add support for extensions purl

* Update pkg/common/purl/purl_test.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>

---------

Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
v1.12.2 		2025-07-30 08:15:19 +05:30
Rohan Mishra
742365bc18
fix(tools): prevent nil pointer panic in GetPackageLicenseInfo handler (#548) 
Signed-off-by: Rohan <315scisyb2020rohanmishra@gmail.com>
 2025-07-27 18:51:59 +05:30
Kunal Singh
dee54e5184
Merge pull request #546 from safedep/deepwiki 
added ask deepwiki badge.
 2025-07-24 10:09:58 +05:30
Kunal Singh
1e84769891
added ask deepwiki badge. 
Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-07-23 21:42:10 +05:30
Kunal Singh
16a67216b4
Merge pull request #484 from safedep/fix/policy-violation-suspicious-#483 
Fix/policy violation on  suspicious packages without paranoid mode #483
v1.12.1 		2025-07-22 10:27:18 +05:30
Abhisek Datta
0b4e76d858
Merge branch 'main' into fix/policy-violation-suspicious-#483 2025-07-22 10:11:36 +05:30
Abhisek Datta
ccd2c48e0c
fix: Misc cleanup of exclusion matcher initialization (#545) v1.12.0 2025-07-22 08:55:34 +05:30
Sahil Bansal
150cad94a6
Support exclusion patterns for lockfiles flag (#543) 
* introduce config for lockfile reader

* add exclusion support

* add test cases for exclusion patterns

* refactor: introduce common exclusion matcher and update lockfile reader to use it

* chore: rm print statements

* refactor: use better naming for tests

* use doublestar lib for supporting dir reader exclusion patterns

* fix: path handling in exclusion matcher to support relative & absolute paths
 2025-07-22 08:37:41 +05:30
Kunal Singh
c488d980cc fix: fail fast only on malware 2025-07-21 13:45:22 +05:30
Kunal Singh
3d8b7c5b63 feat: warning in markdown summary report for suspicious packages 2025-07-21 13:16:19 +05:30
Abhisek Datta
b4976630da
Merge branch 'main' into fix/policy-violation-suspicious-#483 2025-07-21 09:14:36 +05:30
Sahil Bansal
3d6d8ed036
Add github actions sync resolver (#539) 
* feat: add GHA env resolver

* refactor: expose sync reporter resolver constructors

* fix: use os.LookupEnv for better GHA detection

* fix typo

* use environment sync resolver

* test: add test cases & fix naming

* Update pkg/reporter/sync_test.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>

* modify sync resolver tests

* fix tests failing in ci/cd

---------

Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-07-21 09:11:24 +05:30
Sahil Bansal
075627f53f
Add test cases for editor based extensions scanning (#542) 
* fail fast if distribution is not among our supported editors

* tests: add test cases for each supported editor

* rm unused extensions
 2025-07-19 00:17:47 +05:30
Abhisek Datta
1e2b75fa9c
Merge branch 'main' into fix/policy-violation-suspicious-#483 2025-07-17 09:29:18 +05:30
Sahil Bansal
06988f9b33
OpenVSX extensions scanning support (#536) 
* feat(readers): Add OpenVSX ecosystem support

* refactor: use better naming conventions

* refactor: improve extensions reader with structured config
 2025-07-15 18:40:02 +05:30
Abhisek Datta
c3d96dbef5
fix: Improve Agentic Query Prompt and Tools (#538) 2025-07-14 22:46:37 +05:30
Abhisek Datta
5f4cccbc85
feat: Add Support for Agentic Query and Analysis (#535) 
* Add initial UI for agent mode

* fix: Cleanup and define agent contract

* Add react agent

* Add interactions memory

* Add support for stdio based MCP integration

* Add basic sqlite3 report generator

* fix: Persist vulnerabilities with package relation

* fix: Persist license information

* refactor: Agents into its own command package

* feat: Add support for tool calling introspection

* refactor: UI to hide implementation detail

* sqlite3 reporter persist dependency graph

* fix: Support multiple LLM provider for agent

* docs: Update agents doc

* docs: Remove deprecated query docs

* fix: UI tests

* fix: Linter issue

* Add support for prompt mode

* Improve UI with animation

* Fix UI tests after update

* Add OpenSSF scorecard persistence

* Add slsa provenances in sqlite3 reporter

* Add test cases for sqlite3 reporter

* Fix agent doc

* fix: Sqlite3 reporter use safe accessors

* feat: Add support for fast model

* feat: Simplify and streamline agent UI for better user experience

- Remove decorative borders and excessive styling to maximize output area
- Implement clean minimal design similar to modern TUI interfaces
- Add bordered input area for clear visual separation
- Move thinking indicator above input area for better visibility
- Enhance input field reset logic for proper line alignment
- Remove verbose help text and status messages
- Optimize layout calculations for full width utilization
- Add smooth animations for agent thinking state with spinner
- Clean up code structure and remove unused progress bar functionality

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: Improve agent status line

* test: Update UI tests

* fix: Use terminal safe rendering

* fix: Fix nil deref without storing empty strings in DB

* fix: Support overwriting sqlite3 database

* fix: Data model to use m2m between manifest and package

* style: Fix linter issue with unused variables

* Misc fixes

* Add test for agent memory

---------

Co-authored-by: Claude <noreply@anthropic.com>
 2025-07-11 18:37:44 +05:30
Copilot
cd7caffb4a
Add HTTP HEAD request support to SSE MCP server (#533) 
* Initial plan

* Add HTTP HEAD request support to SSE MCP server

- Created sseHandlerWithHeadSupport wrapper to handle HEAD requests to /sse endpoint
- HEAD requests return same headers as GET (text/event-stream, no-cache, etc.) without body
- Modified NewMcpServerWithSseTransport to use the wrapper
- Added comprehensive unit and integration tests
- Updated documentation to mention HEAD support for SSE endpoint
- Enables tools like Langchain to probe endpoint for health/capability checks

Co-authored-by: abhisek <31844+abhisek@users.noreply.github.com>

* Add HTTP HEAD request support to SSE MCP server

Co-authored-by: abhisek <31844+abhisek@users.noreply.github.com>

* Fix linter issues: remove trailing whitespace and handle w.Write error

Co-authored-by: abhisek <31844+abhisek@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: abhisek <31844+abhisek@users.noreply.github.com>
 2025-07-05 13:41:37 +00:00
Copilot
548ede77b8
Fix OSV report generation fallback value for 'introduced' version from "0.0.0" to "0" (#532) 
* Initial plan

* Fix OSV introduced version fallback from 0.0.0 to 0 per OSV schema

Co-authored-by: abhisek <31844+abhisek@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: abhisek <31844+abhisek@users.noreply.github.com>
 2025-07-04 11:47:10 +05:30
Kunal Singh
3fa7307d93
Merge pull request #529 from safedep/chore/sync-reporter-linter-fixes-cleanup 
chore: Sync reporter linter fixes
 2025-06-30 21:55:53 +05:30
abhisek
5cc80f9f88
chore: Sync reporter linter fixes 2025-06-30 21:46:50 +05:30
Omkar Phansopkar
387f6aeb72
Updated instructions for mcp server setup (#527) 
* Updated instructions for mcp server setup

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Updated vscode usage image

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Spell vscode full form

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

* Added sse instructions

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>

---------

Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
 2025-06-28 18:13:48 +05:30
Omkar Phansopkar
200257bab3
Merge pull request #517 from safedep/chore/updateDeps 
Updated deps and minor refactoring
 2025-06-24 15:21:47 +05:30
Omkar Phansopkar
a87e6ab466
Updated deps 
Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
 2025-06-24 14:46:14 +05:30
Omkar Phansopkar
a0f6467e85
Merge branch 'main' into chore/updateDeps 2025-06-24 14:43:32 +05:30
Abhisek Datta
78e2bad49b
feat: Malicious Packages (OSV) Reporter for Inspect Command (#518) 
* Add osv reporter

* fix: Pass config to openssf report generator

* fix: file name and check if already osv record exists' (#519)

---------

Co-authored-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-06-24 09:12:34 +00:00
Omkar Phansopkar
4f989c59f6
Fix e2e: scenario-11-code-csvreport.sh (#522) 
Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
 2025-06-24 14:39:02 +05:30
Omkar Phansopkar
932269d6bb
Updated contributing.md 
Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
 2025-06-19 20:22:04 +05:30
Omkar Phansopkar
7a2a365136
Updated testcase 
Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
 2025-06-14 15:44:29 +05:30
Omkar Phansopkar
459a246488
Updated docker go version 
Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
 2025-06-14 15:26:53 +05:30
Omkar Phansopkar
966971b941
Updated go version in CI workflows 
Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
 2025-06-14 15:16:33 +05:30
Omkar Phansopkar
f9d17487ad
Updated deps and minor refactoring 
Signed-off-by: Omkar Phansopkar <omkarphansopkar@gmail.com>
 2025-06-14 15:09:11 +05:30
Kunal Singh
8b71c540e6
feat: added cargo.lock scalibr parser (#512) 
* feat: added cargo.lock scalibr parser

* fix: invalid manifest ref in cargo

* fix: list parser test - increment to 22

* fix: added cargo in supported ecosystems
v1.11.3 		2025-06-06 16:43:40 +05:30
Abhisek Datta
cccf646856
chore: Add multi-arch build for docker container (#510) 
* chore: Add multi-arch build for docker container

* fix: Multi-platform build verification

* fix: Multi-platform build verification

* fix: MCP server docs

* chore: Add to cursor button for vet MCP Server
 2025-06-06 12:59:05 +05:30
Kunal Singh
124199b331
docs(readme): added pkg.go.dev badge. (#509) 
Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
v1.11.2 		2025-06-05 08:51:32 +00:00
Abhisek Datta
5a5a9518c6
feat: Add Support for vet MCP Server (#502) 
* fix: MCP server with update mcp-go

* docs: Update MCP usage docs

* docs: Update MCP usage docs

* chore: Update DRY for Go adapter

* test: Add mcp driver test cases

* test: Simplify test cases

* docs: Update README

* docs: Update README

* test: Add test case for mcp tool

* test: Refactor for common concerns

* test: Add tool tests

* docs: Update MCP server docs

---------

Co-authored-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-06-05 11:00:43 +05:30