name: security_assessment
version: "2.0.0"
description: "Comprehensive security assessment workflow that scans files, analyzes code for vulnerabilities, and generates SARIF reports"
author: "FuzzForge Team"
category: "comprehensive"
tags:
  - "security"
  - "scanner"
  - "analyzer"
  - "static-analysis"
  - "sarif"
  - "comprehensive"

supported_volume_modes:
  - "ro"
  - "rw"

default_volume_mode: "ro"
default_target_path: "/workspace"

requirements:
  tools:
    - "file_scanner"
    - "security_analyzer"
    - "sarif_reporter"
  resources:
    memory: "512Mi"
    cpu: "500m"
    timeout: 1800

has_docker: true

default_parameters:
  target_path: "/workspace"
  volume_mode: "ro"
  scanner_config: {}
  analyzer_config: {}
  reporter_config: {}

parameters:
  type: object
  properties:
    target_path:
      type: string
      default: "/workspace"
      description: "Path to analyze"
    volume_mode:
      type: string
      enum: ["ro", "rw"]
      default: "ro"
      description: "Volume mount mode"
    scanner_config:
      type: object
      description: "File scanner configuration"
      properties:
        patterns:
          type: array
          items:
            type: string
          description: "File patterns to scan"
        check_sensitive:
          type: boolean
          description: "Check for sensitive files"
        calculate_hashes:
          type: boolean
          description: "Calculate file hashes"
        max_file_size:
          type: integer
          description: "Maximum file size to scan (bytes)"
    analyzer_config:
      type: object
      description: "Security analyzer configuration"
      properties:
        file_extensions:
          type: array
          items:
            type: string
          description: "File extensions to analyze"
        check_secrets:
          type: boolean
          description: "Check for hardcoded secrets"
        check_sql:
          type: boolean
          description: "Check for SQL injection risks"
        check_dangerous_functions:
          type: boolean
          description: "Check for dangerous function calls"
    reporter_config:
      type: object
      description: "SARIF reporter configuration"
      properties:
        include_code_flows:
          type: boolean
          description: "Include code flow information"

output_schema:
  type: object
  properties:
    sarif:
      type: object
      description: "SARIF-formatted security findings"
    summary:
      type: object
      description: "Scan execution summary"
      properties:
        total_findings:
          type: integer
        severity_counts:
          type: object
        tool_counts:
          type: object