mirror of
https://github.com/FuzzingLabs/fuzzforge_ai.git
synced 2026-02-12 19:12:49 +00:00
40d48a8045
- Remove obsolete docker_logs.py module and container diagnostics from SDK - Fix security_assessment workflow metadata (vertical: rust -> python) - Remove all Prefect references from documentation - Add SDK exception handling test suite - Clean up old test artifacts
89 lines
2.5 KiB
YAML
89 lines
2.5 KiB
YAML
name: security_assessment
|
|
version: "2.0.0"
|
|
vertical: python
|
|
description: "Comprehensive security assessment workflow that scans files, analyzes code for vulnerabilities, and generates SARIF reports"
|
|
author: "FuzzForge Team"
|
|
tags:
|
|
- "security"
|
|
- "scanner"
|
|
- "analyzer"
|
|
- "static-analysis"
|
|
- "sarif"
|
|
- "comprehensive"
|
|
|
|
# Workspace isolation mode (system-level configuration)
|
|
# - "isolated" (default): Each workflow run gets its own isolated workspace (safe for concurrent fuzzing)
|
|
# - "shared": All runs share the same workspace (for read-only analysis workflows)
|
|
# - "copy-on-write": Download once, copy for each run (balances performance and isolation)
|
|
# Using "shared" mode for read-only security analysis (no file modifications)
|
|
workspace_isolation: "shared"
|
|
|
|
default_parameters:
|
|
scanner_config: {}
|
|
analyzer_config: {}
|
|
reporter_config: {}
|
|
|
|
parameters:
|
|
type: object
|
|
properties:
|
|
scanner_config:
|
|
type: object
|
|
description: "File scanner configuration"
|
|
properties:
|
|
patterns:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: "File patterns to scan"
|
|
check_sensitive:
|
|
type: boolean
|
|
description: "Check for sensitive files"
|
|
calculate_hashes:
|
|
type: boolean
|
|
description: "Calculate file hashes"
|
|
max_file_size:
|
|
type: integer
|
|
description: "Maximum file size to scan (bytes)"
|
|
analyzer_config:
|
|
type: object
|
|
description: "Security analyzer configuration"
|
|
properties:
|
|
file_extensions:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: "File extensions to analyze"
|
|
check_secrets:
|
|
type: boolean
|
|
description: "Check for hardcoded secrets"
|
|
check_sql:
|
|
type: boolean
|
|
description: "Check for SQL injection risks"
|
|
check_dangerous_functions:
|
|
type: boolean
|
|
description: "Check for dangerous function calls"
|
|
reporter_config:
|
|
type: object
|
|
description: "SARIF reporter configuration"
|
|
properties:
|
|
include_code_flows:
|
|
type: boolean
|
|
description: "Include code flow information"
|
|
|
|
output_schema:
|
|
type: object
|
|
properties:
|
|
sarif:
|
|
type: object
|
|
description: "SARIF-formatted security findings"
|
|
summary:
|
|
type: object
|
|
description: "Scan execution summary"
|
|
properties:
|
|
total_findings:
|
|
type: integer
|
|
severity_counts:
|
|
type: object
|
|
tool_counts:
|
|
type: object
|