mirror of
https://github.com/FuzzingLabs/fuzzforge_ai.git
synced 2026-05-23 05:39:38 +02:00
Tanguy Duhamel
0680f14df6
BREAKING CHANGE: Replaces Prefect workflow orchestration with Temporal ## Major Changes - Replace Prefect with Temporal for workflow orchestration - Implement vertical worker architecture (rust, android) - Replace Docker registry with MinIO for unified storage - Refactor activities to be co-located with workflows - Update all API endpoints for Temporal compatibility ## Infrastructure - New: docker-compose.temporal.yaml (Temporal + MinIO + workers) - New: workers/ directory with rust and android vertical workers - New: backend/src/temporal/ (manager, discovery) - New: backend/src/storage/ (S3-cached storage with MinIO) - New: backend/toolbox/common/ (shared storage activities) - Deleted: docker-compose.yaml (old Prefect setup) - Deleted: backend/src/core/prefect_manager.py - Deleted: backend/src/services/prefect_stats_monitor.py - Deleted: Docker registry and insecure-registries requirement ## Workflows - Migrated: security_assessment workflow to Temporal - New: rust_test workflow (example/test workflow) - Deleted: secret_detection_scan (Prefect-based, to be reimplemented) - Activities now co-located with workflows for independent testing ## API Changes - Updated: backend/src/api/workflows.py (Temporal submission) - Updated: backend/src/api/runs.py (Temporal status/results) - Updated: backend/src/main.py (727 lines, TemporalManager integration) - Updated: All 16 MCP tools to use TemporalManager ## Testing - ✅ All services healthy (Temporal, PostgreSQL, MinIO, workers, backend) - ✅ All API endpoints functional - ✅ End-to-end workflow test passed (72 findings from vulnerable_app) - ✅ MinIO storage integration working (target upload/download, results) - ✅ Worker activity discovery working (6 activities registered) - ✅ Tarball extraction working - ✅ SARIF report generation working ## Documentation - ARCHITECTURE.md: Complete Temporal architecture documentation - QUICKSTART_TEMPORAL.md: Getting started guide - MIGRATION_DECISION.md: Why we chose Temporal over Prefect - IMPLEMENTATION_STATUS.md: Migration progress tracking - workers/README.md: Worker development guide ## Dependencies - Added: temporalio>=1.6.0 - Added: boto3>=1.34.0 (MinIO S3 client) - Removed: prefect>=3.4.18
113 lines
2.7 KiB
YAML
113 lines
2.7 KiB
YAML
name: security_assessment
|
|
version: "2.0.0"
|
|
vertical: rust
|
|
description: "Comprehensive security assessment workflow that scans files, analyzes code for vulnerabilities, and generates SARIF reports"
|
|
author: "FuzzForge Team"
|
|
category: "comprehensive"
|
|
tags:
|
|
- "security"
|
|
- "scanner"
|
|
- "analyzer"
|
|
- "static-analysis"
|
|
- "sarif"
|
|
- "comprehensive"
|
|
|
|
supported_volume_modes:
|
|
- "ro"
|
|
- "rw"
|
|
|
|
default_volume_mode: "ro"
|
|
default_target_path: "/workspace"
|
|
|
|
requirements:
|
|
tools:
|
|
- "file_scanner"
|
|
- "security_analyzer"
|
|
- "sarif_reporter"
|
|
resources:
|
|
memory: "512Mi"
|
|
cpu: "500m"
|
|
timeout: 1800
|
|
|
|
has_docker: true
|
|
|
|
default_parameters:
|
|
target_path: "/workspace"
|
|
volume_mode: "ro"
|
|
scanner_config: {}
|
|
analyzer_config: {}
|
|
reporter_config: {}
|
|
|
|
parameters:
|
|
type: object
|
|
properties:
|
|
target_path:
|
|
type: string
|
|
default: "/workspace"
|
|
description: "Path to analyze"
|
|
volume_mode:
|
|
type: string
|
|
enum: ["ro", "rw"]
|
|
default: "ro"
|
|
description: "Volume mount mode"
|
|
scanner_config:
|
|
type: object
|
|
description: "File scanner configuration"
|
|
properties:
|
|
patterns:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: "File patterns to scan"
|
|
check_sensitive:
|
|
type: boolean
|
|
description: "Check for sensitive files"
|
|
calculate_hashes:
|
|
type: boolean
|
|
description: "Calculate file hashes"
|
|
max_file_size:
|
|
type: integer
|
|
description: "Maximum file size to scan (bytes)"
|
|
analyzer_config:
|
|
type: object
|
|
description: "Security analyzer configuration"
|
|
properties:
|
|
file_extensions:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: "File extensions to analyze"
|
|
check_secrets:
|
|
type: boolean
|
|
description: "Check for hardcoded secrets"
|
|
check_sql:
|
|
type: boolean
|
|
description: "Check for SQL injection risks"
|
|
check_dangerous_functions:
|
|
type: boolean
|
|
description: "Check for dangerous function calls"
|
|
reporter_config:
|
|
type: object
|
|
description: "SARIF reporter configuration"
|
|
properties:
|
|
include_code_flows:
|
|
type: boolean
|
|
description: "Include code flow information"
|
|
|
|
output_schema:
|
|
type: object
|
|
properties:
|
|
sarif:
|
|
type: object
|
|
description: "SARIF-formatted security findings"
|
|
summary:
|
|
type: object
|
|
description: "Scan execution summary"
|
|
properties:
|
|
total_findings:
|
|
type: integer
|
|
severity_counts:
|
|
type: object
|
|
tool_counts:
|
|
type: object
|