Project created to generate periodic security reports (HTML and PDF formats). It use @nodesecure/scanner under the hood to fetch all required datas.
Screen1 | Screen2 |
---|
| |
Features
- Automatically clone GIT projects for you.
- Have an overview of several projects (git or npm).
- Ability to visualize changes over weeks.
Requirements
Getting Started
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
$ git clone https://github.com/NodeSecure/report.git
$ cd report
$ npm i
$ npm link
Then the nodesecure/report binary will be available in your terminal.
nreport initialize
nreport execute
Environment Variables
To configure the project you have to register (set) environment variables on your system. These variables can be set in a .env file (that file must be created at the root of the project).
GIT_TOKEN=
NODE_SECURE_TOKEN=
To known how to get a GIT_TOKEN or how to register environment variables follow our Governance Guide.
For NODE_SECURE_TOKEN, please check the nsecure documentation.
Configuration example
Under the hood it use the official NodeSecure runtime configuration.
{
"version": "1.0.0",
"i18n": "english",
"strategy": "npm",
"report": {
"theme": "light",
"includeTransitiveInternal": false,
"reporters": ["html", "pdf"],
"npm": {
"organizationPrefix": "@nodesecure",
"packages": ["@nodesecure/js-x-ray"]
},
"git": {
"organizationUrl": "https://github.com/NodeSecure",
"repositories": []
},
"charts": [
{
"name": "Extensions",
"display": true,
"interpolation": "d3.interpolateRainbow",
"type": "bar"
},
{
"name": "Licenses",
"display": true,
"interpolation": "d3.interpolateCool",
"type": "bar"
},
{
"name": "Warnings",
"display": true,
"type": "horizontalBar",
"interpolation": "d3.interpolateInferno"
},
{
"name": "Flags",
"display": true,
"type": "horizontalBar",
"interpolation": "d3.interpolateSinebow"
}
],
"title": "NodeSecure Security Report",
"logoUrl": "https://avatars.githubusercontent.com/u/85318671?s=200&v=4"
}
}
TypeScript definition
export interface ReportConfiguration {
theme?: "light" | "dark";
title: string;
logoUrl: string;
includeTransitiveInternal?: boolean;
npm?: {
organizationPrefix: string;
packages: string[];
};
git?: {
organizationUrl: string;
repositories: string[];
};
reporters?: ("html" | "pdf")[];
charts?: ReportChart[];
}
export interface ReportChart {
name: "Extensions" | "Licenses" | "Warnings" | "Flags";
display?: boolean;
type?: "bar" | "horizontalBar" | "polarArea" | "doughnut";
interpolation?: string;
}
The theme can be either dark
or light
. Themes are editable in public/css/themes (feel free to PR new themes if you want).
All D3 scale-chromatic for charts can be found here.
API
[!IMPORTANT]
The API is ESM only
report(reportOptions, scannerPayload): Promise<Buffer>
Returns a PDF Buffer based on the givens report options and scanner payload.
Contributors ✨
Thanks goes to these wonderful people (emoji key):
License
MIT