npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@quantum-sec/ci-analysis-collector

v1.3.3

Published

Utility library used to collect security analysis results and upload them for correlation and reporting in the Quantum Security platform.

Downloads

92

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lukifferlukifferquantum-ci-botquantum-ci-bot

Keywords

Readme

Managed Security Platform Infrastructure by Quantum

ci-analysis-collector

Build Status License @quantum-sec/ci-analysis-core Maintained by quantum.security

Quantum's CI analysis collector utility is a wrapper for common security tools for normalizing results to rank and prioritize the remediation of vulnerabilities discovered in your applications and infrastructure.

This utility can be modified to be used with your own aggregation and analysis pipeline or used directly with the Quantum Security Platform.

Prerequisites

This utility requires Node.js and git. Additionally, you must install any tools you wish to use that are wrapped by this utility – each of which will have its own dependencies. Alternatively, Quantum supplies Docker containers for each of the officially supported tools.

Usage

Use npx to directly reference, install, and run this utility:

# npx <= 6
npx @quantum-sec/ci-analysis-collector [tool] [args]

# npx >= 7
npx --yes --package @quantum-sec/ci-analysis-collector \
  --call 'ci-analysis-collector [tool] [args]'

Where [tool] is the all lowercase name or "ID" of the tool (see the table of supported tools below) and where [args] are any of the following optional arguments:

Arguments

  • --path [path] – the path to source code being analyzed (default: "$PWD")
  • --soft-fail – when specified a zero exit code will be returned regardless of whether or not checks are failing (default: false)
  • --quiet – when specified, passing checks will be excluded from the printed output (default: false)
  • --log-level [LEVEL] – the log verbosity (one of error, warning, info, or debug) (default: info)
  • --webhook-url [URL] – the URL to which results will be PUT (defaults to the Quantum Platform webhook)

Environment Variables

  • QS_API_TOKEN – the API token associated with this analysis collection generated in the Quantum Security Console
  • QS_COLLECTOR_SOFT_FAIL – same as the --soft-fail argument above
  • QS_COLLECTOR_QUIET – same as the --quiet argument above
  • QS_COLLECTOR_WEBHOOK_URL – same as the --webhook-url argument above

Supported Tools

| Tool | Analysis Type | Platforms / Languages | Container Runtime | |------------------------------------------------------------------------|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | checkov | SAST | TerraformCloudFormationARM TemplatesDockerfileKubernetes | quantumsec/docker-pipeline-checkov | | sonarqube | SAST, DAST | C / C++ / Objective-CC#GoJavaJavaScript / TypeScriptKotlinPHPPythonRubyScalaSwiftVisual Basic | quantumsec/docker-pipeline-sonarqube | | trivy | SAST | TerraformDockerfileKubernetes | quantumsec/docker-pipeline-trivy | | tfsec(Planned) | SAST | Terraform | quantumsec/docker-pipeline-tfsec | | ZAP | SAST | HTTP | quantumsec/docker-pipeline-zap |

Code of Conduct

Help us keep this project open and inclusive. Please read and follow our Code of Conduct.

License

This code is released under the Apache 2.0 License.