Merge pull request #112 from kusaridev/pxp928-sarif-output

pxp928 · web-flow · commit d7cb2017e6a7 · 2025-11-03T10:40:40.000-05:00
output SARIF format from the inspector results
diff --git a/api/docstore.go b/api/docstore.go
@@ -36,11 +36,34 @@ type WorkspaceInspectorResult struct {
 }
 
 type Analysis struct {
-	Proceed bool   `docstore:"proceed" json:"proceed"`
-	Results string `docstore:"results" json:"results"` // markdown content
+	Proceed        bool              `docstore:"proceed" json:"proceed"`
+	Results        string            `docstore:"results" json:"results"` // markdown content
+	RawLLMAnalysis *SecurityAnalysis `docstore:"rawLLMAnalysis" json:"rawLLMAnalysis"`
 	// Add other analysis fields as needed
 }
 
+// Structured output types
+type CodeMitigationItem struct {
+	LineNumber int    `docstore:"line_number" json:"line_number"`
+	Path       string `docstore:"path" json:"path"`
+	Content    string `docstore:"content" json:"content"`
+	Code       string `docstore:"code" json:"code,omitempty"`
+}
+
+type DependencyMitigationItem struct {
+	Content string `docstore:"content" json:"content"`
+}
+
+type SecurityAnalysis struct {
+	Recommendation                string                     `docstore:"recommendation" json:"recommendation"`
+	Justification                 string                     `docstore:"justification" json:"justification"`
+	RequiredCodeMitigations       []CodeMitigationItem       `docstore:"code_mitigations" json:"code_mitigations,omitempty"`
+	RequiredDependencyMitigations []DependencyMitigationItem `docstore:"dependency_mitigations" json:"dependency_mitigations,omitempty"`
+	ShouldProceed                 bool                       `docstore:"should_proceed" json:"should_proceed"`
+	FailedAnalysis                bool                       `docstore:"failed_analysis" json:"failed_analysis"`
+	HealthScore                   int                        `docstore:"health_score" json:"health_score"` // 0-5 scale for full repo scans
+}
+
 type Meta struct {
 	Type     string `docstore:"type" json:"type"` // pr, cli
 	PR       int    `docstore:"pr" json:"pr"`
diff --git a/kusari/cmd/repo_scan.go b/kusari/cmd/repo_scan.go
@@ -4,33 +4,43 @@
 package cmd
 
 import (
+	"fmt"
+
 	"github.com/kusaridev/kusari-cli/pkg/repo"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
 var (
-	platformUrl string
-	wait        bool
+	platformUrl  string
+	wait         bool
+	outputFormat string
 )
 
 func init() {
 	scancmd.Flags().StringVarP(&platformUrl, "platform-url", "", "https://platform.api.us.kusari.cloud/", "platform url")
 	scancmd.Flags().BoolVarP(&wait, "wait", "w", true, "wait for results")
+	scancmd.Flags().StringVarP(&outputFormat, "output-format", "", "markdown", "output format (markdown or sarif)")
 
 	// Bind flags to viper
 	mustBindPFlag("platform-url", scancmd.Flags().Lookup("platform-url"))
 	mustBindPFlag("wait", scancmd.Flags().Lookup("wait"))
+	mustBindPFlag("output-format", scancmd.Flags().Lookup("output-format"))
 }
 
 func scan() *cobra.Command {
 	scancmd.RunE = func(cmd *cobra.Command, args []string) error {
 		cmd.SilenceUsage = true
 
+		// Validate output format
+		if outputFormat != "markdown" && outputFormat != "sarif" {
+			return fmt.Errorf("invalid output format: %s (must be 'markdown' or 'sarif')", outputFormat)
+		}
+
 		dir := args[0]
 		ref := args[1]
 
-		return repo.Scan(dir, ref, platformUrl, consoleUrl, verbose, wait)
+		return repo.Scan(dir, ref, platformUrl, consoleUrl, verbose, wait, outputFormat)
 	}
 
 	return scancmd
@@ -47,5 +57,6 @@ var scancmd = &cobra.Command{
 		// Update from viper (this gets env vars + config + flags)
 		platformUrl = viper.GetString("platform-url")
 		wait = viper.GetBool("wait")
+		outputFormat = viper.GetString("output-format")
 	},
 }
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -23,6 +23,7 @@ type Config struct {
 	RefreshToken string    `json:"refresh_token,omitempty"`
 	TokenExpiry  time.Time `json:"token_expiry,omitempty"`
 	Verbose      bool      `json:"verbose,omitempty"`
+	OutputFormat string    `json:"output_format,omitempty"`
 }
 
 // Manager handles configuration persistence
diff --git a/pkg/repo/scanner.go b/pkg/repo/scanner.go
@@ -21,6 +21,7 @@ import (
 	"github.com/charmbracelet/glamour"
 	"github.com/kusaridev/kusari-cli/api"
 	"github.com/kusaridev/kusari-cli/pkg/auth"
+	"github.com/kusaridev/kusari-cli/pkg/sarif"
 	urlBuilder "github.com/kusaridev/kusari-cli/pkg/url"
 )
 
@@ -39,12 +40,13 @@ var (
 	workingDir string
 )
 
-func Scan(dir string, rev string, platformUrl string, consoleUrl string, verbose bool, wait bool) error {
-	return scan(dir, rev, platformUrl, consoleUrl, verbose, wait, false, nil)
+func Scan(dir string, rev string, platformUrl string, consoleUrl string, verbose bool, wait bool, outputFormat string) error {
+	return scan(dir, rev, platformUrl, consoleUrl, verbose, wait, false, outputFormat, nil)
 }
 
 func RiskCheck(dir string, platformUrl string, consoleUrl string, verbose bool, wait bool) error {
-	return scan(dir, "", platformUrl, consoleUrl, verbose, wait, true, nil)
+	// default to outputformat "markdown" for now for risk check as it will link to console
+	return scan(dir, "", platformUrl, consoleUrl, verbose, wait, true, "markdown", nil)
 }
 
 // scanMock facilitates use of mock values for testing
@@ -55,13 +57,14 @@ type scanMock struct {
 	token                  string
 }
 
-func scan(dir string, rev string, platformUrl string, consoleUrl string, verbose bool, wait bool, full bool,
+func scan(dir string, rev string, platformUrl string, consoleUrl string, verbose bool, wait bool, full bool, outputFormat string,
 	mock *scanMock) error {
 	if verbose {
 		fmt.Fprintf(os.Stderr, " dir: %s\n", dir)
 		fmt.Fprintf(os.Stderr, " rev: %s\n", rev)
 		fmt.Fprintf(os.Stderr, " platformUrl: %s\n", platformUrl)
 		fmt.Fprintf(os.Stderr, " consoleUrl: %s\n", consoleUrl)
+		fmt.Fprintf(os.Stderr, " outputFormat: %s\n", outputFormat)
 	}
 
 	// Check to see if the directory has a .git directory. If it does not, it is not the root of
@@ -190,7 +193,7 @@ func scan(dir string, rev string, platformUrl string, consoleUrl string, verbose
 
 	// Wait for results if the user wants, or exit immediately
 	if wait {
-		return queryForResult(platformUrl, epoch, accessToken, consoleFullUrl, workspace)
+		return queryForResult(platformUrl, epoch, accessToken, consoleFullUrl, workspace, outputFormat)
 	}
 	return nil
 }
@@ -199,7 +202,7 @@ func cleanupWorkingDirectory(tempDir string) {
 	_ = os.RemoveAll(tempDir)
 }
 
-func queryForResult(platformUrl string, epoch *string, accessToken string, consoleFullUrl *string, workspace string) error {
+func queryForResult(platformUrl string, epoch *string, accessToken string, consoleFullUrl *string, workspace, outputFormat string) error {
 	maxAttempts := 750
 	attempt := 0
 	sleepDuration := time.Second
@@ -262,6 +265,19 @@ func queryForResult(platformUrl string, epoch *string, accessToken string, conso
 					s.FinalMSG = "✓ Analysis complete!\n"
 					s.Stop()
 
+					// Check output format
+					if outputFormat == "sarif" {
+						// Output sarif format
+						sarifOutput, err := sarif.ConvertToSARIF(results[0].Analysis.RawLLMAnalysis)
+						if err != nil {
+							return fmt.Errorf("failed to convert to SARIF: %w", err)
+						}
+
+						fmt.Fprintf(os.Stderr, "You can also view your results here: %s\n", *consoleFullUrl)
+						fmt.Print(sarifOutput) // stdout
+						return nil
+					}
+
 					// Clean and format results for stdout
 					rawContent := results[0].Analysis.Results
 					cleanedContent := removeImageLines(rawContent)
diff --git a/pkg/repo/scanner_test.go b/pkg/repo/scanner_test.go
@@ -65,7 +65,7 @@ func TestScan_ArchiveFormat(t *testing.T) {
 		}
 
 		// Run the scan with dependencies injection
-		err := scan(testDir, "HEAD", "https://platform.example.com", "https://console.example.com", false, false, full, mock)
+		err := scan(testDir, "HEAD", "https://platform.example.com", "https://console.example.com", false, false, full, "markdown", mock)
 		require.NoError(t, err)
 
 		// Verify upload was called
diff --git a/pkg/sarif/sarif.go b/pkg/sarif/sarif.go
diff --git a/pkg/sarif/sarif_test.go b/pkg/sarif/sarif_test.go

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ type Config struct {`
`23`	`23`	RefreshToken string `json:"refresh_token,omitempty"`
`24`	`24`	TokenExpiry time.Time `json:"token_expiry,omitempty"`
`25`	`25`	Verbose bool `json:"verbose,omitempty"`
	`26`	+ OutputFormat string `json:"output_format,omitempty"`
`26`	`27`	`}`
`27`	`28`
`28`	`29`	`// Manager handles configuration persistence`
Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ func TestScan_ArchiveFormat(t *testing.T) {`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`// Run the scan with dependencies injection`
`68`		`- err := scan(testDir, "HEAD", "https://platform.example.com", "https://console.example.com", false, false, full, mock)`
	`68`	`+ err := scan(testDir, "HEAD", "https://platform.example.com", "https://console.example.com", false, false, full, "markdown", mock)`
`69`	`69`	`require.NoError(t, err)`
`70`	`70`
`71`	`71`	`// Verify upload was called`