Commit d082b39
feat: add comprehensive security audit command
New `rma security` command (alias: `rma audit`) that provides:
- Multi-language dependency vulnerability scanning:
- Rust (Cargo.lock via RustSec)
- npm (package-lock.json, yarn.lock via OSV)
- Python (requirements.txt, poetry.lock via OSV)
- Go (go.mod, go.sum via OSV)
- Java (pom.xml, build.gradle via OSV)
- Docker security scanning:
- Dockerfile security checks (USER, latest tag, secrets, etc.)
- docker-compose.yml misconfigurations
- Privileged mode, host network, sensitive mounts
- Code security analysis:
- Hardcoded secrets
- Injection vulnerabilities
- Unsafe patterns
Output shows CVE → Fix mappings with:
- Advisory IDs (RUSTSEC, GHSA, CVE)
- Affected package and version
- Fixed versions when available
- Recommended fix commands
Supports multiple output formats:
- pretty (default): colored terminal output
- json: machine-readable JSON
- sarif: for CI/CD integration
- markdown: for reports
Usage:
rma security . # Scan current directory
rma security --fix # Show fix commands
rma security --format json # JSON output
rma audit --skip-docker # Skip Docker scanning
Co-Authored-By: Claude Opus 4.5 <[email protected]>1 parent 8e17e95 commit d082b39
File tree
5 files changed
+1332
-9
lines changed- crates/cli
- src
- commands
5 files changed
+1332
-9
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
42 | 42 | | |
43 | 43 | | |
44 | 44 | | |
| 45 | + | |
45 | 46 | | |
46 | 47 | | |
47 | 48 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
| 13 | + | |
13 | 14 | | |
14 | 15 | | |
15 | 16 | | |
0 commit comments