Skip to content

Commit a5af1b2

Browse files
devatsecureclaude
devatsecure
and
claude
committed
docs: Clean up internal comments and section headers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 1f04173 commit a5af1b2

File tree

3 files changed

+10
-17
lines changed

3 files changed

+10
-17
lines changed

CLAUDE.md

Lines changed: 7 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -130,49 +130,42 @@ Optional durable workflow wrapping (`scripts/temporal_orchestrator.py`):
130130
- Non-retryable error classification
131131
- Toggle: `enable_temporal=False` (opt-in, requires `temporalio`)
132132

133-
### License Risk Scoring (Trivy-ported)
134-
Classifies SBOM component licenses into 5 severity tiers (`scripts/license_risk_scorer.py`):
133+
### License Risk ScoringClassifies SBOM component licenses into 5 severity tiers (`scripts/license_risk_scorer.py`):
135134
- Forbidden (AGPL, SSPL) -> Critical, Restricted (GPL) -> High, Reciprocal (MPL, EPL) -> Medium
136135
- 32 SPDX identifiers in static DB, case-insensitive
137136
- Policy violation generation (block forbidden, warn restricted)
138137
- Toggle: `enable_license_risk_scoring=True`
139138

140-
### EPSS Scoring (Trivy-ported)
141-
Fetches EPSS exploit probability scores from FIRST.org API (`scripts/epss_scorer.py`):
139+
### EPSS ScoringFetches EPSS exploit probability scores from FIRST.org API (`scripts/epss_scorer.py`):
142140
- Batch CVE lookups (groups of 100), 24h file cache
143141
- Risk categories: critical (>0.5), high (>0.2), medium (>0.05), low (<=0.05)
144142
- Graceful degradation on API failure
145143
- Toggle: `enable_epss_scoring=True`
146144

147-
### Fix Version Tracking (Trivy-ported)
148-
Extracts fix versions from Trivy output with upgrade path info (`scripts/fix_version_tracker.py`):
145+
### Fix Version TrackingExtracts fix versions from Trivy output with upgrade path info (`scripts/fix_version_tracker.py`):
149146
- Detects PATCH/MINOR/MAJOR upgrades, flags breaking changes
150147
- Prioritizes fixes by effort (patch first, major last)
151148
- Toggle: `enable_fix_version_tracking=True`
152149

153-
### VEX Support (Trivy-ported)
154-
Parses VEX documents to filter findings as not_affected (`scripts/vex_processor.py`):
150+
### VEX SupportParses VEX documents to filter findings as not_affected (`scripts/vex_processor.py`):
155151
- Supports OpenVEX, CycloneDX VEX, CSAF formats
156152
- Auto-discovers VEX docs in `.argus/vex/`
157153
- Matches findings via CVE ID + PURL
158154
- Toggle: `enable_vex=True`
159155

160-
### Vulnerability Deduplication (Trivy-ported)
161-
Multi-level dedup across scanners (`scripts/vuln_deduplicator.py`):
156+
### Vulnerability DeduplicationMulti-level dedup across scanners (`scripts/vuln_deduplicator.py`):
162157
- Multi-key strategy: {VulnID, PkgName, Version, Path}
163158
- Cross-scanner merge (Semgrep + Trivy same CVE -> single finding)
164159
- Strategies: auto, strict, standard, relaxed
165160
- Toggle: `enable_vuln_deduplication=True`
166161

167-
### Advanced Suppression (Trivy-ported)
168-
Enhanced finding suppression with `.argus-ignore.yml` (`scripts/advanced_suppression.py`):
162+
### Advanced SuppressionEnhanced finding suppression with `.argus-ignore.yml` (`scripts/advanced_suppression.py`):
169163
- Match types: CVE, rule_id, PURL (wildcards), path pattern (glob), CWE, severity
170164
- Time-based expiration with audit warnings
171165
- VEX integration + EPSS auto-suppress (score < 0.01)
172166
- Toggle: `enable_advanced_suppression=True`
173167

174-
### Compliance Mapping (Trivy-ported)
175-
Maps findings to compliance framework controls (`scripts/compliance_mapper.py`):
168+
### Compliance MappingMaps findings to compliance framework controls (`scripts/compliance_mapper.py`):
176169
- NIST 800-53, PCI DSS 4.0, OWASP Top 10 2021, SOC 2, CIS K8s, ISO 27001
177170
- CWE-based primary mapping + category fallback
178171
- Coverage percentage calculation, markdown report generation

scripts/config_loader.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ def get_default_config() -> Dict[str, Any]:
146146
"dast_auth_config_path": "", # path to YAML auth config
147147
"dast_enable_totp": True,
148148

149-
# -- Trivy-ported enrichment features --
149+
# -- Vulnerability enrichment & compliance --
150150
"enable_license_risk_scoring": True,
151151
"enable_epss_scoring": True,
152152
"epss_cache_ttl_hours": 24,
@@ -454,7 +454,7 @@ def load_profile(profile_name: str) -> Dict[str, Any]:
454454
(("DAST_AUTH_CONFIG_PATH",), "dast_auth_config_path", "str"),
455455
(("DAST_ENABLE_TOTP",), "dast_enable_totp", "bool"),
456456

457-
# Trivy-ported enrichment features
457+
# Vulnerability enrichment & compliance
458458
(("ENABLE_LICENSE_RISK_SCORING",), "enable_license_risk_scoring", "bool"),
459459
(("ENABLE_EPSS_SCORING",), "enable_epss_scoring", "bool"),
460460
(("EPSS_CACHE_TTL_HOURS",), "epss_cache_ttl_hours", "int"),

scripts/error_classifier.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ def call_api():
5252
ERROR_TYPE_PERMANENT = "permanent"
5353

5454
# ---------------------------------------------------------------------------
55-
# Pattern registries (ported from Shannon's error-handling.ts)
55+
# Pattern registries for error classification
5656
# ---------------------------------------------------------------------------
5757

5858
BILLING_PATTERNS: list[str] = [

0 commit comments

Comments
 (0)