Skip to content

Commit b765889

Browse files
author
root
committed
feat: production-ready infrastructure
- Add MIT LICENSE file - Add GitHub Actions CI (lint, test on 3.10/3.11/3.12, format) - Add CodeQL security analysis workflow - Add CONTRIBUTING.md, SECURITY.md, CHANGELOG.md - Add issue templates and PR template - Add .editorconfig - Enhance README with badges, architecture, FAQ
1 parent 2e95a2b commit b765889

11 files changed

Lines changed: 671 additions & 30 deletions

File tree

.editorconfig

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
root = true
2+
3+
[*]
4+
charset = utf-8
5+
end_of_line = lf
6+
insert_final_newline = true
7+
trim_trailing_whitespace = true
8+
indent_style = space
9+
indent_size = 4
10+
11+
[*.yml]
12+
indent_size = 2
13+
14+
[*.yaml]
15+
indent_size = 2
16+
17+
[*.json]
18+
indent_size = 2
19+
20+
[Makefile]
21+
indent_style = tab
22+
indent_size = 4
23+
24+
[*.md]
25+
trim_trailing_whitespace = false
26+
27+
[Dockerfile]
28+
indent_size = 4
29+
30+
[*.lock]
31+
insert_final_newline = false
Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
---
2+
name: Bug report
3+
about: Report a bug or security concern in BugFinder
4+
title: ""
5+
labels: bug, needs-triage
6+
assignees: ""
7+
---
8+
9+
## Bug Description
10+
11+
A clear and concise description of the bug.
12+
13+
## Security Impact
14+
15+
Does this bug have security implications? For example: crash, data leak, scope bypass, permission escalation, false negative/positive.
16+
17+
- [ ] Yes — mark this issue as confidential if the details are sensitive
18+
- [ ] No
19+
20+
## Steps to Reproduce
21+
22+
1. Run command: `bf scan ...`
23+
2. ...
24+
3. See error
25+
26+
## Expected Behaviour
27+
28+
What should have happened?
29+
30+
## Actual Behaviour
31+
32+
What actually happened? Include error output, stack traces, or unexpected behaviour.
33+
34+
## Environment
35+
36+
- BugFinder version: [e.g. 0.1.0 or commit hash]
37+
- Python version: [e.g. 3.12.0]
38+
- OS: [e.g. Linux, macOS]
39+
- Docker: [yes/no]
40+
- AI provider enabled: [NVIDIA / none]
41+
42+
## Target Information (if applicable)
43+
44+
- Target type: [website / API / APK / IP / cloud / other]
45+
- Did you configure scope enforcement? [yes/no]
46+
47+
## Configuration
48+
49+
```yaml
50+
# Paste relevant config (redact API keys and secrets)
51+
BF_ALLOWED_DOMAINS=
52+
BF_MAX_CONCURRENT_TASKS=
53+
BF_RATE_LIMIT_PER_SECOND=
54+
BF_BEGINNER_MODE=
55+
```
56+
57+
## Logs
58+
59+
```text
60+
# Paste relevant log output here
61+
```
62+
63+
## Additional Context
64+
65+
Add any other context, screenshots, or related issues.
66+
67+
## Possible Fix
68+
69+
If you have a suggestion for the fix, include it here.
Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
---
2+
name: Feature request
3+
about: Suggest an idea for BugFinder
4+
title: ""
5+
labels: enhancement
6+
assignees: ""
7+
---
8+
9+
## Problem Statement
10+
11+
What problem would this feature solve? Example: "I'm always frustrated when [...]"
12+
13+
## Proposed Solution
14+
15+
Describe the solution you'd like. Be specific about CLI interface, behaviour, and configuration.
16+
17+
## Alternative Solutions
18+
19+
What alternative approaches have you considered?
20+
21+
## Target Type
22+
23+
Does this feature apply to a specific target type?
24+
25+
- [ ] Web
26+
- [ ] API
27+
- [ ] Android / APK
28+
- [ ] Cloud
29+
- [ ] Infrastructure / network
30+
- [ ] Secrets
31+
- [ ] Reconnaissance
32+
- [ ] General / across all targets
33+
34+
## AI Integration
35+
36+
Should this feature use the AI planning or explanation system?
37+
38+
- [ ] Yes — leverage AI for reasoning
39+
- [ ] No — rule-based only
40+
- [ ] Maybe — both approaches
41+
42+
## Plugin Potential
43+
44+
Would this feature work well as a plugin?
45+
46+
- [ ] Yes — core support + plugin
47+
- [ ] No — belongs in core
48+
49+
## Example Usage
50+
51+
```bash
52+
# Show how the feature would be used
53+
bf scan <target> --new-flag
54+
```
55+
56+
## Additional Context
57+
58+
Add any other context, mockups, or references.

.github/PULL_REQUEST_TEMPLATE.md

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
## Description
2+
3+
Please include a summary of the changes and the motivation. List any dependencies required.
4+
5+
Closes # (issue)
6+
7+
## Type of Change
8+
9+
- [ ] Bug fix (non-breaking change fixing an issue)
10+
- [ ] New feature (non-breaking change adding functionality)
11+
- [ ] Breaking change (fix or feature altering existing behaviour)
12+
- [ ] Documentation update
13+
- [ ] Security fix
14+
- [ ] CI / infrastructure
15+
16+
## Security Checklist
17+
18+
- [ ] I have considered the security impact of these changes
19+
- [ ] No API keys, tokens, or secrets are exposed
20+
- [ ] Scope enforcement and rate limiting are respected
21+
- [ ] Input validation and sanitization are applied where appropriate
22+
- [ ] Changes do not introduce unsafe deserialization, command injection, or path traversal
23+
24+
## Testing
25+
26+
- [ ] New tests have been added
27+
- [ ] All existing tests pass (`make test`)
28+
- [ ] Lint passes (`make lint`)
29+
- [ ] Format check passes (`make format`)
30+
- [ ] Type check passes (`make typecheck`)
31+
- [ ] Pre-commit hooks pass (`make precommit`)
32+
33+
## Documentation
34+
35+
- [ ] Docstrings added/updated for public APIs
36+
- [ ] README updated if user-facing behaviour changed
37+
- [ ] CLI help text updated if commands changed
38+
- [ ] Changelog entry added
39+
40+
## Screenshots
41+
42+
If applicable, add screenshots to explain visual changes.
43+
44+
## Additional Notes
45+
46+
Any other information reviewers should know.

.github/workflows/ci.yml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ on:
77
branches: [main]
88

99
env:
10-
PYTHON_VERSION: "3.13"
10+
PYTHON_VERSION: "3.12"
1111

1212
jobs:
1313
lint:
@@ -42,11 +42,11 @@ jobs:
4242
continue-on-error: true
4343

4444
test:
45-
name: Test
45+
name: Test (Python ${{ matrix.python-version }})
4646
runs-on: ubuntu-latest
4747
strategy:
4848
matrix:
49-
python-version: ["3.12", "3.13"]
49+
python-version: ["3.10", "3.11", "3.12"]
5050
steps:
5151
- uses: actions/checkout@v4
5252
- name: Install uv
@@ -66,6 +66,7 @@ jobs:
6666
build:
6767
name: Build
6868
runs-on: ubuntu-latest
69+
needs: [lint, typecheck, test]
6970
steps:
7071
- uses: actions/checkout@v4
7172
- name: Install uv

.github/workflows/codeql.yml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
name: CodeQL
2+
3+
on:
4+
push:
5+
branches: [main]
6+
pull_request:
7+
branches: [main]
8+
schedule:
9+
- cron: "0 6 * * 1"
10+
11+
jobs:
12+
analyze:
13+
name: Analyze
14+
runs-on: ubuntu-latest
15+
permissions:
16+
actions: read
17+
contents: read
18+
security-events: write
19+
20+
strategy:
21+
fail-fast: false
22+
matrix:
23+
language: [python]
24+
25+
steps:
26+
- uses: actions/checkout@v4
27+
28+
- name: Initialize CodeQL
29+
uses: github/codeql-action/init@v3
30+
with:
31+
languages: ${{ matrix.language }}
32+
queries: security-extended,security-and-quality
33+
34+
- name: Autobuild
35+
uses: github/codeql-action/autobuild@v3
36+
37+
- name: Perform CodeQL analysis
38+
uses: github/codeql-action/analyze@v3
39+
with:
40+
category: "/language:${{ matrix.language }}"

CHANGELOG.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
# Changelog
2+
3+
All notable changes to BugFinder will be documented in this file.
4+
5+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7+
8+
## [0.1.0] - 2025-01-01
9+
10+
### Added
11+
12+
- Initial release of BugFinder
13+
- **CLI**: `bf scan`, `bf tui`, `bf report`, `bf config`, `bf list-agents`, `bf plugin` commands
14+
- **Auto-detection**: Automatic target type identification (website, API, APK, IP range, Docker, cloud)
15+
- **AI integration**: NVIDIA API for intelligent planning, explanation, and report generation
16+
- **Dual mode**: Beginner (guided + educational) and Expert (full control) modes
17+
- **Knowledge graph**: Asset relationship mapping using NetworkX
18+
- **Plugin system**: Extensible architecture for custom modules
19+
- **Textual TUI**: Rich terminal dashboard with real-time scan progress
20+
- **Multi-format reports**: Markdown, HTML, PDF, JSON, CSV export
21+
- **Scope enforcement**: Domain/IP allowlisting and rate limiting
22+
- **Assessment agents**:
23+
- Web application scanners
24+
- API testing
25+
- APK analysis
26+
- Cloud configuration review
27+
- Infrastructure/network scanning
28+
- Secret detection
29+
- Reconnaissance
30+
- **Database**: SQLAlchemy + Alembic with SQLite and Postgres support
31+
- **Docker support**: Pre-built container images

0 commit comments

Comments
 (0)