ScanRunner is a flexible and extensible command-line tool designed to simplify file scanning, compliance checks, and AI-driven insights. Built with the powerful Cobra CLI framework, it enables users to process YAML/JSON files, enforce compliance rules, and leverage lightweight AI models to generate actionable suggestions.
β¨ File Scanning and Validation
- Scan directories for YAML/JSON files.
- Validate files for structural correctness and required fields.
π Compliance Enforcement
- Apply customizable rules for mock compliance checks.
- Analyze Kubernetes manifests for missing labels, RBAC misconfigurations, and more.
π€ AI-Powered Suggestions
- Leverage pre-trained lightweight AI models (ONNX) for context-aware recommendations.
- Prioritize findings and suggest resolutions dynamically.
π Reporting and Summarization
- Aggregate results into clean JSON/Markdown reports.
- Generate summary statistics for compliance results and AI insights.
βοΈ Concurrency and Scalability
- Process files in parallel using a worker pool.
- Efficient resource management for large-scale tasks.
graph TD
A[User] -->|Inputs commands| B[CLI Tool]
B --> C{Command Handler}
C -->|Scan Command| D[File Parser]
C -->|Validate Command| E[Compliance Engine]
C -->|Report Command| F[Report Generator]
C -->|AI Integration| G[AI Engine]
D --> H[File Scanner]
D --> I[File Parser - YAML/JSON]
D --> J[File Validator]
E --> K[Rule Engine]
E --> L[Compliance Evaluator]
E --> M[Policy Checker]
G --> N[Model Loader]
G --> O[Inference Engine]
G --> P[Suggestion Generator]
F --> Q[Results Aggregator]
F --> R[Summary Formatter]
F --> S[Report Formatter - JSON/Markdown]
subgraph Internal Components
D
E
G
F
end
subgraph Core CLI Logic
C
end
subgraph Output
Q
R
S
end
- Go (1.20 or later) installed.
- Familiarity with command-line tools and YAML/JSON files.
-
Clone the repository:
git clone https://github.com/your_username/scanrunner.git cd scanrunner -
Run Setup script:
bash setup.sh
-
Build the tool:
go build -o scanrunner main.go
-
Build the CLI Tool
- Compile the tool before running commands:
go build -o scanrunner main.go
- Compile the tool before running commands:
-
Root Command
- Display help for the root command:
./scanrunner --help
- Display help for the root command:
-
Scan Command
- Run the
scancommand with default settings:./scanrunner scan
- Specify a custom directory to scan:
./scanrunner scan --config=/path/to/config.yaml
- Run the
-
Validate Command
- Run the
validatecommand with default compliance rules:./scanrunner validate
- Specify a custom rules file:
./scanrunner validate --rules=/path/to/custom-rules.yaml
- Specify a custom configuration file:
./scanrunner validate --config=/path/to/config.yaml
- Enable strict mode:
./scanrunner validate --strict
- Run the
-
Report Command
- Generate a report in the default format (JSON):
./scanrunner report
- Specify a custom output format (e.g., Markdown):
./scanrunner report --format=markdown
- Save the report to a specific path:
./scanrunner report --output=/path/to/report.md
- Generate a report in the default format (JSON):
-
Version Command
- Display the version of the CLI tool:
./scanrunner version
- Display the version of the CLI tool:
Yes, the folder structure you provided is a great choice for your project, and the descriptions can be slightly refined for better clarity. Here's the updated explanation for your scanRunner folder structure:
scanrunner/
βββ bin/ # Compiled binaries (optional for pre-built releases)
βββ cmd/ # CLI commands
β βββ root.go # Base command setup
β βββ scan.go # Scan command implementation
β βββ validate.go # Validate command implementation
β βββ report.go # Report command implementation
β βββ scan_secrets.go # Secret scanning command (Phase 5)
β βββ scan_dependencies.go # Dependency scanning command (Phase 6)
β βββ scan_iac.go # IaC scanning command (Phase 6)
β βββ scan_images.go # Image scanning command (Phase 6)
β βββ scan_code.go # Static code analysis command (Post-MVP)
β βββ validate_policy.go # Kubernetes policy validation command (Post-MVP)
β βββ scan_audit.go # Audit log scanning command (Post-MVP)
β βββ version.go # Version command implementation
βββ internal/
β βββ cli/ # CLI utilities for argument parsing and validation
β β βββ parser.go # CLI argument and flag parser
β β βββ validator.go # Input validation logic
β βββ model/ # CLI utilities for argument parsing and validation
β β βββ rules.go # Validation Rules Model
β βββ compliance/ # Compliance logic and rule engine
β β βββ rules.go # Compliance rules logic and handling
β β βββ evaluator.go # Compliance evaluation engine
β β βββ report.go # Report generation logic for compliance checks
β βββ fileparser/ # File handling logic
β β βββ yaml_parser.go # YAML file parsing and validation
β β βββ json_parser.go # JSON file parsing and validation
β β βββ scanner.go # File system scanner and directory walker
β β βββ writer.go # File content writer for output or modifications
β βββ concurrency/ # Concurrency utilities for parallel processing
β β βββ worker_pool.go # Goroutines and worker pool utilities
β β βββ task_manager.go # Task distribution and synchronization
β β βββ aggregator.go # Result aggregation logic from multiple workers
β βββ ai/ # AI-related components
β β βββ inference.go # AI model inference logic
β β βββ ai_model.onnx # Pre-trained lightweight ONNX model
β β βββ model_loader.go # ONNX model loading and initialization
β β βββ suggestion.go # AI-based suggestion generation based on results
β βββ security/ # Security scanning integrations
β β βββ trivy.go # Trivy integration for secret and dependency scanning
β β βββ checkov.go # Checkov integration for IaC scanning (Post-MVP)
β βββ kubernetes/ # Kubernetes runtime compliance (Post-MVP)
β β βββ operator.go # Operator implementation using Kubebuilder
β β βββ policy_validator.go # Policy validation logic
β β βββ audit_log.go # Kubernetes audit log processing
β β βββ pod_security.go # Pod security compliance checks
βββ pkg/ # Shared utilities and reusable components
β βββ logger.go # Logging utilities for consistent output
β βββ config_loader.go # Configuration loading and management
β βββ error_handler.go # Centralized error handling utilities
β βββ rules_loader.go # Centralized rules handling utilities
β βββ report_formatter.go # Formatting logic for reports (e.g., JSON/Markdown)
β βββ stats_generator.go # Summary statistics generator for results
βββ config/ # Configuration files
β βββ custom-rules.yaml # Default rules file for compliance checks
β βββ default-config.yaml # Default configuration shipped with the tool
βββ assets/ # Static assets and templates
β βββ templates/
β β βββ report_template.txt # Report template for terminal output
β β βββ report_template.json # Report template for JSON output
βββ docs/ # Documentation files
β βββ usage.md # Detailed CLI usage guide
β βββ architecture.md # High-level architecture design document
β βββ faq.md # Frequently asked questions
βββ test/ # Test suite for the project
β βββ cli_test.go # End-to-end CLI tests
β βββ compliance_test.go # Tests for compliance rules and engine
β βββ fileparser_test.go # Tests for file parsing and validation
β βββ concurrency_test.go # Tests for concurrency and parallel processing
β βββ ai_test.go # Tests for AI model inference and suggestions
β βββ security_test.go # Tests for security scanning integrations
β βββ integration/ # Integration tests for workflow validation
βββ CONTRIBUTING.md # Contribution guidelines for open-source contributors
βββ LICENSE # Licensing terms for the project
βββ go.mod # Go module file for dependency management
βββ Makefile # Build and automation commands for the project
βββ main.go # Entry point for the CLI tool
βββ README.md # Project overview and basic usage instructions
-
bin/:- Stores pre-built binaries for distribution (optional).
-
cmd/:- Contains all CLI-related commands implemented with Cobra, including:
root.go: Base setup for the CLI and parent command.scan.go,validate.go,report.go: Implementations of individual commands.version.go: Outputs the toolβs version.
- Contains all CLI-related commands implemented with Cobra, including:
-
internal/:- Core internal logic split into focused modules:
cli/: Argument parsing (parser.go) and input validation (validator.go).compliance/: Compliance rules (rules.go), evaluation logic (evaluator.go), and report generation (report.go).fileparser/: File handling logic for YAML/JSON parsing, scanning directories, and writing files.concurrency/: Worker pool, task management, and result aggregation for parallel processing.ai/: AI model loading (model_loader.go), inference logic (inference.go), and suggestion generation (suggestion.go).
- Core internal logic split into focused modules:
-
pkg/:- Shared utility functions used across modules, including logging, configuration, error handling, and report formatting.
-
config/:- Default and example configuration files for users to customize.
-
assets/:- Templates for report output and static assets like the AI model.
-
docs/:- Comprehensive documentation for usage, architecture, and FAQs.
-
test/:- Unit, integration, and end-to-end tests to ensure the toolβs functionality.
-
CONTRIBUTING.md:- Guidelines for contributing to the open-source project.
-
LICENSE:- Defines the licensing terms for the tool (e.g., MIT).
-
Makefile:- Simplifies build, test, and run commands for developers.
-
README.md:- Serves as the primary project overview and usage guide.
We welcome contributions! To get started:
- Fork this repository.
- Clone your fork and create a feature branch.
- Submit a pull request with your changes.
For detailed guidelines, see CONTRIBUTING.md.
- Advanced compliance rule definitions.
- Real-time drift detection.
- Integration with cloud storage providers (e.g., AWS S3).
- Interactive CLI wizard for setup.
This project is licensed under the MIT License. See LICENSE for details.
Have questions or feedback? Reach out via GitHub Issues.