Metadata-Version: 2.2
Name: sarif_manager
Version: 0.4.1
Summary: A tool to manage SARIF files and integrations
Home-page: https://github.com/NimblerSecurity/sarif-manager
Author: Kinnaird McQuade
Author-email: kinnaird@nightvision.net
Keywords: sarif
Classifier: Programming Language :: Python :: 3
Classifier: Operating System :: OS Independent
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: beautifulsoup4>=4.12.3
Requires-Dist: click
Requires-Dist: click-option-group
Requires-Dist: loguru
Requires-Dist: markdown>=3.5.0
Requires-Dist: requests>=2.31.0
Requires-Dist: python-dotenv==0.21.0
Requires-Dist: slack_sdk
Provides-Extra: test
Requires-Dist: pytest>=7.0.0; extra == "test"
Requires-Dist: pytest-cov>=4.0.0; extra == "test"
Requires-Dist: pytest-mock>=3.10.0; extra == "test"
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: provides-extra
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# SARIF Manager - NightVision

A simple CLI tool to assist with integrating [NightVision DAST](https://docs.nightvision.net/docs/getting-started) output to different providers. This CLI tool parses SARIF files generated by the [NightVision CLI](https://docs.nightvision.net/docs/installing-the-cli) and output the results for different providers, like Azure DevOps, Slack, etc.

Currently supported providers:
- [x] [Azure DevOps](https://docs.nightvision.net/docs/azure-devops)
- [x] [Slack Notifications](https://docs.nightvision.net/docs/notification-apps-slack)
- [ ] PDF Report Generation

Roadmap:

- [ ] GitLab CI/CD
- [ ] Jenkins

Note: GitHub Actions is supported natively by NightVision. See the documentation [here](https://docs.nightvision.net/docs/github-actions).

## Installation

```bash
pip install sarif-manager
```

## Usage

```bash
sarif-manager --help
```

## Example

### Azure DevOps

Write logs in a pipeline:

```bash
azure write-logs \
    example.sarif \
    --org nightvision1 \
    --project temporary
```

Create work items:

```bash
sarif-manager azure create-work-items \
    example.sarif \
    --org nightvision1 \
    --project temporary
```

<details open>
<summary>Example Output for `sarif-manager azure create-work-items`</summary>
<br>

Work item created - SQL Injection - PostgreSQL: https://dev.azure.com/nightvision1/ddb231ed-4bb7-43af-93fb-e3769c5055e6/_workitems/edit/126
Work item created - SQL Injection - PostgreSQL: https://dev.azure.com/nightvision1/ddb231ed-4bb7-43af-93fb-e3769c5055e6/_workitems/edit/127

</details>

### Slack

See the [Slack Integration instructions](https://docs.nightvision.net/docs/notification-apps-slack) on how to create an app and generate a token. 

You can run the command with the token and channel declared as environment variables (recommended):

```bash
export SLACK_CHANNEL=channel_id
export SLACK_BOT_TOKEN=my_token

sarif-manager slack send example.sarif
```

You can also run the command with the token and channel inline:

```bash
sarif-manager slack send \
  example.sarif \
  --channel <channel_id> \
  --token <token_value
```

### PDF Generation

