diff --git a/docs/security.html b/docs/security.html
index f3bff9d..26fbd5e 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -27,7 +27,7 @@
- Script:
scripts/run-test-suite.sh
- Runs:
npm audit (high), Trivy fs scan, ZAP baseline.
- - Outputs:
reports/runs/<timestamp>/summary.html with links to all tool reports.
+ - Outputs:
reports/runs/<timestamp>/summary.html with links to all tool reports and a textual summary printed to the console.
- Config:
TARGET: ZAP target URL (default test env).| ${name} | ${status} | ${detail} |
")
+ SUMMARY_TEXT_ROWS+=("${name}: ${status}${detail_text:+ - ${detail_text}}")
}
# 1) npm audit
@@ -39,13 +42,13 @@ if command -v npm >/dev/null 2>&1; then
AUDIT_JSON="$RUN_DIR/npm-audit.json"
AUDIT_TXT="$RUN_DIR/npm-audit.txt"
if npm audit --audit-level=high --json >"$AUDIT_JSON" 2>"$AUDIT_TXT"; then
- record_result "npm audit" "PASS" "text | json"
+ record_result "npm audit" "PASS" "text | json" "reports: ${AUDIT_TXT}, ${AUDIT_JSON}"
else
- record_result "npm audit" "FAIL" "text | json"
+ record_result "npm audit" "FAIL" "text | json" "reports: ${AUDIT_TXT}, ${AUDIT_JSON}"
fi
else
log "npm not found; skipping npm audit"
- record_result "npm audit" "SKIP" "npm not available"
+ record_result "npm audit" "SKIP" "npm not available" "npm not available"
fi
# 2) Lint / type-check / format / tests
@@ -55,20 +58,20 @@ run_npm_check() {
if ! command -v npm >/dev/null 2>&1; then
log "npm not found; skipping ${name}"
- record_result "${name}" "SKIP" "npm not available"
+ record_result "${name}" "SKIP" "npm not available" "npm not available"
return
fi
if npm run 2>/dev/null | grep -qE "^ ${name}$"; then
log "Running ${name}..."
if npm run "${name}" >"$outfile" 2>&1; then
- record_result "${name}" "PASS" "log"
+ record_result "${name}" "PASS" "log" "log: ${outfile}"
else
- record_result "${name}" "FAIL" "log"
+ record_result "${name}" "FAIL" "log" "log: ${outfile}"
fi
else
log "npm script '${name}' not defined; skipping"
- record_result "${name}" "SKIP" "script not defined"
+ record_result "${name}" "SKIP" "script not defined" "script not defined"
fi
}
@@ -84,13 +87,13 @@ if command -v trivy >/dev/null 2>&1; then
log "Running Trivy (${TRIVY_MODE}) on ${TRIVY_TARGET}..."
TRIVY_TXT="$RUN_DIR/trivy.txt"
if trivy "${TRIVY_MODE}" --severity HIGH,CRITICAL --timeout 5m "$TRIVY_TARGET" >"$TRIVY_TXT"; then
- record_result "Trivy (${TRIVY_MODE})" "PASS" "report"
+ record_result "Trivy (${TRIVY_MODE})" "PASS" "report" "report: ${TRIVY_TXT}"
else
- record_result "Trivy (${TRIVY_MODE})" "FAIL" "report"
+ record_result "Trivy (${TRIVY_MODE})" "FAIL" "report" "report: ${TRIVY_TXT}"
fi
else
log "Trivy not found; skipping"
- record_result "Trivy" "SKIP" "trivy not available"
+ record_result "Trivy" "SKIP" "trivy not available" "trivy not available"
fi
# 4) OWASP ZAP baseline
@@ -99,9 +102,9 @@ ZAP_DIR="$RUN_DIR/zap"
mkdir -p "$ZAP_DIR"
log "Running ZAP baseline against ${TARGET}..."
if TARGET="$TARGET" REPORT_DIR="$ZAP_DIR" "${BASH_SOURCE%/*}/zap-baseline.sh"; then
- record_result "OWASP ZAP baseline" "PASS" "HTML | JSON"
+ record_result "OWASP ZAP baseline" "PASS" "HTML | JSON" "reports: ${ZAP_DIR}/zap-report.html, ${ZAP_DIR}/zap-report.json"
else
- record_result "OWASP ZAP baseline" "FAIL" "HTML | JSON"
+ record_result "OWASP ZAP baseline" "FAIL" "HTML | JSON" "reports: ${ZAP_DIR}/zap-report.html, ${ZAP_DIR}/zap-report.json"
fi
# Summary HTML
@@ -134,5 +137,10 @@ cat >"$SUMMARY_FILE" <
EOF
+log "Summary:"
+for row in "${SUMMARY_TEXT_ROWS[@]}"; do
+ echo " - ${row}"
+done
+
log "Done. Reports in ${RUN_DIR}"
echo "Open ${SUMMARY_FILE} in a browser for the summary."