Summary
Adds the run_pipeline orchestrator and five new Typer sub-apps to apps/cli/main.py. This is the step that makes the entire pipeline user-facing.
Orchestrator
def run_pipeline(project_id: UUID, source_path: Path, *, db_url: str, output_dir: Path,
llm: BaseChatModel, reachability_tool: Literal["opengrep", "codeql"] = "opengrep",
start_from_stage: int = 1) -> PipelineResult
- Opens a fresh SQLAlchemy session per stage — a Stage 3 failure must not roll back Stage 2 findings
- Reads
SBOMSnapshot.status to validate resume checkpoints; raises PipelineResumeError if inconsistent
CLI commands
cyberguard scan create-project NAME [--version] [--description] [--repo-path]
cyberguard scan run PROJECT_ID SOURCE_PATH [--output-dir] [--reachability opengrep|codeql]
[--no-exploit] [--format text|json] [--scan-run-id UUID --start-from INT]
cyberguard scan list [--project-id] [--limit] [--format table|json]
cyberguard report view SCAN_RUN_ID [--type engineering|executive|both] [--output-dir]
cyberguard report regenerate SCAN_RUN_ID [--output-dir]
cyberguard findings list SCAN_RUN_ID [--severity] [--reachability] [--triage-status] [--exploit]
cyberguard findings show FINDING_ID [--format text|json]
cyberguard triage update FINDING_ID STATUS [--rationale] [--changed-by]
cyberguard triage history FINDING_ID [--format table|json]
cyberguard db refresh-exploit-feeds [--exploit-db] [--kev] [--all]
cyberguard db feeds-status [--format table|json]
Progress display during scan run --format text:
[1/5] Generating SBOM... v 47 components (12s)
Verify
Full end-to-end cyberguard scan run completes all 5 stages against fixtures/log4j/.
Summary
Adds the
run_pipelineorchestrator and five new Typer sub-apps toapps/cli/main.py. This is the step that makes the entire pipeline user-facing.Orchestrator
SBOMSnapshot.statusto validate resume checkpoints; raisesPipelineResumeErrorif inconsistentCLI commands
Progress display during
scan run --format text:Verify
Full end-to-end
cyberguard scan runcompletes all 5 stages againstfixtures/log4j/.