Skip to content

[Phase 1] Pipeline orchestrator + CLI wiring (scan / report / findings / triage / db) #11

Description

@varun-polpakkara

Summary

Adds the run_pipeline orchestrator and five new Typer sub-apps to apps/cli/main.py. This is the step that makes the entire pipeline user-facing.

Orchestrator

def run_pipeline(project_id: UUID, source_path: Path, *, db_url: str, output_dir: Path,
                 llm: BaseChatModel, reachability_tool: Literal["opengrep", "codeql"] = "opengrep",
                 start_from_stage: int = 1) -> PipelineResult
  • Opens a fresh SQLAlchemy session per stage — a Stage 3 failure must not roll back Stage 2 findings
  • Reads SBOMSnapshot.status to validate resume checkpoints; raises PipelineResumeError if inconsistent

CLI commands

cyberguard scan create-project NAME [--version] [--description] [--repo-path]
cyberguard scan run PROJECT_ID SOURCE_PATH [--output-dir] [--reachability opengrep|codeql]
    [--no-exploit] [--format text|json] [--scan-run-id UUID --start-from INT]
cyberguard scan list [--project-id] [--limit] [--format table|json]

cyberguard report view SCAN_RUN_ID [--type engineering|executive|both] [--output-dir]
cyberguard report regenerate SCAN_RUN_ID [--output-dir]

cyberguard findings list SCAN_RUN_ID [--severity] [--reachability] [--triage-status] [--exploit]
cyberguard findings show FINDING_ID [--format text|json]

cyberguard triage update FINDING_ID STATUS [--rationale] [--changed-by]
cyberguard triage history FINDING_ID [--format table|json]

cyberguard db refresh-exploit-feeds [--exploit-db] [--kev] [--all]
cyberguard db feeds-status [--format table|json]

Progress display during scan run --format text:

[1/5] Generating SBOM...   v 47 components  (12s)

Verify

Full end-to-end cyberguard scan run completes all 5 stages against fixtures/log4j/.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions