Metadata-Version: 2.4
Name: forgesec
Version: 0.1.0
Summary: AI security scanning CLI — find CVEs in your stack in 60 seconds
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: typer>=0.12
Requires-Dist: rich>=13
Requires-Dist: httpx>=0.27
Requires-Dist: keyring>=25

# ForgeSec CLI

AI security scanning for developers. Find CVEs, exposed secrets, and misconfigurations in your stack in 60 seconds.

```
pip install forgesec
forgesec scan
```

## What it scans

- **Dependencies** — pip, npm (CVEs with EPSS exploit probability + CISA KEV status)
- **Secrets** — API keys, tokens, passwords in your codebase
- **GitHub repos** — scan any public or private repo by URL

## Commands

```bash
forgesec scan                        # scan current directory
forgesec scan --repo https://github.com/owner/repo   # scan a GitHub repo
forgesec scan --all                  # show all severities
forgesec scan --json                 # raw JSON output (for CI)

forgesec fix                         # scan + AI-powered remediation plans
forgesec watch --interval 30         # continuous scanning every 30 minutes
forgesec config --api <url>          # point to self-hosted instance
```

## Exit codes

| Code | Meaning |
|------|---------|
| 0 | Clean — no critical or high findings |
| 1 | High severity findings found |
| 2 | Critical severity findings found |

Use in CI:

```yaml
- name: Security scan
  run: |
    pip install forgesec
    forgesec scan --repo ${{ github.repository }} --json
```

## Features

- CVE detection with EPSS exploit probability scores
- CISA KEV flags — know if a CVE is actively exploited in the wild
- MITRE ATT&CK technique mapping per finding
- AI-powered remediation with code examples
- Scan diff — see new, persisting, and resolved issues between runs
- Works offline against local directories

## Dashboard

Full web dashboard with compliance reports (SOC2, ISO27001, PCI-DSS, HIPAA), SBOM generation, Slack alerts, and GitHub App integration at [forgesec.co](https://forgesec.co).

## License

MIT
